speclock 1.3.0 → 1.3.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +151 -190
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -1,9 +1,11 @@
|
|
|
1
1
|
# SpecLock
|
|
2
2
|
|
|
3
|
-
**AI
|
|
3
|
+
**AI Constraint Engine** — Memory + enforcement for AI coding tools. The only solution that makes your AI **respect boundaries**, not just remember things.
|
|
4
4
|
|
|
5
5
|
> Developed by **Sandeep Roy** ([github.com/sgroy10](https://github.com/sgroy10))
|
|
6
6
|
|
|
7
|
+
**Website**: [sgroy10.github.io/speclock](https://sgroy10.github.io/speclock/) | **npm**: [npmjs.com/package/speclock](https://www.npmjs.com/package/speclock) | **Smithery**: [smithery.ai/servers/sgroy10/speclock](https://smithery.ai/servers/sgroy10/speclock)
|
|
8
|
+
|
|
7
9
|
[](https://www.npmjs.com/package/speclock)
|
|
8
10
|
[](https://opensource.org/licenses/MIT)
|
|
9
11
|
[](https://modelcontextprotocol.io)
|
|
@@ -13,73 +15,78 @@
|
|
|
13
15
|
|
|
14
16
|
## The Problem
|
|
15
17
|
|
|
16
|
-
|
|
18
|
+
AI tools now have memory. Claude Code has auto-memory. Cursor has Memory Bank. Mem0 exists.
|
|
19
|
+
|
|
20
|
+
**But memory without enforcement is dangerous.**
|
|
17
21
|
|
|
18
|
-
-
|
|
19
|
-
-
|
|
20
|
-
-
|
|
21
|
-
-
|
|
22
|
+
- Your AI remembers you use PostgreSQL — then switches to MongoDB because it "seemed better"
|
|
23
|
+
- Your AI remembers your auth setup — then rewrites it while "fixing" a bug
|
|
24
|
+
- Your AI remembers your constraints — then ignores them when they're inconvenient
|
|
25
|
+
- You said "never touch auth files" 3 sessions ago — the AI doesn't care
|
|
22
26
|
|
|
23
|
-
**
|
|
27
|
+
**Remembering is not the same as respecting.** AI tools need guardrails, not just memory.
|
|
24
28
|
|
|
25
29
|
## The Solution
|
|
26
30
|
|
|
27
|
-
SpecLock
|
|
31
|
+
SpecLock adds **active constraint enforcement** on top of persistent memory. When your AI tries to break something you locked, SpecLock **stops it before the damage is done**.
|
|
28
32
|
|
|
29
33
|
```
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
├── events.log # Append-only event ledger (JSONL)
|
|
33
|
-
├── patches/ # Git diffs captured per event
|
|
34
|
-
└── context/
|
|
35
|
-
└── latest.md # Always-fresh context pack for any AI agent
|
|
36
|
-
```
|
|
34
|
+
You: "Don't ever touch the auth files"
|
|
35
|
+
AI: 🔒 Locked: "Never modify auth files"
|
|
37
36
|
|
|
38
|
-
|
|
37
|
+
... 5 sessions later ...
|
|
39
38
|
|
|
40
|
-
|
|
39
|
+
You: "Add social login to the login page"
|
|
40
|
+
AI: ⚠️ CONFLICT: This violates your lock "Never modify auth files"
|
|
41
|
+
Should I proceed or find another approach?
|
|
42
|
+
```
|
|
41
43
|
|
|
42
|
-
|
|
44
|
+
No other tool does this. Not Claude's native memory. Not Mem0. Not CLAUDE.md files.
