npm - great-cto - Versions diffs - 2.20.0 → 2.22.0 - Mend

great-cto 2.20.0 → 2.22.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/bootstrap.js CHANGED Viewed

@@ -4,12 +4,13 @@ import { existsSync, mkdirSync, writeFileSync, readFileSync } from "node:fs";
 import { join } from "node:path";
 import { dim, success, warn } from "./ui.js";
 import { suggestJurisdictions } from "./jurisdictions.js";
+import { compileFlow, renderFlowMd } from "./flow.js";
 export function bootstrap(dir, detection, archetype, compliance, detectionMeta) {
     const greatCtoDir = join(dir, ".great_cto");
     const projectMd = join(greatCtoDir, "PROJECT.md");
     if (existsSync(projectMd)) {
         warn(`.great_cto/PROJECT.md already exists — not overwriting.`);
-        return { projectMdPath: projectMd, created: false, skippedReason: "already exists" };
+        return { projectMdPath: projectMd, created: false, skippedReason: "already exists", flow: null };
     }
     mkdirSync(greatCtoDir, { recursive: true });
     const title = inferProjectTitle(dir);
@@ -67,18 +68,6 @@ jurisdiction: [${jurisdictionLine}]
 > Supported codes: eu · us · us-ca · uk · in · br · au · sg
 > See docs/jurisdiction-compliance.md for what each code activates.
-## Leash
-leash:
-  tenant_id: ${slugifyTenant(title)}
-  daily_cap_usd: 10
-  session_prefix: gcto
-> \`leash.tenant_id\` is sent as \`X-LLM-Leash-Tenant-Id\` on every LLM call
-> through the proxy. Board's Security tab scopes stats to the active project
-> via this id. Change here if multiple repos share the same logical project.
-> \`session_prefix\` is prepended to auto-generated session ids so logs are
-> easy to filter across machines.
 ## Memory & Query Rule
@@ -120,7 +109,14 @@ when you actually start work:
 `;
     writeFileSync(projectMd, content, "utf-8");
     success(`created .great_cto/PROJECT.md ${dim(`(archetype: ${archetype})`)}`);
-    return { projectMdPath: projectMd, created: true, skippedReason: null };
+    // Write FLOW.md — compiled delivery flow for agents and user
+    const confidence = detectionMeta?.confidence ?? "medium";
+    const size = (detection.projectSize ?? "medium");
+    const flow = compileFlow(archetype, size, detection, compliance, confidence);
+    const flowMdPath = join(greatCtoDir, "FLOW.md");
+    const generatedAt = new Date().toISOString().slice(0, 10);
+    writeFileSync(flowMdPath, renderFlowMd(flow, generatedAt), "utf-8");
+    return { projectMdPath: projectMd, created: true, skippedReason: null, flow };
 }
 /**
  * Slugify a project title into a tenant-id safe for HTTP headers and audit

package/dist/flow.js ADDED Viewed

@@ -0,0 +1,188 @@
+// flow.ts — compiles all detection outputs into a single user-facing FlowResult.
+// Pure function: no I/O, no side effects.
+// Called by bootstrap.ts (writes FLOW.md) and main.ts (prints summary).
