create-quiver 0.12.1 → 0.14.0

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-06-validation-gates-and-scope-safety/EXECUTION_BRIEF.md

@@ -0,0 +1,57 @@
+# EXECUTION BRIEF - slice-06: Validation gates and scope safety
+
+## Context
+
+Pixel Quiver showed that some validation gates passed while later execution failed, or skipped checks because of wrong branch assumptions. This slice turns validation into a reliable preflight.
+
+## Objective
+
+Harden validation gates and path/scope safety.
+
+## Scope
+
+- `check-slice`
+- `check-scope`
+- `check-handoff`
+- `spec validate`
+- path safety helpers
+- tests and docs evidence
+
+## Acceptance Criteria
+
+- Local slice validation catches local execution preconditions or clearly lists skipped checks.
+- Scope validation respects `--base` and `slice.git.base_branch`.
+- Handoff errors include templates or aliases.
+- `spec validate` validates full spec structure and evidence consistency.
+- Path traversal/out-of-root writes are rejected.
+
+## Technical Plan Summary
+
+Align validators with execution behavior, add strict/legacy modes where needed, and cover real dogfooding failures with tests.
+
+## Suggested Execution Steps
+
+1. Inspect validation and scope code.
+2. Add missing base/path/brief checks.
+3. Implement `spec validate` if not present.
+4. Add compatibility handling for legacy specs.
+5. Add regression tests.
+
+## Restrictions
+
+- Do not break legacy specs without documented strict mode.
+- Do not silently skip validation when base information is available.
+
+## Risks
+
+- End users may have older specs; use warnings or migration guidance when appropriate.
+
+## Completion Checklist
+
+- [ ] check-slice covered.
+- [ ] check-scope covered.
+- [ ] check-handoff covered.
+- [ ] spec validate covered.
+- [ ] path safety covered.
+- [ ] Validation commands passed.
+

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-06-validation-gates-and-scope-safety/slice.json

@@ -0,0 +1,99 @@
+{
+  "slice_id": "slice-06-validation-gates-and-scope-safety",
+  "ticket": "QUIVER-27-06",
+  "type": "implementation",
+  "title": "Validation gates and scope safety",
+  "objective": "Harden check-slice, check-scope, check-handoff, spec validate, and path safety so validation gates catch real execution failures.",
+  "description": "Aligns local slice validation with execution preconditions, fixes base branch resolution, improves handoff template errors and aliases, adds spec validate, and prevents path traversal/out-of-scope writes.",
+  "git": {
+    "branch_type": "feature",
+    "base_branch": "main",
+    "branch_slug": "v27-validation-gates-scope-safety",
+    "branch_name": "feature/QUIVER-27-06-v27-validation-gates-scope-safety"
+  },
+  "files": [
+    "src/create-quiver/lib/readiness.js",
+    "src/create-quiver/lib/scope.js",
+    "src/create-quiver/lib/handoff.js",
+    "src/create-quiver/lib/paths.js",
+    "src/create-quiver/lib/slice.js",
+    "src/create-quiver/lib/ai/executor.js",
+    "src/create-quiver/lib/init-layout.js",
+    "src/create-quiver/commands/spec.js",
+    "src/create-quiver/index.js",
+    "package.json",
+    "README.md",
+    "README_FOR_AI.md",
+    "docs/COMMANDS.md.template",
+    "tests/lib/**",
+    "tests/commands/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "expected_read_paths": [
+    "src/create-quiver/lib/readiness.js",
+    "src/create-quiver/lib/scope.js",
+    "src/create-quiver/lib/handoff.js",
+    "src/create-quiver/lib/paths.js",
+    "src/create-quiver/lib/slice.js",
+    "src/create-quiver/lib/init-layout.js",
+    "tests/lib/check-slice.test.js",
+    "tests/lib/scope.test.js",
+    "tests/lib/handoff.test.js"
+  ],
+  "allowed_write_paths": [
+    "src/create-quiver/lib/readiness.js",
+    "src/create-quiver/lib/scope.js",
+    "src/create-quiver/lib/handoff.js",
+    "src/create-quiver/lib/paths.js",
+    "src/create-quiver/lib/slice.js",
+    "src/create-quiver/lib/ai/executor.js",
+    "src/create-quiver/lib/init-layout.js",
+    "src/create-quiver/commands/spec.js",
+    "src/create-quiver/index.js",
+    "package.json",
+    "README.md",
+    "README_FOR_AI.md",
+    "docs/COMMANDS.md.template",
+    "tests/lib/**",
+    "tests/commands/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "depends_on": [
+    "slice-01-core-state-resolver-and-canonical-statuses",
+    "slice-05-worktree-lifecycle-locks-and-recovery"
+  ],
+  "parallel_safe": "no",
+  "parallel_safe_reason": "Validation gates depend on resolver and worktree lifecycle behavior.",
+  "must": [
+    "Align check-slice --local with start/execute preconditions or list skipped checks.",
+    "Make check-scope respect --base and slice git.base_branch before fallbacks.",
+    "Add or harden spec validate.",
+    "Improve check-handoff error templates and Spanish/English aliases.",
+    "Reject path traversal and writes outside project root.",
+    "Support legacy/strict validation modes where needed."
+  ],
+  "not_included": [
+    "Changing export schema.",
+    "Changing AI provider behavior.",
+    "Publishing npm."
+  ],
+  "acceptance": [
+    "check-slice --local catches required local metadata for execution or documents skipped checks.",
+    "check-scope does not hardcode develop when --base or slice base_branch is provided.",
+    "check-handoff prints minimal templates or accepted aliases when headings are missing.",
+    "spec validate checks spec docs, slices, JSON, briefs, evidence, and status consistency.",
+    "Paths outside the repo root are rejected."
+  ],
+  "tests": [
+    "node --test tests/lib/check-slice.test.js tests/lib/scope.test.js tests/lib/handoff.test.js tests/lib/paths.test.js tests/commands/cli-contract.test.js",
+    "git diff --check"
+  ],
+  "validation_hints": [
+    "Add tests for main, master, develop, --base, and missing remote.",
+    "Add path traversal and symlink cases."
+  ],
+  "estimated_hours": 6,
+  "status": "completed",
+  "completed_at": "2026-05-24",
+  "blocked_reason": null
+}