|
|
43
45
|
|
|
44
|
-
##
|
|
46
|
+
## How SpecLock Is Different
|
|
45
47
|
|
|
46
|
-
| Feature |
|
|
47
|
-
|
|
48
|
-
|
|
|
49
|
-
|
|
|
50
|
-
|
|
|
51
|
-
|
|
|
52
|
-
|
|
|
53
|
-
|
|
|
54
|
-
|
|
|
55
|
-
|
|
|
48
|
+
| Feature | Claude Native Memory | Mem0 | CLAUDE.md / .cursorrules | **SpecLock** |
|
|
49
|
+
|---------|---------------------|------|--------------------------|--------------|
|
|
50
|
+
| Remembers context | Yes | Yes | Manual | **Yes** |
|
|
51
|
+
| **Stops the AI from breaking things** | No | No | No | **Yes — active enforcement** |
|
|
52
|
+
| **Semantic conflict detection** | No | No | No | **Yes — synonym + negation analysis** |
|
|
53
|
+
| Works on Bolt.new | No | No | No | **Yes — npm file-based mode** |
|
|
54
|
+
| Works on Lovable | No | No | No | **Yes — MCP remote** |
|
|
55
|
+
| Structured decisions/locks | No | Tags only | Flat text | **Goals, locks, decisions, changes** |
|
|
56
|
+
| Git-aware (checkpoints, rollback) | No | No | No | **Yes** |
|
|
57
|
+
| Drift detection | No | No | No | **Yes — scans changes against locks** |
|
|
58
|
+
| Multi-agent timeline | No | No | No | **Yes** |
|
|
59
|
+
| Cross-platform | Claude only | MCP only | Tool-specific | **Universal (MCP + npm)** |
|
|
56
60
|
|
|
57
61
|
**Other tools remember. SpecLock enforces.**
|
|
58
62
|
|
|
59
63
|
## Quick Start
|
|
60
64
|
|
|
61
|
-
###
|
|
65
|
+
### Bolt.new / Aider / Any npm Platform (No MCP Needed)
|
|
62
66
|
|
|
63
|
-
|
|
67
|
+
Just tell the AI:
|
|
64
68
|
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
|
|
69
|
+
```
|
|
70
|
+
"Install speclock and set up project memory"
|
|
71
|
+
```
|
|
68
72
|
|
|
69
|
-
|
|
73
|
+
Or run it yourself:
|
|
70
74
|
|
|
71
|
-
```
|
|
72
|
-
|
|
73
|
-
"mcpServers": {
|
|
74
|
-
"speclock": {
|
|
75
|
-
"command": "npx",
|
|
76
|
-
"args": ["-y", "speclock", "serve", "--project", "."]
|
|
77
|
-
}
|
|
78
|
-
}
|
|
79
|
-
}
|
|
75
|
+
```bash
|
|
76
|
+
npx speclock setup --goal "Build my app"
|
|
80
77
|
```
|
|
81
78
|
|
|
82
|
-
**
|
|
79
|
+
**That's it.** The AI reads `SPECLOCK.md`, follows the rules, and uses CLI commands. Tested on Bolt.new — the AI ran 17 commands automatically on first install, setting up goals, locks, and decisions without any configuration.
|
|
80
|
+
|
|
81
|
+
### Lovable (MCP Remote — No Install)
|
|
82
|
+
|
|
83
|
+
1. Go to **Settings → Connectors → Personal connectors → New MCP server**
|
|
84
|
+
2. Enter URL: `https://speclock-mcp-production.up.railway.app/mcp` — No auth
|
|
85
|
+
3. Paste [Project Instructions](#project-instructions) into Knowledge
|
|
86
|
+
|
|
87
|
+
### Claude Code (MCP Local)
|
|
88
|
+
|
|
89
|
+
Add to `.claude/settings.json` or `.mcp.json`:
|
|
83
90
|
|
|
84
91
|
```json
|
|
85
92
|
{
|
|
@@ -92,83 +99,85 @@ The MCP server gives the AI tools for memory and constraint checking. The projec
|
|
|
92
99
|
}
|
|
93
100
|
```
|
|
94
101
|
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
### 2. Add Project Instructions (Required)
|
|
102
|
+
### Cursor / Windsurf / Cline
|
|
98
103
|
|
|
99
|
-
|
|
104
|
+
Same MCP config as Claude Code. Add to `.cursor/mcp.json` or equivalent.
