claudemd-cli 0.16.0 → 0.17.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +68 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,74 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
|
|
|
8
8
|
- **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
|
|
9
9
|
- **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
|
|
10
10
|
|
|
11
|
+
## [0.17.1] - 2026-05-14
|
|
12
|
+
|
|
13
|
+
**Patch — fix: `memory-read-check.sh` tag-match phase now sanitizes quoted bodies (and heredoc bodies / line comments) before tag scan; closes the FP class where descriptive text inside `--title "..."` / `-m "..."` / `'release/...'` triggered §11 deny on incidental keyword matches.**
|
|
14
|
+
|
|
15
|
+
### Background
|
|
16
|
+
|
|
17
|
+
User dogfood report: `glab mr create --title "fix(ws): ... 修 Mac packaged ..."` denied by §11 with `feedback_linux_case_audit.md` listed, even though the push had no semantic relationship to the linux-case memory. Root cause: tag `mac` (likely 3-char single-word EN tag, exact-word with declension tolerance) exact-matched `Mac` inside the quoted `--title` body.
|
|
18
|
+
|
|
19
|
+
v0.9.28 fixed the TRIGGER stage (segment-anchor `release|deploy|ship` so `git commit -m "release notes"` no longer fires the scan; Cases 14 + 22 lock). The TAG-match stage downstream was left scanning raw `$CMD` including quoted bodies — same inconsistency class. Title text is user-written description, not topic declaration; treating it as authoritative for tag matching produces FP fan-out on every MR/PR with a descriptive title.
|
|
20
|
+
|
|
21
|
+
### What changed
|
|
22
|
+
|
|
23
|
+
- `[fix]` **`hooks/memory-read-check.sh`** — new `sanitize_for_tagmatch()` function modeled on `pre-bash-safety-check.sh sanitize_cmd()`. Strips heredoc bodies (multi-line state, `<<-?TAG` introducer + bare-TAG terminator), line comments (`# ...` at line start or after whitespace), and ALL quoted-string bodies (both `"..."` and `'...'`). Simpler than `pre-bash-safety` counterpart: tag-match has no `$VAR` expansion sensitivity (the literal `$VAR` string carries no tag-relevant topic info), so `"foo"` and `"$VAR"` strip uniformly. Empty-quote markers preserved to keep token boundaries. Tag-match grep (~L134) switched from `$CMD` to `$CMD_TAGMATCH` (sanitized form). TRIGGER stage unchanged — still reads `$CMD_FLAT` and its v0.9.28 segment-anchor regex is already correct for quoted-body cases.
|
|
24
|
+
|
|
25
|
+
- `[test]` **`tests/hooks/memory-read-check.test.sh`** — 2 new cases (27 → 29 total):
|
|
26
|
+
- **Case 28**: `glab mr create --title "fix macos issue"` with MEMORY tag `[mac, ship]` — pre-fix denies on `mac` exact-match against `macos` inside quoted `--title`, post-fix sanitize strips to `--title ""` so no match → pass.
|
|
27
|
+
- **Case 29**: `git push origin 'release/v1.0'` with MEMORY tag `[release]` — pre-fix denies on `release` matching inside single-quoted branch ref, post-fix single-quote strip eliminates → pass.
|
|
28
|
+
- **Case 21 setup adjusted**: declension-tolerance test originally used `git push # added 2 hooks` form. v0.17.1 sanitize correctly strips line-comments before tag scan (comments are descriptive prose, not topic declaration), so `hooks` keyword no longer survives to match tag `hook`. Test rewritten as `git push origin hooks-fix` — branch ref is real tokenized intent and survives sanitize; locks the declension tolerance via a non-comment carrier.
|
|
29
|
+
|
|
30
|
+
### Why patch (not minor)
|
|
31
|
+
|
|
32
|
+
Per `feedback_claudemd_spec_single_source_of_truth.md` + core §2 release-requirements: this is a bugfix restoring intended/documented hook behavior (TRIGGER stage already anchored quoted-body in v0.9.28; tag-match should too — same inconsistency class). CHANGELOG `fix:` not `change:`. No LLM-visible metadata bump (spec content unchanged, only hook implementation). No contract break for hook consumers — fewer false denies, never more.
|
|
33
|
+
|
|
34
|
+
### Tests
|
|
35
|
+
|
|
36
|
+
- `tests/hooks/memory-read-check.test.sh` 29/29 PASS (was 27/27 + 2 new).
|
|
37
|
+
- All 22 hook test files PASS (no cross-regression): `pre-bash-safety 59/59`, `contract 49/49`, `banned-vocab 20/20`, `memory-coverage-scan 12/12`, etc.
|
|
38
|
+
- Full JS suite + integration test: `OVERALL: all suites passed`.
