claudemd-cli 0.9.34 → 0.9.36
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +70 -0
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,76 @@ All notable changes to the `claudemd` plugin. This changelog tracks plugin artif
|
|
|
8
8
|
- **Canonical spec version source**: `spec/CLAUDE.md` top-line title (`# AI-CODING-SPEC vX.Y.Z — Core`) + `spec/CLAUDE-changelog.md` top `##` entry.
|
|
9
9
|
- **Plugin semver vs spec semver** are independent: plugin patch (0.2.0 → 0.2.1) may ship when spec is unchanged (this release); plugin minor (0.1.9 → 0.2.0) ships when spec minor updates (v0.2.0 shipped spec v6.10.0).
|
|
10
10
|
|
|
11
|
+
## [0.9.36] - 2026-05-11
|
|
12
|
+
|
|
13
|
+
**Patch — memory-read-check observation 维度扩 (`match_count` + `bypass_reason`).** Closes the §0.1 / §13.1 audit data gap from point 3 of 2026-05-11 dogfood. Pre-v0.9.36 the 30d sample showed `skip-memory-check` bypass at 4/9 = 44% rate — n=9 too small to act, but more importantly the row schema couldn't distinguish "rule too strict on N-file avalanche" from "rule unnecessary for this task." Two new fields in `extra`:
|
|
14
|
+
|
|
15
|
+
- `deny.extra.match_count` = total MATCHES from MEMORY.md scan (`MISSING.length` + already-Read subset). Distinguishes 8-file fan-out deny (avalanche signal — rule may be too broad) from 1-file deny (single tag match, rule working as designed). Audit consumer can bucket bypass rate by match_count to spot avalanche-driven bypass.
|
|
16
|
+
- `bypass-escape-hatch.extra.bypass_reason` = free-form reason text extracted from `[skip-memory-check: <reason>]` form. Operator citing "tag-FP" / "trivial-edit" / "already-read-in-prior-session" reasons fuels §0.1 demote decisions without manual transcript reading.
|
|
17
|
+
|
|
18
|
+
### Changed
|
|
19
|
+
|
|
20
|
+
- `[change]` **`hooks/memory-read-check.sh`** — escape-hatch parser switched from literal `grep -qF '[skip-memory-check]'` to bash regex `\[skip-memory-check[[:space:]]*(:[[:space:]]*([^]]*))?\]`, accepting both bare and reason forms. Tolerates whitespace around the colon. Trailing whitespace trimmed; non-`]` chars in reason captured literally.
|
|
21
|
+
- `[change]` **`hooks/memory-read-check.sh`** — deny row's `extra` extends from `{missing:[...]}` to `{missing:[...], match_count: N}`.
|
|
22
|
+
- `[change]` **`hooks/memory-read-check.sh`** — user-facing deny message option (b) updated to advertise `[skip-memory-check: <reason>]` form.
|
|
23
|
+
- `[doc]` **`docs/RULE-HITS-SCHEMA.md`** — `extra` field row documents the `memory-read-check`-specific shape for both `deny` and `bypass-escape-hatch` events.
|
|
24
|
+
|
|
25
|
+
### Tests
|
|
26
|
+
|
|
27
|
+
- `[add]` **`tests/hooks/memory-read-check.test.sh` Cases 24–27**: bypass with reason captured / bare bypass back-compat (no `bypass_reason` key) / deny carries `match_count=8` with 8-file avalanche fixture / colon-no-space tolerance.
|
|
28
|
+
- 27/27 memory-read-check cases pass; 19/19 hook + 391/391 JS tests green; `tests/run-all.sh` `OVERALL: all suites passed`.
|
|
29
|
+
|
|
30
|
+
### Compat
|
|
31
|
+
|
|
32
|
+
- Existing bare `[skip-memory-check]` form continues to work unchanged. Rows from pre-v0.9.36 deny events have no `match_count` in `extra` — audit consumer should treat absence as "unknown" (cannot retro-compute).
|
|
33
|
+
- No `rule_hits_append` schema change. New fields live entirely in `extra`, which has always been hook-defined payload.
|
|
34
|
+
|
|
35
|
+
### Plugin
|
|
36
|
+
|
|
37
|
+
- Plugin manifests bumped 0.9.35 → 0.9.36 (package.json + plugin.json + marketplace.json). Manifest description fields stay at `v6.11` family per `Versioning policy` (set in v0.2.1).
|
|
38
|
+
|
|
39
|
+
## [0.9.35] - 2026-05-11
|
|
40
|
+
|
|
41
|
+
**Patch — §11-EXT Tag-specificity static check in `claudemd-doctor`.** Closes the spec→tooling gap from v6.11.11: spec §11-EXT (SHOULD) said "generic single-word English tags substring-match incidental prose and produce high FP rates" but no enforcer existed; doctor now scans `~/.claude/projects/*/memory/MEMORY.md` for FP candidates.
|
|
42
|
+
|
|
43
|
+
### Why this exists
|
|
44
|
+
|
|
45
|
+
Two FP incidents in the §11 MEMORY.md read-the-file enforcement chain:
|
|
46
|
+
- v0.9.27 → v0.9.28: tag `cli` substring-matched `clippy` → ~80% FP rate. Hook side fixed via word-boundary tightening (v0.9.28), but tag-quality was never audited.
