forge-orkes 0.42.0 → 0.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (35) hide show
  1. package/bin/create-forge.js +138 -1
  2. package/package.json +1 -1
  3. package/template/.claude/agents/doc-reviewer.md +115 -0
  4. package/template/.claude/agents/performance-reviewer.md +138 -0
  5. package/template/.claude/agents/security-reviewer.md +163 -0
  6. package/template/.claude/hooks/README.md +39 -0
  7. package/template/.claude/hooks/block-dangerous-commands.sh +158 -0
  8. package/template/.claude/hooks/forge-active-skill-guard.sh +44 -0
  9. package/template/.claude/hooks/forge-reserve.sh +162 -0
  10. package/template/.claude/hooks/format-on-save.sh +95 -0
  11. package/template/.claude/hooks/protect-files.sh +101 -0
  12. package/template/.claude/hooks/scan-secrets.sh +87 -0
  13. package/template/.claude/hooks/tests/README.md +76 -0
  14. package/template/.claude/hooks/tests/cases/block-dangerous-commands.cases.json +376 -0
  15. package/template/.claude/hooks/tests/cases/protect-files.cases.json +222 -0
  16. package/template/.claude/hooks/tests/cases/scan-secrets.cases.json +218 -0
  17. package/template/.claude/hooks/tests/cases/warn-large-files.cases.json +146 -0
  18. package/template/.claude/hooks/tests/forge-reserve.test.sh +121 -0
  19. package/template/.claude/hooks/tests/run.sh +118 -0
  20. package/template/.claude/hooks/warn-large-files.sh +71 -0
  21. package/template/.claude/rules/README.md +63 -0
  22. package/template/.claude/rules/agent-discipline.md +14 -0
  23. package/template/.claude/settings.json +69 -1
  24. package/template/.claude/skills/architecting/SKILL.md +1 -1
  25. package/template/.claude/skills/chief-of-staff/SKILL.md +14 -0
  26. package/template/.claude/skills/executing/SKILL.md +16 -0
  27. package/template/.claude/skills/forge/SKILL.md +12 -1
  28. package/template/.claude/skills/initializing/SKILL.md +4 -0
  29. package/template/.claude/skills/planning/SKILL.md +14 -2
  30. package/template/.claude/skills/reviewing/SKILL.md +2 -0
  31. package/template/.claude/skills/verifying/SKILL.md +19 -8
  32. package/template/.forge/FORGE.md +32 -15
  33. package/template/.forge/migrations/0.43.0-safety-policy.md +60 -0
  34. package/template/.forge/migrations/0.44.0-desire-paths.md +57 -0
  35. package/template/.forge/migrations/0.46.0-id-reservation-ledger.md +44 -0
@@ -0,0 +1,60 @@
1
+ # Migration Guide: Safety & Policy Hardening (Forge 0.43.0)
2
+
3
+ Forge 0.43.0 adds two layers ported from a comparison against the Sendmarc internal framework:
4
+
5
+ - **[ADR-017](https://github.com/Attuned-Media/forge/blob/main/docs/decisions/ADR-017-deterministic-safety-guardrails.md)** — deterministic safety-guardrail hooks (`block-dangerous-commands`, `scan-secrets`, `protect-files`, `warn-large-files`), `format-on-save`, `permissions.deny` for secrets, and a hook test harness.
6
+ - **[ADR-018](https://github.com/Attuned-Media/forge/blob/main/docs/decisions/ADR-018-lightweight-policy-layer.md)** — the `.claude/rules/` layer (always-on `agent-discipline` rule), confidence-gated specialist reviewer agents, and an opt-in `experimental/conventions/` pack.
7
+
8
+ **Mostly automatic, backward-compatible.** Running `npx forge-orkes@latest upgrade` does the heavy lifting: it additively installs the guardrail hooks and the always-on rule, syncs the specialist agents, and merges the hook wiring + `deny` globs into your `settings.json` — **without** removing any hooks/rules you added (m10's `forge-claim-check` and pack-installed stack rules are preserved). Nothing breaks if you do nothing; the guardrails simply aren't active until the settings carry them.
9
+
10
+ ## Detection
11
+
12
+ Prints `MIGRATE` when the project is missing the safety hooks. Silent + exit 0 once present.
