claude-devkit-cli 1.2.4 → 1.3.0

package/templates/.claude/hooks/comment-guard.js

@@ -66,7 +66,11 @@ function main() {
 
   // Skip files outside the project directory (e.g. ~/.claude/plans/)
   const filePath = payload.tool_input?.file_path;
-  if (filePath && !path.resolve(filePath).startsWith(process.cwd())) process.exit(0);
+  if (filePath) {
+    const projectDir = process.cwd() + path.sep;
+    const resolved = path.resolve(filePath);
+    if (!resolved.startsWith(projectDir) && resolved !== process.cwd()) process.exit(0);
+  }
 
   const oldStr = payload.tool_input?.old_string;
   const newStr = payload.tool_input?.new_string;

package/templates/.claude/hooks/file-guard.js

@@ -60,8 +60,9 @@ function main() {
   if (!filePath) process.exit(0);
 
   // Skip files outside the project directory (e.g. ~/.claude/plans/)
-  const projectDir = process.cwd();
-  if (!path.resolve(filePath).startsWith(projectDir)) process.exit(0);
+  const projectDir = process.cwd() + path.sep;
+  const resolvedFile = path.resolve(filePath);
+  if (!resolvedFile.startsWith(projectDir) && resolvedFile !== process.cwd()) process.exit(0);
 
   // Skip excluded patterns
   if (matchesExclude(filePath)) process.exit(0);
@@ -80,7 +81,6 @@ function main() {
   try {
     const stat = fs.statSync(filePath);
     if (stat.size > MAX_BYTES) {
-      // >1MB = definitely over threshold, warn without exact count
       const rel = path.relative(process.cwd(), filePath);
       process.stdout.write(JSON.stringify({
         continue: true,
@@ -88,7 +88,7 @@ function main() {
           hookEventName: "PostToolUse",
           additionalContext: `Warning: ${rel} is ${Math.round(stat.size / 1024)}KB. Consider splitting into smaller modules.`,
         },
-      }));
+      }) + "\n");
       process.exit(0);
     }
     const buf = fs.readFileSync(filePath);
@@ -112,7 +112,7 @@ function main() {
         hookEventName: "PostToolUse",
         additionalContext: warning,
       },
-    })
+    }) + "\n"
   );
 }
 

package/templates/.claude/hooks/path-guard.sh

@@ -19,42 +19,44 @@ set -euo pipefail
 INPUT=$(cat)
 [[ -z "$INPUT" ]] && exit 0
 
-# Check Node.js availability
-if ! command -v node &>/dev/null; then
-    echo "WARNING: path-guard disabled — Node.js not found." >&2
-    exit 0
-fi
+# Extract command from JSON — try node first, fall back to grep/sed
+extract_command() {
+    if command -v node &>/dev/null; then
+        printf '%s' "$1" | node -e "
+          try {
+            const d = JSON.parse(require('fs').readFileSync(0, 'utf-8'));
+            const cmd = d.tool_input?.command;
+            if (typeof cmd === 'string') process.stdout.write(cmd);
+          } catch {}
+        " 2>/dev/null
+    else
+        # Lightweight fallback: extract "command":"..." from JSON
+        printf '%s' "$1" | grep -o '"command":"[^"]*"' | head -1 | sed 's/^"command":"//;s/"$//' 2>/dev/null
+    fi
+}
 
-# Parse JSON with inline Node.js (avoids jq dependency)
-COMMAND=$(printf '%s' "$INPUT" | node -e "
-  try {
-    const d = JSON.parse(require('fs').readFileSync(0, 'utf-8'));
-    const cmd = d.tool_input?.command;
-    if (typeof cmd === 'string') process.stdout.write(cmd);
-    else process.exit(0);
-  } catch { process.exit(0); }
-" 2>/dev/null) || exit 0
+COMMAND=$(extract_command "$INPUT") || exit 0
 
 [[ -z "$COMMAND" ]] && exit 0
 
 # ─── Blocked directory patterns ─────────────────────────────────────
 
-BLOCKED="node_modules"
-BLOCKED+="|__pycache__"
-BLOCKED+="|\.git/objects"
-BLOCKED+="|\.git/refs"
-BLOCKED+="|dist/"
-BLOCKED+="|build/"
+# Use word boundaries (\b) and explicit path separators to avoid substring false positives
+# e.g. "build/" should not match "rebuild/src" or "my-build-tool"
+BLOCKED="(^|[ /])node_modules(/|$| )"
+BLOCKED+="|(__pycache__)"
+BLOCKED+="|\.git/(objects|refs)"
+BLOCKED+="|(^|[ /])dist(/|$| )"
+BLOCKED+="|(^|[ /])build(/|$| )"
 BLOCKED+="|\.next/"
-BLOCKED+="|vendor/"
-BLOCKED+="|Pods/"
+BLOCKED+="|(^|[ /])vendor(/|$| )"
+BLOCKED+="|(^|[ /])Pods(/|$| )"
 BLOCKED+="|\.build/"
 BLOCKED+="|DerivedData"
 BLOCKED+="|\.gradle/"
-BLOCKED+="|target/debug"
-BLOCKED+="|target/release"
+BLOCKED+="|target/(debug|release)(/|$| )"
 BLOCKED+="|\.nuget"
-BLOCKED+="|\.cache"
+BLOCKED+="|\.cache(/|$| )"
 
