docguard-cli 0.13.0 → 0.14.0

package/cli/commands/fix.mjs

@@ -272,13 +272,16 @@ IMPORTANT: A new contributor should be able to follow this doc and have the proj
  * insert-changelog-unreleased (Changelog).
  * @returns {{ applied: object[], skipped: object[], total: number }}
  */
-export function applyAllMechanicalFixes(projectDir, config, { force = false } = {}) {
+export function applyAllMechanicalFixes(projectDir, config, opts = {}) {
+  const { force = false, forceRedo = false } = opts;
   const guardData = runGuardInternal(projectDir, config);
   const fixes = [];
   for (const v of guardData.validators) {
     if (Array.isArray(v.fixes)) fixes.push(...v.fixes);
   }
-  const { applied, skipped } = applyMechanicalFixes(projectDir, fixes, { force });
+  // v0.14-P1: forwarding forceRedo so users with `--force-redo` can override
+  // ping-pong suppression for a specific fix they actually want re-applied.
+  const { applied, skipped } = applyMechanicalFixes(projectDir, fixes, { force, forceRedo });
   return { applied, skipped, total: fixes.length };
 }
 
@@ -333,7 +336,10 @@ function runHistoryMode(projectDir, flags) {
 
 function runWriteMode(projectDir, config, flags) {
   const isJson = flags.format === 'json';
-  const { applied, skipped, total } = applyAllMechanicalFixes(projectDir, config, { force: flags.force });
+  const { applied, skipped, total } = applyAllMechanicalFixes(projectDir, config, {
+    force: flags.force,
+    forceRedo: flags.forceRedo,  // v0.14-P1: bypass ping-pong suppression
+  });
 
   if (isJson) {
     console.log(JSON.stringify({

package/cli/commands/guard.mjs

@@ -109,27 +109,36 @@ export function runGuardInternal(projectDir, config) {
     // Metrics-Consistency runs post-loop (needs guard results)
   ];
 
+  // v0.14-Q2: per-validator timing. Cheap (one `performance.now()` pair per
+  // validator) and the data is what we'd need to optimize anything later.
+  // Exposed via --profile in the public guard.
   for (const { key, name, fn } of validatorMap) {
     if (validators[key] === false) {
-      results.push({ name, key, status: 'skipped', quality: null, errors: [], warnings: [], passed: 0, total: 0 });
+      results.push({ name, key, status: 'skipped', quality: null, errors: [], warnings: [], passed: 0, total: 0, durationMs: 0 });
       continue;
     }
 
+    const start = performance.now();
     try {
       const result = fn();
-      results.push({ ...result, name, key, ...classifyResult(result) });
+      const durationMs = Math.round((performance.now() - start) * 100) / 100;
+      results.push({ ...result, name, key, durationMs, ...classifyResult(result) });
     } catch (err) {
-      results.push({ name, key, status: 'fail', quality: 'LOW', errors: [err.message], warnings: [], passed: 0, total: 1 });
+      const durationMs = Math.round((performance.now() - start) * 100) / 100;
+      results.push({ name, key, status: 'fail', quality: 'LOW', errors: [err.message], warnings: [], passed: 0, total: 1, durationMs });
     }
   }
 
   // ── Metrics-Consistency runs AFTER all other validators (needs their results) ──
   if (validators.metricsConsistency !== false) {
+    const start = performance.now();
     try {
       const result = validateMetricsConsistency(projectDir, config, results);
-      results.push({ ...result, name: 'Metrics-Consistency', key: 'metricsConsistency', ...classifyResult(result) });
+      const durationMs = Math.round((performance.now() - start) * 100) / 100;
+      results.push({ ...result, name: 'Metrics-Consistency', key: 'metricsConsistency', durationMs, ...classifyResult(result) });
     } catch (err) {
-      results.push({ name: 'Metrics-Consistency', key: 'metricsConsistency', status: 'fail', quality: 'LOW', errors: [err.message], warnings: [], passed: 0, total: 1 });
+      const durationMs = Math.round((performance.now() - start) * 100) / 100;
+      results.push({ name: 'Metrics-Consistency', key: 'metricsConsistency', status: 'fail', quality: 'LOW', errors: [err.message], warnings: [], passed: 0, total: 1, durationMs });
     }
   }
 
@@ -326,6 +335,26 @@ export function runGuard(projectDir, config, flags) {
   const badgeUrl = `https://img.shields.io/badge/CDD_Guard-${data.passed}%2F${data.total}_passed-${bColor}`;
   console.log(`\n  ${c.dim}📎 Badge: ![CDD Guard](${badgeUrl})${c.reset}`);
 
+  // v0.14-Q2: --timings prints per-validator timing, sorted slowest-first.
+  // Designed for self-diagnosis on slow repos: shows exactly which validator
+  // to optimize first. Cheap to opt into; off by default to keep output clean.
+  // (Originally proposed as `--profile` but that flag is taken by `init`.)
+  if (flags.timings) {
+    console.log(`\n  ${c.bold}⏱  Profile${c.reset} ${c.dim}(per-validator wall time, slowest first)${c.reset}`);
+    const timed = data.validators
+      .filter(v => typeof v.durationMs === 'number' && v.status !== 'skipped')
+      .sort((a, b) => b.durationMs - a.durationMs);
+    const total = timed.reduce((sum, v) => sum + v.durationMs, 0);
+    for (const v of timed.slice(0, 10)) {
+      const pct = total > 0 ? Math.round((v.durationMs / total) * 100) : 0;
+      const bar = '▇'.repeat(Math.max(1, Math.round(pct / 5)));
+      console.log(`     ${v.durationMs.toFixed(1).padStart(7)}ms  ${pct.toString().padStart(2)}%  ${bar.padEnd(20)} ${v.name}`);
+    }
+    if (timed.length > 10) console.log(`     ${c.dim}... ${timed.length - 10} faster validators omitted${c.reset}`);
+    console.log(`     ${c.dim}─────────${c.reset}`);
+    console.log(`     ${c.bold}${total.toFixed(1).padStart(7)}ms${c.reset}  ${c.dim}total validator time${c.reset}`);
+  }
+
   // Schema upgrade nudge — fires when the project's .docguard.json schema is
   // behind the CLI's CURRENT_SCHEMA_VERSION. Cheap, file-local check; no
   // network access. Suppressed in JSON output to keep machine consumers clean.