|
|
100
105
|
|
|
101
|
-
|
|
106
|
+
### Project Instructions
|
|
102
107
|
|
|
103
|
-
|
|
104
|
-
|----------|----------------|
|
|
105
|
-
| **Lovable** | Project Settings → Knowledge |
|
|
106
|
-
| **Cursor** | `.cursorrules` file in project root |
|
|
107
|
-
| **Claude Code** | `CLAUDE.md` file in project root |
|
|
108
|
-
| **Windsurf** | `.windsurfrules` file in project root |
|
|
109
|
-
|
|
110
|
-
**The rules to paste:**
|
|
108
|
+
For MCP platforms, paste these rules into your platform's instruction settings (Lovable Knowledge, .cursorrules, CLAUDE.md, etc.):
|
|
111
109
|
|
|
112
110
|
```
|
|
113
111
|
## SpecLock Rules (MANDATORY — follow on every message)
|
|
114
112
|
|
|
115
|
-
1. START
|
|
116
|
-
|
|
117
|
-
|
|
113
|
+
1. START: Call speclock_session_briefing FIRST. Show: "🔒 Memory loaded — X locks, Y decisions."
|
|
114
|
+
2. BEFORE CHANGES: Call speclock_check_conflict. If HIGH conflict, STOP and warn.
|
|
115
|
+
3. LOCK: When user says "never/always/don't touch" → call speclock_add_lock immediately.
|
|
116
|
+
4. AFTER FEATURES: Call speclock_log_change with summary + files affected.
|
|
117
|
+
5. UNLOCK: When user wants to change something locked → warn first, only proceed on confirm.
|
|
118
|
+
6. END: Call speclock_session_summary with what was accomplished.
|
|
119
|
+
```
|
|
118
120
|
|
|
119
|
-
|
|
121
|
+
See [SPECLOCK-INSTRUCTIONS.md](SPECLOCK-INSTRUCTIONS.md) for platform-specific versions.
|
|
120
122
|
|
|
121
|
-
|
|
123
|
+
## What It Looks Like In Practice
|
|
122
124
|
|
|
123
|
-
|
|
125
|
+
### Bolt.new — Session 1 (Setup)
|
|
126
|
+
```
|
|
127
|
+
User: "Install speclock and set up memory for my SaaS"
|
|
124
128
|
|
|
125
|
-
|
|
129
|
+
Bolt: ✓ Ran npx speclock setup
|
|
130
|
+
✓ Set goal: "Build B2B SaaS API"
|
|
131
|
+
✓ Added 6 locks (auth, security, rate limiting...)
|
|
132
|
+
✓ Recorded 7 decisions (Supabase, Stripe, Gemini...)
|
|
133
|
+
✓ Context file generated — project memory active
|
|
126
134
|
```
|
|
127
135
|
|
|
128
|
-
|
|
136
|
+
### Bolt.new — Session 2 (Full Memory)
|
|
137
|
+
```
|
|
138
|
+
User: "Create a plan for the API endpoints"
|
|
129
139
|
|
|
130
|
-
|
|
140
|
+
Bolt: ✓ Read project context (6 locks, 7 decisions)
|
|
141
|
+
✓ Created 10-phase plan respecting ALL constraints
|
|
142
|
+
✓ All plans use Supabase (locked), Bearer auth (locked)
|
|
143
|
+
✓ Logged planning phase back to SpecLock
|
|
144
|
+
```
|
|
131
145
|
|
|
132
|
-
|
|
146
|
+
### Any Platform — Constraint Enforcement
|
|
147
|
+
```
|
|
148
|
+
You: "Add social login to the login page"
|
|
149
|
+
AI: ⚠️ CONFLICT (HIGH — 100%): Violates lock "Never modify auth files"
|
|
150
|
+
Reasons:
|
|
151
|
+
- Direct keyword match: auth
|
|
152
|
+
- Synonym match: security, authentication
|
|
153
|
+
- Lock prohibits this action (negation detected)
|
|
154
|
+
|
|
155
|
+
Should I proceed or find another approach?
