@planu/cli 4.3.14 → 4.3.16

package/dist/index.js

@@ -33,8 +33,9 @@ if (firstArg && KNOWN_COMMANDS.includes(firstArg)) {
     process.exit(0);
 }
 // Minimal static imports — only what createMcpServer() needs at module load time.
-// Everything else is dynamically imported to keep the module evaluation fast and
-// let initialize respond before the heavy tool graph loads.
+// The official tool surface is registered in main() before transport connection
+// so the first MCP tools/list response is complete for hosts that ignore
+// notifications/tools/list_changed.
 import { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import { SERVER_INSTRUCTIONS } from './config/server-instructions.js';
 import { PLANU_VERSION } from './config/version.js';
@@ -44,13 +45,10 @@ function createMcpServer() {
         instructions: SERVER_INSTRUCTIONS,
         capabilities: { tools: {}, resources: {}, prompts: {} },
     }));
-    // Pre-initialize tool/resource/prompt request handlers BEFORE transport connects.
+    // Pre-initialize resource/prompt request handlers BEFORE transport connects.
     // McpServer calls registerCapabilities + sets up list/call handlers only on the
     // FIRST invocation of each surface. After this, later registrations only update
     // in-memory registries — safe to call even after transport connects.
-    s.registerTool('_planu_boot', { description: 'Planu is starting…', inputSchema: {} }, () => ({
-        content: [],
-    }));
     s.registerResource('_planu_boot', '_planu://boot', {}, () => ({ contents: [] }));
     s.registerPrompt('_planu_boot', { title: 'Planu Boot', description: 'Internal prompt handler bootstrap', argsSchema: {} }, () => ({
         messages: [],
@@ -59,13 +57,13 @@ function createMcpServer() {
 }
 // Primary server instance — created immediately at module load with minimal deps.
 const server = createMcpServer();
-// Loads all modules and registers tools after the MCP handshake has completed.
+// Loads post-handshake modules after the MCP handshake has completed.
 // Separated from main() to keep main() within the 80-line function budget.
-async function setupPostHandshake(handshakeGate) {
+async function setupPostHandshake(handshakeGate, officialToolNames) {
     // Wait for initialize + notifications/initialized before firing any notifications.
     await handshakeGate;
     const envKey = process.env.SDD_LICENSE_KEY;
-    const [{ bootstrapAutopilotHandlers }, { registerAgentSquadHandlers }, { startupSync }, { checkForUpdates }, { setConnectedClient }, { handleActivateLicense }, { GroupManager }, { setGroupManager }, { registerSddTools, OFFICIAL_SDD_TOOL_NAMES },] = await Promise.all([
+    const [{ bootstrapAutopilotHandlers }, { registerAgentSquadHandlers }, { startupSync }, { checkForUpdates }, { setConnectedClient }, { handleActivateLicense }, { GroupManager }, { setGroupManager },] = await Promise.all([
         import('./engine/autopilot/bootstrap.js'),
         import('./tools/register-agent-squad-tools.js'),
         import('./tools/sync-spec-state-handler.js'),
@@ -74,7 +72,6 @@ async function setupPostHandshake(handshakeGate) {
         import('./tools/activate-license.js'),
         import('./engine/tool-groups/group-manager.js'),
         import('./tools/tool-group-handler.js'),
-        import('./tools/register-sdd-tools.js'),
     ]);
     // SPEC-450: Wire autopilot trigger rules to the event bus
     bootstrapAutopilotHandlers();
@@ -121,9 +118,6 @@ async function setupPostHandshake(handshakeGate) {
             });
         }
     }
-    // Register the single official SDD MCP surface and UX surfaces.
-    registerSddTools(server);
-    getRegisteredTools().get('_planu_boot')?.disable();
     try {
         const { registerPlanuMcpResources, registerPlanuMcpPrompts } = await import('./hosts/claude-code/ux/index.js');
         registerPlanuMcpResources(server);
@@ -138,7 +132,7 @@ async function setupPostHandshake(handshakeGate) {
         server.sendToolListChanged();
     });
     await groupManager.init();
-    for (const toolName of OFFICIAL_SDD_TOOL_NAMES) {
+    for (const toolName of officialToolNames) {
         toolMap.get(toolName)?.enable();
     }
     setGroupManager(groupManager);
@@ -147,9 +141,14 @@ async function setupPostHandshake(handshakeGate) {
 }
 // Start server
 async function main() {
-    // Dynamic imports keep startup lean — evaluated only after the process is alive.
-    const { selectTransport } = await import('./transports/transport-factory.js');
-    // Gate all heavy loading until the MCP handshake completes (initialize +
+    // Register the official tools before connecting transport. Some hosts cache the
+    // first tools/list response and do not reliably consume list_changed updates.
+    const [{ selectTransport }, { registerSddTools, OFFICIAL_SDD_TOOL_NAMES }] = await Promise.all([
+        import('./transports/transport-factory.js'),
+        import('./tools/register-sdd-tools.js'),
+    ]);
+    registerSddTools(server);
+    // Gate non-tool startup work until the MCP handshake completes (initialize +
     // notifications/initialized). This guarantees the initialize response goes out
     // before any notifications/tools/list_changed events, which is required by the
     // MCP protocol. Without this gate module evaluation (synchronous, ~3-4 s) blocks
@@ -175,9 +174,8 @@ async function main() {
     await new Promise((res) => {
         setImmediate(res);
     });
-    // Fire-and-forget: setupPostHandshake awaits the gate then loads everything.
-    // Module loading starts NOW — after initialize is already handled above.
-    void setupPostHandshake(handshakeGate);
+    // Fire-and-forget: setupPostHandshake awaits the gate before optional startup work.
+    void setupPostHandshake(handshakeGate, OFFICIAL_SDD_TOOL_NAMES);
 }
 process.on('uncaughtException', (error) => {
     /* v8 ignore next 1 */

