npm - cclaw-cli - Versions diffs - 0.5.13 → 0.5.14 - Mend

cclaw-cli 0.5.13 → 0.5.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/artifact-linter.js +26 -0
package/dist/content/examples.js +30 -20
package/dist/content/stage-schema.js +11 -6
package/dist/content/templates.js +1 -2
package/package.json +1 -1

package/dist/artifact-linter.js CHANGED Viewed

@@ -199,6 +199,7 @@ function validateSectionBody(sectionBody, rule) {
                     details: `Rule expects exactly one selected token (${tokens.join(", ")}); found ${selected.size}.`
                 };
             }
+            return { ok: true, details: "Exactly one token selected as expected." };
         }
     }
     if (/Status:\s*pending\s+until/iu.test(rule)) {
@@ -419,9 +420,34 @@ export async function validateReviewArmy(projectRoot) {
         if (!Array.isArray(rec.conflicts)) {
             errors.push("reconciliation.conflicts must be an array.");
         }
+        else {
+            rec.conflicts.forEach((c, ci) => {
+                if (c === null || typeof c !== "object" || Array.isArray(c)) {
+                    errors.push(`reconciliation.conflicts[${ci}] must be an object.`);
+                    return;
+                }
+                const co = c;
+                if (!isNonEmptyString(co.findingId)) {
+                    errors.push(`reconciliation.conflicts[${ci}].findingId must be a non-empty string.`);
+                }
+                else if (!findingIds.has(co.findingId)) {
+                    errors.push(`reconciliation.conflicts[${ci}].findingId references unknown finding "${co.findingId}".`);
+                }
+                if (!isNonEmptyString(co.description)) {
+                    errors.push(`reconciliation.conflicts[${ci}].description must be a non-empty string.`);
+                }
+            });
+        }
         if (!isStringArray(rec.multiSpecialistConfirmed)) {
             errors.push("reconciliation.multiSpecialistConfirmed must be an array of finding ids.");
         }
+        else {
+            for (const msId of rec.multiSpecialistConfirmed) {
+                if (!findingIds.has(msId)) {
+                    errors.push(`reconciliation.multiSpecialistConfirmed references unknown finding id "${msId}".`);
+                }
+            }
+        }
         if (!isStringArray(rec.shipBlockers)) {
             errors.push("reconciliation.shipBlockers must be an array of finding ids.");
         }