package/cli/commands/impact.mjs

@@ -0,0 +1,169 @@
+/**
+ * Impact Command — S-11
+ *
+ * After a commit (or before opening a PR), shows which canonical doc
+ * sections reference any file that changed since `--since` (default HEAD~1).
+ * Combines the L-2 reverse-trace logic with the changed-files diff so you
+ * get "you should re-read these doc sections" in one command.
+ *
+ * Use cases:
+ *   - Post-commit hook: `docguard impact --since HEAD~1` runs after each
+ *     commit and reminds the developer which docs to update.
+ *   - PR prep: `docguard impact --since main` shows the doc surface area
+ *     touched by the whole branch.
+ *
+ * JSON mode emits a structured `{ changedFiles, affectedDocs }` payload
+ * for CI integrations and PR-comment bots.
+ *
+ * @req SC-S11-001 — impact reports per-file → doc mappings
+ * @req SC-S11-002 — files with no doc references are listed as "no impact"
+ * @req SC-S11-003 — --format json emits parseable structured output
+ * @req SC-S11-004 — non-code files (.md, .json, etc.) are skipped from impact analysis
+ */
+
+import { existsSync, readFileSync, readdirSync } from 'node:fs';
+import { resolve, basename } from 'node:path';
+
+import { c } from '../shared.mjs';
+import { changedFilesSince, isGitRepo } from '../shared-git.mjs';
+
+/**
+ * File extensions we consider "code" for the purposes of impact analysis.
+ * Match the set used by other validators (Docs-Sync, Freshness).
+ */
+const CODE_EXTENSIONS = /\.(ts|tsx|js|jsx|mjs|cjs|py|go|rs|java|kt|rb|php|cs|swift)$/;
+
+function escapeRegex(s) {
+  return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&');
+}
+
+/**
+ * Find canonical doc references for a single file. Reuses the same three
+ * match strategies as trace --reverse for consistency: direct path,
+ * basename, backticked module name.
+ */
+function findReferences(file, docs) {
+  const refs = [];
+  const normalized = file.replace(/^\.\//, '');
+  const base = basename(normalized);
+  const stem = base.replace(/\.[^.]+$/, '');
+  const stemRe = new RegExp(`\`${escapeRegex(stem)}\``);
+  for (const [docName, lines] of docs) {
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i];
+      let kind = null;
+      if (line.includes(normalized)) kind = 'path';
+      else if (line.includes(base)) kind = 'basename';
+      else if (stemRe.test(line)) kind = 'module';
+      if (kind) {
+        refs.push({ doc: docName, line: i + 1, kind });
+      }
+    }
+  }
+  return refs;
+}
+
+export function runImpact(projectDir, _config, flags) {
+  const isJson = flags.format === 'json';
+  const since = flags.since || 'HEAD~1';
+
+  if (!isGitRepo(projectDir)) {
+    if (isJson) {
+      console.log(JSON.stringify({ since, error: 'not a git repository', changedFiles: [], affectedDocs: [] }, null, 2));
+    } else {
+      console.error(`${c.red}Not a git repository — impact requires git history.${c.reset}`);
+    }
+    process.exit(1);
+  }
+
+  const changed = changedFilesSince(projectDir, since);
+  // Filter to code files only — markdown/json/yaml changes don't have "doc
+  // impact" in the same sense; they ARE the docs (or config).
+  const codeChanged = changed.filter(f => CODE_EXTENSIONS.test(f));
+
+  // Index canonical docs once
+  const docsDir = resolve(projectDir, 'docs-canonical');
+  const docsIndex = new Map(); // docName → lines[]
+  if (existsSync(docsDir)) {
+    try {
+      for (const f of readdirSync(docsDir)) {
+        if (!f.endsWith('.md')) continue;
+        try {
+          const content = readFileSync(resolve(docsDir, f), 'utf-8');
+          docsIndex.set(f, content.split('\n'));
+        } catch { /* skip unreadable */ }
+      }
+    } catch { /* skip if dir unreadable */ }
+  }
+
+  // Compute per-file references
+  const fileImpact = []; // { file, references: [{doc, line, kind}] }
+  for (const f of codeChanged) {
+    fileImpact.push({ file: f, references: findReferences(f, docsIndex) });
+  }
+
+  // Roll up: which docs are affected, with all source files
+  const docMap = new Map(); // doc → Set<file>
+  for (const { file, references } of fileImpact) {
+    for (const r of references) {
+      if (!docMap.has(r.doc)) docMap.set(r.doc, new Set());
+      docMap.get(r.doc).add(file);
+    }
+  }
+  const affectedDocs = Array.from(docMap.entries()).map(([doc, files]) => ({
+    doc,
+    files: Array.from(files),
+  }));
+
+  // ── JSON output ──
+  if (isJson) {
+    console.log(JSON.stringify({
+      since,
+      changedFiles: codeChanged,
+      ignoredFiles: changed.filter(f => !CODE_EXTENSIONS.test(f)),
+      affectedDocs,
+      timestamp: new Date().toISOString(),
+    }, null, 2));
+    return;
+  }
+
+  // ── Text output ──
+  console.log(`${c.bold}📊 DocGuard Impact${c.reset} ${c.dim}(since ${since})${c.reset}\n`);
+
+  if (changed.length === 0) {
+    console.log(`  ${c.green}✅ No file changes since ${since}.${c.reset}`);
+    return;
+  }
+  if (codeChanged.length === 0) {
+    console.log(`  ${c.dim}No code files changed (${changed.length} non-code files: ${changed.slice(0, 3).join(', ')}${changed.length > 3 ? '…' : ''}).${c.reset}`);
+    return;
+  }
+
+  console.log(`  ${c.cyan}${codeChanged.length}${c.reset} code file(s) changed.\n`);
+
+  if (affectedDocs.length === 0) {
+    console.log(`  ${c.yellow}⚠ No canonical docs reference any of the changed files.${c.reset}`);
+    console.log(`  ${c.dim}This often means the changed code is undocumented. Consider:${c.reset}`);
+    console.log(`  ${c.dim}  - Running ${c.cyan}docguard generate --plan${c.dim} to add doc skeletons${c.reset}`);
+    console.log(`  ${c.dim}  - Reviewing whether the change belongs in an existing doc${c.reset}`);
+    return;
+  }
+
+  console.log(`  ${c.green}${affectedDocs.length}${c.reset} canonical doc(s) reference the changed files:\n`);
+  for (const { doc, files } of affectedDocs) {
+    console.log(`  ${c.cyan}${doc}${c.reset} ${c.dim}(${files.length} file${files.length > 1 ? 's' : ''})${c.reset}`);
+    for (const f of files.slice(0, 5)) {
+      console.log(`     ${c.dim}via${c.reset} ${f}`);
+    }
+    if (files.length > 5) console.log(`     ${c.dim}... ${files.length - 5} more${c.reset}`);
+  }
+
+  // List code files with NO doc references — these may need new docs
+  const orphaned = fileImpact.filter(fi => fi.references.length === 0).map(fi => fi.file);
+  if (orphaned.length > 0) {
+    console.log(`\n  ${c.yellow}${orphaned.length} changed file(s) have NO canonical doc reference:${c.reset}`);
+    for (const f of orphaned.slice(0, 5)) console.log(`     ${c.dim}• ${f}${c.reset}`);
+    if (orphaned.length > 5) console.log(`     ${c.dim}... ${orphaned.length - 5} more${c.reset}`);
+    console.log(`  ${c.dim}These may be undocumented — review whether they belong in an existing doc.${c.reset}`);
+  }
+}

