create-quiver 0.15.4 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/pull_request_template.md +17 -0
- package/.github/workflows/ci.yml +76 -0
- package/.markdown-link-check.json +15 -0
- package/.markdownlint.json +11 -0
- package/ARCHITECTURE.md +133 -0
- package/CHANGELOG.md +16 -0
- package/CONTRIBUTING.md +174 -9
- package/README.md +17 -2
- package/README_FOR_AI.md +4 -1
- package/ROADMAP.md +4 -0
- package/SECURITY.md +9 -2
- package/docs/AI_CONTEXT.md.es.template +3 -1
- package/docs/AI_CONTEXT.md.template +3 -1
- package/docs/CLI_UX_GUIDE.md +20 -1
- package/docs/COMMANDS.md.template +20 -6
- package/docs/GITFLOW_PR_GUIDE.md +73 -11
- package/docs/GITFLOW_PR_GUIDE.md.es.template +61 -2
- package/docs/GITFLOW_PR_GUIDE.md.template +72 -10
- package/docs/INDEX.md +6 -1
- package/docs/QUICK.md.template +2 -1
- package/docs/STANDARD.md.template +2 -1
- package/docs/WORKFLOW.md.es.template +3 -1
- package/docs/WORKFLOW.md.template +6 -4
- package/docs/getting-started/installation.md +7 -0
- package/docs/reference/commands.md +138 -6
- package/docs/reference/slice-schema.md +37 -0
- package/docs/schema/slice.schema.json +221 -0
- package/docs/specs/01-spec/01-slice/01-slice.json +36 -0
- package/docs/specs/01-spec/01-slice/01-slice.md +106 -0
- package/docs/specs/01-spec/01-slice/CLOSURE_BRIEF.md +80 -0
- package/docs/specs/01-spec/01-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/02-slice/02-slice.json +36 -0
- package/docs/specs/01-spec/02-slice/02-slice.md +108 -0
- package/docs/specs/01-spec/02-slice/CLOSURE_BRIEF.md +88 -0
- package/docs/specs/01-spec/02-slice/EXECUTION_BRIEF.md +40 -0
- package/docs/specs/01-spec/03-slice/03-slice.json +36 -0
- package/docs/specs/01-spec/03-slice/03-slice.md +103 -0
- package/docs/specs/01-spec/03-slice/CLOSURE_BRIEF.md +54 -0
- package/docs/specs/01-spec/03-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/04-slice/04-slice.json +36 -0
- package/docs/specs/01-spec/04-slice/04-slice.md +107 -0
- package/docs/specs/01-spec/04-slice/CLOSURE_BRIEF.md +46 -0
- package/docs/specs/01-spec/04-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/05-slice/05-slice.json +36 -0
- package/docs/specs/01-spec/05-slice/05-slice.md +106 -0
- package/docs/specs/01-spec/05-slice/CLOSURE_BRIEF.md +84 -0
- package/docs/specs/01-spec/05-slice/EXECUTION_BRIEF.md +109 -0
- package/docs/specs/01-spec/06-slice/06-slice.json +36 -0
- package/docs/specs/01-spec/06-slice/06-slice.md +107 -0
- package/docs/specs/01-spec/06-slice/CLOSURE_BRIEF.md +67 -0
- package/docs/specs/01-spec/06-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/07-slice/07-slice.json +36 -0
- package/docs/specs/01-spec/07-slice/07-slice.md +105 -0
- package/docs/specs/01-spec/07-slice/CLOSURE_BRIEF.md +71 -0
- package/docs/specs/01-spec/07-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/08-slice/08-slice.json +36 -0
- package/docs/specs/01-spec/08-slice/08-slice.md +105 -0
- package/docs/specs/01-spec/08-slice/CLOSURE_BRIEF.md +114 -0
- package/docs/specs/01-spec/08-slice/EXECUTION_BRIEF.md +39 -0
- package/docs/specs/01-spec/CLOSURE_BRIEF.md +87 -0
- package/docs/specs/01-spec/spec.md +197 -0
- package/docs/workflows/full-ai-spec-to-pr.md +46 -3
- package/i18n/es/docs/GITFLOW_PR_GUIDE.md.template +38 -1
- package/package.json +27 -1
- package/scripts/package-quiver.sh +82 -2
- package/scripts/release-quiver.sh +14 -3
- package/specs/[project-name]/slices/pr.md.template +19 -0
- package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +122 -1
- package/specs/quiver-v46-deep-project-analysis/EVIDENCE_REPORT.md +94 -0
- package/specs/quiver-v46-deep-project-analysis/EXECUTION_PLAN.md +26 -0
- package/specs/quiver-v46-deep-project-analysis/SPEC.md +157 -0
- package/specs/quiver-v46-deep-project-analysis/STATUS.md +26 -0
- package/specs/quiver-v46-deep-project-analysis/pr.md +131 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/CLOSURE_BRIEF.md +14 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/EXECUTION_BRIEF.md +41 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/slice.json +61 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/EXECUTION_BRIEF.md +33 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/slice.json +80 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/EXECUTION_BRIEF.md +34 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/slice.json +79 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/CLOSURE_BRIEF.md +19 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/EXECUTION_BRIEF.md +33 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/slice.json +79 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/EXECUTION_BRIEF.md +32 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/slice.json +85 -0
- package/specs/quiver-v50-audit-trust-foundation/EVIDENCE_REPORT.md +151 -0
- package/specs/quiver-v50-audit-trust-foundation/EXECUTION_PLAN.md +34 -0
- package/specs/quiver-v50-audit-trust-foundation/SPEC.md +113 -0
- package/specs/quiver-v50-audit-trust-foundation/STATUS.md +26 -0
- package/specs/quiver-v50-audit-trust-foundation/pr.md +120 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-00-audit-baseline-and-resolved-findings/slice.json +57 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/CLOSURE_BRIEF.md +24 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/EXECUTION_BRIEF.md +67 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-01-runtime-minimum-and-package-metadata/slice.json +71 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/CLOSURE_BRIEF.md +24 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/EXECUTION_BRIEF.md +71 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-02-migrate-write-safety-contract/slice.json +81 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/EXECUTION_BRIEF.md +57 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-03-security-reporting-channel/slice.json +56 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/CLOSURE_BRIEF.md +23 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/EXECUTION_BRIEF.md +68 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-04-user-facing-i18n-error-coverage/slice.json +84 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/EXECUTION_BRIEF.md +73 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-05-init-analyze-progress-and-summaries/slice.json +72 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/EXECUTION_BRIEF.md +66 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-06-contributor-and-architecture-docs/slice.json +74 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/CLOSURE_BRIEF.md +29 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/EXECUTION_BRIEF.md +74 -0
- package/specs/quiver-v50-audit-trust-foundation/slices/slice-07-ci-and-documentation-lint-baseline/slice.json +81 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/EVIDENCE_REPORT.md +145 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/EXECUTION_PLAN.md +32 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/SPEC.md +109 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/STATUS.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/pr.md +69 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-00-cli-contract-baseline/slice.json +56 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/EXECUTION_BRIEF.md +61 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-01-flow-json-compatibility/slice.json +68 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/EXECUTION_BRIEF.md +65 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/pr.md +134 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-02-dashboard-section-validation-i18n/slice.json +80 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/CLOSURE_BRIEF.md +31 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/EXECUTION_BRIEF.md +80 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/pr.md +159 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-03-base-branch-resolution-policy/slice.json +102 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/CLOSURE_BRIEF.md +25 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/EXECUTION_BRIEF.md +74 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/pr.md +147 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-04-next-plan-graph-ux-edge-cases/slice.json +91 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/CLOSURE_BRIEF.md +28 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/EXECUTION_BRIEF.md +73 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/pr.md +146 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-05-evidence-robustness-path-safety/slice.json +100 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/CLOSURE_BRIEF.md +36 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/EXECUTION_BRIEF.md +76 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/pr.md +155 -0
- package/specs/quiver-v51-cli-ergonomics-automation-contracts/slices/slice-06-namespace-compatibility-windows-scripts/slice.json +111 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/EVIDENCE_REPORT.md +95 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/EXECUTION_PLAN.md +31 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/SPEC.md +107 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/STATUS.md +22 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/pr.md +69 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/EXECUTION_BRIEF.md +60 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-00-schema-docs-release-baseline/slice.json +62 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/CLOSURE_BRIEF.md +34 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/EXECUTION_BRIEF.md +71 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/pr.md +146 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-01-json-schema-for-slice-json/slice.json +106 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/CLOSURE_BRIEF.md +33 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/EXECUTION_BRIEF.md +67 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/pr.md +144 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-02-generated-cli-reference/slice.json +86 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/CLOSURE_BRIEF.md +38 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/EXECUTION_BRIEF.md +75 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/pr.md +159 -0
- package/specs/quiver-v52-schema-docs-release-hygiene/slices/slice-03-changelog-package-release-smoke-hygiene/slice.json +105 -0
- package/src/create-quiver/commands/ai.js +521 -0
- package/src/create-quiver/commands/changelog.js +93 -0
- package/src/create-quiver/commands/config.js +16 -5
- package/src/create-quiver/commands/evidence.js +33 -2
- package/src/create-quiver/commands/flow.js +1 -0
- package/src/create-quiver/commands/graph.js +8 -2
- package/src/create-quiver/commands/plan.js +6 -0
- package/src/create-quiver/commands/spec.js +28 -13
- package/src/create-quiver/index.js +408 -98
- package/src/create-quiver/lib/ai/analyze-project-discovery.js +387 -0
- package/src/create-quiver/lib/ai/analyze-project-docs.js +364 -0
- package/src/create-quiver/lib/ai/analyze-project-parser.js +277 -0
- package/src/create-quiver/lib/ai/analyze-project-prompts.js +214 -0
- package/src/create-quiver/lib/ai/analyze-project-review.js +99 -0
- package/src/create-quiver/lib/ai/analyze-project-sampling.js +402 -0
- package/src/create-quiver/lib/ai/analyze-project-schema.js +92 -0
- package/src/create-quiver/lib/ai/analyze-project-validation.js +309 -0
- package/src/create-quiver/lib/ai/artifacts.js +4 -1
- package/src/create-quiver/lib/ai/github.js +5 -2
- package/src/create-quiver/lib/ai/spec-templates.js +19 -0
- package/src/create-quiver/lib/cli/command-registry.js +72 -0
- package/src/create-quiver/lib/cli/parser.js +14 -0
- package/src/create-quiver/lib/evidence.js +161 -6
- package/src/create-quiver/lib/git.js +99 -0
- package/src/create-quiver/lib/i18n/messages/en.js +52 -7
- package/src/create-quiver/lib/i18n/messages/es.js +54 -9
- package/src/create-quiver/lib/init-docs.js +1 -1
- package/src/create-quiver/lib/init-layout.js +9 -8
- package/src/create-quiver/lib/lifecycle.js +24 -26
- package/src/create-quiver/lib/readiness.js +67 -56
- package/src/create-quiver/lib/spec-worktrees.js +16 -34
|
@@ -2,3 +2,20 @@
|
|
|
2
2
|
|
|
3
3
|
Please fill in the slice `pr.md` and keep this PR aligned with it.
|
|
4
4
|
|
|
5
|
+
## PR Policy
|
|
6
|
+
|
|
7
|
+
- [ ] This PR contains one slice only.
|
|
8
|
+
- [ ] Grouped PR exception: this PR contains at most 2-3 slices, all docs-only, research-only, or low-risk mechanical cleanup.
|
|
9
|
+
- [ ] This PR does not mix docs with UI, backend, refactor, or performance work.
|
|
10
|
+
- [ ] Each included slice has separate evidence.
|
|
11
|
+
- [ ] The whole PR can be reverted without leaving partial state.
|
|
12
|
+
|
|
13
|
+
Individual PRs are mandatory for functional code, UI/UX, Supabase, Edge Functions, auth, storage, preview, performance/code-splitting, refactors, and tests or CI changes that affect gates.
|
|
14
|
+
|
|
15
|
+
## Merge Policy
|
|
16
|
+
|
|
17
|
+
- [ ] Human merge is expected.
|
|
18
|
+
- [ ] Assisted auto-merge is explicitly authorized for this PR or for this documented category.
|
|
19
|
+
- [ ] Assisted auto-merge conditions are met: docs-only or chore-only, low risk, no runtime changes, no production configuration changes, green checks, and no pending comments.
|
|
20
|
+
|
|
21
|
+
Assisted auto-merge is prohibited for UI, Supabase, Edge Functions, auth, storage, preview, performance, refactors, and changes with doubtful rollback.
|
package/.github/workflows/ci.yml
CHANGED
|
@@ -17,6 +17,14 @@ jobs:
|
|
|
17
17
|
- name: Checkout
|
|
18
18
|
uses: actions/checkout@v4
|
|
19
19
|
|
|
20
|
+
- name: Setup Node
|
|
21
|
+
uses: actions/setup-node@v4
|
|
22
|
+
with:
|
|
23
|
+
node-version: 22
|
|
24
|
+
|
|
25
|
+
- name: Install dependencies
|
|
26
|
+
run: npm ci
|
|
27
|
+
|
|
20
28
|
- name: Install shellcheck
|
|
21
29
|
run: sudo apt-get update && sudo apt-get install -y shellcheck
|
|
22
30
|
|
|
@@ -28,6 +36,43 @@ jobs:
|
|
|
28
36
|
node -e "const fs=require('fs'); const {parseJsonWithComments}=require('./src/create-quiver/lib/json'); parseJsonWithComments(fs.readFileSync('specs/[project-name]/slices/slice-template/slice.json', 'utf8'))"