+import { reviewersFor, gatesFor } from "./archetypes.js";
+import { suggestPackReviewers, suggestPackGates, suggestPacks } from "./packs.js";
+import { suggestJurisdictions, suggestJurisdictionReviewers, suggestJurisdictionGates } from "./jurisdictions.js";
+// ── Human-readable titles ─────────────────────────────────────────────────
+const ARCHETYPE_TITLE = {
+    "fintech": "Fintech",
+    "healthcare": "Healthcare",
+    "enterprise-saas": "Enterprise SaaS",
+    "agent-product": "AI agent",
+    "ai-system": "AI system",
+    "mlops": "MLOps pipeline",
+    "commerce": "E-commerce",
+    "marketplace": "Marketplace",
+    "mobile-app": "Mobile app",
+    "web-service": "Web service",
+    "library": "Library / SDK",
+    "cli-tool": "CLI tool",
+    "data-platform": "Data platform",
+    "streaming": "Streaming system",
+    "infra": "Infrastructure",
+    "devtools": "Developer tool",
+    "browser-extension": "Browser extension",
+    "game": "Game",
+    "web3": "Web3 / DeFi",
+    "iot-embedded": "IoT / embedded",
+    "cms": "CMS",
+    "edtech": "EdTech",
+    "gov-public": "Government",
+    "insurance": "Insurance",
+    "regulated": "Regulated system",
+    "greenfield": "New project",
+};
+// Gate id (StandardGate) → user label
+const GATE_LABEL = {
+    "plan": "gate:plan",
+    "arch": "gate:arch",
+    "code": "gate:code",
+    "qa": "gate:qa",
+    "security": "gate:security",
+    "compliance": "gate:compliance",
+    "ship": "gate:ship",
+    "cost": "gate:cost-forecast",
+    "oracle-review": "gate:oracle-review",
+    "edtech-review": "gate:edtech-review",
+    "gov-review": "gate:gov-review",
+    "insurance-review": "gate:insurance-review",
+};
+// Cost (low, high) per feature cycle by archetype tier
+const ARCHETYPE_COST = {
+    "fintech": [8, 18],
+    "healthcare": [8, 18],
+    "agent-product": [8, 18],
+    "mlops": [8, 18],
+    "marketplace": [8, 18],
+    "enterprise-saas": [8, 18],
+    "regulated": [8, 18],
+    "edtech": [8, 18],
+    "gov-public": [8, 18],
+    "insurance": [8, 18],
+    "web3": [8, 18],
+    "commerce": [3, 8],
+    "mobile-app": [3, 8],
+    "web-service": [3, 8],
+    "data-platform": [3, 8],
+    "streaming": [3, 8],
+    "devtools": [3, 8],
+    "browser-extension": [3, 8],
+    "game": [3, 8],
+    "cms": [3, 8],
+    "ai-system": [3, 8],
+    "iot-embedded": [3, 8],
+    "infra": [3, 8],
+    "library": [0.5, 3],
+    "cli-tool": [0.5, 3],
+    "greenfield": [0.5, 3],
+};
+// ── Main export ───────────────────────────────────────────────────────────
+/**
+ * Compile all detection outputs into a single FlowResult.
+ *
+ * Pure function — no file I/O. Called by bootstrap.ts (FLOW.md) and
+ * main.ts (summary output).
+ */
+export function compileFlow(archetype, size, detection, compliance, confidence) {
+    // ── Agents ──────────────────────────────────────────────────────────────
+    const agentSet = new Set(reviewersFor(archetype));
+    for (const r of suggestPackReviewers(detection))
+        agentSet.add(r);
+    for (const r of suggestJurisdictionReviewers(detection))
+        agentSet.add(r);
+    // Always include base orchestration agents
+    agentSet.add("architect");
+    agentSet.add("senior-dev");
+    agentSet.add("qa-engineer");
+    // ── Gates ────────────────────────────────────────────────────────────────
+    const gateSet = new Set(gatesFor(archetype, size).map((g) => GATE_LABEL[g] ?? `gate:${g}`));
+    for (const g of suggestPackGates(detection))
+        gateSet.add(g);
+    for (const g of suggestJurisdictionGates(detection))
+        gateSet.add(g);
+    // ── Packs + jurisdictions for routing block ──────────────────────────────
+    const packs = suggestPacks(detection);
+    const jurisdictions = suggestJurisdictions(detection);
+    // ── Title ────────────────────────────────────────────────────────────────
+    const productLabel = ARCHETYPE_TITLE[archetype] ?? archetype;
+    const jCodes = jurisdictions
+        .slice(0, 3)
+        .map((j) => j.jurisdiction.toUpperCase())
+        .join(" + ");
+    const title = jCodes ? `${productLabel} · ${jCodes}` : productLabel;
+    // ── ID ───────────────────────────────────────────────────────────────────
+    const id = [archetype, ...jurisdictions.map((j) => j.jurisdiction)]
+        .join("-")
+        .toLowerCase();
+    // ── Cost range ────────────────────────────────────────────────────────────
+    const costEntry = ARCHETYPE_COST[archetype] ?? [3, 8];
+    const [low, high] = costEntry;
+    return {
+        id,
+        title,
+        agents: Array.from(agentSet).sort(),
+        gates: Array.from(gateSet).sort(),
+        compliance: [...new Set(compliance)].sort(),
+        costRange: { low, high },
+        routing: {
+            archetype,
+            packs: packs.map((p) => p.pack),
+            jurisdictions: jurisdictions.map((j) => j.jurisdiction),
+            confidence,
+        },
+    };
+}
+/**
+ * Render FLOW.md content from a FlowResult.
+ * Exported separately so bootstrap.ts can call it without depending on main.ts.
+ */
+export function renderFlowMd(flow, generatedAt) {
+    const agentLines = flow.agents.map((a) => `- ${a}`).join("\n");
+    const gateLines = flow.gates.map((g) => `- ${g}`).join("\n");
+    const complianceLines = flow.compliance.length > 0
+        ? flow.compliance.map((c) => `- ${c}`).join("\n")
+        : "- none";
+    const packLines = flow.routing.packs.length > 0
+        ? flow.routing.packs.join(", ")
+        : "none";
+    const jLines = flow.routing.jurisdictions.length > 0
+        ? flow.routing.jurisdictions.join(", ")
+        : "none";
+    return `# Delivery Flow
+> Auto-generated by \`great-cto init\` on ${generatedAt}.
+> This file tells agents how to orchestrate your SDLC.
+> Regenerates on \`npx great-cto init --force\`. Edit \`_routing:\` to tune.
+## Detected
+${flow.title}
+## Agents
+${agentLines}
+## Human gates
+${gateLines}
+## Compliance
+${complianceLines}
+## Cost estimate
+$${flow.costRange.low}–$${flow.costRange.high} per feature cycle
+---
+<!-- Internal routing — view with: great-cto flow explain -->
+_routing:
+  id: ${flow.id}
+  archetype: ${flow.routing.archetype}
+  packs: [${packLines}]
+  jurisdictions: [${jLines}]
+  confidence: ${flow.routing.confidence}
+`;
+}

package/dist/main.js CHANGED Viewed

@@ -18,11 +18,11 @@ import { install, findInstalledVersions } from "./installer.js";
 import { enableGreatCto } from "./settings.js";
 import { installAllCompanions } from "./companion.js";
 import { bootstrap } from "./bootstrap.js";
+import { compileFlow } from "./flow.js";
 import { shouldUseLlmFallback, suggestArchetypeFromLlm } from "./llm-fallback.js";
 import { readFileSync, copyFileSync, chmodSync, existsSync as fsExistsSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { fileURLToPath } from "node:url";
-import { homedir } from "node:os";
 function getCliVersion() {
     try {
         const here = dirname(fileURLToPath(import.meta.url));
@@ -97,8 +97,6 @@ function parseArgs(argv) {
             args.command = "webhook";
         else if (a === "report")
             args.command = "report";
-        else if (a === "leash")
-            args.command = "leash";
         else if (a === "upgrade")
             args.command = "upgrade";
         // Slash-commands surfaced as CLI subcommands so users get a clear hint
@@ -118,9 +116,7 @@ function parseArgs(argv) {
         else if (a === "--dir")
             args.dir = argv[++i] ?? args.dir;
         else if (a === "init" || a === "install" || a === "help" || a === "version") {
-            // `install` is an alias for `init`. Both run the same flow; only
-            // difference: `install` upgrades llm-leash to latest on every run,
-            // while `init` is silent-skip when already installed.
+            // `install` is an alias for `init`. Both run the same flow.
             args.command = (a === "install" ? "init" : a);
             if (a === "install") {
                 args._fromInstall = true;
@@ -358,8 +354,8 @@ function printHelp() {
     log(`${bold("great-cto")} — one-command install for the great_cto Claude Code plugin
 ${bold("Usage:")}
-  npx great-cto install [options]    Same as init; also upgrades llm-leash
-  npx great-cto [init] [options]     Detect + bootstrap; installs llm-leash if absent
+  npx great-cto install [options]    Same as init
+  npx great-cto [init] [options]     Detect + bootstrap
   npx great-cto board [--port 3141] [--no-open]
   npx great-cto register [--dir PATH]
   npx great-cto scan [path] [--severity LVL] [--scanner NAME] [--sarif FILE]
@@ -576,23 +572,26 @@ async function runInit(args) {
         }
     }
     const compliance = suggestCompliance(detection, archetype);
-    log(`  ${dim("archetype:")} ${cyan(archetype)} ${dim(`(confidence: ${confidence})`)}`);
-    log(`  ${dim("rationale:")} ${rationale}`);
-    if (alternatives.length > 0) {
-        log(`  ${dim("alternatives:")} ${alternatives.join(", ")}`);
+    // Compile flow — used for user-facing summary AND written to FLOW.md by bootstrap()
+    const compiledFlow = compileFlow(archetype, (detection.projectSize ?? "medium"), detection, compliance, confidence);
+    // ── User-facing "Compiled flow" summary ──────────────────────────────────
+    log("");
+    log(`${bold("Compiled flow:")} ${cyan(compiledFlow.title)}`);
+    log(`  ${dim("Agents:")}     ${compiledFlow.agents.join(" · ")}`);
+    log(`  ${dim("Gates:")}      ${compiledFlow.gates.join(" · ")}`);
+    if (compiledFlow.compliance.length > 0) {
+        log(`  ${dim("Compliance:")} ${compiledFlow.compliance.join(", ")}`);
     }
-    log(`  ${dim("suggested compliance:")} ${compliance.length > 0 ? compliance.join(", ") : "none"}`);
-    // v1.0.144+: ask user to confirm archetype if confidence is low
-    // OR if alternatives are present and not user-specified
+    log(`  ${dim("Cost:")}       ~$${compiledFlow.costRange.low}–$${compiledFlow.costRange.high} per feature cycle`);
+    log("");
+    // Low-confidence notice — show only when actionable
     if (!args.yes && !args.archetype && (confidence === "low" || (confidence === "medium" && alternatives.length >= 2))) {
-        log("");
-        log(`${bold("⚠ Archetype detection confidence:")} ${cyan(confidence)}`);
-        log(`  Top candidate: ${cyan(archetype)} — ${dim(rationale)}`);
+        log(`  ${yellow("⚠")} ${dim(`Detected as ${cyan(archetype)} (${confidence} confidence).`)}`);
         if (alternatives.length > 0) {
-            log(`  Alternatives:  ${alternatives.map(a => cyan(a)).join(", ")}`);
+            log(`  ${dim("Alternatives: " + alternatives.join(", "))}`);
         }
-        log(`  ${dim("If wrong, override with: --archetype " + (alternatives[0] ?? "<name>"))}`);
-        log(`  ${dim("Or edit .great_cto/PROJECT.md after install — agents read 'archetype:' field.")}`);
+        log(`  ${dim("Override: npx great-cto init --archetype <name>")}`);
+        log("");
     }
     // Confirmation
     if (!args.yes) {
@@ -796,12 +795,6 @@ async function runInit(args) {
     }
     // ── 6. install pre-push git hook ─────────────────────────
     installPrePushHook(args.dir);
-    // ── 7. install / update llm-leash (runtime governance) ───
-    // `init` is idempotent (silent skip when present). `install` always
-    // upgrades to the latest commit on llm-leash main. Both best-effort:
-    // missing git/python doesn't fail the flow.
-    const fromInstall = args._fromInstall === true;
-    await tryInstallLeash(fromInstall);
     // ── done ─────────────────────────────────────────────────
     log("");
     log(green(bold("✓ great_cto is ready.")));
@@ -847,41 +840,6 @@ function installPrePushHook(projectDir) {
         // Best-effort: hook failure must never block init
     }
 }
-/**
- * Best-effort llm-leash install — runs after bootstrap so every great-cto
- * init turns on runtime governance for free.
- *
- *   forceUpdate=false  (called from `init`)    — silent-skip if installed
- *   forceUpdate=true   (called from `install`) — git pull + reinstall
- *
- * Never throws. Opt out via env: GREAT_CTO_SKIP_LEASH=1
- */
-async function tryInstallLeash(forceUpdate = false) {
-    if (process.env.GREAT_CTO_SKIP_LEASH === "1") {
-        log(`  ${dim("skipped llm-leash install (GREAT_CTO_SKIP_LEASH=1)")}`);
-        return;
-    }
-    try {
-        const { runLeash } = await import("./leash.js");
-        const { existsSync } = await import("node:fs");
-        const installRoot = join(homedir(), ".great_cto", "llm-leash");
-        if (existsSync(installRoot)) {
-            if (forceUpdate) {
-                log(`  ${dim("updating llm-leash to latest …")}`);
-                await runLeash(["update"]);
-            }
-            else {
-                log(`  ${dim("llm-leash already installed — skipped")}`);
-            }
-            return;
-        }
-        log(`  ${dim("installing llm-leash (runtime governance) …")}`);
-        await runLeash(["install"]);
-    }
-    catch {
-        warn("llm-leash install failed — run `great-cto leash install` manually later");
-    }
-}
 async function runUpgrade(rawArgv) {
     const { upgradePlugin, upgradeAll } = await import("./upgrade.js");
     const { COMPANION_PLUGINS } = await import("./companion.js");
@@ -1039,19 +997,6 @@ async function main() {
             process.exit(2);
         }
     }
-    if (args.command === "leash") {
-        try {
-            const { runLeash } = await import("./leash.js");
-            // rawArgv[0] is "leash" — pass the rest as subcommand + flags
-            const leashArgs = rawArgv.slice(rawArgv.indexOf("leash") + 1);
-            const result = await runLeash(leashArgs);
-            process.exit(result.exitCode);
-        }
-        catch (e) {
-            error(e.message);
-            process.exit(2);
-        }
-    }
     if (args.command === "upgrade") {
         try {
             const code = await runUpgrade(rawArgv);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "great-cto",
-  "version": "2.20.0",
+  "version": "2.22.0",
   "description": "One command install for the great_cto Claude Code plugin. Auto-detects your stack, picks the right archetype, bootstraps PROJECT.md.",
   "keywords": [
     "claude-code",

package/postinstall.mjs CHANGED Viewed

@@ -1,86 +1,5 @@
 #!/usr/bin/env node
 /**
- * great-cto postinstall — best-effort one-time setup that runs when the npm
- * package is installed globally or as a dependency.