package/cli/commands/upgrade.mjs

@@ -124,6 +124,65 @@ function applyCliUpgrade() {
   return r;
 }
 
+/**
+ * v0.14-P4: open a PR with the schema migration. Used when the team wants
+ * a reviewable change instead of an in-place edit. Requires `gh` CLI on
+ * PATH. Returns { ok: bool, prUrl?: string, error?: string }.
+ */
+function openUpgradePR(projectDir, migratedConfig, fromVersion, toVersion) {
+  // Pre-flight: gh must be installed
+  const which = spawnSync('which', ['gh'], { encoding: 'utf-8' });
+  if (which.status !== 0) {
+    return { ok: false, error: 'gh CLI not found. Install: https://cli.github.com' };
+  }
+
+  const branch = `docguard/upgrade-schema-${toVersion}-${Date.now().toString(36)}`;
+  // Branch off current HEAD
+  let r = spawnSync('git', ['checkout', '-b', branch], { cwd: projectDir, encoding: 'utf-8' });
+  if (r.status !== 0) return { ok: false, error: `git checkout failed: ${r.stderr || r.stdout}` };
+
+  // Write the migrated config
+  try {
+    writeFileSync(
+      resolve(projectDir, '.docguard.json'),
+      JSON.stringify(migratedConfig, null, 2) + '\n',
+      'utf-8'
+    );
+  } catch (e) {
+    return { ok: false, error: `write .docguard.json failed: ${e.message}` };
+  }
+
+  // Commit
+  r = spawnSync('git', ['add', '.docguard.json'], { cwd: projectDir, encoding: 'utf-8' });
+  if (r.status !== 0) return { ok: false, error: `git add failed: ${r.stderr}` };
+
+  const commitMsg = `chore(docguard): migrate .docguard.json schema ${fromVersion} → ${toVersion}\n\nAutomated migration via \`docguard upgrade --apply --pr\`.`;
+  r = spawnSync('git', ['commit', '-m', commitMsg], { cwd: projectDir, encoding: 'utf-8' });
+  if (r.status !== 0) return { ok: false, error: `git commit failed: ${r.stderr || r.stdout}` };
+
+  // Push
+  r = spawnSync('git', ['push', '-u', 'origin', branch], { cwd: projectDir, encoding: 'utf-8' });
+  if (r.status !== 0) return { ok: false, error: `git push failed: ${r.stderr || r.stdout}` };
+
+  // Open PR
+  const prBody =
+    `Automated schema migration from \`${fromVersion}\` → \`${toVersion}\`.\n\n` +
+    `This PR was opened by \`docguard upgrade --apply --pr\`. It updates the\n` +
+    `\`.docguard.json\` schema version and any additive fields the new schema\n` +
+    `introduces (e.g. \`severity: {}\` for v0.5).\n\n` +
+    `Review and merge to keep your team's DocGuard config in sync.\n\n` +
+    `> 🤖 Generated by [DocGuard](https://github.com/raccioly/docguard)`;
+  r = spawnSync('gh', [
+    'pr', 'create',
+    '--title', `chore(docguard): migrate schema ${fromVersion} → ${toVersion}`,
+    '--body', prBody,
+  ], { cwd: projectDir, encoding: 'utf-8' });
+  if (r.status !== 0) return { ok: false, error: `gh pr create failed: ${r.stderr || r.stdout}` };
+
+  const prUrl = (r.stdout || '').trim().split('\n').pop();
+  return { ok: true, prUrl };
+}
+
 export async function runUpgrade(projectDir, _config, flags) {
   const checkOnly = flags.checkOnly || flags['check-only'];
   const apply = flags.apply;
@@ -222,8 +281,23 @@ export async function runUpgrade(projectDir, _config, flags) {
       const cfg = JSON.parse(readFileSync(cfgPath, 'utf-8'));
       const { changed, newConfig } = migrateSchema(cfg, projectSchema);
       if (changed) {
-        writeFileSync(cfgPath, JSON.stringify(newConfig, null, 2) + '\n', 'utf-8');
-        console.log(`  ${c.green}✓ Schema migrated ${projectSchema} → ${newConfig.version}.${c.reset}`);
+        // v0.14-P4: --pr opens a PR for review instead of in-place editing.
+        // Useful when the team wants a reviewable diff or has branch-protected
+        // .docguard.json. Falls back to in-place if pre-flight fails.
+        if (flags.pr) {
+          console.log(`  ${c.dim}Opening PR with migrated config...${c.reset}`);
+          const pr = openUpgradePR(projectDir, newConfig, projectSchema, newConfig.version);
+          if (pr.ok) {
+            console.log(`  ${c.green}✓ Schema migration PR opened:${c.reset} ${c.cyan}${pr.prUrl}${c.reset}`);
+          } else {
+            console.error(`  ${c.red}✗ PR creation failed:${c.reset} ${pr.error}`);
+            console.log(`  ${c.dim}Tip: run without --pr to apply in place, or fix the underlying issue.${c.reset}`);
+            process.exit(1);
+          }
+        } else {
+          writeFileSync(cfgPath, JSON.stringify(newConfig, null, 2) + '\n', 'utf-8');
+          console.log(`  ${c.green}✓ Schema migrated ${projectSchema} → ${newConfig.version}.${c.reset}`);
+        }
       } else {
         console.log(`  ${c.dim}Schema migration was a no-op (no recipe registered yet for ${projectSchema} → ${CURRENT_SCHEMA_VERSION}).${c.reset}`);
       }

