agentic-sdlc-wizard 1.29.0 → 1.31.0

package/.claude-plugin/marketplace.json

@@ -13,7 +13,7 @@
       "name": "sdlc-wizard",
       "source": ".",
       "description": "SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd",
-      "version": "1.29.0",
+      "version": "1.31.0",
       "author": {
         "name": "Stefan Ayala"
       },

package/.claude-plugin/plugin.json

@@ -1,6 +1,6 @@
 {
   "name": "sdlc-wizard",
-  "version": "1.29.0",
+  "version": "1.31.0",
   "description": "SDLC enforcement for AI agents — TDD, planning, self-review, CI shepherd",
   "author": {
     "name": "Stefan Ayala",

package/CHANGELOG.md

@@ -4,6 +4,49 @@ All notable changes to the SDLC Wizard.
 
 > **Note:** This changelog is for humans to read. Don't manually apply these changes - just run the wizard ("Check for SDLC wizard updates") and it handles everything automatically.
 
+## [1.31.0] - 2026-04-14
+
+### Added
+- Ephemeral marketplace path detection in CLI `check` command (#174)
+  - Scans `~/.claude/settings.json` `extraKnownMarketplaces` for directory sources on ephemeral paths (`/tmp/`, `/private/tmp/`, `/var/folders/`)
+  - `EPHEMERAL` status (path exists but in ephemeral root) warns but doesn't fail check
+  - `DANGLING` status (path doesn't exist) errors with non-zero exit code
+  - Suggests moving to `~/.claude/plugins-local/<name>` for stable installs
+  - JSON output (`--json`) includes new `marketplace` field
+  - 10 new tests (51 total CLI tests)
+
+### Fixed
+- Hook false-positive "SETUP NOT COMPLETE" in non-SDLC directories (#173, PR #175)
+  - Three-way detection: both files (normal), one file (warn partial setup), neither (silent exit)
+  - Added `find_partial_sdlc_root` helper for partial-setup detection
+  - 2 new hook tests (60 total hook tests)
+
+## [1.30.0] - 2026-04-12
+
+### Added
+- CC degradation detection (#96, PR #166)
+  - Score persistence: CI now git-commits `score-history.jsonl` to PR branch after E2E runs, feeding CUSUM drift detection with real data
+  - Fork guard (`head.repo.full_name == github.repository`) prevents silent push failures on fork PRs
+  - Injection-safe: `head.ref` passed via `env:` block, not inline `${{ }}`
+  - Wizard effort section hardened: explains adaptive thinking root cause (Boris Cherny GH #42796), scopes "medium default" to Pro/Max plans, cites code.claude.com docs
+  - `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING` documented as opt-in hardening (not default)
+  - Anti-laziness CLAUDE.md guidance section targeting specific mechanisms (adaptive thinking, effort levels, thinking budget)
+  - 14 behavioral tests (`test-degradation-detection.sh`)
+- Model A/B comparison workflow (#94, PRs #164, #165)
+  - `workflow_dispatch` benchmark: Opus vs Sonnet on E2E scenarios with 95% CI
+  - Matrix strategy over scenarios, parameterized model/trials/max_turns
+  - Wizard installation verification before simulation (P0 fix)
+  - jq-based artifact construction (safe against empty outputs)
+  - 37 quality tests (`test-model-comparison.sh`)
+- Firmware-embedded E2E fixture (#78, PR #163)
+  - Python SD card overlay manager, 3 device configs (Raspberry Pi, STM32, ESP32)
+  - SIL + config validation tests within fixture
+  - Domain-adaptive testing proof: firmware indicators, Python overlay, multi-device differentiation
+  - 12 quality tests (`test-firmware-fixture.sh`)
+
+### Fixed
+- P0 shell injection in model comparison workflow: `${{ inputs.model }}` directly in `run:` blocks. Fixed by passing all inputs through `env:` block (caught by Codex review)
+
 ## [1.29.0] - 2026-04-07
 
 ### Added

package/CLAUDE_CODE_SDLC_WIZARD.md

@@ -224,7 +224,11 @@ Claude Code's **effort level** controls how much thinking the model does before
 | `high` | **Default for all SDLC work.** Features, bug fixes, refactoring, tests, reviews | `effort: high` in skill frontmatter (already set) |
 | `max` | LOW confidence, FAILED 2x, architecture decisions, complex debugging, cross-model reviews | `/effort max` (session only — resets next session) |
 
