agentic-sdlc-wizard 1.27.0 → 1.29.0

package/.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "sdlc-wizard",
       "source": ".",
       "description": "SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd",
-      "version": "1.27.0",
+      "version": "1.29.0",
       "author": {
         "name": "Stefan Ayala"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "sdlc-wizard",
-  "version": "1.27.0",
+  "version": "1.29.0",
   "description": "SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd",
   "author": {
     "name": "Stefan Ayala",

package/CHANGELOG.md

@@ -4,6 +4,49 @@ All notable changes to the SDLC Wizard.
 
 > **Note:** This changelog is for humans to read. Don't manually apply these changes - just run the wizard ("Check for SDLC wizard updates") and it handles everything automatically.
 
+## [1.29.0] - 2026-04-07
+
+### Added
+- Node 24 compliance across all GitHub Actions workflows (#93, PR #160)
+  - 5 action version bumps: checkout@v5, setup-node@v5, upload-artifact@v6, create-pull-request@v8, sticky-pull-request-comment@v3
+  - 2 third-party actions replaced with `gh` CLI: `int128/hide-comment-action` → GraphQL `minimizeComment`, `softprops/action-gh-release` → `gh release create`
+  - 4 node-version bumps from 20 to 22
+  - 13 new compliance regression tests (`test-node24-compliance.sh`)
+  - Expression injection P0 in release.yml caught by CI reviewer and fixed
+- Autocompact env var in settings.json (#88, PR #161)
+  - CLI now ships `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75` in `settings.json` `env` field (200K default)
+  - Smart merge preserves existing user env vars on upgrade; `--force` resets to defaults
+  - Handles malformed env values (arrays, strings) gracefully with type validation
+  - Setup wizard Step 9.5 references settings.json instead of shell profiles; 1M users guided to 30%
+  - 9 new tests (41 total CLI tests)
+- Effectiveness scoreboard (#80, PR #162)
+  - `.metrics/catches.jsonl`: 52 historical bug catches extracted from repo history
+  - `catch-analytics.sh`: DDE (Defect Detection Effectiveness) per layer, escape rates, severity breakdown
+  - Results: cross-model-review (48%) and self-review (46%) nearly tied; self-review missed 28 bugs caught downstream; all 3 P0s caught by cross-model or CI review
+  - 14 new quality tests (`test-effectiveness-scoreboard.sh`)
+  - Log automation deferred until analytics proven useful (prove-it gate)
+
+### Fixed
+- Expression injection in `release.yml`: `${{ github.ref_name }}` directly in `run:` shell command allowed tag-based code injection. Fixed by passing through `TAG_NAME` env var (P0, caught by CI reviewer)
+- `$TOTAL_` variable name collision in `catch-analytics.sh`: bash parsed as undefined variable `TOTAL_` instead of `$TOTAL` + underscore. Fixed with `${TOTAL}_` brace syntax (P0, caught by CI reviewer)
+
+## [1.28.0] - 2026-04-06
+
+### Added
+- Autocompact benchmarking methodology — first rigorous framework for testing `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE` thresholds (#92, PR #158)
+  - `AUTOCOMPACT_BENCHMARK.md`: experimental design, canary fact mechanism, cost estimation, limitations
+  - `tests/benchmarks/run-benchmark.sh`: parameterized harness with `--dry-run`, threshold validation, multi-turn session via `--resume`
+  - `tests/benchmarks/analyze-results.sh`: statistical comparison tables using `stats.sh`
+  - 3 task files (short/medium/long) with canary fact injection for context preservation measurement
+  - `canary-facts.json`: 5 domain-independent facts for binary recall scoring with negation detection
+  - `.github/workflows/benchmark-autocompact.yml`: `workflow_dispatch` with matrix strategy across thresholds
+  - 26 quality tests proving methodology rigor, harness behavior, and research standards
+
+### Changed
+- README bio: reflects full-stack founding engineer background (not just SDET/QA)
+- Wizard doc autocompact section references benchmarking methodology
+- Workflow count updated (5→6) across README and CI
+
 ## [1.27.0] - 2026-04-05
 
 ### Added

package/CLAUDE_CODE_SDLC_WIZARD.md

@@ -800,17 +800,26 @@ Two tools for managing context — use the right one:
 
 ### Autocompact Tuning
 
-Override the default auto-compact threshold with environment variables. These are community-discovered settings referenced in upstream issues ([#34332](https://github.com/anthropics/claude-code/issues/34332), [#42375](https://github.com/anthropics/claude-code/issues/42375)) — not yet officially documented by Anthropic:
+Override the default auto-compact threshold with environment variables. These are community-discovered settings referenced in upstream issues ([#34332](https://github.com/anthropics/claude-code/issues/34332), [#42375](https://github.com/anthropics/claude-code/issues/42375)) — not yet officially documented by Anthropic. For a rigorous benchmarking methodology to validate these thresholds, see [AUTOCOMPACT_BENCHMARK.md](AUTOCOMPACT_BENCHMARK.md).
 
 | Variable | What It Does | Default |
 |----------|-------------|---------|
 | `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE` | Trigger compaction at this % of context capacity (1-100) | ~95% |
 | `CLAUDE_CODE_AUTO_COMPACT_WINDOW` | Override context capacity in tokens (useful for 1M models) | Model default |
 
-Set these in your shell profile (`~/.bashrc`, `~/.zshrc`) or per-project `.envrc`:
+**Recommended:** The SDLC Wizard CLI sets `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75` in `.claude/settings.json` by default (200K model optimized). To customize, edit the `env` field in `.claude/settings.json`:
+
+```json
+{
+  "env": {
+    "CLAUDE_AUTOCOMPACT_PCT_OVERRIDE": "75"
+  }
+}
+```
+
+Alternatively, set via shell profile (`~/.bashrc`, `~/.zshrc`) or per-project `.envrc`:
 
 ```bash
-# Example: compact earlier on a 200K model
 export CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75
 ```
 
@@ -828,6 +837,10 @@ export CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75
 
 **Note:** These env vars may change as Claude Code evolves. Check [Claude Code settings docs](https://docs.anthropic.com/en/docs/claude-code/settings) for the latest supported configuration.
 
+### Benchmarking Methodology
+
+The thresholds above are community consensus — not empirically validated. For rigorous benchmarking of autocompact thresholds (measuring task quality, context preservation, and cost at each setting), see [AUTOCOMPACT_BENCHMARK.md](AUTOCOMPACT_BENCHMARK.md). It provides a controlled experimental methodology with a novel "canary fact" mechanism for measuring context preservation post-compaction.
+
 ### 1M vs 200K Context Window
 
 Claude Code supports both 200K and 1M context windows. Choose based on your task:
@@ -2596,7 +2609,7 @@ If deployment fails or post-deploy verification catches issues:
 
 **SDLC.md:**
 ```markdown
-<!-- SDLC Wizard Version: 1.27.0 -->
+<!-- SDLC Wizard Version: 1.29.0 -->
 <!-- Setup Date: [DATE] -->
 <!-- Completed Steps: step-0.1, step-0.2, step-0.4, step-1, step-2, step-3, step-4, step-5, step-6, step-7, step-8, step-9 -->
 <!-- Git Workflow: [PRs or Solo] -->
@@ -3655,7 +3668,7 @@ Walk through updates? (y/n)
 Store wizard state in `SDLC.md` as metadata comments (invisible to readers, parseable by Claude):
 
 ```markdown
-<!-- SDLC Wizard Version: 1.27.0 -->
+<!-- SDLC Wizard Version: 1.29.0 -->
 <!-- Setup Date: 2026-01-24 -->
 <!-- Completed Steps: step-0.1, step-0.2, step-1, step-2, step-3, step-4, step-5, step-6, step-7, step-8, step-9 -->
 <!-- Git Workflow: PRs -->

package/README.md

@@ -2,7 +2,7 @@
 
 A **self-evolving Software Development Life Cycle (SDLC) enforcement system for AI coding agents**. Makes Claude plan before coding, test before shipping, and ask when uncertain. Measures itself getting better over time.
 
-**Built on 15+ years of SDET and QA engineering experience** — battle-tested patterns from real production systems, baked into an AI agent that follows tried-and-true software quality practices so you don't have to enforce them manually.
+**Built on 15+ years of software engineering and founding engineering experience** — battle-tested patterns from real production systems, baked into an AI agent that follows tried-and-true software quality practices so you don't have to enforce them manually.
 
