cclaw-cli 0.51.13 → 0.51.15

package/dist/artifact-linter.js

@@ -1,4 +1,5 @@
 import fs from "node:fs/promises";
+import { createHash } from "node:crypto";
 import path from "node:path";
 import { resolveArtifactPath as resolveStageArtifactPath } from "./artifact-paths.js";
 import { readConfig } from "./config.js";
@@ -94,6 +95,15 @@ function sectionBodyByAnyName(sections, sectionNames) {
         return null;
     return bodies.join("\n");
 }
+function sectionBodyByHeadingPrefix(sections, prefix) {
+    const want = normalizeHeadingTitle(prefix).toLowerCase();
+    for (const [heading, body] of sections.entries()) {
+        if (heading.toLowerCase().startsWith(want)) {
+            return body;
+        }
+    }
+    return null;
+}
 export function extractMarkdownSectionBody(markdown, section) {
     return sectionBodyByName(extractH2Sections(markdown), section);
 }
@@ -675,6 +685,52 @@ function validateRequirementsTaxonomy(sectionBody) {
         details: "Requirements table uses canonical Priority values."
     };
 }
+function validateLockedDecisionAnchors(sectionBody) {
+    const rows = getMarkdownTableRows(sectionBody);
+    const lines = sectionBody
+        .split(/\r?\n/u)
+        .map((line) => line.trim())
+        .filter((line) => /^[-*]\s+\S/u.test(line));
+    const anchors = [];
+    const issues = [];
+    for (const [index, row] of rows.entries()) {
+        const anchor = (row[0] ?? "").trim().toLowerCase();
+        const decisionText = (row[1] ?? "").trim();
+        if (!/^ld#[0-9a-f]{8}$/u.test(anchor)) {
+            issues.push(`row ${index + 1} has invalid anchor "${row[0] ?? ""}"`);
+            continue;
+        }
+        anchors.push(anchor);
+        if (decisionText.length > 0) {
+            const expected = lockedDecisionHash(decisionText).toLowerCase();
+            if (anchor !== expected) {
+                issues.push(`row ${index + 1} anchor should be ${expected} for its Decision text`);
+            }
+        }
+    }
+    for (const [index, line] of lines.entries()) {
+        const anchor = /\bLD#[0-9a-f]{8}\b/iu.exec(line)?.[0]?.toLowerCase();
+        if (!anchor) {
+            issues.push(`bullet ${index + 1} is missing an LD#<sha8> anchor`);
+            continue;
+        }
+        anchors.push(anchor);
+    }
+    const duplicateAnchors = [...new Set(anchors.filter((anchor, index) => anchors.indexOf(anchor) !== index))];
+    if (duplicateAnchors.length > 0) {
+        issues.push(`duplicate anchors: ${duplicateAnchors.join(", ")}`);
+    }
+    if (anchors.length === 0 && (rows.length > 0 || lines.length > 0)) {
+        issues.push("no LD#<sha8> anchors found");
+    }
+    return {
+        ok: issues.length === 0,
+        anchors: [...new Set(anchors)],
+        details: issues.length === 0
+            ? `${anchors.length} LD#hash anchor(s) recorded with no duplicates.`
+            : issues.join("; ")
+    };
+}
 const INTERACTION_EDGE_CASE_REQUIREMENTS = [
     { label: "double-click", pattern: /\bdouble[\s-]?click\b/iu },
     {
@@ -1286,6 +1342,18 @@ function extractDecisionIds(text) {
     const ids = text.match(/\bD-\d+\b/gu) ?? [];
     return [...new Set(ids)];
 }
+function extractRequirementIdsFromMarkdown(text) {
+    const ids = text.match(/\bR\d+\b/gu) ?? [];
+    return [...new Set(ids)];
+}
+function extractLockedDecisionAnchors(text) {
+    const ids = text.match(/\bLD#[0-9a-f]{8}\b/giu) ?? [];
+    return [...new Set(ids.map((id) => id.replace(/^LD#/iu, "LD#").toLowerCase()))];
+}
+function lockedDecisionHash(value) {
+    const normalized = value.replace(/\s+/gu, " ").trim().toLowerCase();
+    return `LD#${createHash("sha256").update(normalized).digest("hex").slice(0, 8)}`;
+}
 function collectPatternHits(text, patterns) {
     const hits = [];
     for (const pattern of patterns) {
@@ -1401,7 +1469,7 @@ function validateSectionBody(sectionBody, rule, sectionName) {
     if (sectionNameNormalized === "premise challenge") {
         return validatePremiseChallenge(sectionBody);
     }
-    if (sectionNameNormalized === "requirements") {
+    if (sectionNameNormalized.startsWith("requirements")) {
         return validateRequirementsTaxonomy(sectionBody);
     }
     if (sectionNameNormalized === "data flow") {
@@ -1823,9 +1891,9 @@ export async function lintArtifact(projectRoot, stage, track = "standard") {
         });
     }
     if (stage === "scope") {
-        const lockedDecisionsBody = sectionBodyByName(sections, "Locked Decisions (D-XX)") ?? "";
+        const lockedDecisionsBody = sectionBodyByHeadingPrefix(sections, "Locked Decisions") ?? "";
         const strictScopeGuards = parsedFrontmatter.hasFrontmatter ||
-            headingPresent(sections, "Locked Decisions (D-XX)");
+            sectionBodyByHeadingPrefix(sections, "Locked Decisions") !== null;
         const scopeSections = [
             sectionBodyByAnyName(sections, ["In Scope / Out of Scope", "In Scope", "Out of Scope"]) ?? "",