package/cli/docguard.mjs

@@ -41,6 +41,7 @@ import { runTrace } from './commands/trace.mjs';
 import { runLlms } from './commands/llms.mjs';
 import { runSetup } from './commands/setup.mjs';
 import { runUpgrade } from './commands/upgrade.mjs';
+import { runImpact } from './commands/impact.mjs';
 import { ensureSkills } from './ensure-skills.mjs';
 
 // ── Shared constants (imported to break circular dependencies) ──────────
@@ -385,6 +386,15 @@ async function main() {
       flags.reverse = true;
     } else if (args[i] === '--history') {
       flags.history = true;
+    } else if (args[i] === '--force-redo') {
+      flags.forceRedo = true;
+    } else if (args[i] === '--pr') {
+      flags.pr = true;
+    } else if (args[i] === '--timings' || args[i] === '--show-timings') {
+      // v0.14-Q2: per-validator timing display. Renamed from `--profile` to
+      // avoid collision with `docguard init --profile <name>`. `--show-timings`
+      // is the long form for users who prefer explicit verbs.
+      flags.timings = true;
     } else if (!args[i].startsWith('--') && i > 0) {
       // Positional args go into flags.args for commands that take them (e.g.
       // `docguard trace --reverse <path>`). Skip the command itself (i === 0).
@@ -514,6 +524,9 @@ async function main() {
     case 'update':
       await runUpgrade(projectDir, config, flags);
       break;
+    case 'impact':
+      runImpact(projectDir, config, flags);
+      break;
     default:
       console.error(`${c.red}Unknown command: ${command}${c.reset}`);
       console.log(`Run ${c.cyan}docguard --help${c.reset} for usage.`);

package/cli/shared-source.mjs

@@ -254,6 +254,16 @@ export function grepEnvUsage(projectDir, config = {}) {
     }
   };
 
+  // v0.14-P2: when config.changedFiles is populated (by --changed-only),
+  // restrict the scan to ONLY those paths. Skips the recursive tree walk
+  // entirely — turns "scan 5000 files" into "scan 3 files" in pre-commit mode.
+  if (Array.isArray(config.changedFiles) && config.changedFiles.length > 0) {
+    for (const rel of config.changedFiles) {
+      visit(resolve(projectDir, rel));
+    }
+    return names;
+  }
+
   for (const root of roots) walk(root);
   return names;
 }

package/cli/validators/api-surface.mjs

@@ -192,6 +192,22 @@ export function validateApiSurface(projectDir, config) {
   const warnings = [];
   const fixes = [];
 
+  // v0.14-P2: when --changed-only scoping is active and NONE of the changed
+  // files look like route/spec/controller files, this validator has nothing
+  // to add — return N/A so the lite-mode total reflects only what was actually
+  // checked. Route patterns mirror the SECTION_FILE_MATCHERS in sync.mjs.
+  if (Array.isArray(config.changedFiles)) {
+    const ROUTE_RE = /(^|\/)(routes|controllers|handlers|app\/api)\/|openapi|swagger/i;
+    const anyRouteFile = config.changedFiles.some(f => ROUTE_RE.test(f));
+    if (!anyRouteFile) {
+      return {
+        errors, warnings, passed: 0, total: 0, fixes,
+        applicable: false,
+        note: 'no route/spec files in changed set',
+      };
+    }
+  }
+
   const drift = computeApiSurfaceDrift(projectDir, config);
 
