prjct-cli 2.21.0 → 2.21.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +24 -40
- package/dist/bin/prjct-core.mjs +288 -288
- package/dist/daemon/entry.mjs +202 -202
- package/dist/mcp/server.mjs +36 -36
- package/package.json +1 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,56 +1,40 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
-
## [2.21.
|
|
3
|
+
## [2.21.1] - 2026-05-18
|
|
4
4
|
|
|
5
|
-
###
|
|
5
|
+
### Bug Fixes
|
|
6
6
|
|
|
7
|
-
-
|
|
7
|
+
- route all remaining os.homedir()/.prjct-cli sites through pathManager (#344)
|
|
8
|
+
- optimistic CAS on StorageManager.update() — close the lost-update data race (#346)
|
|
9
|
+
- gate workflow rules ingested from repo markdown (close clone-to-RCE) (#345)
|
|
8
10
|
|
|
9
11
|
|
|
10
|
-
## [
|
|
12
|
+
## [Unreleased]
|
|
11
13
|
|
|
12
|
-
|
|
14
|
+
## [2.21.0] - 2026-05-17
|
|
13
15
|
|
|
14
|
-
|
|
16
|
+
### Features
|
|
15
17
|
|
|
18
|
+
- **`prjct review-risk [--md]`** — advisory size/delivery-geometry signal (minimal cut of harnesses #18/19/20). Reads the committed changeset vs the merge-base with the default branch (`git diff --shortstat`), derives a size tier (trivial/normal/large) and suggests a delivery geometry (`direct`/`single`/`split`, with the touched top-level dirs as natural split lines). Read-only/Tier-1 (retro/health shape); never gates, never splits, never mutates git; graceful no-signal when there is no base or nothing committed. (#340)
|
|
16
19
|
|
|
17
|
-
## [
|
|
20
|
+
## [2.20.2] - 2026-05-17
|
|
18
21
|
|
|
19
22
|
### Added
|
|
20
23
|
|
|
21
|
-
- **Architecture guard: SQLite connection factory is now an enforced invariant.** `openDatabase()` in `core/storage/database/sqlite-compat.ts` already baked the daemon-safety PRAGMAs (`journal_mode=WAL`, `busy_timeout=5000`) into every connection, but nothing stopped a future caller from doing a raw `new Database(...)` / `require('bun:sqlite')` / `require('better-sqlite3')` and silently bypassing them — the open half of the HIGH-severity daemon-vs-CLI write-lock anti-pattern. New `core/__tests__/storage/sqlite-factory-guard.test.ts` scans `core/` + `bin/` and fails CI if any file outside the sanctioned factory acquires a driver, and separately asserts the factory keeps both PRAGMAs. Closes the anti-pattern by moving it from convention to enforced. No runtime code change.
|
|
22
|
-
- **`prjct review-risk [--md]`** — advisory size/delivery-geometry signal (minimal cut of harnesses #18/19/20). Reads the committed changeset vs the merge-base with the default branch (`git diff --shortstat`), derives a size tier (trivial/normal/large) and suggests a delivery geometry (`direct`/`single`/`split`, with the touched top-level dirs as natural split lines). Read-only/Tier-1 (retro/health shape); never gates, never splits, never mutates git; graceful no-signal when there is no base or nothing committed.
|
|
23
|
-
|
|
24
|
-
## [2.20.1] - 2026-05-17
|
|
24
|
+
- **Architecture guard: SQLite connection factory is now an enforced invariant.** `openDatabase()` in `core/storage/database/sqlite-compat.ts` already baked the daemon-safety PRAGMAs (`journal_mode=WAL`, `busy_timeout=5000`) into every connection, but nothing stopped a future caller from doing a raw `new Database(...)` / `require('bun:sqlite')` / `require('better-sqlite3')` and silently bypassing them — the open half of the HIGH-severity daemon-vs-CLI write-lock anti-pattern. New `core/__tests__/storage/sqlite-factory-guard.test.ts` scans `core/` + `bin/` and fails CI if any file outside the sanctioned factory acquires a driver, and separately asserts the factory keeps both PRAGMAs. Closes the anti-pattern by moving it from convention to enforced. No runtime code change. (#342)
|
|
25
25
|
|
|
26
26
|
### Bug Fixes
|
|
27
27
|
|
|
28
|
-
- skill
|
|
29
|
-
|
|
28
|
+
- skill routing triages complexity FIRST — spec is the exception, not the default (v2.20.1) (#341)
|
|
30
29
|
|
|
31
|
-
## [
|
|
30
|
+
## [2.20.1] - 2026-05-17
|
|
32
31
|
|
|
33
32
|
### Fixed
|
|
34
33
|
|
|
35
|
-
- **skill-miss-detector no longer false-positives after a crew run (#16 follow-up).** Crew implementer/reviewer run as isolated subagents in the *shared* working tree, so at the leader's Stop hook `getModifiedFiles()` saw their edits and path-overlap relevance fired — but the leader transcript never carries the memory references the subagent made in its own isolated transcript, producing a false skill-miss nag for every crew-touched file. Fix: `detectSkillMisses` collects the `files_touched` of crew runs whose `ended_at` is within `CREW_RUN_RECENCY_MS` (6h) via `crewRunStorage.list` and excludes them from path-overlap relevance; token-overlap detection stays active so non-crew work in the same session is still covered. Crew itself is unchanged (it was architecturally correct). Best-effort — any failure degrades to prior behavior. Tests: `core/__tests__/services/skill-miss-detector.test.ts`.