|
|
39
|
+
|
|
40
|
+
### Operator notes
|
|
41
|
+
|
|
42
|
+
No action required — hook lives via `${CLAUDE_PLUGIN_ROOT}` expansion (per `reference_plugin_root_hook_expansion.md`), so installed plugin picks up the new sanitize on next file Read. Existing `[skip-memory-check]` bypass still works for any residual FPs (e.g. unquoted tokens like `git push origin release/v1.0` without quotes are out of scope for this patch — quote-aware strip only). For unquoted-body FPs, run `/claudemd-doctor memory-tag-specificity` on your project to surface broad single-word EN tags (`mac`, `linux`, `case`) that should be made specific (`macos-shell-portability`, `linux-case-audit`).
|
|
43
|
+
|
|
44
|
+
## [0.17.0] - 2026-05-11
|
|
45
|
+
|
|
46
|
+
**Minor — refactor: spec v6.11.16 §2.1 ROUTE single-source collapse; core spec −470B (headroom 396B → 866B).**
|
|
47
|
+
|
|
48
|
+
### Background
|
|
49
|
+
|
|
50
|
+
Per `tasks/specs/routing-single-source.md` (drafted in v0.16.0 cycle, commit 8f26e37). Core spec headroom was at 396B / 25000B (98.42% utilization) — one bad version away from the §0.1 net-delete-forced gate. §2.1 ROUTE was the largest hot-path table that duplicated content with §EXT §4 FLOW (already 21 rows in extended).
|
|
51
|
+
|
|
52
|
+
### What changed
|
|
53
|
+
|
|
54
|
+
- **`spec/CLAUDE.md` §2.1 ROUTE table** — 13 rows → 8 rows. Removed 6 rows (env/staging bug, L3 migration, ship, large design, plan review, perf-security-clarify); merged env/staging into code/logic bug row note. New single catch-all row enumerates all 6 evicted triggers → `Load extended → §EXT §4 FLOW`. Hand-walked 5 routing scenarios (bug / ship / plan-review / migration / Q&A) — same terminal skill pre/post-edit.
|
|
55
|
+
- **`spec/CLAUDE.md` §2.1 Tool escalation** — 5-principle numbered list (386 chars) → compact heuristic form (235 chars, −151B). All 5 mappings preserved.
|
|
56
|
+
- **`spec/CLAUDE.md` §2.1 Anti-patterns** — 3-item paragraph dropped; unique warning (`parallel-dispatch mem + code-graph on same question`) merged into Tool escalation suffix. The 3 dropped items were textual inverses of escalation principles.
|
|
57
|
+
- **`spec/CLAUDE-extended.md` Recent changes** — v6.11.15 entry replaced with v6.11.16. Sizing line updated; drift = 0 (line numbers match actual wc -c).
|
|
58
|
+
- **`spec/CLAUDE-changelog.md`** — v6.11.16 entry prepended.
|
|
59
|
+
- **Spec version bump**: v6.11.15 → v6.11.16 (patch — wording/clarification, identical behavior per §13 META).
|
|
60
|
+
|
|
61
|
+
### Why minor (not patch) on plugin
|
|
62
|
+
|
|
63
|
+
Per `feedback_claudemd_spec_single_source_of_truth.md`: plugin semver vs spec semver are independent. Spec is patch (no behavior change). Plugin is minor because shipped artifact's user-visible routing table changed structure — users running `/claudemd-update` see a new §2.1 table on next sync. Per core §2 release-requirements: LLM-visible metadata change (spec content distributed via plugin) → L3 regardless of LOC; ship discoverability via CHANGELOG callout. §13.2 budget cost: 0.
|
|
64
|
+
|
|
65
|
+
### Cross-ref preservation
|
|
66
|
+
|
|
67
|
+
`§EXT §12` was referenced only in the now-removed `ship / deploy / PR / release` row's note. Verified still live at 3 other core locations: §0 line 5, §2.1 Skill soft-triggers, §2.2 Ship-pipeline hardening. `spec-coherence-audit ext-cross-refs` PASS expected.
|
|
68
|
+
|
|
69
|
+
### Tests
|
|
70
|
+
|
|
71
|
+
- `tests/scripts/spec-coherence-audit.test.js` — ext-cross-refs / sizing-accuracy / structured-report all 3 checks PASS.
|
|
72
|
+
- Full JS suite + hook suite + integration green.
|
|
73
|
+
- 5 hand-walked routing scenarios re-verified vs new table.
|
|
74
|
+
|
|
75
|
+
### Operator notes
|
|
76
|
+
|
|
77
|
+
Sync via `/claudemd-update` to pick up the new §2.1 table in `~/.claude/CLAUDE.md`. No behavior change required from operators — same triggers route to same terminal skills; the table is just more compact.
|
|
78
|
+
|
|
11
79
|
## [0.16.0] - 2026-05-11
|
|
12
80
|
|
|
13
81
|
**Minor — fix: `sandbox-disposal-check` no longer false-positive-flags `version-sync.sh` sentinel files; cuts 95% of 30d warn volume.**
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claudemd-cli",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.17.1",
|
|
4
4
|
"description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|