npm - don-cheli-sdd - Versions diffs - 1.16.4 → 1.17.0 - Mend

don-cheli-sdd 1.16.4 → 1.17.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (21) hide show

package/CHANGELOG.md +12 -0
package/README.es.md +1 -1
package/README.md +1 -1
package/README.pt.md +1 -1
package/VERSION +1 -1
package/comandos/especdev/dashboard.md +52 -0
package/comandos/especdev/gate.md +62 -0
package/comandos/especdev/metricas.md +42 -0
package/habilidades/custom-gates/HABILIDAD.md +51 -0
package/habilidades/metricas-sesion/HABILIDAD.md +72 -0
package/package.json +1 -1
package/plantillas/especdev/en/metrics.json +7 -0
package/plantillas/especdev/es/metrics.json +7 -0
package/plantillas/especdev/pt/metrics.json +7 -0
package/plantillas/gates/no-console-log.yml +6 -0
package/plantillas/gates/no-hardcoded-secrets.yml +6 -0
package/scripts/.claude/don-cheli/VERSION +1 -1
package/scripts/.claude/don-cheli/scripts/instalar.sh +1 -1
package/scripts/generar-config.sh +1 -1
package/scripts/instalar.sh +1 -1
package/scripts/sdd-check.sh +407 -0

package/CHANGELOG.md CHANGED Viewed

@@ -4,6 +4,18 @@ Todos los cambios notables en Don Cheli SDD Framework.
 Formato basado en [Conventional Commits](https://www.conventionalcommits.org/).
+## [1.17.0](https://github.com/doncheli/don-cheli-sdd/compare/v1.16.5...v1.17.0) (2026-04-02)
+### Nuevas Funcionalidades
+* CI/CD integration, Custom Quality Gates y Telemetría (Fases 1-3) ([ac8facb](https://github.com/doncheli/don-cheli-sdd/commit/ac8facbef51543f6c136e614abf07c9f287eafee))
+## [1.16.5](https://github.com/doncheli/don-cheli-sdd/compare/v1.16.4...v1.16.5) (2026-04-02)
+### Correcciones
+* **opencode:** add skills.paths para que OpenCode descubra los skills de Don Cheli ([c73b9fc](https://github.com/doncheli/don-cheli-sdd/commit/c73b9fc55e33be0449975e14a1e530cf97b83c8c))
 ## [1.16.4](https://github.com/doncheli/don-cheli-sdd/compare/v1.16.3...v1.16.4) (2026-04-02)
 ### Correcciones

package/README.es.md CHANGED Viewed

@@ -12,7 +12,7 @@
   </p>
   <p align="center">
     <a href="#-instalación"><img src="https://img.shields.io/badge/instalación-2_minutos-brightgreen" alt="Install"></a>
-    <img src="https://img.shields.io/badge/versión-1.16.4-blue" alt="Version">
+    <img src="https://img.shields.io/badge/versión-1.17.0-blue" alt="Version">
     <img src="https://img.shields.io/badge/licencia-Apache%202.0-green" alt="License">
     <img src="https://img.shields.io/badge/idiomas-ES%20|%20EN%20|%20PT-red" alt="Languages">
     <img src="https://img.shields.io/badge/comandos-85+-purple" alt="Commands">

package/README.md CHANGED Viewed

@@ -12,7 +12,7 @@
   </p>
   <p align="center">
     <a href="#-installation"><img src="https://img.shields.io/badge/install-2_minutes-brightgreen" alt="Install"></a>
-    <img src="https://img.shields.io/badge/version-1.16.4-blue" alt="Version">
+    <img src="https://img.shields.io/badge/version-1.17.0-blue" alt="Version">
     <img src="https://img.shields.io/badge/license-Apache%202.0-green" alt="License">
     <img src="https://img.shields.io/badge/languages-ES%20|%20EN%20|%20PT-red" alt="Languages">
     <img src="https://img.shields.io/badge/commands-85+-purple" alt="Commands">

package/README.pt.md CHANGED Viewed

@@ -12,7 +12,7 @@
   </p>
   <p align="center">
     <a href="#-instalação"><img src="https://img.shields.io/badge/instalação-2_minutos-brightgreen" alt="Install"></a>
-    <img src="https://img.shields.io/badge/versão-1.16.4-blue" alt="Version">
+    <img src="https://img.shields.io/badge/versão-1.17.0-blue" alt="Version">
     <img src="https://img.shields.io/badge/licença-Apache%202.0-green" alt="License">
     <img src="https://img.shields.io/badge/idiomas-ES%20|%20EN%20|%20PT-red" alt="Languages">
     <img src="https://img.shields.io/badge/comandos-85+-purple" alt="Commands">