             sectionBodyByName(sections, "Scope Summary") ?? "",
@@ -1841,12 +1909,18 @@ export async function lintArtifact(projectRoot, stage, track = "standard") {
                 ? "No scope-reduction phrases detected in scope boundary sections."
                 : `Detected scope-reduction phrase(s): ${reductionHits.join(", ")}.`
         });
-        // When the Locked Decisions section is present we must enforce the
-        // D-XX ID contract at runtime (previously this was prose-only in the
-        // artifactValidation rule). Empty body, missing IDs, and duplicate
-        // IDs all fail the lint; absence of the section remains advisory so
-        // scope stays optional for small/quick tracks.
-        if (headingPresent(sections, "Locked Decisions (D-XX)")) {
+        if (sectionBodyByHeadingPrefix(sections, "Locked Decisions") !== null) {
+            const anchorValidation = validateLockedDecisionAnchors(lockedDecisionsBody);
+            findings.push({
+                section: "Locked Decisions Hash Integrity",
+                required: true,
+                rule: "Locked Decisions section must list unique LD#<sha8> content-derived anchors.",
+                found: anchorValidation.ok,
+                details: anchorValidation.details
+            });
+            // Legacy D-XX rows remain advisory for older artifacts, but new templates
+            // use LD#hash anchors. This check keeps D-XX duplicates visible without
+            // making old artifacts the primary contract.
             const listDecisionLines = lockedDecisionsBody
                 .split(/\r?\n/u)
                 .map((line) => line.trim())
@@ -1881,7 +1955,7 @@ export async function lintArtifact(projectRoot, stage, track = "standard") {
             }
             findings.push({
                 section: "Locked Decisions ID Integrity",
-                required: true,
+                required: false,
                 rule: "Locked Decisions section must list each decision with a unique stable D-XX ID.",
                 found: issues.length === 0,
                 details: issues.length === 0
@@ -1890,6 +1964,46 @@ export async function lintArtifact(projectRoot, stage, track = "standard") {
             });
         }
     }
+    if (["design", "spec", "plan", "review"].includes(stage)) {
+        const scopeArtifact = await resolveStageArtifactPath("scope", {
+            projectRoot,
+            track,
+            intent: "read"
+        });
+        if (await exists(scopeArtifact.absPath)) {
+            const scopeRaw = await fs.readFile(scopeArtifact.absPath, "utf8");
+            const scopeSections = extractH2Sections(scopeRaw);
+            const requirementsBody = sectionBodyByHeadingPrefix(scopeSections, "Requirements") ?? "";
+            const lockedDecisionsBody = sectionBodyByHeadingPrefix(scopeSections, "Locked Decisions") ?? "";
+            const requirementIds = extractRequirementIdsFromMarkdown(requirementsBody);
+            const lockedDecisionAnchors = extractLockedDecisionAnchors(lockedDecisionsBody);
+            const missingRequirementRefs = requirementIds.filter((id) => !raw.includes(id));
+            const normalizedCurrentRaw = raw.toLowerCase();
+            const missingDecisionRefs = lockedDecisionAnchors.filter((id) => !normalizedCurrentRaw.includes(id));
+            findings.push({
+                section: "Scope Requirement Reference Integrity",
+                required: requirementIds.length > 0,
+                rule: "Every R# requirement ID from scope must be referenced by downstream artifacts.",
+                found: missingRequirementRefs.length === 0,
+                details: requirementIds.length === 0
+                    ? "No R# requirement IDs found in scope artifact; reference check skipped."
+                    : missingRequirementRefs.length === 0
+                        ? `All ${requirementIds.length} scope requirement ID(s) are referenced.`
+                        : `Missing scope requirement reference(s): ${missingRequirementRefs.join(", ")}.`
+            });
+            findings.push({
+                section: "Locked Decision Hash Reference Integrity",
+                required: lockedDecisionAnchors.length > 0,
+                rule: "Every LD#hash locked decision anchor from scope must be referenced by downstream artifacts.",
+                found: missingDecisionRefs.length === 0,
+                details: lockedDecisionAnchors.length === 0
+                    ? "No LD#hash anchors found in scope artifact; reference check skipped."
+                    : missingDecisionRefs.length === 0
+                        ? `All ${lockedDecisionAnchors.length} locked decision anchor(s) are referenced.`
+                        : `Missing locked decision reference(s): ${missingDecisionRefs.join(", ")}.`
+            });
+        }
+    }
     const passed = findings.every((f) => !f.required || f.found);
     return { stage, file: relFile, passed, findings };
 }