   // ── Multi-spec divergence (independent of the API-REFERENCE doc) ──

package/cli/validators/cross-reference.mjs

@@ -155,14 +155,103 @@ export function extractRefs(content, sourcePath) {
  * Resolve a target file path relative to a source markdown file.
  * Returns the absolute path or null if the file doesn't exist.
  */
+/**
+ * S-12: Suggest the closest matching anchor when a broken-anchor warning
+ * fires. Uses a cheap two-pass match:
+ *   1. Exact substring match (anchor is contained in or contains a heading)
+ *   2. Levenshtein-like edit-distance within a budget (max 3 edits)
+ *
+ * Returns the best-matching slug string, or null when no candidate scores
+ * well enough to suggest with confidence. Suggestion threshold tuned so
+ * cosmetic typos surface but unrelated headings don't false-positive.
+ *
+ * @param {string} broken - the slug the user wrote (e.g. "athena-setup")
+ * @param {Set<string>} candidates - anchors that exist in the target doc
+ * @returns {string|null}
+ */
+export function suggestAnchor(broken, candidates) {
+  if (!broken || !candidates || candidates.size === 0) return null;
+
+  // Pass 1: substring containment — high-confidence match. Both sides must
+  // be at least 4 chars to avoid spurious matches against very short anchors
+  // (e.g. `#a` would otherwise match any broken slug containing the letter a).
+  const MIN_SUBSTRING = 4;
+  for (const c of candidates) {
+    if (c.length < MIN_SUBSTRING || broken.length < MIN_SUBSTRING) continue;
+    if (c.startsWith(broken) || broken.startsWith(c) || c.includes(broken) || broken.includes(c)) {
+      // Additionally require >= 50% overlap of the shorter into the longer.
+      // Avoids "user-id" matching "user-management-and-administration" via
+      // the bare "user" prefix.
+      const overlap = Math.min(c.length, broken.length) / Math.max(c.length, broken.length);
+      if (overlap >= 0.5) return c;
+    }
+  }
+
+  // Pass 2: edit distance — pick the closest if within budget.
+  let best = null;
+  let bestDist = Infinity;
+  for (const c of candidates) {
+    // Cheap early-out: huge length difference can't be within budget.
+    if (Math.abs(c.length - broken.length) > 8) continue;
+    const d = editDistance(broken, c);
+    if (d < bestDist) { bestDist = d; best = c; }
+  }
+  // Budget: max(3, length / 5) — proportional to slug length but cap small.
+  const budget = Math.max(3, Math.floor(broken.length / 5));
+  if (bestDist <= budget) return best;
+  return null;
+}
+
+/**
+ * Levenshtein edit distance. O(m·n) time, O(min) space. We bound input
+ * size before calling (S-12's pass 2 pre-filters), so a textbook impl is
+ * fine. Adding a dependency for one cheap routine isn't worth it.
+ */
+function editDistance(a, b) {
+  if (a === b) return 0;
+  if (!a.length) return b.length;
+  if (!b.length) return a.length;
+  let prev = new Array(b.length + 1);
+  let curr = new Array(b.length + 1);
+  for (let j = 0; j <= b.length; j++) prev[j] = j;
+  for (let i = 1; i <= a.length; i++) {
+    curr[0] = i;
+    for (let j = 1; j <= b.length; j++) {
+      const cost = a[i - 1] === b[j - 1] ? 0 : 1;
+      curr[j] = Math.min(
+        prev[j] + 1,        // deletion
+        curr[j - 1] + 1,    // insertion
+        prev[j - 1] + cost, // substitution
+      );
+    }
+    [prev, curr] = [curr, prev];
+  }
+  return prev[b.length];
+}
+
 function resolveTarget(sourcePath, targetRel, projectDir) {
   if (!targetRel) return null;
-  // Try relative to source's directory first
-  const fromSource = resolve(dirname(sourcePath), targetRel);
-  if (existsSync(fromSource)) return fromSource;
-  // Also try from project root (some authors write `docs-canonical/X.md`)
-  const fromRoot = resolve(projectDir, targetRel);
-  if (existsSync(fromRoot)) return fromRoot;
+  // B-6: try BOTH the literal path and the URL-decoded form. CommonMark
+  // accepts `[name](../WU%20Documentation/foo.md)` for paths with spaces,
+  // and the decoded form (`../WU Documentation/foo.md`) is what hits the
+  // filesystem. The angle-bracket form `<../WU Documentation/foo.md>` is
+  // already non-URL-encoded by the time it reaches us. Try literal first
+  // (handles paths that legitimately contain `%`), then decoded.
+  const candidates = [targetRel];
+  try {
+    const decoded = decodeURIComponent(targetRel);
+    if (decoded !== targetRel) candidates.push(decoded);
+  } catch {
+    // Malformed % escapes — fall back to literal-only.
+  }
+  for (const cand of candidates) {
+    // Try relative to source's directory first
+    const fromSource = resolve(dirname(sourcePath), cand);
+    if (existsSync(fromSource)) return fromSource;
+    // Also try from project root (some authors write `docs-canonical/X.md`)
+    const fromRoot = resolve(projectDir, cand);
+    if (existsSync(fromRoot)) return fromRoot;
+  }
   return null;
 }
 
@@ -274,8 +363,13 @@ export function validateCrossReferences(projectDir, _config = {}) {
         const matches = anchors && (anchors.has(ref.anchor) || anchors.has(normalizedAnchor));
         if (!matches) {
           const where = targetPath === docPath ? 'same doc' : basename(targetPath);
+          // S-12: suggest the closest matching anchor when there's a near-miss.
+          // Three of five wu user-fixes were "heading renamed, link not updated"
+          // — a suggested-slug hint makes those deterministic-fixable.
+          const suggestion = anchors ? suggestAnchor(normalizedAnchor, anchors) : null;
+          const hint = suggestion ? ` (did you mean #${suggestion}?)` : '';
           warnings.push(
-            `${docName}:${ref.line} — broken anchor: "#${ref.anchor}" in ${where} doesn't match any heading`
+            `${docName}:${ref.line} — broken anchor: "#${ref.anchor}" in ${where} doesn't match any heading${hint}`
           );
           continue;
         }

package/cli/validators/freshness.mjs

@@ -9,7 +9,24 @@
 import { existsSync, readdirSync, statSync } from 'node:fs';
 import { resolve, join, extname } from 'node:path';
 import { execSync, execFileSync } from 'node:child_process';
-import { getLastCommitDate } from '../shared-git.mjs';
+
+// B-5 fix (v0.13.1): use a defensive import. If `shared-git.mjs` is missing
+// or unloadable in the end-user install (whatever the root cause — partial
+// upgrade, package corruption, weird module resolution), we fall back to
+// the original inline implementation below. The worst-case outcome is
+// "rename detection doesn't work", NOT "validator crashes with a useless
+// ReferenceError". Reported by wu-whatsappinbox v0.13.x feedback.
+let _sharedGetLastCommitDate = null;
+try {
+  const mod = await import('../shared-git.mjs');
+  if (mod && typeof mod.getLastCommitDate === 'function') {
+    _sharedGetLastCommitDate = mod.getLastCommitDate;
+  }
+} catch {
+  // Silently fall back. Test in tests/freshness-resilience.test.mjs verifies
+  // the validator stays operational when the import goes sideways.
+  _sharedGetLastCommitDate = null;
+}
 
 const IGNORE_DIRS = new Set([
   'node_modules', '.git', '.next', 'dist', 'build',
@@ -22,10 +39,29 @@ const IGNORE_DIRS = new Set([
  * Returns null if the file isn't tracked or git isn't available.
  */
 function getLastGitDate(filePath, dir) {
-  // Delegate to shared-git so rename history (--follow) is preserved.
-  // Without --follow, a `git mv` resets the file's "last commit date" and
-  // the Freshness counter silently misses drift introduced by the rename.
-  return getLastCommitDate(dir, filePath);
+  // Prefer the shared-git --follow-aware path when available (v0.13+ default).
+  // Fall back to inline implementation if the import failed at module load —
+  // this guarantees the validator never throws a ReferenceError even in
+  // environments where ESM resolution is broken.
+  if (_sharedGetLastCommitDate) {
+    try {
+      return _sharedGetLastCommitDate(dir, filePath);
+    } catch {
+      // fall through to inline
+    }
+  }
+  // Inline pre-v0.13 implementation — works without rename detection, but
+  // is guaranteed to not throw a "not defined" error.
+  try {
+    const result = execFileSync(
+      'git',
+      ['log', '-1', '--format=%aI', '--', filePath],
+      { cwd: dir, encoding: 'utf-8', stdio: ['pipe', 'pipe', 'pipe'] }
+    ).trim();
+    return result ? new Date(result) : null;
+  } catch {
+    return null;
+  }
 }
 