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-07-context-analysis-and-doctor-flow/CLOSURE_BRIEF.md

@@ -0,0 +1,31 @@
+# CLOSURE BRIEF - slice-07: Context analysis and doctor flow
+
+## Summary
+
+Hardened context analysis and diagnostics so `analyze`, `prepare-context`, `flow`, and `doctor` provide evidence-based guidance without unsafe dry-run writes or misleading examples.
+
+## Validation Against Acceptance Criteria
+
+- `analyze --dry-run` now builds the scan in memory, reports planned writes, and does not create `.quiver/`, `docs/PROJECT_MAP.md`, or `docs/AI_CONTEXT.md`.
+- React + Vite projects are detected as `react` with `vite` as an additional framework; `vite.config.*` no longer implies Vue.
+- `prepare-context` keeps detected package manager, stack, and scripts as facts while leaving unknown architecture boundaries as TODO/pending confirmation.
+- `flow` reports context source/freshness in human output and JSON facts.
+- `doctor` examples target an active slice when available, the single spec when unambiguous, or generic placeholders when multiple specs have no active slice.
+
+## Changes
+
+- Added scan status metadata in `src/create-quiver/lib/project-scan.js`.
+- Added true `analyze --dry-run` handling and React/Vite detection fixes in `src/create-quiver/index.js`.
+- Added `flow` context-source output.
+- Added doctor example target selection.
+- Added focused command and library tests for analyze, flow, doctor, project scan status, and prepare-context evidence behavior.
+- Updated v27 spec/status/evidence docs.
+
+## Remaining Risks
+
+- Analyzer heuristics remain intentionally conservative. More real-world fixtures should be added in slice-09 before release readiness.
+
+## Follow-up Recommendations
+
+- Continue with `slice-08-cross-platform-help-auth-and-dx`.
+- In slice-09, include tarball/package smoke coverage for `analyze --dry-run`, `flow`, and `doctor` examples.

