npm - @wipcomputer/wip-ai-devops-toolbox - Versions diffs - 1.9.44 → 1.9.45 - Mend

@wipcomputer/wip-ai-devops-toolbox 1.9.44 → 1.9.45

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (18) hide show

package/CHANGELOG.md +28 -0
package/SKILL.md +1 -1
package/_trash/RELEASE-NOTES-v1-9-45.md +25 -0
package/package.json +1 -1
package/tools/deploy-public/package.json +1 -1
package/tools/post-merge-rename/package.json +1 -1
package/tools/wip-branch-guard/guard.mjs +41 -5
package/tools/wip-branch-guard/package.json +1 -1
package/tools/wip-file-guard/guard.mjs +28 -3
package/tools/wip-file-guard/package.json +1 -1
package/tools/wip-license-guard/package.json +1 -1
package/tools/wip-license-hook/package.json +1 -1
package/tools/wip-readme-format/package.json +1 -1
package/tools/wip-release/package.json +1 -1
package/tools/wip-repo-init/package.json +1 -1
package/tools/wip-repo-permissions-hook/package.json +1 -1
package/tools/wip-repos/package.json +1 -1
package/tools/wip-universal-installer/package.json +1 -1

package/CHANGELOG.md CHANGED Viewed

@@ -31,6 +31,34 @@
+## 1.9.45 (2026-03-18)
+# Release Notes: wip-ai-devops-toolbox v1.9.45
+**Guard now teaches the workflow instead of just blocking.**
+## What changed
+- **Branch guard error messages overhauled (#213).** When the guard blocks a write on main, it now shows the full 8-step process: worktree, branch, commit, push, PR, merge, wip-release, deploy-public. Includes the lesson that release notes go on the feature branch, not as a separate PR.
+- **Separate error for "on branch but not in worktree."** Tells the agent to go back to main and create a worktree properly.
+- **CLAUDE.md added to shared state allowlist.** Was patched in the deployed guard but missing from source. Now in sync.
+## Why
+Agents kept getting blocked by the guard and then trying workarounds instead of following the process. The error message said "Use a worktree" but didn't explain the full workflow. Today's session hit this 5+ times. The guard works. The gap was agent knowledge.
+## Issues closed
+- #213
+- #256
+## How to verify
+```bash
+# In any repo on main, try to edit a file. The error should show the full workflow.
+# In any repo on a branch (not worktree), try to edit. Should show worktree instructions.
+```
 ## 1.9.44 (2026-03-17)

package/SKILL.md CHANGED Viewed

@@ -5,7 +5,7 @@ license: MIT
 interface: [cli, module, mcp, skill, hook, plugin]
 metadata:
   display-name: "WIP AI DevOps Toolbox"
-  version: "1.9.44"
+  version: "1.9.45"
   homepage: "https://github.com/wipcomputer/wip-ai-devops-toolbox"
   author: "Parker Todd Brooks"
   category: dev-tools

package/_trash/RELEASE-NOTES-v1-9-45.md ADDED Viewed

@@ -0,0 +1,25 @@
+# Release Notes: wip-ai-devops-toolbox v1.9.45
+**Guard now teaches the workflow instead of just blocking.**
+## What changed
+- **Branch guard error messages overhauled (#213).** When the guard blocks a write on main, it now shows the full 8-step process: worktree, branch, commit, push, PR, merge, wip-release, deploy-public. Includes the lesson that release notes go on the feature branch, not as a separate PR.
+- **Separate error for "on branch but not in worktree."** Tells the agent to go back to main and create a worktree properly.
+- **CLAUDE.md added to shared state allowlist.** Was patched in the deployed guard but missing from source. Now in sync.
+## Why
+Agents kept getting blocked by the guard and then trying workarounds instead of following the process. The error message said "Use a worktree" but didn't explain the full workflow. Today's session hit this 5+ times. The guard works. The gap was agent knowledge.
+## Issues closed
+- #213
+- #256
+## How to verify
+```bash
+# In any repo on main, try to edit a file. The error should show the full workflow.
+# In any repo on a branch (not worktree), try to edit. Should show worktree instructions.
+```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-ai-devops-toolbox",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "The complete AI DevOps toolkit for AI-assisted development teams.",
   "license": "MIT",