|
|
29
37
|
node -e "const fs=require('fs'); const {parseJsonWithComments}=require('./src/create-quiver/lib/json'); parseJsonWithComments(fs.readFileSync('specs/quiver-v01/slices/slice-01-legal-integrity/slice.json', 'utf8'))"
|
|
30
38
|
|
|
39
|
+
tests:
|
|
40
|
+
runs-on: ubuntu-latest
|
|
41
|
+
steps:
|
|
42
|
+
- name: Checkout
|
|
43
|
+
uses: actions/checkout@v4
|
|
44
|
+
|
|
45
|
+
- name: Setup Node
|
|
46
|
+
uses: actions/setup-node@v4
|
|
47
|
+
with:
|
|
48
|
+
node-version: 22
|
|
49
|
+
|
|
50
|
+
- name: Install dependencies
|
|
51
|
+
run: npm ci
|
|
52
|
+
|
|
53
|
+
- name: Run portable test suite
|
|
54
|
+
run: npm run test:ci
|
|
55
|
+
|
|
56
|
+
- name: Run package smoke
|
|
57
|
+
run: npm run package:quiver
|
|
58
|
+
|
|
59
|
+
docs:
|
|
60
|
+
runs-on: ubuntu-latest
|
|
61
|
+
steps:
|
|
62
|
+
- name: Checkout
|
|
63
|
+
uses: actions/checkout@v4
|
|
64
|
+
|
|
65
|
+
- name: Setup Node
|
|
66
|
+
uses: actions/setup-node@v4
|
|
67
|
+
with:
|
|
68
|
+
node-version: 22
|
|
69
|
+
|
|
70
|
+
- name: Install dependencies
|
|
71
|
+
run: npm ci
|
|
72
|
+
|
|
73
|
+
- name: Run docs checks
|
|
74
|
+
run: npm run docs:check
|
|
75
|
+
|
|
31
76
|
cross-platform-smoke:
|
|
32
77
|
strategy:
|
|
33
78
|
fail-fast: false
|
|
@@ -52,6 +97,37 @@ jobs:
|
|
|
52
97
|
- name: Run cross-platform smoke
|
|
53
98
|
run: node scripts/ci/smoke-cross-platform.js
|
|
54
99
|
|
|
100
|
+
- name: Run Windows PowerShell portable path smoke
|
|
101
|
+
if: runner.os == 'Windows'
|
|
102
|
+
shell: pwsh
|
|
103
|
+
run: |
|
|
104
|
+
$versionJson = node .\bin\create-quiver.js version --json
|
|
105
|
+
$version = $versionJson | ConvertFrom-Json
|
|
106
|
+
if (-not $version.version_schema_version -or -not $version.cli.version) {
|
|
107
|
+
throw "create-quiver version JSON did not include version schema metadata"
|
|
108
|
+
}
|
|
109
|
+
node .\bin\create-quiver.js slice check --local specs\quiver-v51-cli-ergonomics-automation-contracts\slices\slice-00-cli-contract-baseline\slice.json
|
|
110
|
+
node .\bin\create-quiver.js handoff check specs\quiver-v51-cli-ergonomics-automation-contracts\slices\slice-06-namespace-compatibility-windows-scripts\EXECUTION_BRIEF.md
|
|
111
|
+
npm run quiver:check-handoff -- specs\quiver-v51-cli-ergonomics-automation-contracts\slices\slice-06-namespace-compatibility-windows-scripts\EXECUTION_BRIEF.md
|
|
112
|
+
npm run test:ci -- tests\lib\paths.test.js
|
|
113
|
+
|
|
55
114
|
- name: Run tiered pack smoke
|
|
56
115
|
shell: bash
|
|
57
116
|
run: bash scripts/ci/smoke-tiered-pack.sh
|
|
117
|
+
|
|
118
|
+
minimum-node:
|
|
119
|
+
runs-on: ubuntu-latest
|
|
120
|
+
steps:
|
|
121
|
+
- name: Checkout
|
|
122
|
+
uses: actions/checkout@v4
|
|
123
|
+
|
|
124
|
+
- name: Setup minimum supported Node
|
|
125
|
+
uses: actions/setup-node@v4
|
|
126
|
+
with:
|
|
127
|
+
node-version: 20.12.0
|
|
128
|
+
|
|
129
|
+
- name: Install dependencies
|
|
130
|
+
run: npm ci
|
|
131
|
+
|
|
132
|
+
- name: Run full test suite on minimum Node
|
|
133
|
+
run: npm run test:ci
|
package/ARCHITECTURE.md
ADDED
|
@@ -0,0 +1,133 @@
|
|
|
1
|
+
# Quiver Architecture
|
|
2
|
+
|
|
3
|
+
Quiver is a Node.js CLI package published as `create-quiver`. It bootstraps and
|
|
4
|
+
operates a WDD + SDD workflow around specs, slices, handoffs, validation
|
|
5
|
+
evidence, and PR readiness.
|
|
6
|
+
|
|
7
|
+
## Runtime Entrypoints
|
|
8
|
+
|
|
9
|
+
| Surface | Path | Purpose |
|
|
10
|
+
|---|---|---|
|
|
11
|
+
| CLI binary | `bin/create-quiver.js` | Package binary for `create-quiver` and `quiver`. |
|
|
12
|
+
| Main dispatcher | `src/create-quiver/index.js` | Parses top-level args, routes commands, renders help, and wires command modules. |
|
|
13
|
+
| Package scripts | `package.json` | Contributor and generated workflow shortcuts such as `quiver:plan`, `quiver:graph`, and `package:quiver`. |
|
|
14
|
+
|
|
15
|
+
The public bootstrap command is `npx create-quiver ...`. The `quiver` binary is
|
|
16
|
+
a local installed alias to the same entrypoint.
|
|
17
|
+
|
|
18
|
+
## Command Layer
|
|
19
|
+
|
|
20
|
+
Command modules live under `src/create-quiver/commands/`.
|
|
21
|
+
|
|
22
|
+
| Area | Representative files | Responsibility |
|
|
23
|
+
|---|---|---|
|
|
24
|
+
| Project setup | `analyze.js`, `prepare.js`, `config.js` | Project scans, diagnostics, language config, and preparation checks. |
|
|
25
|
+
| Read-only status | `dashboard.js`, `flow.js`, `next.js`, `plan.js`, `graph.js` | Guided status, dependency graphs, and next-slice discovery. |
|
|
26
|
+
| AI workflow | `ai.js`, `src/create-quiver/lib/ai/**` | Planner drafts, approvals, profiles, execution plans, provider execution, PR preflight, and export. |
|
|
27
|
+
| Specs and lifecycle | `spec.js`, `src/create-quiver/lib/lifecycle.js`, `src/create-quiver/lib/spec-worktrees.js` | Spec creation/validation, slice readiness, worktrees, and closure. |
|
|
28
|
+
| Evidence and demos | `evidence.js`, `demo.js` | Validation evidence capture and optional static Spec Viewer demo generation. |
|
|
29
|
+
|
|
30
|
+
The current `origin/main` help surface uses legacy slice/handoff commands such
|
|
31
|
+
as `start-slice`, `check-slice`, `check-pr`, `check-handoff`, `new-handoff`,
|
|
32
|
+
`cleanup-slice`, `check-scope`, and `refresh-active-slices`.
|
|
33
|
+
|
|
34
|
+
## Library Layer
|
|
35
|
+
|
|
36
|
+
Shared logic lives under `src/create-quiver/lib/`.
|
|
37
|
+
|
|
38
|
+
| Area | Representative files |
|
|
39
|
+
|---|---|
|
|
40
|
+
| Project analysis and generated docs | `analyze.js`, `project-scan.js`, `init-docs.js`, `init-layout.js`, `template-resolver.js` |
|
|
41
|
+
| State and safety | `state.js`, `project-state-resolver.js`, `statuses.js`, `locks.js`, `paths.js`, `scope.js` |
|
|
42
|
+
| UX and i18n | `cli/ux.js`, `cli/theme.js`, `cli/selectors.js`, `cli/ux-flags.js`, `i18n/**` |
|
|
43
|
+
| AI orchestration | `ai/artifacts.js`, `ai/context-packs.js`, `ai/executor.js`, `ai/providers.js`, `ai/spec-generator.js`, `ai/phase-gates.js` |
|
|
44
|
+
| Spec graphing | `slice.js`, `slice-graph.js`, `renderers/tree.js`, `renderers/mermaid.js`, `renderers/dot.js` |
|
|
45
|
+
| Packaging | `package-safety.js`, `version.js` |
|
|
46
|
+
|
|
47
|
+
Keep command modules thin where possible. Put reusable behavior in `lib/` so it
|
|
48
|
+
can be tested without spawning the full CLI.
|
|
49
|
+
|
|
50
|
+
## Specs and Slices
|
|
51
|
+
|
|
52
|
+
Quiver dogfoods its own workflow in `specs/quiver-vNN-*`.
|
|
53
|
+
|
|
54
|
+
Each spec contains:
|
|
55
|
+
|
|
56
|
+
- `SPEC.md`: problem, objective, scope, acceptance criteria, guardrails.
|
|
57
|
+
- `STATUS.md`: current status and per-slice state.
|
|
58
|
+
- `EVIDENCE_REPORT.md`: validation evidence and decisions.
|
|
59
|
+
- `EXECUTION_PLAN.md`: dependency-aware execution order.
|
|
60
|
+
- `pr.md`: PR body source.
|
|
61
|
+
- `slices/<slice-id>/slice.json`: machine-readable scope, dependencies, and validation.
|
|
62
|
+
- `slices/<slice-id>/EXECUTION_BRIEF.md`: executor instructions.
|
|
63
|
+
- `slices/<slice-id>/CLOSURE_BRIEF.md`: completion conditions and validation record.
|
|
64
|
+
|
|
65
|
+
Slice numbering resets inside each spec. `slice-00` is the documentary
|
|
66
|
+
foundation for that spec; `slice-01` is the first implementation slice in that
|
|
67
|
+
same spec.
|
|
68
|
+
|
|
69
|
+
## Generated Project Contract
|
|
70
|
+
|
|
71
|
+
When Quiver initializes another project, it writes visible workflow docs and
|
|
72
|
+
internal state:
|
|
73
|
+
|
|
74
|
+
- Visible docs: `AGENTS.md`, `docs/**`, `specs/<project-slug>/**` when specs are created.
|
|
75
|
+
- Internal state: `.quiver/config.json`, `.quiver/state.json`,
|
|
76
|
+
`.quiver/scans/PROJECT_SCAN.json`, `.quiver/runs/**`, `.quiver/agents/**`.
|
|
77
|
+
|
|
78
|
+
Do not treat `.quiver/` as product code. It is local workflow state and must not
|
|
79
|
+
be published to npm.
|
|
80
|
+
|
|
81
|
+
## Templates and Localization
|
|
82
|
+
|
|
83
|
+
Human Markdown templates live under `docs/*.template`; Spanish variants use
|
|
84
|
+
`.es.template`. Machine-readable artifacts, command names, flags, ids,
|
|
85
|
+
providers, and JSON keys are not localized.
|
|
86
|
+
|
|
87
|
+
Spec templates live under `specs/[project-name]/`. Optional docs examples live
|
|
88
|
+
under `docs/examples/`.
|
|
89
|
+
|
|
90
|
+
## Package Boundary
|
|
91
|
+
|
|
92
|
+
`scripts/package-quiver.sh` builds and validates the npm tarball. The package
|
|
93
|
+
must include the CLI entrypoint, runtime source, README, public docs/templates,
|
|
94
|
+
community files, package scripts, and the minimal spec template.
|
|
95
|
+
|
|
96
|
+
The package must exclude tests, local examples, historical dogfooding specs that
|
|
97
|
+
are explicitly ignored, CI-only scripts, local PDFs, worktrees, provider state,
|
|
98
|
+
secrets, `.DS_Store`, and npm credentials. `src/create-quiver/lib/package-safety.js`
|
|
99
|
+
enforces additional unsafe-path checks against tarball contents.
|
|
100
|
+
|
|
101
|
+
## Tests and Smokes
|
|
102
|
+
|
|
103
|
+
| Command | Purpose |
|
|
104
|
+
|---|---|
|
|
105
|
+
| `node --test` | Full Node test suite. |
|
|
106
|
+
| `node --test tests/<file>.js` | Targeted test file. |
|
|
107
|
+
| `npm run package:quiver` | Build tarball and validate package contents. |
|
|
108
|
+
| `bash scripts/ci/smoke-create-quiver.sh` | Package-installed CLI smoke. |
|
|
109
|
+
| `npm run smoke:doctor-fixtures` | Doctor/preflight fixture smoke. |
|
|
110
|
+
| `npm run smoke:tiered-pack` | Tiered packaging smoke. |
|
|
111
|
+
| `npm run smoke:guided-workflow` | Guided workflow smoke. |
|
|
112
|
+
|
|
113
|
+
Run `node bin/create-quiver.js --help` after changing command surfaces or docs
|
|
114
|
+
that mention command names.
|
|
115
|
+
|
|
116
|
+
## CI
|
|
117
|
+
|
|
118
|
+
`.github/workflows/ci.yml` currently validates shell scripts, selected slice
|
|
119
|
+
templates, cross-platform smoke behavior on Ubuntu/macOS/Windows, and package
|
|
120
|
+
smoke coverage.
|
|
121
|
+
|
|
122
|
+
CI should stay deterministic and local-first. Avoid adding blocking network link
|
|
123
|
+
checks or publish steps unless a slice explicitly provides the safety contract.
|
|
124
|
+
|
|
125
|
+
## Design Constraints
|
|
126
|
+
|
|
127
|
+
- Keep JSON stdout clean and machine-readable.
|
|
128
|
+
- Keep prompts and spinners out of CI, no-TTY, `--json`, and `--no-color` flows.
|
|
129
|
+
- Preserve existing command compatibility unless a slice explicitly scopes a
|
|
130
|
+
breaking change.
|
|
131
|
+
- Prefer additive fields and aliases over removing established contracts.
|
|
132
|
+
- Do not publish local audit files, generated PDFs, worktrees, secrets, or AI
|
|
133
|
+
raw provider state.
|
package/CHANGELOG.md
CHANGED
|
@@ -6,6 +6,14 @@ All notable changes to this project will be documented in this file.
|
|
|
6
6
|
|
|
7
7
|
### Added
|
|
8
8
|
|
|
9
|
+
- v46 deep project analysis under `specs/quiver-v46-deep-project-analysis/`.
|
|
10
|
+
- `ai analyze-project` for bounded, evidence-backed repository analysis with read-only `--dry-run`, JSON automation output, provider-backed `--review`, safe doc writes, snapshots, and post-write validation.
|
|
11
|
+
- Top-level read-only `changelog` command with human and JSON output for inspecting packaged release notes.
|
|
12
|
+
- Spec 01 branch-recovery closure package under `docs/specs/01-spec/`, including controlled branch-cleanup guidance and release-readiness evidence.
|
|
13
|
+
- v52 schema/docs/release hygiene under `specs/quiver-v52-schema-docs-release-hygiene/`.
|
|
14
|
+
- Public `slice.json` JSON Schema docs and schema validation with `npm run schema:slice:check`.
|
|
15
|
+
- Generated CLI command reference drift checks with `npm run docs:commands:write` and `npm run docs:commands:check`.
|
|
16
|
+
- Changelog validation with `npm run changelog:check`.
|
|
9
17
|
- Implemented v31 AI model catalog and guided agent setup under `specs/quiver-v31-ai-model-catalog-agent-selection/`.
|
|
10
18
|
- Local known-model catalog for Codex, Claude, and Gemini, with role metadata, alias normalization, and `ai models list`.
|
|
11
19
|
- Guided provider/model selection for `ai agent set <role>`, plus `ai agent doctor` and `ai agent repair --dry-run` for legacy or invalid profiles.
|
|
@@ -17,6 +25,14 @@ All notable changes to this project will be documented in this file.
|
|
|
17
25
|
|
|
18
26
|
### Changed
|
|
19
27
|
|
|
28
|
+
- Existing-project AI onboarding now recommends `ai analyze-project --deep --dry-run` before context preparation so agents can see the intended read set, omissions, budgets, and privacy exclusions before any provider-backed docs update.
|
|
29
|
+
- npm package hygiene now excludes local `.quiver/` run state from published tarballs.
|
|
30
|
+
- CLI parser and command registry are now split into explicit modules while preserving existing command behavior and legacy aliases.
|
|
31
|
+
- Release-readiness evidence now includes a command-role audit that explains what each public command is for and how it was safely validated.
|
|
32
|
+
- `npm run docs:check` now includes generated CLI command reference drift detection.
|
|
33
|
+
- Package smoke now installs the generated tarball and verifies the installed CLI with `--version`, `--help`, and `init --dry-run`.
|
|
34
|
+
- Release dry-runs now require changelog, docs, schema, installer, package, and installed CLI smoke gates before publishing guidance.
|
|
35
|
+
- Release publishing remains explicitly guarded and requires `QUIVER_ALLOW_NPM_PUBLISH=1` when using publish flags.
|
|
20
36
|
- Agent profiles now distinguish the technical `model` id passed to provider CLIs from the human `displayName` shown in Quiver output.