package/dist/tools/create-spec/autopilot-analyzer.js

@@ -71,7 +71,6 @@ export async function analyzeProjectForSpec(projectPath, description, title, kno
     // Detect stack patterns and suggest relevant criteria
     if (knowledge) {
         result.detectedPatterns = detectPatterns(knowledge, description);
-        result.suggestedCriteria = generatePatternCriteria(result.detectedPatterns, knowledge);
     }
     return result;
 }
@@ -196,42 +195,4 @@ function detectPatterns(knowledge, description) {
     }
     return patterns;
 }
-/** Generate stack-specific criteria based on detected patterns — GIVEN/WHEN/THEN format. */
-function generatePatternCriteria(patterns, _knowledge) {
-    const criteria = [];
-    for (const pattern of patterns) {
-        switch (pattern) {
-            case 'database':
-                criteria.push('GIVEN migration WHEN applied to the database THEN target table exists with columns [id, created_at] and correct data types');
-                break;
-            case 'supabase':
-                criteria.push('GIVEN unauthenticated request WHEN RLS policy is active on the table THEN query returns empty array instead of data');
-                criteria.push('GIVEN schema change WHEN supabase gen types runs THEN TypeScript types reflect the new columns without manual edits');
-                break;
-            case 'api-endpoint':
-                criteria.push('GIVEN POST handler WHEN called with invalid body (missing required field) THEN returns {status: 400, error: string}');
-                criteria.push('GIVEN POST handler WHEN called with valid body THEN validates input with Zod schema before processing');
-                break;
-            case 'authentication':
-                criteria.push('GIVEN endpoint WHEN called with no Authorization header THEN returns {status: 401}');
-                break;
-            case 'react-components':
-                criteria.push('GIVEN component WHEN rendered THEN has role attribute and aria-label set correctly for screen readers');
-                break;
-            case 'nextjs-pages':
-                criteria.push('GIVEN page component WHEN rendered THEN uses Server Component (no "use client" directive) where data-fetching occurs');
-                break;
-            case 'testing':
-                criteria.push('GIVEN test file WHEN run with vitest THEN coverage >= threshold defined in vitest.config for branches and lines');
-                break;
-            // SPEC-535: EU AI Act Article 53-55 compliance criteria for foundation model features
-            case 'llm-feature':
-                criteria.push('GIVEN the feature uses a foundation model WHEN the spec is implemented THEN spec.md documents in its inline Technical section: model name, provider (Anthropic/OpenAI/Google), and access date — required by EU AI Act Article 53(1)(a)');
-                criteria.push('GIVEN EU users interact with this feature WHEN the feature is deployed THEN an acceptable use policy is visible before the first AI interaction — required by EU AI Act Article 53(1)(c)');
-                criteria.push("GIVEN the feature processes user-generated content via LLM WHEN any EU user's data is involved THEN the privacy notice explicitly states LLM processing and links to the model provider's data processing terms");
-                break;
-        }
-    }
-    return criteria;
-}
 //# sourceMappingURL=autopilot-analyzer.js.map