-**Why `high` is the default:** The `/sdlc` skill sets `effort: high` in its frontmatter, so every SDLC invocation automatically uses high effort. This gives thorough reasoning without the unbounded token cost of `max`.
+**Why `high` is the default:** Claude Code uses **adaptive thinking** to dynamically allocate reasoning budget per turn. On Pro and Max plans, the default effort level is **medium (85)**, which causes the model to under-allocate reasoning on complex multi-step tasks — leading to shallow analysis, missed edge cases, and "lazy" outputs. This was [confirmed by Anthropic engineer Boris Cherny](https://github.com/anthropics/claude-code/issues/42796) and is documented at [code.claude.com](https://code.claude.com/docs/en/model-config). API, Team, and Enterprise plans default to high effort and are not affected.
+
+The `/sdlc` skill sets `effort: high` in its frontmatter, overriding the medium default on every SDLC invocation. This gives thorough reasoning without the unbounded token cost of `max`.
+
+**Nuclear option — disable adaptive thinking entirely:** Set `CLAUDE_CODE_DISABLE_ADAPTIVE_THINKING=1` in your environment or settings.json `env` block. This forces a fixed reasoning budget per turn instead of letting the model dynamically allocate. Use this if you observe persistent quality issues even with `effort: high`. See [Claude Code model config docs](https://code.claude.com/docs/en/model-config) for details.
 
 **When to escalate to `max`:**
 - You hit LOW confidence on your approach — deeper thinking may find clarity
@@ -242,6 +246,21 @@ Claude Code's **effort level** controls how much thinking the model does before
 
 > See also: the **Effort** column in the [Confidence Check table](#confidence-check-required) below for per-confidence-level guidance on when to escalate to `max`.
 
+### Anti-Laziness Guidance for CLAUDE.md
+
+If you notice Claude Code producing shallow outputs despite `effort: high`, add these instructions to your project's `CLAUDE.md`. These target the **specific mechanisms** behind quality degradation — adaptive thinking and effort levels — rather than vague directives:
+
+```markdown
+## Quality Anchoring
+- This project uses effort: high via SDLC skill frontmatter. Do not reduce reasoning depth.
+- Adaptive thinking may under-allocate your thinking budget on complex tasks. When working on
+  multi-file changes, architecture decisions, or debugging: reason through the full problem
+  before acting, even if the system prompt suggests taking the "simplest approach first."
+- If you catch yourself skipping steps, re-read the task requirements and verify completeness.
+```
+
+**Why this works:** Claude Code's hidden system prompt includes "Go straight to the point. Try the simplest approach first." This is good for simple queries but causes the model to under-invest in reasoning on complex SDLC tasks. The instructions above don't fight the system prompt — they provide task-specific context that justifies deeper reasoning. Note that CLAUDE.md instructions can be partially overridden by the system prompt, so `effort: high` in skill frontmatter remains the primary defense.
+
 ---
 
 ## Claude Code Feature Updates
@@ -2609,7 +2628,7 @@ If deployment fails or post-deploy verification catches issues:
 
 **SDLC.md:**
 ```markdown
-<!-- SDLC Wizard Version: 1.29.0 -->
+<!-- SDLC Wizard Version: 1.31.0 -->
 <!-- Setup Date: [DATE] -->
 <!-- Completed Steps: step-0.1, step-0.2, step-0.4, step-1, step-2, step-3, step-4, step-5, step-6, step-7, step-8, step-9 -->
 <!-- Git Workflow: [PRs or Solo] -->
@@ -3668,7 +3687,7 @@ Walk through updates? (y/n)
 Store wizard state in `SDLC.md` as metadata comments (invisible to readers, parseable by Claude):
 
 ```markdown
-<!-- SDLC Wizard Version: 1.29.0 -->
+<!-- SDLC Wizard Version: 1.31.0 -->
 <!-- Setup Date: 2026-01-24 -->
 <!-- Completed Steps: step-0.1, step-0.2, step-1, step-2, step-3, step-4, step-5, step-6, step-7, step-8, step-9 -->
 <!-- Git Workflow: PRs -->

package/README.md

@@ -87,7 +87,7 @@ Layer 4: STATISTICAL VALIDATION
   SDP normalizes for model quality. CUSUM catches drift.
 
 Layer 3: SCORING ENGINE
-  7 criteria, 10/11 points. Claude evaluates Claude.
+  Multi-criteria scoring, 10/11 points. Claude evaluates Claude.
   Before/after wizard A/B comparison in CI.
 