 /**

package/cli/validators/generated-staleness.mjs

@@ -23,14 +23,44 @@
  * @req SC-M1-004 — N/A when no source=code sections present in any doc
  */
 
-import { existsSync, readFileSync } from 'node:fs';
+import { existsSync, readFileSync, statSync } from 'node:fs';
 import { resolve, basename } from 'node:path';
 
 import { buildMemoryPlan } from '../scanners/memory-plan.mjs';
 import { getSection } from '../writers/sections.mjs';
 
+/**
+ * S-7: how long a generated doc may sit in `status: draft` before we warn.
+ * 14 days is the v0.13.1 default — long enough to absorb a typical sprint,
+ * short enough to surface forgotten skeletons before they rot.
+ */
+const DRAFT_STALENESS_DAYS = 14;
+
+/**
+ * Parse the frontmatter `status:` field from a markdown doc.
+ * Returns the trimmed value or null. Tolerant of either YAML-style
+ * fences (`---`) or HTML-comment-style (`<!-- status: draft -->`) markers.
+ */
+function extractDocStatus(content) {
+  if (!content) return null;
+  // YAML frontmatter: --- ... ---
+  const fmMatch = content.match(/^---\n([\s\S]*?)\n---/);
+  if (fmMatch) {
+    const sm = fmMatch[1].match(/^\s*status:\s*(\S+)\s*$/m);
+    if (sm) return sm[1].toLowerCase();
+  }
+  // Inline `<!-- status: draft -->` marker (common in docguard:generated docs).
+  const inline = content.match(/<!--\s*status:\s*(\w+)\s*-->/i);
+  if (inline) return inline[1].toLowerCase();
+  return null;
+}
+
 export function validateGeneratedStaleness(projectDir, config = {}) {
-  const result = { errors: [], warnings: [], passed: 0, total: 0 };
+  // v0.14-P3: also emit a `fixes` array. Each fix is structured so
+  // `applyMechanicalFixes` can consume it via the new regenerate-section
+  // applier. Lets `fix --write` actually CLOSE the loop on drift instead
+  // of just warning. No AI needed — the scanner already knows the right body.
+  const result = { errors: [], warnings: [], passed: 0, total: 0, fixes: [] };
 
   // Build the canonical memory plan (what the docs SHOULD contain). If this
   // fails or produces no docs, the validator is N/A.
@@ -46,6 +76,9 @@ export function validateGeneratedStaleness(projectDir, config = {}) {
 
   // Walk each doc's source=code sections and compare against on-disk content.
   let anySourceCodeSection = false;
+  const draftThresholdDays = (config.draftStalenessDays != null)
+    ? Number(config.draftStalenessDays)
+    : DRAFT_STALENESS_DAYS;
 
   for (const doc of plan.docs) {
     const fullPath = resolve(projectDir, doc.path);
@@ -53,6 +86,29 @@ export function validateGeneratedStaleness(projectDir, config = {}) {
     let content;
     try { content = readFileSync(fullPath, 'utf-8'); } catch { continue; }
 
+    // S-7: a docguard:generated doc with frontmatter `status: draft` that
+    // hasn't been updated in N days is probably a forgotten skeleton.
+    // Counted as a check (so total reflects it) and warned when stale.
+    const status = extractDocStatus(content);
+    if (status === 'draft') {
+      result.total++;
+      try {
+        const mtime = statSync(fullPath).mtime;
+        const ageDays = (Date.now() - mtime.getTime()) / (1000 * 60 * 60 * 24);
+        if (ageDays > draftThresholdDays) {
+          result.warnings.push(
+            `${basename(doc.path)} has been in \`status: draft\` for ${Math.floor(ageDays)} days. ` +
+            `Promote to status:current or remove. Run \`/docguard.fix --doc ${basename(doc.path)}\` to draft the prose.`
+          );
+        } else {
+          result.passed++;
+        }
+      } catch {
+        // Couldn't stat the file — skip the staleness check, don't count it.
+        result.total--;
+      }
+    }
+
     for (const sec of doc.sections) {
       if (sec.source !== 'code') continue;
       anySourceCodeSection = true;
@@ -86,10 +142,22 @@ export function validateGeneratedStaleness(projectDir, config = {}) {
       result.warnings.push(
         `${basename(doc.path)} → section "${sec.id}" is stale${hint}. Run \`docguard sync --write\` to refresh code-truth sections.`
       );
+      // v0.14-P3: structured fix so `docguard fix --write` can fix this
+      // mechanically (no AI needed — scanner already produced the right body).
+      result.fixes.push({
+        type: 'regenerate-section',
+        doc: doc.path,
+        sectionId: sec.id,
+        body: sec.body,
+        summary: `${basename(doc.path)} § ${sec.id} regenerated from scanner`,
+      });
     }
   }
 
-  if (!anySourceCodeSection) {
+  // S-7: even when no source=code sections exist, a draft-status check
+  // counts the validator as applicable. Only return N/A when we genuinely
+  // had nothing to evaluate.
+  if (!anySourceCodeSection && result.total === 0) {
     return { ...result, applicable: false };
   }
 

package/cli/validators/structure.mjs

@@ -19,23 +19,33 @@ export function validateStructure(projectDir, config) {
     }
   }
 