package/dist/tools/create-spec.js

@@ -24,7 +24,6 @@ import { analyzeProjectForSpec, getEmptyAutopilotResult, } from './create-spec/a
 import { AutopilotSummaryCollector } from '../engine/autopilot/summary-collector.js';
 import { trackCost } from '../engine/cost-tracking/operation-tracker.js';
 import { analyzeSimplicity } from '../engine/simplicity-detector.js';
-import { filterCriteriaByTags } from '../engine/acceptance-criteria-injector/criteria-filter.js';
 import { withBudget, unwrapBudget, withTotalBudget } from '../engine/timing/budget.js';
 import { measureStep } from '../engine/timing/structured-log.js';
 import { resolveProjectIdOrAutoDetect } from './resolve-project-id.js';
@@ -514,8 +513,7 @@ export async function handleCreateSpec(inputParams, server) {
                 }
                 // Create spec directory and write lean files (SPEC-461)
                 await measureStep('mkdir-specDir', () => mkdir(specDir, { recursive: true }));
-                // SPEC-586: Filter suggested criteria by spec tags/target/scope before injection
-                const filteredCriteria = await filterCriteriaByTags(autopilot.suggestedCriteria, spec.tags, spec.target, spec.scope).catch(() => autopilot.suggestedCriteria);
+                const filteredCriteria = autopilot.suggestedCriteria;
                 const technologyContract = await readTechnologySelectionContract(params.projectPath ?? '');
                 const contractNote = technologyContract
                     ? [

package/dist/types/index.d.ts

@@ -236,7 +236,6 @@ export * from './observatory.js';
 export * from './orphan-spec-refs.js';
 export * from './session-safeguard.js';
 export * from './impact-detection.js';
-export * from './criteria-injection.js';
 export * from './gemini.js';
 export * from './claude-code-runtime.js';
 export * from './claude-code-ux.js';

package/dist/types/index.js

@@ -233,7 +233,6 @@ export * from './observatory.js';
 export * from './orphan-spec-refs.js';
 export * from './session-safeguard.js';
 export * from './impact-detection.js';
-export * from './criteria-injection.js';
 export * from './gemini.js';
 export * from './claude-code-runtime.js';
 export * from './claude-code-ux.js';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@planu/cli",
-  "version": "4.3.14",
+  "version": "4.3.16",
   "description": "Planu — MCP Server for Spec Driven Development with native Rust acceleration for hot paths. Cross-platform (Linux/macOS/Windows, x64/arm64, glibc/musl).",
   "type": "module",
   "main": "dist/index.js",
@@ -34,14 +34,14 @@
     "packageName": "@planu/core"
   },
   "optionalDependencies": {
-    "@planu/core-darwin-arm64": "4.3.14",
-    "@planu/core-darwin-x64": "4.3.14",
-    "@planu/core-linux-arm64-gnu": "4.3.14",
-    "@planu/core-linux-arm64-musl": "4.3.14",
-    "@planu/core-linux-x64-gnu": "4.3.14",
-    "@planu/core-linux-x64-musl": "4.3.14",
-    "@planu/core-win32-arm64-msvc": "4.3.14",
-    "@planu/core-win32-x64-msvc": "4.3.14"
+    "@planu/core-darwin-arm64": "4.3.16",
+    "@planu/core-darwin-x64": "4.3.16",
+    "@planu/core-linux-arm64-gnu": "4.3.16",
+    "@planu/core-linux-arm64-musl": "4.3.16",
+    "@planu/core-linux-x64-gnu": "4.3.16",
+    "@planu/core-linux-x64-musl": "4.3.16",
+    "@planu/core-win32-arm64-msvc": "4.3.16",
+    "@planu/core-win32-x64-msvc": "4.3.16"
   },
   "engines": {
     "node": ">=24.0.0"

