npm - buildwright - Versions diffs - 0.0.6 → 0.0.8 - Mend

buildwright 0.0.6 → 0.0.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json +1 -1
package/templates/.buildwright/commands/bw-analyse.md +10 -6
package/templates/.buildwright/commands/bw-new-feature.md +1 -1
package/templates/.buildwright/commands/bw-quick.md +86 -8
package/templates/CLAUDE.md +1 -1
package/templates/Makefile +6 -2
package/templates/scripts/bump-version.sh +2 -6
package/templates/scripts/release.sh +38 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "buildwright",
-  "version": "0.0.6",
+  "version": "0.0.8",
   "description": "Agent-first autonomous development workflow. Ship code you don't read.",
   "license": "MIT",
   "engines": {

package/templates/.buildwright/commands/bw-analyse.md CHANGED Viewed

@@ -29,7 +29,10 @@ Skip when:
 </when_to_use>
 <process>
-1. If `.buildwright/codebase/` already has files, ask: refresh or skip?
+1. Check `.buildwright/codebase/`:
+   - If empty or missing → proceed to Step 2.
+   - If it already has files AND `BUILDWRIGHT_AUTO_APPROVE=true` → refresh automatically (overwrite all docs), proceed to Step 2.
+   - If it already has files AND `BUILDWRIGHT_AUTO_APPROVE=false` → ask the user: "Codebase docs already exist. Refresh (overwrite) or skip?"
 2. Create `.buildwright/codebase/` if it does not exist
 3. Explore and write STACK.md
    - Read package.json / Cargo.toml / go.mod / pyproject.toml (whichever exists)
@@ -52,11 +55,12 @@ Skip when:
    - Note missing tests, security gaps, fragile areas
    - Write `.buildwright/codebase/CONCERNS.md`
 7. Update `.buildwright/steering/tech.md`:
-   - Replace placeholder in ## Stack with discovered languages, runtime, frameworks
-   - Replace placeholder in ## Architecture with 3-5 line summary
-   - Replace placeholder in ## Code Patterns with top 3 patterns from CONVENTIONS.md
-   - Replace placeholder in ## Dependencies with key packages and their purpose
-   - Leave ## Project Commands unchanged if already populated; populate if still placeholder
+   - If the file does not exist, create it using the standard template (## Stack, ## Project Commands, ## Architecture, ## Code Patterns, ## Dependencies sections with placeholder values), then proceed.
+   - Replace placeholder in ## Stack with discovered languages, runtime, frameworks.
+   - Replace placeholder in ## Architecture with 3-5 line summary.
+   - Replace placeholder in ## Code Patterns with top 3 patterns from CONVENTIONS.md.
+   - Replace placeholder in ## Dependencies with key packages and their purpose.
+   - Leave ## Project Commands unchanged if already populated; populate if still a placeholder.
 8. Run `scripts/sync-agents.sh` to propagate codebase docs to all tool directories
 9. Commit: `chore: add codebase analysis to .buildwright/codebase/`
 10. Report: list 4 docs with line counts, summarise key findings, suggest next step

package/templates/.buildwright/commands/bw-new-feature.md CHANGED Viewed

@@ -446,7 +446,7 @@ and update them. Common candidates:
 - **README.md** — new commands, env vars, setup steps, or usage changed
 - **docs/** — any guides or API reference covering the changed functionality
-- **CHANGELOG.md** — if the project maintains one
+- **CHANGELOG.md** — add an entry for any user-facing change
 State up front which files you will update (e.g. "Updating README.md: adding env var X").
 Skip entirely if nothing user-facing changed (internal refactor, test-only changes).

