create-quiver 0.17.4 → 0.17.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/docs/CLI_UX_GUIDE.md +7 -0
- package/docs/TROUBLESHOOTING.md +62 -0
- package/docs/reference/commands.md +16 -0
- package/docs/workflows/existing-project-ai-quiver-setup.md +0 -1
- package/docs/workflows/existing-project.md +1 -0
- package/package.json +1 -1
- package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +1 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/EVIDENCE_REPORT.md +11 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/EXECUTION_PLAN.md +28 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/SPEC.md +96 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/STATUS.md +26 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/pr.md +56 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-01-document-classification-merge-engine/CLOSURE_BRIEF.md +61 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-01-document-classification-merge-engine/EXECUTION_BRIEF.md +59 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-01-document-classification-merge-engine/pr.md +61 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-01-document-classification-merge-engine/slice.json +71 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-02-apply-integration-validation-contract/CLOSURE_BRIEF.md +30 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-02-apply-integration-validation-contract/EXECUTION_BRIEF.md +39 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-02-apply-integration-validation-contract/pr.md +62 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-02-apply-integration-validation-contract/slice.json +80 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-03-cli-docs-real-fixture-smoke/CLOSURE_BRIEF.md +29 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-03-cli-docs-real-fixture-smoke/EXECUTION_BRIEF.md +32 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-03-cli-docs-real-fixture-smoke/pr.md +61 -0
- package/specs/quiver-v56-analyze-project-usable-doc-merge/slices/slice-03-cli-docs-real-fixture-smoke/slice.json +79 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/EVIDENCE_REPORT.md +27 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/EXECUTION_PLAN.md +41 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/SPEC.md +139 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/STATUS.md +20 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/pr.md +124 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/pr.md +12 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/slice.json +60 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/CLOSURE_BRIEF.md +9 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/EXECUTION_BRIEF.md +54 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/pr.md +12 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/slice.json +60 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/CLOSURE_BRIEF.md +10 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/pr.md +13 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/slice.json +68 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/CLOSURE_BRIEF.md +14 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/EXECUTION_BRIEF.md +55 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/pr.md +14 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/slice.json +65 -0
- package/src/create-quiver/commands/ai.js +132 -2
- package/src/create-quiver/lib/ai/analyze-project-docs.js +284 -4
- package/src/create-quiver/lib/ai/analyze-project-proposal.js +11 -0
- package/src/create-quiver/lib/ai/analyze-project-recovery.js +736 -0
- package/src/create-quiver/lib/ai/analyze-project-validation.js +27 -0
- package/src/create-quiver/lib/i18n/messages/en.js +6 -0
- package/src/create-quiver/lib/i18n/messages/es.js +6 -0
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
# Quiver v57 - Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-06-18
|
|
4
|
+
**Status:** In Progress
|
|
5
|
+
**Source:** User-approved requirement, production review, stricter second-pass review, and execution plan for recoverable `ai analyze-project` evidence validation failures.
|
|
6
|
+
|
|
7
|
+
## Problem
|
|
8
|
+
|
|
9
|
+
`ai analyze-project --deep --provider codex --model gpt-5.5` can fail safely when the provider cites evidence outside the selected context sample. The current failure is technically correct, but the user must infer whether the fix is increasing `--max-files`, increasing `--max-bytes`, enabling a category such as tests/db, or reducing scope. This creates avoidable friction after an expensive provider run.
|
|
10
|
+
|
|
11
|
+
The real observed case in `nika-erp` failed with `evidence-not-selected` for paths such as `.env.example`, `eslint.config.mjs`, and `app/test/page.tsx`. A larger budget later succeeded, but Quiver did not calculate or highlight a safe command that would likely recover the run.
|
|
12
|
+
|
|
13
|
+
## Objective
|
|
14
|
+
|
|
15
|
+
When provider evidence validation fails because cited evidence was not selected, Quiver must generate a safe, auditable recovery payload and a prominent next command. The recovery must help the user rerun with the right context budget or scope without weakening evidence validation or sending unsafe files.
|
|
16
|
+
|
|
17
|
+
## Scope
|
|
18
|
+
|
|
19
|
+
### Included
|
|
20
|
+
|
|
21
|
+
- Evidence recovery contract for `evidence-not-selected` failures.
|
|
22
|
+
- Secure path normalization and classification.
|
|
23
|
+
- Safety-first classification for missing evidence paths.
|
|
24
|
+
- Deterministic budget recommendation for `--max-files` and `--max-bytes`.
|
|
25
|
+
- Command recommendation that preserves relevant user flags.
|
|
26
|
+
- Human CLI output in English and Spanish.
|
|
27
|
+
- `--json` recovery payload.
|
|
28
|
+
- Validation manifest recovery details.
|
|
29
|
+
- Focused tests, docs, and release smoke with a sanitized nika-erp-style fixture.
|
|
30
|
+
|
|
31
|
+
### Excluded
|
|
32
|
+
|
|
33
|
+
- Auto-expanding context and retrying with a larger budget in the same run.
|
|
34
|
+
- Sending or recommending unsafe files such as `.env`, secrets, dependency folders, build outputs, dumps, caches, or binaries.
|
|
35
|
+
- Relaxing provider schema or evidence validation.
|
|
36
|
+
- Modifying product code in the analyzed repository.
|
|
37
|
+
- Generating specs automatically from project analysis.
|
|
38
|
+
- Rewriting the existing sampling engine beyond metadata needed for recovery.
|
|
39
|
+
|
|
40
|
+
## Requirements
|
|
41
|
+
|
|
42
|
+
1. On final `evidence-not-selected` failure, Quiver must classify every missing evidence path before recommending any fix.
|
|
43
|
+
2. Classification must be the single source of truth for recovery safety.
|
|
44
|
+
3. Quiver must never recommend increasing budget to include paths excluded for security.
|
|
45
|
+
4. Quiver must never read or send `.env`, secrets, `.git`, `node_modules`, `.next`, caches, dumps, dependency folders, or binaries.
|
|
46
|
+
5. `.env.example` and similar files must be treated as metadata/redacted only unless existing policy explicitly allows safe content.
|
|
47
|
+
6. Quiver must differentiate at least these causes:
|
|
48
|
+
- `budget_limited`
|
|
49
|
+
- `security_excluded`
|
|
50
|
+
- `generated_or_dependency`
|
|
51
|
+
- `metadata_only`
|
|
52
|
+
- `missing_file`
|
|
53
|
+
- `not_discovered`
|
|
54
|
+
- `outside_scope`
|
|
55
|
+
- `unknown`
|
|
56
|
+
7. Quiver must calculate recommended budgets from the current selected sample, safe missing evidence, and a safety margin.
|
|
57
|
+
8. Quiver must never recommend a budget lower than the one used by the failed command.
|
|
58
|
+
9. Quiver must enforce caps and suggest scope reduction when a safe recommendation exceeds caps.
|
|
59
|
+
10. Quiver must preserve relevant command flags such as `--deep`, `--provider`, `--model`, `--include-tests`, `--include-db`, `--include-source`, `--scope`, `--lang`, and `--strict`.
|
|
60
|
+
11. Quiver must not preserve transient or contradictory flags in the recommended command when they are not useful for recovery, such as `--json`, `--dry-run`, or obsolete review/apply flags.
|
|
61
|
+
12. Human output must show the recommended fix prominently before long details.
|
|
62
|
+
13. Human output must summarize missing evidence paths and truncate long lists.
|
|
63
|
+
14. Spanish output must be available through existing language selection.
|
|
64
|
+
15. `--json` must expose a stable optional `recovery` object without breaking existing consumers.
|
|
65
|
+
16. Validation manifests must record recovery classification, budget calculation inputs, generated command, and warnings.
|
|
66
|
+
17. If no safe recovery exists, Quiver must say so clearly and recommend inspection with a safe dry-run JSON command.
|
|
67
|
+
18. Recovery must be deterministic for the same validation issues, report, and CLI options.
|
|
68
|
+
|
|
69
|
+
## Budget Recommendation Contract
|
|
70
|
+
|
|
71
|
+
Recommended values are calculated only from classified safe evidence:
|
|
72
|
+
|
|
73
|
+
```text
|
|
74
|
+
safe_missing_bytes = sum(effective_prompt_bytes for safe_to_include missing evidence)
|
|
75
|
+
safety_margin_bytes = max(50000, ceil(safe_missing_bytes * 0.25))
|
|
76
|
+
recommended_max_bytes = round_up_to_50000(current_selected_bytes + safe_missing_bytes + safety_margin_bytes)
|
|
77
|
+
recommended_max_files = max(current_max_files, current_selected_files + safe_missing_file_count + 20)
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
The final values must never be lower than the original command values. If the recommendation exceeds configured caps, Quiver must not emit an inflated command; it must recommend reducing scope or enabling a more precise category.
|
|
81
|
+
|
|
82
|
+
## Recovery Output Shape
|
|
83
|
+
|
|
84
|
+
`--json` and manifests may include:
|
|
85
|
+
|
|
86
|
+
```json
|
|
87
|
+
{
|
|
88
|
+
"recovery": {
|
|
89
|
+
"schema_version": 1,
|
|
90
|
+
"available": true,
|
|
91
|
+
"reason": "evidence_not_selected",
|
|
92
|
+
"recommendation_type": "increase_budget",
|
|
93
|
+
"command": "npx --yes create-quiver@latest ai analyze-project --deep --max-files 120 --max-bytes 500000 --provider codex --model gpt-5.5",
|
|
94
|
+
"budget": {
|
|
95
|
+
"current_max_files": 80,
|
|
96
|
+
"current_max_bytes": 300000,
|
|
97
|
+
"recommended_max_files": 120,
|
|
98
|
+
"recommended_max_bytes": 500000
|
|
99
|
+
},
|
|
100
|
+
"evidence_summary": {
|
|
101
|
+
"safe_to_include": [],
|
|
102
|
+
"metadata_only": [],
|
|
103
|
+
"excluded": []
|
|
104
|
+
},
|
|
105
|
+
"warnings": []
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
The recovery object must be optional and additive.
|
|
111
|
+
|
|
112
|
+
## Slice Roadmap
|
|
113
|
+
|
|
114
|
+
| Slice | Title | Status | Dependencies | Parallel Guidance |
|
|
115
|
+
|---|---|---|---|---|
|
|
116
|
+
| slice-01-recovery-contract-security-classifier | Recovery Contract + Security Classifier | completed | none | sequential first |
|
|
117
|
+
| slice-02-budget-command-recommendation | Budget + Command Recommendation | completed | slice-01 | sequential after slice-01 |
|
|
118
|
+
| slice-03-cli-json-i18n-output | CLI + JSON + i18n Output | completed | slice-02 | sequential after slice-02 |
|
|
119
|
+
| slice-04-integration-fixtures-docs-release-smoke | Integration Fixtures + Docs + Release Smoke | completed | slice-03 | final; docs/tests can be parallel inside the slice |
|
|
120
|
+
|
|
121
|
+
## Production Guardrails
|
|
122
|
+
|
|
123
|
+
- Provider output remains untrusted until schema and evidence validation pass.
|
|
124
|
+
- Recovery is diagnostic only and must not weaken validation.
|
|
125
|
+
- Recovery must not silently expand budget in the same run.
|
|
126
|
+
- Recovery must not expose secret values or read unsafe content.
|
|
127
|
+
- Failure remains a failure when final provider output is invalid.
|
|
128
|
+
- Manifests must be audit-friendly but redacted.
|
|
129
|
+
|
|
130
|
+
## Validation Strategy
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js
|
|
134
|
+
node --test tests/lib/ai-analyze-project-validation.test.js
|
|
135
|
+
node --test tests/commands/ai-analyze-project-provider.test.js
|
|
136
|
+
node --test tests/lib/i18n-catalog.test.js
|
|
137
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
138
|
+
git diff --check
|
|
139
|
+
```
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Status - Quiver v57 Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
## Current State
|
|
4
|
+
|
|
5
|
+
- Status: Completed
|
|
6
|
+
- Active slice: none
|
|
7
|
+
- Branch: `feature/QUIVER-57-01-recovery-contract-security-classifier`
|
|
8
|
+
|
|
9
|
+
## Slice Status
|
|
10
|
+
|
|
11
|
+
| Slice | Status | Notes |
|
|
12
|
+
|---|---|---|
|
|
13
|
+
| slice-01-recovery-contract-security-classifier | completed | Defines recovery data contract, path safety, classification, and manifest-ready payload base. |
|
|
14
|
+
| slice-02-budget-command-recommendation | completed | Calculates safe budgets, caps, category flags, and one-line rerun commands from the slice-01 classification contract. |
|
|
15
|
+
| slice-03-cli-json-i18n-output | completed | Renders recovery guidance in CLI errors, validation manifests, and English/Spanish messages. |
|
|
16
|
+
| slice-04-integration-fixtures-docs-release-smoke | completed | Adds docs, JSON recovery coverage, troubleshooting guidance, and release evidence. |
|
|
17
|
+
|
|
18
|
+
## Open Risks
|
|
19
|
+
|
|
20
|
+
- No critical open risks. Live provider behavior should still be smoke-tested before npm release because external providers can drift.
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
## Title
|
|
2
|
+
|
|
3
|
+
Quiver v57 Evidence Budget Recovery UX
|
|
4
|
+
|
|
5
|
+
## Summary
|
|
6
|
+
|
|
7
|
+
- Adds safe recovery guidance for `ai analyze-project` evidence validation failures.
|
|
8
|
+
- Classifies missing evidence before recommending budget changes.
|
|
9
|
+
- Calculates safe `--max-files` and `--max-bytes` rerun recommendations from classified evidence.
|
|
10
|
+
- Adds prominent English/Spanish recovery output, JSON recovery errors, validation manifest recovery payloads, docs, and tests.
|
|
11
|
+
|
|
12
|
+
## PR Policy
|
|
13
|
+
|
|
14
|
+
- Type: feature.
|
|
15
|
+
- Base: `main`.
|
|
16
|
+
- Scope: Quiver v57 evidence-budget recovery UX.
|
|
17
|
+
- Policy note: this PR groups the full v57 recovery feature because the slices are sequentially dependent and were executed as one approved implementation batch. The PR remains revertable as one feature change.
|
|
18
|
+
- Merge: human merge required.
|
|
19
|
+
|
|
20
|
+
## Scope
|
|
21
|
+
|
|
22
|
+
Included:
|
|
23
|
+
|
|
24
|
+
- Recovery classification for `evidence-not-selected` issues.
|
|
25
|
+
- Safe handling of `.env`, `.env.example`, dependency folders, generated output, binaries, missing files, and paths outside the repo.
|
|
26
|
+
- Budget recommendation and command builder.
|
|
27
|
+
- Human CLI error guidance in English and Spanish.
|
|
28
|
+
- `--json` error payload with optional `recovery`.
|
|
29
|
+
- Validation manifest recovery payload.
|
|
30
|
+
- Public docs and troubleshooting guidance.
|
|
31
|
+
|
|
32
|
+
Excluded:
|
|
33
|
+
|
|
34
|
+
- Auto-expanding context and retrying with a larger budget in the same run.
|
|
35
|
+
- Relaxing provider schema or evidence validation.
|
|
36
|
+
- Reading or sending unsafe files.
|
|
37
|
+
- Product-code changes in analyzed repositories.
|
|
38
|
+
|
|
39
|
+
## Files
|
|
40
|
+
|
|
41
|
+
- `src/create-quiver/lib/ai/analyze-project-recovery.js`
|
|
42
|
+
- `src/create-quiver/commands/ai.js`
|
|
43
|
+
- `src/create-quiver/lib/ai/analyze-project-validation.js`
|
|
44
|
+
- `src/create-quiver/lib/i18n/messages/en.js`
|
|
45
|
+
- `src/create-quiver/lib/i18n/messages/es.js`
|
|
46
|
+
- `tests/lib/ai-analyze-project-recovery.test.js`
|
|
47
|
+
- `tests/commands/ai-analyze-project-provider.test.js`
|
|
48
|
+
- `docs/TROUBLESHOOTING.md`
|
|
49
|
+
- `docs/reference/commands.md`
|
|
50
|
+
- `docs/workflows/existing-project.md`
|
|
51
|
+
- `docs/workflows/existing-project-ai-quiver-setup.md`
|
|
52
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
53
|
+
|
|
54
|
+
## How to Test (DETAILED - REQUIRED)
|
|
55
|
+
|
|
56
|
+
### Required Environment
|
|
57
|
+
|
|
58
|
+
- Node.js compatible with the repo.
|
|
59
|
+
- npm dependencies installed.
|
|
60
|
+
- GitHub CLI only needed for PR creation, not runtime tests.
|
|
61
|
+
|
|
62
|
+
### Worktree Access
|
|
63
|
+
|
|
64
|
+
From the repository root:
|
|
65
|
+
|
|
66
|
+
```bash
|
|
67
|
+
git status --short --branch
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Expected branch:
|
|
71
|
+
|
|
72
|
+
```text
|
|
73
|
+
feature/QUIVER-57-01-recovery-contract-security-classifier
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### Run the Project
|
|
77
|
+
|
|
78
|
+
No dev server is required. This is a CLI/runtime validation change.
|
|
79
|
+
|
|
80
|
+
### Use Cases
|
|
81
|
+
|
|
82
|
+
1. Provider cites a test file outside the selected sample.
|
|
83
|
+
- Quiver fails validation.
|
|
84
|
+
- Quiver shows a recommended command that includes `--include-tests`.
|
|
85
|
+
- No docs are written.
|
|
86
|
+
|
|
87
|
+
2. Provider cites `.env.example`.
|
|
88
|
+
- Quiver treats it as metadata-only/redacted.
|
|
89
|
+
- Quiver does not recommend including its raw content.
|
|
90
|
+
|
|
91
|
+
3. Provider cites unsafe files.
|
|
92
|
+
- Quiver classifies them as excluded.
|
|
93
|
+
- Quiver does not recommend increasing budget for them.
|
|
94
|
+
|
|
95
|
+
4. `--json` is used on final evidence validation failure.
|
|
96
|
+
- Quiver prints a parseable JSON error payload with optional `recovery`.
|
|
97
|
+
- Exit behavior remains failure.
|
|
98
|
+
|
|
99
|
+
### Technical Verification
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/i18n-catalog.test.js
|
|
103
|
+
npm run docs:check
|
|
104
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
105
|
+
git diff --check
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
## Evidence
|
|
109
|
+
|
|
110
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/i18n-catalog.test.js`
|
|
111
|
+
- PASS `npm run docs:check`
|
|
112
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
113
|
+
- PASS `git diff --check`
|
|
114
|
+
|
|
115
|
+
## Rollback
|
|
116
|
+
|
|
117
|
+
Revert this PR. The feature is additive around failed `ai analyze-project` evidence validation. Existing validation remains strict, and runtime doc writes remain blocked when provider output is invalid.
|
|
118
|
+
|
|
119
|
+
## Risks / Notes
|
|
120
|
+
|
|
121
|
+
- Live provider behavior can still drift; run a smoke with a real provider before npm release.
|
|
122
|
+
- The recovery command is diagnostic guidance only. It does not auto-expand context in the same run.
|
|
123
|
+
- The validation manifest gains an optional `recovery` field; existing consumers should remain compatible.
|
|
124
|
+
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Implemented the recovery classification contract for final `evidence-not-selected` failures.
|
|
6
|
+
|
|
7
|
+
## Delivered
|
|
8
|
+
|
|
9
|
+
- Added `src/create-quiver/lib/ai/analyze-project-recovery.js`.
|
|
10
|
+
- Added deterministic evidence path normalization and classification helpers.
|
|
11
|
+
- Classified safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown evidence.
|
|
12
|
+
- Reused existing safety/path policies for env files, unsafe segments, file URLs, absolute paths, and traversal paths.
|
|
13
|
+
- Added focused unit tests for safe, metadata-only, unsafe, missing, binary, generated, traversal, and issue aggregation cases.
|
|
14
|
+
|
|
15
|
+
## Validation
|
|
16
|
+
|
|
17
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
18
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
19
|
+
|
|
20
|
+
## Notes
|
|
21
|
+
|
|
22
|
+
- This slice does not calculate budgets, render CLI output, or alter provider validation. Those remain assigned to later slices.
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Objective
|
|
4
|
+
|
|
5
|
+
Implement the recovery contract and secure evidence path classifier for final `evidence-not-selected` failures.
|
|
6
|
+
|
|
7
|
+
## Context
|
|
8
|
+
|
|
9
|
+
`ai analyze-project` can fail when the provider cites paths outside the selected sample. This slice must not change CLI output or budget recommendation yet. It creates the safe classification layer that later slices will consume.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- Add recovery data contract helpers.
|
|
14
|
+
- Normalize and validate evidence paths as repo-relative paths.
|
|
15
|
+
- Classify missing evidence paths without reading unsafe content.
|
|
16
|
+
- Reuse or mirror existing analyze-project exclusion rules.
|
|
17
|
+
- Detect safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown paths.
|
|
18
|
+
- Produce deterministic, manifest-ready classification output.
|
|
19
|
+
- Add focused unit tests.
|
|
20
|
+
|
|
21
|
+
## Acceptance Criteria
|
|
22
|
+
|
|
23
|
+
- Unsafe paths are never marked safe to include.
|
|
24
|
+
- `.env`, `.git`, `node_modules`, `.next`, caches, dumps, and binaries are classified as excluded.
|
|
25
|
+
- `.env.example` is classified as metadata-only/redacted, not content-safe.
|
|
26
|
+
- Missing paths are classified without throwing.
|
|
27
|
+
- Absolute paths, traversal paths, and paths outside the repo are rejected or classified as outside-scope.
|
|
28
|
+
- Classification output is deterministic.
|
|
29
|
+
- Unit tests cover safe, metadata-only, unsafe, missing, binary, generated, and traversal cases.
|
|
30
|
+
|
|
31
|
+
## Expected Files
|
|
32
|
+
|
|
33
|
+
- `src/create-quiver/lib/ai/analyze-project-recovery.js`
|
|
34
|
+
- `tests/lib/ai-analyze-project-recovery.test.js`
|
|
35
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
36
|
+
|
|
37
|
+
## Validation
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js
|
|
41
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
42
|
+
git diff --check
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Completion Checklist
|
|
46
|
+
|
|
47
|
+
- Recovery module exists and exports classifier helpers.
|
|
48
|
+
- Unsafe paths are covered by tests.
|
|
49
|
+
- Metadata-only env templates are covered by tests.
|
|
50
|
+
- Missing, generated, dependency, binary, traversal, and budget-omitted paths are covered by tests.
|
|
51
|
+
- Slice closure brief records validation evidence.
|
|
52
|
+
|
|
53
|
+
## Constraints
|
|
54
|
+
|
|
55
|
+
- Do not alter provider schema validation.
|
|
56
|
+
- Do not alter CLI rendering in this slice.
|
|
57
|
+
- Do not calculate final recommended budgets in this slice.
|
|
58
|
+
- Do not read unsafe files to classify them.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# PR - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
- Adds a recovery classification module for `ai analyze-project` evidence validation failures.
|
|
6
|
+
- Ensures unsafe paths are excluded before later slices calculate recovery budgets.
|
|
7
|
+
- Adds tests for metadata-only env templates, unsafe paths, binary files, missing files, and deterministic issue aggregation.
|
|
8
|
+
|
|
9
|
+
## Validation
|
|
10
|
+
|
|
11
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
12
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-01-recovery-contract-security-classifier",
|
|
3
|
+
"ticket": "QUIVER-57-01",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Recovery Contract + Security Classifier",
|
|
6
|
+
"objective": "Implement safe evidence recovery classification for analyze-project evidence-not-selected failures.",
|
|
7
|
+
"description": "Defines the deterministic, security-first classifier used to decide whether evidence paths from provider validation failures are safe to recommend, metadata-only, missing, generated, or excluded.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v57-recovery-contract-security-classifier",
|
|
12
|
+
"branch_name": "feature/QUIVER-57-01-recovery-contract-security-classifier"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
16
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
17
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
18
|
+
],
|
|
19
|
+
"allowed_write_paths": [
|
|
20
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
21
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
22
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
23
|
+
],
|
|
24
|
+
"depends_on": [],
|
|
25
|
+
"parallel_safe": "never",
|
|
26
|
+
"parallel_safe_reason": "This slice defines the security and classification contract consumed by every later slice.",
|
|
27
|
+
"must": [
|
|
28
|
+
"Normalize evidence paths as repo-relative paths.",
|
|
29
|
+
"Never read unsafe file contents for classification.",
|
|
30
|
+
"Classify safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown evidence.",
|
|
31
|
+
"Keep output deterministic and manifest-ready.",
|
|
32
|
+
"Add focused unit tests."
|
|
33
|
+
],
|
|
34
|
+
"not_included": [
|
|
35
|
+
"Budget recommendation.",
|
|
36
|
+
"Recommended command builder.",
|
|
37
|
+
"CLI output changes.",
|
|
38
|
+
"JSON output integration.",
|
|
39
|
+
"i18n rendering."
|
|
40
|
+
],
|
|
41
|
+
"acceptance": [
|
|
42
|
+
"Unsafe paths are never marked safe to include.",
|
|
43
|
+
".env.example is metadata-only/redacted.",
|
|
44
|
+
"Missing and traversal paths do not throw.",
|
|
45
|
+
"Generated/dependency paths are excluded.",
|
|
46
|
+
"Binary files are excluded.",
|
|
47
|
+
"Classification output is deterministic."
|
|
48
|
+
],
|
|
49
|
+
"tests": [
|
|
50
|
+
"node --test tests/lib/ai-analyze-project-recovery.test.js",
|
|
51
|
+
"node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict",
|
|
52
|
+
"git diff --check"
|
|
53
|
+
],
|
|
54
|
+
"estimated_hours": 4,
|
|
55
|
+
"actual_hours": 4,
|
|
56
|
+
"status": "completed",
|
|
57
|
+
"blocked_reason": null,
|
|
58
|
+
"started_at": "2026-06-18T00:00:00.000Z",
|
|
59
|
+
"completed_at": "2026-06-18T00:00:00.000Z"
|
|
60
|
+
}
|
|
@@ -0,0 +1,54 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-02 Budget + Command Recommendation
|
|
2
|
+
|
|
3
|
+
## Objective
|
|
4
|
+
|
|
5
|
+
Calculate safe budget recommendations and a rerun command from the slice-01 recovery classification output.
|
|
6
|
+
|
|
7
|
+
## Context
|
|
8
|
+
|
|
9
|
+
This slice consumes classification data only. It must not decide path safety or read raw evidence paths directly.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- Calculate `recommended_max_files` and `recommended_max_bytes`.
|
|
14
|
+
- Preserve original budgets and never lower them.
|
|
15
|
+
- Apply caps and return `scope_required` when recommendations exceed caps.
|
|
16
|
+
- Prefer enabling category flags when appropriate.
|
|
17
|
+
- Build a one-line portable command preserving relevant flags.
|
|
18
|
+
- Add unit tests for budget math and command preservation.
|
|
19
|
+
|
|
20
|
+
## Acceptance Criteria
|
|
21
|
+
|
|
22
|
+
- Recommendations only use safe-to-include evidence.
|
|
23
|
+
- Unsafe and metadata-only evidence do not increase budget.
|
|
24
|
+
- Existing budget values are never reduced.
|
|
25
|
+
- Caps prevent runaway recommendations.
|
|
26
|
+
- Recommended command preserves `--deep`, provider/model, scope/category/lang/strict flags.
|
|
27
|
+
- Transient flags such as `--json` and `--dry-run` are not preserved.
|
|
28
|
+
|
|
29
|
+
## Expected Files
|
|
30
|
+
|
|
31
|
+
- `src/create-quiver/lib/ai/analyze-project-recovery.js`
|
|
32
|
+
- `tests/lib/ai-analyze-project-recovery.test.js`
|
|
33
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
34
|
+
|
|
35
|
+
## Validation
|
|
36
|
+
|
|
37
|
+
```bash
|
|
38
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js
|
|
39
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
40
|
+
git diff --check
|
|
41
|
+
```
|
|
42
|
+
|
|
43
|
+
## Completion Checklist
|
|
44
|
+
|
|
45
|
+
- Budget formula is implemented from classification output only.
|
|
46
|
+
- Caps are enforced and tested.
|
|
47
|
+
- Command builder preserves relevant flags and drops transient flags.
|
|
48
|
+
- Unsafe and metadata-only evidence do not increase budgets.
|
|
49
|
+
- Slice closure brief records validation evidence.
|
|
50
|
+
|
|
51
|
+
## Constraints
|
|
52
|
+
|
|
53
|
+
- Do not alter CLI rendering in this slice.
|
|
54
|
+
- Do not recalculate security.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# PR - slice-02 Budget + Command Recommendation
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
- Adds budget calculation for safe missing evidence.
|
|
6
|
+
- Adds recovery caps and `scope_required` fallback.
|
|
7
|
+
- Adds one-line command builder that preserves relevant flags and drops transient flags.
|
|
8
|
+
- Keeps unsafe and metadata-only evidence out of budget expansion.
|
|
9
|
+
|
|
10
|
+
## Validation
|
|
11
|
+
|
|
12
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-02-budget-command-recommendation",
|
|
3
|
+
"ticket": "QUIVER-57-02",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Budget + Command Recommendation",
|
|
6
|
+
"objective": "Generate safe rerun budget and command recommendations from recovery classification.",
|
|
7
|
+
"description": "Adds safe recovery budget calculation, caps, category flag hints, and a rerun command builder based only on classified evidence.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v57-budget-command-recommendation",
|
|
12
|
+
"branch_name": "feature/QUIVER-57-02-v57-budget-command-recommendation"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
16
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
17
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
18
|
+
],
|
|
19
|
+
"allowed_write_paths": [
|
|
20
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
21
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
22
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
23
|
+
],
|
|
24
|
+
"depends_on": ["slice-01-recovery-contract-security-classifier"],
|
|
25
|
+
"parallel_safe": "never",
|
|
26
|
+
"parallel_safe_reason": "Consumes the finalized recovery classification contract.",
|
|
27
|
+
"must": [
|
|
28
|
+
"Calculate recommended max files and max bytes from recovery classification output only.",
|
|
29
|
+
"Never recommend budgets lower than the user's current effective budgets.",
|
|
30
|
+
"Apply caps so recovery cannot suggest runaway context expansion.",
|
|
31
|
+
"Preserve relevant analyze-project flags in the suggested command.",
|
|
32
|
+
"Drop transient or unsafe flags from the suggested command.",
|
|
33
|
+
"Ensure unsafe, generated, dependency, and metadata-only evidence does not increase recommended budgets."
|
|
34
|
+
],
|
|
35
|
+
"not_included": [
|
|
36
|
+
"CLI rendering changes.",
|
|
37
|
+
"Security classification recalculation.",
|
|
38
|
+
"Automatic retry with expanded budgets.",
|
|
39
|
+
"Provider schema changes.",
|
|
40
|
+
"Relaxing evidence validation."
|
|
41
|
+
],
|
|
42
|
+
"acceptance": [
|
|
43
|
+
"Recommendations are calculated only from safe evidence paths.",
|
|
44
|
+
"Unsafe and metadata-only evidence never increases the recommended budget.",
|
|
45
|
+
"Existing user budgets are not reduced.",
|
|
46
|
+
"Caps prevent unbounded max-files or max-bytes suggestions.",
|
|
47
|
+
"The suggested command preserves deep, provider, model, scope, category, language, and strict flags when applicable.",
|
|
48
|
+
"The suggested command omits transient output and execution flags."
