shipwright-cli 2.3.1 → 3.0.0

package/scripts/sw-pm.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # ─── Cross-platform compatibility ──────────────────────────────────────────
@@ -32,16 +32,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── PM History Storage ──────────────────────────────────────────────────────
 PM_HISTORY="${HOME}/.shipwright/pm-history.json"
 
@@ -224,7 +214,7 @@ recommend_team() {
         if [[ -n "$issue_title" ]]; then
             local recruit_result
             recruit_result=$(bash "$SCRIPT_DIR/sw-recruit.sh" team --json "$issue_title" 2>/dev/null) || true
-            if [[ -n "$recruit_result" ]] && echo "$recruit_result" | jq -e '.team' &>/dev/null 2>&1; then
+            if [[ -n "$recruit_result" ]] && echo "$recruit_result" | jq -e '.team' >/dev/null 2>&1; then
                 local recruit_roles recruit_model recruit_agents recruit_cost
                 recruit_roles=$(echo "$recruit_result" | jq -r '.team | join(",")')
                 recruit_model=$(echo "$recruit_result" | jq -r '.model // "sonnet"')

package/scripts/sw-pr-lifecycle.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -26,24 +26,6 @@ if [[ "$(type -t now_iso 2>/dev/null)" != "function" ]]; then
   now_iso()   { date -u +"%Y-%m-%dT%H:%M:%SZ"; }
   now_epoch() { date +%s; }
 fi
-if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
-  emit_event() {
-    local event_type="$1"; shift; mkdir -p "${HOME}/.shipwright"
-    local payload="{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"type\":\"$event_type\""
-    while [[ $# -gt 0 ]]; do local key="${1%%=*}" val="${1#*=}"; payload="${payload},\"${key}\":\"${val}\""; shift; done
-    echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
-  }
-fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Configuration Helpers ──────────────────────────────────────────────────
 
 get_pr_config() {
@@ -56,13 +38,38 @@ get_pr_config() {
 
 get_pr_info() {
     local pr_number="$1"
-    gh pr view "$pr_number" --json number,title,body,state,headRefName,baseRefName,statusCheckRollup,reviews,commits,createdAt,updatedAt 2>/dev/null || return 1
+    gh pr view "$pr_number" --json number,title,body,state,headRefName,baseRefName,statusCheckRollup,reviews,commits,createdAt,updatedAt,headRefOid 2>/dev/null || return 1
+}
+
+get_pr_head_sha() {
+    local pr_number="$1"
+    gh pr view "$pr_number" --json headRefOid --jq '.headRefOid' 2>/dev/null || return 1
 }
 
 get_pr_checks_status() {
     local pr_number="$1"
     # Returns: success, failure, pending, or unknown
-    gh pr checks "$pr_number" 2>/dev/null | jq -r '.[] | select(.status == "completed") | .conclusion' | sort | uniq -c | sort -rn | head -1 || echo "unknown"
+    # gh pr checks requires --json flag to produce JSON output
+    local checks_json
+    checks_json=$(gh pr checks "$pr_number" --json name,state,conclusion 2>/dev/null || echo "[]")
+
+    # Handle empty or non-JSON response
+    if [[ -z "$checks_json" ]] || ! echo "$checks_json" | jq empty 2>/dev/null; then
+        echo "unknown"
+        return
+    fi
+
+    local total failed pending
+    total=$(echo "$checks_json" | jq 'length' 2>/dev/null || echo "0")
+    [[ "$total" -eq 0 ]] && { echo "unknown"; return; }
+
+    failed=$(echo "$checks_json" | jq '[.[] | select(.conclusion == "FAILURE" or .conclusion == "failure")] | length' 2>/dev/null || echo "0")
+    [[ "$failed" -gt 0 ]] && { echo "failure"; return; }
+
+    pending=$(echo "$checks_json" | jq '[.[] | select(.state == "PENDING" or .state == "QUEUED" or .state == "IN_PROGRESS")] | length' 2>/dev/null || echo "0")
+    [[ "$pending" -gt 0 ]] && { echo "pending"; return; }
+
+    echo "success"
 }
 
 has_merge_conflicts() {
@@ -95,6 +102,144 @@ get_pr_originating_issue() {
     echo "$body" | grep -oiE '(closes|fixes|resolves) #[0-9]+' | grep -oE '[0-9]+' | head -1
 }
 