package/dist/content/skills.js

@@ -135,6 +135,9 @@ This is the gate function for completion claims. No "done", "all good", or
 "tests pass" unless fresh evidence from this turn proves it.
 
 - Run verification commands (tests/build/lint/type-check) for the changed scope.
+- Before \`tdd -> review\` and \`review -> ship\`, discover the real test command
+  from repo config (package scripts, pytest/go/cargo/maven/gradle signals) and
+  cite that exact command in the gate evidence.
 - Confirm output directly; do not infer success from prior runs or green memories.
 - If this is a bug fix, capture RED -> GREEN evidence for the regression path.
 - If a command fails, report the failure as diagnostic evidence and stop before completion.

package/dist/content/stages/plan.js

@@ -46,7 +46,7 @@ export const PLAN = {
             "Slice into vertical tasks — each task targets 2-5 minutes, produces one testable outcome, and touches one coherent area.",
             "Task Contract — every task has one coherent outcome, AC mapping, exact verification command/manual step, and expected evidence snippet or pass condition. Avoid vague `run tests` wording.",
             "Annotate slice-review metadata — if `.cclaw/config.yaml::sliceReview.enabled` is true, every task row additionally carries `touchCount` (rough number of files expected to change) and `touchPaths` (glob hints, e.g. `migrations/**`, `src/auth/**`). A task may set `highRisk: true` to force a review pass regardless of thresholds. These fields feed the TDD stage's Per-Slice Review point; when `sliceReview` is disabled they are optional.",
-            "Map scope Locked Decisions — every D-XX from scope is referenced by at least one plan task (or explicitly marked deferred with reason).",
+            "Map scope Locked Decisions — every LD#hash anchor from scope is referenced by at least one plan task (or explicitly marked deferred with reason).",
             "Run anti-placeholder + anti-scope-reduction scans — block `TODO/TBD/...` and phrasing like `v1`, `for now`, `later` for locked boundaries.",
             "Define validation points — mark where progress must be checked before continuing, with concrete command and expected evidence.",
             "Define execution posture — record whether execution should be sequential, dependency-batched, parallel-safe, or blocked; include risk triggers and RED/GREEN/REFACTOR checkpoint/commit expectations when the repo workflow supports them.",

