create-quiver 0.15.4 → 0.16.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/pull_request_template.md +17 -0
- package/.github/workflows/ci.yml +76 -0
- package/.markdown-link-check.json +15 -0
- package/.markdownlint.json +11 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/approvals.json +5 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/decisions.md +2 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/requirement.md +0 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/docs/INDEX.md +97 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/manifest.json +61 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/state.json +28 -0
- package/ACTIVE_SLICES.md +43 -0
- package/ARCHITECTURE.md +133 -0
- package/CHANGELOG.md +12 -0
- package/CONTRIBUTING.md +174 -9
- package/README.md +10 -1
- package/ROADMAP.md +4 -0
- package/SECURITY.md +9 -2
- package/auditoria-ux-ui-performance-documentacion.md +705 -0
- package/copys-landing-page.md +244 -0
- package/docs/AI_CONTEXT.md.es.template +3 -1
- package/docs/AI_CONTEXT.md.template +3 -1
- package/docs/CLI_UX_GUIDE.md +9 -1
- package/docs/COMMANDS.md.template +20 -6
- package/docs/GITFLOW_PR_GUIDE.md +73 -11
- package/docs/GITFLOW_PR_GUIDE.md.es.template +61 -2
- package/docs/GITFLOW_PR_GUIDE.md.template +72 -10
- package/docs/INDEX.md +1 -0
- package/docs/QUICK.md.template +2 -1
- package/docs/STANDARD.md.template +2 -1
- package/docs/WORKFLOW.md.es.template +3 -1
- package/docs/WORKFLOW.md.template +6 -4
- package/docs/ai/ACTIVE_SLICE.md +61 -0
- package/docs/getting-started/installation.md +7 -0
- package/docs/reference/commands.md +104 -6
- package/docs/reference/slice-schema.md +37 -0
- package/docs/schema/slice.schema.json +221 -0
- package/docs/specs/01-spec/01-slice/01-slice.json +36 -0
- package/docs/specs/01-spec/01-slice/01-slice.md +106 -0
- package/docs/specs/01-spec/01-slice/CLOSURE_BRIEF.md +80 -0
- package/docs/specs/01-spec/01-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/02-slice/02-slice.json +36 -0
- package/docs/specs/01-spec/02-slice/02-slice.md +108 -0
- package/docs/specs/01-spec/02-slice/CLOSURE_BRIEF.md +88 -0
- package/docs/specs/01-spec/02-slice/EXECUTION_BRIEF.md +40 -0
- package/docs/specs/01-spec/03-slice/03-slice.json +36 -0
- package/docs/specs/01-spec/03-slice/03-slice.md +103 -0
- package/docs/specs/01-spec/03-slice/CLOSURE_BRIEF.md +54 -0
- package/docs/specs/01-spec/03-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/04-slice/04-slice.json +36 -0
- package/docs/specs/01-spec/04-slice/04-slice.md +107 -0
- package/docs/specs/01-spec/04-slice/CLOSURE_BRIEF.md +46 -0
- package/docs/specs/01-spec/04-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/05-slice/05-slice.json +36 -0
- package/docs/specs/01-spec/05-slice/05-slice.md +106 -0
- package/docs/specs/01-spec/05-slice/CLOSURE_BRIEF.md +84 -0
- package/docs/specs/01-spec/05-slice/EXECUTION_BRIEF.md +109 -0
- package/docs/specs/01-spec/06-slice/06-slice.json +36 -0
- package/docs/specs/01-spec/06-slice/06-slice.md +107 -0
- package/docs/specs/01-spec/06-slice/CLOSURE_BRIEF.md +67 -0
- package/docs/specs/01-spec/06-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/07-slice/07-slice.json +36 -0
- package/docs/specs/01-spec/07-slice/07-slice.md +105 -0
- package/docs/specs/01-spec/07-slice/CLOSURE_BRIEF.md +71 -0
- package/docs/specs/01-spec/07-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/08-slice/08-slice.json +36 -0
- package/docs/specs/01-spec/08-slice/08-slice.md +105 -0
- package/docs/specs/01-spec/08-slice/CLOSURE_BRIEF.md +114 -0
- package/docs/specs/01-spec/08-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/CLOSURE_BRIEF.md +87 -0
- package/docs/specs/01-spec/spec.md +197 -0
- package/docs/workflows/full-ai-spec-to-pr.md +46 -3
- package/i18n/es/docs/GITFLOW_PR_GUIDE.md.template +38 -1
- package/package.json +27 -1
- package/pr.md +154 -0
- package/scripts/package-quiver.sh +82 -2
- package/scripts/release-quiver.sh +14 -3
- package/specs/[project-name]/slices/pr.md.template +19 -0
- package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +91 -0
- package/specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md +151 -0
- package/specs/quiver-v50-audit-trust-foundation/EXECUTION_PLAN.md +34 -0
- package/specs/quiver-v50-audit-trust-foundation/SPEC.md +113 -0
- package/specs/quiver-v50-audit-trust-foundation/STATUS.md +26 -0
- package/specs/quiver-v50-audit-trust-foundation/pr.md +120 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/slice.json +57 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/CLOSURE_BRIEF.md +24 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/EXECUTION_BRIEF.md +67 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/slice.json +71 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/CLOSURE_BRIEF.md +24 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/EXECUTION_BRIEF.md +71 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/slice.json +81 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/EXECUTION_BRIEF.md +57 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/slice.json +56 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/CLOSURE_BRIEF.md +23 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/EXECUTION_BRIEF.md +68 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/slice.json +84 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/EXECUTION_BRIEF.md +73 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/slice.json +72 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/EXECUTION_BRIEF.md +66 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/slice.json +74 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/CLOSURE_BRIEF.md +29 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/EXECUTION_BRIEF.md +74 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/slice.json +81 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/EVIDENCE_REPORT.md +145 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/EXECUTION_PLAN.md +32 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/SPEC.md +109 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/STATUS.