create-quiver 0.17.5 → 0.17.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/docs/TROUBLESHOOTING.md +52 -0
- package/docs/reference/commands.md +3 -0
- package/docs/workflows/existing-project-ai-quiver-setup.md +0 -1
- package/docs/workflows/existing-project.md +1 -0
- package/package.json +1 -1
- package/specs/quiver-v43-cli-i18n-audit-release-readiness/command-language-mode-matrix.json +1 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/EVIDENCE_REPORT.md +27 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/EXECUTION_PLAN.md +41 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/SPEC.md +139 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/STATUS.md +20 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/pr.md +124 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/CLOSURE_BRIEF.md +22 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/pr.md +12 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-01-recovery-contract-security-classifier/slice.json +60 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/CLOSURE_BRIEF.md +9 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/EXECUTION_BRIEF.md +54 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/pr.md +12 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-02-budget-command-recommendation/slice.json +60 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/CLOSURE_BRIEF.md +10 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/EXECUTION_BRIEF.md +58 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/pr.md +13 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-03-cli-json-i18n-output/slice.json +68 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/CLOSURE_BRIEF.md +14 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/EXECUTION_BRIEF.md +55 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/pr.md +14 -0
- package/specs/quiver-v57-evidence-budget-recovery-ux/slices/slice-04-integration-fixtures-docs-release-smoke/slice.json +65 -0
- package/src/create-quiver/commands/ai.js +96 -1
- package/src/create-quiver/lib/ai/analyze-project-recovery.js +736 -0
- package/src/create-quiver/lib/ai/analyze-project-validation.js +1 -0
- package/src/create-quiver/lib/i18n/messages/en.js +6 -0
- package/src/create-quiver/lib/i18n/messages/es.js +6 -0
package/docs/TROUBLESHOOTING.md
CHANGED
|
@@ -131,6 +131,58 @@ npx --yes create-quiver@latest ai analyze-project apply --run <run-id>
|
|
|
131
131
|
|
|
132
132
|
`--review` sigue disponible como modo avanzado si querés editar la propuesta JSON manualmente antes de escribir.
|
|
133
133
|
|
|
134
|
+
## `ai analyze-project` falla con `evidence-not-selected`
|
|
135
|
+
|
|
136
|
+
### Síntoma
|
|
137
|
+
|
|
138
|
+
El comando:
|
|
139
|
+
|
|
140
|
+
```bash
|
|
141
|
+
npx --yes create-quiver@latest ai analyze-project --deep --provider codex --model gpt-5.5
|
|
142
|
+
```
|
|
143
|
+
|
|
144
|
+
falla con un mensaje como:
|
|
145
|
+
|
|
146
|
+
```text
|
|
147
|
+
provider analysis JSON failed evidence validation
|
|
148
|
+
evidence-not-selected
|
|
149
|
+
```
|
|
150
|
+
|
|
151
|
+
### Explicación
|
|
152
|
+
|
|
153
|
+
El provider citó una ruta que no estaba dentro de la muestra enviada. Quiver mantiene esa validación porque evita que el modelo afirme cosas usando archivos que no leyó.
|
|
154
|
+
|
|
155
|
+
En versiones actuales, Quiver clasifica esas rutas antes de sugerir un fix:
|
|
156
|
+
|
|
157
|
+
- rutas seguras omitidas por presupuesto pueden recomendar `--max-files` o `--max-bytes` mayores;
|
|
158
|
+
- tests omitidos pueden recomendar `--include-tests`;
|
|
159
|
+
- DB/schema omitidos pueden recomendar `--include-db`;
|
|
160
|
+
- `.env`, secretos, `.git`, `.quiver`, dependencias, caches, dumps, binarios y outputs generados no se recomiendan;
|
|
161
|
+
- `.env.example` se trata como metadata/redacted, no como contenido seguro completo.
|
|
162
|
+
|
|
163
|
+
### Qué hacer
|
|
164
|
+
|
|
165
|
+
Usá el comando exacto que Quiver imprime debajo de `Recommended fix` o `Solucion recomendada`. Por ejemplo:
|
|
166
|
+
|
|
167
|
+
```bash
|
|
168
|
+
npx --yes create-quiver@latest ai analyze-project --deep --max-files 120 --max-bytes 500000 --provider codex --model gpt-5.5
|
|
169
|
+
```
|
|
170
|
+
|
|
171
|
+
Si Quiver no puede recomendar un aumento seguro porque se exceden los caps o la evidencia no debe enviarse, inspeccioná la muestra y acotá el scope:
|
|
172
|
+
|
|
173
|
+
```bash
|
|
174
|
+
npx --yes create-quiver@latest ai analyze-project --deep --dry-run --json
|
|
175
|
+
npx --yes create-quiver@latest ai analyze-project --deep --scope apps/web --provider codex --model gpt-5.5
|
|
176
|
+
```
|
|
177
|
+
|
|
178
|
+
La auditoría queda en:
|
|
179
|
+
|
|
180
|
+
```text
|
|
181
|
+
.quiver/runs/run-.../validation/analyze-project-validation.json
|
|
182
|
+
```
|
|
183
|
+
|
|
184
|
+
Ese manifest incluye `recovery`, con clasificación de rutas, presupuesto calculado, comando sugerido y warnings.