 Layer 2: ENFORCEMENT
@@ -229,7 +229,7 @@ This isn't the only Claude Code SDLC tool. Here's an honest comparison:
 | Document | What It Covers |
 |----------|---------------|
 | [ARCHITECTURE.md](ARCHITECTURE.md) | System design, 5-layer diagram, data flows, file structure |
-| [CI_CD.md](CI_CD.md) | All 6 workflows, E2E scoring, tier system, SDP, integrity checks |
+| [CI_CD.md](CI_CD.md) | All workflows, E2E scoring, tier system, SDP, integrity checks |
 | [SDLC.md](SDLC.md) | Version tracking, enforcement rules, SDLC configuration |
 | [TESTING.md](TESTING.md) | Testing philosophy, test diamond, TDD approach |
 | [CHANGELOG.md](CHANGELOG.md) | Version history, what changed and when |

package/cli/init.js

@@ -2,6 +2,7 @@
 
 const crypto = require('crypto');
 const fs = require('fs');
+const os = require('os');
 const path = require('path');
 
 const RESET = '\x1b[0m';
@@ -285,23 +286,37 @@ function check(targetDir, { json = false } = {}) {
     // Offline or npm unavailable — skip update check
   }
 
-  const hasDrift = results.some((r) => r.status === 'MISSING' || r.status === 'DRIFT');
+  const marketplace = checkMarketplacePaths();
+  const hasDrift = results.some((r) => r.status === 'MISSING' || r.status === 'DRIFT')
+    || marketplace.some((m) => m.status === 'DANGLING');
 
   if (json) {
-    console.log(JSON.stringify({ files: results, update: updateInfo }, null, 2));
+    console.log(JSON.stringify({ files: results, update: updateInfo, marketplace }, null, 2));
   } else {
     for (const r of results) {
       const color = r.status === 'MATCH' ? GREEN : r.status === 'MISSING' ? RED : YELLOW;
       console.log(`  ${color}${r.status}${RESET}  ${r.file}`);
       if (r.details) console.log(`         ${r.details}`);
     }
+    for (const m of marketplace) {
+      const color = m.status === 'DANGLING' ? RED : YELLOW;
+      const heading = m.status === 'EPHEMERAL'
+        ? `Marketplace '${m.name}' source path is ephemeral:`
+        : `Marketplace '${m.name}' source path does not exist:`;
+      console.log(`\n  ${color}${m.status}${RESET}  ${heading}`);
+      console.log(`         ${m.path}`);
+      console.log(`         ${m.details}`);
+      if (m.suggestion) {
+        console.log(`         Recommended: move to ${m.suggestion}`);
+      }
+    }
     if (updateInfo) {
       console.log(`\n  ${YELLOW}UPDATE${RESET}  v${updateInfo.current} -> v${updateInfo.latest}`);
       console.log('         Run: npx agentic-sdlc-wizard init --force');
     }
   }
 
-  return { results, updateInfo, hasDrift };
+  return { results, updateInfo, hasDrift, marketplace };
 }
 
 function checkFile(srcPath, destPath, relativeDest, shouldBeExecutable) {
@@ -341,4 +356,56 @@ function checkGitignore(gitignorePath) {
   return { file: '.gitignore', status: 'MATCH' };
 }
 
+const EPHEMERAL_ROOTS = /^(\/tmp\/|\/private\/tmp\/|\/var\/folders\/|\/private\/var\/folders\/)/;
+
+function checkMarketplacePaths() {
+  const results = [];
+  const globalSettings = path.join(os.homedir(), '.claude', 'settings.json');
+
+  if (!fs.existsSync(globalSettings)) return results;
+
+  let data;
+  try {
+    data = JSON.parse(fs.readFileSync(globalSettings, 'utf8'));
+  } catch (_) {
+    return results;
+  }
+
+  const marketplaces = data.extraKnownMarketplaces;
+  if (!marketplaces || typeof marketplaces !== 'object') return results;
+
+  for (const [name, entry] of Object.entries(marketplaces)) {
+    const source = entry && entry.source;
+    if (!source || source.source !== 'directory' || !source.path || typeof source.path !== 'string') continue;
+
+    const sourcePath = source.path;
+    const isEphemeral = EPHEMERAL_ROOTS.test(sourcePath);
+    const exists = fs.existsSync(sourcePath);
+    const basename = path.basename(sourcePath);
+    const suggestion = `~/.claude/plugins-local/${basename}`;
+
+    if (!exists) {
+      results.push({
+        name,
+        path: sourcePath,
+        status: 'DANGLING',
+        details: isEphemeral
+          ? 'Ephemeral path has been reaped — plugin is broken'
+          : 'Path does not exist — plugin may be silently broken',
+        suggestion: isEphemeral ? suggestion : undefined,
+      });
+    } else if (isEphemeral) {
+      results.push({
+        name,
+        path: sourcePath,
+        status: 'EPHEMERAL',
+        details: 'macOS reaps this path periodically — plugin may break silently',
+        suggestion,
+      });
+    }
+  }
+
+  return results;
+}
+
 module.exports = { init, check, planOperations, GITIGNORE_ENTRIES };