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/pr.md +69 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/slice.json +56 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/EXECUTION_BRIEF.md +61 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/slice.json +68 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/EXECUTION_BRIEF.md +65 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/pr.md +134 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/slice.json +80 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/CLOSURE_BRIEF.md +31 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/EXECUTION_BRIEF.md +80 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/pr.md +159 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/slice.json +102 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/EXECUTION_BRIEF.md +74 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/pr.md +147 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/slice.json +91 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/CLOSURE_BRIEF.md +28 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/EXECUTION_BRIEF.md +73 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/pr.md +146 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/slice.json +100 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/CLOSURE_BRIEF.md +36 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/EXECUTION_BRIEF.md +76 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/pr.md +155 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/slice.json +111 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/EVIDENCE_REPORT.md +95 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/EXECUTION_PLAN.md +31 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/SPEC.md +107 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/STATUS.md +22 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/pr.md +69 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/EXECUTION_BRIEF.md +60 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/slice.json +62 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/CLOSURE_BRIEF.md +34 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/EXECUTION_BRIEF.md +71 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/pr.md +146 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/slice.json +106 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/CLOSURE_BRIEF.md +33 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/EXECUTION_BRIEF.md +67 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/pr.md +144 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/slice.json +86 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/CLOSURE_BRIEF.md +38 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/EXECUTION_BRIEF.md +75 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/pr.md +159 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/slice.json +105 -0
- package/src/create-quiver/commands/changelog.js +93 -0
- package/src/create-quiver/commands/config.js +16 -5
- package/src/create-quiver/commands/evidence.js +33 -2
- package/src/create-quiver/commands/flow.js +1 -0
- package/src/create-quiver/commands/graph.js +8 -2
- package/src/create-quiver/commands/plan.js +6 -0
- package/src/create-quiver/commands/spec.js +28 -13
- package/src/create-quiver/index.js +294 -94
- package/src/create-quiver/lib/ai/github.js +5 -2
- package/src/create-quiver/lib/ai/spec-templates.js +19 -0
- package/src/create-quiver/lib/cli/command-registry.js +71 -0
- package/src/create-quiver/lib/cli/parser.js +14 -0
- package/src/create-quiver/lib/evidence.js +161 -6
- package/src/create-quiver/lib/git.js +99 -0
- package/src/create-quiver/lib/i18n/messages/en.js +52 -7
- package/src/create-quiver/lib/i18n/messages/es.js +54 -9
- package/src/create-quiver/lib/init-docs.js +1 -1
- package/src/create-quiver/lib/init-layout.js +9 -8
- package/src/create-quiver/lib/lifecycle.js +24 -26
- package/src/create-quiver/lib/readiness.js +67 -56
- package/src/create-quiver/lib/spec-worktrees.js +16 -34
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-00 audit baseline and already-resolved findings
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Classified the v50 audit-derived trust findings against current repository behavior and mapped each implemented, partial, or missing state to the correct later slice. Runtime code was not changed.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `git diff --check`
|
|
10
|
+
- [x] `node bin/create-quiver.js spec validate specs/quiver-v50-audit-trust-foundation`
|
|
11
|
+
|
|
12
|
+
## Closure Conditions
|
|
13
|
+
|
|
14
|
+
- [x] Finding classification completed.
|
|
15
|
+
- [x] Implemented findings mapped to evidence/test/docs only.
|
|
16
|
+
- [x] Runtime code unchanged.
|
|
17
|
+
|
|
18
|
+
## Open Items
|
|
19
|
+
|
|
20
|
+
- None.