package/dist/content/examples.js CHANGED Viewed

@@ -360,34 +360,44 @@ Execution rule: complete and verify each wave before starting the next wave.
 - Plan task IDs: T-1, T-2, T-3
 - Spec criterion IDs: AC-1, AC-2, AC-3`,
-    review: `### Layer 1 — Spec compliance (per-criterion)
+    review: `### Layer 1 Verdict
-| Criterion | Status | Evidence |
+| Criterion | Verdict | Evidence |
 | --- | --- | --- |
-| Delivery within 5s without reload | PASS | \`notification-feed.e2e.ts:44-88\` asserts SSE-to-UI timing under mock clock |
-| Dedupe: one visible item per key | PARTIAL | Unit tests cover publisher dedupe; UI merge path lacks test for race reordering (\`feedStore.test.ts\` missing case) |
-| Degraded mode + REST snapshot | PASS | \`NotificationsPanel.tsx:112-140\` renders banner + calls snapshot endpoint |
+| AC-1: Delivery within 5s without reload | PASS | \`notification-feed.e2e.ts:44-88\` asserts SSE-to-UI timing under mock clock |
+| AC-2: Dedupe — one visible item per key | PARTIAL | Unit tests cover publisher dedupe; UI merge path lacks test for race reordering (\`feedStore.test.ts\` missing case) |
+| AC-3: Degraded mode + REST snapshot | PASS | \`NotificationsPanel.tsx:112-140\` renders banner + calls snapshot endpoint |
-### Layer 2 — Engineering finding (sample)
+### Layer 2 Findings
-- **Severity:** Major
-- **Description:** Snapshot endpoint returns newest N rows but does not guarantee consistency with stream cursor, so users can miss items that arrived between snapshot and subscribe.
-- **File:line:** \`server/routes/notifications.ts:208\`
-- **Recommendation:** Return a monotonic cursor with snapshot and initialize SSE from that cursor; add contract tests for gapless delivery.
-- **Resolution options:**
-  1. Add cursor field + server-side reconciliation on subscribe (preferred).
-  2. Client-side “fetch since last seen id” merge pass (more complex, easier to get wrong).
-  3. Temporary mitigation: widen polling window when SSE is unhealthy (acceptable only as a short-term bridge).
+| ID | Severity | Category | Description | Status |
+| --- | --- | --- | --- | --- |
+| R-1 | Critical | correctness | Snapshot endpoint returns newest N rows but does not guarantee consistency with stream cursor — users can miss items between snapshot and subscribe. | open |
+| R-2 | Important | performance | \`feedStore.merge()\` does full-array scan on every SSE event; O(n) per event where n is feed length. | open |
+| R-3 | Suggestion | architecture | SSE reconnect logic duplicated across \`useNotifications\` and \`usePresence\`; extract shared hook. | open |
+### Review Army Contract
+- See \`07-review-army.json\`
+- Reconciliation summary: 1 duplicate collapsed (R-1 reported by spec-reviewer and code-reviewer), 0 conflicts
+### Review Readiness Dashboard
+- Layer 1 complete: yes (3/3 criteria)
+- Layer 2 complete: yes (5 sections reviewed)
+- Review army schema valid: yes
+- Open critical blockers: 1 (R-1)
+- Ship recommendation: BLOCKED until R-1 resolved
-### Layer 0 — hygiene checks (sample)
+### Severity Summary
-- **Dependency freshness:** no critical CVEs in direct server dependencies (scanner report linked in PR).
-- **Secrets:** no new env vars committed; rotation playbook unchanged.
+- Critical: 1
+- Important: 1
+- Suggestion: 1
-### Exit criteria (sample)
+### Final Verdict
-- All **Major** findings resolved or explicitly accepted with a time-bounded follow-up ticket.
-- **PARTIAL** spec compliance items have a named owner and a test plan before ship.`,
+- BLOCKED`,
     ship: `### Preflight checklist (sample)
 - tests ✅ (\`pnpm test\` green on main)