13
+
14
+ ```bash
15
+ [ -d .forge ] || exit 0 # not a Forge project
16
+ [ -f .claude/hooks/block-dangerous-commands.sh ] && exit 0 # already migrated → silent
17
+ echo "MIGRATE — run 'npx forge-orkes@latest upgrade' to install the safety guardrails (ADR-017) + rules layer (ADR-018)"
18
+ exit 0
19
+ ```
20
+
21
+ ## Migration steps
22
+
23
+ ### 1. Upgrade
24
+
25
+ ```bash
26
+ npx forge-orkes@latest upgrade
27
+ ```
28
+
29
+ This installs/refreshes `.claude/hooks/` (guardrails + `tests/`), adds `.claude/rules/agent-discipline.md`, syncs the `security/performance/doc-reviewer` agents, `chmod +x`'s the hook scripts, and additively merges the hook groups + secret-`deny` globs into `.claude/settings.json` (idempotent — safe to re-run).
30
+
31
+ ### 2. Ensure `jq` is installed
32
+
33
+ The guard hooks parse tool JSON with `jq` and **fail closed** (block with an install message) without it. It is already a Forge prerequisite:
34
+
35
+ ```bash
36
+ jq --version || brew install jq # macOS
37
+ jq --version || sudo apt install jq # Debian/Ubuntu
38
+ ```
39
+
40
+ ### 3. Verify
41
+
42
+ ```bash
43
+ .claude/hooks/tests/run.sh # hook test suite — expect all green
44
+ ls -l .claude/hooks/*.sh # expect -rwxr-xr-x (executable)
45
+ ```
46
+
47
+ If the scripts aren't executable (a copy can strip the bit): `chmod +x .claude/hooks/*.sh`.
48
+
49
+ ## Notes & opt-outs
50
+
51
+ - **Protected-branch pushes are blocked by default** (`main`, `master`, + `git init.defaultBranch`). If a repo legitimately commits to `main`, set `CLAUDE_PROTECTED_BRANCHES=""` (empty) in your shell or `settings.json` `env` to disable *that check only* — force-push/filesystem/db/publish guards stay on. Add extra branches with `CLAUDE_PROTECTED_BRANCHES="main,develop,staging"`.
52
+ - **Editing hooks/settings** is blocked/prompted by `protect-files`. In a project you re-sync hooks via `/upgrading`, not by hand. To author them deliberately, set `FORGE_ALLOW_HOOK_EDITS=1`.
53
+ - **Describing a dangerous command in a commit message** (e.g. the literal text `git push --force`) can trip `block-dangerous-commands`, since it greps the whole Bash command string. Reword, or approve the override.
54
+ - **Opt-in stack conventions:** if your project is Laravel/PHP, Python, or Vue, install the convention skills + path-scoped rules deliberately — they are not in the base template (Forge core is stack-agnostic):
55
+ ```bash
56
+ bash experimental/conventions/install.sh # all stacks
57
+ bash experimental/conventions/install.sh laravel # one stack
58
+ ```
59
+ (Delivered via the dev repo / `upgrading` experimental route, like m10 — not the npm tarball.)
60
+ - **Specialist reviewers** are optional depth — the `reviewing` skill can spawn them for high-risk diffs, or invoke `security-reviewer` / `performance-reviewer` / `doc-reviewer` directly. The 3-mode `reviewer` is unchanged.
@@ -0,0 +1,57 @@
1
+ # Migration Guide: Desire-Path Hardening (Forge 0.44.0)
2
+
3
+ Forge 0.44.0 batches six desire-path framework fixes (forge#11–#16) surfaced from real multi-worktree usage. **It is backward-compatible** — five of the six are skill/prose behaviour changes that take effect the moment the framework files are synced, with nothing to migrate per project. The only mechanical change is the active-skill PreToolUse hook (forge#12), and `npx forge-orkes upgrade` applies it for you.
4
+
5
+ ## What changed (no action needed)
6
+
7
+ - **#11** — the ID Reservation Protocol is now a **blocking gate** in `planning`/`architecting`, plus a new `forge` boot preflight (absent-`reservations.yml` nudge + un-reserved-ID backfill scan). Advisory; surfaces, never blocks.