package/templates/.buildwright/commands/bw-quick.md CHANGED Viewed

@@ -31,7 +31,9 @@ Fast path for ad-hoc tasks that don't need full planning.
 │  2. Quick research (relevant files only)                    │
 │  3. Implement with TDD                                      │
 │  4. Verify (typecheck, lint, test, build)                   │
-│  5. Commit                                                  │
+│  5. Security (OWASP + secrets + dependencies)               │
+│  6. Code Review (Staff Engineer)                            │
+│  7. Commit                                                  │
 └─────────────────────────────────────────────────────────────┘
 ```
@@ -112,10 +114,23 @@ Commit: `test: add test for [task]`
 - Minimal changes only
 - KISS, YAGNI
-### 3.3 Update Docs (if applicable)
+### 3.3 Update Documentation
-If this task changed anything user-facing, state which doc files need updating
-then update them (README.md, docs/, CHANGELOG.md). Skip for internal-only changes.
+Based on what you just implemented, identify which documentation files are affected and update them.
+Common candidates:
+- **README.md** — new behaviour, changed commands, updated flags, usage examples
+- **docs/** — any guides or reference covering the changed functionality
+- **CHANGELOG.md** — add an entry for any user-facing change
+State up front which files you will update (e.g. "Updating README.md: correcting pipeline steps").
+Skip entirely if nothing user-facing changed (internal refactor, test-only changes).
+If docs were updated, commit them separately before the next step:
+```bash
+git add [doc files]
+git commit -m "docs: update documentation for [task]"
+```
 ### 3.4 Verify (with retry)
@@ -133,7 +148,68 @@ then update them (README.md, docs/, CHANGELOG.md). Skip for internal-only change
   - **Autonomous** (`BUILDWRIGHT_AUTO_APPROVE=true`, default): Commit completed work, push branch, exit(1). No PR for quick tasks.
   - **Interactive** (`BUILDWRIGHT_AUTO_APPROVE=false`): STOP and report blocker.
-### 3.5 Commit
+### 3.5 Security Review
+Adopt Security Engineer persona from `.buildwright/agents/security-engineer.md`.
+Scope: `git diff HEAD` (uncommitted changes only).
+Run automated scans:
+- Dependency vulnerabilities (stack-appropriate audit tool) — skip gracefully if unavailable
+- Secrets detection (pattern scan for API keys, passwords, tokens, private keys)
+- SAST (`semgrep --config p/owasp-top-ten .` if available — skip gracefully if unavailable)
+Then perform manual OWASP Top 10 review of changed files only.
+**If CRITICAL vulnerabilities found → Handle failure:**
+- **Autonomous** (`BUILDWRIGHT_AUTO_APPROVE=true`, default): Commit completed work, push branch, exit(1).
+- **Interactive** (`BUILDWRIGHT_AUTO_APPROVE=false`): STOP immediately.
+```
+╔═══════════════════════════════════════════════════════════════╗
+║  SECURITY                                                     ║
+╠═══════════════════════════════════════════════════════════════╣
+║  Dependencies:  ✅/❌  ([N] vulnerabilities)                   ║
+║  Secrets:       ✅/❌  ([N] found)                             ║
+║  OWASP Scan:    ✅/❌  ([N] issues)                            ║
+╠═══════════════════════════════════════════════════════════════╣
+║  Status: SECURE / CRITICAL VULNERABILITIES                    ║
+╚═══════════════════════════════════════════════════════════════╝
+```
+---
+### 3.6 Code Review
+Adopt Staff Engineer persona from `.buildwright/agents/staff-engineer.md`.
+Scope: `git diff HEAD` (same diff as security step).
+Review changed code for:
+- Logic errors and edge cases
+- Error handling completeness
+- Missing validation at system boundaries
+- Unnecessary complexity introduced
+**If CHANGES REQUESTED → Handle failure:**
+- **Autonomous** (`BUILDWRIGHT_AUTO_APPROVE=true`, default): Commit completed work, push branch, exit(1).
+- **Interactive** (`BUILDWRIGHT_AUTO_APPROVE=false`): STOP immediately.
+```
+╔═══════════════════════════════════════════════════════════════╗
+║  CODE REVIEW                                                  ║
+╠═══════════════════════════════════════════════════════════════╣
+║  Logic:          ✅/❌                                         ║
+║  Error Handling: ✅/❌                                         ║
+║  Validation:     ✅/❌                                         ║
+╠═══════════════════════════════════════════════════════════════╣
+║  Status: APPROVED / CHANGES REQUESTED                         ║
+╚═══════════════════════════════════════════════════════════════╝
+```
+---
+### 3.7 Commit
 ```bash
 git add [changed files]
@@ -167,13 +243,15 @@ Commit types:
 ║  ✅ Lint                                                      ║
 ║  ✅ Tests                                                     ║
 ║  ✅ Build                                                     ║
+║  ✅ Security                                                  ║
