gossipcat 0.4.26 → 0.4.27

package/dist-mcp/mcp-server.js

@@ -10033,7 +10033,7 @@ function coerceStatus(raw) {
   }
   return "pending";
 }
-var import_fs9, import_crypto8, import_path10, SAFE_NAME, __SKILL_ENGINE_TEST_HOOK, VALID_STATUSES, KNOWN_CATEGORIES, CATEGORY_KEYWORDS, REQUIRED_SECTIONS, BUNDLED_TEMPLATE, SkillEngine;
+var import_fs9, import_crypto8, import_path10, SAFE_NAME, __SKILL_ENGINE_TEST_HOOK, VALID_STATUSES, TECH_STACK_MIN_DEPS, MANIFEST_HINTS, KNOWN_CATEGORIES, CATEGORY_KEYWORDS, REQUIRED_SECTIONS, BUNDLED_TEMPLATE, SkillEngine;
 var init_skill_engine = __esm({
   "packages/orchestrator/src/skill-engine.ts"() {
     "use strict";
@@ -10056,6 +10056,17 @@ var init_skill_engine = __esm({
       "silent_skill",
       "insufficient_evidence"
     ];
+    TECH_STACK_MIN_DEPS = 3;
+    MANIFEST_HINTS = [
+      ["Cargo.toml", "Rust"],
+      ["pyproject.toml", "Python"],
+      ["requirements.txt", "Python"],
+      ["go.mod", "Go"],
+      ["foundry.toml", "Solidity/Foundry"],
+      ["Move.toml", "Move/Aptos/Sui"],
+      ["Gemfile", "Ruby"],
+      ["composer.json", "PHP"]
+    ];
     KNOWN_CATEGORIES = /* @__PURE__ */ new Set([
       "trust_boundaries",
       "injection_vectors",
@@ -10356,7 +10367,7 @@ NO FIXES WITHOUT ROOT CAUSE INVESTIGATION FIRST.
           projectContext = (0, import_fs9.readFileSync)(bootstrapPath, "utf-8").slice(0, 1500);
         }
         if (this.techStackCache === void 0) {
-          this.techStackCache = await this.detectTechStack();
+          this.techStackCache = this.readTechStackOverride() ?? await this.detectTechStack();
         }
         const techStack = this.techStackCache;
         if (techStack) {
@@ -10531,6 +10542,7 @@ ${fm}
        */
       async detectTechStack() {
         const inputs = [];
+        let totalDepCount = 0;
         const pkgPaths = [(0, import_path10.join)(this.projectRoot, "package.json")];
         try {
           const packagesDir = (0, import_path10.join)(this.projectRoot, "packages");
@@ -10546,6 +10558,7 @@ ${fm}
           try {
             const pkg = JSON.parse((0, import_fs9.readFileSync)(p, "utf-8"));
             const deps = Object.keys({ ...pkg.dependencies, ...pkg.devDependencies });
+            totalDepCount += deps.length;
             if (deps.length > 0) {
               inputs.push(`${p.replace(this.projectRoot + "/", "")}: ${deps.join(", ")}`);
             }
@@ -10557,7 +10570,59 @@ ${fm}
           inputs.push(`Source dirs: ${srcDirs.join(", ") || "root"}`);
         } catch {
         }
-        if (inputs.length === 0) return null;
+        let manifestCount = 0;
+        for (const [filename, language] of MANIFEST_HINTS) {
+          if ((0, import_fs9.existsSync)((0, import_path10.join)(this.projectRoot, filename))) {
+            inputs.push(`Manifest: ${filename} (${language})`);
+            manifestCount++;
+          }
+        }
+        const READMES = ["README.md", "README", "readme.md"];
+        let readmeFound = false;
+        for (const name of READMES) {
+          const p = (0, import_path10.join)(this.projectRoot, name);
+          if ((0, import_fs9.existsSync)(p)) {
+            try {
+              const content = (0, import_fs9.readFileSync)(p, "utf-8");
+              const lines = content.split("\n").slice(0, 30).join("\n");
+              const clamped = lines.slice(0, 2e3);
+              if (clamped.trim()) {
+                inputs.push(`README (${name}, first ${Math.min(30, content.split("\n").length)} lines):
+${clamped}`);
+                readmeFound = true;
+                break;
+              }
+            } catch {
+            }
+          }
+        }
+        const EXCLUDED_DIRS = /* @__PURE__ */ new Set(["node_modules", ".git", ".gossip", "dist", "build", "out", "coverage"]);
+        const EXCLUDED_EXTS = /* @__PURE__ */ new Set([".json", ".md", ".yaml", ".yml", ".toml", ".lock", ".txt", ".xml", ".ini", ".cfg", ".env", ".gitignore", ".gitattributes", ".editorconfig", ".npmrc", ".nvmrc"]);
+        let extensionSignal = false;
+        try {
+          const entries = (0, import_fs9.readdirSync)(this.projectRoot, { withFileTypes: true });
+          const extCounts = /* @__PURE__ */ new Map();
+          for (const entry of entries) {
+            if (EXCLUDED_DIRS.has(entry.name)) continue;
+            if (entry.isFile()) {
+              const dotIdx = entry.name.lastIndexOf(".");
+              if (dotIdx > 0) {
+                const ext = entry.name.slice(dotIdx).toLowerCase();
+                if (!EXCLUDED_EXTS.has(ext)) {
+                  extCounts.set(ext, (extCounts.get(ext) ?? 0) + 1);
+                }
+              }
+            }
+          }
+          if (extCounts.size > 0) {
+            const sorted = Array.from(extCounts.entries()).sort((a, b) => b[1] - a[1]).slice(0, 10).map(([ext, count]) => `${ext}(${count})`).join(", ");
+            inputs.push(`Root file extensions: ${sorted}`);
+            extensionSignal = true;
+          }
+        } catch {
+        }
+        const hasNonNodeSignal = manifestCount > 0 || readmeFound || extensionSignal;
+        if (totalDepCount < TECH_STACK_MIN_DEPS && !hasNonNodeSignal) return null;
         try {
           const messages = [{
             role: "user",
@@ -10579,6 +10644,35 @@ ${inputs.join("\n")}
           return inputs.join("\n").slice(0, 500);
         }
       }
+      /**
+       * Reads `.gossip/tech-stack.md` as a user-authored override for tech-stack
+       * detection. Returns the file content (clamped to 2000 chars) if present and
+       * non-empty, or null to fall through to auto-detect.
+       *
+       * Operator escape hatch for non-Node host projects (Solidity, Rust, Move, etc.)
+       * where the LLM hallucinates a Node.js stack from thin npm dep signal.
+       * Cache is session-stable via techStackCache — restart the MCP server to pick
+       * up edits to this file.
+       */
+      readTechStackOverride() {
+        const overridePath = (0, import_path10.join)(this.projectRoot, ".gossip", "tech-stack.md");
+        if (!(0, import_fs9.existsSync)(overridePath)) return null;
+        try {
+          const { size } = (0, import_fs9.statSync)(overridePath);
+          if (size > 2048) {
+            process.stderr.write(`[skill-engine] tech-stack.md override is ${size} bytes, clamping to 2000 chars
+`);
+          }
+          const content = (0, import_fs9.readFileSync)(overridePath, "utf-8").slice(0, 2e3).trim();
+          if (!content) return null;
+          return content;
+        } catch (err) {
+          const msg = err instanceof Error ? err.message : String(err);
+          process.stderr.write(`[skill-engine] tech-stack.md override read failed: ${msg}
+`);
+          return null;
+        }
+      }
       loadCategoryFindings(category) {
         const filePath = (0, import_path10.join)(this.projectRoot, ".gossip", "agent-performance.jsonl");
         if (!(0, import_fs9.existsSync)(filePath)) return [];
@@ -31022,11 +31116,11 @@ var init_routes = __esm({
         }
         if (!existsSync68(reportsDir)) return { reports: [], totalReports: 0, page, pageSize, retractedConsensusIds, roundRetractions };
         try {
-          const { statSync: statSync32 } = require("fs");
+          const { statSync: statSync33 } = require("fs");
           const allFiles = readdirSync22(reportsDir).filter((f) => f.endsWith(".json")).sort((a, b) => {
             try {
-              const aTime = statSync32((0, import_path68.join)(reportsDir, a)).mtimeMs;
-              const bTime = statSync32((0, import_path68.join)(reportsDir, b)).mtimeMs;
+              const aTime = statSync33((0, import_path68.join)(reportsDir, a)).mtimeMs;
+              const bTime = statSync33((0, import_path68.join)(reportsDir, b)).mtimeMs;
               return bTime - aTime;
             } catch {
               return 0;
@@ -52109,7 +52203,7 @@ Note: write-mode classification unavailable on this native-only install \u2014 a
       } catch {
       }
       try {
-        const { readdirSync: readdirSync22, statSync: statSync32 } = await import("fs");
+        const { readdirSync: readdirSync22, statSync: statSync33 } = await import("fs");
         const { readJsonlWithRotated: readJsonlRotated1506 } = await Promise.resolve().then(() => (init_src4(), src_exports3));
         const reportsDir = (0, import_path84.join)(process.cwd(), ".gossip", "consensus-reports");
         const perfPath = (0, import_path84.join)(process.cwd(), ".gossip", "agent-performance.jsonl");
@@ -52120,7 +52214,7 @@ Note: write-mode classification unavailable on this native-only install \u2014 a
           for (const fname of readdirSync22(reportsDir)) {
             if (!fname.endsWith(".json")) continue;
             const fpath = (0, import_path84.join)(reportsDir, fname);
-            const st = statSync32(fpath);
+            const st = statSync33(fpath);
             if (now - st.mtimeMs > WINDOW_MS2) continue;
             recentReports.push({ id: fname.replace(/\.json$/, ""), mtimeMs: st.mtimeMs });
           }