|
|
36
|
-
|
|
37
|
-
## [2.20.0] - 2026-05-17
|
|
38
|
-
|
|
39
|
-
### Features
|
|
40
|
-
|
|
41
|
-
- Skill Resolution Feedback (#16) — skill-miss detector + improvement-signals widening + prjct skill-adherence (v2.19.9) (#338)
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
## [2.19.9] - 2026-05-16
|
|
45
|
-
|
|
46
|
-
### Bug Fixes
|
|
47
|
-
|
|
48
|
-
- strictly-monotonic updated_at so the CAS token can't collide (#337)
|
|
49
|
-
|
|
34
|
+
- **skill-miss-detector no longer false-positives after a crew run (#16 follow-up) (#339).** Crew implementer/reviewer run as isolated subagents in the *shared* working tree, so at the leader's Stop hook `getModifiedFiles()` saw their edits and path-overlap relevance fired — but the leader transcript never carries the memory references the subagent made in its own isolated transcript, producing a false skill-miss nag for every crew-touched file. Fix: `detectSkillMisses` collects the `files_touched` of crew runs whose `ended_at` is within `CREW_RUN_RECENCY_MS` (6h) via `crewRunStorage.list` and excludes them from path-overlap relevance; token-overlap detection stays active so non-crew work in the same session is still covered. Crew itself is unchanged (it was architecturally correct). Best-effort — any failure degrades to prior behavior. Tests: `core/__tests__/services/skill-miss-detector.test.ts`.
|
|
50
35
|
|
|
51
|
-
## [Unreleased]
|
|
52
36
|
|
|
53
|
-
## [2.
|
|
37
|
+
## [2.20.0] - 2026-05-17
|
|
54
38
|
|
|
55
39
|
### Added
|
|
56
40
|
|
|
@@ -64,6 +48,12 @@
|
|
|
64
48
|
### Fixed
|
|
65
49
|
- **`getProjectId` no longer silently mints a random orphan project.** Root cause: `ConfigManager.getProjectId()` fell through to `pathManager.generateProjectId()` (`crypto.randomUUID()`) whenever `readConfig()` returned null, so any path-resolution miss (daemon resolving the wrong cwd, config transiently unreadable, case-variant path) forked a brand-new project and scattered specs/memory across ghost projects with no error surfaced. Now returns `''` — the falsy sentinel 31/32 call sites already guard with `if (!projectId)` → callers fail loud ("run prjct init") instead of writing into a random new project. Only explicit `prjct init` (`createConfig`) mints. Regression test: `core/__tests__/infrastructure/config-manager-getprojectid.test.ts`.
|
|
66
50
|
|
|
51
|
+
## [2.19.9] - 2026-05-16
|
|
52
|
+
|
|
53
|
+
### Bug Fixes
|
|
54
|
+
|
|
55
|
+
- strictly-monotonic updated_at so the CAS token can't collide (#337)
|
|
56
|
+
|
|
67
57
|
## [2.19.8] - 2026-05-14
|
|
68
58
|
|
|
69
59
|
Crew-mode persistence v7 (spec a50b32d1). SQLite becomes the single source of truth for crew runs, team enrollment, and checkpoint customization. Disk mirrors exist only where an external read contract demands one (the pre-commit hook).
|
|
@@ -180,15 +170,7 @@ Crew-mode persistence v7 (spec a50b32d1). SQLite becomes the single source of tr
|
|
|
180
170
|
|
|
181
171
|
## [2.15.0] - 2026-05-03
|
|
182
172
|
|
|
183
|
-
### Features
|
|
184
|
-
|
|
185
|
-
- prjct as a Spec-Driven Development system (#318)
|
|
186
|
-
- self-heal prjct SKILL.md on every CLI invocation (#317)
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
## [Unreleased]
|
|
190
|
-
|
|
191
|
-
### Features — SDD: Spec-Driven Development
|
|
173
|
+
### Features — SDD: Spec-Driven Development (#318)
|
|
192
174
|
|
|
193
175
|
prjct now ships an end-to-end SDD primitive. The canonical sequence is `spec → audit-spec → task --spec → implement → ship (acceptance gate) → remember learning`.
|
|
194
176
|
|
|
@@ -201,6 +183,8 @@ prjct now ships an end-to-end SDD primitive. The canonical sequence is `spec →
|
|
|
201
183
|
- **Skill body** — Claude is taught the SDD canonical sequence and the `spec` / `audit-spec` verbs in the intent map. The skill body's verb intent map now leads with `spec` for substantive work; `task` is the right call for routine work that doesn't deserve a spec.
|
|
202
184
|
- **Templates** — `templates/spec-template.md`, `templates/spec-reviewer-rubrics/{strategic,architecture,design}.md`, `templates/sdd-canonical-sequence.md`. Old `templates/planning-methodology.md` renamed to `planning-methodology-deep.md` (retained but de-defaulted).
|
|
203
185
|
|
|
186
|
+
- self-heal prjct SKILL.md on every CLI invocation (#317)
|
|
187
|
+
|
|
204
188
|
### Schema
|
|
205
189
|
|
|
206
190
|
- Migration 16 adds the `specs` table and the `tasks.linked_spec_id` column. Additive — existing memory and tasks unaffected.
|