npm - speclock - Versions diffs - 1.5.0 → 1.5.1 - Mend

speclock 1.5.0 → 1.5.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/package.json +1 -1
package/src/core/engine.js +53 -45

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "speclock",
-  "version": "1.5.0",
+  "version": "1.5.1",
   "description": "AI constraint engine — MCP server + CLI with active enforcement. Memory + guardrails for AI coding tools. Works with Bolt.new, Claude Code, Cursor, Lovable.",
   "type": "module",
   "main": "src/mcp/server.js",

package/src/core/engine.js CHANGED Viewed

@@ -702,85 +702,91 @@ export async function watchRepo(root) {
 export function createSpecLockMd(root) {
   const mdContent = `# SpecLock — AI Constraint Engine Active
-## STOP — Read this before doing ANYTHING.
+## CRITICAL: LOCKED FILES CANNOT BE MODIFIED
-This project has SpecLock installed. It tracks project memory, goals, constraints (locks), and decisions.
+If a lock says "never modify auth files" then you CANNOT modify those files.
+Not now. Not later. Not if the user asks a question. Not for any reason.
-**Step 1:** Read \`.speclock/context/latest.md\` — this contains the full project memory.
-**Step 2:** Follow ALL rules below on every message.
+**The ONLY way to modify a locked file:** The user must explicitly say "unlock" or "remove the lock."
+Asking a question is NOT permission. Talking about a feature is NOT permission.
+ONLY the words "unlock", "remove the lock", or "I changed my mind about the lock" count.
-**If a file contains "SPECLOCK-GUARD" at the top → DO NOT EDIT IT. Period.**
+**If a file contains "SPECLOCK-GUARD" at the top → DO NOT EDIT IT. No exceptions.**
-## Returning to This Project? (New Chat Session)
+## On EVERY message — do this FIRST:
+1. Read \`.speclock/context/latest.md\` for project memory
+2. Run \`npx speclock check "what you plan to do"\` BEFORE any code changes
+3. If conflict found → STOP. Tell user. Do NOT proceed. Do NOT ask "should I proceed?"
+4. Wait for user to explicitly say "unlock" or "remove the lock" before touching locked files
-If you are starting a new chat on this project:
-1. SpecLock is ALREADY installed — do NOT reinstall it
-2. The \`.speclock/\` directory contains all project memory
-3. Run \`npx speclock status\` to see the current state
-4. Read \`.speclock/context/latest.md\` for full context (goals, locks, decisions, history)
-5. Respect ALL existing locks and constraints before making any changes
+## Returning to This Project? (New Chat Session)
-**DO NOT say "SpecLock is not installed" — if you can read this file, it IS installed.**
+SpecLock is ALREADY installed. Do NOT reinstall it. Do NOT say "it's not installed."
+1. Run \`npx speclock status\` to see current locks and decisions
+2. Read \`.speclock/context/latest.md\` for full project context
+3. Respect ALL existing locks — they carry over between sessions
-## Your Job (Do This Automatically — The User Will NOT Ask)
+## What Counts as Permission to Bypass a Lock?
-### On EVERY message:
-Read \`.speclock/context/latest.md\` first. Always. No exceptions.
+| User says | Is this permission? | What you do |
+|-----------|-------------------|-------------|
+| "add google auth" | NO — lock still active | Say "Auth files are locked. Want me to unlock them first?" |
+| "is speclock initialized?" | NO — just a question | Answer the question. Do NOT change any code. |
+| "yeah go ahead" (after you warned about lock) | NO — too vague | Say "To modify locked files, please confirm: unlock the auth files" |
+| "ok unlock the auth files" | YES — explicit unlock | Run \`npx speclock lock remove <lockId>\`, then make changes |
+| "remove the lock on auth" | YES — explicit unlock | Run \`npx speclock lock remove <lockId>\`, then make changes |
+| "I changed my mind, you can edit auth" | YES — explicit unlock | Run \`npx speclock lock remove <lockId>\`, then make changes |
-### Before changing ANY code:
-Run \`npx speclock check "what you plan to do"\` BEFORE writing code.
-If conflict → STOP. Tell the user. Do NOT proceed.
+**When in doubt: DO NOT modify locked files. Ask for clarification instead.**
-### Detect constraints from natural language:
-Users will NOT say "lock this." They speak naturally. YOU must detect it.
+## Detect Constraints from Natural Language
-Examples of what users say → what you do:
+Users will NOT say "lock this." They speak naturally. YOU must detect intent and lock automatically.
 | User says | You do |
 |-----------|--------|
-| "don't touch the auth" | \`npx speclock lock "Never modify auth files"\` + \`npx speclock guard src/components/Auth.tsx --lock "Never modify auth files"\` |