package/dist/content/stages/review.js

@@ -72,7 +72,7 @@ export const REVIEW = {
             { id: "review_layer_coverage_complete", description: "Layer coverage map in 07-review-army.json confirms spec/correctness/security/performance/architecture/external-safety tags were considered." },
             { id: "review_criticals_resolved", description: "No unresolved critical blockers remain." },
             { id: "review_army_json_valid", description: "07-review-army.json passes schema validation (validateReviewArmy)." },
-            { id: "review_trace_matrix_clean", description: "Trace matrix has no orphaned criteria/tasks/test slices for the active run." }
+            { id: "review_trace_matrix_clean", description: "Trace matrix has no orphaned criteria/tasks/test slices for the active run, and evidence cites a discovered real test command before ship handoff." }
         ],
         requiredEvidence: [
             "Artifact written to `.cclaw/artifacts/07-review.md`.",
@@ -82,6 +82,7 @@ export const REVIEW = {
             "Layer 2 sections completed with findings.",
             "Severity log includes critical/important/suggestion buckets.",
             "Explicit final verdict: APPROVED, APPROVED_WITH_CONCERNS, or BLOCKED.",
+            "Fresh verification command discovery recorded, and the command cited in `review_trace_matrix_clean` evidence before ship handoff.",
             "If BLOCKED: include explicit remediation route (`ROUTE_BACK_TO_TDD`) with blocking finding IDs."
         ],
         inputs: ["implementation diff", "spec and plan artifacts", "test/build evidence"],

package/dist/content/stages/scope.js

@@ -87,7 +87,7 @@ export const SCOPE = {
             "In-scope and out-of-scope lists are explicit.",
             "Discretion areas are explicit (or marked as `None`).",
             "Selected mode and rationale are documented.",
-            "Locked Decisions section lists stable D-XX IDs for non-negotiable boundaries.",
+            "Locked Decisions section lists stable LD#hash anchors for non-negotiable boundaries.",
             "Premise challenge findings documented.",
             "Outside Voice findings and dispositions are recorded (accept/reject/defer with rationale) before final approval.",
             `Spec review loop summary includes a table with columns Iteration, Quality Score, Findings, plus Stop reason, Target score, and Max iterations. This is outside-voice evidence only; it does not satisfy user approval. ${reviewLoopPolicySummary("scope")}`,
@@ -143,7 +143,7 @@ export const SCOPE = {
             { section: "Landscape Check", required: false, validationRule: "When mode is EXPAND/SELECTIVE, include at least one external reference insight and its impact on scope." },
             { section: "Taste Calibration", required: false, validationRule: "Must reference 2-3 strong in-repo modules/files that define the quality bar or explicitly justify omission." },
             { section: "Requirements", required: false, validationRule: "Table of stable requirement IDs (R1, R2, R3…) one per row with observable outcome, priority, and source. IDs are assigned once and never renumbered across scope/design/spec/plan/review; dropped requirements stay with Priority `DROPPED`." },
-            { section: "Locked Decisions (D-XX)", required: false, validationRule: "List of stable locked decisions with IDs D-01, D-02... Each ID appears once, includes rationale, and is intended for downstream cross-stage traceability." },
+            { section: "Locked Decisions (LD#hash)", required: false, validationRule: "List of stable locked decisions with unique `LD#<sha8>` anchors. Each anchor is derived from the normalized Decision cell and is referenced downstream for cross-stage traceability." },
             { section: "Implementation Alternatives", required: false, validationRule: "2-3 options with Name, Summary, Effort, Risk, Pros, Cons, and Reuses. Must include minimal viable and ideal architecture options." },
             { section: "Scope Mode", required: true, validationRule: "Must state selected mode and rationale with default heuristic justification." },
             { section: "Mode-Specific Analysis", required: false, validationRule: "Deep/complex scope only: document the analysis matching the selected mode. Default path may record a concise mode rationale instead." },

package/dist/content/templates.js

@@ -183,10 +183,14 @@ ${SEED_SHELF_SECTION}
 > is later dropped, keep the row and mark Priority \`DROPPED\`; if a new one is
 > added mid-flow, append with the next free R-number — do NOT reuse numbers.
 
-## Locked Decisions (D-XX)
-| Decision ID | Decision | Why locked now | Downstream impact |
+## Locked Decisions (LD#hash)
+| Decision Anchor | Decision | Why locked now | Downstream impact |
 |---|---|---|---|
-| D-01 |  |  |  |
+| LD#<sha8> |  |  |  |
+
+> Decision Anchor is \`LD#\` + the first 8 lowercase hex chars of SHA-256 over
+> the normalized \`Decision\` cell (trim, collapse whitespace, lowercase). Downstream
+> design/spec/plan/review artifacts reference these anchors verbatim.
 