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-00 audit baseline and already-resolved findings
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
The audit file includes findings that are already implemented in the current branch. This slice prevents duplicate work by freezing the real baseline.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Classify audit findings against current repository behavior before implementation.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- v50 finding classification.
|
|
14
|
+
- Existing command/help/JSON/package/CI baseline.
|
|
15
|
+
- Planning artifacts only.
|
|
16
|
+
|
|
17
|
+
## Acceptance Criteria
|
|
18
|
+
|
|
19
|
+
- A `Finding | Current state | Action` table exists.
|
|
20
|
+
- Findings are marked `implemented`, `partial`, `missing`, or `not applicable`.
|
|
21
|
+
- Implemented findings are limited to evidence/test/docs follow-up.
|
|
22
|
+
- Runtime code is not modified.
|
|
23
|
+
|
|
24
|
+
## Expected Files To Modify
|
|
25
|
+
|
|
26
|
+
- `specs/quiver-v50-audit-trust-foundation/SPEC.md`
|
|
27
|
+
- `specs/quiver-v50-audit-trust-foundation/STATUS.md`
|
|
28
|
+
- `specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md`
|
|
29
|
+
|
|
30
|
+
## Validations Required
|
|
31
|
+
|
|
32
|
+
- `git diff --check`
|
|
33
|
+
- `node bin/create-quiver.js spec validate specs/quiver-v50-audit-trust-foundation`
|
|
34
|
+
|
|
35
|
+
## Risks
|
|
36
|
+
|
|
37
|
+
- Reimplementing behavior already present.
|
|
38
|
+
- Trusting audit assumptions without checking current code.
|
|
39
|
+
|
|
40
|
+
## Dependencies
|
|
41
|
+
|
|
42
|
+
- None.
|
|
43
|
+
|
|
44
|
+
## Instructions For Executor
|
|
45
|
+
|
|
46
|
+
1. Inspect current code/tests/help before editing the spec artifacts.
|
|
47
|
+
2. Record evidence for every implemented or partial finding.
|
|
48
|
+
3. Do not change runtime code.
|
|
49
|
+
|
|
50
|
+
## Completion Checklist
|
|
51
|
+
|
|
52
|
+
- [ ] Acceptance criteria satisfied.
|
|
53
|
+
- [ ] Required validations run or blockers documented.
|
|
54
|
+
- [ ] Closure brief updated.
|
|
55
|
+
|
|
56
|
+
## Conditions Of Closure
|
|
57
|
+
|
|
58
|
+
- Later v50 slices have an accurate baseline and no duplicated work.
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-00-audit-baseline-and-resolved-findings",
|
|
3
|
+
"ticket": "QUIVER-50-00",
|
|
4
|
+
"type": "documentation",
|
|
5
|
+
"title": "Audit baseline and already-resolved findings",
|
|
6
|
+
"objective": "Classify audit findings against current repository behavior before implementation.",
|
|
7
|
+
"description": "Creates the v50 baseline so executors do not reimplement behavior already present in the current branch.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v50-audit-baseline",
|
|
12
|
+
"branch_name": "feature/QUIVER-50-00-v50-audit-baseline"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
16
|
+
],
|
|
17
|
+
"expected_read_paths": [
|
|
18
|
+
"REQUERIMIENTOS_DERIVADOS_DE_AUDITORIA.md",
|
|
19
|
+
"package.json",
|
|
20
|
+
".github/workflows/ci.yml",
|
|
21
|
+
"src/create-quiver/**",
|
|
22
|
+
"tests/**"
|
|
23
|
+
],
|
|
24
|
+
"allowed_write_paths": [
|
|
25
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
26
|
+
],
|
|
27
|
+
"depends_on": [],
|
|
28
|
+
"parallel_safe": "no",
|
|
29
|
+
"parallel_safe_reason": "Baseline defines finding state and constraints for every later v50 slice.",
|
|
30
|
+
"must": [
|
|
31
|
+
"Create a Finding | Current state | Action table.",
|
|
32
|
+
"Mark each finding as implemented, partial, missing, or not applicable.",
|
|
33
|
+
"Record current help, JSON, parser, CI, package, and command contracts.",
|
|
34
|
+
"Do not change runtime code."
|
|
35
|
+
],
|
|
36
|
+
"not_included": [
|
|
37
|
+
"Implementing fixes.",
|
|
38
|
+
"Changing docs outside this spec."
|
|
39
|
+
],
|
|
40
|
+
"acceptance": [
|
|
41
|
+
"Resolved findings are identified as evidence/test/docs only.",
|
|
42
|
+
"Missing and partial findings are mapped to later slices.",
|
|
43
|
+
"Contracts that must not regress are explicit."
|
|
44
|
+
],
|
|
45
|
+
"tests": [
|
|
46
|
+
"git diff --check",
|
|
47
|
+
"node bin/create-quiver.js spec validate specs/quiver-v50-audit-trust-foundation"
|
|
48
|
+
],
|
|
49
|
+
"validation_hints": [
|
|
50
|
+
"Use current CLI behavior as evidence, not assumptions from the audit file."
