claudemd-cli 0.9.33 → 0.9.35
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +88 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,94 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
|
|
|
8
8
|
- **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
|
|
9
9
|
- **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
|
|
10
10
|
|
|
11
|
+
## [0.9.35] - 2026-05-11
|
|
12
|
+
|
|
13
|
+
**Patch — §11-EXT Tag-specificity static check in `claudemd-doctor`.** Closes the spec→tooling gap from v6.11.11: spec §11-EXT (SHOULD) said "generic single-word English tags substring-match incidental prose and produce high FP rates" but no enforcer existed; doctor now scans `~/.claude/projects/*/memory/MEMORY.md` for FP candidates.
|
|
14
|
+
|
|
15
|
+
### Why this exists
|
|
16
|
+
|
|
17
|
+
Two FP incidents in the §11 MEMORY.md read-the-file enforcement chain:
|
|
18
|
+
- v0.9.27 → v0.9.28: tag `cli` substring-matched `clippy` → ~80% FP rate. Hook side fixed via word-boundary tightening (v0.9.28), but tag-quality was never audited.
|
|
19
|
+
- 2026-05-11 (this session, mid-1B ship): tag `semantic` from `plugin_code_graph_mcp.md` matched `semantics` in a release-notes body (`fail-open semantics`) — required `[skip-memory-check]` bypass or a Read of the wrong memory file. Root cause: `plugin_code_graph_mcp.md`'s tag list `[callgraph, impact, refs, overview, semantic, ast-search, dead-code, deps]` violates §11-EXT (5 of 8 tags are generic single-word EN: `impact` / `refs` / `overview` / `semantic` / `deps`).
|
|
20
|
+
|
|
21
|
+
Static check catches this class **pre-deploy** instead of via runtime FP.
|
|
22
|
+
|
|
23
|
+
### Added
|
|
24
|
+
|
|
25
|
+
- `[add]` **`scripts/lib/memory-tags.js`** — exports `classifyTag(tag)` + `parseMemoryIndex(content)` + `scanMemoryTags({rootDir})`. Mirrors `hooks/memory-read-check.sh` parsing for both backtick and plain tag-block forms. Hand-curated narrow-allowlist (~30 entries, 3 sub-classes: short tech acronyms / hook trigger verbs / OS-runtime terms) + generic-EN wordlist (~45 entries from observed FPs + high-FP-risk domain words).
|
|
26
|
+
- `[change]` **`scripts/doctor.js`** — new `memory-tag-specificity` check after rule-usage section. Groups findings by `(memDir, file)`; shows up-to-3 sample entries inline, `+N more` overflow. Advisory only (spec §11-EXT is SHOULD, not MUST).
|
|
27
|
+
- `[doc]` **`commands/claudemd-doctor.md`** — description + body updated to mention the new check.
|
|
28
|
+
|
|
29
|
+
### Heuristic
|
|
30
|
+
|
|
31
|
+
A tag is flagged when:
|
|
32
|
+
- Single-word (no `-` / `_`) AND ASCII-alpha AND not in narrow-allowlist AND length ≤ 5 → `short-single-word`
|
|
33
|
+
- OR (same word-shape filters) AND case-insensitive match in generic wordlist → `generic-wordlist`
|
|
34
|
+
|
|
35
|
+
Both flags can fire on one tag (e.g. `refs` is 4 chars + in wordlist). Multi-word / CJK / narrow-allowlist tags pass unconditionally.
|
|
36
|
+
|
|
37
|
+
Tightened detector-FP cases:
|
|
38
|
+
- Hook trigger verbs (`release`, `push`, `ship`, `deploy`, `merge`, `commit`, `build`, `publish`) — tagging on these is the hook's design intent, not FP. Added to narrow-allowlist.
|
|
39
|
+
- OS / runtime narrow terms (`macos`, `linux`, `ubuntu`, `darwin`, `node`, `python`, `rust`, `go`) — topic-specific in claudemd-domain context.
