@vyuhlabs/dxkit 2.12.0 → 2.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +90 -0
- package/README.md +246 -287
- package/dist/allowlist/hint.d.ts +1 -1
- package/dist/allowlist/hint.d.ts.map +1 -1
- package/dist/allowlist/hint.js +6 -3
- package/dist/allowlist/hint.js.map +1 -1
- package/dist/baseline/check.d.ts +7 -0
- package/dist/baseline/check.d.ts.map +1 -1
- package/dist/baseline/check.js +3 -1
- package/dist/baseline/check.js.map +1 -1
- package/dist/cli.d.ts.map +1 -1
- package/dist/cli.js +101 -14
- package/dist/cli.js.map +1 -1
- package/dist/dashboard/graph-tab.d.ts.map +1 -1
- package/dist/dashboard/graph-tab.js +6 -3
- package/dist/dashboard/graph-tab.js.map +1 -1
- package/dist/doctor.d.ts.map +1 -1
- package/dist/doctor.js +13 -12
- package/dist/doctor.js.map +1 -1
- package/dist/generator.d.ts.map +1 -1
- package/dist/generator.js +8 -2
- package/dist/generator.js.map +1 -1
- package/dist/issue-cli.d.ts +1 -1
- package/dist/issue-cli.js +1 -1
- package/dist/loop/demo.d.ts +12 -0
- package/dist/loop/demo.d.ts.map +1 -0
- package/dist/loop/demo.js +331 -0
- package/dist/loop/demo.js.map +1 -0
- package/dist/loop/doctor.d.ts +37 -0
- package/dist/loop/doctor.d.ts.map +1 -0
- package/dist/loop/doctor.js +320 -0
- package/dist/loop/doctor.js.map +1 -0
- package/dist/loop/ledger-cli.d.ts +7 -0
- package/dist/loop/ledger-cli.d.ts.map +1 -0
- package/dist/loop/ledger-cli.js +95 -0
- package/dist/loop/ledger-cli.js.map +1 -0
- package/dist/loop/ledger.d.ts +95 -0
- package/dist/loop/ledger.d.ts.map +1 -0
- package/dist/loop/ledger.js +201 -0
- package/dist/loop/ledger.js.map +1 -0
- package/dist/loop/policy.d.ts +35 -0
- package/dist/loop/policy.d.ts.map +1 -0
- package/dist/loop/policy.js +151 -0
- package/dist/loop/policy.js.map +1 -0
- package/dist/loop/scaffold.d.ts +28 -0
- package/dist/loop/scaffold.d.ts.map +1 -0
- package/dist/loop/scaffold.js +224 -0
- package/dist/loop/scaffold.js.map +1 -0
- package/dist/loop/stop-gate.d.ts +71 -0
- package/dist/loop/stop-gate.d.ts.map +1 -0
- package/dist/loop/stop-gate.js +295 -0
- package/dist/loop/stop-gate.js.map +1 -0
- package/dist/self-invocation.d.ts +77 -0
- package/dist/self-invocation.d.ts.map +1 -0
- package/dist/self-invocation.js +157 -0
- package/dist/self-invocation.js.map +1 -0
- package/dist/ship-installers.d.ts.map +1 -1
- package/dist/ship-installers.js +8 -0
- package/dist/ship-installers.js.map +1 -1
- package/dist/types.d.ts +4 -0
- package/dist/types.d.ts.map +1 -1
- package/dist/update.d.ts.map +1 -1
- package/dist/update.js +22 -5
- package/dist/update.js.map +1 -1
- package/dist/upgrade.d.ts +3 -3
- package/dist/upgrade.d.ts.map +1 -1
- package/dist/upgrade.js +5 -4
- package/dist/upgrade.js.map +1 -1
- package/package.json +6 -4
- package/templates/.claude/skills/dxkit-config/SKILL.md +17 -0
- package/templates/.claude/skills/dxkit-init/SKILL.md +1 -0
- package/templates/.claude/skills/dxkit-learn/SKILL.md +17 -0
- package/templates/.claude/skills/dxkit-loop/SKILL.md +114 -0
- package/templates/.claude/skills/dxkit-onboard/SKILL.md +2 -0
- package/templates/.claude/skills/dxkit-update/SKILL.md +3 -0
package/CHANGELOG.md
CHANGED
|
