create-sdd-project 0.16.10 → 0.17.0

package/lib/meta.js

@@ -0,0 +1,291 @@
+'use strict';
+
+/**
+ * SDD DevFlow provenance tracking — v0.17.0+
+ *
+ * The `.sdd-meta.json` file stores content-addressable hashes of files the
+ * tool considers "canonically tool-owned" (template agents + AGENTS.md in
+ * v0.17.0). The upgrade path uses these hashes to answer the question
+ * "has the user edited this file since the last time the tool wrote it?"
+ * precisely, without comparing against the new template's adapted output
+ * (which drifts across versions and causes false-positive preserve
+ * warnings on cross-version upgrades — the Codex P1 finding from the
+ * v0.16.10 cross-model review).
+ *
+ * Core invariant (Codex M1 from plan v1.0 review): a hash in this file
+ * represents "the last time the tool wrote this file, the content hashed
+ * to X". Hashes are ONLY written/updated when the tool actually wrote
+ * canonical output to a file in the current run (replaced, new, or
+ * --force-template paths). Preserved files leave their hash entry
+ * untouched — otherwise the user's customized content would be hashed and
+ * silently overwritten on the next upgrade.
+ *
+ * File format (schemaVersion: 1):
+ *   {
+ *     "schemaVersion": 1,
+ *     "hashes": {
+ *       ".claude/agents/backend-planner.md": "sha256:abc...",
+ *       "AGENTS.md": "sha256:def...",
+ *       ...
+ *     }
+ *   }
+ *
+ * Path keys are POSIX-normalized (forward slashes) on ALL platforms so
+ * lookups work consistently on Windows where path.join would otherwise
+ * produce backslashes (Gemini M2 fix).
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+const { createHash } = require('node:crypto');
+
+const { FRONTEND_AGENTS, BACKEND_AGENTS, TEMPLATE_AGENTS } = require('./config');
+
+const META_FILE = '.sdd-meta.json';
+const CURRENT_SCHEMA_VERSION = 1;
+
+/**
+ * Normalize text for content-addressable hashing.
+ *
+ * v0.17.0: only strip CR / CRLF line endings (Windows git core.autocrlf
+ * compatibility). Do NOT strip trailing whitespace per line — that would
+ * destroy markdown hard-breaks (two trailing spaces render as <br>) and
+ * silently wipe user customizations that only touched whitespace
+ * (Gemini M2 fix).
+ *
+ * Trade-off: editors configured to "trim trailing whitespace on save"
+ * (e.g. VSCode files.trimTrailingWhitespace=true) will produce a hash
+ * mismatch even without semantic edits. This is a conservative false
+ * positive — the upgrade preserves the file and the user can re-run
+ * with --force-template to accept the new template content. The
+ * alternative (silent wipe of markdown hard-breaks) is strictly worse.
+ */
+function normalizeForCompare(text) {
+  return text.replace(/\r\n/g, '\n').replace(/\r/g, '\n');
+}
+
+/**
+ * Compute the content-addressable hash of a string.
+ *
+ * Returns 'sha256:<hex>'. The prefix is mandatory so v0.17.x can
+ * introduce additional algorithms (e.g. 'blake3:...') without breaking
+ * old readers — equality comparison on the full string handles upgrades
+ * naturally.
+ */
+function computeHash(content) {
+  const digest = createHash('sha256').update(normalizeForCompare(content), 'utf8').digest('hex');
+  return `sha256:${digest}`;
+}
+
+/**
+ * Compute the hash of a file on disk, or null if it doesn't exist.
+ * Reads as UTF-8 (all tracked files are text).
+ */
+function hashFileOnDisk(absPath) {
+  if (!fs.existsSync(absPath)) return null;
+  try {
+    return computeHash(fs.readFileSync(absPath, 'utf8'));
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * Normalize a platform-relative path to POSIX form for use as a hash map
+ * key. On Windows this converts backslashes to forward slashes; on POSIX
+ * it's a no-op.
+ */
+function toPosix(relativePath) {
+  return relativePath.split(path.sep).join('/');
+}
+
+/**
+ * Read and validate .sdd-meta.json. Returns null on ANY read/parse/shape
+ * failure so callers can fall back to v0.16.10 content-compare behavior.
+ * Never throws.
+ *
+ * Returns { schemaVersion, hashes } on success.
+ */
+function readMeta(dest) {
+  const p = path.join(dest, META_FILE);
+  if (!fs.existsSync(p)) return null;
+
+  let raw;
+  try {
+    raw = fs.readFileSync(p, 'utf8');
+  } catch (e) {
+    console.warn(`    ⚠ .sdd-meta.json unreadable (${e.code || e.message}). Falling back to content compare.`);
+    return null;
+  }
+
+  let parsed;
+  try {
+    parsed = JSON.parse(raw);
+  } catch (e) {
+    console.warn(`    ⚠ .sdd-meta.json is not valid JSON (${e.message}). Falling back to content compare.`);
+    return null;
+  }
+
+  if (typeof parsed !== 'object' || parsed === null || Array.isArray(parsed)) {
+    console.warn(`    ⚠ .sdd-meta.json root is not an object. Falling back.`);
+    return null;
+  }
+
+  // Schema version: absent → assume v1 (forward-compat with writers that
+  // might omit the field). Greater than current → log a warning and fall
+  // back (don't try to interpret future schemas).
+  const schemaVersion = parsed.schemaVersion ?? 1;
+  if (typeof schemaVersion !== 'number' || schemaVersion < 1) {
+    console.warn(`    ⚠ .sdd-meta.json has invalid schemaVersion ${schemaVersion}. Falling back.`);
+    return null;
+  }
+  if (schemaVersion > CURRENT_SCHEMA_VERSION) {
+    console.warn(
+      `    ⚠ .sdd-meta.json schemaVersion ${schemaVersion} is newer than supported ${CURRENT_SCHEMA_VERSION}. ` +
+      `Falling back to content compare. Upgrade the sdd-devflow CLI to a newer version.`
+    );
+    return null;
+  }
+
+  const hashes = parsed.hashes;
+  if (typeof hashes !== 'object' || hashes === null || Array.isArray(hashes)) {
+    console.warn(`    ⚠ .sdd-meta.json hashes field is not an object. Falling back.`);
+    return null;
+  }
+
+  // Shallow-validate each entry: key is a string, value matches the
+  // sha256:<hex> shape. Malformed entries are dropped silently (they'll
+  // be recomputed on the next upgrade).
+  const cleaned = {};
+  const HASH_RE = /^sha256:[0-9a-f]{64}$/;
+  for (const [k, v] of Object.entries(hashes)) {
+    if (typeof k !== 'string' || typeof v !== 'string') continue;
+    if (!HASH_RE.test(v)) continue;
+    // Normalize keys to POSIX in case an older writer produced
+    // backslashed paths on Windows.
+    cleaned[k.split('\\').join('/')] = v;
+  }
+
+  return { schemaVersion, hashes: cleaned };
+}
+
+/**
+ * Write .sdd-meta.json with the given hashes map. Non-fatal on failure —
+ * logs a warning but does NOT throw. The next upgrade will recompute and
+ * try again.
+ */
+function writeMeta(dest, hashes) {
+  const p = path.join(dest, META_FILE);
+  const payload = {
+    schemaVersion: CURRENT_SCHEMA_VERSION,
+    hashes,
+  };
+  try {
+    fs.writeFileSync(p, JSON.stringify(payload, null, 2) + '\n', 'utf8');
+  } catch (e) {
+    console.warn(
+      `    ⚠ Failed to write .sdd-meta.json: ${e.code || e.message}. ` +
+      `Next upgrade will fall back to content compare.`
+    );
+  }
+}
+
+/**
+ * Compute the full set of POSIX paths that SHOULD have a hash entry for
+ * the given (aiTools, projectType) combination. Used for two purposes:
+ *
+ * 1. Pruning: remove hash entries for files that are expected-absent
+ *    (e.g., single-stack project removed frontend agents) — but NOT for
+ *    files the user temporarily deleted manually (those get recreated
+ *    on the next upgrade, so their hash should persist).