|
|
185
|
+
|
|
134
186
|
## `ai analyze-project` no completa `docs/CONTEXTO.md` ni crea `docs/ARCHITECTURE.md`
|
|
135
187
|
|
|
136
188
|
### Síntoma
|
|
@@ -226,6 +226,7 @@ Garantías del flujo con proveedor:
|
|
|
226
226
|
- Si el proveedor devuelve JSON con drift seguro como `notes`, `claim` usado como `name` faltante, o `confidence` en paths no permitidos, Quiver lo repara, registra el repair y revalida.
|
|
227
227
|
- Si el JSON sigue inválido pero el error es retryable, Quiver hace 1 retry por defecto, con cap duro de 2 retries.
|
|
228
228
|
- Si el JSON final es inválido, Quiver falla sin escribir docs finales y deja manifests de validación/retry/repair en `.quiver/runs`.
|
|
229
|
+
- Si el proveedor cita evidencia fuera de la muestra seleccionada, Quiver clasifica esas rutas, no recomienda incluir secretos ni binarios, y muestra una `Recommended fix` / `Solucion recomendada` con un comando seguro cuando corresponde.
|
|
229
230
|
- El modo provider normal aplica docs finales por defecto después de validar la propuesta, crear proposal artifacts, snapshot, write manifest y validación post-write.
|
|
230
231
|
- `--apply-docs` en TTY muestra opciones explicadas para aplicar, ver diff, guardar propuesta, editar propuesta o cancelar.
|
|
231
232
|
- `--apply-docs --yes` aplica en automatización después de validar propuesta, paths permitidos, hashes, snapshot y post-write.
|
|
@@ -260,6 +261,7 @@ Evidencia esperada:
|
|
|
260
261
|
- `package-lock.json` aparece en `detected.lockfiles` y en omitidos con `sampling:lockfile-metadata`, no en contenido enviado al provider.
|
|
261
262
|
- El modo provider escribe artifacts auditados en `.quiver/runs`, redactados y con tamaño controlado, y aplica docs finales validados por defecto.
|
|
262
263
|
- Si el provider devuelve drift no reparable, el comando falla con path/tipo/causa probable y próximo comando seguro, sin escribir docs finales.
|
|
264
|
+
- Si el error es `evidence-not-selected`, el validation manifest incluye un bloque `recovery` con clasificación de rutas, presupuesto calculado, warnings y comando recomendado. Por ejemplo, si el provider citó tests omitidos, Quiver puede sugerir `--include-tests`; si faltó presupuesto seguro, puede sugerir `--max-files` y `--max-bytes` mayores. Si la evidencia es `.env`, dependencias, caches, dumps o binarios, no la recomienda.
|
|
263
265
|
- `--save-proposal` debe crear `.quiver/runs/<run-id>/proposal/*` sin modificar docs finales.
|
|
264
266
|
- `--apply-docs` debe mostrar selector explicado en TTY o requerir `--yes` en automatización.
|
|
265
267
|
- `apply --run <run-id>` debe aplicar la propuesta guardada sin volver a ejecutar proveedor.
|
|
@@ -283,6 +285,7 @@ Rollback de release:
|
|
|
283
285
|
| `npx --yes create-quiver@latest ai analyze-project --deep --apply-docs --yes --provider codex --model gpt-5.5` | Aplica docs validados en modo automatizado, con snapshots y validación post-write. |
|
|
284
286
|
| `npx --yes create-quiver@latest ai analyze-project apply --run <run-id>` | Aplica una propuesta guardada sin ejecutar proveedor ni requerir `--provider` o `--model`. |
|
|
285
287
|
| `npx --yes create-quiver@latest ai analyze-project --scope apps/web --max-files 80 --max-bytes 300000 --include-tests --dry-run` | Acota el análisis por workspace/ruta y presupuesto de muestra. |
|
|
288
|
+
| `npx --yes create-quiver@latest ai analyze-project --deep --max-files 120 --max-bytes 500000 --provider codex --model gpt-5.5` | Ejemplo de rerun cuando Quiver recomienda ampliar una muestra segura después de `evidence-not-selected`. Usá el comando exacto que imprime el error. |
|
|
286
289
|
| `npx --yes create-quiver@latest ai prepare-context --dry-run` | Previsualiza actualizaciones documentales de contexto para IA. |
|
|
287
290
|
| `npx --yes create-quiver@latest ai prepare-context` | Escribe actualizaciones documentales de contexto para IA. |
|
|
288
291
|
| `npx --yes create-quiver@latest ai prepare-context --with-planner --dry-run` | Previsualiza una propuesta docs-only generada por el planner sin escribir archivos. |
|
|
@@ -98,6 +98,7 @@ Qué hace:
|
|
|
98
98
|
- muestra loader en TTY y progreso lineal en no-TTY;
|
|
99
99
|
- si hay drift seguro de schema, como `notes` extra, `claim` usado como `name` faltante o `confidence` donde no está permitido, lo repara de forma auditada;
|
|
100
100
|
- si el error es retryable, hace un retry acotado con feedback compacto;
|
|
101
|
+
- si el provider cita evidencia fuera de la muestra, clasifica esas rutas y muestra una solución recomendada con `--include-tests`, `--include-db`, `--max-files` o `--max-bytes` solo cuando sea seguro;
|
|
101
102
|
- si la propuesta final no es válida, falla sin escribir docs finales.