+# ─── Current-Head SHA Discipline ─────────────────────────────────────────────
+# All check results and review approvals MUST correspond to the current PR head
+# SHA. Stale evidence from older commits is never trusted. This is the single
+# most important safety invariant in the Code Factory pattern.
+
+validate_checks_for_head_sha() {
+    local pr_number="$1"
+    local head_sha="$2"
+
+    if [[ -z "$head_sha" ]]; then
+        error "No head SHA provided — cannot validate check freshness"
+        return 1
+    fi
+
+    local short_sha="${head_sha:0:7}"
+
+    # Get check runs for the current head SHA
+    local owner_repo
+    owner_repo=$(gh repo view --json nameWithOwner --jq '.nameWithOwner' 2>/dev/null || echo "")
+    if [[ -z "$owner_repo" ]]; then
+        warn "Could not detect repo — skipping SHA discipline check"
+        return 0
+    fi
+
+    local check_runs
+    check_runs=$(gh api "repos/${owner_repo}/commits/${head_sha}/check-runs" --jq '.check_runs' 2>/dev/null || echo "[]")
+
+    local total_checks
+    total_checks=$(echo "$check_runs" | jq 'length' 2>/dev/null || echo "0")
+
+    if [[ "$total_checks" -eq 0 ]]; then
+        warn "No check runs found for head SHA ${short_sha}"
+        return 0
+    fi
+
+    local failed_checks
+    failed_checks=$(echo "$check_runs" | jq '[.[] | select(.conclusion == "failure" or .conclusion == "cancelled")] | length' 2>/dev/null || echo "0")
+
+    local pending_checks
+    pending_checks=$(echo "$check_runs" | jq '[.[] | select(.status != "completed")] | length' 2>/dev/null || echo "0")
+
+    if [[ "$failed_checks" -gt 0 ]]; then
+        error "PR #${pr_number} has ${failed_checks} failed check(s) on current head ${short_sha}"
+        return 1
+    fi
+
+    if [[ "$pending_checks" -gt 0 ]]; then
+        warn "PR #${pr_number} has ${pending_checks} pending check(s) on head ${short_sha}"
+        return 1
+    fi
+
+    info "All ${total_checks} checks passed for current head SHA ${short_sha}"
+    return 0
+}
+
+validate_reviews_for_head_sha() {
+    local pr_number="$1"
+    local head_sha="$2"
+
+    if [[ -z "$head_sha" ]]; then
+        return 0
+    fi
+
+    local short_sha="${head_sha:0:7}"
+
+    # Get reviews and check they're not stale (submitted before the latest push)
+    local reviews_json
+    reviews_json=$(gh pr view "$pr_number" --json reviews --jq '.reviews' 2>/dev/null || echo "[]")
+
+    local latest_commit_date
+    latest_commit_date=$(gh pr view "$pr_number" --json commits --jq '.commits[-1].committedDate' 2>/dev/null || echo "")
+
+    if [[ -z "$latest_commit_date" ]]; then
+        return 0
+    fi
+
+    # Check if any approvals are stale (submitted before last commit)
+    local stale_approvals
+    stale_approvals=$(echo "$reviews_json" | jq --arg cutoff "$latest_commit_date" \
+        '[.[] | select(.state == "APPROVED" and .submittedAt < $cutoff)] | length' 2>/dev/null || echo "0")
+
+    if [[ "$stale_approvals" -gt 0 ]]; then
+        warn "PR #${pr_number} has ${stale_approvals} stale approval(s) from before head ${short_sha} — reviews should be refreshed"
+    fi
+
+    return 0
+}
+
+compute_risk_tier_for_pr() {
+    local pr_number="$1"
+    local policy_file="${REPO_DIR}/config/policy.json"
+
+    if [[ ! -f "$policy_file" ]]; then
+        echo "medium"
+        return
+    fi
+
+    local changed_files
+    changed_files=$(gh pr diff "$pr_number" --name-only 2>/dev/null || echo "")
+
+    if [[ -z "$changed_files" ]]; then
+        echo "low"
+        return
+    fi
+
+    local tier="low"
+
+    check_tier_match() {
+        local check_tier="$1"
+        local patterns
+        patterns=$(jq -r ".riskTierRules.${check_tier}[]? // empty" "$policy_file" 2>/dev/null)
+        [[ -z "$patterns" ]] && return 1
+
+        while IFS= read -r pattern; do
+            [[ -z "$pattern" ]] && continue
+            local regex
+            regex=$(echo "$pattern" | sed 's/\./\\./g; s/\*\*/DOUBLESTAR/g; s/\*/[^\/]*/g; s/DOUBLESTAR/.*/g')
+            while IFS= read -r file; do
+                [[ -z "$file" ]] && continue
+                if echo "$file" | grep -qE "^${regex}$"; then
+                    return 0
+                fi
+            done <<< "$changed_files"
+        done <<< "$patterns"
+        return 1
+    }
+
+    if check_tier_match "critical"; then
+        tier="critical"
+    elif check_tier_match "high"; then
+        tier="high"
+    elif check_tier_match "medium"; then
+        tier="medium"
+    fi
+
+    echo "$tier"
+}
+
 # ─── Review Pass ────────────────────────────────────────────────────────────
 
 pr_review() {
@@ -144,25 +289,25 @@ pr_review() {
     if echo "$diff_output" | grep -qE '(HACK|TODO|FIXME|XXX|BROKEN|DEBUG)'; then
         warnings="${warnings}
 - Found HACK/TODO/FIXME markers in code"
-        ((issues_found++))
+        issues_found=$((issues_found + 1))
     fi
 
     if echo "$diff_output" | grep -qE 'console\.(log|warn|error)\('; then
         warnings="${warnings}
 - Found console.log statements (should use proper logging)"
-        ((issues_found++))
+        issues_found=$((issues_found + 1))
     fi
 
     if [[ $line_additions -gt 500 ]]; then
         warnings="${warnings}
 - Large addition (${line_additions} lines) — consider splitting into smaller PRs"
-        ((issues_found++))
+        issues_found=$((issues_found + 1))
     fi
 
     if [[ $file_count -gt 20 ]]; then
         warnings="${warnings}
 - Many files changed (${file_count}) — consider splitting"
-        ((issues_found++))
+        issues_found=$((issues_found + 1))
     fi
 
     # Post review comment to PR
@@ -220,6 +365,35 @@ pr_merge() {
         return 1
     fi
 
+    # ── Current-head SHA discipline ──────────────────────────────────────────
+    # All evidence (checks, reviews) must be validated against the current head.
+    # Never merge on stale evidence from an older commit.
+    local head_sha
+    head_sha=$(echo "$pr_info" | jq -r '.headRefOid // empty' 2>/dev/null)
+    if [[ -z "$head_sha" ]]; then
+        head_sha=$(get_pr_head_sha "$pr_number")
+    fi
+
+    if [[ -n "$head_sha" ]]; then
+        local short_sha="${head_sha:0:7}"
+        info "Validating evidence for current head SHA: ${short_sha}"
+
+        if ! validate_checks_for_head_sha "$pr_number" "$head_sha"; then
+            error "PR #${pr_number} blocked — checks not passing for current head ${short_sha}"
+            emit_event "pr.merge_failed" "pr=${pr_number}" "reason=stale_checks" "head_sha=${short_sha}"
+            return 1
+        fi
+
+        validate_reviews_for_head_sha "$pr_number" "$head_sha"
+    else
+        warn "Could not determine head SHA — falling back to legacy check"
+    fi
+
+    # ── Risk tier enforcement ────────────────────────────────────────────────
+    local risk_tier
+    risk_tier=$(compute_risk_tier_for_pr "$pr_number")
+    info "Risk tier: ${risk_tier}"
+
     # Check for merge conflicts
     if has_merge_conflicts "$pr_number"; then
         error "PR #${pr_number} has merge conflicts — manual intervention required"
@@ -227,7 +401,7 @@ pr_merge() {
         return 1
     fi
 
-    # Check CI status
+    # Check CI status (legacy check, supplementary to SHA-based validation)
     local status_check_rollup
     status_check_rollup=$(echo "$pr_info" | jq -r '.statusCheckRollup[].state' 2>/dev/null | sort | uniq)
     if [[ -z "$status_check_rollup" ]] || echo "$status_check_rollup" | grep -qi "failure\|error"; then
@@ -246,10 +420,10 @@ pr_merge() {
     fi
 
     # Perform squash merge and delete branch
-    info "Merging PR #${pr_number} with squash..."
+    info "Merging PR #${pr_number} with squash (tier: ${risk_tier}, head: ${head_sha:0:7})..."
     if gh pr merge "$pr_number" --squash --delete-branch 2>/dev/null; then
         success "PR #${pr_number} merged and branch deleted"
-        emit_event "pr.merged" "pr=${pr_number}"
+        emit_event "pr.merged" "pr=${pr_number}" "risk_tier=${risk_tier}" "head_sha=${head_sha:0:7}"
 
         # Post feedback to originating issue
         local issue_number
@@ -315,7 +489,7 @@ ${DIM}— Shipwright auto-lifecycle manager${RESET}"
             gh pr comment "$pr_number" --body "$close_comment" 2>/dev/null || true
             gh pr close "$pr_number" 2>/dev/null && {
                 success "Closed PR #${pr_number}"
-                ((closed_count++))
+                closed_count=$((closed_count + 1))
                 emit_event "pr.closed_stale" "pr=${pr_number}" "age_days=${age_days}"
             }
         fi

package/scripts/sw-predictive.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -34,16 +34,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Structured Event Log ──────────────────────────────────────────────────
 EVENTS_FILE="${HOME}/.shipwright/events.jsonl"
 
@@ -169,7 +159,7 @@ _predictive_record_anomaly() {
         '{ts: $ts, ts_epoch: $epoch, stage: $stage, metric: $metric, severity: $severity, value: $value, baseline: $baseline, confirmed: null}')
     echo "$record" >> "$tracking_file"
     # Rotate anomaly tracking to prevent unbounded growth
-    type rotate_jsonl &>/dev/null 2>&1 && rotate_jsonl "$tracking_file" 5000
+    type rotate_jsonl >/dev/null 2>&1 && rotate_jsonl "$tracking_file" 5000
 }
 
 # predictive_confirm_anomaly <stage> <metric_name> <was_real_failure>
@@ -308,7 +298,7 @@ _predictive_github_risk_factors() {
     local issue_json="$1"
     local risk_factors='{"security_risk": 0, "churn_risk": 0, "contributor_risk": 0, "recurrence_risk": 0}'
 
-    type _gh_detect_repo &>/dev/null 2>&1 || { echo "$risk_factors"; return 0; }
+    type _gh_detect_repo >/dev/null 2>&1 || { echo "$risk_factors"; return 0; }
     _gh_detect_repo 2>/dev/null || { echo "$risk_factors"; return 0; }
 
     local owner="${GH_OWNER:-}" repo="${GH_REPO:-}"
@@ -316,7 +306,7 @@ _predictive_github_risk_factors() {
 
     # Security risk: active alerts
     local sec_risk=0
-    if type gh_security_alerts &>/dev/null 2>&1; then
+    if type gh_security_alerts >/dev/null 2>&1; then
         local alert_count
         alert_count=$(gh_security_alerts "$owner" "$repo" 2>/dev/null | jq 'length' 2>/dev/null || echo "0")
         if [[ "${alert_count:-0}" -gt 10 ]]; then
@@ -330,7 +320,7 @@ _predictive_github_risk_factors() {
 
     # Recurrence risk: similar past issues
     local rec_risk=0
-    if type gh_similar_issues &>/dev/null 2>&1; then
+    if type gh_similar_issues >/dev/null 2>&1; then
         local title
         title=$(echo "$issue_json" | jq -r '.title // ""' 2>/dev/null | head -c 100)
         if [[ -n "$title" ]]; then
@@ -346,7 +336,7 @@ _predictive_github_risk_factors() {
 
     # Contributor risk: low contributor count = bus factor risk
     local cont_risk=0
-    if type gh_contributors &>/dev/null 2>&1; then
+    if type gh_contributors >/dev/null 2>&1; then
         local contributor_count
         contributor_count=$(gh_contributors "$owner" "$repo" 2>/dev/null | jq 'length' 2>/dev/null || echo "0")
         if [[ "${contributor_count:-0}" -lt 2 ]]; then
@@ -368,7 +358,7 @@ predict_pipeline_risk() {
     local issue_json="${1:-"{}"}"
     local repo_context="${2:-}"
 
-    if [[ "$INTELLIGENCE_AVAILABLE" == "true" ]] && command -v _intelligence_call_claude &>/dev/null; then
+    if [[ "$INTELLIGENCE_AVAILABLE" == "true" ]] && command -v _intelligence_call_claude >/dev/null 2>&1; then
         local prompt
         prompt="Analyze this issue for pipeline risk. Return ONLY valid JSON.
 
@@ -381,7 +371,7 @@ Return JSON format:
         local result
         result=$(_intelligence_call_claude "$prompt" 2>/dev/null || echo "")
 
-        if [[ -n "$result" ]] && echo "$result" | jq -e '.overall_risk' &>/dev/null; then
+        if [[ -n "$result" ]] && echo "$result" | jq -e '.overall_risk' >/dev/null 2>&1; then
             # Validate range
             local risk
             risk=$(echo "$result" | jq '.overall_risk')
@@ -503,7 +493,7 @@ $(head -100 "$file_path" 2>/dev/null || true)
         return 0
     fi
 
-    if [[ "$INTELLIGENCE_AVAILABLE" != "true" ]] || ! command -v _intelligence_call_claude &>/dev/null; then
+    if [[ "$INTELLIGENCE_AVAILABLE" != "true" ]] || ! command -v _intelligence_call_claude >/dev/null 2>&1; then
         echo '[]'
         return 0
     fi
@@ -524,7 +514,7 @@ Only return findings with severity 'high' or 'critical'. Return [] if nothing si
     local result
     result=$(_intelligence_call_claude "$prompt" 2>/dev/null || echo "")
 
-    if [[ -n "$result" ]] && echo "$result" | jq -e 'type == "array"' &>/dev/null; then
+    if [[ -n "$result" ]] && echo "$result" | jq -e 'type == "array"' >/dev/null 2>&1; then
         # Filter to only high/critical findings
         local filtered
         filtered=$(echo "$result" | jq '[.[] | select(.severity == "high" or .severity == "critical")]')
@@ -588,9 +578,13 @@ predict_detect_anomaly() {
         return 0
     fi
 
-    # Get per-metric thresholds (adaptive or default)
+    # Get per-metric thresholds (adaptive from intelligence/DB, or file-based, or default)
     local metric_critical_mult metric_warning_mult
-    metric_critical_mult=$(_predictive_get_anomaly_threshold "$metric_name")
+    if [[ "$(type -t get_anomaly_threshold 2>/dev/null)" == "function" ]]; then
+        metric_critical_mult=$(get_anomaly_threshold)
+    else
+        metric_critical_mult=$(_predictive_get_anomaly_threshold "$metric_name")
+    fi
     metric_warning_mult=$(_predictive_get_warning_multiplier "$metric_name")
 
     # Calculate thresholds using awk for floating-point

package/scripts/sw-prep.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # ─── Handle subcommands ───────────────────────────────────────────────────────
@@ -38,16 +38,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Defaults ───────────────────────────────────────────────────────────────
 FORCE=false
 CHECK_ONLY=false
@@ -153,7 +143,7 @@ done
 # ─── prep_init ──────────────────────────────────────────────────────────────
 
 prep_init() {
-    if ! git rev-parse --is-inside-work-tree &>/dev/null; then
+    if ! git rev-parse --is-inside-work-tree >/dev/null 2>&1; then
         error "Not inside a git repository"
         exit 1
     fi
@@ -591,7 +581,7 @@ prep_extract_patterns() {
 # ─── Intelligence Check ──────────────────────────────────────────────────
 
 intelligence_available() {
-    command -v claude &>/dev/null || return 1
+    command -v claude >/dev/null 2>&1 || return 1
     # Honor --with-claude flag
     $WITH_CLAUDE && return 0
     # Check daemon config for intelligence.enabled
@@ -1407,7 +1397,7 @@ prep_generate_manifest() {
 HEREDOC
 
     # Validate JSON
-    if command -v jq &>/dev/null; then
+    if command -v jq >/dev/null 2>&1; then
         if ! jq empty "$filepath" 2>/dev/null; then
             warn "prep-manifest.json may have invalid JSON — check manually"
         fi
@@ -1422,7 +1412,7 @@ HEREDOC
 prep_with_claude() {
     if ! $WITH_CLAUDE; then return; fi
 
-    if ! command -v claude &>/dev/null; then
+    if ! command -v claude >/dev/null 2>&1; then
         warn "claude CLI not found — skipping deep analysis"
         return
     fi
@@ -1471,7 +1461,7 @@ prep_validate() {
     local issues=0
 
     # Check JSON files
-    if command -v jq &>/dev/null; then
+    if command -v jq >/dev/null 2>&1; then
         for f in "$PROJECT_ROOT/.claude/settings.json" "$PROJECT_ROOT/.claude/prep-manifest.json"; do
             if [[ -f "$f" ]] && ! jq empty "$f" 2>/dev/null; then
                 warn "Invalid JSON: ${f##"$PROJECT_ROOT"/}"

package/scripts/sw-ps.sh

@@ -5,7 +5,7 @@
 # ║  Displays a table of agents running in claude-* tmux windows with       ║
 # ║  PID, status, idle time, and pane references.                           ║
 # ╚═══════════════════════════════════════════════════════════════════════════╝
-VERSION="2.3.1"
+VERSION="3.0.0"
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
@@ -31,16 +31,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Format idle time ───────────────────────────────────────────────────────
 format_idle() {
     local seconds="$1"

package/scripts/sw-public-dashboard.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -34,16 +34,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Paths ──────────────────────────────────────────────────────────────────
 PUB_DASH_DIR="${HOME}/.shipwright/public-dashboard"
 SHARE_LINKS_FILE="${PUB_DASH_DIR}/share-links.json"
@@ -133,7 +123,7 @@ gather_pipeline_state() {
 # ─── Generate Token ─────────────────────────────────────────────────────────
 generate_token() {
     # Create a read-only token (32 hex chars)
-    if command -v openssl &>/dev/null; then
+    if command -v openssl >/dev/null 2>&1; then
         openssl rand -hex 16
     else
         # Fallback to simple pseudo-random