+ *
+ * 2. Install-time hashing: iterate this set, compute each file's hash
+ *    if the file exists on disk.
+ *
+ * v0.17.0 scope: template agents (.claude/agents/*, .gemini/agents/*)
+ * + AGENTS.md. SKILL.md / ticket-template.md / documentation-standards.mdc
+ * are tracked with wholesale-recopy + stack-adaptations on every upgrade
+ * (v0.16.10 behavior); they are NOT in this set.
+ */
+function expectedSmartDiffTrackedPaths(aiTools, projectType) {
+  const paths = new Set();
+
+  const toolDirs = [];
+  if (aiTools !== 'gemini') toolDirs.push('.claude');
+  if (aiTools !== 'claude') toolDirs.push('.gemini');
+
+  const agents = TEMPLATE_AGENTS.filter((a) => {
+    if (projectType === 'backend' && FRONTEND_AGENTS.includes(a)) return false;
+    if (projectType === 'frontend' && BACKEND_AGENTS.includes(a)) return false;
+    return true;
+  });
+
+  for (const dir of toolDirs) {
+    for (const agent of agents) {
+      paths.add(`${dir}/agents/${agent}`);
+    }
+  }
+
+  paths.add('AGENTS.md');
+
+  return paths;
+}
+
+/**
+ * Remove hash entries from `hashes` that are NOT in the expected set
+ * for the current (aiTools, projectType). Returns a new object.
+ *
+ * This does NOT prune based on on-disk presence — a user who temporarily
+ * deletes an agent file keeps its hash so the next upgrade can recreate
+ * the file from the template and restore the hash map cleanly
+ * (Gemini M3 fix).
+ */
+function pruneExpectedAbsent(hashes, aiTools, projectType) {
+  const expected = expectedSmartDiffTrackedPaths(aiTools, projectType);
+  const pruned = {};
+  for (const [k, v] of Object.entries(hashes)) {
+    if (expected.has(k)) pruned[k] = v;
+  }
+  return pruned;
+}
+
+/**
+ * Compute install-time hashes for a newly-populated project. Walks the
+ * expected set and hashes any file that exists on disk, EXCLUDING any
+ * path that's in `excludeSet` (e.g., `--init` encountered a pre-existing
+ * file and skipped it — the user owns that content, we must NOT mark it
+ * as tool-canonical or the next upgrade would overwrite user content.
+ * Codex round 2 P1 fix).
+ *
+ * @param {string} dest - Project root
+ * @param {string} aiTools - 'claude' | 'gemini' | 'both'
+ * @param {string} projectType - 'backend' | 'frontend' | 'fullstack'
+ * @param {Set<string>|Iterable<string>|null} excludeSet - POSIX paths to exclude. Null → no exclusion.
+ */
+function computeInstallHashes(dest, aiTools, projectType, excludeSet = null) {
+  const excluded = excludeSet ? new Set(excludeSet) : null;
+  const hashes = {};
+  for (const posixPath of expectedSmartDiffTrackedPaths(aiTools, projectType)) {
+    if (excluded && excluded.has(posixPath)) continue;
+    const absPath = path.join(dest, ...posixPath.split('/'));
+    const hash = hashFileOnDisk(absPath);
+    if (hash !== null) {
+      hashes[posixPath] = hash;
+    }
+  }
+  return hashes;
+}
+
+module.exports = {
+  META_FILE,
+  CURRENT_SCHEMA_VERSION,
+  computeHash,
+  hashFileOnDisk,
+  toPosix,
+  normalizeForCompare,
+  readMeta,
+  writeMeta,
+  expectedSmartDiffTrackedPaths,
+  pruneExpectedAbsent,
+  computeInstallHashes,
+};

package/lib/stack-adaptations.js

@@ -0,0 +1,335 @@
+'use strict';
+
+/**
+ * SDD DevFlow stack-specific adaptations — shared module (v0.17.0+).
+ *
+ * Extracted from lib/init-generator.js `adaptCopiedFiles` in v0.17.0 so
+ * the upgrade path can re-apply the same transformations after a
+ * hash-based smart-diff replacement. Previously init-generator.js ran
+ * these adaptations on install but upgrade-generator.js did not, so an
+ * init'd project upgrading would lose its stack customizations — the
+ * cross-path drift discovered during v0.16.10 implementation.
+ *
+ * Public API:
+ *
+ *   applyStackAdaptations(dest, scan, config, allowlist = null)
+ *     → walks the filesystem, applies adaptation rules to each file in
+ *       the candidate set, respects the allowlist (upgrade path uses
+ *       this to avoid touching preserved user-edited files). Returns the
+ *       list of POSIX relative paths that were touched.
+ *
+ *   applyStackAdaptationsToContent(content, posixRelativePath, scan, config)
+ *     → pure, in-memory variant. Returns the adapted content for a
+ *       single file. Used by upgrade-generator.js's FALLBACK path
+ *       (when .sdd-meta.json is missing) to construct the "what init
+ *       would have written" comparison target. This is critical for
+ *       pre-v0.17.0 --init projects on their first v0.17.0 upgrade
+ *       (Gemini M1 fix from plan v1.0 review).
+ *
+ * Idempotency invariant: every rule's source pattern MUST NOT appear in
+ * its own replacement value. The current rules satisfy this because they
+ * replace literal template strings like "Prisma ORM, and PostgreSQL"
+ * with "Mongoose, and MongoDB" — the source no longer appears after one
+ * pass. Verified by smoke scenario 56 (run every rule twice, assert
+ * second application is a no-op).
+ *
+ * Ordering: some rules run in phases. Phase 1 ("Zod data schemas" →
+ * "validation schemas") MUST run before phase 2 ("validation schemas in
+ * `shared/src/schemas/`" → "validation schemas") because phase 2's
+ * source depends on phase 1's replacement having happened. The rule
+ * arrays preserve this ordering; callers must apply them in sequence
+ * per file.
+ */
+
+const fs = require('node:fs');
+const path = require('node:path');
+
+const { toPosix } = require('./meta');
+
+/**
+ * Compute the ordered list of [from, to] replacement rules for a given
+ * (file, scan, config). Rules are pure data — no filesystem access.
+ *
+ * Returns null if this file has no adaptations for the given project
+ * state (e.g., a Zod project's backend-developer.md needs no Zod
+ * substitutions).
+ *
+ * The rules here mirror the imperative body of the original
+ * lib/init-generator.js adaptCopiedFiles function. Extracting them into
+ * a data-driven table allows both file-based and in-memory application.
+ */
+function computeRulesFor(posixRelativePath, scan, config) {
+  const backend = scan.backend || {};
+  const orm = backend.orm || 'your ORM';
+  const db = backend.db || 'your database';
+  const validation = backend.validation;
+  const structure = scan.srcStructure || {};
+  const arch = structure.pattern || 'ddd';
+
+  // Phase 1: Zod → generic validation (applies only when validation !== 'Zod').
+  const zodReplacements = [
+    ['Zod data schemas', 'validation schemas'],
+    ['Zod schemas', 'validation schemas'],
+  ];
+
+  // Phase 2: shared/src/schemas/ path cleanup. Applied AFTER phase 1, so
+  // these match the post-replacement text.
+  const schemaPathReplacements = [
+    ['validation schemas in `shared/src/schemas/` if applicable', 'validation schemas if applicable'],
+    ['validation schemas in `shared/src/schemas/` (if shared workspace exists)', 'validation schemas (if shared workspace exists)'],
+    ['validation schemas in `shared/src/schemas/`', 'validation schemas'],
+    ['validation schemas (`shared/src/schemas/`)', 'validation schemas'],
+    ['`shared/src/schemas/` (if exists) for current validation schemas', 'project validation schemas'],
+    // Gemini spec-creator: no "Zod" prefix, standalone path reference
+    ['and `shared/src/schemas/` (if exists)', ''],
+    ['schemas vs `shared/src/schemas/`', 'validation schemas up to date'],
+  ];
+
+  // ORM/DB replacements for backend agents. Only apply when the detected
+  // ORM differs from Prisma (the template default) OR no ORM was
+  // detected at all (replace with generic text).