|
|
102
103
|
|
|
103
104
|
Si preferís separar generación y aplicación:
|
package/package.json
CHANGED
|
@@ -610,6 +610,7 @@
|
|
|
610
610
|
{ "command": "ai analyze-project --deep --review", "profile": "ai-analyze-project", "critical": "pass" },
|
|
611
611
|
{ "command": "ai analyze-project --deep --provider codex --model gpt-5.5", "profile": "ai-analyze-project", "critical": "pass" },
|
|
612
612
|
{ "command": "ai analyze-project --deep --save-proposal --provider codex --model gpt-5.5", "profile": "ai-analyze-project", "critical": "pass" },
|
|
613
|
+
{ "command": "ai analyze-project --deep --max-files 120 --max-bytes 500000 --provider codex --model gpt-5.5", "profile": "ai-analyze-project", "critical": "pass" },
|
|
613
614
|
{ "command": "ai analyze-project --deep --apply-docs --provider codex --model gpt-5.5", "profile": "ai-analyze-project", "critical": "pass" },
|
|
614
615
|
{ "command": "ai analyze-project --deep --apply-docs --yes --provider codex --model gpt-5.5", "profile": "ai-analyze-project", "critical": "pass" },
|
|
615
616
|
{ "command": "ai analyze-project apply --run <run-id>", "profile": "ai-analyze-project", "critical": "pass" },
|
|
@@ -0,0 +1,27 @@
|
|
|
1
|
+
# Evidence Report - Quiver v57 Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
## Validation Log
|
|
4
|
+
|
|
5
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
6
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
7
|
+
- Completed slice: `slice-01-recovery-contract-security-classifier`
|
|
8
|
+
- Completed slice: `slice-02-budget-command-recommendation`
|
|
9
|
+
- PASS `node --test tests/commands/ai-analyze-project-provider.test.js`
|
|
10
|
+
- PASS `node --test tests/lib/i18n-catalog.test.js`
|
|
11
|
+
- Completed slice: `slice-03-cli-json-i18n-output`
|
|
12
|
+
- PASS `npm run docs:check`
|
|
13
|
+
- Completed slice: `slice-04-integration-fixtures-docs-release-smoke`
|
|
14
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/i18n-catalog.test.js`
|
|
15
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
16
|
+
- PASS `git diff --check`
|
|
17
|
+
|
|
18
|
+
## Required Evidence Before Completion
|
|
19
|
+
|
|
20
|
+
- Focused recovery unit tests. Completed for slice 01.
|
|
21
|
+
- Budget and command recovery tests. Completed for slice 02.
|
|
22
|
+
- Validation manifest compatibility tests. Completed for slice 03.
|
|
23
|
+
- CLI output tests for English and Spanish. Completed for slice 03.
|
|
24
|
+
- JSON recovery payload tests. Completed for slice 04 through `runAnalyzeProject --json` error payload coverage.
|
|
25
|
+
- Sanitized nika-erp-style smoke. Covered by provider command fixture that reproduces omitted test evidence and metadata-only `.env.example` without private repo content.
|
|
26
|
+
- Spec validation. Completed.
|
|
27
|
+
- `git diff --check`. Completed.
|
|
@@ -0,0 +1,41 @@
|
|
|
1
|
+
# Execution Plan - Quiver v57 Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
## Order
|
|
4
|
+
|
|
5
|
+
1. `slice-01-recovery-contract-security-classifier`
|
|
6
|
+
2. `slice-02-budget-command-recommendation`
|
|
7
|
+
3. `slice-03-cli-json-i18n-output`
|
|
8
|
+
4. `slice-04-integration-fixtures-docs-release-smoke`
|
|
9
|
+
|
|
10
|
+
## Parallelism
|
|
11
|
+
|
|
12
|
+
- Slice 01 is sequential and blocks everything else.
|
|
13
|
+
- Slice 02 is sequential after Slice 01 because it consumes the classification contract.
|
|
14
|
+
- Slice 03 is sequential after Slice 02 because it renders the recovery payload and must not recalculate safety or budget.
|
|
15
|
+
- Slice 04 is final. Inside Slice 04, docs, release notes, and integration fixture work can be done in parallel once Slice 03 is complete.
|
|
16
|
+
|
|
17
|
+
## PR Strategy
|
|
18
|
+
|
|
19
|
+
- PR 1: Slice 01.
|
|
20
|
+
- PR 2: Slice 02.
|
|
21
|
+
- PR 3: Slice 03.
|
|
22
|
+
- PR 4: Slice 04.
|
|
23
|
+
|
|
24
|
+
## Validation Gates
|
|
25
|
+
|
|
26
|
+
Each PR must run its focused tests plus:
|
|
27
|
+
|
|
28
|
+
```bash
|
|
29
|
+
git diff --check
|
|
30
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
## Blocking Rule
|
|
34
|
+
|
|
35
|
+
Do not start a later slice unless the previous slice has:
|
|
36
|
+
|
|
37
|
+
- stable data contracts;
|
|
38
|
+
- focused tests;
|
|
39
|
+
- updated handoff status;
|
|
40
|
+
- no unresolved safety ambiguity.
|
|
41
|
+
|
|
@@ -0,0 +1,139 @@
|
|
|
1
|
+
# Quiver v57 - Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
**Date:** 2026-06-18
|
|
4
|
+
**Status:** In Progress
|
|
5
|
+
**Source:** User-approved requirement, production review, stricter second-pass review, and execution plan for recoverable `ai analyze-project` evidence validation failures.
|
|
6
|
+
|
|
7
|
+
## Problem
|
|
8
|
+
|
|
9
|
+
`ai analyze-project --deep --provider codex --model gpt-5.5` can fail safely when the provider cites evidence outside the selected context sample. The current failure is technically correct, but the user must infer whether the fix is increasing `--max-files`, increasing `--max-bytes`, enabling a category such as tests/db, or reducing scope. This creates avoidable friction after an expensive provider run.
|
|
10
|
+
|
|
11
|
+
The real observed case in `nika-erp` failed with `evidence-not-selected` for paths such as `.env.example`, `eslint.config.mjs`, and `app/test/page.tsx`. A larger budget later succeeded, but Quiver did not calculate or highlight a safe command that would likely recover the run.
|
|
12
|
+
|
|
13
|
+
## Objective
|
|
14
|
+
|
|
15
|
+
When provider evidence validation fails because cited evidence was not selected, Quiver must generate a safe, auditable recovery payload and a prominent next command. The recovery must help the user rerun with the right context budget or scope without weakening evidence validation or sending unsafe files.
|
|
16
|
+
|
|
17
|
+
## Scope
|
|
18
|
+
|
|
19
|
+
### Included
|
|
20
|
+
|
|
21
|
+
- Evidence recovery contract for `evidence-not-selected` failures.
|
|
22
|
+
- Secure path normalization and classification.
|
|
23
|
+
- Safety-first classification for missing evidence paths.
|
|
24
|
+
- Deterministic budget recommendation for `--max-files` and `--max-bytes`.
|
|
25
|
+
- Command recommendation that preserves relevant user flags.
|
|
26
|
+
- Human CLI output in English and Spanish.
|
|
27
|
+
- `--json` recovery payload.
|
|
28
|
+
- Validation manifest recovery details.
|
|
29
|
+
- Focused tests, docs, and release smoke with a sanitized nika-erp-style fixture.
|
|
30
|
+
|
|
31
|
+
### Excluded
|
|
32
|
+
|
|
33
|
+
- Auto-expanding context and retrying with a larger budget in the same run.
|
|
34
|
+
- Sending or recommending unsafe files such as `.env`, secrets, dependency folders, build outputs, dumps, caches, or binaries.
|
|
35
|
+
- Relaxing provider schema or evidence validation.
|
|
36
|
+
- Modifying product code in the analyzed repository.
|
|
37
|
+
- Generating specs automatically from project analysis.
|
|
38
|
+
- Rewriting the existing sampling engine beyond metadata needed for recovery.
|
|
39
|
+
|
|
40
|
+
## Requirements
|
|
41
|
+
|
|
42
|
+
1. On final `evidence-not-selected` failure, Quiver must classify every missing evidence path before recommending any fix.
|
|
43
|
+
2. Classification must be the single source of truth for recovery safety.
|
|
44
|
+
3. Quiver must never recommend increasing budget to include paths excluded for security.
|
|
45
|
+
4. Quiver must never read or send `.env`, secrets, `.git`, `node_modules`, `.next`, caches, dumps, dependency folders, or binaries.
|
|
46
|
+
5. `.env.example` and similar files must be treated as metadata/redacted only unless existing policy explicitly allows safe content.
|
|
47
|
+
6. Quiver must differentiate at least these causes:
|
|
48
|
+
- `budget_limited`
|
|
49
|
+
- `security_excluded`
|
|
50
|
+
- `generated_or_dependency`
|
|
51
|
+
- `metadata_only`
|
|
52
|
+
- `missing_file`
|
|
53
|
+
- `not_discovered`
|
|
54
|
+
- `outside_scope`
|
|
55
|
+
- `unknown`
|
|
56
|
+
7. Quiver must calculate recommended budgets from the current selected sample, safe missing evidence, and a safety margin.
|
|
57
|
+
8. Quiver must never recommend a budget lower than the one used by the failed command.
|
|
58
|
+
9. Quiver must enforce caps and suggest scope reduction when a safe recommendation exceeds caps.
|
|
59
|
+
10. Quiver must preserve relevant command flags such as `--deep`, `--provider`, `--model`, `--include-tests`, `--include-db`, `--include-source`, `--scope`, `--lang`, and `--strict`.
|
|
60
|
+
11. Quiver must not preserve transient or contradictory flags in the recommended command when they are not useful for recovery, such as `--json`, `--dry-run`, or obsolete review/apply flags.
|
|
61
|
+
12. Human output must show the recommended fix prominently before long details.
|
|
62
|
+
13. Human output must summarize missing evidence paths and truncate long lists.
|
|
63
|
+
14. Spanish output must be available through existing language selection.
|
|
64
|
+
15. `--json` must expose a stable optional `recovery` object without breaking existing consumers.
|
|
65
|
+
16. Validation manifests must record recovery classification, budget calculation inputs, generated command, and warnings.
|
|
66
|
+
17. If no safe recovery exists, Quiver must say so clearly and recommend inspection with a safe dry-run JSON command.
|
|
67
|
+
18. Recovery must be deterministic for the same validation issues, report, and CLI options.
|
|
68
|
+
|
|
69
|
+
## Budget Recommendation Contract
|
|
70
|
+
|
|
71
|
+
Recommended values are calculated only from classified safe evidence:
|
|
72
|
+
|
|
73
|
+
```text
|
|
74
|
+
safe_missing_bytes = sum(effective_prompt_bytes for safe_to_include missing evidence)
|
|
75
|
+
safety_margin_bytes = max(50000, ceil(safe_missing_bytes * 0.25))
|
|
76
|
+
recommended_max_bytes = round_up_to_50000(current_selected_bytes + safe_missing_bytes + safety_margin_bytes)
|
|
77
|
+
recommended_max_files = max(current_max_files, current_selected_files + safe_missing_file_count + 20)
|
|
78
|
+
```
|
|
79
|
+
|
|
80
|
+
The final values must never be lower than the original command values. If the recommendation exceeds configured caps, Quiver must not emit an inflated command; it must recommend reducing scope or enabling a more precise category.
|
|
81
|
+
|
|
82
|
+
## Recovery Output Shape
|
|
83
|
+
|
|
84
|
+
`--json` and manifests may include:
|
|
85
|
+
|
|
86
|
+
```json
|
|
87
|
+
{
|
|
88
|
+
"recovery": {
|
|
89
|
+
"schema_version": 1,
|
|
90
|
+
"available": true,
|
|
91
|
+
"reason": "evidence_not_selected",
|
|
92
|
+
"recommendation_type": "increase_budget",
|
|
93
|
+
"command": "npx --yes create-quiver@latest ai analyze-project --deep --max-files 120 --max-bytes 500000 --provider codex --model gpt-5.5",
|
|
94
|
+
"budget": {
|
|
95
|
+
"current_max_files": 80,
|
|
96
|
+
"current_max_bytes": 300000,
|
|
97
|
+
"recommended_max_files": 120,
|
|
98
|
+
"recommended_max_bytes": 500000
|
|
99
|
+
},
|
|
100
|
+
"evidence_summary": {
|
|
101
|
+
"safe_to_include": [],
|
|
102
|
+
"metadata_only": [],
|
|
103
|
+
"excluded": []
|
|
104
|
+
},
|
|
105
|
+
"warnings": []
|
|
106
|
+
}
|
|
107
|
+
}
|
|
108
|
+
```
|
|
109
|
+
|
|
110
|
+
The recovery object must be optional and additive.
|
|
111
|
+
|
|
112
|
+
## Slice Roadmap
|
|
113
|
+
|
|
114
|
+
| Slice | Title | Status | Dependencies | Parallel Guidance |
|
|
115
|
+
|---|---|---|---|---|
|
|
116
|
+
| slice-01-recovery-contract-security-classifier | Recovery Contract + Security Classifier | completed | none | sequential first |
|
|
117
|
+
| slice-02-budget-command-recommendation | Budget + Command Recommendation | completed | slice-01 | sequential after slice-01 |
|
|
118
|
+
| slice-03-cli-json-i18n-output | CLI + JSON + i18n Output | completed | slice-02 | sequential after slice-02 |
|
|
119
|
+
| slice-04-integration-fixtures-docs-release-smoke | Integration Fixtures + Docs + Release Smoke | completed | slice-03 | final; docs/tests can be parallel inside the slice |
|
|
120
|
+
|
|
121
|
+
## Production Guardrails
|
|
122
|
+
|
|
123
|
+
- Provider output remains untrusted until schema and evidence validation pass.
|
|
124
|
+
- Recovery is diagnostic only and must not weaken validation.
|
|
125
|
+
- Recovery must not silently expand budget in the same run.
|
|
126
|
+
- Recovery must not expose secret values or read unsafe content.
|
|
127
|
+
- Failure remains a failure when final provider output is invalid.
|
|
128
|
+
- Manifests must be audit-friendly but redacted.
|
|
129
|
+
|
|
130
|
+
## Validation Strategy
|
|
131
|
+
|
|
132
|
+
```bash
|
|
133
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js
|
|
134
|
+
node --test tests/lib/ai-analyze-project-validation.test.js
|
|
135
|
+
node --test tests/commands/ai-analyze-project-provider.test.js
|
|
136
|
+
node --test tests/lib/i18n-catalog.test.js
|
|
137
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
138
|
+
git diff --check
|
|
139
|
+
```
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
# Status - Quiver v57 Evidence Budget Recovery UX
|
|
2
|
+
|
|
3
|
+
## Current State
|
|
4
|
+
|
|
5
|
+
- Status: Completed
|
|
6
|
+
- Active slice: none
|
|
7
|
+
- Branch: `feature/QUIVER-57-01-recovery-contract-security-classifier`
|
|
8
|
+
|
|
9
|
+
## Slice Status
|
|
10
|
+
|
|
11
|
+
| Slice | Status | Notes |
|
|
12
|
+
|---|---|---|
|
|
13
|
+
| slice-01-recovery-contract-security-classifier | completed | Defines recovery data contract, path safety, classification, and manifest-ready payload base. |
|
|
14
|
+
| slice-02-budget-command-recommendation | completed | Calculates safe budgets, caps, category flags, and one-line rerun commands from the slice-01 classification contract. |
|
|
15
|
+
| slice-03-cli-json-i18n-output | completed | Renders recovery guidance in CLI errors, validation manifests, and English/Spanish messages. |
|
|
16
|
+
| slice-04-integration-fixtures-docs-release-smoke | completed | Adds docs, JSON recovery coverage, troubleshooting guidance, and release evidence. |
|
|
17
|
+
|
|
18
|
+
## Open Risks
|
|
19
|
+
|
|
20
|
+
- No critical open risks. Live provider behavior should still be smoke-tested before npm release because external providers can drift.