|
|
51
|
+
],
|
|
52
|
+
"estimated_hours": 2,
|
|
53
|
+
"status": "completed",
|
|
54
|
+
"blocked_reason": null,
|
|
55
|
+
"actual_hours": 2,
|
|
56
|
+
"completed_at": "2026-06-01T21:37:54-0300"
|
|
57
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-01 runtime minimum and package metadata
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Declared the supported Node runtime minimum as `>=20.12.0`, synchronized package metadata and lockfile, documented the requirement, and added CI coverage for the exact minimum.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `npm ci`
|
|
10
|
+
- [x] `node --test`
|
|
11
|
+
- [x] `npx -y node@20.12.0 --test`
|
|
12
|
+
- [x] `git diff --check`
|
|
13
|
+
- [x] `node bin/create-quiver.js spec validate specs/quiver-v50-audit-trust-foundation`
|
|
14
|
+
|
|
15
|
+
## Closure Conditions
|
|
16
|
+
|
|
17
|
+
- [x] Node minimum verified.
|
|
18
|
+
- [x] Package metadata and lockfile synchronized.
|
|
19
|
+
- [x] Docs updated.
|
|
20
|
+
- [x] Evidence recorded.
|
|
21
|
+
|
|
22
|
+
## Open Items
|
|
23
|
+
|
|
24
|
+
- None.
|
|
@@ -0,0 +1,67 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-01 runtime minimum and package metadata
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
The audit requires `engines.node`, but declaring it without evidence can reject valid users or accept unsupported runtimes.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Verify and declare the real minimum supported Node.js version.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- Node minimum validation.
|
|
14
|
+
- `engines.node`.
|
|
15
|
+
- Lockfile synchronization.
|
|
16
|
+
- Installation docs.
|
|
17
|
+
- CI coverage for the minimum where feasible.
|
|
18
|
+
|
|
19
|
+
## Acceptance Criteria
|
|
20
|
+
|
|
21
|
+
- The declared Node minimum is backed by validation evidence.
|
|
22
|
+
- `package.json` and `package-lock.json` are synchronized.
|
|
23
|
+
- `npm ci` passes.
|
|
24
|
+
- Installation docs mention the supported Node version.
|
|
25
|
+
- CI covers the minimum Node version or records an explicit blocker.
|
|
26
|
+
|
|
27
|
+
## Expected Files To Modify
|
|
28
|
+
|
|
29
|
+
- `package.json`
|
|
30
|
+
- `package-lock.json`
|
|
31
|
+
- `README.md`
|
|
32
|
+
- `docs/getting-started/installation.md`
|
|
33
|
+
- `.github/workflows/ci.yml`
|
|
34
|
+
- `specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md`
|
|
35
|
+
|
|
36
|
+
## Validations Required
|
|
37
|
+
|
|
38
|
+
- `npm ci`
|
|
39
|
+
- `node --test`
|
|
40
|
+
- `git diff --check`
|
|
41
|
+
|
|
42
|
+
## Risks
|
|
43
|
+
|
|
44
|
+
- Declaring an unverified runtime minimum.
|
|
45
|
+
- Forgetting lockfile updates.
|
|
46
|
+
- CI using only a newer Node version.
|
|
47
|
+
|
|
48
|
+
## Dependencies
|
|
49
|
+
|
|
50
|
+
- Depends on `slice-00-audit-baseline-and-resolved-findings`.
|
|
51
|
+
|
|
52
|
+
## Instructions For Executor
|
|
53
|
+
|
|
54
|
+
1. Determine the lowest Node version that actually supports the project.
|
|
55
|
+
2. Only then add `engines.node`.
|
|
56
|
+
3. Update docs and lockfile together.
|
|
57
|
+
4. Record validation evidence.
|
|
58
|
+
|
|
59
|
+
## Completion Checklist
|
|
60
|
+
|
|
61
|
+
- [ ] Acceptance criteria satisfied.
|
|
62
|
+
- [ ] Required validations run or blockers documented.
|
|
63
|
+
- [ ] Closure brief updated.