@@ -7,6 +7,96 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
|
|
|
7
7
|
|
|
8
8
|
## [Unreleased]
|
|
9
9
|
|
|
10
|
+
## [2.13.1] - 2026-06-21
|
|
11
|
+
|
|
12
|
+
### Fixed — the loop Stop hook could fail on every stop when dxkit was not installed
|
|
13
|
+
|
|
14
|
+
The loop Stop hook (and the `.claude` PreToolUse context hook) invoke the
|
|
15
|
+
dxkit CLI as `npx vyuh-dxkit …`. That only resolves when dxkit is installed
|
|
16
|
+
in the repo (a devDependency or a global). When the loop was wired with a
|
|
17
|
+
pure-`npx @vyuhlabs/dxkit init --claude-loop` flow — no install — the hook
|
|
18
|
+
hit `npm error 404 'vyuh-dxkit' is not in this registry` on every stop,
|
|
19
|
+
because `vyuh-dxkit` is a binary name, not a package. `loop doctor` reported
|
|
20
|
+
the hook as wired even though it could not run.
|
|
21
|
+
|
|
22
|
+
- **`init --claude-loop` and `update` now declare `@vyuhlabs/dxkit` as a
|
|
23
|
+
devDependency** whenever they install an artifact that invokes the CLI (the
|
|
24
|
+
Stop hook, the context hook, the pre-push guardrail, or the CI guardrail),
|
|
25
|
+
so `npx vyuh-dxkit` resolves to a project-local binary. Skipped for
|
|
26
|
+
non-Node repos and when the dependency is already declared.
|
|
27
|
+
- **`loop doctor` now verifies the CLI actually resolves**, not just that the
|
|
28
|
+
hook string is present, and tells you to install dxkit when it does not.
|
|
29
|
+
- **The recommended loop setup installs dxkit first** via
|
|
30
|
+
`npm init @vyuhlabs/dxkit -- --claude-loop --yes`, which adds the
|
|
31
|
+
devDependency and registers the hook in one step.
|
|
32
|
+
|
|
33
|
+
### Changed — one canonical CLI invocation, one registry of self-invoking surfaces
|
|
34
|
+
|
|
35
|
+
Every generated artifact that runs the dxkit CLI now builds its command from
|
|
36
|
+
a single helper, and every such artifact is listed in one registry that
|
|
37
|
+
drives the devDependency wire-up and the doctor checks. Adding a new
|
|
38
|
+
auto-running surface can no longer silently skip either. Enforced by an
|
|
39
|
+
architecture check and a registry-injection test.
|
|
40
|
+
|
|
41
|
+
### Changed — positioning aligned to the Stop-gate
|
|
42
|
+
|
|
43
|
+
The package description, CLI banner, npm keywords, and the docs now lead with
|
|
44
|
+
the deterministic Stop-gate framing. The README loop quickstart installs
|
|
45
|
+
dxkit first, and the demo command is pinned to `@latest` so a stale global or
|
|
46
|
+
npx cache cannot run an older version that lacks the command.
|
|
47
|
+
|
|
48
|
+
### Changed — `demo loop-guardrail` now runs a real sandbox scan
|
|
49
|
+
|
|
50
|
+
The demo no longer prints a scripted scenario. When gitleaks is available it
|
|
51
|
+
generates a throwaway git repo, runs the real `baseline create`, introduces a
|
|
52
|
+
real hardcoded secret, and runs the real `guardrail check` — the same commands
|
|
53
|
+
a user runs — so the block→repair→clean walkthrough is an actual scan, not a
|
|
54
|
+
mock. Your repo is never touched. The fabricated "agent" dialogue is gone; when
|
|
55
|
+
gitleaks is absent it shows a clearly-labelled illustration and how to run the
|
|
56
|
+
real sandbox.