|
|
40
|
+
|
|
41
|
+
### Tests
|
|
42
|
+
|
|
43
|
+
- `[add]` **`tests/scripts/memory-tags.test.js`** — 16 cases covering: multi-word pass / CJK pass / narrow-allowlist pass (3 sub-classes incl. trigger-verbs + OS-runtime) / short-single-word flag / wordlist hit / both-reasons combo / observed-FP allflag / spec-compliant tags from real MEMORY.md / both tag-block parsers / untagged-line skip / integration fixture scan / missing-root no-throw.
|
|
44
|
+
|
|
45
|
+
### Live scan result (this repo, 2026-05-11)
|
|
46
|
+
|
|
47
|
+
22 generic-tag candidate(s) across 4 entry(ies) in 8 MEMORY.md file(s). All findings are `plugin_code_graph_mcp.md` copies adopted into 4 separate project memory dirs (claudemd / code-graph-mcp / daagu / mem). Single upstream fix in code-graph-mcp's adoption template clears all 22 simultaneously. Issue/PR description for upstream prepared in-session.
|
|
48
|
+
|
|
49
|
+
### Plugin
|
|
50
|
+
|
|
51
|
+
- Plugin manifests bumped 0.9.34 → 0.9.35 (package.json + plugin.json + marketplace.json). Manifest description fields stay at `v6.11` family per `Versioning policy` (set in v0.2.1).
|
|
52
|
+
|
|
53
|
+
## [0.9.34] - 2026-05-11
|
|
54
|
+
|
|
55
|
+
**Patch — instrumentation bundle sub-patch 1B: tool_use_id column + audit `uniqueInvocations` dedup view + 5 remaining hooks plumbed for session_id.** Completes the schema half of the 1A/1B/1C bundle from 2026-05-11 dogfood audit. Post-cutover (this commit on), every rule-hits row carries enough identity to distinguish "one CC invocation logged twice" (registration / lib bug) from "Claude fast-retry after deny in same second" (not a bug).
|
|
56
|
+
|
|
57
|
+
### Schema
|
|
58
|
+
|
|
59
|
+
- `[add]` **`rule_hits_append` accepts 6th positional arg `tool_use_id`** (`hooks/lib/rule-hits.sh`). Empty/omitted → JSONL row carries `tool_use_id: null`. Only PreToolUse / PostToolUse hooks populate it; Stop / SessionStart / SessionEnd / UserPromptSubmit leave it null (no per-tool context).
|
|
60
|
+
- `[doc]` **`docs/RULE-HITS-SCHEMA.md`** — `tool_use_id` field added; `session_id` field row updated to note all 12 emitter hooks now populate it (1A note revised).
|
|
61
|
+
|
|
62
|
+
### Hook plumbing — round 2 (12 of 12 emitter hooks)
|
|
63
|
+
|
|
64
|
+
PreToolUse / PostToolUse hooks add `TOOL_USE_ID` extraction + thread it into all `hook_record` callsites:
|
|
65
|
+
- `[change]` **`hooks/banned-vocab-check.sh`** (2 callsites)
|
|
66
|
+
- `[change]` **`hooks/ship-baseline-check.sh`** (3 callsites)
|
|
67
|
+
- `[change]` **`hooks/pre-bash-safety-check.sh`** (4 callsites)
|
|
68
|
+
- `[change]` **`hooks/memory-read-check.sh`** (2 callsites)
|
|
69
|
+
- `[change]` **`hooks/transcript-vocab-scan.sh`** (1 callsite)
|
|
70
|
+
|
|
71
|
+
The 5 hooks not plumbed in 1A get `SESSION_ID` added (tool_use_id stays null — these are non-tool events):
|
|
72
|
+
- `[change]` **`hooks/sandbox-disposal-check.sh`** (Stop) — best-effort `cat` from stdin + jq extract, fail-open on any error (Stop cannot block).
|
|
73
|
+
- `[change]` **`hooks/residue-audit.sh`** (Stop) — same pattern.