8
+ - **#13** — checkpoint publish (`verifying`) gains a **strand guard**: it pushes `origin HEAD:main` only when local `main` is an ancestor of the worktree HEAD, so a checkpoint can't leave your canonical main diverged. `forge` boot now also fast-forwards the **primary** main checkout from origin after a checkpoint.
9
+ - **#14** — `executing` Step 0 now inits git submodules for worktrees from **any** origin (not just `orchestrating`-created ones) before the first build.
10
+ - **#15** — `chief-of-staff` gains **Exclusive Resource Leases** (device/port/singleton) and `verifying`'s device gate acquires/releases them.
11
+ - **#16** — `planning` adds a block-anchored **overlay/popover must_have checklist**.
12
+
13
+ These ride in on the skill files synced by the upgrade. No per-project state changes.
14
+
15
+ ## The one mechanical change (auto-applied): active-skill hook (#12)
16
+
17
+ The inline PreToolUse(Write\|Edit) "No active skill" guard in `.claude/settings.json` is replaced by `.claude/hooks/forge-active-skill-guard.sh`, which also allows edits when a milestone is durably `current.status: executing` (so a cleared marker no longer blocks a legitimate executing session). On upgrade, `create-forge.js` **strips the legacy inline guard** from your `settings.json` and the additive hooks sync installs + `chmod +x`'s the new script. Idempotent — re-running upgrade is a no-op.
18
+
19
+ ## Detection
20
+
21
+ Prints `MIGRATE` only if a project still carries the **legacy inline** active-skill guard in `settings.json` (i.e. the new installer hasn't run yet). Silent + exit 0 once migrated.
22
+
23
+ ```bash
24
+ [ -d .forge ] || exit 0 # not a Forge project
25
+ [ -f .claude/settings.json ] || exit 0 # no settings → nothing to migrate
26
+ if grep -q 'if \[ ! -f' .claude/settings.json && grep -q 'No active skill' .claude/settings.json; then
27
+ echo "MIGRATE — settings.json still has the inline active-skill guard; re-run 'npx forge-orkes upgrade' to install forge-active-skill-guard.sh (forge#12)"
28
+ fi
29
+ exit 0
30
+ ```
31
+
32
+ ## Manual migration (only if Detection prints MIGRATE)
33
+
34
+ Normally unnecessary — the installer does this. If you hand-merge settings, replace the inline `PreToolUse` "Write|Edit" guard command:
35
+
36
+ ```
37
+ if [ ! -f "$(git rev-parse --show-toplevel 2>/dev/null)/.forge/.active-skill" ]; then echo "[Forge] No active skill. ..." >&2; exit 2; fi
38
+ ```
39
+
40
+ with the script call, and ensure the script is present + executable:
41
+
42
+ ```bash
43
+ # In .claude/settings.json, the PreToolUse Write|Edit hook command becomes:
44
+ # bash "$CLAUDE_PROJECT_DIR/.claude/hooks/forge-active-skill-guard.sh"
45
+ chmod +x .claude/hooks/forge-active-skill-guard.sh
46
+ git add .claude/settings.json .claude/hooks/forge-active-skill-guard.sh
47
+ git commit -m "chore(forge): migrate active-skill guard to script (0.44.0, forge#12)"
48
+ ```
49
+
50
+ ## Validation
51
+
52
+ ```bash
53
+ [ -x .claude/hooks/forge-active-skill-guard.sh ] && echo "OK: guard script present + executable" || echo "FAIL: guard script missing/not executable"
54
+ grep -q 'forge-active-skill-guard.sh' .claude/settings.json && echo "OK: settings wired to script" || echo "FAIL: settings not wired"
55
+ grep -q 'if \[ ! -f' .claude/settings.json && echo "WARN: legacy inline guard still present" || echo "OK: legacy inline guard removed"
56
+ echo "validation complete"
57
+ ```
@@ -0,0 +1,44 @@
1
+ # Migration Guide: ID Reservation Ledger in the Git Common Dir (Forge 0.46.0)
2
+
3
+ Forge 0.46.0 moves the ID-reservation **coordination point** from the branch-tracked `.forge/reservations.yml` to a **machine-local ledger in the git common dir** — `.git/forge/id-reservations` — written by a new `forge-reserve` POSIX-sh helper. This fixes the cross-worktree collisions ADR-016 could not (a reservation on an unmerged branch is invisible to sibling worktrees, which share `.git`, not branches). See [ADR-021](../../docs/decisions/ADR-021-id-reservation-ledger-git-common-dir.md) (supersedes ADR-016) and [issue #19](https://github.com/Attuned-Media/forge/issues/19).