+  let ormReplacements = [];
+  if (backend.orm && backend.orm !== 'Prisma') {
+    ormReplacements = [
+      ['Prisma ORM, and PostgreSQL', `${orm}${db !== 'your database' ? `, and ${db}` : ''}`],
+      ['Repository implementations (Prisma)', `Repository implementations (${orm})`],
+    ];
+  } else if (!backend.orm) {
+    const dbLabel = db !== 'your database' ? `, and ${db}` : '';
+    ormReplacements = [
+      ['Prisma ORM, and PostgreSQL', dbLabel ? dbLabel.slice(6) : 'your database'],
+      ['Repository implementations (Prisma)', 'Repository implementations'],
+    ];
+  }
+
+  // Architecture (DDD → layered) replacements, applied to backend agents
+  // when the detected structure is NOT DDD.
+  const archReplacementsBackendPlanner = (arch !== 'ddd') ? [
+    ['specializing in Domain-Driven Design (DDD) layered architecture with deep knowledge of',
+      'specializing in layered architecture with deep knowledge of'],
+    ['(DDD architecture)', '(layered architecture)'],
+    [/\d+\. Read `shared\/src\/schemas\/` \(if exists\) for current .* (?:data )?schemas\n/, ''],
+    [/\d+\. Explore existing domain entities, services, validators, repositories\n/,
+      '5. Explore the codebase for existing patterns, layer structure, and reusable code\n'],
+    [/\d+\. Explore `backend\/src\/infrastructure\/` for existing repositories\n/, ''],
+    ['following DDD layer order: Domain > Application > Infrastructure > Presentation > Tests',
+      'following the layer order defined in backend-standards.mdc'],
+    ['Implementation Order (Domain > Application > Infrastructure > Presentation > Tests)',
+      'Implementation Order (see backend-standards.mdc for layer order)'],
+    ['Follow DDD layer separation: Domain > Application > Infrastructure > Presentation',
+      'Follow the layer separation defined in backend-standards.mdc'],
+  ] : [];
+
+  const archReplacementsBackendDeveloper = (arch !== 'ddd') ? [
+    ['follows DDD layered architecture', 'follows layered architecture'],
+    ['specializing in Domain-Driven Design (DDD) with', 'specializing in layered architecture with'],
+    ['(DDD architecture)', '(layered architecture)'],
+    [/\d+\. Read `shared\/src\/schemas\/` \(if exists\) for current .* (?:data )?schemas\n/, ''],
+    ['Follow the DDD layer order from the plan:',
+      'Follow the layer order from the plan (see backend-standards.mdc for project layers):'],
+    [/\d+\. \*\*Domain Layer\*\*: Entities, value objects, repository interfaces, domain errors\n/,
+      '1. **Data Layer**: Models, database operations, data access\n'],
+    [/\d+\. \*\*Application Layer\*\*: Services, validators, DTOs\n/,
+      '2. **Business Logic Layer**: Controllers, services, external integrations\n'],
+    [/\d+\. \*\*Infrastructure Layer\*\*: Repository implementations \([^)]*\), external integrations\n/,
+      '3. **Presentation Layer**: Routes, handlers, middleware\n'],
+    [/\d+\. \*\*Presentation Layer\*\*: Controllers, routes, middleware\n/,
+      '4. **Integration Layer**: Wiring, configuration, server registration\n'],
+    ['Follow DDD layer order: Domain > Application > Infrastructure > Presentation.',
+      'Follow the layer order defined in backend-standards.mdc.'],
+    ['**ALWAYS** follow DDD layer separation',
+      '**ALWAYS** follow the layer separation defined in backend-standards.mdc'],
+    ['**ALWAYS** handle errors with custom domain error classes',
+      '**ALWAYS** handle errors following the patterns in backend-standards.mdc'],
+    ['ALWAYS handle errors with domain error classes',
+      'ALWAYS handle errors following the patterns in backend-standards.mdc'],
+    [/- (?:\*\*MANDATORY\*\*: )?If modifying a DB schema → update .* schemas in `shared\/src\/schemas\/` BEFORE continuing\n/, ''],
+  ] : [];
+
+  // Dispatch table keyed by the file's POSIX path suffix.
