devflow-kit 1.3.1 → 1.3.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +20 -0
- package/README.md +3 -1
- package/dist/commands/init.js +40 -11
- package/dist/utils/post-install.d.ts +1 -1
- package/dist/utils/post-install.js +2 -9
- package/package.json +1 -1
- package/plugins/devflow-accessibility/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-ambient/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-audit-claude/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-code-review/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-core-skills/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-debug/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-frontend-design/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-go/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-implement/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-java/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-python/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-react/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-resolve/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-rust/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-self-review/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-specify/.claude-plugin/plugin.json +1 -1
- package/plugins/devflow-typescript/.claude-plugin/plugin.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -5,6 +5,24 @@ All notable changes to DevFlow will be documented in this file.
|
|
|
5
5
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
|
6
6
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
7
7
|
|
|
8
|
+
## [1.3.3] - 2026-03-09
|
|
9
|
+
|
|
10
|
+
### Changed
|
|
11
|
+
- **Sudo trust prompt** — Managed settings now shows a clear explanation, a copy-pasteable verification prompt, and an explicit fallback option before any password prompt
|
|
12
|
+
|
|
13
|
+
### Added
|
|
14
|
+
- **Managed settings test coverage** — Unit tests for `installManagedSettings` two-stage write logic
|
|
15
|
+
|
|
16
|
+
---
|
|
17
|
+
|
|
18
|
+
## [1.3.2] - 2026-03-08
|
|
19
|
+
|
|
20
|
+
### Changed
|
|
21
|
+
- **Init prompt improvements** — Agent Teams marked as experimental with recommendation to disable; ambient mode now defaults to enabled (recommended)
|
|
22
|
+
- **Init flags documented** — Added `--ambient`/`--no-ambient` and `--memory`/`--no-memory` to README
|
|
23
|
+
|
|
24
|
+
---
|
|
25
|
+
|
|
8
26
|
## [1.3.1] - 2026-03-08
|
|
9
27
|
|
|
10
28
|
### Fixed
|
|
@@ -822,6 +840,8 @@ devflow init
|
|
|
822
840
|
|
|
823
841
|
---
|
|
824
842
|
|
|
843
|
+
[1.3.3]: https://github.com/dean0x/devflow/compare/v1.3.2...v1.3.3
|
|
844
|
+
[1.3.2]: https://github.com/dean0x/devflow/compare/v1.3.1...v1.3.2
|
|
825
845
|
[1.3.1]: https://github.com/dean0x/devflow/compare/v1.3.0...v1.3.1
|
|
826
846
|
[1.3.0]: https://github.com/dean0x/devflow/compare/v1.2.0...v1.3.0
|
|
827
847
|
[1.2.0]: https://github.com/dean0x/devflow/compare/v1.1.0...v1.2.0
|
package/README.md
CHANGED
|
@@ -241,7 +241,9 @@ Session context is saved and restored automatically via Working Memory hooks —
|
|
|
241
241
|
|--------|-------------|
|
|
242
242
|
| `--plugin <names>` | Comma-separated plugin names (e.g., `implement,code-review`) |
|
|
243
243
|
| `--scope <user\|local>` | Installation scope (default: user) |
|
|
244
|
-
| `--teams` / `--no-teams` | Enable/disable
|
|
244
|
+
| `--teams` / `--no-teams` | Enable/disable Agent Teams (experimental, default: off) |
|
|
245
|
+
| `--ambient` / `--no-ambient` | Enable/disable ambient mode (default: on) |
|
|
246
|
+
| `--memory` / `--no-memory` | Enable/disable working memory (default: on) |
|
|
245
247
|
| `--verbose` | Show detailed output |
|
|
246
248
|
|
|
247
249
|
### Uninstall Options
|
package/dist/commands/init.js
CHANGED
|
@@ -150,9 +150,12 @@ export const initCommand = new Command('init')
|
|
|
150
150
|
teamsEnabled = false;
|
|
151
151
|
}
|
|
152
152
|
else {
|
|
153
|
-
const teamsChoice = await p.
|
|
154
|
-
message: 'Enable Agent Teams?
|
|
155
|
-
|
|
153
|
+
const teamsChoice = await p.select({
|
|
154
|
+
message: 'Enable Agent Teams?',
|
|
155
|
+
options: [
|
|
156
|
+
{ value: false, label: 'No (Recommended)', hint: 'Experimental — may be unstable' },
|
|
157
|
+
{ value: true, label: 'Yes', hint: 'Advanced — peer debate in review, exploration, debugging' },
|
|
158
|
+
],
|
|
156
159
|
});
|
|
157
160
|
if (p.isCancel(teamsChoice)) {
|
|
158
161
|
p.cancel('Installation cancelled.');
|
|
@@ -166,12 +169,15 @@ export const initCommand = new Command('init')
|
|
|
166
169
|
ambientEnabled = options.ambient;
|
|
167
170
|
}
|
|
168
171
|
else if (!process.stdin.isTTY) {
|
|
169
|
-
ambientEnabled =
|
|
172
|
+
ambientEnabled = true;
|
|
170
173
|
}
|
|
171
174
|
else {
|
|
172
|
-
const ambientChoice = await p.
|
|
173
|
-
message: 'Enable ambient mode?