|
|
64
|
+
|
|
65
|
+
## Conditions Of Closure
|
|
66
|
+
|
|
67
|
+
- Runtime metadata is truthful and reproducible.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-01-runtime-minimum-and-package-metadata",
|
|
3
|
+
"ticket": "QUIVER-50-01",
|
|
4
|
+
"type": "quality",
|
|
5
|
+
"title": "Runtime minimum and package metadata",
|
|
6
|
+
"objective": "Verify and declare the real minimum supported Node.js version.",
|
|
7
|
+
"description": "Adds package runtime metadata only after evidence proves the minimum supported Node version.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v50-runtime-metadata",
|
|
12
|
+
"branch_name": "feature/QUIVER-50-01-v50-runtime-metadata"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"package.json",
|
|
16
|
+
"package-lock.json",
|
|
17
|
+
"README.md",
|
|
18
|
+
"docs/getting-started/**",
|
|
19
|
+
".github/workflows/ci.yml",
|
|
20
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
21
|
+
],
|
|
22
|
+
"expected_read_paths": [
|
|
23
|
+
"package.json",
|
|
24
|
+
"package-lock.json",
|
|
25
|
+
".github/workflows/ci.yml",
|
|
26
|
+
"scripts/ci/**",
|
|
27
|
+
"docs/getting-started/installation.md"
|
|
28
|
+
],
|
|
29
|
+
"allowed_write_paths": [
|
|
30
|
+
"package.json",
|
|
31
|
+
"package-lock.json",
|
|
32
|
+
"README.md",
|
|
33
|
+
"docs/getting-started/**",
|
|
34
|
+
".github/workflows/ci.yml",
|
|
35
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
36
|
+
],
|
|
37
|
+
"depends_on": [
|
|
38
|
+
"slice-00-audit-baseline-and-resolved-findings"
|
|
39
|
+
],
|
|
40
|
+
"parallel_safe": "yes",
|
|
41
|
+
"parallel_safe_reason": "Package metadata can be handled independently after baseline.",
|
|
42
|
+
"must": [
|
|
43
|
+
"Verify the real Node minimum before declaring engines.node.",
|
|
44
|
+
"Keep package-lock.json synchronized with package.json.",
|
|
45
|
+
"Document the Node minimum in installation docs.",
|
|
46
|
+
"Ensure CI tests the declared minimum or records a blocker."
|
|
47
|
+
],
|
|
48
|
+
"not_included": [
|
|
49
|
+
"Adding unrelated dependencies.",
|
|
50
|
+
"Changing release automation."
|
|
51
|
+
],
|
|
52
|
+
"acceptance": [
|
|
53
|
+
"package.json declares engines.node only with evidence.",
|
|
54
|
+
"npm ci passes with the synchronized lockfile.",
|
|
55
|
+
"Docs mention the supported Node version.",
|
|
56
|
+
"CI covers the minimum or the blocker is explicit."
|
|
57
|
+
],
|
|
58
|
+
"tests": [
|
|
59
|
+
"npm ci",
|
|
60
|
+
"node --test",
|
|
61
|
+
"git diff --check"
|
|
62
|
+
],
|
|
63
|
+
"validation_hints": [
|
|
64
|
+
"Do not infer Node minimum from current local Node version."
|
|
65
|
+
],
|
|
66
|
+
"estimated_hours": 3,
|
|
67
|
+
"status": "completed",
|
|
68
|
+
"blocked_reason": null,
|
|
69
|
+
"actual_hours": 2,
|
|
70
|
+
"completed_at": "2026-06-01T22:13:40-0300"
|
|
71
|
+
}
|
|
@@ -0,0 +1,24 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-02 migrate write-safety contract
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Added a migrate write-safety gate before side effects, with TTY confirmation, no-TTY/JSON-safe refusal without `--yes`, explicit `migrate --yes` automation, dry-run preservation, localized messages, command docs, and tests.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `node --test tests/commands/cli-contract.test.js`
|
|
10
|
+
- [x] `node --test tests/commands/init-profiles.test.js`
|
|
11
|
+
- [x] `node --test tests/commands/i18n-audit-matrix.test.js`
|
|
12
|
+
- [x] `node --test`
|
|
13
|
+
- [x] `npx -y node@20.12.0 --test tests/commands/cli-contract.test.js tests/commands/init-profiles.test.js tests/commands/i18n-audit-matrix.test.js`
|
|
14
|
+
- [x] `git diff --check`
|
|
15
|
+
|
|
16
|
+
## Closure Conditions
|
|
17
|
+
|
|
18
|
+
- [x] Confirmation occurs before side effects.
|
|
19
|
+
- [x] Cancellation/no-TTY paths are safe.
|
|
20
|
+
- [x] `--yes` and `--dry-run` contracts are tested.
|
|
21
|
+
|
|
22
|
+
## Open Items
|
|
23
|
+
|
|
24
|
+
- None.
|
|
@@ -0,0 +1,71 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-02 migrate write-safety contract
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
`migrate` writes project files. It must not perform side effects before explicit user confirmation or `--yes`.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Require explicit confirmation before `migrate` performs any side effects.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- TTY confirmation.
|
|
14
|
+
- no-TTY safe behavior.
|
|
15
|
+
- `migrate --yes`.
|
|
16
|
+
- `migrate --dry-run`.
|
|
17
|
+
- Parser/help/i18n/tests.
|
|
18
|
+
|
|
19
|
+
## Acceptance Criteria
|
|
20
|
+
|
|
21
|
+
- No side effects happen before confirmation.
|
|
22
|
+
- Cancellation leaves the tree unchanged.
|
|
23
|
+
- no-TTY without `--yes` is safe and actionable.
|
|
24
|
+
- `migrate --yes` proceeds without prompt.
|
|
25
|
+
- `migrate --dry-run` remains prompt-free and write-free.
|
|
26
|
+
- `--yes` help scope is updated.
|
|
27
|
+
- EN/ES messages exist.