package/planu-native.json

@@ -1,7 +1,7 @@
 {
   "name": "dev.planu.native",
   "displayName": "Planu Native Lightweight Surface",
-  "version": "4.3.14",
+  "version": "4.3.16",
   "packageName": "@planu/cli",
   "modes": {
     "lightweight": {

package/planu-plugin.json

@@ -2,7 +2,7 @@
   "name": "dev.planu.cli",
   "displayName": "Planu — Spec Driven Development",
   "description": "Manage software specs, estimations, and autonomous SDD workflows. Language-agnostic MCP server for Claude Code.",
-  "version": "4.3.14",
+  "version": "4.3.16",
   "icon": "assets/plugin/icon.svg",
   "command": ["npx", "@planu/cli@latest"],
   "packageName": "@planu/cli",

package/dist/config/criteria-injection-rules.json

@@ -1,82 +0,0 @@
-{
-  "version": 1,
-  "rules": [
-    {
-      "id": "eu-ai-act-53-1a",
-      "criterion": "GIVEN the feature uses a foundation model WHEN the spec is implemented THEN spec.md documents in its inline Technical section: model name, provider, and access date — EU AI Act Article 53(1)(a)",
-      "requiresTags": ["llm", "foundation-model", "ai-feature"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "eu-ai-act-53-1c",
-      "criterion": "GIVEN EU users interact with this feature WHEN the feature is deployed THEN an acceptable use policy is visible before the first AI interaction — required by EU AI Act Article 53(1)(c)",
-      "requiresTags": ["llm", "foundation-model", "ai-feature"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "eu-ai-act-privacy",
-      "criterion": "GIVEN the feature processes user-generated content via LLM WHEN any EU user's data is involved THEN the privacy notice explicitly states LLM processing and links to the model provider's data processing terms",
-      "requiresTags": ["llm", "foundation-model", "ai-feature"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "vitest-coverage",
-      "criterion": "GIVEN test file WHEN run with vitest THEN coverage >= threshold defined in vitest.config for branches and lines",
-      "requiresTags": [],
-      "requiresTargets": ["backend", "frontend", "shared", "fullstack"],
-      "requiresScopes": []
-    },
-    {
-      "id": "db-migration",
-      "criterion": "GIVEN migration WHEN applied to the database THEN target table exists with columns [id, created_at] and correct data types",
-      "requiresTags": ["database", "migration"],
-      "requiresTargets": ["database"],
-      "requiresScopes": []
-    },
-    {
-      "id": "api-zod-invalid",
-      "criterion": "GIVEN POST handler WHEN called with invalid body THEN returns {status: 400, error: string}",
-      "requiresTags": ["api", "endpoint", "http"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "api-zod-valid",
-      "criterion": "GIVEN POST handler WHEN called with valid body THEN validates input with Zod schema before processing",
-      "requiresTags": ["api", "endpoint", "http"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "otel-http-metrics",
-      "criterion": "GIVEN HTTP requests WHEN the service runs THEN histogram http.server.request.duration records P50/P95/P99 latency with http.method, http.status_code, and http.route attributes",
-      "requiresTags": ["otel", "observability", "monitoring"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "otel-traces",
-      "criterion": "GIVEN any inbound request WHEN processed THEN a trace span is created with service.name, trace_id, and span_id attributes exported to the configured OTel collector",
-      "requiresTags": ["otel", "observability", "monitoring"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "resilience-retry",
-      "criterion": "GIVEN an external service call WHEN the call fails with a transient error THEN the client retries up to 3 times with exponential backoff before returning an error",
-      "requiresTags": ["resilience", "reliability"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    },
-    {
-      "id": "resilience-circuit-breaker",
-      "criterion": "GIVEN repeated failures from an external dependency WHEN the failure rate exceeds 50% in a 10s window THEN the circuit breaker opens and fast-fails subsequent calls for 30s",
-      "requiresTags": ["resilience", "reliability"],
-      "requiresTargets": [],
-      "requiresScopes": []
-    }
-  ]
-}