 # Append project-specific patterns from env
 if [[ -n "${PATH_GUARD_EXTRA:-}" ]]; then

package/templates/.claude/hooks/self-review.sh

@@ -7,7 +7,7 @@
 # Environment:
 #   SELF_REVIEW_ENABLED — set to "false" to disable (default: true)
 
-set -euo pipefail
+# No set -euo pipefail — this hook must NEVER fail
 
 # Check if disabled
 if [[ "${SELF_REVIEW_ENABLED:-true}" == "false" ]]; then

package/templates/.claude/hooks/sensitive-guard.sh

@@ -57,13 +57,9 @@ is_sensitive() {
             return 0 ;;
         serviceAccountKey.json|service-account*.json)
             return 0 ;;
-        .mcp.json|config.json)
-            # config.json only sensitive inside .docker/ — check full path
-            if [[ "$basename" == "config.json" ]]; then
-                [[ "$filepath" == *".docker/config.json"* ]] && return 0
-            else
-                return 0
-            fi
+        config.json)
+            # config.json only sensitive inside .docker/
+            [[ "$filepath" == *".docker/config.json"* ]] && return 0
             ;;
     esac
 
@@ -151,11 +147,28 @@ warn_with_message() {
     exit 0
 }
 
+# ─── Fast-path: skip obviously safe files ──────────────────────────
+
+fast_path_safe() {
+    local ext="${1##*.}"
+    case "$ext" in
+        md|ts|tsx|js|jsx|css|scss|html|svg|json|yaml|yml|toml|xml|txt|sh|py|rb|rs|go|java|kt|swift|c|cpp|h|hpp|cs|vue|svelte|astro)
+            # But json could be sensitive — check name
+            if [[ "$ext" == "json" ]]; then
+                return 1  # not fast-path safe, need full check
+            fi
+            return 0 ;;
+    esac
+    return 1
+}
+
 # ─── Check direct file access (Read/Write/Edit) → BLOCK ────────────
 
 if [[ -n "$FILE_PATH" ]]; then
-    if is_sensitive "$FILE_PATH" || check_agentignore "$FILE_PATH"; then
-        block_with_message "$FILE_PATH"
+    if ! fast_path_safe "$FILE_PATH"; then
+        if is_sensitive "$FILE_PATH" || check_agentignore "$FILE_PATH"; then
+            block_with_message "$FILE_PATH"
+        fi
     fi
 fi
 

package/templates/docs/WORKFLOW.md

@@ -1,6 +1,6 @@
 # Development Workflow Reference
 
-> Spec-first development: every change follows SPEC → TEST PLAN → CODE + TESTS → BUILD PASS.
+> Spec-first development: every change follows SPEC (with acceptance scenarios) → CODE + TESTS → BUILD PASS.
 
 ---
 
@@ -12,12 +12,11 @@ When: Building something that doesn't exist yet (no code, no spec).
 
 ```
 Step 1 → /mf-plan "description of feature"
-          Generates: docs/specs/<feature>.md (spec)
-                     docs/test-plans/<feature>.md (test plan)
+          Generates: docs/specs/<feature>/<feature>.md (spec with acceptance scenarios)
           Answers validation questions about assumptions.
-          Review both before proceeding.
+          Review before proceeding.
 
-Step 2 → (Optional) /mf-challenge docs/test-plans/<feature>.md
+Step 2 → (Optional) /mf-challenge docs/specs/<feature>/<feature>.md
           Adversarial review: spawns hostile reviewers to find flaws.
           Recommended for complex features, auth, data pipelines.
           Skip for simple CRUD or small features.
@@ -36,13 +35,12 @@ Step 5 → /mf-commit
 When: Changing behavior, adding options, refactoring logic.
 
 ```
-Step 1 → Update spec FIRST: docs/specs/<feature>.md
-          Describe what's changing and why.
+Step 1 → /mf-plan docs/specs/<feature>/<feature>.md "description of changes"
+          Mode C handles everything: snapshot → classification → change report → apply.
+          Do NOT manually edit the spec before running /mf-plan — it creates the
+          snapshot first, then applies changes. Manual edits bypass snapshot protection.
 
-Step 2 → /mf-plan docs/specs/<feature>.md
-          Updates the test plan with new/modified/removed test cases.
-
-Step 3 → Implement code changes.
+Step 2 → Implement code changes.
           /mf-test
           Fix until green.
 