|
|
156
|
+
```
|
|
133
157
|
|
|
134
|
-
|
|
135
|
-
2. **During work**: AI auto-captures decisions, logs changes, checks constraints before modifying code
|
|
136
|
-
3. **Constraint protection**: If the AI tries to break something you locked, it stops and warns you
|
|
137
|
-
4. **Every session ends**: AI records what was accomplished
|
|
138
|
-
5. **Next session**: Full continuity — the AI remembers everything from all previous sessions
|
|
158
|
+
## Killer Feature: Semantic Conflict Detection
|
|
139
159
|
|
|
140
|
-
|
|
160
|
+
Not just keyword matching. SpecLock uses **synonym expansion** (15 groups), **negation detection**, and **destructive action flagging**:
|
|
141
161
|
|
|
142
|
-
### You lock something important:
|
|
143
|
-
```
|
|
144
|
-
You: "Don't ever touch the auth files"
|
|
145
|
-
AI: 🔒 Locked: "Never modify auth files"
|
|
146
162
|
```
|
|
163
|
+
Lock: "No breaking changes to public API"
|
|
164
|
+
Action: "Remove the external endpoints"
|
|
147
165
|
|
|
148
|
-
|
|
149
|
-
|
|
150
|
-
|
|
151
|
-
|
|
152
|
-
Should I proceed anyway, or find another approach?
|
|
166
|
+
Result: [HIGH] Conflict detected (confidence: 85%)
|
|
167
|
+
- synonym match: remove/delete, external/public, endpoints/api
|
|
168
|
+
- lock prohibits this action (negation detected)
|
|
169
|
+
- destructive action against locked constraint
|
|
153
170
|
```
|
|
154
171
|
|
|
155
|
-
|
|
156
|
-
```
|
|
157
|
-
You: "Let's keep working on the dashboard"
|
|
158
|
-
AI: 🔒 Memory loaded — 5 locks, 3 decisions, 2 sessions tracked.
|
|
159
|
-
Last session you added the payment page and locked the auth files.
|
|
160
|
-
Ready to work on the dashboard.
|
|
161
|
-
```
|
|
172
|
+
## Three Integration Modes
|
|
162
173
|
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
AI: 🔓 Unlocked. Proceeding with auth file changes.
|
|
169
|
-
```
|
|
174
|
+
| Mode | Platforms | How It Works |
|
|
175
|
+
|------|-----------|--------------|
|
|
176
|
+
| **MCP Remote** | Lovable, bolt.diy, Base44 | Connect via URL — no install needed |
|
|
177
|
+
| **MCP Local** | Claude Code, Cursor, Windsurf, Cline | `npx speclock serve` — 19 tools via MCP |
|
|
178
|
+
| **npm File-Based** | Bolt.new, Aider, Rocket.new | `npx speclock setup` — AI reads SPECLOCK.md + uses CLI |
|
|
170
179
|
|
|
171
|
-
## MCP Tools
|
|
180
|
+
## 19 MCP Tools
|
|
172
181
|
|
|
173
182
|
### Memory Management
|
|
174
183
|
| Tool | Purpose |
|
|
@@ -185,11 +194,11 @@ AI: 🔓 Unlocked. Proceeding with auth file changes.
|
|
|
185
194
|
### Change Tracking
|
|
186
195
|
| Tool | Purpose |
|
|
187
196
|
|------|---------|
|
|
188
|
-
| `speclock_log_change` |
|
|
197
|
+
| `speclock_log_change` | Log a significant change |
|
|
189
198
|
| `speclock_get_changes` | Get recent tracked changes |
|
|
190
|
-
| `speclock_get_events` | Get event log (filterable
|
|
199
|
+
| `speclock_get_events` | Get event log (filterable) |
|
|
191
200
|
|
|
192
|
-
###
|
|
201
|
+
### Enforcement & Protection
|
|
193
202
|
| Tool | Purpose |
|
|
194
203
|
|------|---------|
|
|
195
204
|
| `speclock_check_conflict` | Check action against locks (semantic matching) |
|
|
@@ -202,110 +211,62 @@ AI: 🔓 Unlocked. Proceeding with auth file changes.