|
|
@@ -0,0 +1,124 @@
|
|
|
1
|
+
## Title
|
|
2
|
+
|
|
3
|
+
Quiver v57 Evidence Budget Recovery UX
|
|
4
|
+
|
|
5
|
+
## Summary
|
|
6
|
+
|
|
7
|
+
- Adds safe recovery guidance for `ai analyze-project` evidence validation failures.
|
|
8
|
+
- Classifies missing evidence before recommending budget changes.
|
|
9
|
+
- Calculates safe `--max-files` and `--max-bytes` rerun recommendations from classified evidence.
|
|
10
|
+
- Adds prominent English/Spanish recovery output, JSON recovery errors, validation manifest recovery payloads, docs, and tests.
|
|
11
|
+
|
|
12
|
+
## PR Policy
|
|
13
|
+
|
|
14
|
+
- Type: feature.
|
|
15
|
+
- Base: `main`.
|
|
16
|
+
- Scope: Quiver v57 evidence-budget recovery UX.
|
|
17
|
+
- Policy note: this PR groups the full v57 recovery feature because the slices are sequentially dependent and were executed as one approved implementation batch. The PR remains revertable as one feature change.
|
|
18
|
+
- Merge: human merge required.
|
|
19
|
+
|
|
20
|
+
## Scope
|
|
21
|
+
|
|
22
|
+
Included:
|
|
23
|
+
|
|
24
|
+
- Recovery classification for `evidence-not-selected` issues.
|
|
25
|
+
- Safe handling of `.env`, `.env.example`, dependency folders, generated output, binaries, missing files, and paths outside the repo.
|
|
26
|
+
- Budget recommendation and command builder.
|
|
27
|
+
- Human CLI error guidance in English and Spanish.
|
|
28
|
+
- `--json` error payload with optional `recovery`.
|
|
29
|
+
- Validation manifest recovery payload.
|
|
30
|
+
- Public docs and troubleshooting guidance.
|
|
31
|
+
|
|
32
|
+
Excluded:
|
|
33
|
+
|
|
34
|
+
- Auto-expanding context and retrying with a larger budget in the same run.
|
|
35
|
+
- Relaxing provider schema or evidence validation.
|
|
36
|
+
- Reading or sending unsafe files.
|
|
37
|
+
- Product-code changes in analyzed repositories.
|
|
38
|
+
|
|
39
|
+
## Files
|
|
40
|
+
|
|
41
|
+
- `src/create-quiver/lib/ai/analyze-project-recovery.js`
|
|
42
|
+
- `src/create-quiver/commands/ai.js`
|
|
43
|
+
- `src/create-quiver/lib/ai/analyze-project-validation.js`
|
|
44
|
+
- `src/create-quiver/lib/i18n/messages/en.js`
|
|
45
|
+
- `src/create-quiver/lib/i18n/messages/es.js`
|
|
46
|
+
- `tests/lib/ai-analyze-project-recovery.test.js`
|
|
47
|
+
- `tests/commands/ai-analyze-project-provider.test.js`
|
|
48
|
+
- `docs/TROUBLESHOOTING.md`
|
|
49
|
+
- `docs/reference/commands.md`
|
|
50
|
+
- `docs/workflows/existing-project.md`
|
|
51
|
+
- `docs/workflows/existing-project-ai-quiver-setup.md`
|
|
52
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
53
|
+
|
|
54
|
+
## How to Test (DETAILED - REQUIRED)
|
|
55
|
+
|
|
56
|
+
### Required Environment
|
|
57
|
+
|
|
58
|
+
- Node.js compatible with the repo.
|
|
59
|
+
- npm dependencies installed.
|
|
60
|
+
- GitHub CLI only needed for PR creation, not runtime tests.
|
|
61
|
+
|
|
62
|
+
### Worktree Access
|
|
63
|
+
|
|
64
|
+
From the repository root:
|
|
65
|
+
|
|
66
|
+
```bash
|
|
67
|
+
git status --short --branch
|
|
68
|
+
```
|
|
69
|
+
|
|
70
|
+
Expected branch:
|
|
71
|
+
|
|
72
|
+
```text
|
|
73
|
+
feature/QUIVER-57-01-recovery-contract-security-classifier
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
### Run the Project
|
|
77
|
+
|
|
78
|
+
No dev server is required. This is a CLI/runtime validation change.
|
|
79
|
+
|
|
80
|
+
### Use Cases
|
|
81
|
+
|
|
82
|
+
1. Provider cites a test file outside the selected sample.
|
|
83
|
+
- Quiver fails validation.
|
|
84
|
+
- Quiver shows a recommended command that includes `--include-tests`.
|
|
85
|
+
- No docs are written.
|
|
86
|
+
|
|
87
|
+
2. Provider cites `.env.example`.
|
|
88
|
+
- Quiver treats it as metadata-only/redacted.
|
|
89
|
+
- Quiver does not recommend including its raw content.
|
|
90
|
+
|
|
91
|
+
3. Provider cites unsafe files.
|
|
92
|
+
- Quiver classifies them as excluded.
|
|
93
|
+
- Quiver does not recommend increasing budget for them.
|
|
94
|
+
|
|
95
|
+
4. `--json` is used on final evidence validation failure.
|
|
96
|
+
- Quiver prints a parseable JSON error payload with optional `recovery`.
|
|
97
|
+
- Exit behavior remains failure.
|
|
98
|
+
|
|
99
|
+
### Technical Verification
|
|
100
|
+
|
|
101
|
+
```bash
|
|
102
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/i18n-catalog.test.js
|
|
103
|
+
npm run docs:check
|
|
104
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
105
|
+
git diff --check
|
|
106
|
+
```
|
|
107
|
+
|
|
108
|
+
## Evidence
|
|
109
|
+
|
|
110
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js tests/commands/ai-analyze-project-provider.test.js tests/lib/ai-analyze-project-validation.test.js tests/lib/i18n-catalog.test.js`
|
|
111
|
+
- PASS `npm run docs:check`
|
|
112
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
113
|
+
- PASS `git diff --check`
|
|
114
|
+
|
|
115
|
+
## Rollback
|
|
116
|
+
|
|
117
|
+
Revert this PR. The feature is additive around failed `ai analyze-project` evidence validation. Existing validation remains strict, and runtime doc writes remain blocked when provider output is invalid.
|
|
118
|
+
|
|
119
|
+
## Risks / Notes
|
|
120
|
+
|
|
121
|
+
- Live provider behavior can still drift; run a smoke with a real provider before npm release.
|
|
122
|
+
- The recovery command is diagnostic guidance only. It does not auto-expand context in the same run.
|
|
123
|
+
- The validation manifest gains an optional `recovery` field; existing consumers should remain compatible.
|
|
124
|
+
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
# CLOSURE_BRIEF - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
Implemented the recovery classification contract for final `evidence-not-selected` failures.
|
|
6
|
+
|
|
7
|
+
## Delivered
|
|
8
|
+
|
|
9
|
+
- Added `src/create-quiver/lib/ai/analyze-project-recovery.js`.
|
|
10
|
+
- Added deterministic evidence path normalization and classification helpers.
|
|
11
|
+
- Classified safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown evidence.
|
|
12
|
+
- Reused existing safety/path policies for env files, unsafe segments, file URLs, absolute paths, and traversal paths.
|
|
13
|
+
- Added focused unit tests for safe, metadata-only, unsafe, missing, binary, generated, traversal, and issue aggregation cases.
|
|
14
|
+
|
|
15
|
+
## Validation
|
|
16
|
+
|
|
17
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
18
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
19
|
+
|
|
20
|
+
## Notes
|
|
21
|
+
|
|
22
|
+
- This slice does not calculate budgets, render CLI output, or alter provider validation. Those remain assigned to later slices.
|
|
@@ -0,0 +1,58 @@
|
|
|
1
|
+
# EXECUTION_BRIEF - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Objective
|
|
4
|
+
|
|
5
|
+
Implement the recovery contract and secure evidence path classifier for final `evidence-not-selected` failures.
|
|
6
|
+
|
|
7
|
+
## Context
|
|
8
|
+
|
|
9
|
+
`ai analyze-project` can fail when the provider cites paths outside the selected sample. This slice must not change CLI output or budget recommendation yet. It creates the safe classification layer that later slices will consume.
|
|
10
|
+
|
|
11
|
+
## Scope
|
|
12
|
+
|
|
13
|
+
- Add recovery data contract helpers.
|
|
14
|
+
- Normalize and validate evidence paths as repo-relative paths.
|
|
15
|
+
- Classify missing evidence paths without reading unsafe content.
|
|
16
|
+
- Reuse or mirror existing analyze-project exclusion rules.
|
|
17
|
+
- Detect safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown paths.
|
|
18
|
+
- Produce deterministic, manifest-ready classification output.
|
|
19
|
+
- Add focused unit tests.
|
|
20
|
+
|
|
21
|
+
## Acceptance Criteria
|
|
22
|
+
|
|
23
|
+
- Unsafe paths are never marked safe to include.
|
|
24
|
+
- `.env`, `.git`, `node_modules`, `.next`, caches, dumps, and binaries are classified as excluded.
|
|
25
|
+
- `.env.example` is classified as metadata-only/redacted, not content-safe.
|
|
26
|
+
- Missing paths are classified without throwing.
|
|
27
|
+
- Absolute paths, traversal paths, and paths outside the repo are rejected or classified as outside-scope.
|
|
28
|
+
- Classification output is deterministic.
|
|
29
|
+
- Unit tests cover safe, metadata-only, unsafe, missing, binary, generated, and traversal cases.
|
|
30
|
+
|
|
31
|
+
## Expected Files
|
|
32
|
+
|
|
33
|
+
- `src/create-quiver/lib/ai/analyze-project-recovery.js`
|
|
34
|
+
- `tests/lib/ai-analyze-project-recovery.test.js`
|
|
35
|
+
- `specs/quiver-v57-evidence-budget-recovery-ux/**`
|
|
36
|
+
|
|
37
|
+
## Validation
|
|
38
|
+
|
|
39
|
+
```bash
|
|
40
|
+
node --test tests/lib/ai-analyze-project-recovery.test.js
|
|
41
|
+
node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict
|
|
42
|
+
git diff --check
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Completion Checklist
|
|
46
|
+
|
|
47
|
+
- Recovery module exists and exports classifier helpers.