@@ -67,8 +65,10 @@ Optional → If the bug reveals an undocumented edge case, update the spec.
 When: Deleting a feature, removing deprecated code.
 
 ```
-Step 1 → Mark spec sections as removed in docs/specs/<feature>.md
-          (Or archive the entire file if the feature is fully removed.)
+Step 1 → /mf-plan docs/specs/<feature>/<feature>.md "remove stories S-XXX"
+          Mode C creates a snapshot (removing stories = M2 = Major),
+          then marks stories and AS as removed in the spec.
+          (Or if removing the entire feature: archive the directory.)
 
 Step 2 → Delete production code and related test code.
 
@@ -96,7 +96,7 @@ Is this a brand new feature (no existing spec or code)?
     │   └─ No
     │       ├─ Are you removing/deprecating code?
     │       │   ├─ Yes → Remove Feature workflow.
-    │       │   └─ No → Update Feature workflow. Start by editing the spec.
+    │       │   └─ No → Update Feature workflow. Start with /mf-plan.
     │       │
     │       └─ Is the change very small (< 5 lines, behavior unchanged)?
     │           └─ Yes → Skip spec update. Just /mf-test and /mf-commit.
@@ -115,8 +115,8 @@ I just implemented [brief description].
 Files changed: [list files]
 
 Based on:
-- Spec: docs/specs/<feature>.md (section §X)
-- Test plan: docs/test-plans/<feature>.md
+- Spec: docs/specs/<feature>/<feature>.md (section §X)
+- Acceptance scenarios: docs/specs/<feature>/<feature>.md (section ## Stories)
 
 Write tests for the part I just implemented.
 Only tests related to this change — not the entire feature.
@@ -130,11 +130,11 @@ If the spec seems incomplete, note what's missing but don't change it.
 I'm about to change [description of change].
 Affected files: [list]
 
-1. Update the spec: docs/specs/<feature>.md
-2. Update the test plan: docs/test-plans/<feature>.md (only affected test cases)
-3. Implement the code change
-4. Update tests to match
-5. Build and run → fix until green
+1. /mf-plan docs/specs/<feature>/<feature>.md "description of changes"
+   (handles snapshot + spec update + acceptance scenarios)
+2. Implement the code change
+3. Update tests to match
+4. Build and run → fix until green
 ```
 
 ### Template C — Test-First Bug Fix
@@ -157,11 +157,11 @@ Actual: [broken behavior]
 Removing: [feature name]
 Files to delete: [list]
 
-1. Mark relevant spec sections as removed
-2. Mark related test plan entries as removed
-3. Delete production code
-4. Delete test code
-5. Run full test suite → fix cascading breaks
+1. /mf-plan docs/specs/<feature>/<feature>.md "remove stories S-XXX, S-YYY"
+   (handles snapshot + marks stories and AS as removed)
+2. Delete production code
+3. Delete test code
+4. Run full test suite → fix cascading breaks
 ```
 
 ---
@@ -178,7 +178,7 @@ Files to delete: [list]
 | `/mf-challenge` (adversarial) | 15–30k | After /mf-plan, for complex features |
 | Full audit (manual) | 100k+ | Before release, quarterly |
 
-**Rule of thumb:** Daily work uses templates + `/test` → low token cost.
+**Rule of thumb:** Daily work uses templates + `/mf-test` → low token cost.
 Save `/mf-plan` and full audits for significant milestones.
 
 ---
@@ -187,8 +187,8 @@ Save `/mf-plan` and full audits for significant milestones.
 
 Use this as a PR review checklist (enforce manually or via CI):
 
-- [ ] **Spec updated?** If production behavior changed, `docs/specs/` should have changes.
-- [ ] **Test plan updated?** If spec changed, `docs/test-plans/` should have changes.
+- [ ] **Spec updated?** If production behavior changed, `docs/specs/<feature>/` should have changes.
+- [ ] **Acceptance scenarios updated?** If spec behavior changed, AS in spec should reflect it.
 - [ ] **Tests pass?** `bash scripts/build-test.sh` exits 0.
 - [ ] **No dead tests?** Removed production code → removed corresponding tests.
 - [ ] **Coverage not decreased?** (Optional, per-team decision.)
@@ -201,16 +201,15 @@ Use this as a PR review checklist (enforce manually or via CI):
 
 | Change | Must Also Update |
 |--------|-----------------|
-| Production code behavior changed | Spec + test plan + tests |
-| Spec updated | Test plan + tests (if behavior changed) |
-| Test plan updated | Tests (implement new/modified test cases) |
-| Code removed | Remove related tests. Mark spec as removed. |
+| Production code behavior changed | Spec (including acceptance scenarios) + tests |
+| Spec updated | Acceptance scenarios + tests (if behavior changed) |
+| Code removed | Remove related tests. Mark spec and AS as removed. |
 | Bug fix | Add test. Update spec if edge case was undocumented. |
 
 **Never acceptable:**
 - Code changed, spec not updated (spec drift)
 - Code changed, tests not updated (untested code)
-- Spec changed, tests not updated (plan drift)
+- Spec changed, acceptance scenarios or tests not updated (AS drift)
 - Code removed, dead tests remain (orphaned tests)
 
 **Acceptable shortcut** for changes under 5 lines with no behavior change: