create-quiver 0.16.0 → 0.17.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +7 -1
- package/README_FOR_AI.md +4 -1
- package/docs/CLI_UX_GUIDE.md +11 -0
- package/docs/INDEX.md +5 -1
- package/docs/reference/commands.md +34 -0
- package/package.json +1 -1
- package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +31 -1
- package/specs/quiver-v46-deep-project-analysis/EVIDENCE_REPORT.md +94 -0
- package/specs/quiver-v46-deep-project-analysis/EXECUTION_PLAN.md +26 -0
- package/specs/quiver-v46-deep-project-analysis/SPEC.md +157 -0
- package/specs/quiver-v46-deep-project-analysis/STATUS.md +26 -0
- package/specs/quiver-v46-deep-project-analysis/pr.md +131 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/CLOSURE_BRIEF.md +14 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/EXECUTION_BRIEF.md +41 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/slice.json +61 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/EXECUTION_BRIEF.md +33 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/slice.json +80 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/CLOSURE_BRIEF.md +21 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/EXECUTION_BRIEF.md +34 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/slice.json +79 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/CLOSURE_BRIEF.md +19 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/EXECUTION_BRIEF.md +33 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/slice.json +79 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/CLOSURE_BRIEF.md +20 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/EXECUTION_BRIEF.md +32 -0
- package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/slice.json +85 -0
- package/src/create-quiver/commands/ai.js +521 -0
- package/src/create-quiver/index.js +113 -3
- package/src/create-quiver/lib/ai/analyze-project-discovery.js +387 -0
- package/src/create-quiver/lib/ai/analyze-project-docs.js +364 -0
- package/src/create-quiver/lib/ai/analyze-project-parser.js +277 -0
- package/src/create-quiver/lib/ai/analyze-project-prompts.js +214 -0
- package/src/create-quiver/lib/ai/analyze-project-review.js +99 -0
- package/src/create-quiver/lib/ai/analyze-project-sampling.js +402 -0
- package/src/create-quiver/lib/ai/analyze-project-schema.js +92 -0
- package/src/create-quiver/lib/ai/analyze-project-validation.js +309 -0
- package/src/create-quiver/lib/ai/artifacts.js +4 -1
- package/src/create-quiver/lib/cli/command-registry.js +1 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/approvals.json +0 -5
- package/.quiver/runs/run-2026-06-09t19-14-39z/decisions.md +0 -2
- package/.quiver/runs/run-2026-06-09t19-14-39z/requirement.md +0 -0
- package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/docs/INDEX.md +0 -97
- package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/manifest.json +0 -61
- package/.quiver/runs/run-2026-06-09t19-14-39z/state.json +0 -28
- package/ACTIVE_SLICES.md +0 -43
- package/auditoria-ux-ui-performance-documentacion.md +0 -705
- package/copys-landing-page.md +0 -244
- package/docs/ai/ACTIVE_SLICE.md +0 -61
- package/pr.md +0 -154
|
@@ -0,0 +1,131 @@
|
|
|
1
|
+
# Quiver v46 - Deep Project Analysis
|
|
2
|
+
|
|
3
|
+
## Title
|
|
4
|
+
|
|
5
|
+
Implement production-safe `ai analyze-project`
|
|
6
|
+
|
|
7
|
+
## Summary
|
|
8
|
+
|
|
9
|
+
This PR adds a new `ai analyze-project` workflow that can inspect an existing repository, build a bounded evidence sample, run optional provider-backed analysis, and turn validated results into reviewed documentation updates.
|
|
10
|
+
|
|
11
|
+
The safe default is read-only: `--dry-run` reports what Quiver would read, why each file was selected or omitted, the applied budgets, and security exclusions without calling a provider or writing files.
|
|
12
|
+
|
|
13
|
+
## Scope
|
|
14
|
+
|
|
15
|
+
- Adds `ai analyze-project` CLI routing, help text, analysis flags, human output, and JSON output.
|
|
16
|
+
- Adds stack-agnostic discovery and semantic sampling for source, tests, DB/schema, configs, docs, monorepos, unknown stacks, symlinks, binaries, secrets, caches, dependencies, and build outputs.
|
|
17
|
+
- Adds provider-backed JSON analysis with schema validation, evidence validation, confidence levels, truncation downgrade rules, prompt redaction, and no-write failure paths.
|
|
18
|
+
- Adds review/edit/final-diff/confirm flow for approved documentation updates only.
|
|
19
|
+
- Adds safe writes with managed blocks, snapshots, manifests, before/after hashes, restore hints, and redacted raw artifacts.
|
|
20
|
+
- Adds post-write validation for schema, evidence paths, placeholders, managed blocks, snapshot manifests, and deterministic doc conflicts with `--strict`.
|
|
21
|
+
- Updates README, command reference, CLI UX guide, AI guidance, fixture matrix, i18n command matrix, and package ignore rules.
|
|
22
|
+
|
|
23
|
+
## Files
|
|
24
|
+
|
|
25
|
+
- `src/create-quiver/commands/ai.js`
|
|
26
|
+
- `src/create-quiver/index.js`
|
|
27
|
+
- `src/create-quiver/lib/ai/analyze-project-*.js`
|
|
28
|
+
- `tests/commands/ai-analyze-project*.test.js`
|
|
29
|
+
- `tests/lib/ai-analyze-project*.test.js`
|
|
30
|
+
- `tests/fixtures/ai-analyze-project/matrix.json`
|
|
31
|
+
- `docs/reference/commands.md`
|
|
32
|
+
- `docs/CLI_UX_GUIDE.md`
|
|
33
|
+
- `README.md`
|
|
34
|
+
- `README_FOR_AI.md`
|
|
35
|
+
- `.npmignore`
|
|
36
|
+
- `specs/quiver-v46-deep-project-analysis/**`
|
|
37
|
+
|
|
38
|
+
## How to Test (DETAILED - REQUIRED)
|
|
39
|
+
|
|
40
|
+
### Required Environment
|
|
41
|
+
|
|
42
|
+
- Node.js and npm available.
|
|
43
|
+
- GitHub CLI available for PR creation.
|
|
44
|
+
- Authenticated `gh` session.
|
|
45
|
+
- SSH host alias: `github-personal`.
|
|
46
|
+
- Identity file: `~/ssh/github-personal`.
|
|
47
|
+
|
|
48
|
+
### Worktree Access
|
|
49
|
+
|
|
50
|
+
From the repository root:
|
|
51
|
+
|
|
52
|
+
```bash
|
|
53
|
+
git status --short --branch
|
|
54
|
+
git remote -v
|
|
55
|
+
```
|
|
56
|
+
|
|
57
|
+
Expected remote shape:
|
|
58
|
+
|
|
59
|
+
```text
|
|
60
|
+
origin git@github-personal:FabriJuncal/quiver.git
|
|
61
|
+
```
|
|
62
|
+
|
|
63
|
+
### Run the Project
|
|
64
|
+
|
|
65
|
+
No dev server is required. This is a CLI feature.
|
|
66
|
+
|
|
67
|
+
### Use Cases
|
|
68
|
+
|
|
69
|
+
1. Preview analysis without writes:
|
|
70
|
+
|
|
71
|
+
```bash
|
|
72
|
+
node bin/create-quiver.js ai analyze-project --deep --dry-run
|
|
73
|
+
node bin/create-quiver.js ai analyze-project --deep --dry-run --json
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
2. Run provider-backed analysis in tests through fake providers:
|
|
77
|
+
|
|
78
|
+
```bash
|
|
79
|
+
node --test tests/commands/ai-analyze-project-provider.test.js
|
|
80
|
+
```
|
|
81
|
+
|
|
82
|
+
3. Validate review and safe-write behavior:
|
|
83
|
+
|
|
84
|
+
```bash
|
|
85
|
+
node --test tests/commands/ai-analyze-project-review.test.js tests/lib/ai-analyze-project-validation.test.js
|
|
86
|
+
```
|
|
87
|
+
|
|
88
|
+
### Technical Verification
|
|
89
|
+
|
|
90
|
+
Commands run:
|
|
91
|
+
|
|
92
|
+
```bash
|
|
93
|
+
node --test tests/docs/command-reference.test.js tests/commands/cli-contract.test.js tests/commands/i18n-audit-matrix.test.js tests/commands/parser-contract.test.js
|
|
94
|
+
# pass: 22 tests
|
|
95
|
+
|
|
96
|
+
node --test tests/commands/cli-contract.test.js tests/commands/i18n-audit-matrix.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/ai-analyze-project-discovery.test.js tests/commands/ai-analyze-project-review.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-parser.test.js tests/lib/ai-analyze-project-schema.test.js
|
|
97
|
+
# pass: 41 tests
|
|
98
|
+
|
|
99
|
+
node --test
|
|
100
|
+
# pass: 686 tests
|
|
101
|
+
|
|
102
|
+
npm run smoke:create-quiver
|
|
103
|
+
# pass: create-quiver smoke test passed
|
|
104
|
+
|
|
105
|
+
npm run package:quiver
|
|
106
|
+
# pass: Package smoke passed: create-quiver-0.16.0.tgz
|
|
107
|
+
|
|
108
|
+
node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict
|
|
109
|
+
# pass: spec validation passed
|
|
110
|
+
|
|
111
|
+
git diff --check
|
|
112
|
+
# pass
|
|
113
|
+
```
|
|
114
|
+
|
|
115
|
+
## Evidence
|
|
116
|
+
|
|
117
|
+
- `specs/quiver-v46-deep-project-analysis/EVIDENCE_REPORT.md`
|
|
118
|
+
- `specs/quiver-v46-deep-project-analysis/STATUS.md`
|
|
119
|
+
- `specs/quiver-v46-deep-project-analysis/slices/*/CLOSURE_BRIEF.md`
|
|
120
|
+
- `tests/fixtures/ai-analyze-project/matrix.json`
|
|
121
|
+
|
|
122
|
+
## Rollback
|
|
123
|
+
|
|
124
|
+
Revert the PR commit. The feature is additive and isolated behind the new `ai analyze-project` command path. Runtime doc writes created by the command include snapshots and restore hints under `.quiver/runs/<run-id>/snapshots/`.
|
|
125
|
+
|
|
126
|
+
## Risks / Notes
|
|
127
|
+
|
|
128
|
+
- `ai analyze-project` human output is currently English-only; JSON output is stable. This is recorded as an accepted i18n follow-up in the v43 command matrix.
|
|
129
|
+
- Stack-specific adapters such as Rails, Django, Laravel, NestJS, Spring, and mobile are deferred. Generic heuristics remain the fallback and keep the same schema.
|
|
130
|
+
- `--dry-run` intentionally never writes and never executes provider CLIs.
|
|
131
|
+
- `.quiver/` is excluded from npm packaging to avoid publishing local AI run state.
|
|
@@ -0,0 +1,14 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-00 Analysis contract foundation
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Spec package and slice handoffs created from approved acceptance criteria, technical plan, and production review. Runtime implementation intentionally not started.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [ ] `node -e "const fs=require('fs'); for (const f of fs.globSync('specs/quiver-v46-deep-project-analysis/slices/*/slice.json')) JSON.parse(fs.readFileSync(f,'utf8')); console.log('slice json ok')"`
|
|
10
|
+
- [ ] `git diff --check`
|
|
11
|
+
|
|
12
|
+
## Follow-Up
|
|
13
|
+
|
|
14
|
+
- Start `slice-01-stack-agnostic-discovery-sampling` only when implementation is explicitly requested.
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-00 Analysis contract foundation
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
The user approved acceptance criteria and a production review for a new deep project analysis workflow. This slice creates the documented contract only.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Create the v46 spec package and all slice handoffs without implementing runtime code.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
### Included
|
|
14
|
+
|
|
15
|
+
- `SPEC.md`
|
|
16
|
+
- `STATUS.md`
|
|
17
|
+
- `EXECUTION_PLAN.md`
|
|
18
|
+
- `EVIDENCE_REPORT.md`
|
|
19
|
+
- `pr.md`
|
|
20
|
+
- `slice.json`, `EXECUTION_BRIEF.md`, and `CLOSURE_BRIEF.md` for each planned slice.
|
|
21
|
+
|
|
22
|
+
### Excluded
|
|
23
|
+
|
|
24
|
+
- CLI parser changes.
|
|
25
|
+
- Source discovery implementation.
|
|
26
|
+
- Provider execution.
|
|
27
|
+
- Safe write implementation.
|
|
28
|
+
- Tests beyond structural validation.
|
|
29
|
+
|
|
30
|
+
## Acceptance Criteria
|
|
31
|
+
|
|
32
|
+
- Spec package exists under `specs/quiver-v46-deep-project-analysis`.
|
|
33
|
+
- Every slice directory includes `slice.json`, `EXECUTION_BRIEF.md`, and `CLOSURE_BRIEF.md`.
|
|
34
|
+
- Runtime implementation is explicitly marked as not started.
|
|
35
|
+
- Source code implementation files are not modified.
|
|
36
|
+
|
|
37
|
+
## Completion Checklist
|
|
38
|
+
|
|
39
|
+
- [x] Spec package created.
|
|
40
|
+
- [x] Slice handoffs created.
|
|
41
|
+
- [x] Implementation deferred.
|
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-00-analysis-contract-foundation",
|
|
3
|
+
"ticket": "QUIVER-46-00",
|
|
4
|
+
"type": "documentation",
|
|
5
|
+
"title": "Analysis contract foundation",
|
|
6
|
+
"objective": "Create the approved v46 spec package and implementation handoffs for deep project analysis without implementing runtime code.",
|
|
7
|
+
"description": "Documents the user-approved acceptance criteria, production review additions, technical plan, slice roadmap, and handoffs for the new ai analyze-project workflow.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v46-analysis-contract-foundation",
|
|
12
|
+
"branch_name": "feature/QUIVER-46-00-v46-analysis-contract-foundation"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"specs/quiver-v46-deep-project-analysis/**"
|
|
16
|
+
],
|
|
17
|
+
"expected_read_paths": [
|
|
18
|
+
"README_FOR_AI.md",
|
|
19
|
+
"docs/reference/commands.md",
|
|
20
|
+
"specs/quiver-v44-provider-live-output-tui-lite/SPEC.md",
|
|
21
|
+
"src/create-quiver/commands/ai.js",
|
|
22
|
+
"src/create-quiver/lib/ai/onboarding-template.js"
|
|
23
|
+
],
|
|
24
|
+
"allowed_write_paths": [
|
|
25
|
+
"specs/quiver-v46-deep-project-analysis/**"
|
|
26
|
+
],
|
|
27
|
+
"depends_on": [],
|
|
28
|
+
"parallel_safe": "no",
|
|
29
|
+
"parallel_safe_reason": "Foundation defines the contract for all later v46 slices.",
|
|
30
|
+
"must": [
|
|
31
|
+
"Create SPEC.md, STATUS.md, EXECUTION_PLAN.md, EVIDENCE_REPORT.md, pr.md, and all slice handoffs.",
|
|
32
|
+
"Capture approved acceptance criteria and production review additions.",
|
|
33
|
+
"Keep runtime implementation code untouched.",
|
|
34
|
+
"Make default read-only, privacy preflight, evidence validation, and safe writes explicit guardrails."
|
|
35
|
+
],
|
|
36
|
+
"not_included": [
|
|
37
|
+
"Runtime CLI parser implementation.",
|
|
38
|
+
"Discovery or sampling implementation.",
|
|
39
|
+
"Provider execution.",
|
|
40
|
+
"Doc write implementation."
|
|
41
|
+
],
|
|
42
|
+
"acceptance": [
|
|
43
|
+
"Spec package exists under specs/quiver-v46-deep-project-analysis.",
|
|
44
|
+
"Every slice directory includes slice.json, EXECUTION_BRIEF.md, and CLOSURE_BRIEF.md.",
|
|
45
|
+
"The package records that runtime implementation has not started.",
|
|
46
|
+
"No source code implementation files are modified by this slice."
|
|
47
|
+
],
|
|
48
|
+
"tests": [
|
|
49
|
+
"node -e \"const fs=require('fs'); for (const f of fs.globSync('specs/quiver-v46-deep-project-analysis/slices/*/slice.json')) JSON.parse(fs.readFileSync(f,'utf8')); console.log('slice json ok')\"",
|
|
50
|
+
"git diff --check"
|
|
51
|
+
],
|
|
52
|
+
"validation_hints": [
|
|
53
|
+
"Validate JSON parseability for every slice file.",
|
|
54
|
+
"Inspect git diff to confirm only v46 spec files changed for this slice."
|
|
55
|
+
],
|
|
56
|
+
"estimated_hours": 1,
|
|
57
|
+
"status": "completed",
|
|
58
|
+
"blocked_reason": null,
|
|
59
|
+
"actual_hours": 1,
|
|
60
|
+
"completed_at": "2026-06-10"
|
|
61
|
+
}
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-01 Stack-agnostic discovery and sampling
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Implemented the read-only `ai analyze-project` command shell plus deterministic, stack-agnostic discovery and semantic sampling. The command reports selected files, omitted files, budgets, workspace roots, detected configs/entrypoints/scripts, and safety exclusions without provider execution or persistent writes.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `node --test tests/commands/ai-analyze-project.test.js`
|
|
10
|
+
- [x] `node --test tests/lib/ai-analyze-project-discovery.test.js`
|
|
11
|
+
- [x] `node --test tests/commands/cli-contract.test.js`
|
|
12
|
+
- [x] `node --test`
|
|
13
|
+
- [x] `node bin/create-quiver.js ai analyze-project --dry-run`
|
|
14
|
+
- [x] `node bin/create-quiver.js ai analyze-project --dry-run --json`
|
|
15
|
+
- [x] `git diff --check`
|
|
16
|
+
|
|
17
|
+
## Closure Notes
|
|
18
|
+
|
|
19
|
+
- Adapter-specific hooks were deferred to later slices; the current implementation uses a generic heuristic scorer with stable output fields.
|
|
20
|
+
- `--deep` enables source and DB sampling. Tests remain opt-in through `--include-tests`.
|
|
21
|
+
- JSON output includes full selected/omitted detail for automation; human output caps long lists while preserving reason summaries.
|
|
22
|
+
- No `.quiver` runtime state is created by the new command in slice-01.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-01 Stack-agnostic discovery and sampling
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
This slice starts runtime implementation for the new `ai analyze-project` command but keeps it deterministic and read-only. It must not execute a provider and must not write files.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Create the command shell, dry-run output, discovery, sampling, budgets, scope handling, and safety exclusions needed before any AI provider work can be added.
|
|
10
|
+
|
|
11
|
+
## Acceptance Criteria
|
|
12
|
+
|
|
13
|
+
- `ai analyze-project` exists and is read-only by default.
|
|
14
|
+
- `--dry-run` writes no files and runs no provider.
|
|
15
|
+
- Human output lists selected files, omitted files, budgets, roots, scope, safety exclusions, and next commands.
|
|
16
|
+
- `--json` produces clean machine-readable output.
|
|
17
|
+
- Sampling respects `--max-files`, `--max-bytes`, `--include-source`, `--include-tests`, `--include-db`, and `--scope`.
|
|
18
|
+
- Secrets, dependencies, caches, build outputs, `.git`, binary files, and outside-repo symlinks are excluded.
|
|
19
|
+
- Monorepo/workspace roots are reported.
|
|
20
|
+
|
|
21
|
+
## Production Guardrails
|
|
22
|
+
|
|
23
|
+
- `--json` is format only; it must not imply writes or provider execution.
|
|
24
|
+
- No-TTY behavior must not wait for interaction.
|
|
25
|
+
- Symlinks must be omitted unless they resolve inside the repo and an explicit future mode supports following them.
|
|
26
|
+
|
|
27
|
+
## Completion Checklist
|
|
28
|
+
|
|
29
|
+
- [ ] Parser and command dispatch added.
|
|
30
|
+
- [ ] Discovery/sampling module added.
|
|
31
|
+
- [ ] Dry-run report implemented.
|
|
32
|
+
- [ ] Fixtures and tests added.
|
|
33
|
+
- [ ] No provider or write path introduced.
|
|
@@ -0,0 +1,80 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-01-stack-agnostic-discovery-sampling",
|
|
3
|
+
"ticket": "QUIVER-46-01",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Stack-agnostic discovery and sampling",
|
|
6
|
+
"objective": "Add the read-only ai analyze-project command shell plus deterministic discovery and semantic sampling without provider execution or writes.",
|
|
7
|
+
"description": "Introduces the safe default command behavior, dry-run reports, stack-agnostic source discovery, scope support, budgets, safety exclusions, and selected/omitted file explanations.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v46-discovery-sampling",
|
|
12
|
+
"branch_name": "feature/QUIVER-46-01-v46-discovery-sampling"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/index.js",
|
|
16
|
+
"src/create-quiver/commands/ai.js",
|
|
17
|
+
"src/create-quiver/lib/ai/analyze-project-discovery.js",
|
|
18
|
+
"src/create-quiver/lib/ai/analyze-project-sampling.js",
|
|
19
|
+
"src/create-quiver/lib/ai/safety.js",
|
|
20
|
+
"tests/**"
|
|
21
|
+
],
|
|
22
|
+
"expected_read_paths": [
|
|
23
|
+
"src/create-quiver/index.js",
|
|
24
|
+
"src/create-quiver/commands/ai.js",
|
|
25
|
+
"src/create-quiver/lib/ai/safety.js",
|
|
26
|
+
"src/create-quiver/lib/project-scan.js",
|
|
27
|
+
"src/create-quiver/lib/project-state-resolver.js",
|
|
28
|
+
"tests/commands"
|
|
29
|
+
],
|
|
30
|
+
"allowed_write_paths": [
|
|
31
|
+
"src/create-quiver/index.js",
|
|
32
|
+
"src/create-quiver/commands/ai.js",
|
|
33
|
+
"src/create-quiver/lib/ai/analyze-project-discovery.js",
|
|
34
|
+
"src/create-quiver/lib/ai/analyze-project-sampling.js",
|
|
35
|
+
"src/create-quiver/lib/ai/safety.js",
|
|
36
|
+
"tests/**",
|
|
37
|
+
"specs/quiver-v46-deep-project-analysis/**"
|
|
38
|
+
],
|
|
39
|
+
"depends_on": [
|
|
40
|
+
"slice-00-analysis-contract-foundation"
|
|
41
|
+
],
|
|
42
|
+
"parallel_safe": "no",
|
|
43
|
+
"parallel_safe_reason": "This slice establishes command shape and discovery contracts used by all later slices.",
|
|
44
|
+
"must": [
|
|
45
|
+
"Add ai analyze-project parser and read-only default behavior.",
|
|
46
|
+
"Implement --dry-run and --json output without provider execution or writes.",
|
|
47
|
+
"Implement --max-files, --max-bytes, --include-source, --include-tests, --include-db, and --scope planning behavior.",
|
|
48
|
+
"Select representative files using stack-agnostic semantic signals.",
|
|
49
|
+
"Report selected files, omitted files, budgets, safety exclusions, symlink handling, and analyzed roots.",
|
|
50
|
+
"Never include secrets, .git, node_modules, caches, build outputs, binary files, or outside-repo symlinks."
|
|
51
|
+
],
|
|
52
|
+
"not_included": [
|
|
53
|
+
"Provider prompt execution.",
|
|
54
|
+
"AI JSON schema parsing.",
|
|
55
|
+
"Doc update writes.",
|
|
56
|
+
"Review/editor flow."
|
|
57
|
+
],
|
|
58
|
+
"acceptance": [
|
|
59
|
+
"Running ai analyze-project with no write flags is read-only.",
|
|
60
|
+
"Running ai analyze-project --dry-run writes no files and runs no provider.",
|
|
61
|
+
"Dry-run human output explains selected files and omitted files with reasons.",
|
|
62
|
+
"Dry-run JSON output is machine-readable and not contaminated by human UI.",
|
|
63
|
+
"Budgets and include flags change the sampling plan predictably.",
|
|
64
|
+
"Monorepo/workspace roots are reported and --scope restricts analysis.",
|
|
65
|
+
"Symlinks are not followed by default and outside-repo symlinks are omitted."
|
|
66
|
+
],
|
|
67
|
+
"tests": [
|
|
68
|
+
"node --test tests/commands/ai-analyze-project.test.js",
|
|
69
|
+
"node --test tests/lib/ai-analyze-project-discovery.test.js",
|
|
70
|
+
"git diff --check"
|
|
71
|
+
],
|
|
72
|
+
"validation_hints": [
|
|
73
|
+
"Use fixtures for Next/Supabase, unknown stack, monorepo, symlink, binary, and secret paths.",
|
|
74
|
+
"Assert no .quiver/runs directory is created by dry-run."
|
|
75
|
+
],
|
|
76
|
+
"estimated_hours": 8,
|
|
77
|
+
"status": "completed",
|
|
78
|
+
"completed_at": "2026-06-10",
|
|
79
|
+
"blocked_reason": null
|
|
80
|
+
}
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-02 Provider analysis JSON contract
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Implemented provider-backed analysis for `ai analyze-project` without documentation writes. Live mode builds a redacted evidence prompt, runs privacy preflight before provider execution, requires JSON-only output, validates schema, validates evidence paths against the selected sample, downgrades confirmed claims backed by truncated files, and returns a redacted size-limited provider artifact in memory/stdout.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `node --test tests/commands/ai-analyze-project-provider.test.js`
|
|
10
|
+
- [x] `node --test tests/lib/ai-analyze-project-schema.test.js`
|
|
11
|
+
- [x] `node --test tests/lib/ai-analyze-project-parser.test.js`
|
|
12
|
+
- [x] `node --test`
|
|
13
|
+
- [x] `git diff --check`
|
|
14
|
+
|
|
15
|
+
## Closure Notes
|
|
16
|
+
|
|
17
|
+
- Provider failure, timeout-style non-ok results, malformed JSON, invalid schema, invalid evidence paths, and unapproved doc update paths fail before any filesystem write.
|
|
18
|
+
- `confirmed`, `inferred`, and `conflict` conclusions require evidence from the selected sample. `unknown` may omit evidence.
|
|
19
|
+
- Claims citing truncated files cannot remain `confirmed`; they are downgraded to `inferred` with validation warnings.
|
|
20
|
+
- Provider artifacts are redacted and size-limited but not persisted in this slice. Persistence/snapshots are deferred to slice-03.
|
|
21
|
+
- Doc update proposal content is validated as JSON data only; converting it into files is deferred to slice-03.
|
|
@@ -0,0 +1,34 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-02 Provider analysis JSON contract
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
The command can already plan discovery and sampling in read-only mode after slice-01. This slice adds provider-backed analysis but must still not write documentation.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Run the provider only after privacy preflight, then parse and validate evidence-backed JSON analysis.
|
|
10
|
+
|
|
11
|
+
## Acceptance Criteria
|
|
12
|
+
|
|
13
|
+
- Provider execution requires privacy preflight approval.
|
|
14
|
+
- Provider prompt requires JSON only.
|
|
15
|
+
- JSON schema validates product, domain, architecture, features, risks, questions, claims, and doc update proposals.
|
|
16
|
+
- Evidence paths exist in the selected sample or are rejected/downgraded.
|
|
17
|
+
- Truncated-file claims cannot be `confirmed`.
|
|
18
|
+
- Invalid JSON, invalid schema, provider failure, timeout, or privacy failure writes no files.
|
|
19
|
+
- Artifacts are redacted and size-limited.
|
|
20
|
+
|
|
21
|
+
## Production Guardrails
|
|
22
|
+
|
|
23
|
+
- Do not persist unredacted provider output.
|
|
24
|
+
- Do not convert JSON into docs yet.
|
|
25
|
+
- Do not mark weak or missing evidence as confirmed.
|
|
26
|
+
- Keep `--json` output clean.
|
|
27
|
+
|
|
28
|
+
## Completion Checklist
|
|
29
|
+
|
|
30
|
+
- [ ] Prompt added.
|
|
31
|
+
- [ ] Schema added.
|
|
32
|
+
- [ ] Parser and evidence validator added.
|
|
33
|
+
- [ ] Privacy preflight wired before provider execution.
|
|
34
|
+
- [ ] Provider tests added.
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-02-provider-analysis-json-contract",
|
|
3
|
+
"ticket": "QUIVER-46-02",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Provider analysis JSON contract",
|
|
6
|
+
"objective": "Add privacy-gated provider execution and validated JSON analysis output with confidence and evidence rules.",
|
|
7
|
+
"description": "Builds the provider prompt, schema, parser, evidence validation, confidence enforcement, truncation rules, and invalid-output no-write behavior for ai analyze-project.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v46-provider-analysis-json",
|
|
12
|
+
"branch_name": "feature/QUIVER-46-02-v46-provider-analysis-json"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/commands/ai.js",
|
|
16
|
+
"src/create-quiver/lib/ai/analyze-project-schema.js",
|
|
17
|
+
"src/create-quiver/lib/ai/analyze-project-prompts.js",
|
|
18
|
+
"src/create-quiver/lib/ai/analyze-project-parser.js",
|
|
19
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
20
|
+
"tests/**"
|
|
21
|
+
],
|
|
22
|
+
"expected_read_paths": [
|
|
23
|
+
"src/create-quiver/lib/ai/providers.js",
|
|
24
|
+
"src/create-quiver/lib/ai/preflight.js",
|
|
25
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
26
|
+
"src/create-quiver/commands/ai.js",
|
|
27
|
+
"src/create-quiver/lib/ai/context-proposal.schema.js"
|
|
28
|
+
],
|
|
29
|
+
"allowed_write_paths": [
|
|
30
|
+
"src/create-quiver/commands/ai.js",
|
|
31
|
+
"src/create-quiver/lib/ai/analyze-project-schema.js",
|
|
32
|
+
"src/create-quiver/lib/ai/analyze-project-prompts.js",
|
|
33
|
+
"src/create-quiver/lib/ai/analyze-project-parser.js",
|
|
34
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
35
|
+
"tests/**",
|
|
36
|
+
"specs/quiver-v46-deep-project-analysis/**"
|
|
37
|
+
],
|
|
38
|
+
"depends_on": [
|
|
39
|
+
"slice-01-stack-agnostic-discovery-sampling"
|
|
40
|
+
],
|
|
41
|
+
"parallel_safe": "no",
|
|
42
|
+
"parallel_safe_reason": "Provider execution depends on deterministic sampling and privacy preflight from slice-01.",
|
|
43
|
+
"must": [
|
|
44
|
+
"Add privacy preflight before any provider execution.",
|
|
45
|
+
"Build a prompt that requires JSON only, evidence-backed claims, and no unsupported assertions.",
|
|
46
|
+
"Validate provider JSON against schema before any write or proposal conversion.",
|
|
47
|
+
"Validate evidence paths against selected sampled files.",
|
|
48
|
+
"Enforce confidence rules, including that truncated-file claims cannot be confirmed.",
|
|
49
|
+
"Fail without writes on invalid JSON, invalid paths, unsupported model, provider failure, timeout, or privacy failure.",
|
|
50
|
+
"Redact sensitive content before prompt construction and artifact persistence."
|
|
51
|
+
],
|
|
52
|
+
"not_included": [
|
|
53
|
+
"Writing docs updates.",
|
|
54
|
+
"Editor review flow.",
|
|
55
|
+
"Post-write validation."
|
|
56
|
+
],
|
|
57
|
+
"acceptance": [
|
|
58
|
+
"Provider execution cannot start until the privacy preflight passes.",
|
|
59
|
+
"Invalid provider JSON fails with no filesystem writes.",
|
|
60
|
+
"Evidence paths are validated and missing paths are rejected or downgraded according to schema rules.",
|
|
61
|
+
"Claims include confidence and evidence where required.",
|
|
62
|
+
"Truncated inputs prevent confirmed confidence.",
|
|
63
|
+
"Provider output artifacts are redacted and size-limited."
|
|
64
|
+
],
|
|
65
|
+
"tests": [
|
|
66
|
+
"node --test tests/commands/ai-analyze-project-provider.test.js",
|
|
67
|
+
"node --test tests/lib/ai-analyze-project-schema.test.js",
|
|
68
|
+
"node --test tests/lib/ai-analyze-project-parser.test.js",
|
|
69
|
+
"git diff --check"
|
|
70
|
+
],
|
|
71
|
+
"validation_hints": [
|
|
72
|
+
"Use fake provider output for valid JSON, invalid JSON, invented evidence, conflict claims, and truncated evidence.",
|
|
73
|
+
"Assert no docs are written by this slice."
|
|
74
|
+
],
|
|
75
|
+
"estimated_hours": 10,
|
|
76
|
+
"status": "completed",
|
|
77
|
+
"completed_at": "2026-06-10",
|
|
78
|
+
"blocked_reason": null
|
|
79
|
+
}
|
|
@@ -0,0 +1,19 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-03 Doc proposal review and safe writes
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Implemented safe documentation writes for `ai analyze-project --review`. Validated analysis is converted into a constrained doc proposal, edited as JSON, revalidated, diffed, and written only after explicit confirmation. Writes are limited to approved Markdown docs, preserve human-authored content through a managed block, report dirty target files before confirmation, and create `.quiver/runs` snapshots, manifests, before/after hashes, restore hints, and redacted raw artifacts before mutating docs.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- [x] `node --test tests/commands/ai-analyze-project-review.test.js`
|
|
10
|
+
- [x] `node --test tests/lib/ai-analyze-project-docs.test.js`
|
|
11
|
+
- [x] `node --test`
|
|
12
|
+
- [x] `git diff --check`
|
|
13
|
+
|
|
14
|
+
## Closure Notes
|
|
15
|
+
|
|
16
|
+
- Managed-block strategy: Quiver owns only the block between `<!-- quiver:analyze-project:start -->` and `<!-- quiver:analyze-project:end -->`. Existing human content outside that block is preserved.
|
|
17
|
+
- `docs/PROJECT_MAP.md` uses the same constrained managed-block path as other approved docs; product code, lockfiles, configs, and dependency files remain denied for writes.
|
|
18
|
+
- Restore guidance is stored per changed file in the snapshot manifest with original snapshots and before/after hashes.
|
|
19
|
+
- No-TTY review, review cancellation, invalid edited proposals, path traversal, oversized docs, dirty targets, and declined confirmation leave target docs unchanged.
|
|
@@ -0,0 +1,33 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-03 Doc proposal review and safe writes
|
|
2
|
+
|
|
3
|
+
## Context
|
|
4
|
+
|
|
5
|
+
The provider can return validated project analysis JSON after slice-02. This slice is the first one allowed to write docs, but only through review and safe snapshots.
|
|
6
|
+
|
|
7
|
+
## Objective
|
|
8
|
+
|
|
9
|
+
Turn validated analysis into reviewable documentation updates and write them safely after explicit approval.
|
|
10
|
+
|
|
11
|
+
## Acceptance Criteria
|
|
12
|
+
|
|
13
|
+
- Only approved Markdown docs can be updated.
|
|
14
|
+
- `docs/PROJECT_MAP.md` remains deterministic or receives only constrained managed-block content.
|
|
15
|
+
- Human-authored content is preserved.
|
|
16
|
+
- `--review` opens an editable proposal, revalidates it, shows a final diff, and asks for confirmation.
|
|
17
|
+
- Canceling review writes nothing.
|
|
18
|
+
- Non-TTY review fails with actionable guidance.
|
|
19
|
+
- Writes create `.quiver/runs` snapshots, manifest, before/after hashes, and redacted artifacts.
|
|
20
|
+
- Dirty target docs are reported before writing.
|
|
21
|
+
|
|
22
|
+
## Production Guardrails
|
|
23
|
+
|
|
24
|
+
- Product code, lockfiles, configs, and dependency files are denylisted for writes.
|
|
25
|
+
- Path traversal and oversized doc updates must fail closed.
|
|
26
|
+
- Raw provider artifacts must be redacted before persistence.
|
|
27
|
+
|
|
28
|
+
## Completion Checklist
|
|
29
|
+
|
|
30
|
+
- [ ] Doc proposal conversion added.
|
|
31
|
+
- [ ] Review/edit/final-diff flow added.
|
|
32
|
+
- [ ] Safe write and snapshot logic added.
|
|
33
|
+
- [ ] Cancel/no-TTY/dirty path behavior tested.
|
|
@@ -0,0 +1,79 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-03-doc-proposal-review-safe-writes",
|
|
3
|
+
"ticket": "QUIVER-46-03",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Doc proposal review and safe writes",
|
|
6
|
+
"objective": "Convert validated analysis into reviewable doc updates and write only approved docs with snapshots and manifests.",
|
|
7
|
+
"description": "Adds doc update proposal generation, review/edit/final-diff/confirm flow, managed blocks or safe merge behavior, safe writes, snapshot manifests, hashes, and restore guidance.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v46-doc-review-safe-writes",
|
|
12
|
+
"branch_name": "feature/QUIVER-46-03-v46-doc-review-safe-writes"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/commands/ai.js",
|
|
16
|
+
"src/create-quiver/lib/ai/analyze-project-docs.js",
|
|
17
|
+
"src/create-quiver/lib/ai/analyze-project-review.js",
|
|
18
|
+
"src/create-quiver/lib/ai/run-state.js",
|
|
19
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
20
|
+
"tests/**"
|
|
21
|
+
],
|
|
22
|
+
"expected_read_paths": [
|
|
23
|
+
"src/create-quiver/commands/ai.js",
|
|
24
|
+
"src/create-quiver/lib/ai/run-state.js",
|
|
25
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
26
|
+
"src/create-quiver/lib/cli/editor.js",
|
|
27
|
+
"src/create-quiver/lib/approvals.js"
|
|
28
|
+
],
|
|
29
|
+
"allowed_write_paths": [
|
|
30
|
+
"src/create-quiver/commands/ai.js",
|
|
31
|
+
"src/create-quiver/lib/ai/analyze-project-docs.js",
|
|
32
|
+
"src/create-quiver/lib/ai/analyze-project-review.js",
|
|
33
|
+
"src/create-quiver/lib/ai/run-state.js",
|
|
34
|
+
"src/create-quiver/lib/ai/artifacts.js",
|
|
35
|
+
"tests/**",
|
|
36
|
+
"specs/quiver-v46-deep-project-analysis/**"
|
|
37
|
+
],
|
|
38
|
+
"depends_on": [
|
|
39
|
+
"slice-02-provider-analysis-json-contract"
|
|
40
|
+
],
|
|
41
|
+
"parallel_safe": "no",
|
|
42
|
+
"parallel_safe_reason": "Safe writes depend on validated provider analysis and must define the user-visible mutation contract.",
|
|
43
|
+
"must": [
|
|
44
|
+
"Convert validated analysis into doc updates for approved paths only.",
|
|
45
|
+
"Keep docs/PROJECT_MAP.md deterministic or constrain AI content to a managed block.",
|
|
46
|
+
"Preserve human-authored content using stable managed blocks or safe merge rules.",
|
|
47
|
+
"Implement --review editor flow with schema revalidation after edit.",
|
|
48
|
+
"Show final diff and require explicit confirmation before writing.",
|
|
49
|
+
"Cancel cleanly without writes.",
|
|
50
|
+
"Create .quiver/runs snapshots, manifests, before/after hashes, redacted raw artifacts, and restore guidance.",
|
|
51
|
+
"Handle no-TTY review attempts with actionable errors."
|
|
52
|
+
],
|
|
53
|
+
"not_included": [
|
|
54
|
+
"Final public docs polish.",
|
|
55
|
+
"Release readiness smokes.",
|
|
56
|
+
"Post-write placeholder/conflict validation beyond write-time safety checks."
|
|
57
|
+
],
|
|
58
|
+
"acceptance": [
|
|
59
|
+
"Doc updates target only whitelisted Markdown paths.",
|
|
60
|
+
"Review edit is revalidated before final diff.",
|
|
61
|
+
"Canceling review leaves the repo unchanged.",
|
|
62
|
+
"Approved writes create snapshots and manifest entries for every changed file.",
|
|
63
|
+
"Dirty target docs are reported before writing and require explicit confirmation or a documented flag.",
|
|
64
|
+
".quiver/runs artifacts are redacted and ignored from git."
|
|
65
|
+
],
|
|
66
|
+
"tests": [
|
|
67
|
+
"node --test tests/commands/ai-analyze-project-review.test.js",
|
|
68
|
+
"node --test tests/lib/ai-analyze-project-docs.test.js",
|
|
69
|
+
"git diff --check"
|
|
70
|
+
],
|
|
71
|
+
"validation_hints": [
|
|
72
|
+
"Test review cancel, invalid edited JSON, no-TTY review, dirty target docs, path traversal, oversized doc updates, and snapshot manifests.",
|
|
73
|
+
"Confirm product code paths cannot be written."
|
|
74
|
+
],
|
|
75
|
+
"estimated_hours": 10,
|
|
76
|
+
"status": "completed",
|
|
77
|
+
"completed_at": "2026-06-10",
|
|
78
|
+
"blocked_reason": null
|
|
79
|
+
}
|