create-quiver 0.16.0 → 0.17.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (53) hide show
  1. package/CHANGELOG.md +8 -0
  2. package/README.md +7 -1
  3. package/README_FOR_AI.md +4 -1
  4. package/docs/CLI_UX_GUIDE.md +11 -0
  5. package/docs/INDEX.md +5 -1
  6. package/docs/reference/commands.md +34 -0
  7. package/package.json +1 -1
  8. package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +31 -1
  9. package/specs/quiver-v46-deep-project-analysis/EVIDENCE_REPORT.md +94 -0
  10. package/specs/quiver-v46-deep-project-analysis/EXECUTION_PLAN.md +26 -0
  11. package/specs/quiver-v46-deep-project-analysis/SPEC.md +157 -0
  12. package/specs/quiver-v46-deep-project-analysis/STATUS.md +26 -0
  13. package/specs/quiver-v46-deep-project-analysis/pr.md +131 -0
  14. package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/CLOSURE_BRIEF.md +14 -0
  15. package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/EXECUTION_BRIEF.md +41 -0
  16. package/specs/quiver-v46-deep-project-analysis/slices/slice-00-analysis-contract-foundation/slice.json +61 -0
  17. package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/CLOSURE_BRIEF.md +22 -0
  18. package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/EXECUTION_BRIEF.md +33 -0
  19. package/specs/quiver-v46-deep-project-analysis/slices/slice-01-stack-agnostic-discovery-sampling/slice.json +80 -0
  20. package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/CLOSURE_BRIEF.md +21 -0
  21. package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/EXECUTION_BRIEF.md +34 -0
  22. package/specs/quiver-v46-deep-project-analysis/slices/slice-02-provider-analysis-json-contract/slice.json +79 -0
  23. package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/CLOSURE_BRIEF.md +19 -0
  24. package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/EXECUTION_BRIEF.md +33 -0
  25. package/specs/quiver-v46-deep-project-analysis/slices/slice-03-doc-proposal-review-safe-writes/slice.json +79 -0
  26. package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/CLOSURE_BRIEF.md +20 -0
  27. package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/EXECUTION_BRIEF.md +32 -0
  28. package/specs/quiver-v46-deep-project-analysis/slices/slice-04-validation-docs-release-readiness/slice.json +85 -0
  29. package/src/create-quiver/commands/ai.js +587 -0
  30. package/src/create-quiver/index.js +113 -3
  31. package/src/create-quiver/lib/ai/analyze-project-discovery.js +387 -0
  32. package/src/create-quiver/lib/ai/analyze-project-docs.js +364 -0
  33. package/src/create-quiver/lib/ai/analyze-project-parser.js +277 -0
  34. package/src/create-quiver/lib/ai/analyze-project-prompts.js +214 -0
  35. package/src/create-quiver/lib/ai/analyze-project-review.js +99 -0
  36. package/src/create-quiver/lib/ai/analyze-project-sampling.js +402 -0
  37. package/src/create-quiver/lib/ai/analyze-project-schema.js +92 -0
  38. package/src/create-quiver/lib/ai/analyze-project-validation.js +309 -0
  39. package/src/create-quiver/lib/ai/artifacts.js +4 -1
  40. package/src/create-quiver/lib/cli/command-registry.js +1 -0
  41. package/src/create-quiver/lib/i18n/messages/en.js +1 -0
  42. package/src/create-quiver/lib/i18n/messages/es.js +1 -0
  43. package/.quiver/runs/run-2026-06-09t19-14-39z/approvals.json +0 -5
  44. package/.quiver/runs/run-2026-06-09t19-14-39z/decisions.md +0 -2
  45. package/.quiver/runs/run-2026-06-09t19-14-39z/requirement.md +0 -0
  46. package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/docs/INDEX.md +0 -97
  47. package/.quiver/runs/run-2026-06-09t19-14-39z/snapshots/20260609T191439Z/manifest.json +0 -61
  48. package/.quiver/runs/run-2026-06-09t19-14-39z/state.json +0 -28
  49. package/ACTIVE_SLICES.md +0 -43
  50. package/auditoria-ux-ui-performance-documentacion.md +0 -705
  51. package/copys-landing-page.md +0 -244
  52. package/docs/ai/ACTIVE_SLICE.md +0 -61
  53. package/pr.md +0 -154
package/CHANGELOG.md CHANGED
@@ -6,6 +6,8 @@ All notable changes to this project will be documented in this file.
6
6
 
7
7
  ### Added
8
8
 
9
+ - v46 deep project analysis under `specs/quiver-v46-deep-project-analysis/`.
10
+ - `ai analyze-project` for bounded, evidence-backed repository analysis with read-only `--dry-run`, JSON automation output, provider-backed `--review`, safe doc writes, snapshots, and post-write validation.
9
11
  - Top-level read-only `changelog` command with human and JSON output for inspecting packaged release notes.
10
12
  - Spec 01 branch-recovery closure package under `docs/specs/01-spec/`, including controlled branch-cleanup guidance and release-readiness evidence.
11
13
  - v52 schema/docs/release hygiene under `specs/quiver-v52-schema-docs-release-hygiene/`.
@@ -23,6 +25,8 @@ All notable changes to this project will be documented in this file.
23
25
 
24
26
  ### Changed
25
27
 
28
+ - Existing-project AI onboarding now recommends `ai analyze-project --deep --dry-run` before context preparation so agents can see the intended read set, omissions, budgets, and privacy exclusions before any provider-backed docs update.
29
+ - npm package hygiene now excludes local `.quiver/` run state from published tarballs.
26
30
  - CLI parser and command registry are now split into explicit modules while preserving existing command behavior and legacy aliases.
27
31
  - Release-readiness evidence now includes a command-role audit that explains what each public command is for and how it was safely validated.
28
32
  - `npm run docs:check` now includes generated CLI command reference drift detection.
@@ -36,6 +40,10 @@ All notable changes to this project will be documented in this file.
36
40
  - CLI output now follows the shared Quiver palette and hierarchy while keeping `--json`, CI, no-TTY, and `--no-color` output clean.
37
41
  - Command docs now cover human-vs-machine output, selectors, Doctor output, and cross-platform usage.
38
42
 
43
+ ### Fixed
44
+
45
+ - `ai analyze-project` now shows human TTY progress while provider analysis runs and reports schema validation issues with actionable detail.
46
+
39
47
  ## [0.14.1] - 2026-05-26
40
48
 
41
49
  ### Added
package/README.md CHANGED
@@ -104,17 +104,21 @@ npx --yes create-quiver@latest doctor
104
104
  Después prepará el contexto para IA:
105
105
 
106
106
  ```bash
107
+ npx --yes create-quiver@latest ai analyze-project --deep --dry-run
107
108
  npx --yes create-quiver@latest ai prepare-context --dry-run
108
109
  npx --yes create-quiver@latest ai prepare-context
109
110
  ```
110
111
 
111
- Ese flujo usa el modo determinístico de Quiver: analiza el proyecto y actualiza solo documentación de contexto sin llamar a un proveedor de IA. Si querés que un agente planificador proponga el contexto, usá el modo asistido:
112
+ `ai analyze-project --deep --dry-run` arma una muestra representativa del repo sin escribir archivos ni ejecutar proveedor. El flujo de `prepare-context` usa el modo determinístico de Quiver: analiza el proyecto y actualiza solo documentación de contexto sin llamar a un proveedor de IA. Si querés que un agente planificador proponga el contexto, usá el modo asistido:
112
113
 
113
114
  ```bash
115
+ npx --yes create-quiver@latest ai analyze-project --deep --review
114
116
  npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run
115
117
  npx --yes create-quiver@latest ai prepare-context --with-planner --review --interactive
116
118
  ```
117
119
 
120
+ `ai analyze-project --deep --review` ejecuta el proveedor configurado, valida JSON con evidencia, abre revisión humana y solo escribe docs permitidos después de confirmación. No lee `.env`, dependencias, caches, binarios ni outputs generados; tampoco afirma comprensión perfecta cuando la evidencia no alcanza.
121
+
118
122
  La inicialización crea un contrato visible para humanos y agentes, más estado interno de Quiver:
119
123
 
120
124
  - `AGENTS.md`
@@ -178,6 +182,8 @@ Usá la guía que corresponda al estado de tu proyecto:
178
182
  | `npx --yes create-quiver@latest doctor --json` | Devuelve el diagnóstico como JSON para automatizaciones. |
179
183
  | `npx --yes create-quiver@latest flow` | Indica el próximo paso seguro. |
180
184
  | `npx --yes create-quiver@latest dashboard` | Muestra estado consolidado de specs, slices, runs, approvals y agentes sin escribir archivos. |
185
+ | `npx --yes create-quiver@latest ai analyze-project --deep --dry-run` | Muestra qué archivos leería para inferir producto, arquitectura, funcionalidades y riesgos, sin escribir ni ejecutar proveedor. |
186
+ | `npx --yes create-quiver@latest ai analyze-project --deep --review` | Ejecuta análisis IA con evidencia, abre revisión humana y actualiza solo docs permitidos con snapshot previo. |
181
187
  | `npx --yes create-quiver@latest ai prepare-context --dry-run` | Previsualiza contexto de onboarding para IA sin tocar código de producto. |
182
188
  | `npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run` | Previsualiza una propuesta de contexto generada por el planner. |
183
189
  | `npx --yes create-quiver@latest ai models list` | Lista proveedores y modelos conocidos por Quiver para configurar agentes. |
package/README_FOR_AI.md CHANGED
@@ -17,6 +17,7 @@ If the project already exists from an older Quiver version and was previously in
17
17
  If the project was never initialized by Quiver, do not use `migrate` as bootstrap; run `npx create-quiver init --name "Project Name"` first.
18
18
  Use `npx create-quiver evidence run -- <command>` to capture validation evidence with command, exit code, duration, truncated output, and best-effort redaction. The safe default output is `.quiver/evidence/`; use `--output <file>` when a slice needs a specific evidence artifact.
19
19
  Use `npx create-quiver demo create spec-viewer --dry-run` to inspect the optional Quiver Spec Viewer demo scaffold, then add `--dir <target>` for a real run. The demo is not part of default init and must remain small, static, dependency-light, and non-destructive.
20
+ Use `npx create-quiver ai analyze-project --deep --dry-run` before asking IA to describe an existing repo. Dry-run must stay read-only, skip provider execution, and explain selected/omitted files. Use `npx create-quiver ai analyze-project --deep --review` only when the human wants provider-backed docs: it must validate JSON with evidence/confidence, open editable review, show final diff, require confirmation, snapshot under `.quiver/runs`, redact artifacts, and run post-write validation. Never claim perfect project understanding; keep weak conclusions as `unknown` or `needs_confirmation`.
20
21
  The v20, v21, v22, and v23 specs are completed. `specs/quiver-v23-guided-flow-productization/` productized the manual planner/executor prompt workflow into guided Quiver commands, profiles, compact prompts, safe approvals, executor prompts, delegated execution modes, and release readiness evidence.
21
22
  The v24 spec is implemented under `specs/quiver-v24-dx-onboarding-hardening/`; it captures DX hardening found while dogfooding Quiver with Quiver Spec Viewer, including init hygiene, CLI ambiguity, local slice validation, analyzer quality, AI context preparation, evidence capture, and demo scaffolding. Do not claim a package release until npm publication actually happens.
22
23
  The v25 spec is implemented under `specs/quiver-v25-ai-first-lifecycle-orchestrator/` and shipped in `create-quiver@0.12.0`; it covers safe AI onboarding docs, strict run state, phase locks, agent adapters, approval gates, spec/slice generation, execution planning, controlled slice execution, worktree/PR lifecycle, validation hardening, export, and migration.
@@ -29,6 +30,7 @@ The v31 spec is implemented and release-ready pending PR/package publication und
29
30
  The v32 documentation spec is implemented under `specs/quiver-v32-npx-installation-guidance/`; it clarifies why `npx --yes create-quiver@latest` does not install Quiver into project `node_modules`, when to install `create-quiver` as a `devDependency`, and where users should look when troubleshooting that behavior.
30
31
  The v34 dashboard spec is implemented under `specs/quiver-v34-cli-dashboard-status/`; it adds the read-only top-level `dashboard` command, compact schema v1 JSON output, global vs visible progress, next-ready slice guidance, edge-case guardrails, `quiver:dashboard` generated scripts, docs, tests, smokes, and package-readiness evidence. It does not publish npm.
31
32
  The v35 dashboard/version UX spec is implemented under `specs/quiver-v35-compact-dashboard-version-ux/`; it keeps `dashboard` compact by default, adds `dashboard --details`, `dashboard --section <name>`, `dashboard --limit <n>`, and adds the Quiver-branded `version` command without changing top-level `--version` / `-V`.
33
+ The v46 deep project analysis spec is implemented under `specs/quiver-v46-deep-project-analysis/` and release-ready pending npm publication. It adds `ai analyze-project` with bounded stack-agnostic discovery, semantic sampling, privacy exclusions, evidence/confidence validation, provider-backed JSON parsing, editable human review, docs-only safe writes, `.quiver/runs` snapshots, and post-write consistency checks.
32
34
  Guided AI workflow behavior is available: prepare, approvals, production-readiness plan review, spec worktrees, executor commits, execution waves, PR creation, spec close, and package safety.
33
35
  Generated projects also get `quiver:*` npm scripts that call the Node CLI directly; prefer those for repeatable project workflows, including `quiver:version` for version metadata, `quiver:flow` for the read-only guided entrypoint, `quiver:dashboard` for consolidated read-only project/spec/slice status, `quiver:plan` for sequential planning, `quiver:graph` for parallel-level inspection, `quiver:next` for the next ready slice, `quiver:evidence` for local command evidence, `quiver:spec:create` for real spec generation, `quiver:spec:validate` for full spec validation, and the AI family `quiver:ai:agent`, `quiver:ai:inspect`, `quiver:ai:export`, `quiver:ai:specs`, `quiver:ai:slices`, `quiver:ai:trace`, `quiver:ai:onboard`, `quiver:ai:prepare-context`, `quiver:ai:plan`, `quiver:ai:review-plan`, `quiver:ai:approve`, `quiver:ai:prompt-slice`, `quiver:ai:execute-slice`, `quiver:ai:execute-plan`, `quiver:ai:pr`, and `quiver:ai:doctor`. Use `quiver:graph --format mermaid` for PR-ready Markdown or `quiver:graph --format dot` for Graphviz source.
34
36
  `quiver:ai:execute-plan` supports `--mode manual` for paste-ready executor prompts and `--mode delegated` for temporary worktrees on parallel-ready waves; unsafe waves fall back to sequential execution.
@@ -51,11 +53,12 @@ The primary generated project context for agents is `docs/AI_CONTEXT.md`.
51
53
  The project map is the single source of truth for stack, package manager, commands, and file hints: `docs/PROJECT_MAP.md`.
52
54
  The raw analyzer output is internal machinery at `.quiver/scans/PROJECT_SCAN.json`; read it only when the visible map is not enough.
53
55
  `npx create-quiver analyze --dry-run` must remain read-only and only preview the scan/project-map/context writes. `npx create-quiver flow` reports the context source/freshness and the package-manager-aware generated script command so agents can see whether the project map is current, stale, partial, legacy, invalid, or missing.
56
+ `npx create-quiver ai analyze-project --deep --dry-run` is the safe default for evidence-backed IA context analysis and must not write files or call provider CLIs. It excludes `.env`, `.git`, `.quiver`, dependencies, caches, build outputs, binaries and symlinks. Live `ai analyze-project --deep --review` may update only approved docs (`docs/CONTEXTO.md`, `docs/AI_CONTEXT.md`, `docs/ARCHITECTURE.md`, `docs/STATUS.md`, `docs/DECISIONS.md`, `docs/PROJECT_MAP.md`) after editable review and confirmation.
54
57
  `npx create-quiver ai prepare-context --dry-run` remains the deterministic default and must not execute provider CLIs. `npx create-quiver ai prepare-context --with-planner --dry-run` previews planner-assisted context preparation. `--with-planner --print-prompt` prints the exact prompt without provider auth; live planner writes should use `--review` and/or `--interactive` when the human wants review before docs-only writes.
55
58
  `npx create-quiver ai agent set <role> --provider <provider> --model <model-id> --dry-run` must preview `.quiver/agents/profiles.json` changes without writing. In TTY mode, `npx create-quiver ai agent set <role>` can guide provider/model selection; in CI/no-TTY, require explicit `--provider` and `--model`. Use dry-run before saving planner/executor/reviewer/doctor profiles.
56
59
  GitHub PR diagnostics must stay cross-platform: auth failures should point to likely account, scope, and SSH alias issues; path examples with spaces must be copy-safe for macOS/Linux, Windows PowerShell, Git Bash, and WSL.
57
60
  CLI UX standard lives in `docs/CLI_UX_GUIDE.md`. Supported Quiver colors are `#86C8F2`, `#6BADEB`, `#7F9EE8`, `#9B82E6`, and `#D56AB0`; output must respect `--no-color`, `NO_COLOR`, CI, and no-TTY environments.
58
- UX flags are intentionally limited: `ai prepare-context`, `ai plan`, and `spec create` support `--with-planner`, `--interactive`, and `--review`; `ai pr` supports `--interactive` and `--review` but rejects `--with-planner`; read-only commands such as `flow`, `dashboard`, `version`, `next`, `graph`, `ai inspect`, `ai export`, `ai specs list`, `ai slices list`, and `ai trace report` reject these UX flags. `dashboard` may use read-only inspection flags `--details`, `--section`, and `--limit`; `--json` must reject human-only dashboard flags plus `--interactive` and `--review` before writing human output.
61
+ UX flags are intentionally limited: `ai analyze-project` supports `--review` for provider-backed docs after dry-run-first analysis; `ai prepare-context`, `ai plan`, and `spec create` support `--with-planner`, `--interactive`, and `--review`; `ai pr` supports `--interactive` and `--review` but rejects `--with-planner`; read-only commands such as `flow`, `dashboard`, `version`, `next`, `graph`, `ai inspect`, `ai export`, `ai specs list`, `ai slices list`, and `ai trace report` reject these UX flags. `dashboard` may use read-only inspection flags `--details`, `--section`, and `--limit`; `--json` must reject human-only dashboard flags plus `--interactive` and `--review` before writing human output.
59
62
  The universal router for generated projects is `AGENTS.md`; read it before `docs/AI_CONTEXT.md` and `docs/AI_ONBOARDING_PROMPT.md`.
60
63
  Generated projects also get `docs/DECISIONS.md`; use it for durable choices that should not be re-litigated.
61
64
  If a generated project has been analyzed, the exact agent handoff prompt is `docs/AI_ONBOARDING_PROMPT.md`.
@@ -94,6 +94,7 @@ Reglas:
94
94
  |---|---:|---:|---:|---|
95
95
  | `init` | no | si | no | Interactive guia modo de proyecto, metodologia `wdd-sdd`, perfil inicial y proximo paso de perfiles de agentes. |
96
96
  | `migrate` | no | no | no | En TTY confirma antes de escribir; en CI/no-TTY requiere `--yes`. `--dry-run` no pide confirmacion ni escribe. |
97
+ | `ai analyze-project` | no | no | si | `--dry-run` es read-only y no ejecuta proveedor; `--review` exige JSON con evidencia, diff final, confirmacion, snapshot y validacion post-write. |
97
98
  | `ai prepare-context` | si | si | si | Modo deterministico por defecto; planner opcional con contrato docs-only. |
98
99
  | `ai plan` | si | si | si | El planner ya es implicito; `--with-planner` se acepta por consistencia. |
99
100
  | `spec create` | si | si | si | Consume un plan tecnico aprobado del planner; no vuelve a ejecutar proveedor. Review previsualiza el paquete antes de escribir. |
@@ -118,6 +119,16 @@ Reglas:
118
119
 
119
120
  ## Flujo recomendado para contexto de IA
120
121
 
122
+ Analisis profundo de un proyecto existente:
123
+
124
+ ```bash
125
+ npx create-quiver ai analyze-project --deep --dry-run
126
+ npx create-quiver ai analyze-project --deep --dry-run --json
127
+ npx create-quiver ai analyze-project --deep --review
128
+ ```
129
+
130
+ `ai analyze-project` debe mantener estas garantias: en `--dry-run` no escribe ni ejecuta proveedor; con proveedor no lee `.env`, dependencias, caches, binarios ni outputs generados; toda conclusion importante cita evidencia o queda como `unknown`; las escrituras se limitan a docs aprobados, usan bloques gestionados por Quiver, muestran diff y crean snapshot previo.
131
+
121
132
  Modo deterministico:
122
133
 
123
134
  ```bash
package/docs/INDEX.md CHANGED
@@ -1,6 +1,6 @@
1
1
  # Quiver Documentation Index
2
2
 
3
- **Last updated:** 2026-05-29
3
+ **Last updated:** 2026-06-10
4
4
 
5
5
  Use this file as the first documentation map before planning, implementing, reviewing, or opening PRs in this repository. Prefer the smallest set of linked documents that fits the task.
6
6
 
@@ -40,6 +40,10 @@ Canonical specs live outside `docs/` in [`../specs/`](../specs/).
40
40
 
41
41
  Recent specs:
42
42
 
43
+ - [`../specs/quiver-v52-schema-docs-release-hygiene/SPEC.md`](../specs/quiver-v52-schema-docs-release-hygiene/SPEC.md)
44
+ - [`../specs/quiver-v51-cli-ergonomics-automation-contracts/SPEC.md`](../specs/quiver-v51-cli-ergonomics-automation-contracts/SPEC.md)
45
+ - [`../specs/quiver-v50-audit-trust-foundation/SPEC.md`](../specs/quiver-v50-audit-trust-foundation/SPEC.md)
46
+ - [`../specs/quiver-v46-deep-project-analysis/SPEC.md`](../specs/quiver-v46-deep-project-analysis/SPEC.md)
43
47
  - [`../specs/quiver-v45-ci-actions-node24-readiness/SPEC.md`](../specs/quiver-v45-ci-actions-node24-readiness/SPEC.md)
44
48
  - [`../specs/quiver-v44-provider-live-output-tui-lite/SPEC.md`](../specs/quiver-v44-provider-live-output-tui-lite/SPEC.md)
45
49
  - [`../specs/quiver-v43-cli-i18n-audit-release-readiness/SPEC.md`](../specs/quiver-v43-cli-i18n-audit-release-readiness/SPEC.md)
@@ -49,6 +49,7 @@ El contenido curado fuera de los marcadores se mantiene manual y no debe ser ree
49
49
  | AI lifecycle | `ai active-slice status\|reconcile` | Inspect or dry-run reconcile local active-slice state from every supported source. |
50
50
  | AI lifecycle | `ai status` | Show current AI lifecycle phase, approved versions, blockers, and next command. |
51
51
  | AI lifecycle | `ai resume` | Resume guidance from the last valid lifecycle phase without chat memory. |
52
+ | AI lifecycle | `ai analyze-project` | Read and explain a bounded project sample without provider execution or writes. |
52
53
  | AI lifecycle | `ai onboard` | Run or print the planner onboarding prompt with a token-aware context pack. |
53
54
  | AI lifecycle | `ai prepare-context` | Preview or write docs-only AI context updates with assumptions and risks. |
54
55
  | AI lifecycle | `ai agent set\|list\|show\|doctor\|repair` | Manage, diagnose, and dry-run repair planner, executor, reviewer, and doctor provider profiles without secrets. |
@@ -184,8 +185,32 @@ Reglas:
184
185
 
185
186
  ## Planificación con IA
186
187
 
188
+ ### Análisis profundo de proyecto existente
189
+
190
+ `ai analyze-project` transforma una muestra acotada del repo en contexto operativo para IA. El modo seguro es read-only:
191
+
192
+ ```bash
193
+ npx --yes create-quiver@latest ai analyze-project --deep --dry-run
194
+ npx --yes create-quiver@latest ai analyze-project --deep --dry-run --json
195
+ ```
196
+
197
+ En `--dry-run`, Quiver no escribe archivos, no ejecuta proveedor y muestra qué seleccionó u omitió y por qué. Siempre excluye secretos, `.env`, `.git`, `.quiver`, dependencias, caches, binarios y outputs generados.
198
+
199
+ Para generar docs desde IA:
200
+
201
+ ```bash
202
+ npx --yes create-quiver@latest ai analyze-project --deep --review
203
+ npx --yes create-quiver@latest ai analyze-project --deep --review --strict
204
+ ```
205
+
206
+ El modo con proveedor exige JSON validado por schema, evidencia por conclusión, niveles `confirmed`, `inferred`, `unknown` o `conflict`, revisión editable, diff final, confirmación humana, snapshot previo en `.quiver/runs`, artefactos redactados y validación post-write. `--strict` convierte conflictos importantes de docs en error. El resultado puede quedar como `unknown` o `needs_confirmation` cuando el código no prueba una conclusión.
207
+
187
208
  | Comando | Para qué sirve |
188
209
  |---|---|
210
+ | `npx --yes create-quiver@latest ai analyze-project --deep --dry-run` | Previsualiza descubrimiento y muestreo del repo sin escribir ni ejecutar proveedor. |
211
+ | `npx --yes create-quiver@latest ai analyze-project --deep --dry-run --json` | Emite el plan de análisis como JSON parseable para automatización. |
212
+ | `npx --yes create-quiver@latest ai analyze-project --deep --review` | Ejecuta proveedor, valida análisis JSON con evidencia, abre revisión humana y escribe solo docs permitidos tras confirmación. |
213
+ | `npx --yes create-quiver@latest ai analyze-project --scope apps/web --max-files 80 --max-bytes 300000 --include-tests --dry-run` | Acota el análisis por workspace/ruta y presupuesto de muestra. |
189
214
  | `npx --yes create-quiver@latest ai prepare-context --dry-run` | Previsualiza actualizaciones documentales de contexto para IA. |
190
215
  | `npx --yes create-quiver@latest ai prepare-context` | Escribe actualizaciones documentales de contexto para IA. |
191
216
  | `npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run` | Previsualiza una propuesta docs-only generada por el planner sin escribir archivos. |
@@ -258,6 +283,14 @@ Base branch policy: `--base <branch>` always wins. Without `--base`, slice readi
258
283
  |---|---|
259
284
  | `--dry-run` | Previsualiza sin escribir archivos ni ejecutar proveedores. |
260
285
  | `--print-prompt` | Imprime el prompt del proveedor sin ejecutarlo. |
286
+ | `--deep` | En `ai analyze-project`, incluye fuente y DB en la muestra representativa. |
287
+ | `--max-files <n>` | En `ai analyze-project`, limita la cantidad de archivos seleccionados. |
288
+ | `--max-bytes <n>` | En `ai analyze-project`, limita los bytes seleccionados para la muestra. |
289
+ | `--include-source` | En `ai analyze-project`, incluye código fuente sin requerir `--deep`. |
290
+ | `--include-tests` | En `ai analyze-project`, incluye tests en la muestra. |
291
+ | `--include-db` | En `ai analyze-project`, incluye schemas, migraciones y archivos DB. |
292
+ | `--scope <path\|name>` | En `ai analyze-project`, restringe el análisis a una ruta o workspace. |
293
+ | `--strict` | En validaciones soportadas, convierte conflictos importantes en errores. |
261
294
  | `--with-planner` | Activa comportamiento asistido por planner solo en comandos que lo soportan. |
262
295
  | `--interactive` | Habilita prompts humanos de confirmación o elección. |
263
296
  | `--review` | Abre o prepara revisión humana antes de escrituras persistentes. |
@@ -283,6 +316,7 @@ Base branch policy: `--base <branch>` always wins. Without `--base`, slice readi
283
316
 
284
317
  | Comando | `--with-planner` | `--interactive` | `--review` |
285
318
  |---|---:|---:|---:|
319
+ | `ai analyze-project` | no | no | sí |
286
320
  | `ai prepare-context` | sí | sí | sí |
287
321
  | `ai plan` | sí | sí | sí |
288
322
  | `spec create` | sí | sí | sí |
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "create-quiver",
3
- "version": "0.16.0",
3
+ "version": "0.17.1",
4
4
  "private": false,
5
5
  "description": "Quiver CLI for scaffolding projects from the packaged template",
6
6
  "license": "MIT",
@@ -38,7 +38,7 @@
38
38
  "version-json": {
39
39
  "modes": {
40
40
  "en_human": "not_applicable",
41
- "es_human": "not_applicable",
41
+ "es_human": "accepted_exception",
42
42
  "json": "pass",
43
43
  "dry_run": "not_applicable",
44
44
  "interactive": "not_applicable",
@@ -273,6 +273,25 @@
273
273
  "tests/commands/parser-contract.test.js"
274
274
  ]
275
275
  },
276
+ "ai-analyze-project": {
277
+ "modes": {
278
+ "en_human": "pass",
279
+ "es_human": "accepted_exception",
280
+ "json": "pass",
281
+ "dry_run": "pass",
282
+ "interactive": "not_supported",
283
+ "review": "pass",
284
+ "ci_no_tty": "pass",
285
+ "no_color": "pass",
286
+ "live_provider": "accepted_exception"
287
+ },
288
+ "evidence": [
289
+ "tests/commands/ai-analyze-project.test.js",
290
+ "tests/commands/ai-analyze-project-provider.test.js",
291
+ "tests/commands/ai-analyze-project-review.test.js",
292
+ "tests/lib/ai-analyze-project-validation.test.js"
293
+ ]
294
+ },
276
295
  "ai-prepare-context": {
277
296
  "modes": {
278
297
  "en_human": "pass",
@@ -550,6 +569,13 @@
550
569
  "reason": "`ai pr --create` has external GitHub side effects; preflight, body handling, and create command construction are covered locally.",
551
570
  "follow_up": "Use real `gh pr create` during PR opening with the documented SSH identity.",
552
571
  "status": "accepted"
572
+ },
573
+ {
574
+ "id": "ai-analyze-project-human-i18n",
575
+ "owner": "release-readiness",
576
+ "reason": "`ai analyze-project` currently has English human output while JSON output remains stable; the v46 release prioritizes safety, privacy, review, validation, and machine-readable contracts.",
577
+ "follow_up": "Localize `ai analyze-project` human report strings in a dedicated CLI i18n slice.",
578
+ "status": "accepted"
553
579
  }
554
580
  ],
555
581
  "commands": [
@@ -579,6 +605,10 @@
579
605
  { "command": "evidence run --output .quiver/evidence/test.md -- <command>", "profile": "evidence-run", "critical": "pass" },
580
606
  { "command": "evidence list --json", "profile": "evidence-json", "critical": "pass" },
581
607
  { "command": "evidence show .quiver/evidence/test.md --json", "profile": "evidence-json", "critical": "pass" },
608
+ { "command": "ai analyze-project --deep --dry-run", "profile": "ai-analyze-project", "critical": "pass" },
609
+ { "command": "ai analyze-project --deep --dry-run --json", "profile": "ai-analyze-project", "critical": "pass" },
610
+ { "command": "ai analyze-project --deep --review", "profile": "ai-analyze-project", "critical": "pass" },
611
+ { "command": "ai analyze-project --scope apps/web --max-files 80 --max-bytes 300000 --include-tests --dry-run", "profile": "ai-analyze-project", "critical": "pass" },
582
612
  { "command": "ai prepare-context --dry-run", "profile": "ai-prepare-context", "critical": "pass" },
583
613
  { "command": "ai prepare-context", "profile": "ai-prepare-context", "critical": "pass" },
584
614
  { "command": "ai prepare-context --with-planner --dry-run", "profile": "ai-prepare-context-planner", "critical": "pass" },
@@ -0,0 +1,94 @@
1
+ # Evidence Report - Quiver v46 Deep Project Analysis
2
+
3
+ ## Current Evidence
4
+
5
+ - Spec package created from approved acceptance criteria and production review.
6
+ - `slice-00-analysis-contract-foundation` completed as documentation-only foundation.
7
+ - `slice-01-stack-agnostic-discovery-sampling` completed.
8
+ - `ai analyze-project` now supports read-only discovery/sampling with human and JSON output and no provider execution or writes.
9
+ - `slice-02-provider-analysis-json-contract` completed.
10
+ - `ai analyze-project` live mode now runs a provider only after privacy preflight, validates JSON against schema, enforces evidence/confidence rules, redacts provider artifacts, and writes no docs.
11
+ - `slice-03-doc-proposal-review-safe-writes` completed.
12
+ - `ai analyze-project --review` now opens a validated editable proposal, shows final diffs, requires confirmation, writes only approved docs, preserves human content with managed blocks, and creates `.quiver/runs` snapshots/manifests/redacted artifacts before writing.
13
+ - `slice-04-validation-docs-release-readiness` completed.
14
+ - `ai analyze-project --review` now runs post-write validation for schema/evidence/placeholders/managed-blocks/snapshot manifests/doc conflicts, with `--strict` elevating deterministic doc conflicts to errors.
15
+ - Public docs, fixture coverage, i18n command matrix, and package ignore rules were updated. `.quiver/` is excluded from npm packaging so local AI run state cannot enter the tarball.
16
+
17
+ ## Captured Slice-01 Evidence
18
+
19
+ ```bash
20
+ node --test tests/lib/ai-analyze-project-discovery.test.js tests/commands/ai-analyze-project.test.js tests/commands/cli-contract.test.js
21
+ # pass: 20 tests
22
+
23
+ node --test
24
+ # pass: 618 tests
25
+
26
+ node bin/create-quiver.js ai analyze-project --dry-run
27
+ # pass: reports read-only mode, selected/omitted files, budgets, and safety exclusions
28
+
29
+ node bin/create-quiver.js ai analyze-project --dry-run --json
30
+ # pass: emits parseable JSON with kind quiver-project-analysis-plan
31
+
32
+ node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict
33
+ # pass: spec validation passed
34
+
35
+ git diff --check
36
+ # pass
37
+ ```
38
+
39
+ ## Captured Slice-02 Evidence
40
+
41
+ ```bash
42
+ node --test tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-parser.test.js tests/lib/ai-analyze-project-schema.test.js
43
+ # pass: 12 tests
44
+
45
+ node --test
46
+ # pass: 630 tests
47
+
48
+ node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict
49
+ # pass: spec validation passed
50
+
51
+ git diff --check
52
+ # pass
53
+ ```
54
+
55
+ ## Captured Slice-03 Evidence
56
+
57
+ ```bash
58
+ node --test tests/lib/ai-analyze-project-docs.test.js tests/commands/ai-analyze-project-review.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-parser.test.js tests/lib/ai-analyze-project-schema.test.js
59
+ # pass: 20 tests
60
+
61
+ node --test
62
+ # pass: 638 tests
63
+ ```
64
+
65
+ ## Required Final Evidence
66
+
67
+ - None.
68
+
69
+ ## Captured Slice-04 Evidence
70
+
71
+ ```bash
72
+ node --test tests/docs/command-reference.test.js tests/commands/cli-contract.test.js tests/commands/i18n-audit-matrix.test.js tests/commands/parser-contract.test.js
73
+ # pass: 22 tests
74
+
75
+ node --test tests/commands/cli-contract.test.js tests/commands/i18n-audit-matrix.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/ai-analyze-project-discovery.test.js tests/commands/ai-analyze-project-review.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-parser.test.js tests/lib/ai-analyze-project-schema.test.js
76
+ # pass: 41 tests
77
+
78
+ node --test
79
+ # pass: 686 tests
80
+
81
+ npm run smoke:create-quiver
82
+ # pass: create-quiver smoke test passed
83
+
84
+ npm run package:quiver
85
+ # initial fail: .quiver/runs local state entered tarball
86
+ # fixed by excluding .quiver in .npmignore
87
+ # pass: Package smoke passed: create-quiver-0.16.0.tgz
88
+
89
+ node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict
90
+ # pass: spec validation passed
91
+
92
+ git diff --check
93
+ # pass
94
+ ```
@@ -0,0 +1,26 @@
1
+ # Execution Plan - Quiver v46 Deep Project Analysis
2
+
3
+ ## Order
4
+
5
+ 1. `slice-00-analysis-contract-foundation`
6
+ 2. `slice-01-stack-agnostic-discovery-sampling`
7
+ 3. `slice-02-provider-analysis-json-contract`
8
+ 4. `slice-03-doc-proposal-review-safe-writes`
9
+ 5. `slice-04-validation-docs-release-readiness`
10
+
11
+ ## Dependency Rules
12
+
13
+ - Do not implement provider execution before deterministic discovery and privacy preflight exist.
14
+ - Do not implement writes before schema validation and evidence validation exist.
15
+ - Do not document public usage as stable until dry-run, safety, write, and validation tests exist.
16
+
17
+ ## Validation Gates
18
+
19
+ - Each slice must pass its own listed checks.
20
+ - Every JSON slice file must parse.
21
+ - `node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict` should pass before closing the spec.
22
+
23
+ ## Rollback
24
+
25
+ - Runtime changes should be reverted by slice-specific commits.
26
+ - Generated doc writes from the final feature must be recoverable from `.quiver/runs/run-.../snapshots/...` and manifest hashes.
@@ -0,0 +1,157 @@
1
+ # Quiver v46 - Deep Project Analysis
2
+
3
+ **Date:** 2026-06-10
4
+ **Status:** Planned
5
+ **Source:** User-approved acceptance criteria and production review for generic AI-assisted project analysis.
6
+
7
+ ## Problem
8
+
9
+ Quiver can initialize documentation and generate a deterministic project map, but it does not yet provide a production-safe way to infer a project's real product context, domain model, architecture, features, and risks from source code evidence. Existing `analyze` output is intentionally technical and conservative. Existing `ai prepare-context --with-planner` primarily works from documentation and the project map, so projects with boilerplate docs or stale package names can keep placeholder context.
10
+
11
+ Users need an explicit command that can inspect representative source, docs, and configuration across stacks, produce evidence-backed conclusions, and update context documentation only after review.
12
+
13
+ ## Objective
14
+
15
+ Add a safe, generic, stack-agnostic `ai analyze-project` workflow that transforms an existing repository into an operational AI context by discovering product/domain/architecture signals from evidence, validating AI output, and updating docs only through reviewable, auditable writes.
16
+
17
+ The default behavior must be read-only. Sending context to a provider and writing files must be explicit, privacy-checked, and reviewable.
18
+
19
+ ## Scope
20
+
21
+ ### Included
22
+
23
+ - New `npx create-quiver ai analyze-project` command.
24
+ - Read-only default and `--dry-run` behavior with no filesystem writes and no provider execution.
25
+ - Flags:
26
+ - `--deep`
27
+ - `--dry-run`
28
+ - `--review`
29
+ - `--json`
30
+ - `--strict`
31
+ - `--max-files <n>`
32
+ - `--max-bytes <n>`
33
+ - `--include-source`
34
+ - `--include-tests`
35
+ - `--include-db`
36
+ - `--scope <path-or-workspace>`
37
+ - `--input <requirements.md>`
38
+ - Stack-agnostic source discovery with optional adapter hooks.
39
+ - Semantic sampling with budgets, exclusions, symlink policy, and selected/omitted reporting.
40
+ - Provider prompt and schema for evidence-backed JSON analysis.
41
+ - Confidence model for claims:
42
+ - `confirmed`
43
+ - `inferred`
44
+ - `unknown`
45
+ - `conflict`
46
+ - Privacy preflight before provider execution.
47
+ - Content-based secret detection and redaction/blocking.
48
+ - Review workflow with editable proposal, schema revalidation, final diff, and explicit confirmation.
49
+ - Safe writes only to approved docs paths and `.quiver/runs`.
50
+ - Snapshots, manifests, hashes, raw/redacted provider artifacts, and restore guidance.
51
+ - Post-write validation for schema, placeholders, doc conflicts, and strict mode.
52
+ - Public docs, command reference, tests, fixtures, and release readiness evidence.
53
+
54
+ ### Excluded
55
+
56
+ - Implementing product features in analyzed projects.
57
+ - Modifying application source code in target projects.
58
+ - Sending entire repositories to providers.
59
+ - Full AST indexing for every language.
60
+ - Guaranteeing perfect domain understanding from insufficient evidence.
61
+ - Editing `docs/PROJECT_MAP.md` with free-form AI inference. `PROJECT_MAP.md` remains deterministic; any AI-generated insights must live in managed blocks or other docs.
62
+ - Following symlinks outside the repository.
63
+ - Persisting unredacted secrets in `.quiver/runs`.
64
+
65
+ ## Approved Acceptance Criteria
66
+
67
+ 1. `npx create-quiver ai analyze-project` exists and is read-only by default.
68
+ 2. `--dry-run` never writes files, never runs a provider, and shows stack, roots, selected files, omitted files, budgets, safety exclusions, and next commands.
69
+ 3. Provider execution requires an explicit non-dry-run mode and a privacy preflight that lists files/snippets to be sent.
70
+ 4. Writes require `--review` plus explicit confirmation, or an equivalent explicit write mode added by implementation with the same safety guarantees.
71
+ 5. Discovery works with known and unknown stacks using generic signals for frontend, APIs, services, models, schemas, tests, DB/migrations, and configs.
72
+ 6. Sampling respects `--max-files`, `--max-bytes`, `--include-source`, `--include-tests`, `--include-db`, and `--scope`.
73
+ 7. Secrets are excluded by path and scanned by content before provider execution and before artifact persistence.
74
+ 8. Symlinks are not followed by default; followed symlinks must resolve inside the repo.
75
+ 9. Monorepos and workspaces report analyzed roots and support scope selection.
76
+ 10. The provider response is valid JSON against a schema before any write.
77
+ 11. Every meaningful claim includes confidence and validated evidence paths.
78
+ 12. Claims based on truncated files cannot be marked `confirmed`.
79
+ 13. Conflicts are reported and not hidden.
80
+ 14. `doc_updates` can only target approved Markdown docs and must respect size/path limits.
81
+ 15. `docs/PROJECT_MAP.md` stays deterministic; AI updates are constrained to managed blocks or other approved docs.
82
+ 16. Review opens an editable proposal, revalidates the edited JSON, shows a final diff, and allows approve/cancel.
