npm - @windyroad/architect - Versions diffs - 0.15.0 → 0.15.1-preview.564 - Mend

@windyroad/architect 0.15.0 → 0.15.1-preview.564

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/.claude-plugin/plugin.json +1 -1
package/hooks/architect-detect.sh +6 -1
package/hooks/architect-enforce-edit.sh +14 -2
package/hooks/architect-mark-reviewed.sh +7 -2
package/hooks/architect-plan-enforce.sh +7 -1
package/hooks/architect-refresh-hash.sh +7 -2
package/hooks/lib/architect-gate.sh +5 -2
package/hooks/test/architect-project-root.bats +37 -0
package/package.json +1 -1

package/.claude-plugin/plugin.json CHANGED Viewed

@@ -123,5 +123,5 @@
     }
   },
   "name": "wr-architect",
-  "version": "0.15.0"
+  "version": "0.15.1"
 }

package/hooks/architect-detect.sh CHANGED Viewed

@@ -16,7 +16,12 @@ source "$SCRIPT_DIR/lib/session-marker.sh"
 INPUT=$(cat)
 SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // empty' 2>/dev/null || echo "")
-if [ -d "docs/decisions" ]; then
+# P191 Phase 2: anchor docs/decisions on the project root, not the hook's
+# runtime CWD (see architect-enforce-edit.sh). A false-negative here silently
+# drops the delegation-instruction injection that primes the architect gate.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
+if [ -d "$PROJECT_DIR/docs/decisions" ]; then
   if has_announced "architect" "$SESSION_ID"; then
     cat <<'HOOK_OUTPUT'
 MANDATORY architecture gate active (docs/decisions/ present). Delegate to wr-architect:agent before editing project files. See turn-1 instructions for full scope and exclusions.

package/hooks/architect-enforce-edit.sh CHANGED Viewed

@@ -6,6 +6,18 @@
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 source "$SCRIPT_DIR/lib/architect-gate.sh"
+# P191 Phase 2: resolve the project root from the session signal, not the
+# hook's runtime CWD. Claude Code can launch the hook with a working directory
+# that differs from the session/project dir while still exporting
+# CLAUDE_PROJECT_DIR (and a $PWD env var) pointing at the project. A relative
+# `[ -d "docs/decisions" ]` then false-negatives even though docs/decisions is
+# present — and because this gate fails OPEN (exit 0) on a missing decisions
+# dir, the misfire silently DEACTIVATES the architect gate and edits bypass
+# review (a governance hole, strictly worse than the JTBD gate's fail-closed
+# nuisance fixed in P191 Phase 1). Anchor every project-relative check on
+# PROJECT_DIR. Pattern mirrors architect-oversight-nudge.sh.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
 INPUT=$(cat)
 FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty') || true
@@ -25,14 +37,14 @@ fi
 case "$FILE_PATH" in
   /*)
     case "$FILE_PATH" in
-      "$PWD"/*) ;;
+      "$PROJECT_DIR"/*) ;;
       *) exit 0 ;;
     esac
     ;;
 esac
 # Only gate if the project has architecture decisions
-if [ ! -d "docs/decisions" ]; then
+if [ ! -d "$PROJECT_DIR/docs/decisions" ]; then
   exit 0
 fi

package/hooks/architect-mark-reviewed.sh CHANGED Viewed

@@ -7,6 +7,11 @@
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 source "$SCRIPT_DIR/lib/gate-helpers.sh"
+# P191 Phase 2: anchor docs/decisions on the project root, not the hook's
+# runtime CWD (see architect-enforce-edit.sh). A false-negative here never
+# stores the marker hash, desynchronising the enforce gate's drift check.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
 _parse_input
 TOOL_NAME=$(_get_tool_name)
@@ -51,8 +56,8 @@ case "$SUBAGENT" in
     # Store decision hash for drift detection
     if [ -f "/tmp/architect-reviewed-${SESSION_ID}" ]; then
-      if [ -d "docs/decisions" ]; then
-        HASH=$(find docs/decisions -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
+      if [ -d "$PROJECT_DIR/docs/decisions" ]; then
+        HASH=$(find "$PROJECT_DIR/docs/decisions" -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
       else
         HASH="none"
       fi

package/hooks/architect-plan-enforce.sh CHANGED Viewed

@@ -5,6 +5,12 @@
 SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
 source "$SCRIPT_DIR/lib/architect-gate.sh"
+# P191 Phase 2: anchor docs/decisions on the project root, not the hook's
+# runtime CWD (see architect-enforce-edit.sh). This gate also fails OPEN on a
+# missing decisions dir, so the CWD misfire silently lets ExitPlanMode through
+# without architect plan review.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
 INPUT=$(cat)
 SESSION_ID=$(echo "$INPUT" | jq -r '.session_id // empty') || true
@@ -15,7 +21,7 @@ if [ -z "$SESSION_ID" ]; then
 fi
 # Only gate if the project has architecture decisions
-if [ ! -d "docs/decisions" ]; then
+if [ ! -d "$PROJECT_DIR/docs/decisions" ]; then
   exit 0
 fi

