agentvibes 2.17.8 → 3.0.0

package/.claude/commands/prepare-release.md

@@ -8,12 +8,14 @@ argument-hint: [patch|minor|major]
 Prepares a new AgentVibes release with AI-generated release notes.
 
 This command:
-1. Analyzes all changes since the last release
-2. Generates an intelligent summary using Claude AI
-3. Creates/updates RELEASE_NOTES.md
-4. Bumps the version
-5. Commits everything
-6. Ready for you to push
+1. **Runs full test suite** - MUST pass before proceeding ✅
+2. **Validates Sonar quality gates** - MUST pass before proceeding ✅
+3. Analyzes all changes since the last release
+4. Generates an intelligent summary using Claude AI
+5. Creates/updates RELEASE_NOTES.md
+6. Bumps the version
+7. Commits everything
+8. Ready for you to push
 
 ## Usage
 
@@ -62,4 +64,35 @@ all 27 tests pass consistently across different environments.
 
 ## Implementation
 
+When executing this command, Claude MUST follow these steps in order:
+
+1. **Run Test Suite** (MANDATORY FIRST STEP):
+   - Execute `npm test` (which runs syntax validation, BATS tests, and coverage tests)
+   - If ANY tests fail, STOP immediately and report the failures
+   - Do NOT proceed with any release operations if tests fail
+   - Example output: "🧪 Running tests... ✅ All 213 BATS tests passed, ✅ All 38 Node tests passed"
+
+2. **Validate Sonar Quality Gates** (MANDATORY SECOND STEP):
+   - Check all bash scripts for `set -euo pipefail` (strict mode)
+   - Verify no hardcoded credentials in code
+   - Validate proper variable quoting in bash scripts
+   - Check for input validation and error handling
+   - Review any new or modified files for security issues
+   - If ANY quality gate fails, STOP immediately and report the issues
+   - Example output: "🛡️ Validating quality gates... ✅ All Sonar requirements met"
+   - **Note**: Document any known minor issues (like missing strict mode in legacy scripts) if they existed before this release
+
+3. **Analyze Changes**: Git log since last tag, examine diffs
+4. **Generate RELEASE_NOTES.md**: AI-generated summary with categorized changes
+5. **Bump package.json**: Use npm version (patch/minor/major)
+6. **Commit changes**: RELEASE_NOTES.md and package.json
+7. **Ready for push**: User must manually push to master
+
+### Critical Points
+
+- **ALWAYS run tests first** - Never proceed if tests fail
+- **ALWAYS validate Sonar quality gates** - Never proceed if quality checks fail
+- **Extract content from RELEASE_NOTES.md** - Don't make up new content
+- **Document any security exceptions** - If known issues exist from before this release, document them
+
 !bash .claude/hooks/prepare-release.sh $ARGUMENTS

package/.claude/commands/release.md

@@ -9,23 +9,50 @@ Semi-automated release process with AI-generated release notes and human approva
 
 This command:
 1. **Runs full test suite** - MUST pass before proceeding ✅
-2. Analyzes all changes since the last release (git log + diffs)
-3. Reads actual code changes to understand context
-4. **Generates AI summary and release notes**
-5. **PAUSES for human review of RELEASE_NOTES.md** ⏸️
-6. **PAUSES for human review of AI summary** ⏸️
-7. Updates installer.js and update scripts with AI summary
-8. **Updates README.md with new version and release info** ⚠️
-9. Bumps the version using npm version
-10. Commits everything together (including updated README)
-11. Pushes to master with --follow-tags
-12. Creates GitHub release
-13. **Publishes to npm** (packages README at this moment!)
+2. **Validates Sonar quality gates** - MUST pass before proceeding ✅
+3. Analyzes all changes since the last release (git log + diffs)
+4. Reads actual code changes to understand context
+5. **Generates AI summary and release notes**
+6. **PAUSES for human review of RELEASE_NOTES.md** ⏸️
+7. **PAUSES for human review of AI summary** ⏸️
+8. Updates installer.js and update scripts with AI summary
+9. **Updates README.md with new version and release info** ⚠️
+10. Bumps the version using npm version
+11. Commits everything together (including updated README)
+12. Pushes to master with --follow-tags
+13. Creates GitHub release
+14. **Publishes to npm** (packages README at this moment!)
 