+  const isBackendAgent =
+    posixRelativePath.endsWith('/agents/backend-developer.md') ||
+    posixRelativePath.endsWith('/agents/backend-planner.md');
+  const isMultiPurposeAgent =
+    posixRelativePath.endsWith('/agents/spec-creator.md') ||
+    posixRelativePath.endsWith('/agents/production-code-validator.md') ||
+    posixRelativePath.endsWith('/agents/database-architect.md');
+  const isWorkflowSkill =
+    posixRelativePath.endsWith('/skills/development-workflow/SKILL.md') ||
+    posixRelativePath.endsWith('/skills/development-workflow/references/ticket-template.md');
+
+  // Accumulate rules for this file in the correct order.
+  const rules = [];
+
+  if (isBackendAgent) {
+    if (validation !== 'Zod') {
+      rules.push(...zodReplacements);
+      rules.push(...ormReplacements);
+      rules.push(...schemaPathReplacements);
+    } else if (ormReplacements.length > 0) {
+      rules.push(...ormReplacements);
+    }
+    // Architecture adaptations run after ORM/Zod.
+    if (posixRelativePath.endsWith('/agents/backend-planner.md')) {
+      rules.push(...archReplacementsBackendPlanner);
+    } else if (posixRelativePath.endsWith('/agents/backend-developer.md')) {
+      rules.push(...archReplacementsBackendDeveloper);
+    }
+  } else if (isMultiPurposeAgent) {
+    if (validation !== 'Zod') {
+      rules.push(...zodReplacements);
+      rules.push(...schemaPathReplacements);
+    }
+  } else if (isWorkflowSkill) {
+    if (validation !== 'Zod') {
+      rules.push(...zodReplacements);
+      rules.push(...schemaPathReplacements);
+    }
+  }
+
+  return rules.length > 0 ? rules : null;
+}
+
+/**
+ * Apply an ordered list of [from, to] rules to a content string.
+ * Strings are replaced with `.replaceAll` (all occurrences). Regexes are
+ * replaced with `.replace` (respects the regex's own flags — `g` for
+ * global, absent for first-occurrence; the current rule set uses regexes
+ * without `g` because they target unique structural lines).
+ */
+function applyRulesToContent(content, rules) {
+  let result = content;
+  for (const [from, to] of rules) {
+    if (from instanceof RegExp) {
+      result = result.replace(from, to);
+    } else {
+      result = result.replaceAll(from, to);
+    }
+  }
+  return result;
+}
+
+/**
+ * Pure, in-memory stack adaptation. Returns the adapted content.
+ * Zero filesystem I/O. Safe to call repeatedly on the same input
+ * (idempotent by rule design).
+ *
+ * @param {string} content - Raw file content
+ * @param {string} posixRelativePath - e.g. ".claude/agents/backend-developer.md"
+ * @param {object} scan
+ * @param {object} config
+ * @returns {string}
+ */
+function applyStackAdaptationsToContent(content, posixRelativePath, scan, config) {
+  const rules = computeRulesFor(posixRelativePath, scan, config);
+  if (!rules) return content;
+  return applyRulesToContent(content, rules);
+}
+
+/**
+ * Candidate file list for stack adaptations. Mirrors the files touched
+ * by the original adaptCopiedFiles. Only files that exist on disk are
+ * returned.
+ */
+function candidateFilesFor(dest, aiTools, projectType) {
+  const toolDirs = [];
+  if (aiTools !== 'gemini') toolDirs.push('.claude');
+  if (aiTools !== 'claude') toolDirs.push('.gemini');
+
+  const results = [];
+
+  for (const dir of toolDirs) {
+    // Backend agents
+    results.push(`${dir}/agents/backend-developer.md`);
+    results.push(`${dir}/agents/backend-planner.md`);
+    // Multi-purpose agents
+    results.push(`${dir}/agents/spec-creator.md`);
+    results.push(`${dir}/agents/production-code-validator.md`);
+    results.push(`${dir}/agents/database-architect.md`);
+    // Workflow skill files
+    results.push(`${dir}/skills/development-workflow/SKILL.md`);
+    results.push(`${dir}/skills/development-workflow/references/ticket-template.md`);
+  }
+
+  // Filter by on-disk presence AND by project-type (single-stack
+  // projects may have pruned backend-* files).
+  return results.filter((posixPath) => {
+    const absPath = path.join(dest, ...posixPath.split('/'));
+    return fs.existsSync(absPath);
+  });
+}
+
+/**
+ * Apply stack adaptations to files on disk.
+ *
+ * @param {string} dest - Project root
+ * @param {object} scan - scan() result
+ * @param {object} config - { projectType, aiTools, ... }
+ * @param {Set<string>|null} allowlist - POSIX paths permitted to be
+ *   touched. If null, all candidate files are touched (install path).
+ *   If a Set, only files whose POSIX path is IN the Set are touched
+ *   (upgrade path — prevents running adaptations on preserved user
+ *   files).
+ * @returns {string[]} POSIX relative paths that were touched (whether
+ *   their content actually changed or not — callers should re-hash them)
+ */
+function applyStackAdaptations(dest, scan, config, allowlist = null) {
+  const touched = [];
+  const candidates = candidateFilesFor(dest, config.aiTools, config.projectType);
+
+  for (const posixPath of candidates) {
+    if (allowlist !== null && !allowlist.has(posixPath)) continue;
+    const absPath = path.join(dest, ...posixPath.split('/'));
+    let content;
+    try {
+      content = fs.readFileSync(absPath, 'utf8');
+    } catch {
+      continue;
+    }
+    const adapted = applyStackAdaptationsToContent(content, posixPath, scan, config);
+    if (adapted !== content) {
+      try {
+        fs.writeFileSync(absPath, adapted, 'utf8');
+      } catch (e) {
+        console.warn(`    ⚠ Failed to write stack-adapted ${posixPath}: ${e.code || e.message}`);
+        continue;
+      }
+    }
+    touched.push(posixPath);
+  }
+
+  // Non-agent adaptations: documentation-standards.mdc is project-type-
+  // driven, not stack-driven. Keeps its own imperative branch here.
+  const docStdRelative = 'ai-specs/specs/documentation-standards.mdc';
+  const docStdPath = path.join(dest, docStdRelative);
+  if (
+    fs.existsSync(docStdPath) &&
+    (allowlist === null || allowlist.has(docStdRelative))
+  ) {
+    try {
+      let content = fs.readFileSync(docStdPath, 'utf8');
+      if (config.projectType === 'backend') {
+        content = content.replace(/\| `ai-specs\/specs\/frontend-standards\.mdc` \|[^\n]*\n/, '');
+        content = content.replace(/\| `docs\/specs\/ui-components\.md` \|[^\n]*\n/, '');
+        content = content.replace(/   - UI component changes → `docs\/specs\/ui-components\.md`\n/, '');
+      } else if (config.projectType === 'frontend') {
+        content = content.replace(/\| `ai-specs\/specs\/backend-standards\.mdc` \|[^\n]*\n/, '');
+        content = content.replace(/\| `docs\/specs\/api-spec\.yaml` \|[^\n]*\n/, '');
+      }
+      fs.writeFileSync(docStdPath, content, 'utf8');
+      touched.push(docStdRelative);
+    } catch (e) {
+      console.warn(`    ⚠ Failed to adapt documentation-standards.mdc: ${e.code || e.message}`);
+    }
+  }
+
+  return touched;
+}
+
+module.exports = {
+  applyStackAdaptations,
+  applyStackAdaptationsToContent,
+  computeRulesFor,
+  applyRulesToContent,
+  candidateFilesFor,
+};