|
|
28
|
+
|
|
29
|
+
## Expected Files To Modify
|
|
30
|
+
|
|
31
|
+
- `src/create-quiver/index.js`
|
|
32
|
+
- `src/create-quiver/lib/i18n/messages/en.js`
|
|
33
|
+
- `src/create-quiver/lib/i18n/messages/es.js`
|
|
34
|
+
- `tests/commands/parser-contract.test.js`
|
|
35
|
+
- `tests/commands/*migrate*.test.js`
|
|
36
|
+
- `docs/reference/commands.md`
|
|
37
|
+
- `docs/CLI_UX_GUIDE.md`
|
|
38
|
+
- `specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md`
|
|
39
|
+
|
|
40
|
+
## Validations Required
|
|
41
|
+
|
|
42
|
+
- `node --test tests/commands/parser-contract.test.js`
|
|
43
|
+
- `node --test`
|
|
44
|
+
- `git diff --check`
|
|
45
|
+
|
|
46
|
+
## Risks
|
|
47
|
+
|
|
48
|
+
- Prompting too late after side effects.
|
|
49
|
+
- Treating `--yes` as unsupported or too global.
|
|
50
|
+
- Breaking automation/no-TTY flows.
|
|
51
|
+
|
|
52
|
+
## Dependencies
|
|
53
|
+
|
|
54
|
+
- Depends on `slice-00-audit-baseline-and-resolved-findings`.
|
|
55
|
+
|
|
56
|
+
## Instructions For Executor
|
|
57
|
+
|
|
58
|
+
1. Move confirmation before `packTemplate`, file writes, state updates, and install attempts.
|
|
59
|
+
2. Snapshot test cancellation and no-TTY behavior.
|
|
60
|
+
3. Keep dry-run behavior unchanged.
|
|
61
|
+
4. Keep stdout clean for machine-readable paths.
|
|
62
|
+
|
|
63
|
+
## Completion Checklist
|
|
64
|
+
|
|
65
|
+
- [ ] Acceptance criteria satisfied.
|
|
66
|
+
- [ ] Required validations run or blockers documented.
|
|
67
|
+
- [ ] Closure brief updated.
|
|
68
|
+
|
|
69
|
+
## Conditions Of Closure
|
|
70
|
+
|
|
71
|
+
- `migrate` cannot unexpectedly modify a project.
|
|
@@ -0,0 +1,81 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-02-migrate-write-safety-contract",
|
|
3
|
+
"ticket": "QUIVER-50-02",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Migrate write-safety contract",
|
|
6
|
+
"objective": "Require explicit confirmation before migrate performs any side effects.",
|
|
7
|
+
"description": "Protects migrate writes with TTY confirmation, no-TTY safety, and a documented --yes automation path.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v50-migrate-write-safety",
|
|
12
|
+
"branch_name": "feature/QUIVER-50-02-v50-migrate-write-safety"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/index.js",
|
|
16
|
+
"src/create-quiver/lib/i18n/messages/en.js",
|
|
17
|
+
"src/create-quiver/lib/i18n/messages/es.js",
|
|
18
|
+
"tests/commands/cli-contract.test.js",
|
|
19
|
+
"tests/commands/init-profiles.test.js",
|
|
20
|
+
"tests/commands/i18n-audit-matrix.test.js",
|
|
21
|
+
"docs/reference/commands.md",
|
|
22
|
+
"docs/CLI_UX_GUIDE.md",
|
|
23
|
+
"specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json",
|
|
24
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
25
|
+
],
|
|
26
|
+
"expected_read_paths": [
|
|
27
|
+
"src/create-quiver/index.js",
|
|
28
|
+
"src/create-quiver/commands/init.js",
|
|
29
|
+
"src/create-quiver/lib/cli/ux.js",
|
|
30
|
+
"tests/commands/cli-contract.test.js",
|
|
31
|
+
"tests/commands/init-profiles.test.js",
|
|
32
|
+
"tests/commands/i18n-audit-matrix.test.js"
|
|
33
|
+
],
|
|
34
|
+
"allowed_write_paths": [
|
|
35
|
+
"src/create-quiver/**",
|
|
36
|
+
"tests/**",
|
|
37
|
+
"docs/reference/commands.md",
|
|
38
|
+
"docs/CLI_UX_GUIDE.md",
|
|
39
|
+
"specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json",
|
|
40
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
41
|
+
],
|
|
42
|
+
"depends_on": [
|
|
43
|
+
"slice-00-audit-baseline-and-resolved-findings"
|
|
44
|
+
],
|
|
45
|
+
"parallel_safe": "yes",
|
|
46
|
+
"parallel_safe_reason": "Touches migrate/parser/help but is isolated from runtime metadata and docs work.",
|
|
47
|
+
"must": [
|
|
48
|
+
"Prompt before any migrate side effect in TTY.",
|
|
49
|
+
"Refuse or guide safely in no-TTY without --yes.",
|
|
50
|
+
"Allow migrate --yes for automation.",
|
|
51
|
+
"Keep migrate --dry-run side-effect free and prompt-free.",
|
|
52
|
+
"Update --yes parser/help scope."