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-07-context-analysis-and-doctor-flow/EXECUTION_BRIEF.md

@@ -0,0 +1,57 @@
+# EXECUTION BRIEF - slice-07: Context analysis and doctor flow
+
+## Context
+
+Pixel Quiver showed analyzer stack mistakes, `analyze --dry-run` writes, placeholder-heavy `prepare-context`, stale docs, and doctor examples pointing to the wrong spec. This slice hardens context commands and first-use guidance.
+
+## Objective
+
+Make context analysis and doctor/flow guidance evidence-based, read-only where promised, and accurate.
+
+## Scope
+
+- `analyze`
+- project scan
+- `ai prepare-context`
+- `flow`
+- `doctor`
+- fixtures and tests
+
+## Acceptance Criteria
+
+- `analyze --dry-run` writes nothing.
+- React + Vite detection is correct.
+- `prepare-context` is conservative and evidence-based.
+- `flow` reports source/staleness.
+- `doctor` does not suggest commands for the wrong spec.
+
+## Technical Plan Summary
+
+Improve scan heuristics, dry-run behavior, docs contradiction detection, active context selection, and test fixtures.
+
+## Suggested Execution Steps
+
+1. Inspect analyze/project-scan behavior.
+2. Add no-write dry-run guard and tests.
+3. Improve stack detection.
+4. Improve prepare-context contradiction output.
+5. Improve flow/doctor state source and example selection.
+6. Add fixtures and evidence.
+
+## Restrictions
+
+- Do not overwrite human-authored docs without snapshots/review.
+- Do not execute providers.
+
+## Risks
+
+- Analyzer heuristics can regress other stacks; add representative fixtures.
+
+## Completion Checklist
+
+- [ ] Dry-run no-write test added.
+- [ ] React/Vite fixture added.
+- [ ] prepare-context evidence behavior covered.
+- [ ] flow/doctor guidance covered.
+- [ ] Validation commands passed.
+

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-07-context-analysis-and-doctor-flow/slice.json

@@ -0,0 +1,88 @@
+{
+  "slice_id": "slice-07-context-analysis-and-doctor-flow",
+  "ticket": "QUIVER-27-07",
+  "type": "implementation",
+  "title": "Context analysis and doctor flow",
+  "objective": "Harden analyze, prepare-context, flow, and doctor so onboarding docs are evidence-based, dry-runs are read-only, and next steps are accurate.",
+  "description": "Fixes stack detection, read-only dry-run behavior, docs/status consistency checks, stale-state guidance, active spec/slice examples, root/package manager detection, and first-use diagnostics.",
+  "git": {
+    "branch_type": "feature",
+    "base_branch": "main",
+    "branch_slug": "v27-context-analysis-doctor-flow",
+    "branch_name": "feature/QUIVER-27-07-v27-context-analysis-doctor-flow"
+  },
+  "files": [
+    "src/create-quiver/lib/analyze.js",
+    "src/create-quiver/lib/project-scan.js",
+    "src/create-quiver/lib/doctor.js",
+    "src/create-quiver/lib/ai/onboarding-template.js",
+    "src/create-quiver/commands/flow.js",
+    "src/create-quiver/commands/prepare.js",
+    "tests/lib/**",
+    "tests/commands/**",
+    "tests/fixtures/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "expected_read_paths": [
+    "src/create-quiver/lib/analyze.js",
+    "src/create-quiver/lib/project-scan.js",
+    "src/create-quiver/lib/doctor.js",
+    "src/create-quiver/lib/ai/onboarding-template.js",
+    "src/create-quiver/commands/flow.js",
+    "tests/commands/analyze.test.js",
+    "tests/commands/ai-onboard.test.js",
+    "tests/commands/flow.test.js",
+    "tests/commands/doctor.test.js"
+  ],
+  "allowed_write_paths": [
+    "src/create-quiver/lib/analyze.js",
+    "src/create-quiver/lib/project-scan.js",
+    "src/create-quiver/lib/doctor.js",
+    "src/create-quiver/lib/ai/onboarding-template.js",
+    "src/create-quiver/commands/flow.js",
+    "src/create-quiver/commands/prepare.js",
+    "tests/lib/**",
+    "tests/commands/**",
+    "tests/fixtures/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "depends_on": [
+    "slice-01-core-state-resolver-and-canonical-statuses",
+    "slice-06-validation-gates-and-scope-safety"
+  ],
+  "parallel_safe": "no",
+  "parallel_safe_reason": "Context and doctor guidance depends on resolver and validation contract behavior.",
+  "must": [
+    "Make analyze --dry-run read-only.",
+    "Improve React/Vite and stack detection using package.json and config evidence.",
+    "Make prepare-context conservative and evidence-based.",
+    "Detect docs/status contradictions without overwriting human content.",
+    "Make flow show source/timestamp or stale-state information.",
+    "Make doctor prioritize active spec/slice examples where available."
+  ],
+  "not_included": [
+    "Changing spec create behavior.",
+    "Changing worktree lifecycle beyond guidance messages.",
+    "Executing AI providers."
+  ],
+  "acceptance": [
+    "analyze --dry-run leaves git status unchanged.",
+    "React + Vite projects are detected as React/Vite, not Vue.",
+    "prepare-context --dry-run does not propose placeholders as truth when evidence exists.",
+    "flow reports the state source or a stale/missing context explanation.",
+    "doctor examples prefer active spec/slice context or generic examples over the wrong spec."
+  ],
+  "tests": [
+    "node --test tests/commands/analyze.test.js tests/commands/ai-onboard.test.js tests/commands/flow.test.js tests/commands/doctor.test.js tests/lib/project-scan.test.js tests/lib/doctor.test.js",
+    "npm run smoke:doctor-fixtures",
+    "git diff --check"
+  ],
+  "validation_hints": [
+    "Snapshot git status before/after dry-run tests.",
+    "Use fixtures with stale docs and real completed slices."
+  ],
+  "estimated_hours": 6,
+  "status": "completed",
+  "completed_at": "2026-05-24",
+  "blocked_reason": null
+}