 **⚠️ CRITICAL ORDER**: README must be updated (step 8) BEFORE npm publish (step 13) because npm packages whatever README exists at publish time. This ensures the npm package page displays current release info.
 
 **🧪 TEST REQUIREMENT**: The test suite MUST pass before any release operations begin. If tests fail, the release is aborted immediately. This prevents publishing broken code to npm.
 
+**🛡️ SONAR QUALITY GATES**: All SonarCloud quality requirements from CLAUDE.md MUST be validated before release:
+
+### Shell Script Security (Bash)
+- ✅ All bash scripts MUST have `set -euo pipefail` at the top (strict mode)
+- ✅ All variables MUST be quoted (e.g., `"$VARIABLE"`, not `$VARIABLE`)
+- ✅ No hardcoded credentials (API keys, passwords, tokens)
+- ✅ Input validation for all external inputs
+- ✅ Secure temp directories (`$XDG_RUNTIME_DIR` with fallback)
+- ✅ Path traversal prevention
+- ✅ File ownership verification before processing
+- ✅ Single quotes in trap statements (deferred expansion)
+
+### JavaScript/Node.js Security
+- ✅ Use `path.resolve()` for path operations
+- ✅ Path safety validation (prevent traversal)
+- ✅ No sensitive data in logs (mask credentials)
+- ✅ Try-finally for resource cleanup
+
+### General Code Quality
+- ✅ Comprehensive error handling
+- ✅ Proper resource cleanup
+- ✅ Meaningful variable names
+- ✅ Security-critical code is commented
+
+**If ANY quality gate fails, the release MUST be aborted** until issues are fixed.
+
 ## Usage
 
 ```bash
@@ -132,17 +159,29 @@ Updated to show during `npx agentvibes update`:
 **Step 1: Run Tests**
 ```
 🧪 Running test suite...
-✅ All 132 tests passed (bats + node)
+✅ All 213 BATS tests passed
+✅ All 38 Node unit tests passed
+```
+
+**Step 2: Validate Quality Gates**
+```
+🛡️ Validating Sonar quality gates...
+✅ All bash scripts have strict mode
+✅ No hardcoded credentials found
+✅ Variable quoting validated
+✅ Input validation present
+✅ Error handling comprehensive
+✅ All Sonar requirements met
 ```
 
-**Step 2: Analysis**
+**Step 3: Analysis**
 ```
 🔍 Analyzing changes since v2.0.17...
 📊 Found 47 commits across 12 files
 🤖 Generating AI summary...
 ```
 
-**Step 3: Review RELEASE_NOTES.md**
+**Step 4: Review RELEASE_NOTES.md**
 ```
 ✅ Generated RELEASE_NOTES.md
 
@@ -171,7 +210,7 @@ AI-optimized documentation standards...
    - Type 'cancel' to abort
 ```
 
-**Step 4: Review AI Summary**
+**Step 5: Review AI Summary**
 ```
 📝 AI Summary for installer/update scripts:
 
@@ -187,7 +226,7 @@ with intuitive 0.5x-3.0x scaling."
    - Type 'cancel' to abort
 ```
 
-**Step 5: Update & Publish**
+**Step 6: Update & Publish**
 ```
 ✅ Updating installer.js with release info...
 ✅ Updating README.md with new version...
@@ -207,25 +246,27 @@ with intuitive 0.5x-3.0x scaling."
 ## What Happens
 