 ## In Scope / Out of Scope
 
@@ -308,9 +312,9 @@ ${SEED_SHELF_SECTION}
 | pitfalls-researcher |  |  |  |
 
 ## Architecture Boundaries
-| Component | Responsibility | Owner |
-|---|---|---|
-|  |  |  |
+| Component | Responsibility | Requirement Refs (R#) | Decision Refs (LD#hash) | Owner |
+|---|---|---|---|---|
+|  |  |  |  |  |
 
 ## Architecture Diagram
 
@@ -377,11 +381,11 @@ ${MARKDOWN_CODE_FENCE}
 ### Interaction Edge Case Matrix
 | Edge case | Handled? | Design response | Deferred item (if not handled) |
 |---|---|---|---|
-| double-click | yes/no |  | None / D-XX |
-| nav-away-mid-request | yes/no |  | None / D-XX |
-| 10K-result dataset | yes/no |  | None / D-XX |
-| background-job abandonment | yes/no |  | None / D-XX |
-| zombie connection | yes/no |  | None / D-XX |
+| double-click | yes/no |  | None / LD#hash |
+| nav-away-mid-request | yes/no |  | None / LD#hash |
+| 10K-result dataset | yes/no |  | None / LD#hash |
+| background-job abandonment | yes/no |  | None / LD#hash |
+| zombie connection | yes/no |  | None / LD#hash |
 
 ## Security & Threat Model
 | Boundary | Threat | Mitigation | Owner |
@@ -480,7 +484,7 @@ ${SEED_SHELF_SECTION}
 - Drift from upstream (or \`None\`):
 
 ## Acceptance Criteria
-| ID | Requirement Ref (R#) | Criterion (observable/measurable/falsifiable) | Design Decision Ref |
+| ID | Requirement Ref (R#) | Criterion (observable/measurable/falsifiable) | Design Decision Ref (LD#hash) |
 |---|---|---|---|
 | AC-1 | R1 |  |  |
 
@@ -585,9 +589,9 @@ Execution rule: complete and verify each batch before starting the next batch.
 - TDD checkpoint plan: RED commit/checkpoint -> GREEN commit/checkpoint -> REFACTOR commit/checkpoint (or deferred because: )
 
 ## Locked Decision Coverage
-| Decision ID | Source section | Plan tasks implementing decision | Status |
+| Decision Ref (LD#hash) | Source section | Plan tasks implementing decision | Status |
 |---|---|---|---|
-| D-01 | 02-scope.md > Locked Decisions | T-1 | covered |
+| LD#<sha8> | 02-scope.md > Locked Decisions | T-1 | covered |
 
 ## Risk Assessment
 | Task/Batch | Risk | Likelihood | Impact | Mitigation |
@@ -605,7 +609,7 @@ Execution rule: complete and verify each batch before starting the next batch.
 
 ## No Scope Reduction Language Scan
 - Scanned phrases: \`v1\`, \`for now\`, \`later\`, \`temporary\`, \`placeholder\`, \`mock for now\`, \`hardcoded for now\`, \`will improve later\`.
-- Hits: 0 (required when Locked Decisions section is non-empty).
+- Hits: 0 (required when Locked Decisions section is non-empty; use LD#hash anchors).
 
 ## WAIT_FOR_CONFIRM
 - Status: pending
@@ -750,6 +754,11 @@ Execution rule: complete and verify each batch before starting the next batch.
 - Orphaned tests: 0
 - Evidence ref:
 
+## Verification Command Discovery
+| Source | Discovered command | Result | Evidence ref |
+|---|---|---|---|
+| package.json / pytest / go.mod / Cargo.toml / pom.xml / gradle |  | PASS/FAIL |  |
+
 ## Blocked Route
 - ROUTE_BACK_TO_TDD: only when Final Verdict = BLOCKED
 - Target stage: tdd