- *
- * Currently does one thing: install llm-leash (https://github.com/avelikiy/llm-leash)
- * for runtime governance — budget caps, audit log, kill switch, HITL gates.
- *
- * Design rules:
- *   - NEVER fail the npm install. All errors swallowed.
- *   - Idempotent — skips if ~/.great_cto/llm-leash already cloned.
- *   - Honors GREAT_CTO_SKIP_LEASH=1 to opt out (CI envs, restricted machines).
- *   - Skips on CI by default unless GREAT_CTO_FORCE_LEASH=1 — npm install in
- *     CI shouldn't trigger 30s of git clone + pip install per build.
- *   - Skips if `npm install` was invoked with --ignore-scripts (npm sets
- *     `npm_config_ignore_scripts=true` — actually no, it just doesn't run
- *     scripts; we can't detect it from inside).
- *   - Detached output — postinstall noise is intentional and short.
- *
- * The "real" install path remains `great-cto leash install`. This hook just
- * makes the common case (one-shot `npm install -g great-cto`) feel zero-config.
+ * great-cto postinstall — no-op placeholder.
+ * Reserved for future setup steps; currently does nothing.
  */
-import { existsSync } from 'node:fs';
-import { spawnSync } from 'node:child_process';
-import { homedir } from 'node:os';
-import path from 'node:path';
-const INSTALL_ROOT = path.join(homedir(), '.great_cto', 'llm-leash');
-function main() {
-  // ── opt-outs ─────────────────────────────────────────────────────────────
-  if (process.env.GREAT_CTO_SKIP_LEASH === '1') {
-    return; // silent
-  }
-  // Skip in CI unless explicitly forced — CI builds get no benefit from
-  // having leash installed in the runner's home dir, and the latency hurts.
-  const inCI = process.env.CI === 'true' || process.env.CI === '1';
-  if (inCI && process.env.GREAT_CTO_FORCE_LEASH !== '1') {
-    return;
-  }
-  // Already installed — fast exit
-  if (existsSync(INSTALL_ROOT)) {
-    return;
-  }
-  // Need git + python3 — bail silently if either is missing
-  if (!hasCommand('git') || !hasCommand('python3')) {
-    console.log('[great-cto] llm-leash skipped — git or python3 not on PATH');
-    console.log('[great-cto] run `great-cto leash install` later to enable runtime governance');
-    return;
-  }
-  // Locate the bundled dist/main.js — postinstall runs with cwd=package root
-  const here = path.dirname(new URL(import.meta.url).pathname);
-  const cli = path.join(here, 'dist', 'main.js');
-  if (!existsSync(cli)) {
-    return; // package built incorrectly — fail-safe
-  }
-  console.log('[great-cto] installing llm-leash for runtime governance (~30s) …');
-  console.log('[great-cto] opt out next time: GREAT_CTO_SKIP_LEASH=1 npm install -g great-cto');
-  const result = spawnSync(process.execPath, [cli, 'leash', 'install'], {
-    stdio: 'inherit',
-    timeout: 300_000,
-    env: { ...process.env, NO_COLOR: process.env.NO_COLOR || '1' },
-  });
-  if (result.status !== 0) {
-    console.log('[great-cto] llm-leash install hit an issue — run `great-cto leash install` later');
-  }
-}
-function hasCommand(cmd) {
-  try {
-    const r = spawnSync(cmd, ['--version'], { stdio: 'ignore', timeout: 3000 });
-    return r.status === 0;
-  } catch {
-    return false;
-  }
-}
-try { main(); } catch { /* never fail npm install */ }