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-08-cross-platform-help-auth-and-dx/CLOSURE_BRIEF.md

@@ -0,0 +1,31 @@
+# CLOSURE BRIEF - slice-08: Cross-platform help, auth, and DX
+
+## Summary
+
+Hardened cross-platform DX around help output, agent profile previews, GitHub auth diagnostics, SSH/path guidance, and package-manager-aware next-step messaging.
+
+## Validation Against Acceptance Criteria
+
+- Help output now documents the `ai agent set --dry-run` flow and the general `--dry-run` option includes `ai agent set`.
+- Paths with spaces now trigger shell-specific guidance for macOS/Linux, Windows PowerShell, Git Bash, and WSL in GitHub PR/preflight output.
+- GitHub auth failures now identify likely account, scope, and SSH alias issues and point to `gh auth status` as the next safe command.
+- `ai agent set --dry-run` validates and previews the profile without writing `.quiver/agents/profiles.json`.
+- `flow` now reports the detected package manager and generated `quiver:flow` script command; init/migrate install fallback warnings respect npm, pnpm, yarn, or bun.
+
+## Changes
+
+- Added `buildAgentProfileState` and wired `ai agent set --dry-run` through `src/create-quiver/commands/ai.js`.
+- Updated CLI help, examples, and agent dispatch in `src/create-quiver/index.js`.
+- Added GitHub auth classification and shell-safe command/path formatting in `src/create-quiver/lib/ai/github.js`.
+- Added package-manager-aware flow output in `src/create-quiver/commands/flow.js`.
+- Updated command docs and v27 evidence/status docs.
+- Added focused tests for agent dry-run, help contract, GitHub diagnostics/path guidance, and flow package-manager output.
+
+## Remaining Risks
+
+- `gh auth status` output varies by GitHub CLI version; diagnostics intentionally combine parsed hints with general account/scope/alias guidance.
+- Shell-safe examples are generated for common shells, but unusual shell configurations may still require manual path adaptation.
+
+## Follow-up Recommendations
+
+- In `slice-09`, include smoke coverage for packaged CLI help, `flow`, `ai agent set --dry-run`, and GitHub diagnostic fixtures.

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-08-cross-platform-help-auth-and-dx/EXECUTION_BRIEF.md

@@ -0,0 +1,56 @@
+# EXECUTION BRIEF - slice-08: Cross-platform help, auth, and DX
+
+## Context
+
+Pixel Quiver exposed DX gaps around paths with spaces, GitHub auth, command copying, help coverage, and safe profile configuration. This slice focuses on user-facing clarity after core context behavior is hardened.
+
+## Objective
+
+Improve cross-platform help, auth diagnostics, and actionable command guidance.
+
+## Scope
+
+- CLI help
+- doctor/preflight messages
+- GitHub auth diagnostics
+- agent profile dry-run
+- package manager-aware suggestions
+- docs and tests
+
+## Acceptance Criteria
+
+- Help output covers public commands and key options.
+- Path guidance is copy-safe across OS variants.
+- GitHub auth diagnostics are actionable.
+- Agent profile dry-run does not write files.
+- Suggested commands respect detected package manager.
+
+## Technical Plan Summary
+
+Update help registry/messages, add auth diagnostics and dry-run preview, and cover OS/package-manager examples with tests.
+
+## Suggested Execution Steps
+
+1. Inspect help and diagnostics surfaces.
+2. Add/adjust `ai agent set --dry-run`.
+3. Improve GitHub auth and SSH alias messages.
+4. Add path/package-manager guidance.
+5. Update docs and tests.
+
+## Restrictions
+
+- Do not install credentials or mutate user auth.
+- Do not require network in tests.
+
+## Risks
+
+- Help output can drift; keep tests tied to command registry.
+
+## Completion Checklist
+
+- [ ] Help tests updated.
+- [ ] Auth diagnostics tested.
+- [ ] Agent dry-run tested.
+- [ ] Cross-platform path guidance tested.
+- [ ] Validation commands passed.
+