|
|
57
|
+
|
|
58
|
+
## [2.13.0] - 2026-06-18
|
|
59
|
+
|
|
60
|
+
### Loop pack — a deterministic Stop-gate for autonomous coding loops
|
|
61
|
+
|
|
62
|
+
When Claude Code runs in an autonomous loop (it keeps working until it
|
|
63
|
+
decides to stop), the new loop pack stops it from declaring "done" while it
|
|
64
|
+
has introduced net-new findings. It re-runs the guardrail on every Stop and
|
|
65
|
+
feeds any net-new findings back to the model for repair. The value is
|
|
66
|
+
predictability, not new detection — it bounds the "loop shipped debt and
|
|
67
|
+
never fixed it" failure mode using the findings, baseline, and identity
|
|
68
|
+
contract dxkit already computes.
|
|
69
|
+
|
|
70
|
+
- **`vyuh-dxkit init --claude-loop`** registers the Stop-gate hook. The
|
|
71
|
+
install is **additive**: it deep-merges the hook into an existing
|
|
72
|
+
`.claude/settings.json` (preserving your other hooks + permissions) and
|
|
73
|
+
appends a sentinel-delimited managed block to `CLAUDE.md` (never touching
|
|
74
|
+
your prose). Opt-in even under `--full`, because it registers a hook that
|
|
75
|
+
blocks the agent from stopping. Re-applied by `vyuh-dxkit update` on repos
|
|
76
|
+
that opted in.
|
|
77
|
+
- **Loop-scoped presets.** A `loop.preset` in `.dxkit/policy.json` decides
|
|
78
|
+
what blocks the loop: `security-only` (default — net-new secrets +
|
|
79
|
+
crit/high security + reachable dependency vulns) or `full-debt` (also
|
|
80
|
+
blocks test-gap + quality). It is read **only by the Stop-gate**; your CI
|
|
81
|
+
/ PR guardrail always uses the full policy, so the loop posture can't
|
|
82
|
+
silently weaken your CI gate. `security-only` is the default because a
|
|
83
|
+
block in a loop tells the model to *fix* the finding, and open-ended debt
|
|
84
|
+
(write tests / refactor until clear) would make an unattended agent grind.
|
|
85
|
+
- **`vyuh-dxkit loop doctor`** — preflight that verifies a loop is wired
|
|
86
|
+
safely before an unattended run (baseline present, Stop hook registered,
|
|
87
|
+
guardrail runnable, posture). Catches the silent-failure class: an
|
|
88
|
+
unregistered hook never fires, so the loop would run with no gate and no
|
|
89
|
+
error. Exits non-zero so a CI loop-setup step can gate on it.
|
|
90
|
+
- **`vyuh-dxkit loop ledger [show|summarize|clear]`** — an append-only audit
|
|
91
|
+
trail of every Stop event (`.dxkit/loop/ledger.jsonl`): blocked vs
|
|
92
|
+
allowed, net-new counts, and repaired-after-block sessions.
|
|
93
|
+
- **New `dxkit-loop` skill** plus loop-aware updates to `dxkit-config`,
|
|
94
|
+
`dxkit-learn`, `dxkit-update`, `dxkit-onboard`, and `dxkit-init` so the
|
|
95
|
+
loop is set up and operated conversationally through Claude Code.
|
|
96
|
+
- No baseline re-creation is needed; existing baselines and allowlists are
|
|
97
|
+
unaffected. The loop pack is opt-in — existing installs are unchanged
|
|
98
|
+
until they run `init --claude-loop`.
|
|
99
|
+
|
|
10
100
|
## [2.12.0] - 2026-06-17
|
|
11
101
|
|
|
12
102
|
### Guardrail: benign line shifts no longer read as net-new
|