4
+
5
+ **It is backward-compatible and zero-touch.** The helper is installed + `chmod +x`'d by the upgrade's additive hooks sync. The ledger self-creates on the **first** `forge-reserve` run, seeded implicitly by the allocation `max()` (which reads in-tree IDs + `main:.forge/reservations.yml`). Your existing `reservations.yml` is untouched and still respected as a `max()` input. A project that never runs concurrent worktrees sees no behavior change and needs no action.
6
+
7
+ ## What changed (no action needed)
8
+
9
+ - **`forge-reserve` helper** allocates the next `ADR/DEF/FR/NFR` number under a portable `mkdir` lock and prints it on stdout; `planning` (fr/nfr/def) and `architecting` (adr) now call it instead of hand-scanning.
10
+ - **Allocation is `max(ledger ∪ in-tree ∪ main:reservations.yml) + 1`** per kind — the ledger gives same-machine worktrees authority (including *uncommitted* siblings), while `main:reservations.yml` remains the durable cross-machine floor.
11
+ - **`reservations.yml` is reclassified** from the coordination mechanism to a **durable audit trail + cross-machine floor**, still committed with your work by the helper.
12
+
13
+ These take effect the moment the framework files are synced. No per-project state changes.
14
+
15
+ ## Detection
16
+
17
+ Prints `MIGRATE` only if a project predates the helper (has `.forge/` but no `forge-reserve.sh`). Silent + exit 0 once the helper is present.
18
+
19
+ ```bash
20
+ [ -d .forge ] || exit 0 # not a Forge project
21
+ [ -f .claude/hooks/forge-reserve.sh ] && exit 0 # helper present → already migrated, silent
22
+ echo "MIGRATE — ID reservation now uses .git/forge/id-reservations via forge-reserve; run 'npx forge-orkes upgrade' to install the helper (ADR-021, issue #19)"
23
+ exit 0
24
+ ```
25
+
26
+ ## Migration steps (normally none)
27
+
28
+ The upgrade installs the helper; the ledger self-creates on first reserve. Two optional cleanups:
29
+
30
+ - **Backfill un-reserved IDs (recommended for concurrent-worktree projects).** `forge` boot's ID-reservation preflight lists landed `ADR-`/`FR-`/`NFR-`/`DEF-` IDs that have no `reservations.yml` entry. Appending them keeps `main:reservations.yml` a complete floor.
31
+ - **ADR location caveat.** `forge-reserve`'s in-tree ADR scan reads `docs/decisions/ADR-NNN*` (per ADR-021). Projects that keep ADRs under **`.forge/decisions/`** should ensure those ADRs are represented in `reservations.yml` (via the backfill above) so the `main:reservations.yml` floor covers them — the ledger + floor still prevent collisions, but the in-tree ADR *input* won't see a `.forge/decisions/` file directly.
32
+
33
+ ## Cross-machine caveat (accepted)
34
+
35
+ The ledger is machine-local (like the integration flag). Two *concurrent* worktrees on *different* laptops, both reserving before either merges, still fall back to merge-time renumber — bounded by the `main:reservations.yml` floor, so no worse than ADR-016. Tracked as DEF-046 (land-time detector deferred).
36
+
37
+ ## Validation
38
+
39
+ ```bash
40
+ [ -x .claude/hooks/forge-reserve.sh ] && echo "OK: forge-reserve present + executable" || echo "FAIL: helper missing/not executable"
41
+ id=$(.claude/hooks/forge-reserve.sh fr --milestone m-smoke --summary "migration smoke") && echo "OK: allocated $id" || echo "FAIL: forge-reserve did not run"
42
+ # revert the smoke reservation: drop the last reservations.yml block + the ledger line for $id
43
+ echo "validation complete"
44
+ ```