package/hooks/_find-sdlc-root.sh

@@ -0,0 +1,36 @@
+#!/bin/bash
+# Shared helper: walk up from CWD to find nearest SDLC.md + TESTING.md pair
+# Sourced by sdlc-prompt-check.sh and instructions-loaded-check.sh
+# Fixes #171: false-positive "SETUP NOT COMPLETE" in monorepos / nested projects
+
+# find_sdlc_root — walks up from pwd, stops at $HOME (exclusive)
+# Sets SDLC_ROOT to the found directory, or empty string if not found
+find_sdlc_root() {
+    local check_dir
+    check_dir="$(pwd)"
+    SDLC_ROOT=""
+    while [ "$check_dir" != "/" ] && [ "$check_dir" != "$HOME" ] && [ -n "$check_dir" ]; do
+        if [ -f "$check_dir/SDLC.md" ] && [ -f "$check_dir/TESTING.md" ]; then
+            SDLC_ROOT="$check_dir"
+            return 0
+        fi
+        check_dir="$(dirname "$check_dir")"
+    done
+    return 1
+}
+
+# find_partial_sdlc_root — walks up looking for EITHER SDLC.md OR TESTING.md
+# Used to detect partial setup (one file exists but not both) vs not-an-SDLC-project
+find_partial_sdlc_root() {
+    local check_dir
+    check_dir="$(pwd)"
+    SDLC_ROOT=""
+    while [ "$check_dir" != "/" ] && [ "$check_dir" != "$HOME" ] && [ -n "$check_dir" ]; do
+        if [ -f "$check_dir/SDLC.md" ] || [ -f "$check_dir/TESTING.md" ]; then
+            SDLC_ROOT="$check_dir"
+            return 0
+        fi
+        check_dir="$(dirname "$check_dir")"
+    done
+    return 1
+}

package/hooks/instructions-loaded-check.sh

@@ -4,7 +4,21 @@
 # Available since Claude Code v2.1.69
 # Note: no set -e — this hook must always exit 0 to not block session start
 
-PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+# Walk up from CWD to find nearest SDLC.md + TESTING.md (#171: monorepo support)
+HOOK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$HOOK_DIR/_find-sdlc-root.sh"
+
+# CWD walk-up finds nearest SDLC project (#173: silent exit for non-SDLC dirs)
+if find_sdlc_root; then
+    PROJECT_DIR="$SDLC_ROOT"
+elif find_partial_sdlc_root; then
+    # Partial setup — one file exists but not both. Warn about missing files
+    PROJECT_DIR="$SDLC_ROOT"
+else
+    # Not an SDLC project at all — exit silently
+    exit 0
+fi
+
 MISSING=""
 
 if [ ! -f "$PROJECT_DIR/SDLC.md" ]; then

package/hooks/sdlc-prompt-check.sh

@@ -2,8 +2,21 @@
 # Light SDLC hook - baseline reminder every prompt (~100 tokens)
 # Full guidance in skill: .claude/skills/sdlc/
 
-# Check if setup has been completed
-PROJECT_DIR="${CLAUDE_PROJECT_DIR:-.}"
+# Walk up from CWD to find nearest SDLC.md + TESTING.md (#171: monorepo support)
+HOOK_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+source "$HOOK_DIR/_find-sdlc-root.sh"
+
+# CWD walk-up finds nearest SDLC project (#173: silent exit for non-SDLC dirs)
+if find_sdlc_root; then
+    PROJECT_DIR="$SDLC_ROOT"
+elif find_partial_sdlc_root; then
+    # Partial setup — one file exists but not both. Warn about missing files
+    PROJECT_DIR="$SDLC_ROOT"
+else
+    # Not an SDLC project at all — exit silently
+    exit 0
+fi
+
 if [ ! -s "$PROJECT_DIR/SDLC.md" ] || [ ! -s "$PROJECT_DIR/TESTING.md" ]; then
     cat << 'SETUP'
 SETUP NOT COMPLETE: SDLC.md and/or TESTING.md are missing.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "agentic-sdlc-wizard",
-  "version": "1.29.0",
+  "version": "1.31.0",
   "description": "SDLC enforcement for Claude Code — hooks, skills, and wizard setup in one command",
   "bin": {
     "sdlc-wizard": "./cli/bin/sdlc-wizard.js"

package/skills/update/SKILL.md

@@ -46,9 +46,11 @@ Parse all CHANGELOG entries between the user's installed version and the latest.
 
 ```
 Installed: 1.24.0
-Latest:    1.29.0
+Latest:    1.31.0
 
 What changed:
+- [1.31.0] Hook false-positive fix for non-SDLC dirs, ephemeral marketplace path warning, ...
+- [1.30.0] Firmware fixture, model A/B comparison workflow, CC degradation detection, ...
 - [1.29.0] Node 24 compliance, autocompact in settings.json, effectiveness scoreboard, ...
 - [1.28.0] Autocompact benchmarking methodology, canary fact mechanism, benchmark harness, ...
 - [1.27.0] Domain-adaptive testing diamond, 3 domain fixtures, 25 quality tests, ...