package/dist/content/stage-schema.js CHANGED Viewed

@@ -1016,7 +1016,8 @@ const TDD = {
         { claim: "One broad integration test is enough.", reality: "Slice-level RED tests are required for precise failure signal." },
         { claim: "Refactor can be skipped for speed.", reality: "Skipping refactor accumulates debt and weakens maintainability." },
         { claim: "Only changed tests need to pass.", reality: "Full-suite checks are needed to detect regressions." },
-        { claim: "Traceability is implied by commit diff.", reality: "Explicit mapping avoids ambiguity in review and rollback." }
+        { claim: "Traceability is implied by commit diff.", reality: "Explicit mapping avoids ambiguity in review and rollback." },
+        { claim: "Tests written after implementation achieve the same goals.", reality: "Post-hoc tests confirm assumptions, not behavior. They test what you built, not what you should have built. TDD forces you to think about behavior before you have an implementation to be anchored by." }
     ],
     redFlags: [
         "No failing test output (RED missing)",
@@ -1035,7 +1036,8 @@ const TDD = {
         { name: "Minimal Viable Change", description: "The best implementation is the smallest one that passes all RED tests. Every extra line is risk. Resist the urge to 'improve while you are here.'" },
         { name: "Regression Paranoia", description: "Assume every change breaks something until the full suite proves otherwise. Partial test runs are lies of omission." },
         { name: "Refactor-as-Hygiene", description: "Refactoring is not optional cleanup — it is the third leg of TDD. GREEN without REFACTOR accumulates mess. REFACTOR without GREEN breaks things." },
-        { name: "Evidence Over Anecdote", description: "Every claim about test state must be backed by captured output. 'It passed' without terminal evidence is not evidence. 'I saw it fail' without the failure output is not RED. Capture commands, outputs, and results — not summaries from memory." }
+        { name: "Evidence Over Anecdote", description: "Every claim about test state must be backed by captured output. 'It passed' without terminal evidence is not evidence. 'I saw it fail' without the failure output is not RED. Capture commands, outputs, and results — not summaries from memory." },
+        { name: "Characterization First", description: "Before changing existing behavior, write characterization tests that capture current behavior as-is. These tests document what the system does today — even if that behavior is wrong. Only after the characterization suite is green do you add the new RED test for the desired change. This prevents accidental behavior destruction during refactoring." }
     ],
     reviewSections: [
         {
@@ -1144,7 +1146,8 @@ const REVIEW = {
         { id: "review_layer2_performance", description: "Performance review completed." },
         { id: "review_layer2_architecture", description: "Architecture fit review completed." },
         { id: "review_severity_classified", description: "All findings are severity-tagged." },
-        { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." }
+        { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." },
+        { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." }
     ],
     requiredEvidence: [
         "Artifact written to `.cclaw/artifacts/07-review.md`.",
@@ -1179,7 +1182,9 @@ const REVIEW = {
         { claim: "Passing tests mean spec compliance by default.", reality: "Tests can miss requirement mismatches; explicit spec review is mandatory." },
         { claim: "Severity labels are unnecessary.", reality: "Without severity, release decisions become inconsistent." },
         { claim: "Critical issues can be fixed after ship.", reality: "Critical blockers must be resolved before release handoff." },
-        { claim: "Security review is not needed for internal tools.", reality: "Internal tools become external surface area. Security is always in scope." }
+        { claim: "Security review is not needed for internal tools.", reality: "Internal tools become external surface area. Security is always in scope." },
+        { claim: "A quick skim is sufficient for small diffs.", reality: "Small diffs hide high-impact changes. A 3-line auth bypass is still critical. Every diff gets layered review regardless of size." },
+        { claim: "The author already reviewed their own code.", reality: "Self-review misses blind spots by definition. Independent review exists precisely because authors cannot objectively evaluate their own assumptions." }
     ],
     redFlags: [
         "No separate Layer 1/Layer 2 outcomes",
@@ -1276,7 +1281,7 @@ const REVIEW = {
     completionStatus: ["APPROVED", "APPROVED_WITH_CONCERNS", "BLOCKED"],
     crossStageTrace: {
         readsFrom: [".cclaw/artifacts/06-tdd.md", ".cclaw/artifacts/04-spec.md", ".cclaw/artifacts/05-plan.md"],
-        writesTo: [".cclaw/artifacts/07-review.md"],
+        writesTo: [".cclaw/artifacts/07-review.md", ".cclaw/artifacts/07-review-army.json"],
         traceabilityRule: "Review verdict must reference specific spec criteria and TDD evidence. Downstream ship stage must reference review verdict."
     },
     artifactValidation: [
@@ -1284,7 +1289,7 @@ const REVIEW = {
         { section: "Layer 2 Findings", required: true, validationRule: "Each finding has severity, description, and resolution status." },
         { section: "Review Army Contract", required: true, validationRule: "Structured findings include id/severity/confidence/fingerprint/reportedBy/status with dedup reconciliation summary." },
         { section: "Review Readiness Dashboard", required: true, validationRule: "At least 4 readiness checklist lines including blocker and recommendation status." },
-        { section: "Severity Summary", required: true, validationRule: "Counts: N critical, N important, N suggestion." },
+        { section: "Severity Summary", required: true, validationRule: "Per-severity count lines for critical, important, and suggestion buckets." },
         { section: "Final Verdict", required: true, validationRule: "Exactly one of: APPROVED, APPROVED_WITH_CONCERNS, BLOCKED." }
     ],
     namedAntiPattern: {

package/dist/content/templates.js CHANGED Viewed

@@ -375,8 +375,7 @@ Execution rule: complete and verify each wave before starting the next wave.
       "confidence": 7,
       "category": "correctness",
       "location": {
-        "file": "",
-        "line": 0
+        "file": ""
       },
       "fingerprint": "",
       "reportedBy": [],

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.5.13",
+  "version": "0.5.14",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {