replen 1.0.24 → 1.0.27

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -35,6 +35,16 @@ missing, stop and tell the user to run `npx replen` first.
35
35
 
36
36
  Find the user's local repositories and filter to the ones worth onboarding.
37
37
 
38
+ > **Shell portability (read before scripting the scan).** Assume macOS/zsh:
39
+ > - **BSD `sed`/`grep` reject GNU regex** like `+?` and `\|` — don't pipe remote
40
+ > URLs through `sed -E 's#…(…)?…#'`; parse `owner/name` with `basename`/`${}`
41
+ > or `git remote get-url` + a simple `cut`/parameter-expansion instead.
42
+ > - **`gh` is often shadowed** by a shell function/alias — if `gh` errors weirdly,
43
+ > call the real binary (`command gh …` or `/opt/homebrew/bin/gh`).
44
+ > - **zsh does NOT word-split unquoted vars** — build repo lists as arrays
45
+ > (`repos=(a b c); for r in $repos`), not space-strings in a `for` loop.
46
+ > Get these right up front; debugging them mid-sweep wastes cycles and looks broken.
47
+
38
48
  1. **Locate local clones.** Look in the parent directory of the cwd (sibling
39
49
  repos) and any obvious code root (`~/github`, `~/code`, `~/src`, `~/dev`).
40
50
  A repo is any directory containing `.git`.
@@ -50,26 +60,49 @@ Find the user's local repositories and filter to the ones worth onboarding.
50
60
  aegis-api, … — go, or want me to drop any?"* This is the **only** question you
51
61
  ask. Once confirmed, run the rest autonomously.
52
62
 
53
- ## Step 2Per-repo grounding (autonomous; fan out if you can)
63
+ ## Step 1.5Pre-flight: decide the MINIMUM work per repo (do NOT skip this)
54
64
 
55
- **Parallelise if your host supports it.** In Claude Code, spawn one background
56
- subagent per repo (Task tool / background agents) so the sweep runs concurrently
57
- and the user isn't blocked. If your host has no background/subagent primitive,
58
- process repos sequentially the autonomy matters more than the parallelism.
65
+ Before grounding anything, call **`replen_onboard_state`** ONCE. It returns
66
+ every repo's server-side state (`hasCapabilities`, `hasVersions`, `hasReport`).
67
+ Cross-reference each in-scope LOCAL repo against it and bucket it this is what
68
+ turns a 24-minute re-run into ~2 minutes, and a re-run should mostly be skips:
59
69
 
60
- **Idempotent + resumable.** Before working a repo, you may check whether it's
61
- already onboarded (it already has capabilities/facets). Re-running is always
62
- safe pushing again just overwrites so an interrupted sweep resumes cleanly by
63
- re-running and skipping repos already done.
70
+ - **FULL ground** not listed, or `hasCapabilities=false`. Read the code, do
71
+ the whole 2a–2e contract. (On a true cold start every repo is here — expected.)
72
+ - **VERSION-ONLY backfill**`hasCapabilities=true` but `hasVersions=false`.
73
+ Do NOT read the codebase or touch docs. Just read the lockfile + runtime pins
74
+ and call `replen_set_versions` (2e.4). Seconds per repo, no LLM-heavy read.
75
+ - **SKIP** — `hasCapabilities && hasVersions && hasReport` and the repo's
76
+ `git log -1` hasn't moved since it was last grounded. Already done; leave it.
64
77
 
65
- **"Done" includes a version report.** A repo that has capabilities but has
66
- never reported versions is NOT done give it the lightweight backfill pass:
67
- skip the doc work and re-profiling entirely, just read the lockfile + runtime
68
- pins and call `replen_set_versions` (Step 2e.4). This is how an existing
69
- portfolio gets version-aware deadlines/security awareness after upgrading
70
- Replen — a re-run backfills versions across every repo in minutes.
78
+ State the plan in one line ("12 to ground, 18 version-backfills, 3 skips") so
79
+ the user sees why it'll be fast. **A full code-read on an already-grounded repo
80
+ is wasted work the pre-flight exists to prevent exactly the 24-minute re-run.**
71
81
 
72
- For each in-scope repo, do this contract:
82
+ ## Step 2 — Per-repo grounding (autonomous; fan out if you can)
83
+
84
+ **Parallelise if your host supports it.** In Claude Code, spawn one background
85
+ subagent per repo in the FULL-ground bucket (Task tool / background agents) so
86
+ the sweep runs concurrently. Version-only backfills are cheap enough to batch
87
+ inline (no subagent needed). If your host has no subagent primitive, process
88
+ sequentially — autonomy matters more than parallelism.
89
+
90
+ **Cold-start at scale (tens → hundreds of repos).** A new user with 200 repos
91
+ must not block on a 3-hour read. Tier the work so value lands fast:
92
+ 1. **Order by recency** — ground the most-recently-committed repos first; those
93
+ are what the user is actively working on and will see footnotes for soonest.
94
+ 2. **Cap concurrency** to what the host sustains (Claude Code parallel subagents
95
+ are capped automatically; don't try to launch 200 at once — launch in waves).
96
+ 3. **Version-first option for the long tail** — for repos beyond the active set,
97
+ a version-only backfill (cheap, no code read) still turns on EOL/security/
98
+ dependency-exclusion awareness. Full capability grounding can follow lazily
99
+ (next /replen-onboard, or on first /replen in that repo). Tell the user:
100
+ "Grounding your N most-active repos now; the rest get version-aware coverage
101
+ immediately and full profiles as you work in them." Don't silently drop the tail.
102
+
103
+ **"Done" includes a version report** — covered by the VERSION-ONLY bucket above.
104
+
105
+ For each repo in the FULL-ground bucket, do this contract:
73
106
 
74
107
  ### 2a-pre. Check for an existing knowledge graph FIRST (the adapter step)
75
108
 
@@ -126,13 +159,27 @@ knowledge graph — verify instead.)
126
159
  ### 2c. Write the grounded project report
127
160
 
128
161
  Produce a comprehensive write-up of the repo — the thing you'd hand a new
129
- engineer. Cover: **what it does and for whom · the stack · the algorithms/
130
- techniques it uses and WHY · the data it operates on · how it's architected ·
131
- what it's trying to achieve · constraints/non-goals.** Ground every claim in the
132
- code (name the files/modules). Be specific about the tech, not the domain
133
- marketing. This report is the single richest grounding artifact — it's what lets
134
- Replen tell, e.g., "anomaly detection over telemetry time-series (no ML)" apart
135
- from "image-defect anomaly detection".
162
+ engineer. Cover: **the stack · the algorithms/techniques it uses and WHY · the
163
+ data it operates on (shape/modality) · how it's architected · the technical
164
+ problem it solves · constraints/non-goals.** Ground every claim in the code
165
+ (name the files/modules). Be specific about the tech, not the domain. This
166
+ report is the single richest grounding artifact — it's what lets Replen tell,
167
+ e.g., "anomaly detection over telemetry time-series (no ML)" apart from
168
+ "image-defect anomaly detection".
169
+
170
+ **Respect the cover — describe the TECH, never de-sanitize the application.**
171
+ This report leaves the machine (stored server-side as grounding), so it must
172
+ read like the repo's own public docs, not like a leak. Replen only needs the
173
+ technical capability profile — what algorithms run on what data shape — which is
174
+ modality-precise without any sensitive real-world detail. If the README/CLAUDE.md
175
+ deliberately present a sanitized framing (e.g. "urban-infrastructure
176
+ segmentation") that differs from what the code's identifiers imply, FOLLOW THE
177
+ DOCS' framing: write "semantic segmentation of overhead imagery into vector
178
+ polygons," NOT the specific real-world thing it detects or who uses it. Never
179
+ copy a sensitive internal codename, end-user, deployment, or real-world target
180
+ into the report or the descriptors — the capability is the signal; the
181
+ application is exactly what stays local. When in doubt, describe it as the
182
+ public README does.
136
183
 
137
184
  ### 2d. Derive grounded capabilities
138
185
 
@@ -151,9 +198,16 @@ specific — `cloudflare bypass`/`proxy rotation`, not just `web scraping`.
151
198
 
152
199
  ### 2e. Push to Replen
153
200
 
154
- 1. **Register** the repo if it isn't already: `npx replen sync-projects` (scans
155
- local repos and pushes them). Ensure each in-scope repo has a GitHub remote so
156
- it's scoped by `owner/name`.
201
+ 1. **Register** the repo if it isn't already. The per-repo `replen_set_tags` /
202
+ `replen_set_capabilities` push below resolves owner-tolerantly and CREATES
203
+ the project row if missing — so for the fan-out flow you usually don't need a
204
+ separate register step at all. If you do want a bulk pre-register, run
205
+ `npx replen sync-projects` **from a neutral directory like `$HOME`** (e.g.
206
+ `cd "$HOME" && npx replen sync-projects`) — NOT from inside a checkout named
207
+ `replen`, where the local package shadows the CLI and npx fails with "could
208
+ not determine executable to run". `npx replen@latest sync-projects` also
209
+ sidesteps the shadow. Ensure each repo has a GitHub remote so it scopes by
210
+ `owner/name`.
157
211
  2. **Set domain tags** with `replen_set_tags` — broad domain labels.
158
212
  3. **Set capabilities + report** with `replen_set_capabilities`, passing the
159
213
  grounded `capabilities` array AND the `report` from 2c. The server builds the
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "replen",
3
- "version": "1.0.24",
3
+ "version": "1.0.27",
4
4
  "description": "Make your AI coding tools smarter. One command, no API keys, free. Replen watches what your projects actually do and surfaces a few things worth bringing in each month. Use one as is, port a piece of another, cherry pick an idea, or build it clean room. The match happens inside your AI tool's session. A few actionable matches a month, by design.",
5
5
  "type": "module",
6
6
  "bin": {