|
|
53
|
+
],
|
|
54
|
+
"not_included": [
|
|
55
|
+
"Changing migration semantics.",
|
|
56
|
+
"Removing legacy migrate paths."
|
|
57
|
+
],
|
|
58
|
+
"acceptance": [
|
|
59
|
+
"Cancellation leaves the file tree unchanged.",
|
|
60
|
+
"migrate --yes proceeds without prompt.",
|
|
61
|
+
"migrate --dry-run does not require --yes.",
|
|
62
|
+
"Warnings/prompts never pollute JSON stdout.",
|
|
63
|
+
"EN/ES messages are covered."
|
|
64
|
+
],
|
|
65
|
+
"tests": [
|
|
66
|
+
"node --test tests/commands/cli-contract.test.js",
|
|
67
|
+
"node --test tests/commands/init-profiles.test.js",
|
|
68
|
+
"node --test tests/commands/i18n-audit-matrix.test.js",
|
|
69
|
+
"node --test",
|
|
70
|
+
"npx -y node@20.12.0 --test tests/commands/cli-contract.test.js tests/commands/init-profiles.test.js tests/commands/i18n-audit-matrix.test.js",
|
|
71
|
+
"git diff --check"
|
|
72
|
+
],
|
|
73
|
+
"validation_hints": [
|
|
74
|
+
"Snapshot files before and after cancellation/no-TTY tests."
|
|
75
|
+
],
|
|
76
|
+
"estimated_hours": 6,
|
|
77
|
+
"status": "completed",
|
|
78
|
+
"blocked_reason": null,
|
|
79
|
+
"actual_hours": 6,
|
|
80
|
+
"completed_at": "2026-06-01T22:34:50-0300"
|
|
81
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-03 security reporting channel
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Documented a concrete private email channel for vulnerability reports and recorded that GitHub Private Vulnerability Reporting is disabled until repository owners enable it.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `gh repo view FabriJuncal/quiver --json nameWithOwner,isPrivate,viewerPermission,url`
|
|
10
|
+
- [x] `gh api repos/FabriJuncal/quiver/private-vulnerability-reporting --jq '.'`
|
|
11
|
+
- [x] `git diff --check`
|
|
12
|
+
- [x] `node bin/create-quiver.js spec validate specs/quiver-v50-audit-trust-foundation`
|
|
13
|
+
- [x] `node bin/create-quiver.js check-slice specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/slice.json --local`
|
|
14
|
+
|
|
15
|
+
## Closure Conditions
|
|
16
|
+
|
|
17
|
+
- [x] Concrete private security channel documented.
|
|
18
|
+
- [x] Evidence or external owner action recorded.
|
|
19
|
+
|
|
20
|
+
## Open Items
|
|
21
|
+
|
|
22
|
+
- Repository owners should enable GitHub Private Vulnerability Reporting in GitHub settings before replacing the email fallback.
|
|
@@ -0,0 +1,57 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-03 security reporting channel
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
`SECURITY.md` currently asks for private reporting but must provide a concrete, usable channel.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Make private vulnerability reporting concrete and verifiable.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- `SECURITY.md`.
|
|
14
|
+
- Evidence of GitHub private reporting or fallback contact.
|
|
15
|
+
- Closure notes for any external owner action.
|
|
16
|
+
|
|
17
|
+
## Acceptance Criteria
|
|
18
|
+
|
|
19
|
+
- A concrete private reporting channel is documented.
|
|
20
|
+
- If GitHub Private Vulnerability Reporting is used, evidence or owner confirmation is recorded.
|
|
21
|
+
- If remote settings cannot be verified, a functional fallback channel is documented.
|
|
22
|
+
- No vague reporting instruction remains without a channel.
|
|
23
|
+
|
|
24
|
+
## Expected Files To Modify
|
|
25
|
+
|
|
26
|
+
- `SECURITY.md`
|
|
27
|
+
- `specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md`
|
|
28
|
+
- `specs/quiver-v50-audit-trust-foundation/STATUS.md`
|
|
29
|
+
|
|
30
|
+
## Validations Required
|
|
31
|
+
|
|
32
|
+
- `git diff --check`
|
|
33
|
+
|
|
34
|
+
## Risks
|
|
35
|
+
|
|
36
|
+
- Treating an unverifiable GitHub setting as done.
|
|
37
|
+
- Publishing security contact instructions that do not work.
|
|
38
|
+
|
|
39
|
+
## Dependencies
|
|
40
|
+
|
|
41
|
+
- Depends on `slice-00-audit-baseline-and-resolved-findings`.
|
|
42
|
+
|
|
43
|
+
## Instructions For Executor
|
|
44
|
+
|
|
45
|
+
1. Pick the concrete reporting channel based on available repository settings.
|
|
46
|
+
2. If external verification is impossible, document the required owner action and fallback.
|
|
47
|
+
3. Keep wording concise and actionable.
|
|
48
|
+
|
|
49
|
+
## Completion Checklist
|
|
50
|
+
|
|
51
|
+
- [ ] Acceptance criteria satisfied.
|
|
52
|
+
- [ ] Required validations run or blockers documented.
|
|
53
|
+
- [ ] Closure brief updated.
|
|
54
|
+
|
|
55
|
+
## Conditions Of Closure
|
|
56
|
+
|
|
57
|
+
- Security reporters have a private path that can actually be used.
|
|
@@ -0,0 +1,56 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-03-security-reporting-channel",
|
|
3
|
+
"ticket": "QUIVER-50-03",
|
|
4
|
+
"type": "documentation",
|
|
5
|
+
"title": "Security reporting channel",
|
|
6
|
+
"objective": "Make private vulnerability reporting concrete and verifiable.",
|
|
7
|
+
"description": "Updates SECURITY.md with a real private reporting path and records evidence or required owner confirmation.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v50-security-reporting",
|
|
12
|
+
"branch_name": "feature/QUIVER-50-03-v50-security-reporting"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"SECURITY.md",
|
|
16
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
17
|
+
],
|
|
18
|
+
"expected_read_paths": [
|
|
19
|
+
"SECURITY.md",
|
|
20
|
+
"docs/GITFLOW_PR_GUIDE.md"
|
|
21
|
+
],
|
|
22
|
+
"allowed_write_paths": [
|
|
23
|
+
"SECURITY.md",
|
|
24
|
+
"specs/quiver-v50-audit-trust-foundation/**"
|
|
25
|
+
],
|
|
26
|
+
"depends_on": [
|
|
27
|
+
"slice-00-audit-baseline-and-resolved-findings"
|
|
28
|
+
],
|
|
29
|
+
"parallel_safe": "yes",
|
|
30
|
+
"parallel_safe_reason": "Security docs are independent from code changes.",
|
|
31
|
+
"must": [
|
|
32
|
+
"Replace vague private reporting guidance with a concrete channel.",
|
|
33
|
+
"Record whether GitHub Private Vulnerability Reporting is activated or use an email fallback.",
|
|
34
|
+
"Document any required manual owner action."
|
|
35
|
+
],
|
|
36
|
+
"not_included": [
|
|
37
|
+
"Changing repository settings from code.",
|
|
38
|
+
"Creating public issue templates for vulnerabilities."
|
|
39
|
+
],
|
|
40
|
+
"acceptance": [
|
|
41
|
+
"SECURITY.md contains a concrete private channel.",
|
|
42
|
+
"Closure records evidence or owner-confirmation requirement.",
|
|
43
|
+
"No vague 'contact privately' wording remains without a channel."
|
|
44
|
+
],
|
|
45
|
+
"tests": [
|
|
46
|
+
"git diff --check"
|
|
47
|
+
],
|
|
48
|
+
"validation_hints": [
|
|
49
|
+
"If GitHub settings cannot be verified locally, record the external action explicitly."
|
|
50
|
+
],
|
|
51
|
+
"estimated_hours": 1,
|
|
52
|
+
"status": "completed",
|
|
53
|
+
"blocked_reason": null,
|
|
54
|
+
"actual_hours": 1,
|
|
55
|
+
"completed_at": "2026-06-01T22:23:21-0300"
|
|
56
|
+
}
|
|
@@ -0,0 +1,23 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-04 user-facing i18n error coverage
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Localized covered user-facing error wrappers for `config`, `evidence`, `graph`, and `spec` command paths, including parser/wiring paths in `index.js`, command-to-library evidence errors, graph format errors, and spec create/validate wrappers. Documented technical allowlist and confirmed `commands/ai-core.js` does not exist in the current repo.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `node --test tests/commands/i18n-audit-matrix.test.js`
|
|
10
|
+
- [x] `node --test tests/lib/i18n-catalog.test.js`
|
|
11
|
+
- [x] `node --test tests/commands/config-language.test.js tests/commands/evidence.test.js tests/commands/graph.test.js tests/commands/spec-validate.test.js tests/commands/spec-create.test.js tests/lib/i18n-catalog.test.js tests/commands/i18n-audit-matrix.test.js`
|
|
12
|
+
- [x] `node --test`
|
|
13
|
+
- [x] `git diff --check`
|
|
14
|
+
|
|
15
|
+
## Closure Conditions
|
|
16
|
+
|
|
17
|
+
- [x] User-facing errors localized in covered paths.
|
|
18
|
+
- [x] Allowlist documented in `EVIDENCE_REPORT.md`.
|
|
19
|
+
- [x] JSON stdout contracts preserved for covered error tests.
|
|
20
|
+
|
|
21
|
+
## Open Items
|
|
22
|
+
|
|
23
|
+
- None.
|