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-08-cross-platform-help-auth-and-dx/slice.json

@@ -0,0 +1,85 @@
+{
+  "slice_id": "slice-08-cross-platform-help-auth-and-dx",
+  "ticket": "QUIVER-27-08",
+  "type": "implementation",
+  "title": "Cross-platform help, auth, and DX",
+  "objective": "Improve cross-platform command guidance, GitHub auth diagnostics, help output, agent profile dry-runs, and next safe command messaging.",
+  "description": "Hardens copy-safe command output for macOS/Linux/Windows, paths with spaces, GitHub/SSH auth diagnostics, top-level help coverage, agent profile dry-runs, and actionable error messages.",
+  "git": {
+    "branch_type": "feature",
+    "base_branch": "main",
+    "branch_slug": "v27-cross-platform-help-auth-dx",
+    "branch_name": "feature/QUIVER-27-08-cross-platform-help-auth-dx"
+  },
+  "files": [
+    "src/create-quiver/index.js",
+    "src/create-quiver/lib/actionable-error.js",
+    "src/create-quiver/lib/ai/github.js",
+    "src/create-quiver/lib/ai/preflight.js",
+    "src/create-quiver/lib/agent-profiles.js",
+    "src/create-quiver/lib/doctor.js",
+    "docs/**",
+    "tests/lib/**",
+    "tests/commands/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "expected_read_paths": [
+    "src/create-quiver/index.js",
+    "src/create-quiver/lib/ai/github.js",
+    "src/create-quiver/lib/ai/preflight.js",
+    "src/create-quiver/lib/agent-profiles.js",
+    "tests/commands/cli-contract.test.js",
+    "tests/commands/ai-agent.test.js",
+    "tests/lib/ai-github.test.js"
+  ],
+  "allowed_write_paths": [
+    "src/create-quiver/index.js",
+    "src/create-quiver/lib/actionable-error.js",
+    "src/create-quiver/lib/ai/github.js",
+    "src/create-quiver/lib/ai/preflight.js",
+    "src/create-quiver/lib/agent-profiles.js",
+    "src/create-quiver/lib/doctor.js",
+    "docs/**",
+    "tests/lib/**",
+    "tests/commands/**",
+    "specs/quiver-v27-reliability-ai-workflow-hardening/**"
+  ],
+  "depends_on": [
+    "slice-07-context-analysis-and-doctor-flow"
+  ],
+  "parallel_safe": "no",
+  "parallel_safe_reason": "DX/help output should reference the final hardened context and doctor behavior.",
+  "must": [
+    "Provide copy-safe path guidance for spaces and OS variants.",
+    "Improve GitHub auth diagnostics and SSH alias guidance.",
+    "Keep --help complete and grouped.",
+    "Add ai agent set --dry-run or equivalent safe preview.",
+    "Improve next safe command messages.",
+    "Respect package manager detection in suggested commands."
+  ],
+  "not_included": [
+    "Installing gh or SSH keys automatically.",
+    "Executing provider APIs.",
+    "Publishing npm."
+  ],
+  "acceptance": [
+    "Help output includes new/changed commands and key options.",
+    "Paths with spaces produce copy-safe guidance for macOS, Linux, PowerShell, Git Bash, and WSL.",
+    "GitHub auth errors identify likely account/scope/alias issues and next safe commands.",
+    "ai agent set dry-run previews file changes without writing.",
+    "Package manager suggestions respect detected npm/pnpm/yarn/bun."
+  ],
+  "tests": [
+    "node --test tests/commands/cli-contract.test.js tests/commands/ai-agent.test.js tests/lib/ai-github.test.js tests/lib/doctor.test.js",
+    "npm run smoke:doctor-fixtures",
+    "git diff --check"
+  ],
+  "validation_hints": [
+    "Use fixtures for paths with spaces and missing/ambiguous gh auth.",
+    "Do not require real GitHub credentials in tests."
+  ],
+  "estimated_hours": 4,
+  "status": "completed",
+  "completed_at": "2026-05-24",
+  "blocked_reason": null
+}