 1. **Test Suite**: Runs `npm test` - MUST pass or release is aborted 🧪
-2. **Git Analysis**: Reviews all commits since last tag
-3. **Code Review**: Examines actual diffs for context
-4. **AI Generation**: Creates intelligent summary and categorized changes
-5. **Human Review**: You review and approve/edit release notes
-6. **Summary Review**: You approve AI summary for installer/update
-7. **Installer Update**: Adds release info to installation flow
-8. **README Update**: Updates version badge and latest release section ⚠️ **CRITICAL: Must happen BEFORE npm publish!**
-9. **Update Script Update**: Adds release info to update flow
-10. **Version Bump**: Updates package.json (npm version)
-11. **Commit**: Single atomic commit with all changes (includes README with correct version)
-12. **Push**: Pushes to **master** branch with tags
-13. **GitHub Release**: Creates public release with notes
-14. **NPM Publish**: Makes new version available globally (packages README at this point)
+2. **Sonar Quality Gates**: Validates all security and quality requirements - MUST pass or release is aborted 🛡️
+3. **Git Analysis**: Reviews all commits since last tag
+4. **Code Review**: Examines actual diffs for context
+5. **AI Generation**: Creates intelligent summary and categorized changes
+6. **Human Review**: You review and approve/edit release notes
+7. **Summary Review**: You approve AI summary for installer/update
+8. **Installer Update**: Adds release info to installation flow
+9. **README Update**: Updates version badge and latest release section ⚠️ **CRITICAL: Must happen BEFORE npm publish!**
+10. **Update Script Update**: Adds release info to update flow
+11. **Version Bump**: Updates package.json (npm version)
+12. **Commit**: Single atomic commit with all changes (includes README with correct version)
+13. **Push**: Pushes to **master** branch with tags
+14. **GitHub Release**: Creates public release with notes
+15. **NPM Publish**: Makes new version available globally (packages README at this point)
 
 **⚠️ ORDER IS CRITICAL**: README must be updated BEFORE running `npm publish` because npm packages the README from the current working directory. If you publish first, the npm package page will show outdated README content.
 
 ## Safety Features
 
 - **Test suite must pass** before proceeding - prevents broken releases
+- **Sonar quality gates must pass** - prevents security issues and poor code quality
 - **Human approval required** before any git operations
 - **Dry-run preview** of all changes
 - **Rollback support** via git tags
@@ -250,38 +291,51 @@ This command tells Claude AI to prepare and push a new release with AI-generated
 When executing this command, Claude MUST follow these steps in order:
 
 1. **Run Test Suite** (MANDATORY FIRST STEP):
-   - Execute `AGENTVIBES_TEST_MODE=true npm test`
+   - Execute `npm test` (which runs syntax validation, BATS tests, and coverage tests)
    - If ANY tests fail, STOP immediately and report the failures
    - Do NOT proceed with any release operations if tests fail
-   - Example output: "🧪 Running tests... ✅ All 132 tests passed"
-2. **Analyze Changes**: Git log since last tag, examine diffs
-3. **Generate RELEASE_NOTES.md**: AI-generated summary with categorized changes
-4. **Human Review Checkpoint 1**: Wait for approval of RELEASE_NOTES.md
-5. **Update src/installer.js**:
+   - Example output: "🧪 Running tests... ✅ All 213 BATS tests passed, ✅ All 38 Node tests passed"
+
+2. **Validate Sonar Quality Gates** (MANDATORY SECOND STEP):
+   - Check all bash scripts for `set -euo pipefail` (strict mode)
+   - Verify no hardcoded credentials in code
+   - Validate proper variable quoting in bash scripts
+   - Check for input validation and error handling
+   - Review any new or modified files for security issues
+   - If ANY quality gate fails, STOP immediately and report the issues
+   - Example output: "🛡️ Validating quality gates... ✅ All Sonar requirements met"
+   - **Note**: Document any known minor issues (like missing strict mode in legacy scripts) if they existed before this release
+
+3. **Analyze Changes**: Git log since last tag, examine diffs
+4. **Generate RELEASE_NOTES.md**: AI-generated summary with categorized changes
+5. **Human Review Checkpoint 1**: Wait for approval of RELEASE_NOTES.md
+6. **Update src/installer.js**:
    - Find the `showReleaseInfo()` function (line ~126)
    - Replace the version number in title (e.g., `v2.6.0` → `v2.7.0`)
    - Replace the release title (e.g., `BMAD Integration` → `Party Mode Voice Improvements`)
    - Replace the "WHAT'S NEW" summary (2-4 sentences from RELEASE_NOTES.md AI Summary)
    - Replace all "KEY HIGHLIGHTS" bullets (extract from RELEASE_NOTES.md)
    - Keep the same format/structure, just update content
-6. **Update README.md** ⚠️ **CRITICAL - Must complete BEFORE npm publish**:
+7. **Update README.md** ⚠️ **CRITICAL - Must complete BEFORE npm publish**:
    - Update version badge in header (line ~14): `**Version**: v2.X.X`
    - Update "Latest Release" section (line ~112+):
      - Replace the title and URL: `**[vX.X.X - Release Title](github.com/...)**`
      - Replace the AI summary paragraph (first paragraph after title)
      - Replace all "Key Highlights" bullet points (extract from RELEASE_NOTES.md)
    - This ensures GitHub README and npm package page show correct version
-7. **Human Review Checkpoint 2**: Show what will be updated, wait for approval
-8. **Bump package.json**: Use npm version (patch/minor/major)
-9. **Commit all changes**: Single commit with RELEASE_NOTES.md, installer.js, README.md, package.json
-10. **Push to master with tags**
-11. **Create GitHub release**
-12. **Publish to npm**: This packages the already-updated README.md
+8. **Human Review Checkpoint 2**: Show what will be updated, wait for approval
+9. **Bump package.json**: Use npm version (patch/minor/major)
+10. **Commit all changes**: Single commit with RELEASE_NOTES.md, installer.js, README.md, package.json
+11. **Push to master with tags**
+12. **Create GitHub release**
+13. **Publish to npm**: This packages the already-updated README.md
 
 ### Critical Points
 
 - **ALWAYS run tests first** - Never proceed with release if tests fail
+- **ALWAYS validate Sonar quality gates** - Never proceed with release if quality checks fail
 - **NEVER skip updating installer.js** - This is what users see during install
 - **Update installer BEFORE npm publish** - npm packages whatever installer.js exists at publish time
 - **Extract content from RELEASE_NOTES.md** - Don't make up new content, use what's in the release notes
 - **Keep the installer format consistent** - Same boxen structure, just update text content
+- **Document any security exceptions** - If known issues exist from before this release, document them

package/.claude/config/audio-effects.cfg

@@ -48,5 +48,5 @@ BMad Master|reverb 50 60 100 pitch -100|agentvibes_soft_flamenco_loop.mp3|0.30
 # Party mode room ambiance - used when multiple agents are talking
 _party_mode|compand 0.3,1 6:-70,-60,-20|agent_vibes_dark_chill_step_loop.mp3|0.40
 
-# Default (no agent specified) - clean with subtle enhancement and chillwave background
-default||agentvibes_soft_flamenco_loop.mp3|0.30
+# Default (no agent specified) - clean with Bachata background
+default||agent_vibes_bachata_v1_loop.mp3|0.30

package/.claude/config/background-music-position.txt

@@ -19,8 +19,8 @@ Agent Vibes Harpsichord v2-loop.mp3:.00000000000000000013140818
 agent_vibes_japanese_city_pop_v1_loop.mp3:6.054512
 agent_vibes_bossa_nova_v2_loop.mp3:5.369524
 agent_vibes_salsa_v2_loop.mp3:9.972790
-agent_vibes_bachata_v1_loop.mp3:5.590113
 agent_vibes_cumbia_v1_loop.mp3:5.717823
 agentvibes_soft_flamenco_loop.mp3:4.998005
 agent_vibes_arabic_v2_loop.mp3:.00000000000000000006132724
 agent_vibes_chillwave_v2_loop.mp3:14.628390
+agent_vibes_bachata_v1_loop.mp3:.00000000000000000005344000

package/.claude/config/background-music-volume.txt

@@ -1 +1 @@
-0.10
+0.30

package/.claude/config/background-music.txt

@@ -0,0 +1 @@
+enabled