|
|
49
|
+
],
|
|
50
|
+
"actual_hours": 4,
|
|
51
|
+
"tests": [
|
|
52
|
+
"node --test tests/lib/ai-analyze-project-recovery.test.js",
|
|
53
|
+
"node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict",
|
|
54
|
+
"git diff --check"
|
|
55
|
+
],
|
|
56
|
+
"estimated_hours": 4,
|
|
57
|
+
"status": "completed",
|
|
58
|
+
"started_at": "2026-06-18T00:00:00.000Z",
|
|
59
|
+
"completed_at": "2026-06-18T00:00:00.000Z"
|
|
60
|
+
}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-03 CLI + JSON + i18n Output
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Integrated recovery guidance into final analyze-project evidence validation failures.
|
|
6
|
+
|
|
7
|
+
## Validation
|
|
8
|
+
|
|
9
|
+
- PASS `node --test tests/commands/ai-analyze-project-provider.test.js`
|
|
10
|
+
- PASS `node --test tests/lib/i18n-catalog.test.js`
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-03 CLI + JSON + i18n Output
|
|
2
|
+
|
|
3
|
+
## Objective
|
|
4
|
+
|
|
5
|
+
Render the recovery payload in human CLI output, JSON output, validation manifests, and English/Spanish messages.
|
|
6
|
+
|
|
7
|
+
## Context
|
|
8
|
+
|
|
9
|
+
This slice consumes the recovery payload from slice 02. It must not recalculate path safety or budget recommendations.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- Integrate recovery payload into final `evidence-not-selected` failure handling.
|
|
14
|
+
- Print prominent recommended fix before long issue details.
|
|
15
|
+
- Add optional `recovery` object to `--json`.
|
|
16
|
+
- Persist recovery payload in validation manifest.
|
|
17
|
+
- Add English and Spanish messages.
|
|
18
|
+
- Add focused command and i18n tests.
|
|
19
|
+
|
|
20
|
+
## Acceptance Criteria
|
|
21
|
+
|
|
22
|
+
- Human output highlights the recommended command or safe fallback.
|
|
23
|
+
- Long missing evidence lists are grouped and truncated.
|
|
24
|
+
- `--json` remains valid and backward-compatible.
|
|
25
|
+
- Spanish output renders recovery guidance when `--lang es` is active.
|
|
26
|
+
- Exit code remains non-zero for invalid final provider output.
|
|
27
|
+
|
|
28
|
+
## Expected Files
|
|
29
|
+
|
|
30
|
+
- `src/create-quiver/commands/ai.js`
|
|
31
|
+
- `src/create-quiver/lib/ai/analyze-project-validation.js`
|
|
32
|
+
- `src/create-quiver/lib/i18n/messages/en.js`
|
|
33
|
+
- `src/create-quiver/lib/i18n/messages/es.js`
|
|
34
|
+
- `tests/commands/ai-analyze-project-provider.test.js`
|
|
35
|
+
- `tests/lib/i18n-catalog.test.js`
|
|
36
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
37
|
+
|
|
38
|
+
## Validation
|
|
39
|
+
|
|
40
|
+
```bash
|
|
41
|
+
node --test tests/commands/ai-analyze-project-provider.test.js
|
|
42
|
+
node --test tests/lib/i18n-catalog.test.js
|
|
43
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
44
|
+
git diff --check
|
|
45
|
+
```
|
|
46
|
+
|
|
47
|
+
## Completion Checklist
|
|
48
|
+
|
|
49
|
+
- CLI output renders recovery guidance prominently.
|
|
50
|
+
- JSON output includes optional recovery payload.
|
|
51
|
+
- Validation manifest persists recovery payload.
|
|
52
|
+
- English and Spanish copy are covered by tests.
|
|
53
|
+
- Slice closure brief records validation evidence.
|
|
54
|
+
|
|
55
|
+
## Constraints
|
|
56
|
+
|
|
57
|
+
- Do not weaken validation.
|
|
58
|
+
- Do not auto-apply recovery.
|
package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/pr.md
ADDED
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
# PR - slice-03 CLI + JSON + i18n Output
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
- Adds prominent recovery guidance to final `evidence-not-selected` failures.
|
|
6
|
+
- Adds optional recovery payload to validation manifests and thrown errors.
|
|
7
|
+
- Adds English and Spanish recovery copy.
|
|
8
|
+
- Covers Spanish recovery command output in provider command tests.
|
|
9
|
+
|
|
10
|
+
## Validation
|
|
11
|
+
|
|
12
|
+
- PASS `node --test tests/commands/ai-analyze-project-provider.test.js`
|
|
13
|
+
- PASS `node --test tests/lib/i18n-catalog.test.js`
|