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-09-fixtures-smoke-docs-and-release-readiness/CLOSURE_BRIEF.md

@@ -0,0 +1,32 @@
+# CLOSURE BRIEF - slice-09: Fixtures, smoke, docs, and release readiness
+
+## Summary
+
+Validated the full v27 hardening package from source and packaged CLI behavior. Added final fixture coverage, stale/legacy doctor regressions, packaged CLI smokes, and synchronized source-of-truth docs with the implemented-but-unpublished state.
+
+## Validation Against Acceptance Criteria
+
+- All v27 QP/QIS items are covered by completed slices or final fixture validation evidence.
+- Sanitized fixtures now cover Pixel Quiver-style completed specs, paths with spaces, no-Git projects, old `.quiver` state, multiple specs, and stale docs.
+- `node --test tests/**/*.test.js` passed with 356 tests.
+- `npm run smoke:create-quiver`, `npm run smoke:guided-workflow`, `npm run smoke:doctor-fixtures`, and `npm run package:quiver` passed.
+- Package/tarball smoke validates installed CLI behavior for help, `flow`, and `ai agent set --dry-run`, not only source files.
+- `README.md`, `README_FOR_AI.md`, `ROADMAP.md`, and `CHANGELOG.md` are synchronized with v27 implemented but not published.
+
+## Changes
+
+- Extended `tests/fixtures/validation-errors/matrix.json` with executable coverage references for final dogfooding states.
+- Hardened `scripts/ci/smoke-doctor-fixtures.js` to require traceable fixture coverage files.
+- Added doctor tests for stale generated docs and old incomplete `.quiver` state.
+- Extended `scripts/ci/smoke-create-quiver.sh` to validate source and packaged CLI first-use guidance.
+- Updated v27 status, roadmap, PR body, evidence, closure, and root docs.
+
+## Remaining Risks
+
+- npm publication is intentionally outside this slice and must happen only through the normal release process.
+- The final Pixel Quiver project remains external evidence; committed fixtures stay sanitized and do not copy private project content.
+
+## Follow-up Recommendations
+
+- Open the v27 PR with the completed evidence pack.
+- After merge, run the normal release flow and publish the next package version if approved.

package/specs/quiver-v27-reliability-ai-workflow-hardening/slices/slice-09-fixtures-smoke-docs-and-release-readiness/EXECUTION_BRIEF.md

@@ -0,0 +1,56 @@
+# EXECUTION BRIEF - slice-09: Fixtures, smoke, docs, and release readiness
+
+## Context
+
+After all v27 implementation slices, Quiver needs full regression evidence from source and packaged CLI behavior. This slice closes the spec without publishing npm.
+
+## Objective
+
+Validate v27 end to end with sanitized fixtures, tests, smokes, tarball/package smoke, docs sync, and release readiness evidence.
+
+## Scope
+
+- Regression fixtures
+- Smoke scripts and evidence
+- README/README_FOR_AI/ROADMAP/CHANGELOG
+- v27 status/evidence/closure
+
+## Acceptance Criteria
+
+- Every QP/QIS is fixed, validated, or documented as remaining risk.
+- Sanitized fixtures cover real production cases.
+- Full tests and smokes pass.
+- Package/tarball smoke validates installed behavior.
+- Docs reflect implemented behavior only.
+
+## Technical Plan Summary
+
+Add fixtures, run full validation, smoke the packaged CLI from outside the repo, update docs and evidence, and mark the spec release-ready without publishing.
+
+## Suggested Execution Steps
+
+1. Add sanitized fixtures from dogfooding cases.
+2. Run full test and smoke suite.
+3. Package and smoke the tarball outside the repo.
+4. Update README, README_FOR_AI, ROADMAP, CHANGELOG, STATUS, and EVIDENCE_REPORT.
+5. Record remaining risks.
+
+## Restrictions
+
+- Do not publish npm.
+- Do not commit private local paths or credentials.
+- Do not claim release until package smoke passes.
+
+## Risks
+
+- Tarball smoke may reveal package-only issues; fix or document before closure.
+
+## Completion Checklist
+
+- [ ] Fixtures sanitized.
+- [ ] Full tests passed.
+- [ ] Smokes passed.
+- [ ] Tarball smoke passed.
+- [ ] Docs synced.
+- [ ] Spec evidence completed.
+