package/tools/deploy-public/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/deploy-public",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "Private-to-public repo sync. Excludes ai/ folder, creates PR, merges, cleans up branches.",
   "bin": {
     "deploy-public": "./deploy-public.sh"

package/tools/post-merge-rename/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/post-merge-rename",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "Post-merge branch renaming. Appends --merged-YYYY-MM-DD to preserve history.",
   "bin": {
     "post-merge-rename": "./post-merge-rename.sh"

package/tools/wip-branch-guard/guard.mjs CHANGED Viewed

@@ -91,6 +91,28 @@ const ALLOWED_BASH_PATTERNS = [
   /\bclaude\s+mcp\b/,          // MCP registration, not repo files
 ];
+// Workflow steps for error messages (#213)
+const WORKFLOW_ON_MAIN = `
+The process: worktree -> branch -> commit -> push -> PR -> merge -> wip-release -> deploy-public.
+Step 1: git worktree add ../my-worktree -b cc-mini/your-feature
+Step 2: Edit files in the worktree
+Step 3: git add + git commit (with co-authors)
+Step 4: git push -u origin cc-mini/your-feature
+Step 5: gh pr create, then gh pr merge --merge --delete-branch
+Step 6: Back in main repo: git pull
+Step 7: wip-release patch (with RELEASE-NOTES on the branch, not after)
+Step 8: deploy-public.sh to sync public repo
+Release notes go ON the feature branch, committed with the code. Not as a separate PR.`.trim();
+const WORKFLOW_NOT_WORKTREE = `
+You're on a branch but not in a worktree. Use a worktree so the main working tree stays clean.
+Step 1: git checkout main (go back to main first)
+Step 2: git worktree add ../my-worktree -b your-branch-name
+Step 3: Edit files in the worktree directory`.trim();
 function deny(reason) {
   const output = {
     hookSpecificOutput: {
@@ -265,17 +287,31 @@ async function main() {
         BLOCKED_BASH_PATTERNS.some(p => p.test(command)) &&
         !ALLOWED_BASH_PATTERNS.some(p => p.test(command)));
     if (isWriteOp) {
-      deny(`BLOCKED: On branch "${branch}" but not in a worktree. Use: git worktree add ../my-worktree -b ${branch}`);
+      deny(`BLOCKED: On branch "${branch}" but not in a worktree.\n\n${WORKFLOW_NOT_WORKTREE}`);
       process.exit(0);
     }
     process.exit(0);
   }
-  // We're on main. Check if this is a write operation.
+  // We're on main. Check if this is a shared state file (always writable).
+  // These are not code. They're shared context between agents.
+  const SHARED_STATE_PATTERNS = [
+    /CLAUDE\.md$/,
+    /workspace\/SHARED-CONTEXT\.md$/,
+    /workspace\/memory\/.*\.md$/,
+    /\.ldm\/agents\/.*\/memory\/daily\/.*\.md$/,
+    /\.ldm\/memory\/shared-log\.jsonl$/,
+    /\.ldm\/memory\/daily\/.*\.md$/,
+    /\.ldm\/logs\//,
+  ];
+  if (filePath && SHARED_STATE_PATTERNS.some(p => p.test(filePath))) {
+    process.exit(0); // Shared state, always allow
+  }
   // Block Write/Edit tools entirely on main
   if (WRITE_TOOLS.has(toolName)) {
-    deny(`BLOCKED: Cannot ${toolName} while on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
+    deny(`BLOCKED: Cannot ${toolName} while on main branch.\n\n${WORKFLOW_ON_MAIN}`);
     process.exit(0);
   }
@@ -297,7 +333,7 @@ async function main() {
           if (ap.test(command)) { isAllowed = true; break; }
         }
         if (!isAllowed) {
-          deny(`BLOCKED: Cannot run "${command.substring(0, 60)}..." on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
+          deny(`BLOCKED: Cannot run "${command.substring(0, 60)}..." on main branch.\n\n${WORKFLOW_ON_MAIN}`);
           process.exit(0);
         }
       }
@@ -312,7 +348,7 @@ async function main() {
           if (ap.test(command)) { isAllowed = true; break; }
         }
         if (!isAllowed) {
-          deny(`BLOCKED: Cannot run file-modifying command on main branch. Use a worktree: git worktree add ../my-worktree -b cc-mini/your-feature`);
+          deny(`BLOCKED: Cannot run file-modifying command on main branch.\n\n${WORKFLOW_ON_MAIN}`);
           process.exit(0);
         }
       }