|
|
74
|
+
- `[change]` **`hooks/mem-audit.sh`** (Stop) — same pattern.
|
|
75
|
+
- `[change]` **`hooks/session-start-check.sh`** (SessionStart) — env-var (`CLAUDE_SESSION_ID`) preferred, stdin fallback; threaded into both `hook_record` callsites (`bootstrap` + `upstream-banner`).
|
|
76
|
+
- `[change]` **`hooks/version-sync.sh`** (UserPromptSubmit) — uses existing `CLAUDE_SESSION_ID` env var (hook backgrounds itself, can't reliably re-read stdin).
|
|
77
|
+
|
|
78
|
+
### Audit consumer
|
|
79
|
+
|
|
80
|
+
- `[add]` **`scripts/lib/rule-hits-parse.js` `uniqueInvocations()`** — per-hook dedup view. Key: `(ts, hook, session_id, tool_use_id)`. Output: `{rows, unique_invocations, duplicate_rows, legacy_rows}` per hook. `legacy_rows` counts pre-v0.9.33 rows (both session_id + tool_use_id null) so the operator can discount them — historical dedup over-collapses across sessions.
|
|
81
|
+
- `[change]` **`scripts/audit.js`** emits new top-level `uniqueInvocations` field (next to `byTrend`).
|
|
82
|
+
- `[change]` **`commands/claudemd-audit.md`** — renderer hint updated: surface `uniqueInvocations.<hook>.duplicate_rows > 0` for PreToolUse/PostToolUse hooks as candidate bug; treat `bySection['(unset)']` as historical pre-v0.7.0 data and exclude from heatmap leader unless window pre-dates 2026-05-09.
|
|
83
|
+
|
|
84
|
+
### Tests
|
|
85
|
+
|
|
86
|
+
- `[add]` **`tests/hooks/rule-hits.test.sh` Cases 16–18** — Case 16: 6th arg lands as `tool_use_id`; Case 17 / 17b: omitted + empty normalize to null; Case 18: full-shape PreToolUse row (session_id + tool_use_id + spec_section + extra) byte-exact assertion.
|
|
87
|
+
- `[add]` **`tests/scripts/audit.test.js` `uniqueInvocations` case** — dedup-by-quadruple + legacy_rows counter + null tool_use_id passthrough for non-tool hooks.
|
|
88
|
+
- 19/19 hook tests + 361/361 JS tests pass; `tests/run-all.sh` `OVERALL: all suites passed`.
|
|
89
|
+
|
|
90
|
+
### Out of scope (sub-patch 1C)
|
|
91
|
+
|
|
92
|
+
- `session_extended_read` boolean per row (point 4 from 2026-05-11 audit) — separate sub-patch.
|
|
93
|
+
- 7 days post-cutover data accumulation before `uniqueInvocations` will produce non-trivial dedup signal. Code path verified by unit test fixture in this release.
|
|
94
|
+
|
|
95
|
+
### Plugin
|
|
96
|
+
|
|
97
|
+
- Plugin manifests bumped 0.9.33 → 0.9.34 (package.json + plugin.json + marketplace.json). Manifest description fields stay at `v6.11` family per `Versioning policy` (set in v0.2.1).
|
|
98
|
+
|
|
11
99
|
## [0.9.33] - 2026-05-11
|
|
12
100
|
|
|
13
101
|
**Patch — rule-hits.jsonl schema additive: new `session_id` column.** Sub-patch 1A of the instrumentation bundle (points 2 + 4 from in-session dogfood audit on 2026-05-11). Disambiguates hook double-fire vs fast-retry in audit data — currently `banned-vocab/deny` shows ~50% byte-identical pair rows at the same timestamp, and existing schema cannot tell whether two rows came from one CC invocation (registration / lib bug) or two retries within the same second. Fully back-compat: pre-v0.9.33 rows have `session_id: null`; new callsites populate it from stdin EVENT JSON `.session_id`.
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claudemd-cli",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.35",
|
|
4
4
|
"description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|