-  // Check agent file (any one is fine)
-  results.total++;
-  const agentFileFound = config.requiredFiles.agentFile.some(f =>
-    existsSync(resolve(projectDir, f))
-  );
-  if (agentFileFound) {
-    results.passed++;
-  } else {
-    results.errors.push(`Missing agent file: ${config.requiredFiles.agentFile.join(' or ')}`);
+  // Check agent file (any one is fine) — defensive: tolerate missing config
+  // shapes (B-5 class of safety net: never let a config gap leak as a
+  // ReferenceError / TypeError into the user's guard output).
+  const agentFiles = Array.isArray(config.requiredFiles?.agentFile)
+    ? config.requiredFiles.agentFile
+    : (typeof config.requiredFiles?.agentFile === 'string' ? [config.requiredFiles.agentFile] : []);
+  if (agentFiles.length > 0) {
+    results.total++;
+    const agentFileFound = agentFiles.some(f =>
+      existsSync(resolve(projectDir, f))
+    );
+    if (agentFileFound) {
+      results.passed++;
+    } else {
+      results.errors.push(`Missing agent file: ${agentFiles.join(' or ')}`);
+    }
   }
 
-  // Check changelog
-  results.total++;
-  if (existsSync(resolve(projectDir, config.requiredFiles.changelog))) {
-    results.passed++;
-  } else {
-    results.errors.push(`Missing required file: ${config.requiredFiles.changelog}`);
+  // Check changelog — same defensive pattern.
+  const changelogPath = config.requiredFiles?.changelog;
+  if (changelogPath) {
+    results.total++;
+    if (existsSync(resolve(projectDir, changelogPath))) {
+      results.passed++;
+    } else {
+      results.errors.push(`Missing required file: ${changelogPath}`);
+    }
   }
 
   // Check drift log

package/cli/writers/fix-memory.mjs

@@ -97,6 +97,12 @@ export function appendFixes(projectDir, fixes, appliedBy = 'fix --write') {
 
   for (const f of fixes) {
     const id = fingerprintFix(f);
+    const prior = byId.get(id);
+    // v0.14-P1: maintain applyCount across applies so ping-pong suppression
+    // can tell a fresh fix (count 1) from a recurring one (count 2+).
+    const applyCount = (prior && typeof prior.applyCount === 'number')
+      ? prior.applyCount + 1
+      : 1;
     const entry = {
       id,
       type: f.type || 'unknown',
@@ -104,8 +110,11 @@ export function appendFixes(projectDir, fixes, appliedBy = 'fix --write') {
       summary: f.summary || '',
       appliedAt: now,
       appliedBy,
+      applyCount,
+      // Keep firstAppliedAt for audit clarity — when did we first see this fix?
+      firstAppliedAt: (prior && prior.firstAppliedAt) || now,
     };
-    byId.set(id, entry); // overwrites prior with same fingerprint → updates appliedAt
+    byId.set(id, entry); // overwrites prior with same fingerprint
   }
 
   let entries = Array.from(byId.values());
@@ -131,3 +140,42 @@ export function isFixRecorded(projectDir, candidate) {
   const id = fingerprintFix(candidate);
   return loadFixMemory(projectDir).entries.some(e => e.id === id);
 }
+
+/**
+ * v0.14-P1 — fix-history suppression.
+ *
+ * Decide whether a candidate fix should be SUPPRESSED on this run because
+ * it's a known ping-pong pattern. A "ping-pong" is when the same
+ * fingerprint has been applied + reverted N or more times — usually a sign
+ * the user disagrees with the fix and we should stop re-suggesting it.
+ *
+ * Rules:
+ *   - Default threshold: 2 (apply → revert → apply is the third attempt → suppress)
+ *   - Configurable via opts.pingPongThreshold
+ *   - Override entirely via opts.force (set when caller passes --force-redo)
+ *
+ * Returns { suppressed: boolean, reason?: string }.
+ *
+ * @req SC-P1-001 — never suppresses on first apply
+ * @req SC-P1-002 — suppresses after N applies of the same fingerprint
+ * @req SC-P1-003 — force: true overrides suppression
+ */
+export function shouldSuppressFix(projectDir, candidate, opts = {}) {
+  if (opts.force) return { suppressed: false };
+  const id = fingerprintFix(candidate);
+  const mem = loadFixMemory(projectDir);
+  // Count occurrences of this fingerprint. Each `appendFixes` for an existing
+  // ID overwrites in place, so a single entry could represent many applies;
+  // we track a separate `applyCount` field for accurate ping-pong detection.
+  const entry = mem.entries.find(e => e.id === id);
+  if (!entry) return { suppressed: false };
+  const count = entry.applyCount || 1;
+  const threshold = opts.pingPongThreshold || 2;
+  if (count >= threshold) {
+    return {
+      suppressed: true,
+      reason: `applied ${count} time(s) before — possible ping-pong. Use --force-redo to apply anyway.`,
+    };
+  }
+  return { suppressed: false };
+}

package/cli/writers/mechanical.mjs

@@ -14,6 +14,29 @@
  * Pure file edits, no LLM. Zero NPM dependencies.
  */
 
+// v0.14-P1: resolve the suppression predicate at module load. Top-level
+// await is supported by ESM; if the import fails (e.g. partial install),
+// `_shouldSuppress` stays null and suppression is silently disabled —
+// fail-open, never block legit fixes.
+let _shouldSuppress = null;
+try {
+  const mod = await import('./fix-memory.mjs');
+  if (mod && typeof mod.shouldSuppressFix === 'function') {
+    _shouldSuppress = mod.shouldSuppressFix;
+  }
+} catch {
+  _shouldSuppress = null;
+}
+
+// v0.14-P3: section read/write API — loaded once at module init for the
+// regenerate-section applier. Same defensive pattern as the suppressor.
+let _sectionsModule = null;
+try {
+  _sectionsModule = await import('./sections.mjs');
+} catch {
+  _sectionsModule = null;
+}
+
 import { existsSync, readFileSync, writeFileSync } from 'node:fs';
 import { resolve } from 'node:path';
 import { removeEndpoints, hasGeneratedMarker } from './api-reference.mjs';
@@ -84,11 +107,48 @@ function applyRemoveEndpoint(projectDir, fix, { force = false } = {}) {
   return { applied: true, detail: `${fix.doc}: removed ${fix.method} ${fix.path}` };
 }
 