83
+ 17. Canceling review leaves the repository unchanged.
84
+ 18. Every write creates `.quiver/runs/run-...` snapshots, manifest, before/after hashes, and redacted provider artifacts.
85
+ 19. Post-write validation checks schema, placeholders, deterministic-doc conflicts, evidence paths, and strict-mode warnings/errors.
86
+ 20. `--json` only changes output formatting and never implies provider execution or writes.
87
+ 21. Non-TTY behavior never opens an editor or waits indefinitely; unsupported interactive modes fail with actionable guidance.
88
+ 22. Tests cover dry-run no-write, privacy preflight, secret redaction, invalid JSON no-write, review cancel no-write, safe write snapshots, monorepo scope, symlinks, truncation, unknown stack, and JSON cleanliness.
89
+
90
+ ## Approved Technical Plan
91
+
92
+ 1. Add `ai analyze-project` parser support, help text, and read-only default behavior.
93
+ 2. Build a deterministic analysis plan that reports selected roots, files, omissions, budgets, safety exclusions, and provider/write next steps.
94
+ 3. Implement stack-agnostic discovery and sampling modules with adapter contracts and generic fallback.
95
+ 4. Add privacy and content safety preflight before provider execution.
96
+ 5. Create the provider prompt and JSON schema for project analysis.
97
+ 6. Parse and validate provider JSON, normalize evidence, validate paths, and enforce confidence rules.
98
+ 7. Convert validated analysis into doc update proposals for approved paths.
99
+ 8. Implement review/edit/final-diff/confirm flow and safe writes with snapshots.
100
+ 9. Add post-write validation, restore guidance, public docs, tests, fixtures, and release evidence.
101
+
102
+ ## Slice Roadmap
103
+
104
+ | Slice | Title | Status | Dependencies |
105
+ |---|---|---|---|
106
+ | slice-00 | Analysis contract foundation | completed | none |
107
+ | slice-01 | Stack-agnostic discovery and sampling | planned | slice-00 |
108
+ | slice-02 | Provider analysis JSON contract | planned | slice-01 |
109
+ | slice-03 | Doc proposal review and safe writes | planned | slice-02 |
110
+ | slice-04 | Validation, docs, fixtures, and release readiness | planned | slice-03 |
111
+
112
+ ## Validation Strategy
113
+
114
+ ```bash
115
+ node --test tests/**/*.test.js
116
+ npm run smoke:create-quiver
117
+ npm run package:quiver
118
+ node bin/create-quiver.js ai analyze-project --dry-run
119
+ node bin/create-quiver.js ai analyze-project --dry-run --json
120
+ node bin/create-quiver.js spec validate specs/quiver-v46-deep-project-analysis --strict
121
+ git diff --check
122
+ ```
123
+
124
+ ## Production Guardrails
125
+
126
+ - Default command must be read-only.
127
+ - Provider execution must be explicitly gated by privacy preflight.
128
+ - Writes must be explicitly gated by review or a future equivalent explicit write mode.
129
+ - Evidence paths must be validated against existing sampled files.
130
+ - `.quiver/runs` artifacts must be redacted and ignored from git.
131
+ - `PROJECT_MAP.md` remains deterministic.
132
+ - Monorepo analysis must identify scope to avoid mixing unrelated apps/packages.
133
+ - Missing product evidence must produce questions and `unknown`/`needs_confirmation`, not polished guesses.
134
+
135
+ ## Risks
136
+
137
+ - Secret leakage if content scanning misses hardcoded credentials.
138
+ - False confidence if evidence validation is weak.
139
+ - Poor product summaries if the selected sample is too small or skewed.
140
+ - Monorepo scope mistakes can blend domains.
141
+ - Review UX can be confusing if JSON editing and final diff are not clear.
142
+ - Snapshot restore can be unreliable without hashes and manifest discipline.
143
+
144
+ ## Resolved Decisions
145
+
146
+ - `ai analyze-project` is separate from `ai prepare-context`.
147
+ - Dry-run/read-only is the safe default.
148
+ - Provider execution and writes are distinct gates.
149
+ - AI output is schema-first JSON, not Markdown free-form.
150
+ - `docs/PROJECT_MAP.md` stays deterministic.
151
+ - Docs are updated through managed proposals and review.
152
+
153
+ ## Open Questions
154
+
155
+ - Whether a future non-interactive write mode should be named `--write`, `--yes`, or use an explicit proposal input file.
156
+ - Whether restore should be implemented in this spec as a command or documented as manifest-guided manual recovery.
157
+ - Which stack adapters ship first beyond the generic fallback.
@@ -0,0 +1,26 @@
1
+ # Quiver v46 - Deep Project Analysis Status
2
+
3
+ **Status:** Completed
4
+ **Last updated:** 2026-06-10
5
+
6
+ ## Progress
7
+
8
+ | Slice | Status | Notes |
9
+ |---|---|---|
10
+ | slice-00-analysis-contract-foundation | completed | Spec package and handoffs created. |
11
+ | slice-01-stack-agnostic-discovery-sampling | completed | Read-only command shell, deterministic discovery, sampling, safety exclusions, JSON/human output, and tests implemented. |
12
+ | slice-02-provider-analysis-json-contract | completed | Provider-backed analysis JSON contract, prompt, privacy preflight, evidence validation, confidence downgrade rules, redaction, and no-write failure paths implemented. |
13
+ | slice-03-doc-proposal-review-safe-writes | completed | Review/edit/final-diff flow, managed docs blocks, safe snapshots, manifests, dirty-doc reporting, cancellation/no-TTY handling, and tests implemented. |
14
+ | slice-04-validation-docs-release-readiness | completed | Post-write validation, public docs, fixture matrix, release smoke/package evidence, command reference updates, and package ignore hardening implemented. |
15
+
16
+ ## Current Blockers
17
+
18
+ - None.
19
+
20
+ ## Production Review Additions
21
+
22
+ - Default read-only behavior is mandatory.
23
+ - Privacy preflight is mandatory before provider execution.
24
+ - Evidence validation is mandatory before writing docs.
25
+ - Monorepo and symlink behavior must be explicit.
26
+ - Snapshots must be restorable or include clear restore guidance.