|
|
21
37
|
- Live AI commands now normalize safe CLI model aliases, block persisted display aliases before provider execution, and surface invalid-model provider failures more clearly.
|
|
22
38
|
- Public docs, generated templates, CLI help, and smoke checks now describe model catalog entries as known by Quiver, not guaranteed account availability.
|
package/CONTRIBUTING.md
CHANGED
|
@@ -1,15 +1,180 @@
|
|
|
1
1
|
# Contributing
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
Thanks for contributing to Quiver. This repository is the source for the
|
|
4
|
+
`create-quiver` CLI, the generated workflow templates, and the public docs used
|
|
5
|
+
by teams adopting WDD + SDD.
|
|
4
6
|
|
|
5
|
-
|
|
6
|
-
2. Wait for the scope to be clarified if needed.
|
|
7
|
-
3. Open a pull request that matches one slice.
|
|
8
|
-
4. Link the issue and the slice in the PR body.
|
|
7
|
+
## Prerequisites
|
|
9
8
|
|
|
10
|
-
|
|
9
|
+
- Node.js and npm. Use the version declared in `package.json` when present; if
|
|
10
|
+
no runtime metadata is present on your branch, match the Node version used by
|
|
11
|
+
CI.
|
|
12
|
+
- Git and GitHub CLI (`gh`) for PR workflows.
|
|
13
|
+
- ShellCheck when changing Bash scripts under `scripts/`.
|
|
11
14
|
|
|
12
|
-
|
|
13
|
-
- Follow the slice workflow.
|
|
14
|
-
- Include evidence when the change needs validation.
|
|
15
|
+
## Setup
|
|
15
16
|
|
|
17
|
+
```bash
|
|
18
|
+
git clone git@github.com:FabriJuncal/quiver.git
|
|
19
|
+
cd quiver
|
|
20
|
+
npm ci
|
|
21
|
+
node bin/create-quiver.js --help
|
|
22
|
+
```
|
|
23
|
+
|
|
24
|
+
Quiver is normally executed through `npx create-quiver` by users. Contributors
|
|
25
|
+
can run the local checkout directly with `node bin/create-quiver.js ...`.
|
|
26
|
+
|
|
27
|
+
## Repository Workflow
|
|
28
|
+
|
|
29
|
+
1. Open or reference an issue, audit finding, or approved requirement.
|
|
30
|
+
2. Work from the relevant spec under `specs/quiver-vNN-*`.
|
|
31
|
+
3. Execute one slice at a time and keep one commit per slice.
|
|
32
|
+
4. Keep changes inside the slice `files` or `allowed_write_paths`.
|
|
33
|
+
5. Record validation evidence in the spec's `EVIDENCE_REPORT.md`.
|
|
34
|
+
6. Update the slice `CLOSURE_BRIEF.md`, `STATUS.md`, and `slice.json` when a
|
|
35
|
+
slice is completed.
|
|
36
|
+
7. Open one PR per slice by default using the relevant `pr.md`.
|
|
37
|
+
8. Group slices in one PR only when the grouped PR policy in
|
|
38
|
+
`docs/GITFLOW_PR_GUIDE.md` allows it.
|
|
39
|
+
|
|
40
|
+
Use the branch and base metadata in the target `slice.json`. If a branch guide
|
|
41
|
+
and `slice.json` disagree, prefer the current slice metadata and document the
|
|
42
|
+
decision in the PR notes.
|
|
43
|
+
|
|
44
|
+
## Specs and Slices
|
|
45
|
+
|
|
46
|
+
The real convention in this repository is:
|
|
47
|
+
|
|
48
|
+
```text
|
|
49
|
+
specs/quiver-vNN-short-name/
|
|
50
|
+
├─ SPEC.md
|
|
51
|
+
├─ STATUS.md
|
|
52
|
+
├─ EVIDENCE_REPORT.md
|
|
53
|
+
├─ EXECUTION_PLAN.md
|
|
54
|
+
├─ pr.md
|
|
55
|
+
└─ slices/
|
|
56
|
+
└─ slice-XX-short-name/
|
|
57
|
+
├─ slice.json
|
|
58
|
+
├─ EXECUTION_BRIEF.md
|
|
59
|
+
└─ CLOSURE_BRIEF.md
|
|
60
|
+
```
|
|
61
|
+
|
|
62
|
+
Do not document `docs/specs` as the canonical source for this repo. Generated
|
|
63
|
+
projects may receive their own `specs/<project-slug>/...` tree, but Quiver's
|
|
64
|
+
own dogfooding specs live under `specs/quiver-vNN-*`.
|
|
65
|
+
|
|
66
|
+
## Useful Commands
|
|
67
|
+
|
|
68
|
+
```bash
|
|
69
|
+
node bin/create-quiver.js --help
|
|
70
|
+
node bin/create-quiver.js spec validate specs/<spec-dir>
|
|
71
|
+
node bin/create-quiver.js check-slice specs/<spec-dir>/slices/<slice-id>/slice.json --local
|
|
72
|
+
node bin/create-quiver.js check-scope specs/<spec-dir>/slices/<slice-id>/slice.json --base origin/main --strict
|
|
73
|
+
npm run test:ci
|
|
74
|
+
npm run docs:check
|
|
75
|
+
npm run package:quiver
|
|
76
|
+
bash scripts/ci/smoke-create-quiver.sh
|
|
77
|
+
```
|
|
78
|
+
|
|
79
|
+
Current public CLI commands include canonical namespaces such as
|
|
80
|
+
`slice start`, `slice check`, `slice pr`, `slice scope`, `slice cleanup`,
|
|
81
|
+
`slice refresh-active`, `handoff check`, and `handoff new`. Legacy workflow
|
|
82
|
+
aliases such as `start-slice`, `check-slice`, `check-pr`, `check-handoff`,
|
|
83
|
+
`new-handoff`, `cleanup-slice`, `check-scope`, and `refresh-active-slices`
|
|
84
|
+
remain available for backward compatibility and warn on stderr. Do not document
|
|
85
|
+
unsupported command aliases unless they appear in `node bin/create-quiver.js --help`
|
|
86
|
+
on the branch you are changing.
|
|
87
|
+
|
|
88
|
+
## Validation Expectations
|
|
89
|
+
|
|
90
|
+
Run the smallest test set that proves the slice, then run broader gates when
|
|
91
|
+
the slice affects shared CLI behavior, package metadata, templates, or release
|
|
92
|
+
checks.
|
|
93
|
+
|
|
94
|
+
Recommended validation by change type:
|
|
95
|
+
|
|
96
|
+
| Change type | Minimum validation |
|
|
97
|
+
|---|---|
|
|
98
|
+
| Spec or slice docs only | `node bin/create-quiver.js spec validate specs/<spec-dir>` and `git diff --check` |
|
|
99
|
+
| CLI behavior | Targeted `npm run test:ci -- tests/...`, then `npm run test:ci` when shared paths change |
|
|
100
|
+
| Templates/generated docs | Init/analyze/doctor targeted tests plus `npm run docs:check` when docs links or public docs change |
|
|
101
|
+
| Package boundary | `npm run package:quiver` and installed CLI smoke when package contents change |
|
|
102
|
+
| Scripts | Relevant smoke script and ShellCheck for Bash scripts |
|
|
103
|
+
|
|
104
|
+
CI uses the same local equivalents:
|
|
105
|
+
|
|
106
|
+
- `npm ci` installs from the committed lockfile.
|
|
107
|
+
- `npm run test:ci` runs Node's native test runner through `scripts/ci/run-node-tests.js` without shell glob expansion.
|
|
108
|
+
- `npm run docs:lint` checks a controlled public-docs markdown scope.
|
|
109
|
+
- `npm run docs:links` checks local documentation links and ignores external URLs to avoid flaky network gates.
|
|
110
|
+
- `npm run package:quiver` validates the npm package boundary.
|
|
111
|
+
|
|
112
|
+
Always record commands, exit codes, and meaningful output in the relevant
|
|
113
|
+
`EVIDENCE_REPORT.md`.
|
|
114
|
+
|
|
115
|
+
## PR Requirements
|
|
116
|
+
|
|
117
|
+
Follow `docs/GITFLOW_PR_GUIDE.md` for PR structure, PR sizing, and merge
|
|
118
|
+
policy. Slice PR bodies must use:
|
|
119
|
+
|
|
120
|
+
- `## Title`
|
|
121
|
+
- `## Summary`
|
|
122
|
+
- `## PR Policy`
|
|
123
|
+
- `## Scope`
|
|
124
|
+
- `## Files`
|
|
125
|
+
- `## How to Test (DETAILED - REQUIRED)`
|
|
126
|
+
- `## Evidence`
|
|
127
|
+
- `## Rollback`
|
|
128
|
+
- `## Risks / Notes`
|
|
129
|
+
|
|
130
|
+
Use draft PRs while a spec or slice still needs review. Do not include local
|
|
131
|
+
audit inputs, PDFs, `.DS_Store`, worktrees, provider state, or secrets.
|
|
132
|
+
|
|
133
|
+
Open an individual PR when a slice changes functional code, UI/UX, Supabase,
|
|
134
|
+
Edge Functions, auth, storage, preview, performance/code-splitting, refactors,
|
|
135
|
+
or tests/CI gates. Grouped PRs are limited to at most 2-3 docs-only,
|
|
136
|
+
research-only, or low-risk mechanical-cleanup slices, with separate evidence
|
|
137
|
+
and no behavior changes.
|
|
138
|
+
|
|
139
|
+
Human merge is the default. Agents may create PRs, fix CI, monitor checks, and
|
|
140
|
+
mark PRs as ready. Assisted auto-merge requires explicit human authorization and
|
|
141
|
+
is limited to low-risk docs-only or chore-only PRs with green checks, no runtime
|
|
142
|
+
or production configuration changes, and no pending comments.
|
|
143
|
+
|
|
144
|
+
## Templates and Examples
|
|
145
|
+
|
|
146
|
+
- Human docs templates live under `docs/*.template` and localized variants use
|
|
147
|
+
`.es.template`.
|
|
148
|
+
- Machine templates such as `slice.json` are not localized.
|
|
149
|
+
- Spec templates live under `specs/[project-name]/`.
|
|
150
|
+
- Optional examples live under `docs/examples/`; generated demo output must not
|
|
151
|
+
be committed unless the slice explicitly asks for it.
|
|
152
|
+
|
|
153
|
+
## Package Boundary
|
|
154
|
+
|
|
155
|
+
The npm package is validated by `scripts/package-quiver.sh`. It requires the
|
|
156
|
+
runtime CLI, docs/templates, public metadata, community files, and package
|
|
157
|
+
scripts. It excludes tests, examples, old historical specs, CI-only scripts,
|
|
158
|
+
local PDFs, local AI state, worktrees, env files, npm credentials, and other
|
|
159
|
+
developer-only artifacts.
|
|
160
|
+
|
|
161
|
+
`npm run package:quiver` also installs the generated tarball in a temporary
|
|
162
|
+
project and verifies the installed CLI with `--version`, `--help`, and
|
|
163
|
+
`init --dry-run`. This catches package-boundary drift that local source tests
|
|
164
|
+
cannot catch.
|
|
165
|
+
|
|
166
|
+
If a contribution changes what should be published, update the package smoke and
|
|
167
|
+
package-safety expectations in the same slice.
|
|
168
|
+
|
|
169
|
+
## Changelog and Release Hygiene
|
|
170
|
+
|
|
171
|
+
- Every release-impacting slice must update `CHANGELOG.md` under
|
|
172
|
+
`[Unreleased]`.
|
|
173
|
+
- Keep entries categorized with headings such as `Added`, `Changed`, or `Fixed`.
|
|
174
|
+
- Run `npm run changelog:check` before opening a release or package-boundary PR.
|
|
175
|
+
- Run `npm run release:quiver` as a dry-run gate before release. It validates
|
|
176
|
+
changelog, docs, schema, installer smoke, package contents, and installed CLI
|
|
177
|
+
behavior.
|
|
178
|
+
- Publishing remains manual by default. The release script only honors
|
|
179
|
+
`--publish` or `--publish-current` when the release is explicitly authorized
|
|
180
|
+
with `QUIVER_ALLOW_NPM_PUBLISH=1`.
|
package/README.md
CHANGED
|
@@ -39,7 +39,7 @@ En lugar de pedirle a un agente "hacé esto y vemos qué pasa", Quiver propone u
|
|
|
39
39
|
4. generar specs y slices;
|
|
40
40
|
5. ejecutar un slice por vez;
|
|
41
41
|
6. validar con evidencia;
|
|
42
|
-
7. abrir un PR por
|
|
42
|
+
7. abrir un PR por slice por defecto.
|
|
43
43
|
|
|
44
44
|
## ¿Qué problema resuelve?
|
|
45
45
|
|
|
@@ -90,6 +90,8 @@ flowchart TD
|
|
|
90
90
|
|
|
91
91
|
## Primeros pasos
|
|
92
92
|
|
|
93
|
+
Requisito runtime: Node.js `>=20.12.0`. Ese mínimo está declarado en `package.json` y coincide con las dependencias publicadas que usa el CLI.
|
|
94
|
+
|
|
93
95
|
Ejecutá Quiver desde la raíz del proyecto que querés preparar.
|
|
94
96
|
|
|
95
97
|
```bash
|
|
@@ -102,17 +104,21 @@ npx --yes create-quiver@latest doctor
|
|
|
102
104
|
Después prepará el contexto para IA:
|
|
103
105
|
|
|
104
106
|
```bash
|
|
107
|
+
npx --yes create-quiver@latest ai analyze-project --deep --dry-run
|
|
105
108
|
npx --yes create-quiver@latest ai prepare-context --dry-run
|
|
106
109
|
npx --yes create-quiver@latest ai prepare-context
|
|
107
110
|
```
|
|
108
111
|
|
|
109
|
-
|
|
112
|
+
`ai analyze-project --deep --dry-run` arma una muestra representativa del repo sin escribir archivos ni ejecutar proveedor. El flujo de `prepare-context` usa el modo determinístico de Quiver: analiza el proyecto y actualiza solo documentación de contexto sin llamar a un proveedor de IA. Si querés que un agente planificador proponga el contexto, usá el modo asistido:
|
|
110
113
|
|
|
111
114
|
```bash
|
|
115
|
+
npx --yes create-quiver@latest ai analyze-project --deep --review
|
|
112
116
|
npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run
|
|
113
117
|
npx --yes create-quiver@latest ai prepare-context --with-planner --review --interactive
|
|
114
118
|
```
|
|
115
119
|
|
|
120
|
+
`ai analyze-project --deep --review` ejecuta el proveedor configurado, valida JSON con evidencia, abre revisión humana y solo escribe docs permitidos después de confirmación. No lee `.env`, dependencias, caches, binarios ni outputs generados; tampoco afirma comprensión perfecta cuando la evidencia no alcanza.
|
|
121
|
+
|
|
116
122
|
La inicialización crea un contrato visible para humanos y agentes, más estado interno de Quiver:
|
|
117
123
|
|
|
118
124
|
- `AGENTS.md`
|
|
@@ -176,6 +182,8 @@ Usá la guía que corresponda al estado de tu proyecto:
|
|
|
176
182
|
| `npx --yes create-quiver@latest doctor --json` | Devuelve el diagnóstico como JSON para automatizaciones. |
|
|
177
183
|
| `npx --yes create-quiver@latest flow` | Indica el próximo paso seguro. |
|
|
178
184
|
| `npx --yes create-quiver@latest dashboard` | Muestra estado consolidado de specs, slices, runs, approvals y agentes sin escribir archivos. |
|
|
185
|
+
| `npx --yes create-quiver@latest ai analyze-project --deep --dry-run` | Muestra qué archivos leería para inferir producto, arquitectura, funcionalidades y riesgos, sin escribir ni ejecutar proveedor. |
|
|
186
|
+
| `npx --yes create-quiver@latest ai analyze-project --deep --review` | Ejecuta análisis IA con evidencia, abre revisión humana y actualiza solo docs permitidos con snapshot previo. |
|
|
179
187
|
| `npx --yes create-quiver@latest ai prepare-context --dry-run` | Previsualiza contexto de onboarding para IA sin tocar código de producto. |
|
|
180
188
|
| `npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run` | Previsualiza una propuesta de contexto generada por el planner. |
|
|
181
189
|
| `npx --yes create-quiver@latest ai models list` | Lista proveedores y modelos conocidos por Quiver para configurar agentes. |
|
|
@@ -260,6 +268,10 @@ Los perfiles de agentes separan dos datos:
|
|
|
260
268
|
- Un CLI local de proveedor si querés que Quiver invoque IA directamente.
|
|
261
269
|
|
|
262
270
|
El CLI está pensado para macOS, Linux, Windows PowerShell, Git Bash y WSL.
|
|
271
|
+
En Windows PowerShell usá el CLI Node o los scripts `quiver:*` generados, por
|
|
272
|
+
ejemplo `npm run quiver:check-slice -- --local specs/<spec>/slices/<slice>/slice.json`.
|
|
273
|
+
Los scripts Bash legacy, como `start:slice` o `check:slice`, se conservan solo
|
|
274
|
+
para compatibilidad en shells con Bash.
|
|
263
275
|
|
|
264
276
|
## Desarrollar Quiver
|
|
265
277
|
|
|
@@ -275,6 +287,9 @@ npm run package:quiver
|
|
|
275
287
|
Validación de release:
|
|
276
288
|
|
|
277
289
|
```bash
|
|
290
|
+
npm run changelog:check
|
|
291
|
+
npm run docs:check
|
|
292
|
+
npm run schema:slice:check
|
|
278
293
|
npm run smoke:create-quiver
|
|
279
294
|
npm run smoke:doctor-fixtures
|
|
280
295
|
npm run smoke:guided-workflow
|
package/README_FOR_AI.md
CHANGED
|
@@ -17,6 +17,7 @@ If the project already exists from an older Quiver version and was previously in
|
|
|
17
17
|
If the project was never initialized by Quiver, do not use `migrate` as bootstrap; run `npx create-quiver init --name "Project Name"` first.
|
|
18
18
|
Use `npx create-quiver evidence run -- <command>` to capture validation evidence with command, exit code, duration, truncated output, and best-effort redaction. The safe default output is `.quiver/evidence/`; use `--output <file>` when a slice needs a specific evidence artifact.
|
|
19
19
|
Use `npx create-quiver demo create spec-viewer --dry-run` to inspect the optional Quiver Spec Viewer demo scaffold, then add `--dir <target>` for a real run. The demo is not part of default init and must remain small, static, dependency-light, and non-destructive.
|
|
20
|
+
Use `npx create-quiver ai analyze-project --deep --dry-run` before asking IA to describe an existing repo. Dry-run must stay read-only, skip provider execution, and explain selected/omitted files. Use `npx create-quiver ai analyze-project --deep --review` only when the human wants provider-backed docs: it must validate JSON with evidence/confidence, open editable review, show final diff, require confirmation, snapshot under `.quiver/runs`, redact artifacts, and run post-write validation. Never claim perfect project understanding; keep weak conclusions as `unknown` or `needs_confirmation`.
|
|
20
21
|
The v20, v21, v22, and v23 specs are completed. `specs/quiver-v23-guided-flow-productization/` productized the manual planner/executor prompt workflow into guided Quiver commands, profiles, compact prompts, safe approvals, executor prompts, delegated execution modes, and release readiness evidence.
|
|
21
22
|
The v24 spec is implemented under `specs/quiver-v24-dx-onboarding-hardening/`; it captures DX hardening found while dogfooding Quiver with Quiver Spec Viewer, including init hygiene, CLI ambiguity, local slice validation, analyzer quality, AI context preparation, evidence capture, and demo scaffolding. Do not claim a package release until npm publication actually happens.
|
|
22
23
|
The v25 spec is implemented under `specs/quiver-v25-ai-first-lifecycle-orchestrator/` and shipped in `create-quiver@0.12.0`; it covers safe AI onboarding docs, strict run state, phase locks, agent adapters, approval gates, spec/slice generation, execution planning, controlled slice execution, worktree/PR lifecycle, validation hardening, export, and migration.
|
|
@@ -29,6 +30,7 @@ The v31 spec is implemented and release-ready pending PR/package publication und
|
|
|
29
30
|
The v32 documentation spec is implemented under `specs/quiver-v32-npx-installation-guidance/`; it clarifies why `npx --yes create-quiver@latest` does not install Quiver into project `node_modules`, when to install `create-quiver` as a `devDependency`, and where users should look when troubleshooting that behavior.
|
|
30
31
|
The v34 dashboard spec is implemented under `specs/quiver-v34-cli-dashboard-status/`; it adds the read-only top-level `dashboard` command, compact schema v1 JSON output, global vs visible progress, next-ready slice guidance, edge-case guardrails, `quiver:dashboard` generated scripts, docs, tests, smokes, and package-readiness evidence. It does not publish npm.
|
|
31
32
|
The v35 dashboard/version UX spec is implemented under `specs/quiver-v35-compact-dashboard-version-ux/`; it keeps `dashboard` compact by default, adds `dashboard --details`, `dashboard --section <name>`, `dashboard --limit <n>`, and adds the Quiver-branded `version` command without changing top-level `--version` / `-V`.
|
|
33
|
+
The v46 deep project analysis spec is implemented under `specs/quiver-v46-deep-project-analysis/` and release-ready pending npm publication. It adds `ai analyze-project` with bounded stack-agnostic discovery, semantic sampling, privacy exclusions, evidence/confidence validation, provider-backed JSON parsing, editable human review, docs-only safe writes, `.quiver/runs` snapshots, and post-write consistency checks.
|
|
32
34
|
Guided AI workflow behavior is available: prepare, approvals, production-readiness plan review, spec worktrees, executor commits, execution waves, PR creation, spec close, and package safety.
|
|
33
35
|
Generated projects also get `quiver:*` npm scripts that call the Node CLI directly; prefer those for repeatable project workflows, including `quiver:version` for version metadata, `quiver:flow` for the read-only guided entrypoint, `quiver:dashboard` for consolidated read-only project/spec/slice status, `quiver:plan` for sequential planning, `quiver:graph` for parallel-level inspection, `quiver:next` for the next ready slice, `quiver:evidence` for local command evidence, `quiver:spec:create` for real spec generation, `quiver:spec:validate` for full spec validation, and the AI family `quiver:ai:agent`, `quiver:ai:inspect`, `quiver:ai:export`, `quiver:ai:specs`, `quiver:ai:slices`, `quiver:ai:trace`, `quiver:ai:onboard`, `quiver:ai:prepare-context`, `quiver:ai:plan`, `quiver:ai:review-plan`, `quiver:ai:approve`, `quiver:ai:prompt-slice`, `quiver:ai:execute-slice`, `quiver:ai:execute-plan`, `quiver:ai:pr`, and `quiver:ai:doctor`. Use `quiver:graph --format mermaid` for PR-ready Markdown or `quiver:graph --format dot` for Graphviz source.
|
|
34
36
|
`quiver:ai:execute-plan` supports `--mode manual` for paste-ready executor prompts and `--mode delegated` for temporary worktrees on parallel-ready waves; unsafe waves fall back to sequential execution.
|
|
@@ -51,11 +53,12 @@ The primary generated project context for agents is `docs/AI_CONTEXT.md`.
|
|
|
51
53
|
The project map is the single source of truth for stack, package manager, commands, and file hints: `docs/PROJECT_MAP.md`.
|
|
52
54
|
The raw analyzer output is internal machinery at `.quiver/scans/PROJECT_SCAN.json`; read it only when the visible map is not enough.
|
|
53
55
|
`npx create-quiver analyze --dry-run` must remain read-only and only preview the scan/project-map/context writes. `npx create-quiver flow` reports the context source/freshness and the package-manager-aware generated script command so agents can see whether the project map is current, stale, partial, legacy, invalid, or missing.
|
|
56
|
+
`npx create-quiver ai analyze-project --deep --dry-run` is the safe default for evidence-backed IA context analysis and must not write files or call provider CLIs. It excludes `.env`, `.git`, `.quiver`, dependencies, caches, build outputs, binaries and symlinks. Live `ai analyze-project --deep --review` may update only approved docs (`docs/CONTEXTO.md`, `docs/AI_CONTEXT.md`, `docs/ARCHITECTURE.md`, `docs/STATUS.md`, `docs/DECISIONS.md`, `docs/PROJECT_MAP.md`) after editable review and confirmation.
|
|
54
57
|
`npx create-quiver ai prepare-context --dry-run` remains the deterministic default and must not execute provider CLIs. `npx create-quiver ai prepare-context --with-planner --dry-run` previews planner-assisted context preparation. `--with-planner --print-prompt` prints the exact prompt without provider auth; live planner writes should use `--review` and/or `--interactive` when the human wants review before docs-only writes.
|
|
55
58
|
`npx create-quiver ai agent set <role> --provider <provider> --model <model-id> --dry-run` must preview `.quiver/agents/profiles.json` changes without writing. In TTY mode, `npx create-quiver ai agent set <role>` can guide provider/model selection; in CI/no-TTY, require explicit `--provider` and `--model`. Use dry-run before saving planner/executor/reviewer/doctor profiles.
|
|
56
59
|
GitHub PR diagnostics must stay cross-platform: auth failures should point to likely account, scope, and SSH alias issues; path examples with spaces must be copy-safe for macOS/Linux, Windows PowerShell, Git Bash, and WSL.
|
|
57
60
|
CLI UX standard lives in `docs/CLI_UX_GUIDE.md`. Supported Quiver colors are `#86C8F2`, `#6BADEB`, `#7F9EE8`, `#9B82E6`, and `#D56AB0`; output must respect `--no-color`, `NO_COLOR`, CI, and no-TTY environments.
|
|
58
|
-
UX flags are intentionally limited: `ai prepare-context`, `ai plan`, and `spec create` support `--with-planner`, `--interactive`, and `--review`; `ai pr` supports `--interactive` and `--review` but rejects `--with-planner`; read-only commands such as `flow`, `dashboard`, `version`, `next`, `graph`, `ai inspect`, `ai export`, `ai specs list`, `ai slices list`, and `ai trace report` reject these UX flags. `dashboard` may use read-only inspection flags `--details`, `--section`, and `--limit`; `--json` must reject human-only dashboard flags plus `--interactive` and `--review` before writing human output.
|
|
61
|
+
UX flags are intentionally limited: `ai analyze-project` supports `--review` for provider-backed docs after dry-run-first analysis; `ai prepare-context`, `ai plan`, and `spec create` support `--with-planner`, `--interactive`, and `--review`; `ai pr` supports `--interactive` and `--review` but rejects `--with-planner`; read-only commands such as `flow`, `dashboard`, `version`, `next`, `graph`, `ai inspect`, `ai export`, `ai specs list`, `ai slices list`, and `ai trace report` reject these UX flags. `dashboard` may use read-only inspection flags `--details`, `--section`, and `--limit`; `--json` must reject human-only dashboard flags plus `--interactive` and `--review` before writing human output.
|
|
59
62
|
The universal router for generated projects is `AGENTS.md`; read it before `docs/AI_CONTEXT.md` and `docs/AI_ONBOARDING_PROMPT.md`.
|
|
60
63
|
Generated projects also get `docs/DECISIONS.md`; use it for durable choices that should not be re-litigated.
|
|
61
64
|
If a generated project has been analyzed, the exact agent handoff prompt is `docs/AI_ONBOARDING_PROMPT.md`.
|
package/ROADMAP.md
CHANGED
|
@@ -1,5 +1,9 @@
|
|
|
1
1
|
# Roadmap
|
|
2
2
|
|
|
3
|
+
Note: `vNN` labels in this file refer to Quiver's internal dogfooding specs
|
|
4
|
+
under `specs/quiver-vNN-*`. They are not npm semver releases unless the section
|
|
5
|
+
explicitly says a package version was published.
|
|
6
|
+
|
|
3
7
|
## v0.1
|
|
4
8
|
|
|
5
9
|
- Publish the OSS foundation
|
package/SECURITY.md
CHANGED
|
@@ -7,6 +7,13 @@ Security fixes are applied to the current active version of the repository and t
|
|
|
7
7
|
## Reporting a Vulnerability
|
|
8
8
|
|
|
9
9
|
- Do not open a public issue for a security bug.
|
|
10
|
-
-
|
|
11
|
-
- Include reproduction steps
|
|
10
|
+
- Email `juncalfabri@gmail.com` with the subject prefix `[quiver-security]`.
|
|
11
|
+
- Include affected version or commit, reproduction steps, observed impact, and
|
|
12
|
+
whether the issue is already being exploited.
|
|
13
|
+
- Do not share exploit details publicly until maintainers coordinate a fix or
|
|
14
|
+
disclosure plan.
|
|
12
15
|
|
|
16
|
+
GitHub Private Vulnerability Reporting is the preferred long-term channel, but
|
|
17
|
+
it is not enabled for this repository as of 2026-06-01. Repository owners should
|
|
18
|
+
enable it from GitHub repository settings before replacing the email fallback
|
|
19
|
+
above.
|
|
@@ -20,7 +20,9 @@ Este archivo comprime el contrato de trabajo para agentes IA. Usa los documentos
|
|
|
20
20
|
## Reglas criticas
|
|
21
21
|
|
|
22
22
|
- Un slice equivale a un commit.
|
|
23
|
-
- Un
|
|
23
|
+
- Un slice equivale a un PR por defecto.
|
|
24
|
+
- Un spec puede generar multiples PRs.
|
|
25
|
+
- Los PRs agrupados son excepciones y deben cumplir `docs/GITFLOW_PR_GUIDE.md`.
|
|
24
26
|
- No inventes archivos, rutas, flags ni reglas de negocio.
|
|
25
27
|
- No sobrescribas contenido humano sin revisar si debe preservarse.
|
|
26
28
|
- Usa `TODO`, `Assumption` o `Pending confirmation` para incertidumbre.
|
|
@@ -34,7 +34,9 @@ This file is the main context pack after `AGENTS.md` and `docs/PROJECT_MAP.md`.
|
|
|
34
34
|
## Critical Rules
|
|
35
35
|
|
|
36
36
|
- One slice maps to one commit.
|
|
37
|
-
- One
|
|
37
|
+
- One slice maps to one PR by default.
|
|
38
|
+
- One spec can produce multiple PRs.
|
|
39
|
+
- Grouped PRs are exceptions and must follow `docs/GITFLOW_PR_GUIDE.md`.
|
|
38
40
|
- Slice numbering resets inside each spec.
|
|
39
41
|
- Do not invent files that the bootstrap did not generate.
|
|
40
42
|
- Use canonical paths when a path matters.
|