|
|
47
|
+
- 2026-05-11 (this session, mid-1B ship): tag `semantic` from `plugin_code_graph_mcp.md` matched `semantics` in a release-notes body (`fail-open semantics`) — required `[skip-memory-check]` bypass or a Read of the wrong memory file. Root cause: `plugin_code_graph_mcp.md`'s tag list `[callgraph, impact, refs, overview, semantic, ast-search, dead-code, deps]` violates §11-EXT (5 of 8 tags are generic single-word EN: `impact` / `refs` / `overview` / `semantic` / `deps`).
|
|
48
|
+
|
|
49
|
+
Static check catches this class **pre-deploy** instead of via runtime FP.
|
|
50
|
+
|
|
51
|
+
### Added
|
|
52
|
+
|
|
53
|
+
- `[add]` **`scripts/lib/memory-tags.js`** — exports `classifyTag(tag)` + `parseMemoryIndex(content)` + `scanMemoryTags({rootDir})`. Mirrors `hooks/memory-read-check.sh` parsing for both backtick and plain tag-block forms. Hand-curated narrow-allowlist (~30 entries, 3 sub-classes: short tech acronyms / hook trigger verbs / OS-runtime terms) + generic-EN wordlist (~45 entries from observed FPs + high-FP-risk domain words).
|
|
54
|
+
- `[change]` **`scripts/doctor.js`** — new `memory-tag-specificity` check after rule-usage section. Groups findings by `(memDir, file)`; shows up-to-3 sample entries inline, `+N more` overflow. Advisory only (spec §11-EXT is SHOULD, not MUST).
|
|
55
|
+
- `[doc]` **`commands/claudemd-doctor.md`** — description + body updated to mention the new check.
|
|
56
|
+
|
|
57
|
+
### Heuristic
|
|
58
|
+
|
|
59
|
+
A tag is flagged when:
|
|
60
|
+
- Single-word (no `-` / `_`) AND ASCII-alpha AND not in narrow-allowlist AND length ≤ 5 → `short-single-word`
|
|
61
|
+
- OR (same word-shape filters) AND case-insensitive match in generic wordlist → `generic-wordlist`
|
|
62
|
+
|
|
63
|
+
Both flags can fire on one tag (e.g. `refs` is 4 chars + in wordlist). Multi-word / CJK / narrow-allowlist tags pass unconditionally.
|
|
64
|
+
|
|
65
|
+
Tightened detector-FP cases:
|
|
66
|
+
- Hook trigger verbs (`release`, `push`, `ship`, `deploy`, `merge`, `commit`, `build`, `publish`) — tagging on these is the hook's design intent, not FP. Added to narrow-allowlist.
|
|
67
|
+
- OS / runtime narrow terms (`macos`, `linux`, `ubuntu`, `darwin`, `node`, `python`, `rust`, `go`) — topic-specific in claudemd-domain context.
|
|
68
|
+
|
|
69
|
+
### Tests
|
|
70
|
+
|
|
71
|
+
- `[add]` **`tests/scripts/memory-tags.test.js`** — 16 cases covering: multi-word pass / CJK pass / narrow-allowlist pass (3 sub-classes incl. trigger-verbs + OS-runtime) / short-single-word flag / wordlist hit / both-reasons combo / observed-FP allflag / spec-compliant tags from real MEMORY.md / both tag-block parsers / untagged-line skip / integration fixture scan / missing-root no-throw.
|
|
72
|
+
|
|
73
|
+
### Live scan result (this repo, 2026-05-11)
|
|
74
|
+
|
|
75
|
+
22 generic-tag candidate(s) across 4 entry(ies) in 8 MEMORY.md file(s). All findings are `plugin_code_graph_mcp.md` copies adopted into 4 separate project memory dirs (claudemd / code-graph-mcp / daagu / mem). Single upstream fix in code-graph-mcp's adoption template clears all 22 simultaneously. Issue/PR description for upstream prepared in-session.
|
|
76
|
+
|
|
77
|
+
### Plugin
|
|
78
|
+
|
|
79
|
+
- Plugin manifests bumped 0.9.34 → 0.9.35 (package.json + plugin.json + marketplace.json). Manifest description fields stay at `v6.11` family per `Versioning policy` (set in v0.2.1).
|
|
80
|
+
|
|
11
81
|
## [0.9.34] - 2026-05-11
|
|
12
82
|
|
|
13
83
|
**Patch — instrumentation bundle sub-patch 1B: tool_use_id column + audit `uniqueInvocations` dedup view + 5 remaining hooks plumbed for session_id.** Completes the schema half of the 1A/1B/1C bundle from 2026-05-11 dogfood audit. Post-cutover (this commit on), every rule-hits row carries enough identity to distinguish "one CC invocation logged twice" (registration / lib bug) from "Claude fast-retry after deny in same second" (not a bug).
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "claudemd-cli",
|
|
3
|
-
"version": "0.9.
|
|
3
|
+
"version": "0.9.36",
|
|
4
4
|
"description": "Standalone CLI for §10-V banned-vocab + transcript scanning. Companion to the claudemd Claude Code plugin (github.com/sdsrss/claudemd) for use in git pre-commit hooks, GitHub Actions, and other agents.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|