package/dist/engine/acceptance-criteria-injector/criteria-filter.d.ts

@@ -1,12 +0,0 @@
-/** Invalidate the rules cache (useful in tests). */
-export declare function clearRulesCache(): void;
-/**
- * Filter a list of candidate criteria against the injection rules.
- * Returns only criteria that pass the tag/target/scope gate.
- */
-export declare function filterCriteriaByTags(candidates: string[], specTags: string[], specTarget: string, specScope: string): Promise<string[]>;
-/**
- * Check whether the EU AI Act criteria should be injected for this spec.
- */
-export declare function shouldInjectEuAiActCriteria(specTags: string[]): Promise<boolean>;
-//# sourceMappingURL=criteria-filter.d.ts.map

package/dist/engine/acceptance-criteria-injector/criteria-filter.js

@@ -1,60 +0,0 @@
-// engine/acceptance-criteria-injector/criteria-filter.ts — SPEC-586: Tag-aware criteria filter
-import { readFile } from 'node:fs/promises';
-import { join, dirname } from 'node:path';
-import { fileURLToPath } from 'node:url';
-let cachedRules = null;
-const RULES_PATH = join(dirname(fileURLToPath(import.meta.url)), '../../config/criteria-injection-rules.json');
-async function loadRules() {
-    if (cachedRules !== null) {
-        return cachedRules;
-    }
-    try {
-        const content = await readFile(RULES_PATH, 'utf-8');
-        const parsed = JSON.parse(content);
-        cachedRules = parsed.rules;
-        return cachedRules;
-    }
-    catch {
-        return [];
-    }
-}
-/** Invalidate the rules cache (useful in tests). */
-export function clearRulesCache() {
-    cachedRules = null;
-}
-function ruleApplies(rule, specTags, specTarget, specScope) {
-    const tagsMatch = rule.requiresTags.length === 0 || rule.requiresTags.some((t) => specTags.includes(t));
-    const targetsMatch = rule.requiresTargets.length === 0 || rule.requiresTargets.includes(specTarget);
-    const scopesMatch = rule.requiresScopes.length === 0 || rule.requiresScopes.includes(specScope);
-    return tagsMatch && targetsMatch && scopesMatch;
-}
-/**
- * Filter a list of candidate criteria against the injection rules.
- * Returns only criteria that pass the tag/target/scope gate.
- */
-export async function filterCriteriaByTags(candidates, specTags, specTarget, specScope) {
-    const rules = await loadRules();
-    if (rules.length === 0) {
-        return candidates;
-    }
-    return candidates.filter((criterion) => {
-        const matchingRule = rules.find((r) => criterion.toLowerCase().includes(r.criterion.toLowerCase().slice(0, 40)) ||
-            r.criterion.toLowerCase().includes(criterion.toLowerCase().slice(0, 40)));
-        if (!matchingRule) {
-            return true;
-        }
-        return ruleApplies(matchingRule, specTags, specTarget, specScope);
-    });
-}
-/**
- * Check whether the EU AI Act criteria should be injected for this spec.
- */
-export async function shouldInjectEuAiActCriteria(specTags) {
-    const rules = await loadRules();
-    const euRule = rules.find((r) => r.id === 'eu-ai-act-53-1a');
-    if (!euRule) {
-        return true;
-    }
-    return euRule.requiresTags.some((t) => specTags.includes(t));
-}
-//# sourceMappingURL=criteria-filter.js.map

package/dist/types/criteria-injection.d.ts

@@ -1,12 +0,0 @@
-export interface InjectionRule {
-    id: string;
-    criterion: string;
-    requiresTags: string[];
-    requiresTargets: string[];
-    requiresScopes: string[];
-}
-export interface RulesFile {
-    version: number;
-    rules: InjectionRule[];
-}
-//# sourceMappingURL=criteria-injection.d.ts.map

package/dist/types/criteria-injection.js

@@ -1,3 +0,0 @@
-// types/criteria-injection.ts — SPEC-586: Criteria injection rule types
-export {};
-//# sourceMappingURL=criteria-injection.js.map