+║  ✅ Code Review                                               ║
 ║                                                               ║
 ║  Commit: [hash] [message]                                     ║
 ║                                                               ║
 ╠═══════════════════════════════════════════════════════════════╣
 ║                                                               ║
 ║  Ready to push? Run: git push                                 ║
-║  Or run /bw-ship for full security + code review                 ║
+║  Or run /bw-ship to push + open PR                              ║
 ║                                                               ║
 ╚═══════════════════════════════════════════════════════════════╝
 ```
@@ -238,8 +316,8 @@ If during implementation you discover:
 |--------|--------|--------------|
 | Research | Quick (in-context) | Full (research.md) |
 | Spec | None | Full spec.md |
-| Staff Engineer Review | None | Spec + Code |
-| Security Review | Optional (via /bw-ship) | Required |
+| Staff Engineer Review | Required (diff-scoped) | Spec + Code |
+| Security Review | Required (diff-scoped) | Required |
 | Estimated Time | < 2 hours | Any |
 | Scope | Clear, bounded | Any |
 | Commits | 1-2 | Per milestone |

package/templates/CLAUDE.md CHANGED Viewed

@@ -96,7 +96,7 @@ If ANY required step fails: fix and retry (max 2 attempts). If same error repeat
 - Multi-agent safety: NEVER use git stash (other agents may be working)
 - Only `.buildwright/` is committed — never commit `.claude/` or `.opencode/` content files
 - After editing any file in `.buildwright/`, run `make sync` before committing
-- Before committing, update README.md, docs/, or CHANGELOG.md if the change affects user-facing behavior
+- Before committing, update README.md, SKILL.md, docs/, or CHANGELOG.md if the change affects user-facing behavior
 ## Cross-Domain Features (Claw Architecture)
 When a feature touches multiple domains (e.g., DB + API + UI):

package/templates/Makefile CHANGED Viewed

@@ -1,4 +1,4 @@
-.PHONY: dist clean sync sync-check cursor opencode openclaw validate install-hooks uninstall-hooks bump test-cli
+.PHONY: dist clean sync sync-check cursor opencode openclaw validate install-hooks uninstall-hooks bump release test-cli
 # ============================================================================
 # Sync — Generate .claude/, .opencode/, .cursor/rules/ from .buildwright/ (canonical)
@@ -63,10 +63,14 @@ uninstall-hooks:
 # Clean
 # ============================================================================
-bump: ## Bump version: make bump [BUMP=patch|minor|major]
+bump: ## Bump version files only (no git ops): make bump [BUMP=patch|minor|major]
 	@chmod +x scripts/bump-version.sh
 	@scripts/bump-version.sh $(or $(BUMP),patch)
+release: ## Full release: bump, commit, tag, push, GitHub release, npm publish: make release [BUMP=patch|minor|major]
+	@chmod +x scripts/release.sh
+	@scripts/release.sh $(or $(BUMP),patch)
 test-cli: ## Pack and install CLI globally for local testing
 	@echo "Packing cli/..."
 	@cd cli && npm pack

package/templates/scripts/bump-version.sh CHANGED Viewed

@@ -29,9 +29,5 @@ make sync
 echo ""
 echo "✓ Bumped to v$NEW_VERSION"
 echo ""
-echo "Next steps:"
-echo "  git add cli/package.json SKILL.md"
-echo "  git commit -m \"chore: bump version to $NEW_VERSION\""
-echo "  git tag v$NEW_VERSION"
-echo "  cd cli && npm publish"
-echo "  make dist   # then upload dist/buildwright/ to clawhub.ai"
+echo "Files updated: cli/package.json  SKILL.md"
+echo "Run 'make release' to commit, tag, push, create GitHub release, and npm publish."

package/templates/scripts/release.sh ADDED Viewed

@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+set -euo pipefail
+BUMP="${1:-patch}"
+# Guard: working tree must be clean before we start
+if ! git diff --quiet || ! git diff --cached --quiet; then
+  echo "Error: working tree has uncommitted changes. Commit or stash before releasing."
+  exit 1
+fi
+# Step 1: bump version files (cli/package.json + SKILL.md + make sync)
+make bump BUMP="$BUMP"
+# Read new version from the bumped package.json
+NEW_VERSION=$(node -p "require('./cli/package.json').version")
+# Step 2: commit version files
+git add cli/package.json cli/package-lock.json SKILL.md
+git commit -m "chore: bump version to v$NEW_VERSION"
+# Step 3: annotated tag
+git tag -a "v$NEW_VERSION" -m "Release v$NEW_VERSION"
+# Step 4: push commit + tag
+git push
+git push origin "v$NEW_VERSION"
+# Step 5: GitHub release with auto-generated notes
+gh release create "v$NEW_VERSION" --title "v$NEW_VERSION" --generate-notes
+# Step 6: publish to npm
+cd cli && npm publish
+echo ""
+echo "✓ Released v$NEW_VERSION"
+echo "  GitHub: https://github.com/$(gh repo view --json nameWithOwner -q .nameWithOwner)/releases/tag/v$NEW_VERSION"
+echo "  npm:    https://www.npmjs.com/package/buildwright/v/$NEW_VERSION"