|
|
|
202
211
|
| `speclock_checkpoint` | Create named git tag for rollback |
|
|
203
212
|
| `speclock_repo_status` | Branch, commit, changed files, diff |
|
|
204
213
|
|
|
205
|
-
### Intelligence
|
|
214
|
+
### Intelligence
|
|
206
215
|
| Tool | Purpose |
|
|
207
216
|
|------|---------|
|
|
208
217
|
| `speclock_suggest_locks` | AI-powered lock suggestions from patterns |
|
|
209
218
|
| `speclock_detect_drift` | Scan changes for constraint violations |
|
|
210
219
|
| `speclock_health` | Health score + multi-agent timeline |
|
|
211
220
|
|
|
212
|
-
## Killer Features
|
|
213
|
-
|
|
214
|
-
### Semantic Conflict Detection
|
|
215
|
-
|
|
216
|
-
Not just keyword matching — SpecLock understands synonyms, negation, and destructive intent:
|
|
217
|
-
|
|
218
|
-
```
|
|
219
|
-
Lock: "No breaking changes to public API"
|
|
220
|
-
|
|
221
|
-
Action: "remove the external endpoints"
|
|
222
|
-
Result: [HIGH] Conflict detected (confidence: 85%)
|
|
223
|
-
- synonym match: remove/delete, external/public, endpoints/api
|
|
224
|
-
- lock prohibits this action (negation detected)
|
|
225
|
-
- destructive action against locked constraint
|
|
226
|
-
```
|
|
227
|
-
|
|
228
|
-
### Auto-Lock Suggestions
|
|
229
|
-
|
|
230
|
-
SpecLock analyzes your decisions and notes for commitment language and suggests constraints:
|
|
231
|
-
|
|
232
|
-
```
|
|
233
|
-
Decision: "Always use REST for public endpoints"
|
|
234
|
-
→ Suggestion: Promote to lock (contains "always" — strong commitment language)
|
|
235
|
-
|
|
236
|
-
Project mentions "security" but has no security lock
|
|
237
|
-
→ Suggestion: "No secrets or credentials in source code"
|
|
238
|
-
```
|
|
239
|
-
|
|
240
|
-
### Drift Detection
|
|
241
|
-
|
|
242
|
-
Proactively scans recent changes against your locks:
|
|
243
|
-
|
|
244
|
-
```
|
|
245
|
-
Lock: "No database schema changes without migration"
|
|
246
|
-
Change: "Modified users table schema directly"
|
|
247
|
-
→ [HIGH] Drift detected — review immediately
|
|
248
|
-
```
|
|
249
|
-
|
|
250
|
-
### Multi-Agent Timeline
|
|
251
|
-
|
|
252
|
-
Track which AI tools touched your project and what they did:
|
|
253
|
-
|
|
254
|
-
```
|
|
255
|
-
Health Check — Score: 85/100 (Grade: A)
|
|
256
|
-
|
|
257
|
-
Multi-Agent Timeline:
|
|
258
|
-
- claude-code: 12 sessions, last active 2026-02-24
|
|
259
|
-
- cursor: 5 sessions, last active 2026-02-23
|
|
260
|
-
- codex: 2 sessions, last active 2026-02-20
|
|
261
|
-
```
|
|
262
|
-
|
|
263
221
|
## CLI Commands
|
|
264
222
|
|
|
265
|
-
```
|
|
266
|
-
|
|
267
|
-
speclock goal
|
|
268
|
-
speclock lock <text> [--tags a,b] Add a SpecLock constraint
|
|
269
|
-
speclock lock remove <id> Remove a lock
|
|
270
|
-
speclock decide <text> Record a decision
|
|
271
|
-
speclock note <text> Add a note
|
|
272
|
-
speclock facts deploy --provider X Set deploy facts
|
|
273
|
-
speclock context Generate and print context pack
|
|
274
|
-
speclock watch Start file watcher
|
|
275
|
-