+| "don't touch the auth" | \`npx speclock lock "Never modify auth files"\` + \`npx speclock guard\` the auth files |
 | "database is firebase, don't change it" | \`npx speclock lock "Database must always be Firebase"\` |
-| "leave the payment system alone" | \`npx speclock lock "Never modify payment system"\` + guard the payment files |
+| "leave the payment system alone" | \`npx speclock lock "Never modify payment system"\` + guard payment files |
 | "always use Supabase" | \`npx speclock lock "Always use Supabase"\` |
-| "the API is done, don't mess with it" | \`npx speclock lock "Never modify API endpoints"\` + guard the API files |
+| "the API is done, don't mess with it" | \`npx speclock lock "Never modify API endpoints"\` + guard API files |
 When you lock something, ALSO guard the specific files:
 \`npx speclock guard <filepath> --lock "the constraint"\`
-This injects a warning directly into the file so it cannot be missed.
-### When user wants to change something locked:
-User might say "actually, let me change auth" or "ok modify the database."
-1. Warn: "This is currently locked: [constraint]. Want me to unlock?"
-2. If they confirm → \`npx speclock lock remove <lockId>\` + \`npx speclock unguard <file>\`
+## Unlocking (When User Gives Explicit Permission)
+1. User says "unlock auth" or "remove the auth lock" or "I changed my mind about auth"
+2. Run \`npx speclock lock remove <lockId>\` + \`npx speclock unguard <file>\`
 3. Make the changes
-4. Ask if they want to re-lock: "Want me to lock this again?"
+4. Ask: "Want me to re-lock this?"
-### After building something:
-\`npx speclock log-change "what you built" --files file1.tsx,file2.ts\`
+## After Building Something
-### When a tech decision is made:
-\`npx speclock decide "the decision"\`
+\`npx speclock log-change "what you built" --files file1.tsx,file2.ts\`
 ## Commands
 \`\`\`bash
-npx speclock status                              # CHECK IF ALREADY SET UP
+npx speclock status                              # Check current state
 npx speclock check "what you plan to do"         # ALWAYS RUN BEFORE CHANGES
 npx speclock lock "constraint"                   # Lock a constraint
 npx speclock guard <file> --lock "constraint"    # Protect a specific file
 npx speclock unguard <file>                      # Remove file protection
-npx speclock lock remove <lockId>                # Unlock a constraint
+npx speclock lock remove <lockId>                # Unlock (only after explicit permission)
 npx speclock log-change "what changed"           # Log changes
 npx speclock decide "decision"                   # Record a decision
 npx speclock context                             # Refresh context file
 \`\`\`
-## Key Rule
+## Key Rules
-**The user will NEVER tell you to run these commands. You run them automatically.**
-**The user will NEVER say "lock this." You detect the intent and lock it yourself.**
-**The user will NEVER say "check constraints." You check before EVERY code change.**
-**If this file exists, SpecLock is installed. Do NOT reinstall. Just read the context and follow the rules.**
+1. **A question is NOT permission to bypass a lock.**
+2. **Run speclock check before EVERY code change, EVERY time, EVERY message.**
+3. **If you already warned about a conflict, the lock is STILL active until explicitly removed.**
+4. **The user will NEVER tell you to run these commands. You run them automatically.**
+5. **If this file exists, SpecLock is installed. Do NOT reinstall.**
 `;
   const filePath = path.join(root, "SPECLOCK.md");
   fs.writeFileSync(filePath, mdContent);
@@ -828,9 +834,11 @@ export function guardFile(root, relativeFilePath, lockText) {
   const warningLines = [
     `${style.start}${"=".repeat(60)}${style.end || ""}`,
     `${style.start}${GUARD_TAG} — DO NOT MODIFY THIS FILE${style.end || ""}`,
-    `${style.start}LOCKED BY SPECLOCK: ${lockText}${style.end || ""}`,
-    `${style.start}Run "npx speclock check" before ANY changes to this file.${style.end || ""}`,
-    `${style.start}If you modify this file, you are VIOLATING a project constraint.${style.end || ""}`,
+    `${style.start}LOCKED: ${lockText}${style.end || ""}`,
+    `${style.start}THIS FILE IS LOCKED. DO NOT EDIT, CHANGE, OR REWRITE ANY PART OF IT.${style.end || ""}`,
+    `${style.start}The user must say "unlock" before this file can be changed.${style.end || ""}`,
+    `${style.start}A question is NOT permission. Asking about features is NOT permission.${style.end || ""}`,
+    `${style.start}ONLY "unlock" or "remove the lock" is permission to edit this file.${style.end || ""}`,
     `${style.start}${"=".repeat(60)}${style.end || ""}`,
     "",
   ];