|
|
174
|
-
|
|
175
|
+
const ambientChoice = await p.select({
|
|
176
|
+
message: 'Enable ambient mode?',
|
|
177
|
+
options: [
|
|
178
|
+
{ value: true, label: 'Yes (Recommended)', hint: 'Auto-loads relevant skills for each prompt' },
|
|
179
|
+
{ value: false, label: 'No', hint: 'Full control — load skills manually' },
|
|
180
|
+
],
|
|
175
181
|
});
|
|
176
182
|
if (p.isCancel(ambientChoice)) {
|
|
177
183
|
p.cancel('Installation cancelled.');
|
|
@@ -179,7 +185,7 @@ export const initCommand = new Command('init')
|
|
|
179
185
|
}
|
|
180
186
|
ambientEnabled = ambientChoice;
|
|
181
187
|
}
|
|
182
|
-
// Working memory selection (defaults ON — foundational
|
|
188
|
+
// Working memory selection (defaults ON — foundational feature)
|
|
183
189
|
let memoryEnabled;
|
|
184
190
|
if (options.memory !== undefined) {
|
|
185
191
|
memoryEnabled = options.memory;
|
|
@@ -353,9 +359,32 @@ export const initCommand = new Command('init')
|
|
|
353
359
|
// Attempt managed settings write if user chose managed mode
|
|
354
360
|
let effectiveSecurityMode = securityMode;
|
|
355
361
|
if (securityMode === 'managed') {
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
362
|
+
p.note('This writes a read-only security deny list to a system directory\n' +
|
|
363
|
+
'and may prompt for your password (sudo).\n\n' +
|
|
364
|
+
'Not sure about this? Paste this into another Claude Code session:\n\n' +
|
|
365
|
+
' "I\'m installing DevFlow and it wants to write a\n' +
|
|
366
|
+
' managed-settings.json file using sudo. Review the source\n' +
|
|
367
|
+
' at https://github.com/dean0x/devflow and tell me if\n' +
|
|
368
|
+
' it\'s safe."', 'Managed Settings');
|
|
369
|
+
const sudoChoice = await p.select({
|
|
370
|
+
message: 'Continue with managed settings?',
|
|
371
|
+
options: [
|
|
372
|
+
{ value: 'yes', label: 'Yes, continue', hint: 'May prompt for your password' },
|
|
373
|
+
{ value: 'no', label: 'No, fall back to settings.json', hint: 'Deny list stored in editable user settings instead' },
|
|
374
|
+
],
|
|
375
|
+
});
|
|
376
|
+
if (p.isCancel(sudoChoice)) {
|
|
377
|
+
p.cancel('Installation cancelled.');
|
|
378
|
+
process.exit(0);
|
|
379
|
+
}
|
|
380
|
+
if (sudoChoice === 'yes') {
|
|
381
|
+
const managed = await installManagedSettings(rootDir, verbose);
|
|
382
|
+
if (!managed) {
|
|
383
|
+
p.log.warn('Managed settings write failed — falling back to user settings');
|
|
384
|
+
effectiveSecurityMode = 'user';
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
else {
|
|
359
388
|
effectiveSecurityMode = 'user';
|
|
360
389
|
}
|
|
361
390
|
}
|
|
@@ -28,7 +28,7 @@ export declare function mergeDenyList(existingJson: string, newDenyEntries: stri
|
|
|
28
28
|
*
|
|
29
29
|
* Strategy:
|
|
30
30
|
* 1. Try direct write (works if running as root or directory is writable)
|
|
31
|
-
* 2. If EACCES in TTY,
|
|
31
|
+
* 2. If EACCES in TTY, retry with sudo (caller is responsible for obtaining consent)
|
|
32
32
|
* 3. Returns true if managed settings were written, false if caller should fall back
|
|
33
33
|
*/
|
|
34
34
|
export declare function installManagedSettings(rootDir: string, verbose: boolean): Promise<boolean>;
|
|
@@ -67,7 +67,7 @@ export function mergeDenyList(existingJson, newDenyEntries) {
|
|
|
67
67
|
*
|
|
68
68
|
* Strategy:
|
|
69
69
|
* 1. Try direct write (works if running as root or directory is writable)
|
|
70
|
-
* 2. If EACCES in TTY,
|
|
70
|
+
* 2. If EACCES in TTY, retry with sudo (caller is responsible for obtaining consent)
|
|
71
71
|
* 3. Returns true if managed settings were written, false if caller should fall back
|
|
72
72
|
*/
|
|
73
73
|
export async function installManagedSettings(rootDir, verbose) {
|
|
@@ -118,17 +118,10 @@ export async function installManagedSettings(rootDir, verbose) {
|
|
|
118
118
|
return false;
|
|
119
119
|
}
|
|
120
120
|
}
|
|
121
|
-
// Attempt 2: sudo (TTY only)
|
|
121
|
+
// Attempt 2: sudo (TTY only — sudo needs terminal for password prompt)
|
|
122
122
|
if (!process.stdin.isTTY) {
|
|
123
123
|
return false;
|
|
124
124
|
}
|
|
125
|
-
const confirmed = await p.confirm({
|
|
126
|
-
message: `Managed settings require admin access (${managedDir}). Use sudo?`,
|
|
127
|
-
initialValue: true,
|
|
128
|
-
});
|
|
129
|
-
if (p.isCancel(confirmed) || !confirmed) {
|
|
130
|
-
return false;
|
|
131
|
-
}
|
|
132
125
|
try {
|
|
133
126
|
execSync(`sudo mkdir -p '${managedDir}'`, { stdio: 'inherit' });
|
|
134
127
|
// Write via sudo tee to avoid shell quoting issues with the JSON content
|
package/package.json
CHANGED