package/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.16.4
1	+ 1.17.0

package/comandos/especdev/dashboard.md ADDED Viewed

@@ -0,0 +1,52 @@
+---
+description: Generar dashboard HTML local con métricas de eficiencia del proyecto SDD
+---
+# /dc:dashboard — Dashboard de Métricas SDD
+## Qué hace
+Genera un archivo `dashboard.html` interactivo con las métricas acumuladas del proyecto.
+## Fuente de datos
+Lee `.dc/metrics.json` que se actualiza automáticamente al cerrar cada sesión.
+## Métricas que muestra
+### Eficiencia del pipeline
+- **Tiempo por fase:** Promedio de duración de cada fase (Especificar → Revisar)
+- **Quality Gates:** Tasa de aprobación (primera vez vs reintentos)
+- **Stubs detectados:** Cuántos stubs fantasma se encontraron y eliminaron
+### TDD
+- **Tasa de acierto:** Tests que pasaron al primer intento vs reintentos
+- **Cobertura por feature:** Evolución de cobertura por sesión
+- **RED→GREEN ratio:** Cuántos ciclos TDD se completaron
+### Estimaciones
+- **Precisión:** Estimado vs real por feature (desviación %)
+- **Modelo más preciso:** Cuál de los 4 modelos acertó más
+### Seguridad
+- **Hallazgos OWASP:** Por categoría y severidad
+- **Tendencia:** Hallazgos por sesión (debería decrecer)
+### Sesiones
+- **Total de sesiones:** Completadas y promedio de duración
+- **Productividad:** Features completadas por sesión
+## Output
+```
+.dc/dashboard.html  — Dashboard HTML standalone (abrir en navegador)
+.dc/metrics.csv     — Export CSV para reporting corporativo
+```
+## Ejecución
+```bash
+/dc:dashboard               # Genera dashboard.html
+/dc:dashboard --abrir       # Genera y abre en navegador
+/dc:dashboard --csv          # Solo exporta CSV
+```

package/comandos/especdev/gate.md ADDED Viewed

@@ -0,0 +1,62 @@
+---
+description: Crear, listar y ejecutar quality gates custom del proyecto
+---
+# /dc:gate — Custom Quality Gates
+## Subcomandos
+### `/dc:gate crear <nombre>`
+Crear un nuevo quality gate custom en `.dc/gates/`:
+1. Preguntar: nombre descriptivo, tipo (grep o script), severidad (block o warn)
+2. Generar archivo YAML en `.dc/gates/<nombre>.yml`
+3. Ejecutar el gate para verificar que funciona
+### `/dc:gate listar`
+Listar todos los gates custom del proyecto:
+1. Leer `.dc/gates/*.yml`
+2. Mostrar tabla: nombre, tipo, severidad, estado (activo/desactivado)
+### `/dc:gate ejecutar [nombre]`
+Ejecutar gates custom:
+1. Si se pasa nombre: ejecutar solo ese gate
+2. Sin nombre: ejecutar todos los gates en `.dc/gates/`
+3. Mostrar resultado por gate con ✅/⚠️/❌
+4. Resumen final: X pasaron, Y fallaron, Z advertencias
+### `/dc:gate ci`
+Generar workflow de CI/CD para el proyecto actual:
+1. Detectar plataforma (GitHub Actions / GitLab CI)
+2. Copiar template desde `examples/ci/` adaptado al proyecto
+3. Incluir custom gates si existen
+## Formato de gate custom
+```yaml
+name: Nombre descriptivo
+type: grep | script
+pattern: "regex"          # Solo para type: grep
+files: "src/**/*.ts"      # Solo para type: grep
+severity: block | warn
+message: "Mensaje al fallar"
+run: |                    # Solo para type: script
+  comando a ejecutar
+```
+## Severidad
+- `block` — Falla la puerta, bloquea el merge
+- `warn` — Advertencia, no bloquea (configurable con `fail-on-warn`)
+## Ejemplos incluidos
+Ver `examples/gates/` para 5 gates pre-configurados:
+- `no-console-log.yml` — Prohibir console.log en producción
+- `no-any-typescript.yml` — Evitar tipo `any` en TypeScript
+- `no-hardcoded-secrets.yml` — Detectar secretos hardcodeados
+- `max-file-lines.yml` — Archivos de máximo 300 líneas
+- `require-error-handling.yml` — Manejo de errores en async

package/comandos/especdev/metricas.md ADDED Viewed

@@ -0,0 +1,42 @@
+---
+description: Ver resumen de métricas de eficiencia SDD en terminal
+---
+# /dc:metricas — Métricas en Terminal
+## Qué hace
+Muestra un resumen compacto de las métricas SDD del proyecto directamente en la terminal.
+## Fuente de datos
+Lee `.dc/metrics.json` que se actualiza automáticamente en cada sesión.
+## Output en terminal
+```
+═══════════════════════════════════════════
+  Don Cheli SDD — Métricas del Proyecto
+═══════════════════════════════════════════
+  📊 Sesiones:    12 completadas (prom. 38 min)
+  ✅ Quality Gates: 94% aprobación a la primera
+  🧪 TDD Acierto:  87% tests pasan al primer intento
+  📈 Cobertura:    91% (objetivo: 85%)
+  🔍 Stubs:       3 detectados, 3 eliminados
+  🛡️  OWASP:       0 críticos, 2 warnings
+  📐 Estimación:   ±15% desviación promedio
+  Modelo más preciso: Planning Poker IA (±8%)
+  Feature más rápida: auth-jwt (1.2h vs 2h estimado)
+═══════════════════════════════════════════
+```
+## Subcomandos
+```bash
+/dc:metricas              # Resumen completo
+/dc:metricas --tdd        # Solo métricas de TDD
+/dc:metricas --owasp      # Solo métricas de seguridad
+/dc:metricas --estimados  # Solo precisión de estimados
+```

package/habilidades/custom-gates/HABILIDAD.md ADDED Viewed

@@ -0,0 +1,51 @@
+---
+name: custom-gates
+description: Sistema de quality gates extensible con plugins YAML
+version: 1.0.0
+tags: [quality, ci-cd, gates, plugins]
+grado_libertad: medio
+---
+# Custom Quality Gates
+## Qué hace
+Permite a equipos definir sus propias puertas de calidad mediante archivos YAML en `.dc/gates/`.
+## Tipos de gate
+### grep
+Busca patrones regex en archivos del proyecto:
+```yaml
+type: grep
+pattern: "regex_aqui"
+files: "src/**/*.ts"
+```
+### script
+Ejecuta un script bash que retorna exit 0 (pass) o exit 1 (fail):
+```yaml
+type: script
+run: |
+  tu_comando_aqui
+```
+## Severidad
+- `block` — Bloquea el merge/avance
+- `warn` — Advertencia, no bloquea
+## Integración
+- Se ejecutan automáticamente en `/dc:revisar`
+- Se ejecutan en CI/CD via `sdd-check.sh` con `INPUT_GATES=custom`
+- Se listan con `/dc:gate listar`
+## Directorio
+```
+.dc/gates/
+├── no-console-log.yml
+├── no-hardcoded-secrets.yml
+└── tu-gate-custom.yml
+```

package/habilidades/metricas-sesion/HABILIDAD.md ADDED Viewed

@@ -0,0 +1,72 @@
+---
+name: metricas-sesion
+description: Telemetría local de eficiencia SDD con tracking de TDD, estimaciones y quality gates
+version: 1.0.0
+tags: [telemetry, metrics, dashboard, reporting]
+grado_libertad: bajo
+---
+# Métricas de Sesión
+## Qué hace
+Registra automáticamente métricas de cada sesión SDD en `.dc/metrics.json` para tracking de eficiencia.
+## Datos que captura
+### Por sesión
+- Timestamp inicio/fin
+- Duración
+- Fase alcanzada (1-6)
+- Quality gates: aprobadas/rechazadas
+- Cobertura alcanzada
+- Stubs detectados
+### Por feature
+- Escenarios Gherkin generados
+- Tareas TDD completadas
+- Ciclos RED→GREEN
+- Estimado vs real (si se usó /dc:estimar)
+### Acumulado
+- Total sesiones
+- Promedios por fase
+- Tendencias de cobertura
+- Precisión de estimaciones
+## Formato de metrics.json
+```json
+{
+  "version": "1.0.0",
+  "project": "mi-proyecto",
+  "sessions": [
+    {
+      "id": "2026-04-01-001",
+      "start": "2026-04-01T10:00:00Z",
+      "end": "2026-04-01T10:45:00Z",
+      "duration_min": 45,
+      "phase_reached": 6,
+      "gates_passed": 6,
+      "gates_total": 6,
+      "coverage": 91,
+      "stubs_found": 1,
+      "stubs_fixed": 1,
+      "tdd_cycles": 7,
+      "tdd_first_pass": 6
+    }
+  ],
+  "features": [],
+  "estimates": []
+}
+```
+## Activación
+Se activa automáticamente cuando la habilidad está instalada.
+Se registra al ejecutar `/dc:cerrar-sesion`.
+## Visualización
+- `/dc:metricas` — Resumen en terminal
+- `/dc:dashboard` — Dashboard HTML interactivo

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "don-cheli-sdd",
-  "version": "1.16.4",
+  "version": "1.17.0",
   "description": "Framework SDD para Claude Code — 72+ comandos, 43 habilidades, 15 modelos de razonamiento. TDD como ley de hierro. EN/ES/PT.",
   "main": "bin/don-cheli.js",
   "scripts": {

package/plantillas/especdev/en/metrics.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": "1.0.0",
+  "project": "",
+  "sessions": [],
+  "features": [],
+  "estimates": []
+}

package/plantillas/especdev/es/metrics.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": "1.0.0",
+  "project": "",
+  "sessions": [],
+  "features": [],
+  "estimates": []
+}

package/plantillas/especdev/pt/metrics.json ADDED Viewed

@@ -0,0 +1,7 @@
+{
+  "version": "1.0.0",
+  "project": "",
+  "sessions": [],
+  "features": [],
+  "estimates": []
+}

package/plantillas/gates/no-console-log.yml ADDED Viewed

@@ -0,0 +1,6 @@
+name: No console.log en produccion
+type: grep
+pattern: "console\\.log"
+files: "src/**/*.ts"
+severity: block
+message: "console.log detectado. Usa el logger del proyecto."

package/plantillas/gates/no-hardcoded-secrets.yml ADDED Viewed

@@ -0,0 +1,6 @@
+name: No secrets hardcodeados
+type: grep
+pattern: "(password|secret|api_key|token)\\s*=\\s*['\"][^'\"]{8,}"
+files: "src/**/*"
+severity: block
+message: "Posible secreto hardcodeado. Usa variables de entorno."

package/scripts/.claude/don-cheli/VERSION CHANGED Viewed

	@@ -1 +1 @@
1	- 1.16.4
1	+ 1.17.0

package/scripts/.claude/don-cheli/scripts/instalar.sh CHANGED Viewed

@@ -4,7 +4,7 @@
 set -euo pipefail
-VERSION="1.16.4"
+VERSION="1.17.0"
 REPO_URL="https://github.com/doncheli/don-cheli-sdd"
 CLEANUP_TMPDIR=""

package/scripts/generar-config.sh CHANGED Viewed

@@ -238,7 +238,7 @@ _gen_continue() {
         cat > "$dir/.continue/config/don-cheli.json" 2>/dev/null << 'CONTEOF' || true
 {
   "name": "don-cheli-sdd",
-  "version": "1.16.4",
+  "version": "1.17.0",
   "description": "Don Cheli SDD Framework",
   "rules": [
     "All production code requires tests (TDD: RED → GREEN → REFACTOR)",

package/scripts/instalar.sh CHANGED Viewed

@@ -4,7 +4,7 @@
 set -euo pipefail
-VERSION="1.16.4"
+VERSION="1.17.0"
 REPO_URL="https://github.com/doncheli/don-cheli-sdd"
 CLEANUP_TMPDIR=""

package/scripts/sdd-check.sh ADDED Viewed

@@ -0,0 +1,407 @@
+#!/bin/bash
+# Don Cheli SDD Check — Quality Gates for CI/CD
+# Validates SDD artifacts, TDD compliance, coverage and security
+#
+# Usage:
+#   bash scripts/sdd-check.sh                     # Run all gates
+#   INPUT_GATES=spec,tdd bash scripts/sdd-check.sh  # Run specific gates
+#
+# Environment variables (set by GitHub Action or manually):
+#   INPUT_GATES          — Gates to run: all, spec, tdd, coverage, owasp, custom
+#   INPUT_MIN_COVERAGE   — Minimum coverage percentage (default: 85)
+#   INPUT_FAIL_ON_WARN   — Treat warnings as failures (default: false)
+#   INPUT_DC_DIR         — Path to .dc/ (auto-detect if empty)
+#   INPUT_CUSTOM_GATES_DIR — Path to custom gates (default: .dc/gates)
+set -euo pipefail
+# ═══════════════════════════════════════════════════════════════
+# CONFIG
+# ═══════════════════════════════════════════════════════════════
+GATES="${INPUT_GATES:-all}"
+MIN_COVERAGE="${INPUT_MIN_COVERAGE:-85}"
+FAIL_ON_WARN="${INPUT_FAIL_ON_WARN:-false}"
+CUSTOM_GATES_DIR="${INPUT_CUSTOM_GATES_DIR:-.dc/gates}"
+# Auto-detect .dc/ or .especdev/ (retrocompatible)
+if [ -n "${INPUT_DC_DIR:-}" ]; then
+    DC_DIR="$INPUT_DC_DIR"
+elif [ -d ".dc" ]; then
+    DC_DIR=".dc"
+elif [ -d ".especdev" ]; then
+    DC_DIR=".especdev"
+else
+    DC_DIR=".dc"
+fi
+# ═══════════════════════════════════════════════════════════════
+# STATE
+# ═══════════════════════════════════════════════════════════════
+TOTAL_GATES=0
+PASSED_GATES=0
+FAILED_GATES=0
+WARNINGS=0
+REPORT=""
+COVERAGE_VALUE="N/A"
+# Colors (only for terminal, not for GitHub output)
+if [ -t 1 ]; then
+    GREEN='\033[0;32m'; RED='\033[0;31m'; YELLOW='\033[1;33m'
+    CYAN='\033[0;36m'; BOLD='\033[1m'; NC='\033[0m'
+else
+    GREEN=''; RED=''; YELLOW=''; CYAN=''; BOLD=''; NC=''
+fi
+# ═══════════════════════════════════════════════════════════════
+# HELPERS
+# ═══════════════════════════════════════════════════════════════
+pass_gate() {
+    local name="$1" detail="${2:-}"
+    TOTAL_GATES=$((TOTAL_GATES + 1))
+    PASSED_GATES=$((PASSED_GATES + 1))
+    echo -e "${GREEN}✅${NC} $name${detail:+ — $detail}"
+    REPORT="${REPORT}| ✅ | ${name} | ${detail:-OK} |\n"
+}
+fail_gate() {
+    local name="$1" detail="${2:-}"
+    TOTAL_GATES=$((TOTAL_GATES + 1))
+    FAILED_GATES=$((FAILED_GATES + 1))
+    echo -e "${RED}❌${NC} $name${detail:+ — $detail}"
+    REPORT="${REPORT}| ❌ | ${name} | ${detail:-FAILED} |\n"
+}
+warn_gate() {
+    local name="$1" detail="${2:-}"
+    TOTAL_GATES=$((TOTAL_GATES + 1))
+    WARNINGS=$((WARNINGS + 1))
+    if [ "$FAIL_ON_WARN" = "true" ]; then
+        FAILED_GATES=$((FAILED_GATES + 1))
+        echo -e "${YELLOW}⚠️${NC} $name${detail:+ — $detail} (treated as failure)"
+        REPORT="${REPORT}| ⚠️→❌ | ${name} | ${detail:-WARNING} |\n"
+    else
+        PASSED_GATES=$((PASSED_GATES + 1))
+        echo -e "${YELLOW}⚠️${NC} $name${detail:+ — $detail}"
+        REPORT="${REPORT}| ⚠️ | ${name} | ${detail:-WARNING} |\n"
+    fi
+}
+should_run() {
+    local gate="$1"
+    [ "$GATES" = "all" ] && return 0
+    echo ",$GATES," | grep -q ",$gate," && return 0
+    return 1
+}
+# ═══════════════════════════════════════════════════════════════
+# GATE 1: SPEC VALIDATION
+# ═══════════════════════════════════════════════════════════════
+run_spec_gate() {
+    echo -e "\n${BOLD}Gate 1: Spec Validation${NC}"
+    if [ ! -d "$DC_DIR" ]; then
+        fail_gate "SDD Directory" "$DC_DIR/ not found"
+        return
+    fi
+    pass_gate "SDD Directory" "$DC_DIR/ exists"
+    # Check for config
+    if [ -f "$DC_DIR/config.yaml" ]; then
+        pass_gate "Config" "config.yaml present"
+    else
+        warn_gate "Config" "config.yaml not found"
+    fi
+    # Check for specs
+    SPEC_COUNT=$(find "$DC_DIR/specs" -name "*.feature" 2>/dev/null | wc -l | tr -d ' ')
+    if [ "$SPEC_COUNT" -gt 0 ]; then
+        pass_gate "Gherkin Specs" "$SPEC_COUNT .feature files found"
+    else
+        fail_gate "Gherkin Specs" "No .feature files in $DC_DIR/specs/"
+    fi
+    # Check for blueprint
+    BP_COUNT=$(find "$DC_DIR/blueprints" -name "*.md" 2>/dev/null | wc -l | tr -d ' ')
+    if [ "$BP_COUNT" -gt 0 ]; then
+        pass_gate "Blueprint" "$BP_COUNT blueprint(s) found"
+    else
+        warn_gate "Blueprint" "No blueprints in $DC_DIR/blueprints/"
+    fi
+    # Check estado/status
+    if [ -f "$DC_DIR/estado.md" ] || [ -f "$DC_DIR/status.md" ]; then
+        pass_gate "Status File" "Project status tracked"
+    else
+        warn_gate "Status File" "No estado.md or status.md"
+    fi
+}
+# ═══════════════════════════════════════════════════════════════
+# GATE 2: TDD COMPLIANCE
+# ═══════════════════════════════════════════════════════════════
+run_tdd_gate() {
+    echo -e "\n${BOLD}Gate 2: TDD Compliance${NC}"
+    # Check for test files
+    TEST_COUNT=0
+    for pattern in "test/" "tests/" "__tests__/" "spec/" "*_test.go" "*.test.ts" "*.test.js" "*.spec.ts" "*.spec.js" "test_*.py" "*_test.py"; do
+        COUNT=$(find . -path "./$DC_DIR" -prune -o -path "./node_modules" -prune -o \( -name "$pattern" -o -path "*/$pattern*" \) -print 2>/dev/null | wc -l | tr -d ' ')
+        TEST_COUNT=$((TEST_COUNT + COUNT))
+    done
+    if [ "$TEST_COUNT" -gt 0 ]; then
+        pass_gate "Test Files" "$TEST_COUNT test file(s) found"
+    else
+        fail_gate "Test Files" "No test files found"
+    fi
+    # Check for stub detection (// TODO, // FIXME in src)
+    STUB_COUNT=0
+    for ext in ts js py go rb java; do
+        STUBS=$(grep -rn "// TODO\|// FIXME\|# TODO\|# FIXME\|pass  #\|raise NotImplementedError" \
+            --include="*.$ext" . 2>/dev/null \
+            | grep -v node_modules | grep -v "$DC_DIR" | grep -v test | wc -l | tr -d ' ')
+        STUB_COUNT=$((STUB_COUNT + STUBS))
+    done
+    if [ "$STUB_COUNT" -eq 0 ]; then
+        pass_gate "Stub Detection" "No TODO/FIXME stubs in source code"
+    elif [ "$STUB_COUNT" -le 3 ]; then
+        warn_gate "Stub Detection" "$STUB_COUNT stub(s) found"
+    else
+        fail_gate "Stub Detection" "$STUB_COUNT stubs found — possible silent stubs"
+    fi
+}
+# ═══════════════════════════════════════════════════════════════
+# GATE 3: COVERAGE
+# ═══════════════════════════════════════════════════════════════
+run_coverage_gate() {
+    echo -e "\n${BOLD}Gate 3: Coverage${NC}"
+    # Try to find coverage report
+    COV_FILE=""
+    for f in coverage/lcov.info coverage/cobertura.xml coverage/coverage.json htmlcov/index.html coverage.xml .coverage; do
+        if [ -f "$f" ]; then
+            COV_FILE="$f"
+            break
+        fi
+    done
+    if [ -z "$COV_FILE" ]; then
+        warn_gate "Coverage Report" "No coverage report found. Run tests with coverage first."
+        return
+    fi
+    # Extract coverage percentage based on format
+    COV_PCT=0
+    case "$COV_FILE" in
+        *lcov.info)
+            LINES_HIT=$(grep -c "^DA:" "$COV_FILE" 2>/dev/null || echo 0)
+            LINES_FOUND=$(grep "^DA:" "$COV_FILE" 2>/dev/null | grep -c ",0$" || echo 0)
+            if [ "$LINES_HIT" -gt 0 ]; then
+                COV_PCT=$(( (LINES_HIT - LINES_FOUND) * 100 / LINES_HIT ))
+            fi
+            ;;
+        *cobertura.xml|*coverage.xml)
+            COV_PCT=$(grep -o 'line-rate="[0-9.]*"' "$COV_FILE" 2>/dev/null | head -1 | grep -o '[0-9.]*' | head -1 || echo 0)
+            COV_PCT=$(echo "$COV_PCT * 100" | bc 2>/dev/null | cut -d. -f1 || echo 0)
+            ;;
+        *coverage.json)
+            COV_PCT=$(python3 -c "import json; d=json.load(open('$COV_FILE')); print(int(d.get('totals',{}).get('lines',{}).get('percent',0)))" 2>/dev/null || echo 0)
+            ;;
+        *)
+            COV_PCT=0
+            ;;
+    esac
+    COVERAGE_VALUE="${COV_PCT}%"
+    if [ "$COV_PCT" -ge "$MIN_COVERAGE" ]; then
+        pass_gate "Coverage" "${COV_PCT}% >= ${MIN_COVERAGE}% minimum"
+    else
+        fail_gate "Coverage" "${COV_PCT}% < ${MIN_COVERAGE}% minimum"
+    fi
+}
+# ═══════════════════════════════════════════════════════════════
+# GATE 4: OWASP QUICK AUDIT
+# ═══════════════════════════════════════════════════════════════
+run_owasp_gate() {
+    echo -e "\n${BOLD}Gate 4: OWASP Quick Audit${NC}"
+    OWASP_ISSUES=0
+    # A01: Hardcoded secrets
+    SECRETS=$(grep -rn "password\s*=\s*['\"].\+['\"]" --include="*.py" --include="*.js" --include="*.ts" --include="*.go" --include="*.java" \
+        . 2>/dev/null | grep -v node_modules | grep -v test | grep -v "$DC_DIR" | wc -l | tr -d ' ')
+    if [ "$SECRETS" -gt 0 ]; then
+        warn_gate "A01: Hardcoded Secrets" "$SECRETS potential hardcoded passwords"
+        OWASP_ISSUES=$((OWASP_ISSUES + SECRETS))
+    fi
+    # A03: SQL Injection
+    SQLI=$(grep -rn "f\".*SELECT\|f\".*INSERT\|f\".*DELETE\|f\".*UPDATE\|\".*SELECT.*\" *%" \
+        --include="*.py" --include="*.js" --include="*.ts" . 2>/dev/null \
+        | grep -v node_modules | grep -v test | grep -v "$DC_DIR" | wc -l | tr -d ' ')
+    if [ "$SQLI" -gt 0 ]; then
+        fail_gate "A03: SQL Injection" "$SQLI potential SQL injection patterns"
+        OWASP_ISSUES=$((OWASP_ISSUES + SQLI))
+    fi
+    # A03: XSS via innerHTML/dangerouslySetInnerHTML
+    XSS=$(grep -rn "innerHTML\|dangerouslySetInnerHTML\|v-html" \
+        --include="*.js" --include="*.ts" --include="*.tsx" --include="*.jsx" --include="*.vue" . 2>/dev/null \
+        | grep -v node_modules | grep -v test | grep -v "$DC_DIR" | wc -l | tr -d ' ')
+    if [ "$XSS" -gt 0 ]; then
+        warn_gate "A03: XSS" "$XSS innerHTML/dangerouslySetInnerHTML usages"
+        OWASP_ISSUES=$((OWASP_ISSUES + XSS))
+    fi
+    # A07: .env committed
+    if [ -f ".env" ] && ! grep -q "^\.env$" .gitignore 2>/dev/null; then
+        fail_gate "A07: .env exposed" ".env file exists and is not in .gitignore"
+        OWASP_ISSUES=$((OWASP_ISSUES + 1))
+    fi
+    if [ "$OWASP_ISSUES" -eq 0 ]; then
+        pass_gate "OWASP Quick Audit" "No critical issues detected"
+    fi
+}
+# ═══════════════════════════════════════════════════════════════
+# GATE 5: CUSTOM GATES
+# ═══════════════════════════════════════════════════════════════
+run_custom_gates() {
+    echo -e "\n${BOLD}Gate 5: Custom Gates${NC}"
+    if [ ! -d "$CUSTOM_GATES_DIR" ]; then
+        echo -e "  ${CYAN}ℹ${NC} No custom gates directory ($CUSTOM_GATES_DIR)"
+        return
+    fi
+    GATE_FILES=$(find "$CUSTOM_GATES_DIR" -name "*.yml" -o -name "*.yaml" 2>/dev/null)
+    if [ -z "$GATE_FILES" ]; then
+        echo -e "  ${CYAN}ℹ${NC} No custom gate files found"
+        return
+    fi
+    for gate_file in $GATE_FILES; do
+        # Parse YAML manually (no yq dependency)
+        GATE_NAME=$(grep "^name:" "$gate_file" | sed 's/^name:\s*//' | tr -d '"' | tr -d "'")
+        GATE_TYPE=$(grep "^type:" "$gate_file" | sed 's/^type:\s*//' | tr -d '"' | tr -d "'")
+        GATE_SEVERITY=$(grep "^severity:" "$gate_file" | sed 's/^severity:\s*//' | tr -d '"' | tr -d "'")
+        GATE_PATTERN=$(grep "^pattern:" "$gate_file" | sed 's/^pattern:\s*//' | tr -d '"' | tr -d "'")
+        GATE_FILES_GLOB=$(grep "^files:" "$gate_file" | sed 's/^files:\s*//' | tr -d '"' | tr -d "'")
+        GATE_MESSAGE=$(grep "^message:" "$gate_file" | sed 's/^message:\s*//' | tr -d '"' | tr -d "'")
+        [ -z "$GATE_NAME" ] && GATE_NAME=$(basename "$gate_file" .yml)
+        [ -z "$GATE_SEVERITY" ] && GATE_SEVERITY="warn"
+        case "$GATE_TYPE" in
+            grep)