package/docs/HANDBOOK.md

@@ -228,6 +228,12 @@ If `format_compliance` signals a sudden drop for an agent that was fine last rou
 
 When blocked, the error message shows age + remaining cooldown + override instruction. Pass `force: true` to bypass; every override is appended to `.gossip/forced-skill-develops.jsonl` for auditability. Chronic override patterns on an agent+category pair are a signal that the skill prompt is ineffective or `MIN_EVIDENCE` is miscalibrated for that category — investigate before reflexively forcing.
 
+### Tech-stack override
+
+Drop a `.gossip/tech-stack.md` at the project root to bypass auto-detection on `gossip_skills(action: "develop")`. Content (max 2000 chars after trim) is injected verbatim into the skill-develop prompt's `<tech_stack>` block, replacing the auto-detected description. Useful for non-Node host projects (Solidity, Rust, Move, audit workspaces) where the LLM hallucinates a Node.js stack from thin npm dep signal (issue #410, PR #411 floor + this override). Cache is session-stable — restart the MCP server to pick up edits. Empty file or read errors fall through to auto-detect (with stderr warning on errors). Files over 2 KB are clamped with a stderr warning.
+
+**Tech-stack auto-detection.** When no override is present and the npm dep count is below `TECH_STACK_MIN_DEPS=3` OR the project is non-Node, `detectTechStack` scans the project root for known manifests (Cargo.toml, pyproject.toml, requirements.txt, go.mod, foundry.toml, Move.toml, Gemfile, composer.json), the README first 30 lines / 2 KB, and a shallow file-extension census (root only, excluding `node_modules`/`.git`/`.gossip`/`dist`/`build`/`out`/`coverage`, capped at 10 extension types; config/docs extensions such as `.json`, `.md`, `.yaml`, `.toml`, `.lock` are excluded from the census since they are already captured by other signals). Any non-Node signal — manifest match, README content, or extension census — bypasses the `MIN_DEPS=3` floor so polyglot projects don't need the override file. Workspace-level manifests (e.g., `packages/contracts/foundry.toml`) are NOT scanned in this MVP; place the manifest at root or use `.gossip/tech-stack.md` for those cases.
+
 ### Verifying UNVERIFIED findings
 
 When a consensus report has `UNVERIFIED` findings (cross-reviewer couldn't check), **you must verify them yourself before presenting results**. UNVERIFIED means "the peer didn't have the tools or context to check" — you do. Read the cited files, grep for the identifiers, confirm or reject. Do not show raw consensus output with unexamined UNVERIFIED findings.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gossipcat",
-  "version": "0.4.26",
+  "version": "0.4.27",
   "description": "Multi-agent orchestration for Claude Code — parallel review, consensus, adaptive dispatch",
   "mcpName": "io.github.ataberk-xyz/gossipcat",
   "repository": {