package/tools/wip-branch-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-branch-guard",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "PreToolUse hook that blocks all writes on main branch. Forces agents to work on branches or worktrees.",
   "type": "module",
   "main": "guard.mjs",

package/tools/wip-file-guard/guard.mjs CHANGED Viewed

@@ -36,6 +36,26 @@ export const PROTECTED_PATTERNS = [
   /daily.*log/i,
 ];
+// Shared state files: protected from Write but allow larger Edit replacements.
+// These are actively edited by both agents every session.
+const SHARED_STATE_FILES = new Set([
+  'SHARED-CONTEXT.md',
+]);
+// Daily logs and workspace memory: allow creation and larger edits
+const SHARED_STATE_PATHS = [
+  /workspace\/memory\/\d{4}-\d{2}-\d{2}\.md$/,
+  /\.ldm\/agents\/.*\/memory\/daily\/.*\.md$/,
+  /\.ldm\/memory\/daily\/.*\.md$/,
+  /\.ldm\/memory\/shared-log\.jsonl$/,
+];
+function isSharedState(filePath) {
+  const name = basename(filePath);
+  if (SHARED_STATE_FILES.has(name)) return true;
+  return SHARED_STATE_PATHS.some(p => p.test(filePath));
+}
 function isProtected(filePath) {
   const name = basename(filePath);
   if (PROTECTED.has(name)) return name;
@@ -116,14 +136,19 @@ async function main() {
     const newLines = countLines(newString);
     const removed = oldLines - newLines;
-    // Block net removal of more than 2 lines
-    if (removed > 2) {
+    // Shared state files get higher limits (updated every session by both agents)
+    const isShared = isSharedState(filePath);
+    const maxRemoval = isShared ? 20 : 2;
+    const maxReplace = isShared ? 30 : 4;
+    // Block net removal beyond limit
+    if (removed > maxRemoval) {
       deny(`BLOCKED: You are removing ${removed} lines from ${match} (old: ${oldLines} lines, new: ${newLines} lines). Re-read the file and add content instead of replacing it.`);
       process.exit(0);
     }
     // Block large replacements (swapping big chunks even if line count is similar)
-    if (oldLines > 4 && oldString !== newString) {
+    if (oldLines > maxReplace && oldString !== newString) {
       deny(`BLOCKED: You are replacing ${oldLines} lines in ${match}. Edit smaller sections or append new content instead of replacing existing content.`);
       process.exit(0);
     }

package/tools/wip-file-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-file-guard",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "Hook that blocks destructive edits to protected identity files. For Claude Code CLI and OpenClaw.",
   "main": "guard.mjs",

package/tools/wip-license-guard/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-guard",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "License compliance for your own repos. Ensures correct copyright, dual-license blocks, and LICENSE files.",
   "type": "module",
   "bin": {

package/tools/wip-license-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-license-hook",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "License rug-pull detection and dependency license compliance for open source projects",
   "type": "module",
   "main": "dist/cli/index.js",

package/tools/wip-readme-format/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-readme-format",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "Reformat any repo's README to follow the WIP Computer standard. Agent-first, human-readable.",
   "type": "module",
   "bin": {

package/tools/wip-release/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-release",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "One-command release pipeline. Bumps version, updates changelog + SKILL.md, publishes to npm + GitHub.",
   "main": "core.mjs",

package/tools/wip-repo-init/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-init",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "description": "Scaffold the standard ai/ directory structure in any repo",
   "type": "module",
   "bin": {

package/tools/wip-repo-permissions-hook/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repo-permissions-hook",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "Repo visibility guard. Blocks repos from going public without a -private counterpart.",
   "main": "core.mjs",

package/tools/wip-repos/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/wip-repos",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "Repo manifest reconciler. Single source of truth for repo organization. Like prettier for folder structure.",
   "main": "core.mjs",

package/tools/wip-universal-installer/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@wipcomputer/universal-installer",
-  "version": "1.9.44",
+  "version": "1.9.45",
   "type": "module",
   "description": "The Universal Interface specification for agent-native software. Teaches your AI how to build repos with every interface: CLI, Module, MCP Server, OpenClaw Plugin, Skill, Claude Code Hook.",
   "main": "detect.mjs",