package/hooks/architect-refresh-hash.sh CHANGED Viewed

@@ -7,6 +7,11 @@
 # Portable hash: tries md5sum, falls back to md5 -r, then shasum
 _hashcmd() { md5sum 2>/dev/null || md5 -r 2>/dev/null || shasum 2>/dev/null; }
+# P191 Phase 2: anchor docs/decisions on the project root, not the hook's
+# runtime CWD (see architect-enforce-edit.sh). The refreshed hash must match
+# the enforce gate's drift-check hash, which is now project-root-anchored.
+PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
 INPUT=$(cat)
 FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // empty') || true
@@ -30,8 +35,8 @@ HASH_FILE="/tmp/architect-reviewed-${SESSION_ID}.hash"
 # Only refresh if a valid marker exists
 if [ -f "$MARKER" ] && [ -f "$HASH_FILE" ]; then
-  if [ -d "docs/decisions" ]; then
-    HASH=$(find docs/decisions -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
+  if [ -d "$PROJECT_DIR/docs/decisions" ]; then
+    HASH=$(find "$PROJECT_DIR/docs/decisions" -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
   else
     HASH="none"
   fi

package/hooks/lib/architect-gate.sh CHANGED Viewed

@@ -13,6 +13,9 @@ check_architect_gate() {
   local SESSION_ID="$1"
   local MARKER="/tmp/architect-reviewed-${SESSION_ID}"
   local TTL_SECONDS="${ARCHITECT_TTL:-3600}"
+  # P191 Phase 2: anchor the docs/decisions drift-hash on the project root,
+  # not the hook's runtime CWD (see architect-enforce-edit.sh for rationale).
+  local PROJECT_DIR="${CLAUDE_PROJECT_DIR:-$PWD}"
   if [ -n "$SESSION_ID" ] && [ -f "$MARKER" ]; then
     local NOW=$(date +%s)
@@ -24,8 +27,8 @@ check_architect_gate() {
       if [ -f "$HASH_FILE" ]; then
         local STORED=$(cat "$HASH_FILE")
         local CURRENT
-        if [ -d "docs/decisions" ]; then
-          CURRENT=$(find docs/decisions -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
+        if [ -d "$PROJECT_DIR/docs/decisions" ]; then
+          CURRENT=$(find "$PROJECT_DIR/docs/decisions" -name '*.md' -not -name 'README.md' -print0 | sort -z | xargs -0 cat 2>/dev/null | _hashcmd | cut -d' ' -f1)
         else
           CURRENT="none"
         fi

package/hooks/test/architect-project-root.bats CHANGED Viewed

@@ -42,3 +42,40 @@ run_hook_with_file() {
   [[ "$output" == *"BLOCKED"* ]]
   rm -rf "$TEST_DIR"
 }
+# P191 Phase 2: the architect gate must resolve docs/decisions from the
+# project root (CLAUDE_PROJECT_DIR), NOT the hook's actual runtime CWD. Claude
+# Code can launch the hook with a working directory that differs from the
+# session/project dir; a relative `[ ! -d "docs/decisions" ]` then
+# false-negatives and the gate FAILS OPEN (exit 0) — silently DEACTIVATING the
+# architect gate so edits bypass review. This is a governance hole, strictly
+# more severe than the JTBD gate's fail-closed nuisance (P191 Phase 1).
+@test "project-root: gate stays ACTIVE via CLAUDE_PROJECT_DIR when hook CWD differs (P191 Phase 2)" {
+  local proj other json
+  proj="$(mktemp -d)"
+  other="$(mktemp -d)"        # a CWD that does NOT contain docs/decisions
+  mkdir -p "$proj/docs/decisions"
+  echo "# ADR" > "$proj/docs/decisions/001-test.proposed.md"
+  json="{\"tool_input\":{\"file_path\":\"${proj}/src/index.ts\"},\"session_id\":\"test-session-$$\"}"
+  # Fire from `other` (wrong CWD) with CLAUDE_PROJECT_DIR set to the real
+  # project. Pre-fix this silently exited 0 (gate inactive, edit allowed);
+  # post-fix the gate is ACTIVE and denies for the missing review marker.
+  run env CLAUDE_PROJECT_DIR="$proj" bash -c "cd '$other' && printf '%s' '$json' | bash '$HOOK'"
+  rm -rf "$proj" "$other"
+  [[ "$output" == *"BLOCKED"* ]]
+  [[ "$output" == *"without architecture review"* ]]
+}
+# P191 Phase 2 regression guard: when docs/decisions genuinely does not exist
+# under the project root, the gate correctly stays INACTIVE (fail-open exit 0).
+# The fix narrows the false-negative; it must not start gating projects that
+# have no architecture decisions.
+@test "project-root: genuinely-absent docs/decisions stays inactive (fail-open preserved, P191 Phase 2)" {
+  local proj json
+  proj="$(mktemp -d)"         # no docs/decisions created
+  json="{\"tool_input\":{\"file_path\":\"${proj}/src/index.ts\"},\"session_id\":\"test-session-$$\"}"
+  run env CLAUDE_PROJECT_DIR="$proj" bash -c "printf '%s' '$json' | bash '$HOOK'"
+  rm -rf "$proj"
+  [ "$status" -eq 0 ]
+  [[ "$output" != *"BLOCKED"* ]]
+}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@windyroad/architect",
-  "version": "0.15.0",
+  "version": "0.15.1-preview.564",
   "description": "Architecture decision enforcement for AI coding agents",
   "bin": {
     "windyroad-architect": "./bin/install.mjs"