|
|
48
|
+
- Unsafe paths are covered by tests.
|
|
49
|
+
- Metadata-only env templates are covered by tests.
|
|
50
|
+
- Missing, generated, dependency, binary, traversal, and budget-omitted paths are covered by tests.
|
|
51
|
+
- Slice closure brief records validation evidence.
|
|
52
|
+
|
|
53
|
+
## Constraints
|
|
54
|
+
|
|
55
|
+
- Do not alter provider schema validation.
|
|
56
|
+
- Do not alter CLI rendering in this slice.
|
|
57
|
+
- Do not calculate final recommended budgets in this slice.
|
|
58
|
+
- Do not read unsafe files to classify them.
|
|
@@ -0,0 +1,12 @@
|
|
|
1
|
+
# PR - slice-01 Recovery Contract + Security Classifier
|
|
2
|
+
|
|
3
|
+
## Summary
|
|
4
|
+
|
|
5
|
+
- Adds a recovery classification module for `ai analyze-project` evidence validation failures.
|
|
6
|
+
- Ensures unsafe paths are excluded before later slices calculate recovery budgets.
|
|
7
|
+
- Adds tests for metadata-only env templates, unsafe paths, binary files, missing files, and deterministic issue aggregation.
|
|
8
|
+
|
|
9
|
+
## Validation
|
|
10
|
+
|
|
11
|
+
- PASS `node --test tests/lib/ai-analyze-project-recovery.test.js`
|
|
12
|
+
- PASS `node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict`
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
{
|
|
2
|
+
"slice_id": "slice-01-recovery-contract-security-classifier",
|
|
3
|
+
"ticket": "QUIVER-57-01",
|
|
4
|
+
"type": "feature",
|
|
5
|
+
"title": "Recovery Contract + Security Classifier",
|
|
6
|
+
"objective": "Implement safe evidence recovery classification for analyze-project evidence-not-selected failures.",
|
|
7
|
+
"description": "Defines the deterministic, security-first classifier used to decide whether evidence paths from provider validation failures are safe to recommend, metadata-only, missing, generated, or excluded.",
|
|
8
|
+
"git": {
|
|
9
|
+
"branch_type": "feature",
|
|
10
|
+
"base_branch": "main",
|
|
11
|
+
"branch_slug": "v57-recovery-contract-security-classifier",
|
|
12
|
+
"branch_name": "feature/QUIVER-57-01-recovery-contract-security-classifier"
|
|
13
|
+
},
|
|
14
|
+
"files": [
|
|
15
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
16
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
17
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
18
|
+
],
|
|
19
|
+
"allowed_write_paths": [
|
|
20
|
+
"src/create-quiver/lib/ai/analyze-project-recovery.js",
|
|
21
|
+
"tests/lib/ai-analyze-project-recovery.test.js",
|
|
22
|
+
"specs/quiver-v57-evidence-budget-recovery-ux/**"
|
|
23
|
+
],
|
|
24
|
+
"depends_on": [],
|
|
25
|
+
"parallel_safe": "never",
|
|
26
|
+
"parallel_safe_reason": "This slice defines the security and classification contract consumed by every later slice.",
|
|
27
|
+
"must": [
|
|
28
|
+
"Normalize evidence paths as repo-relative paths.",
|
|
29
|
+
"Never read unsafe file contents for classification.",
|
|
30
|
+
"Classify safe, metadata-only, security-excluded, generated/dependency, missing, outside-scope, and unknown evidence.",
|
|
31
|
+
"Keep output deterministic and manifest-ready.",
|
|
32
|
+
"Add focused unit tests."
|
|
33
|
+
],
|
|
34
|
+
"not_included": [
|
|
35
|
+
"Budget recommendation.",
|
|
36
|
+
"Recommended command builder.",
|
|
37
|
+
"CLI output changes.",
|
|
38
|
+
"JSON output integration.",
|
|
39
|
+
"i18n rendering."
|
|
40
|
+
],
|
|
41
|
+
"acceptance": [
|
|
42
|
+
"Unsafe paths are never marked safe to include.",
|
|
43
|
+
".env.example is metadata-only/redacted.",
|
|
44
|
+
"Missing and traversal paths do not throw.",
|
|
45
|
+
"Generated/dependency paths are excluded.",
|
|
46
|
+
"Binary files are excluded.",
|
|
47
|
+
"Classification output is deterministic."
|
|
48
|
+
],
|
|
49
|
+
"tests": [
|
|
50
|
+
"node --test tests/lib/ai-analyze-project-recovery.test.js",
|
|
51
|
+
"node bin/create-quiver.js spec validate specs/quiver-v57-evidence-budget-recovery-ux --strict",
|
|
52
|
+
"git diff --check"
|
|
53
|
+
],
|
|
54
|
+
"estimated_hours": 4,
|
|
55
|
+
"actual_hours": 4,
|
|
56
|
+
"status": "completed",
|
|
57
|
+
"blocked_reason": null,
|
|
58
|
+
"started_at": "2026-06-18T00:00:00.000Z",
|
|
59
|
+
"completed_at": "2026-06-18T00:00:00.000Z"
|
|
60
|
+
}
|