 ## Install
 
@@ -229,7 +229,7 @@ This isn't the only Claude Code SDLC tool. Here's an honest comparison:
 | Document | What It Covers |
 |----------|---------------|
 | [ARCHITECTURE.md](ARCHITECTURE.md) | System design, 5-layer diagram, data flows, file structure |
-| [CI_CD.md](CI_CD.md) | All 5 workflows, E2E scoring, tier system, SDP, integrity checks |
+| [CI_CD.md](CI_CD.md) | All 6 workflows, E2E scoring, tier system, SDP, integrity checks |
 | [SDLC.md](SDLC.md) | Version tracking, enforcement rules, SDLC configuration |
 | [TESTING.md](TESTING.md) | Testing philosophy, test diamond, TDD approach |
 | [CHANGELOG.md](CHANGELOG.md) | Version history, what changed and when |

package/cli/init.js

@@ -51,6 +51,18 @@ function mergeSettings(existingPath, templatePath, force) {
     const existing = JSON.parse(fs.readFileSync(existingPath, 'utf8'));
     const template = JSON.parse(fs.readFileSync(templatePath, 'utf8'));
 
+    // Merge env field
+    if (template.env) {
+      if (!existing.env || typeof existing.env !== 'object' || Array.isArray(existing.env)) {
+        existing.env = {};
+      }
+      for (const [key, val] of Object.entries(template.env)) {
+        if (!(key in existing.env) || force) {
+          existing.env[key] = val;
+        }
+      }
+    }
+
     if (!existing.hooks) existing.hooks = {};
 
     for (const [event, templateEntries] of Object.entries(template.hooks || {})) {

package/cli/templates/settings.json

@@ -1,4 +1,7 @@
 {
+  "env": {
+    "CLAUDE_AUTOCOMPACT_PCT_OVERRIDE": "75"
+  },
   "hooks": {
     "UserPromptSubmit": [
       {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentic-sdlc-wizard",
-  "version": "1.27.0",
+  "version": "1.29.0",
   "description": "SDLC enforcement for Claude Code — hooks, skills, and wizard setup in one command",
   "bin": {
     "sdlc-wizard": "./cli/bin/sdlc-wizard.js"

package/skills/setup/SKILL.md

@@ -183,13 +183,23 @@ Present suggestions and let the user confirm.
 
 ### Step 9.5: Context Window Configuration
 
-Recommend autocompact settings based on the user's context window:
+The CLI already sets `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75` in `.claude/settings.json` `env` field (200K default). Ask the user which model context window they use:
+
+- **200K models (default):** Already configured. Confirm `75` is set in `settings.json` `env` field
+- **1M models:** Update `settings.json` `env` field: set `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE` to `"30"` — the default fires at ~76K on 1M, wasting 92% of the window. Optionally also add `CLAUDE_CODE_AUTO_COMPACT_WINDOW` set to `"400000"`
+
+To update, edit `.claude/settings.json`:
+```json
+{
+  "env": {
+    "CLAUDE_AUTOCOMPACT_PCT_OVERRIDE": "30"
+  }
+}
+```
 
-- **200K models (default):** Suggest `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=75` — leaves room for implementation after planning
-- **1M models:** Suggest `CLAUDE_AUTOCOMPACT_PCT_OVERRIDE=30` or `CLAUDE_CODE_AUTO_COMPACT_WINDOW=400000` — the default fires at ~76K on 1M, wasting 92% of the window
-- **CI pipelines:** Suggest 60% — short tasks, compact early
+For CI pipelines, consider `"60"` — short tasks benefit from compacting early.
 
-Tell the user to add the export to their shell profile (`~/.bashrc`, `~/.zshrc`) or project `.envrc`. This is guidance, not enforcement — the wizard doesn't write shell profiles.
+This is project-scoped and shared with the team via git.
 
 ### Step 10: Customize Hooks
 

package/skills/update/SKILL.md

@@ -46,9 +46,11 @@ Parse all CHANGELOG entries between the user's installed version and the latest.
 
 ```
 Installed: 1.24.0
-Latest:    1.27.0
+Latest:    1.29.0
 
 What changed:
+- [1.29.0] Node 24 compliance, autocompact in settings.json, effectiveness scoreboard, ...
+- [1.28.0] Autocompact benchmarking methodology, canary fact mechanism, benchmark harness, ...
 - [1.27.0] Domain-adaptive testing diamond, 3 domain fixtures, 25 quality tests, ...
 - [1.26.0] Codex SDLC Adapter plan, claw-code/OmO/OmX research, CC feature discovery verified, ...
 - [1.25.0] Plugin format, 6 distribution channels (curl, Homebrew, gh, GitHub Releases), ...