package/dist/gate-evidence.js

@@ -44,6 +44,64 @@ function sameStringArray(a, b) {
         return false;
     return a.every((value, index) => value === b[index]);
 }
+async function readJsonFile(filePath) {
+    try {
+        const parsed = JSON.parse(await fs.readFile(filePath, "utf8"));
+        return parsed && typeof parsed === "object" && !Array.isArray(parsed)
+            ? parsed
+            : null;
+    }
+    catch {
+        return null;
+    }
+}
+async function discoverRealTestCommands(projectRoot) {
+    const commands = [];
+    const packageJson = await readJsonFile(path.join(projectRoot, "package.json"));
+    const scripts = packageJson?.scripts;
+    if (scripts && typeof scripts === "object" && !Array.isArray(scripts)) {
+        const scriptNames = Object.keys(scripts).filter((name) => {
+            const value = scripts[name];
+            return typeof value === "string" && (name === "test" || name.startsWith("test:"));
+        });
+        for (const name of scriptNames.sort()) {
+            commands.push(name === "test" ? "npm test" : `npm run ${name}`);
+            commands.push(name === "test" ? "pnpm test" : `pnpm ${name}`);
+            commands.push(name === "test" ? "yarn test" : `yarn ${name}`);
+            commands.push(name === "test" ? "bun test" : `bun run ${name}`);
+        }
+    }
+    if (await exists(path.join(projectRoot, "pyproject.toml")))
+        commands.push("pytest");
+    if (await exists(path.join(projectRoot, "pytest.ini")))
+        commands.push("pytest");
+    if (await exists(path.join(projectRoot, "go.mod")))
+        commands.push("go test ./...");
+    if (await exists(path.join(projectRoot, "Cargo.toml")))
+        commands.push("cargo test");
+    if (await exists(path.join(projectRoot, "pom.xml")))
+        commands.push("mvn test");
+    if (await exists(path.join(projectRoot, "build.gradle")) ||
+        await exists(path.join(projectRoot, "build.gradle.kts"))) {
+        commands.push("gradle test", "./gradlew test");
+    }
+    return unique(commands);
+}
+async function verifyDiscoveredCommandEvidence(projectRoot, stage, gateId, flowState) {
+    if (!(stage === "tdd" && gateId === "tdd_verified_before_complete") &&
+        !(stage === "review" && gateId === "review_trace_matrix_clean")) {
+        return null;
+    }
+    const commands = await discoverRealTestCommands(projectRoot);
+    if (commands.length === 0)
+        return null;
+    const evidence = flowState.guardEvidence[gateId];
+    const normalizedEvidence = typeof evidence === "string" ? evidence.toLowerCase() : "";
+    const matched = commands.some((command) => normalizedEvidence.includes(command.toLowerCase()));
+    if (matched)
+        return null;
+    return `${stage} verification gate blocked (${gateId}): guard evidence must cite one discovered real test command: ${commands.join(", ")}.`;
+}
 const RECONCILIATION_NOTICES_FILE = "reconciliation-notices.json";
 const RECONCILIATION_NOTICES_SCHEMA_VERSION = 1;
 const DESIGN_RESEARCH_REQUIRED_SECTIONS = [
@@ -203,6 +261,11 @@ export async function verifyCurrentStageGateEvidence(projectRoot, flowState) {
         const evidence = flowState.guardEvidence[gateId];
         if (typeof evidence !== "string" || evidence.trim().length === 0) {
             issues.push(`passed gate "${gateId}" is missing guardEvidence entry.`);
+            continue;
+        }
+        const discoveredCommandIssue = await verifyDiscoveredCommandEvidence(projectRoot, stage, gateId, flowState);
+        if (discoveredCommandIssue) {
+            issues.push(discoveredCommandIssue);
         }
     }
     for (const gateId of catalog.blocked) {

package/dist/internal/advance-stage.js

@@ -203,6 +203,15 @@ const GATE_EVIDENCE_VALIDATORS = {
         }
         return null;
     },
+    "review:review_trace_matrix_clean": (evidence) => {
+        if (!TEST_COMMAND_HINT_PATTERN.test(evidence)) {
+            return "must include the fresh verification command that was run before ship handoff (for example `npm test`, `pytest`, `go test`, or equivalent).";
+        }
+        if (!PASS_STATUS_PATTERN.test(evidence)) {
+            return "must include explicit success status (for example `PASS` or `GREEN`).";
+        }
+        return null;
+    },
     "ship:ship_finalization_executed": (evidence) => {
         if (!SHIP_FINALIZATION_MODE_PATTERN.test(evidence)) {
             return `must name the finalization mode that ran (for example ${SHIP_FINALIZATION_MODE_HINT}).`;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cclaw-cli",
-  "version": "0.51.13",
+  "version": "0.51.15",
   "description": "Installer-first flow toolkit for coding agents",
   "type": "module",
   "bin": {