+                MATCHES=$(grep -rn "$GATE_PATTERN" --include="$(echo "$GATE_FILES_GLOB" | sed 's|.*/||')" . 2>/dev/null \
+                    | grep -v node_modules | grep -v "$DC_DIR" | wc -l | tr -d ' ')
+                if [ "$MATCHES" -gt 0 ]; then
+                    if [ "$GATE_SEVERITY" = "block" ]; then
+                        fail_gate "Custom: $GATE_NAME" "${GATE_MESSAGE:-$MATCHES matches found}"
+                    else
+                        warn_gate "Custom: $GATE_NAME" "${GATE_MESSAGE:-$MATCHES matches found}"
+                    fi
+                else
+                    pass_gate "Custom: $GATE_NAME" "No matches"
+                fi
+                ;;
+            script)
+                GATE_RUN=$(sed -n '/^run:/,/^[a-z]/p' "$gate_file" | grep -v "^run:" | grep -v "^[a-z]" | sed 's/^\s*//')
+                if [ -n "$GATE_RUN" ]; then
+                    if eval "$GATE_RUN" > /dev/null 2>&1; then
+                        pass_gate "Custom: $GATE_NAME" "Script passed"
+                    else
+                        if [ "$GATE_SEVERITY" = "block" ]; then
+                            fail_gate "Custom: $GATE_NAME" "${GATE_MESSAGE:-Script failed}"
+                        else
+                            warn_gate "Custom: $GATE_NAME" "${GATE_MESSAGE:-Script failed}"
+                        fi
+                    fi
+                fi
+                ;;
+            *)
+                warn_gate "Custom: $GATE_NAME" "Unknown gate type: $GATE_TYPE"
+                ;;
+        esac
+    done
+}
+# ═══════════════════════════════════════════════════════════════
+# MAIN
+# ═══════════════════════════════════════════════════════════════
+echo -e "${BOLD}═══════════════════════════════════════════${NC}"
+echo -e "${BOLD}  Don Cheli SDD — Quality Gates Check${NC}"
+echo -e "${BOLD}═══════════════════════════════════════════${NC}"
+echo ""
+echo -e "  Directory: ${CYAN}$DC_DIR${NC}"
+echo -e "  Gates:     ${CYAN}$GATES${NC}"
+echo -e "  Coverage:  ${CYAN}>= ${MIN_COVERAGE}%${NC}"
+should_run "spec"     && run_spec_gate
+should_run "tdd"      && run_tdd_gate
+should_run "coverage" && run_coverage_gate
+should_run "owasp"    && run_owasp_gate
+should_run "custom"   && run_custom_gates
+# ═══════════════════════════════════════════════════════════════
+# RESULTS
+# ═══════════════════════════════════════════════════════════════
+echo ""
+echo -e "${BOLD}═══════════════════════════════════════════${NC}"
+ALL_PASSED="true"
+if [ "$FAILED_GATES" -gt 0 ]; then
+    ALL_PASSED="false"
+    echo -e "${RED}${BOLD}  ❌ FAILED — $PASSED_GATES/$TOTAL_GATES gates passed ($FAILED_GATES failed, $WARNINGS warnings)${NC}"
+else
+    echo -e "${GREEN}${BOLD}  ✅ PASSED — $PASSED_GATES/$TOTAL_GATES gates passed ($WARNINGS warnings)${NC}"
+fi
+echo -e "${BOLD}═══════════════════════════════════════════${NC}"
+# Build markdown report for PR comment
+FULL_REPORT="## 🛡️ Don Cheli SDD — Quality Gates\n\n"
+if [ "$ALL_PASSED" = "true" ]; then
+    FULL_REPORT="${FULL_REPORT}**✅ All gates passed** ($PASSED_GATES/$TOTAL_GATES)\n\n"
+else
+    FULL_REPORT="${FULL_REPORT}**❌ $FAILED_GATES gate(s) failed** ($PASSED_GATES/$TOTAL_GATES passed)\n\n"
+fi
+FULL_REPORT="${FULL_REPORT}| Status | Gate | Detail |\n|--------|------|--------|\n${REPORT}\n"
+FULL_REPORT="${FULL_REPORT}---\n*Generated by [Don Cheli SDD](https://github.com/doncheli/don-cheli-sdd)*"
+# GitHub Actions outputs
+if [ -n "${GITHUB_OUTPUT:-}" ]; then
+    {
+        echo "passed=$ALL_PASSED"
+        echo "coverage=$COVERAGE_VALUE"
+        echo "gates_passed=$PASSED_GATES"
+        echo "gates_total=$TOTAL_GATES"
+        # Multiline output
+        echo "report<<ENDOFREPORT"
+        printf "%b" "$FULL_REPORT"
+        echo ""
+        echo "ENDOFREPORT"
+    } >> "$GITHUB_OUTPUT"
+fi
+# Exit code
+if [ "$ALL_PASSED" = "false" ]; then
+    exit 1
+fi