+/**
+ * v0.14-P3 — regenerate-section: rewrite a `source=code` section's body
+ * with the scanner's expected output. Emitted by the Generated-Staleness
+ * validator (M-1) when on-disk content drifts from what the memory plan
+ * would produce.
+ *
+ * Idempotent: if the section already matches `fix.body`, do nothing.
+ * Bounded: only writes inside `<!-- docguard:section id=X source=code -->`
+ * markers — never touches surrounding prose.
+ *
+ * fix shape: { type: 'regenerate-section', doc, sectionId, body }
+ */
+function applyRegenerateSection(projectDir, fix) {
+  if (!fix.doc || !fix.sectionId || fix.body == null) {
+    return { applied: false, skipped: 'regenerate-section needs doc, sectionId, body' };
+  }
+  const full = resolve(projectDir, fix.doc);
+  if (!existsSync(full)) return { applied: false, skipped: `doc not found: ${fix.doc}` };
+  const content = readFileSync(full, 'utf-8');
+  // Lazy-import the section writer to avoid a top-level circular risk.
+  // section APIs are synchronous and well-isolated; this works because
+  // mechanical.mjs already uses top-level await for fix-memory.
+  const { getSection, replaceSection } = _sectionsModule || {};
+  if (typeof getSection !== 'function' || typeof replaceSection !== 'function') {
+    return { applied: false, skipped: 'sections module unavailable' };
+  }
+  const existing = getSection(content, fix.sectionId);
+  if (!existing) return { applied: false, skipped: `section ${fix.sectionId} not present in ${fix.doc}` };
+  if (existing.body.trim() === String(fix.body).trim()) {
+    return { applied: false, skipped: `${fix.doc} § ${fix.sectionId} already current` };
+  }
+  const next = replaceSection(content, fix.sectionId, fix.body).content;
+  writeFileSync(full, next, 'utf-8');
+  return { applied: true, detail: `${fix.doc}: regenerated § ${fix.sectionId}` };
+}
+
 const APPLIERS = {
   'replace-count': applyReplaceCount,
   'replace-version': applyReplaceVersion,
   'insert-changelog-unreleased': applyInsertChangelogUnreleased,
   'remove-endpoint': applyRemoveEndpoint,
+  'regenerate-section': applyRegenerateSection,
 };
 
 export const MECHANICAL_FIX_TYPES = Object.keys(APPLIERS);
@@ -113,7 +173,22 @@ export function applyMechanicalFix(projectDir, fix, opts = {}) {
 export function applyMechanicalFixes(projectDir, fixes, opts = {}) {
   const applied = [];
   const skipped = [];
+
   for (const fix of fixes) {
+    // v0.14-P1: ping-pong suppression. If this same fingerprint has been
+    // applied >= N times before (default 2) and --force-redo isn't set,
+    // skip with a clear reason. Suppression is OFF when:
+    //   - recordHistory === false (e.g. dry-run tests don't want this state)
+    //   - forceRedo === true (user explicitly asked to re-apply)
+    if (opts.recordHistory !== false && !opts.forceRedo && _shouldSuppress) {
+      const decision = _shouldSuppress(projectDir, fix, {
+        pingPongThreshold: opts.pingPongThreshold,
+      });
+      if (decision.suppressed) {
+        skipped.push({ ...fix, reason: `suppressed: ${decision.reason}` });
+        continue;
+      }
+    }
     const r = applyMechanicalFix(projectDir, fix, opts);
     if (r.applied) applied.push({ ...fix, detail: r.detail });
     else if (r.skipped) skipped.push({ ...fix, reason: r.skipped });

package/extensions/spec-kit-docguard/extension.yml

@@ -3,7 +3,7 @@ schema_version: "1.0"
 extension:
   id: "docguard"
   name: "DocGuard — CDD Enforcement"
-  version: "0.13.0"
+  version: "0.14.0"
   description: "Canonical-Driven Development enforcement as a true spec-kit extension. LLM-first design with 19 automated validators, 4 AI behavior skills, spec-kit skill chaining, and workflow hooks. Zero NPM runtime dependencies."
   author: "Ricardo Accioly"
   repository: "https://github.com/raccioly/docguard"

package/extensions/spec-kit-docguard/skills/docguard-fix/SKILL.md

@@ -6,10 +6,10 @@ description: AI-driven documentation repair with structured research workflow, t
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.13.0
+  version: 0.14.0
   source: extensions/spec-kit-docguard/skills/docguard-fix
 ---
-<!-- docguard:version: 0.13.0 -->
+<!-- docguard:version: 0.14.0 -->
 
 # DocGuard Fix Skill
 

package/extensions/spec-kit-docguard/skills/docguard-guard/SKILL.md

@@ -7,10 +7,10 @@ description: Run DocGuard guard validation against Canonical-Driven Development
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.13.0
+  version: 0.14.0
   source: extensions/spec-kit-docguard/skills/docguard-guard
 ---
-<!-- docguard:version: 0.13.0 -->
+<!-- docguard:version: 0.14.0 -->
 
 # DocGuard Guard Skill
 

package/extensions/spec-kit-docguard/skills/docguard-review/SKILL.md

@@ -6,10 +6,10 @@ description: Cross-document consistency analysis and quality assessment. Perform
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.13.0
+  version: 0.14.0
   source: extensions/spec-kit-docguard/skills/docguard-review
 ---
-<!-- docguard:version: 0.13.0 -->
+<!-- docguard:version: 0.14.0 -->
 
 # DocGuard Review Skill
 

package/extensions/spec-kit-docguard/skills/docguard-score/SKILL.md

@@ -6,10 +6,10 @@ description: CDD maturity assessment with category-aware improvement roadmap. Ru
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.13.0
+  version: 0.14.0
   source: extensions/spec-kit-docguard/skills/docguard-score
 ---
-<!-- docguard:version: 0.13.0 -->
+<!-- docguard:version: 0.14.0 -->
 
 # DocGuard Score Skill
 

package/extensions/spec-kit-docguard/skills/docguard-sync/SKILL.md

@@ -4,7 +4,7 @@ description: Keep canonical documentation ALWAYS UP TO DATE. Refreshes code-trut
 compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
 metadata:
   author: docguard
-  version: 0.13.0
+  version: 0.14.0
   source: extensions/spec-kit-docguard/skills/docguard-sync
 ---
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "docguard-cli",
-  "version": "0.13.0",
+  "version": "0.14.0",
   "description": "The enforcement tool for Canonical-Driven Development (CDD). Audit, generate, and guard your project documentation.",
   "type": "module",
   "bin": {