create-quiver 0.17.1 → 0.17.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (86) hide show
  1. package/ACTIVE_SLICES.md +43 -0
  2. package/CHANGELOG.md +4 -0
  3. package/auditoria-ux-ui-performance-documentacion.md +705 -0
  4. package/copys-landing-page.md +244 -0
  5. package/docs/TROUBLESHOOTING.md +53 -0
  6. package/docs/reference/commands.md +42 -0
  7. package/docs/workflows/existing-project-ai-quiver-setup.md +552 -0
  8. package/docs/workflows/existing-project.md +21 -0
  9. package/package.json +1 -1
  10. package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +1 -0
  11. package/specs/quiver-v53-reliable-deep-project-analysis/EVIDENCE_REPORT.md +151 -0
  12. package/specs/quiver-v53-reliable-deep-project-analysis/EXECUTION_PLAN.md +50 -0
  13. package/specs/quiver-v53-reliable-deep-project-analysis/SPEC.md +207 -0
  14. package/specs/quiver-v53-reliable-deep-project-analysis/STATUS.md +32 -0
  15. package/specs/quiver-v53-reliable-deep-project-analysis/pr.md +73 -0
  16. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/CLOSURE_BRIEF.md +32 -0
  17. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/EXECUTION_BRIEF.md +63 -0
  18. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/slice.json +70 -0
  19. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-01-provider-fixture-harness/CLOSURE_BRIEF.md +38 -0
  20. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-01-provider-fixture-harness/EXECUTION_BRIEF.md +60 -0
  21. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-01-provider-fixture-harness/slice.json +74 -0
  22. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-02-safe-context-boundary/CLOSURE_BRIEF.md +33 -0
  23. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-02-safe-context-boundary/EXECUTION_BRIEF.md +68 -0
  24. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-02-safe-context-boundary/slice.json +85 -0
  25. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-03-schema-error-grouping/CLOSURE_BRIEF.md +34 -0
  26. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-03-schema-error-grouping/EXECUTION_BRIEF.md +65 -0
  27. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-03-schema-error-grouping/slice.json +80 -0
  28. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-04-safe-repair-layer/CLOSURE_BRIEF.md +34 -0
  29. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-04-safe-repair-layer/EXECUTION_BRIEF.md +63 -0
  30. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-04-safe-repair-layer/slice.json +80 -0
  31. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-05-controlled-retry-layer/CLOSURE_BRIEF.md +34 -0
  32. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-05-controlled-retry-layer/EXECUTION_BRIEF.md +65 -0
  33. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-05-controlled-retry-layer/slice.json +81 -0
  34. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-06-audit-review-transaction/CLOSURE_BRIEF.md +35 -0
  35. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-06-audit-review-transaction/EXECUTION_BRIEF.md +71 -0
  36. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-06-audit-review-transaction/slice.json +88 -0
  37. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-07-semantic-validation-docs/CLOSURE_BRIEF.md +32 -0
  38. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-07-semantic-validation-docs/EXECUTION_BRIEF.md +66 -0
  39. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-07-semantic-validation-docs/slice.json +86 -0
  40. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-08-structural-map-hardening/CLOSURE_BRIEF.md +34 -0
  41. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-08-structural-map-hardening/EXECUTION_BRIEF.md +67 -0
  42. package/specs/quiver-v53-reliable-deep-project-analysis/slices/slice-08-structural-map-hardening/slice.json +81 -0
  43. package/specs/quiver-v54-deep-project-analysis-hardening/EVIDENCE_REPORT.md +53 -0
  44. package/specs/quiver-v54-deep-project-analysis-hardening/EXECUTION_PLAN.md +55 -0
  45. package/specs/quiver-v54-deep-project-analysis-hardening/SPEC.md +184 -0
  46. package/specs/quiver-v54-deep-project-analysis-hardening/STATUS.md +34 -0
  47. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-01-contract-regression-harness/CLOSURE_BRIEF.md +10 -0
  48. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-01-contract-regression-harness/EXECUTION_BRIEF.md +54 -0
  49. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-01-contract-regression-harness/slice.json +72 -0
  50. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-02-safe-discovery-sampling/CLOSURE_BRIEF.md +11 -0
  51. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-02-safe-discovery-sampling/EXECUTION_BRIEF.md +53 -0
  52. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-02-safe-discovery-sampling/slice.json +69 -0
  53. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-03-run-lifecycle-cli-io/CLOSURE_BRIEF.md +10 -0
  54. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-03-run-lifecycle-cli-io/EXECUTION_BRIEF.md +53 -0
  55. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-03-run-lifecycle-cli-io/slice.json +69 -0
  56. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-04-artifact-store-redaction/CLOSURE_BRIEF.md +10 -0
  57. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-04-artifact-store-redaction/EXECUTION_BRIEF.md +54 -0
  58. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-04-artifact-store-redaction/slice.json +73 -0
  59. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-05-path-aware-repair-engine/CLOSURE_BRIEF.md +10 -0
  60. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-05-path-aware-repair-engine/EXECUTION_BRIEF.md +57 -0
  61. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-05-path-aware-repair-engine/slice.json +72 -0
  62. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-06-retry-controller/CLOSURE_BRIEF.md +9 -0
  63. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-06-retry-controller/EXECUTION_BRIEF.md +52 -0
  64. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-06-retry-controller/slice.json +70 -0
  65. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-07-final-validation-review-write-gate/CLOSURE_BRIEF.md +10 -0
  66. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-07-final-validation-review-write-gate/EXECUTION_BRIEF.md +57 -0
  67. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-07-final-validation-review-write-gate/slice.json +75 -0
  68. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-08-doctor-agents-guidance/CLOSURE_BRIEF.md +9 -0
  69. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-08-doctor-agents-guidance/EXECUTION_BRIEF.md +51 -0
  70. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-08-doctor-agents-guidance/slice.json +66 -0
  71. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-09-release-smoke-rollback-docs/CLOSURE_BRIEF.md +10 -0
  72. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-09-release-smoke-rollback-docs/EXECUTION_BRIEF.md +54 -0
  73. package/specs/quiver-v54-deep-project-analysis-hardening/slices/slice-09-release-smoke-rollback-docs/slice.json +69 -0
  74. package/src/create-quiver/commands/ai.js +353 -70
  75. package/src/create-quiver/index.js +3 -0
  76. package/src/create-quiver/lib/ai/analyze-project-discovery.js +213 -2
  77. package/src/create-quiver/lib/ai/analyze-project-docs.js +3 -1
  78. package/src/create-quiver/lib/ai/analyze-project-parser.js +1 -0
  79. package/src/create-quiver/lib/ai/analyze-project-prompts.js +130 -0
  80. package/src/create-quiver/lib/ai/analyze-project-repair.js +402 -0
  81. package/src/create-quiver/lib/ai/analyze-project-sampling.js +31 -4
  82. package/src/create-quiver/lib/ai/analyze-project-validation.js +168 -0
  83. package/src/create-quiver/lib/ai/artifacts.js +83 -2
  84. package/src/create-quiver/lib/doctor.js +107 -12
  85. package/src/create-quiver/lib/i18n/messages/en.js +5 -0
  86. package/src/create-quiver/lib/i18n/messages/es.js +5 -0
@@ -0,0 +1,151 @@
1
+ # Evidence Report - Quiver v53 Reliable Deep Project Analysis
2
+
3
+ **Status:** Completed
4
+
5
+ ## Evidence To Capture
6
+
7
+ - Spec validation output.
8
+ - JSON parse/schema validation for every `slice.json`.
9
+ - Provider fake fixture test results.
10
+ - Dry-run no-write evidence.
11
+ - Secret redaction and exclusion tests.
12
+ - Repair/retry test results.
13
+ - Audit manifest snapshots.
14
+ - Optional live smoke against `nika-erp`.
15
+
16
+ ## Initial Evidence
17
+
18
+ - Requirement approved by user.
19
+ - Acceptance criteria approved by user.
20
+ - Technical plan revised after production review and approved by user.
21
+ - `node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict` passed.
22
+ - `npm run schema:slice:check` passed.
23
+ - `git diff --check` passed.
24
+
25
+ ## Pending Evidence
26
+
27
+ - Optional live smoke against `nika-erp` remains release evidence, not a required deterministic gate.
28
+
29
+ ## Slice Evidence
30
+
31
+ ### slice-00-analysis-run-contract
32
+
33
+ - Status: completed.
34
+ - Evidence: `SPEC.md` defines modes, write boundaries, manifest artifacts, error taxonomy, and validation strategy.
35
+ - Validation to rerun after this closure:
36
+ - `node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict`
37
+ - `npm run schema:slice:check`
38
+ - `git diff --check`
39
+
40
+ ### slice-01-provider-fixture-harness
41
+
42
+ - Status: completed.
43
+ - Evidence:
44
+ - `tests/fixtures/analyze-project/provider-output-cases.json`
45
+ - `tests/commands/ai-analyze-project-provider.test.js`
46
+ - Validation:
47
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 14 tests.
48
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
49
+ - `git diff --check` passed.
50
+
51
+ ### slice-03-schema-error-grouping
52
+
53
+ - Status: completed.
54
+ - Evidence:
55
+ - `src/create-quiver/lib/ai/analyze-project-validation.js`
56
+ - `src/create-quiver/commands/ai.js`
57
+ - `tests/commands/ai-analyze-project-provider.test.js`
58
+ - Validation:
59
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 14 tests.
60
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
61
+ - `node --test tests/lib/ai-analyze-project-parser.test.js` passed: 5 tests.
62
+ - `node --test tests/lib/ai-analyze-project-validation.test.js` passed: 4 tests.
63
+ - `npm run docs:check` passed.
64
+ - `git diff --check` passed.
65
+
66
+ ### slice-02-safe-context-boundary
67
+
68
+ - Status: completed.
69
+ - Evidence:
70
+ - `src/create-quiver/lib/ai/analyze-project-prompts.js`
71
+ - `src/create-quiver/commands/ai.js`
72
+ - `tests/commands/ai-analyze-project-provider.test.js`
73
+ - Validation:
74
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 14 tests.
75
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
76
+ - `node --test tests/lib/ai-safety.test.js` passed: 4 tests.
77
+ - `npm run smoke:create-quiver` passed.
78
+ - `git diff --check` passed.
79
+
80
+ ### slice-04-safe-repair-layer
81
+
82
+ - Status: completed.
83
+ - Evidence:
84
+ - `src/create-quiver/lib/ai/analyze-project-repair.js`
85
+ - `tests/lib/ai/analyze-project-repair.test.js`
86
+ - `tests/commands/ai-analyze-project-provider.test.js`
87
+ - Validation:
88
+ - `node --test tests/lib/ai/analyze-project-repair.test.js` passed: 3 tests.
89
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 14 tests.
90
+ - `npm run schema:slice:check` passed.
91
+ - `git diff --check` passed.
92
+
93
+ ### slice-05-controlled-retry-layer
94
+
95
+ - Status: completed.
96
+ - Evidence:
97
+ - `src/create-quiver/commands/ai.js`
98
+ - `src/create-quiver/lib/ai/analyze-project-prompts.js`
99
+ - `src/create-quiver/lib/ai/analyze-project-validation.js`
100
+ - `tests/commands/ai-analyze-project-provider.test.js`
101
+ - Validation:
102
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 17 tests.
103
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
104
+ - `node --test tests/lib/ai/analyze-project-repair.test.js` passed: 3 tests.
105
+ - `npm run schema:slice:check` passed.
106
+ - `git diff --check` passed.
107
+
108
+ ### slice-06-audit-review-transaction
109
+
110
+ - Status: completed.
111
+ - Evidence:
112
+ - `src/create-quiver/commands/ai.js`
113
+ - `src/create-quiver/lib/ai/analyze-project-docs.js`
114
+ - `tests/commands/ai-analyze-project-provider.test.js`
115
+ - `tests/commands/ai-analyze-project-review.test.js`
116
+ - Validation:
117
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 17 tests.
118
+ - `node --test tests/commands/ai-analyze-project-review.test.js` passed: 5 tests.
119
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
120
+ - `npm run smoke:create-quiver` passed.
121
+ - `git diff --check` passed.
122
+
123
+ ### slice-07-semantic-validation-docs
124
+
125
+ - Status: completed.
126
+ - Evidence:
127
+ - `docs/reference/commands.md`
128
+ - `docs/workflows/existing-project.md`
129
+ - `docs/TROUBLESHOOTING.md`
130
+ - `tests/commands/ai-analyze-project-provider.test.js`
131
+ - Validation:
132
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 17 tests.
133
+ - `npm run docs:check` passed.
134
+ - `npm run smoke:create-quiver` passed.
135
+ - `git diff --check` passed.
136
+
137
+ ### slice-08-structural-map-hardening
138
+
139
+ - Status: completed.
140
+ - Evidence:
141
+ - `src/create-quiver/lib/ai/analyze-project-discovery.js`
142
+ - `src/create-quiver/lib/ai/analyze-project-prompts.js`
143
+ - `tests/lib/ai-analyze-project-discovery.test.js`
144
+ - `tests/commands/ai-analyze-project.test.js`
145
+ - `tests/commands/ai-analyze-project-provider.test.js`
146
+ - Validation:
147
+ - `node --test tests/lib/ai-analyze-project-discovery.test.js` passed: 4 tests.
148
+ - `node --test tests/commands/ai-analyze-project.test.js` passed: 3 tests.
149
+ - `node --test tests/commands/ai-analyze-project-provider.test.js` passed: 17 tests.
150
+ - `npm run smoke:create-quiver` passed.
151
+ - `git diff --check` passed.
@@ -0,0 +1,50 @@
1
+ # Execution Plan - Quiver v53 Reliable Deep Project Analysis
2
+
3
+ ## Sequential Order
4
+
5
+ 1. `slice-00-analysis-run-contract`
6
+ 2. `slice-01-provider-fixture-harness`
7
+ 3. `slice-02-safe-context-boundary`
8
+ 4. `slice-03-schema-error-grouping`
9
+ 5. `slice-04-safe-repair-layer`
10
+ 6. `slice-05-controlled-retry-layer`
11
+ 7. `slice-06-audit-review-transaction`
12
+ 8. `slice-07-semantic-validation-docs`
13
+ 9. `slice-08-structural-map-hardening`
14
+
15
+ ## Dependency Rules
16
+
17
+ - Do not implement repair before grouped validation errors and provider fixtures exist.
18
+ - Do not implement retry before repairability and fatal/retryable taxonomy exist.
19
+ - Do not write final docs from provider output before audit, review, snapshot, and valid final JSON are in place.
20
+ - Do not add structural map hardening until reliability gates pass.
21
+
22
+ ## Parallelization Guidance
23
+
24
+ After `slice-01` is complete:
25
+
26
+ - `slice-02-safe-context-boundary` and `slice-03-schema-error-grouping` can proceed in parallel if they do not share the same files.
27
+
28
+ After `slice-06` is complete:
29
+
30
+ - `slice-07-semantic-validation-docs` can prepare docs/benchmark while `slice-08` starts structural-map discovery only if `slice-08` does not alter provider/retry contracts.
31
+
32
+ ## Validation Gates
33
+
34
+ - Every slice must update its own `slice.json` status only after evidence exists.
35
+ - Every slice must preserve `--dry-run` no-write behavior.
36
+ - Every provider-related slice must include provider fake tests.
37
+ - Before closing this spec, run:
38
+
39
+ ```bash
40
+ node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict
41
+ npm run schema:slice:check
42
+ npm run docs:check
43
+ git diff --check
44
+ ```
45
+
46
+ ## Rollback
47
+
48
+ - Runtime slices must be independently revertible.
49
+ - Repair/retry behavior must be disableable by reverting slices 04 and 05 without breaking dry-run discovery.
50
+ - Audit/review writes must be revertible by snapshots and manifest hashes.
@@ -0,0 +1,207 @@
1
+ # Quiver v53 - Reliable Deep Project Analysis
2
+
3
+ **Date:** 2026-06-11
4
+ **Status:** Completed
5
+ **Source:** User-approved requirement, acceptance criteria, production review, and revised technical plan for reliable `ai analyze-project` provider execution.
6
+
7
+ Slice numbering resets here. This spec intentionally starts at `slice-00`.
8
+
9
+ ## Problem
10
+
11
+ `ai analyze-project --deep` can now discover a representative project sample and show provider progress, but live provider output can drift from the strict analysis schema. In the `nika-erp` validation run, Codex returned JSON with unsupported `notes` keys inside `domain.roles`, `domain.entities`, and `domain.actions`, causing:
12
+
13
+ ```text
14
+ provider analysis JSON does not match the required schema
15
+ ```
16
+
17
+ The command did the right safety thing by failing without doc writes, but the user experience and reliability are not production-grade yet. A real user needs Quiver to treat provider output as untrusted, validate it, repair only safe schema drift, retry only when useful, audit artifacts, and never write invalid docs.
18
+
19
+ ## Objective
20
+
21
+ Make:
22
+
23
+ ```bash
24
+ npx --yes create-quiver@latest ai analyze-project --deep --provider codex --model gpt-5.5
25
+ ```
26
+
27
+ robust, auditable, and safe in real projects by implementing a transactional analysis pipeline:
28
+
29
+ ```text
30
+ discover -> normalize context -> provider generate -> validate/repair -> review/write
31
+ ```
32
+
33
+ The command must produce a valid analysis proposal or fail with a compact actionable error, without writing final docs or product code when the final JSON is invalid.
34
+
35
+ ## Scope
36
+
37
+ ### Included
38
+
39
+ - Formal analysis run contract and versioned manifests in `.quiver/runs`.
40
+ - Explicit mode contract for `--dry-run`, provider execution, `--json`, `--review`, and future write paths.
41
+ - Provider fixture harness for deterministic drift scenarios.
42
+ - Safe context boundary with pre-provider redaction and prompt-injection guardrails.
43
+ - Error taxonomy for repairable, retryable, and fatal provider/schema failures.
44
+ - Compact schema error grouping with complete manifest output.
45
+ - Minimal safe repair for `additionalProperties` drift such as unsupported `notes` keys.
46
+ - Controlled retry layer with hard retry cap and compact retry prompts.
47
+ - Audit artifacts for raw/redacted/repaired provider output, validation, retries, context, and final status.
48
+ - Review/write transaction with edited proposal revalidation, diff, confirmation, snapshot, and atomic writes.
49
+ - Semantic validation for evidence-backed confidence and claim quality.
50
+ - Public docs and benchmark guidance.
51
+ - Optional structural map hardening after reliability kernel is stable.
52
+
53
+ ### Excluded
54
+
55
+ - Product-code changes in analyzed repositories.
56
+ - Generating specs automatically without human approval.
57
+ - Writing final documentation without review/confirmation.
58
+ - Accepting arbitrary provider fields by relaxing the schema.
59
+ - Moving provider-provided `notes` into semantic fields unless the schema explicitly defines a destination in a future change.
60
+ - Full multi-language AST indexing in this spec.
61
+ - Provider-specific features that cannot fall back to validate/repair/retry.
62
+
63
+ ## Approved Acceptance Criteria
64
+
65
+ 1. The command shows visible progress within 2 seconds and keeps reporting status while provider execution runs.
66
+ 2. `--dry-run` writes 0 files and runs 0 providers.
67
+ 3. `--json` emits machine-readable JSON only and does not mix spinner/progress output into stdout.
68
+ 4. Provider execution treats repository content as untrusted data, not as instructions.
69
+ 5. Quiver excludes and redacts secrets before provider execution and before artifact persistence.
70
+ 6. `.env`, secrets, `.git`, `node_modules`, `.next`, caches, dumps, binaries, and unsafe symlinks are never sent to the provider.
71
+ 7. Quiver writes a selected-context manifest with paths, bytes, reasons, truncation, and safety exclusions.
72
+ 8. Provider output is parsed, validated, and classified before any final docs write.
73
+ 9. Schema errors are grouped by type/path family in console output, with complete details stored in a validation manifest.
74
+ 10. Repair is limited to safe structural changes, initially removing unsupported additional properties such as `notes`.
75
+ 11. Repair never changes claim meaning, confidence, evidence, or inferred facts.
76
+ 12. Non-repairable but retryable failures can trigger at most 2 retries, with default 1 retry.
77
+ 13. Retry prompts include compact schema feedback and do not resend more context than necessary unless explicitly required.
78
+ 14. Fatal failures fail immediately with 0 final doc writes.
79
+ 15. If final JSON remains invalid after repair/retry, Quiver fails without final docs writes.
80
+ 16. Provider raw output, redacted output, repaired output when present, validation manifest, repair manifest, retry manifest, selected context, and final status are saved under `.quiver/runs/run-...` when provider execution occurs.
81
+ 17. Run artifacts are size-bounded, redacted, versioned, and ignored from git.
82
+ 18. `--review` opens or prepares an editable proposal, revalidates edited JSON, shows a final diff, and requires explicit approval before docs writes.
83
+ 19. Canceling review leaves final docs unchanged.
84
+ 20. Any docs write creates snapshots and hashes before writing, then writes atomically.
85
+ 21. Semantic validation checks that meaningful claims include confidence and evidence, and prevents `confirmed` claims without explicit evidence.
86
+ 22. The `nika-erp` failure mode with extra `notes` keys is covered by a deterministic fixture.
87
+ 23. The command passes or fails in `nika-erp` without massive schema noise.
88
+ 24. Regression tests cover provider fake success, repair success, retry success, retry exhausted, secret-like content, parse failure, JSON fences, truncation, and no invalid writes.
89
+
90
+ ## Technical Strategy
91
+
92
+ The solution must start with a reliability kernel, not a broader indexing project:
93
+
94
+ 1. Define run contracts, modes, states, and manifests.
95
+ 2. Add deterministic provider fixture tests.
96
+ 3. Enforce safe context boundaries before provider calls.
97
+ 4. Classify and group validation errors.
98
+ 5. Add minimal safe repair.
99
+ 6. Add controlled retry.
100
+ 7. Add audit and review/write transaction.
101
+ 8. Add semantic validation, docs, and benchmark guidance.
102
+ 9. Add structural map hardening only after reliability is stable.
103
+
104
+ ## Mode Contract
105
+
106
+ | Mode | Provider | Writes | Notes |
107
+ |---|---:|---:|---|
108
+ | `--dry-run` | no | none | Reports planned context and safety exclusions only. |
109
+ | provider execution without `--review` | yes | audit only | Writes redacted `.quiver/runs` artifacts, never final docs. |
110
+ | `--review` | yes | audit, then docs only after approval | Editable proposal, revalidation, final diff, confirmation, snapshot. |
111
+ | `--json` | depends on other flags | same as selected mode | JSON stdout only; progress goes to stderr or is suppressed. |
112
+ | non-TTY | yes if explicitly requested | same as selected mode | Never opens editor or waits for interactive confirmation. |
113
+
114
+ ## Error Taxonomy
115
+
116
+ | Class | Examples | Behavior |
117
+ |---|---|---|
118
+ | repairable | `additionalProperties` such as `notes` | Remove only unsupported keys, record manifest, revalidate. |
119
+ | retryable | missing required, wrong type, invalid enum, parse/truncated JSON, markdown fences if parsing is ambiguous | Retry with compact schema feedback up to cap. |
120
+ | fatal | secret leak candidate, provider command failure, unsafe context, ambiguous multi-JSON, write path violation | Fail immediately with actionable guidance and no final docs writes. |
121
+
122
+ ## Slice Roadmap
123
+
124
+ | Slice | Title | Status | Dependencies |
125
+ |---|---|---|---|
126
+ | slice-00 | Analysis run contract | completed | none |
127
+ | slice-01 | Provider fixture harness | completed | slice-00 |
128
+ | slice-02 | Safe context boundary | completed | slice-00, slice-01 |
129
+ | slice-03 | Schema error grouping | completed | slice-01 |
130
+ | slice-04 | Safe repair layer | completed | slice-03 |
131
+ | slice-05 | Controlled retry layer | completed | slice-03, slice-04 |
132
+ | slice-06 | Audit and review transaction | completed | slice-02, slice-04, slice-05 |
133
+ | slice-07 | Semantic validation, docs, and benchmark | completed | slice-06 |
134
+ | slice-08 | Structural map hardening | completed | slice-07 |
135
+
136
+ ## Validation Strategy
137
+
138
+ Required validation should include:
139
+
140
+ ```bash
141
+ npm ci
142
+ node --test tests/commands/ai-analyze-project-provider.test.js
143
+ node --test tests/commands/ai-analyze-project.test.js
144
+ node --test tests/lib/ai/*.test.js
145
+ npm run docs:check
146
+ npm run schema:slice:check
147
+ npm run smoke:create-quiver
148
+ npm run package:quiver
149
+ node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict
150
+ git diff --check
151
+ ```
152
+
153
+ Live validation against `nika-erp` is useful but must remain an optional evidence smoke, not a required deterministic CI gate.
154
+
155
+ ## Benchmark Contract
156
+
157
+ Benchmarks must be split into:
158
+
159
+ - deterministic provider fake benchmarks for CI;
160
+ - optional live provider benchmarks for release evidence.
161
+
162
+ Minimum benchmark cases:
163
+
164
+ - valid JSON/schema success;
165
+ - extra `notes` keys;
166
+ - markdown fences;
167
+ - text before/after JSON;
168
+ - JSON truncation;
169
+ - missing required fields;
170
+ - invalid confidence;
171
+ - secret-like content;
172
+ - retry success;
173
+ - retry exhausted.
174
+
175
+ ## Production Guardrails
176
+
177
+ - Provider output is untrusted until parsed, validated, repaired when safe, and revalidated.
178
+ - Repository content is untrusted input and cannot override system/provider instructions.
179
+ - Repair must be structural and auditable, not semantic.
180
+ - Final docs writes only happen after valid final JSON and explicit review approval.
181
+ - `.quiver/runs` artifacts must be redacted, size-bounded, versioned, and git-ignored.
182
+ - Errors in console stay compact; full details live in manifests.
183
+ - CI/non-TTY must never hang on prompts or editors.
184
+
185
+ ## Risks
186
+
187
+ - Secret or PII leakage if redaction happens only after provider execution.
188
+ - Silent data loss if repair removes meaningful provider content without manifest.
189
+ - High cost or long latency if retry resends full context.
190
+ - Overfitting to Codex behavior and breaking Claude/Gemini.
191
+ - Review UX confusion if audit writes and final docs writes are not clearly separated.
192
+ - Schema-valid but low-quality analysis if semantic validation is weak.
193
+
194
+ ## Resolved Decisions
195
+
196
+ - Keep schema strict; do not relax it to absorb arbitrary provider output.
197
+ - Repair only safe structural drift, initially unsupported extra keys.
198
+ - Do not move `notes` into another semantic field in this spec.
199
+ - Treat structured outputs as optional provider capability; validate/repair/retry remains mandatory fallback.
200
+ - Do not implement structural/symbol map before the reliability kernel.
201
+ - Use `nika-erp` as a live smoke reference and synthetic fixtures for deterministic tests.
202
+
203
+ ## Open Questions
204
+
205
+ - Whether a future flag should expose retry control as `--max-retries <n>` immediately or keep it internal first.
206
+ - Whether restore should be implemented as a command in a future spec or remain manifest-guided manual recovery here.
207
+ - Which provider metadata can be reliably captured for cost/latency without provider-specific brittle parsing.
@@ -0,0 +1,32 @@
1
+ # Status - Quiver v53 Reliable Deep Project Analysis
2
+
3
+ **Status:** Completed
4
+ **Last updated:** 2026-06-11
5
+
6
+ ## Current State
7
+
8
+ All slices are completed. Reliable deep project analysis now has deterministic fixtures, safe context boundaries, schema grouping, repair, retry, audit/review transactions, docs, benchmark guidance, and structural map hardening.
9
+
10
+ ## Slice Status
11
+
12
+ | Slice | Status | Notes |
13
+ |---|---|---|
14
+ | slice-00-analysis-run-contract | completed | Establishes modes, run states, manifest contracts, and error taxonomy. |
15
+ | slice-01-provider-fixture-harness | completed | Creates deterministic provider fake coverage for schema drift. |
16
+ | slice-02-safe-context-boundary | completed | Enforces pre-provider redaction, prompt injection guardrails, and context manifests. |
17
+ | slice-03-schema-error-grouping | completed | Makes schema failures compact and actionable. |
18
+ | slice-04-safe-repair-layer | completed | Repairs only safe additionalProperties drift such as `notes`. |
19
+ | slice-05-controlled-retry-layer | completed | Adds bounded retry with compact schema feedback. |
20
+ | slice-06-audit-review-transaction | completed | Adds run artifacts, review flow, snapshots, and atomic writes. |
21
+ | slice-07-semantic-validation-docs | completed | Adds semantic validation, docs, and benchmark evidence. |
22
+ | slice-08-structural-map-hardening | completed | Improves context quality after reliability kernel is stable. |
23
+
24
+ ## Blockers
25
+
26
+ - None.
27
+
28
+ ## Next Command
29
+
30
+ ```bash
31
+ npm run smoke:create-quiver
32
+ ```
@@ -0,0 +1,73 @@
1
+ ## Title
2
+
3
+ docs: add reliable deep project analysis spec
4
+
5
+ ## Summary
6
+
7
+ Adds the Quiver v53 spec package for hardening `ai analyze-project --deep --provider codex --model gpt-5.5` against provider schema drift, unsafe context handling, noisy validation failures, and invalid writes.
8
+
9
+ ## PR Policy
10
+
11
+ Docs/spec-only PR. No runtime implementation is included.
12
+
13
+ ## Scope
14
+
15
+ - Adds `SPEC.md`.
16
+ - Adds `EXECUTION_PLAN.md`.
17
+ - Adds `STATUS.md`.
18
+ - Adds `EVIDENCE_REPORT.md`.
19
+ - Adds planned slices with `slice.json`, `EXECUTION_BRIEF.md`, and `CLOSURE_BRIEF.md`.
20
+
21
+ ## Files
22
+
23
+ - `specs/quiver-v53-reliable-deep-project-analysis/**`
24
+
25
+ ## How to Test (DETAILED - REQUIRED)
26
+
27
+ ### Required Environment
28
+
29
+ - Node.js and npm available.
30
+ - Repository dependencies installed if running full checks.
31
+
32
+ ### Worktree Access
33
+
34
+ ```bash
35
+ git checkout docs/quiver-v53-reliable-deep-project-analysis
36
+ ```
37
+
38
+ ### Run the Project
39
+
40
+ No dev server is required. This is a documentation/spec package.
41
+
42
+ ### Use Cases
43
+
44
+ 1. Review the spec and slice roadmap.
45
+ 2. Confirm each slice has an execution brief and closure brief.
46
+ 3. Confirm the slice order matches the approved reliability-first plan.
47
+
48
+ ### Technical Verification
49
+
50
+ ```bash
51
+ node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict
52
+ npm run schema:slice:check
53
+ git diff --check
54
+ ```
55
+
56
+ ## Evidence
57
+
58
+ - `node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict`
59
+ - `npm run schema:slice:check`
60
+ - `git diff --check`
61
+
62
+ ## Rollback
63
+
64
+ Revert the spec package directory:
65
+
66
+ ```bash
67
+ git revert <commit>
68
+ ```
69
+
70
+ ## Risks / Notes
71
+
72
+ - Runtime behavior is unchanged.
73
+ - Implementation must be done through the documented slices, not from the full spec at once.
@@ -0,0 +1,32 @@
1
+ # CLOSURE_BRIEF - slice-00 analysis run contract
2
+
3
+ ## Status
4
+
5
+ Completed on 2026-06-11.
6
+
7
+ ## Summary
8
+
9
+ The reliable `ai analyze-project` run contract is documented and ready to serve as the source of truth for runtime slices. It defines mode behavior, write boundaries, run artifacts, error classes, and zero-final-write guarantees for invalid provider output.
10
+
11
+ ## Evidence
12
+
13
+ - `SPEC.md` documents `--dry-run`, provider execution, `--json`, `--review`, non-TTY behavior, write boundaries, error taxonomy, and benchmark expectations.
14
+ - `EXECUTION_PLAN.md` documents dependency order, parallelization limits, validation gates, and rollback expectations.
15
+ - `slice.json` identifies the contract as docs-only and limits writes to spec documentation.
16
+
17
+ ## Validation
18
+
19
+ - `node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict`
20
+ - `npm run schema:slice:check`
21
+ - `git diff --check`
22
+
23
+ ## Decisions
24
+
25
+ - `--dry-run` is a no-provider, no-write mode.
26
+ - Provider execution without `--review` may write only redacted audit artifacts under `.quiver/runs`.
27
+ - Final docs writes require valid final JSON plus explicit review approval.
28
+ - Provider output is untrusted until parsed, validated, safely repaired when applicable, and revalidated.
29
+
30
+ ## Follow-ups
31
+
32
+ - Execute `slice-01-provider-fixture-harness` next to pin deterministic drift scenarios before runtime hardening.
@@ -0,0 +1,63 @@
1
+ # EXECUTION_BRIEF - slice-00 analysis run contract
2
+
3
+ ## Context
4
+
5
+ `ai analyze-project` needs a production contract before repair, retry, and audit logic are implemented. The command must separate read-only planning, provider execution, audit writes, review, and final documentation writes.
6
+
7
+ ## Objective
8
+
9
+ Define the reliable analysis run contract for Quiver v53.
10
+
11
+ ## Scope
12
+
13
+ - Mode behavior for `--dry-run`, provider execution, `--json`, `--review`, and non-TTY.
14
+ - Run state names.
15
+ - Manifest artifact names.
16
+ - Error taxonomy.
17
+ - Write boundaries.
18
+
19
+ ## Acceptance Criteria
20
+
21
+ - Mode behavior is explicit and testable.
22
+ - Invalid final JSON guarantees 0 final docs writes.
23
+ - `.quiver/runs` audit writes are clearly distinguished from docs writes.
24
+ - Later slices can implement against this contract without reinterpreting behavior.
25
+
26
+ ## Expected Files To Modify
27
+
28
+ - `specs/quiver-v53-reliable-deep-project-analysis/SPEC.md`
29
+ - `specs/quiver-v53-reliable-deep-project-analysis/EXECUTION_PLAN.md`
30
+ - `specs/quiver-v53-reliable-deep-project-analysis/STATUS.md`
31
+ - `specs/quiver-v53-reliable-deep-project-analysis/EVIDENCE_REPORT.md`
32
+ - this slice directory
33
+
34
+ ## Validations Required
35
+
36
+ - `node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict`
37
+ - `npm run schema:slice:check`
38
+ - `git diff --check`
39
+
40
+ ## Risks
41
+
42
+ - Ambiguous mode contract creates inconsistent implementations.
43
+ - Audit writes may be mistaken for docs writes unless named explicitly.
44
+
45
+ ## Dependencies
46
+
47
+ - None.
48
+
49
+ ## Instructions For Executor
50
+
51
+ 1. Keep this slice docs-only.
52
+ 2. Do not implement runtime code here.
53
+ 3. Update the closure brief with final contract decisions and validation evidence.
54
+
55
+ ## Completion Checklist
56
+
57
+ - [ ] Contract sections are complete.
58
+ - [ ] Slice JSON status is updated.
59
+ - [ ] Closure brief is filled.
60
+
61
+ ## Conditions Of Closure
62
+
63
+ - The spec has an unambiguous contract for every later slice.
@@ -0,0 +1,70 @@
1
+ {
2
+ "slice_id": "slice-00-analysis-run-contract",
3
+ "ticket": "QUIVER-53-00",
4
+ "type": "docs-contract",
5
+ "title": "Analysis run contract",
6
+ "objective": "Define the reliable analyze-project run contract before runtime changes begin.",
7
+ "description": "Documents mode behavior, run states, manifest schemas, error taxonomy, and write boundaries for reliable provider-backed project analysis.",
8
+ "git": {
9
+ "branch_type": "feature",
10
+ "base_branch": "main",
11
+ "branch_slug": "v53-analysis-run-contract",
12
+ "branch_name": "feature/QUIVER-53-00-v53-analysis-run-contract"
13
+ },
14
+ "files": [
15
+ "specs/quiver-v53-reliable-deep-project-analysis/SPEC.md",
16
+ "specs/quiver-v53-reliable-deep-project-analysis/EXECUTION_PLAN.md",
17
+ "specs/quiver-v53-reliable-deep-project-analysis/STATUS.md",
18
+ "specs/quiver-v53-reliable-deep-project-analysis/EVIDENCE_REPORT.md",
19
+ "specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/CLOSURE_BRIEF.md",
20
+ "specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/slice.json"
21
+ ],
22
+ "expected_read_paths": [
23
+ "specs/quiver-v46-deep-project-analysis/SPEC.md",
24
+ "src/create-quiver/commands/ai.js",
25
+ "src/create-quiver/lib/ai/analyze-project-schema.js",
26
+ "src/create-quiver/lib/ai/analyze-project-validation.js"
27
+ ],
28
+ "allowed_write_paths": [
29
+ "specs/quiver-v53-reliable-deep-project-analysis/SPEC.md",
30
+ "specs/quiver-v53-reliable-deep-project-analysis/EXECUTION_PLAN.md",
31
+ "specs/quiver-v53-reliable-deep-project-analysis/STATUS.md",
32
+ "specs/quiver-v53-reliable-deep-project-analysis/EVIDENCE_REPORT.md",
33
+ "specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/CLOSURE_BRIEF.md",
34
+ "specs/quiver-v53-reliable-deep-project-analysis/slices/slice-00-analysis-run-contract/slice.json"
35
+ ],
36
+ "depends_on": [],
37
+ "parallel_safe": "never",
38
+ "parallel_safe_reason": "The contract defines boundaries used by all later slices.",
39
+ "must": [
40
+ "Define exact behavior for --dry-run, provider execution, --json, --review, non-TTY, and write paths.",
41
+ "Define versioned run manifest states and artifact names.",
42
+ "Define repairable, retryable, and fatal error classes.",
43
+ "Define zero-final-write guarantees for invalid final JSON."
44
+ ],
45
+ "not_included": [
46
+ "Runtime implementation.",
47
+ "Provider calls.",
48
+ "Schema repair logic."
49
+ ],
50
+ "acceptance": [
51
+ "The spec documents mode behavior without ambiguity.",
52
+ "The spec documents run manifest fields and state transitions.",
53
+ "The spec documents error taxonomy and write boundaries.",
54
+ "Later slices can reference this slice as the source of truth."
55
+ ],
56
+ "tests": [
57
+ "node bin/create-quiver.js spec validate specs/quiver-v53-reliable-deep-project-analysis --strict",
58
+ "npm run schema:slice:check",
59
+ "git diff --check"
60
+ ],
61
+ "validation_hints": [
62
+ "No runtime code should be changed in this slice."
63
+ ],
64
+ "estimated_hours": 2,
65
+ "actual_hours": 1,
66
+ "status": "completed",
67
+ "started_at": "2026-06-11T11:59:11Z",
68
+ "completed_at": "2026-06-11T11:59:11Z",
69
+ "blocked_reason": null
70
+ }