speclock serve [--project <path>] Start MCP server
|
|
276
|
-
speclock status Show brain summary
|
|
277
|
-
```
|
|
223
|
+
```bash
|
|
224
|
+
# Setup
|
|
225
|
+
speclock setup --goal "Build my app" # One-shot: init + rules + context
|
|
278
226
|
|
|
279
|
-
|
|
227
|
+
# Memory
|
|
228
|
+
speclock goal <text> # Set project goal
|
|
229
|
+
speclock lock <text> [--tags a,b] # Add a constraint
|
|
230
|
+
speclock lock remove <id> # Remove a lock
|
|
231
|
+
speclock decide <text> # Record a decision
|
|
232
|
+
speclock note <text> # Add a note
|
|
280
233
|
|
|
281
|
-
|
|
234
|
+
# Tracking
|
|
235
|
+
speclock log-change <text> --files x # Log a change
|
|
236
|
+
speclock context # Regenerate context file
|
|
282
237
|
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
- Windsurf
|
|
286
|
-
- Cline
|
|
287
|
-
- Codex
|
|
288
|
-
- Any MCP-compatible tool
|
|
238
|
+
# Enforcement
|
|
239
|
+
speclock check <text> # Check for lock conflicts
|
|
289
240
|
|
|
290
|
-
|
|
241
|
+
# Other
|
|
242
|
+
speclock status # Show brain summary
|
|
243
|
+
speclock serve [--project <path>] # Start MCP server
|
|
244
|
+
speclock watch # Start file watcher
|
|
245
|
+
```
|
|
291
246
|
|
|
292
247
|
## Architecture
|
|
293
248
|
|
|
294
249
|
```
|
|
295
|
-
|
|
296
|
-
│
|
|
297
|
-
|
|
298
|
-
|
|
299
|
-
|
|
300
|
-
|
|
301
|
-
|
|
302
|
-
|
|
303
|
-
|
|
304
|
-
|
|
305
|
-
|
|
306
|
-
|
|
307
|
-
|
|
308
|
-
|
|
250
|
+
┌─────────────────────────────────────────────────────┐
|
|
251
|
+
│ AI Tool (Bolt.new, Lovable, Claude Code) │
|
|
252
|
+
└──────────────┬──────────────────┬────────────────────┘
|
|
253
|
+
│ │
|
|
254
|
+
MCP Protocol File-Based (npm)
|
|
255
|
+
(19 tool calls) (reads SPECLOCK.md +
|
|
256
|
+
.speclock/context/latest.md,
|
|
257
|
+
runs CLI commands)
|
|
258
|
+
│ │
|
|
259
|
+
┌──────────────▼──────────────────▼────────────────────┐
|
|
260
|
+
│ SpecLock Core Engine │
|
|
261
|
+
│ Memory | Tracking | Enforcement | Git | Intelligence│
|
|
262
|
+
└──────────────────────┬───────────────────────────────┘
|
|
263
|
+
│
|
|
264
|
+
.speclock/
|
|
265
|
+
├── brain.json (structured memory)
|
|
266
|
+
├── events.log (immutable audit trail)
|
|
267
|
+
├── patches/ (git diffs per event)
|
|
268
|
+
└── context/
|
|
269
|
+
└── latest.md (human-readable context)
|
|
309
270
|
```
|
|
310
271
|
|
|
311
272
|
## Contributing
|
|
@@ -326,4 +287,4 @@ MIT License - see [LICENSE](LICENSE) file.
|
|
|
326
287
|
|
|
327
288
|
---
|
|
328
289
|
|
|
329
|
-
*SpecLock — Because
|
|
290
|
+
*SpecLock v1.3.1 — Because remembering isn't enough. AI needs to respect boundaries.*
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "speclock",
|
|
3
|
-
"version": "1.3.
|
|
3
|
+
"version": "1.3.2",
|
|
4
4
|
"description": "AI continuity engine — MCP server + CLI that kills AI amnesia. Maintains project memory, enforces constraints, and detects drift across AI coding sessions.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "src/mcp/server.js",
|