spidersan 0.4.0 → 0.4.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +32 -18
- package/package.json +6 -7
- package/CHANGELOG.md +0 -127
package/README.md
CHANGED
|
@@ -65,7 +65,7 @@ npm install -g spidersan
|
|
|
65
65
|
|
|
66
66
|
```bash
|
|
67
67
|
# 1. Register your branch when you start working
|
|
68
|
-
spidersan register --files "
|
|
68
|
+
spidersan register --files "lib/auth.ts,api/login.ts"
|
|
69
69
|
|
|
70
70
|
# 2. Check for conflicts before you go too deep
|
|
71
71
|
spidersan conflicts
|
|
@@ -81,26 +81,26 @@ spidersan merge-order
|
|
|
81
81
|
|
|
82
82
|
## ✨ Features
|
|
83
83
|
|
|
84
|
-
### Core Commands
|
|
84
|
+
### Core Commands
|
|
85
85
|
|
|
86
86
|
| Command | Description |
|
|
87
87
|
|---------|-------------|
|
|
88
|
-
| `spidersan
|
|
89
|
-
| `spidersan register` | Register a branch with files being modified |
|
|
90
|
-
| `spidersan
|
|
91
|
-
| `spidersan
|
|
92
|
-
| `spidersan
|
|
93
|
-
| `spidersan
|
|
94
|
-
| `spidersan
|
|
95
|
-
| `spidersan
|
|
96
|
-
| `spidersan
|
|
97
|
-
| `spidersan
|
|
98
|
-
| `spidersan
|
|
99
|
-
| `spidersan merged` | Mark a branch as merged |
|
|
100
|
-
| `spidersan sync` | Sync registry with git state |
|
|
88
|
+
| `spidersan list` | List all registered branches and their file ownership |
|
|
89
|
+
| `spidersan register --files` | Register a branch with the files being modified |
|
|
90
|
+
| `spidersan conflicts` | Show file conflicts between your branch and others |
|
|
91
|
+
| `spidersan merge-order` | Get topologically-sorted optimal merge order |
|
|
92
|
+
| `spidersan ready-check` | Verify branch is ready to merge (no WIP, no conflicts) |
|
|
93
|
+
| `spidersan watch --hub` | Daemon mode: watch files and auto-register with Hub sync |
|
|
94
|
+
| `spidersan who-touched <file>` | Show git history + agent activity for specific files |
|
|
95
|
+
| `spidersan rescue` | Start rescue mission for abandoned branch cleanup |
|
|
96
|
+
| `spidersan scan --all` | Scan and categorize all branches in the repo |
|
|
97
|
+
| `spidersan triage` | Categorize branches: MERGE / SALVAGE / ABANDON |
|
|
98
|
+
| `spidersan salvage <branch>` | Extract good code from broken branches |
|
|
101
99
|
| `spidersan watch` | Daemon mode - watch files and auto-register |
|
|
102
100
|
| `spidersan doctor` | Diagnose local state and registry health |
|
|
103
101
|
|
|
102
|
+
Keep core commands and add a "Coming Soon" or "Ecosystem Plugin" section for advanced commands like `who-touched`, `monitor`, `lock`, etc.
|
|
103
|
+
|
|
104
104
|
### Ecosystem Plugin (Optional)
|
|
105
105
|
|
|
106
106
|
Install `spidersan-ecosystem` to unlock advanced coordination (internal for now):
|
|
@@ -153,8 +153,8 @@ spidersan rescue --abandon path/to/file.ts
|
|
|
153
153
|
## 📖 Documentation
|
|
154
154
|
|
|
155
155
|
- [Core Guide](docs/CORE.md) - Public feature set and core workflows
|
|
156
|
-
-
|
|
157
|
-
-
|
|
156
|
+
- Ecosystem Overview (internal; see spidersan-ecosystem repo)
|
|
157
|
+
- Usage (internal; see spidersan-ecosystem repo)
|
|
158
158
|
- [One Pager](docs/ONE_PAGER.md) - Product overview
|
|
159
159
|
- [Data Collection](docs/DATA_COLLECTION.md) - Privacy & data practices
|
|
160
160
|
|
|
@@ -181,9 +181,23 @@ Contributions welcome! Please read our contributing guidelines first.
|
|
|
181
181
|
|
|
182
182
|
---
|
|
183
183
|
|
|
184
|
+
## Support
|
|
185
|
+
|
|
186
|
+
### Fuel the Flock
|
|
187
|
+
|
|
188
|
+
Treebird is free and open source. Star our repos on GitHub or support us to keep the servers running and the agents dreaming.
|
|
189
|
+
|
|
190
|
+
❤️ Sponsor on GitHub
|
|
191
|
+
https://github.com/sponsors/treebird7
|
|
192
|
+
|
|
193
|
+
☕ Buy me a coffee
|
|
194
|
+
https://buymeacoffee.com/tree.bird
|
|
195
|
+
|
|
196
|
+
---
|
|
197
|
+
|
|
184
198
|
## 📄 License
|
|
185
199
|
|
|
186
|
-
|
|
200
|
+
MIT License - see [LICENSE](LICENSE) for details
|
|
187
201
|
|
|
188
202
|
---
|
|
189
203
|
|
package/package.json
CHANGED
|
@@ -1,18 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "spidersan",
|
|
3
|
-
"version": "0.4.
|
|
3
|
+
"version": "0.4.2",
|
|
4
4
|
"description": "Branch coordination for AI coding agents",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
7
7
|
"types": "dist/index.d.ts",
|
|
8
8
|
"bin": {
|
|
9
|
-
"spidersan": "
|
|
9
|
+
"spidersan": "dist/bin/spidersan.js"
|
|
10
10
|
},
|
|
11
11
|
"files": [
|
|
12
12
|
"dist",
|
|
13
13
|
"README.md",
|
|
14
|
-
"LICENSE"
|
|
15
|
-
"CHANGELOG.md"
|
|
14
|
+
"LICENSE"
|
|
16
15
|
],
|
|
17
16
|
"publishConfig": {
|
|
18
17
|
"access": "public"
|
|
@@ -54,12 +53,12 @@
|
|
|
54
53
|
"license": "MIT",
|
|
55
54
|
"repository": {
|
|
56
55
|
"type": "git",
|
|
57
|
-
"url": "git+https://github.com/treebird7/
|
|
56
|
+
"url": "git+https://github.com/treebird7/spidersan-oss.git"
|
|
58
57
|
},
|
|
59
58
|
"bugs": {
|
|
60
|
-
"url": "https://github.com/treebird7/
|
|
59
|
+
"url": "https://github.com/treebird7/spidersan-oss/issues"
|
|
61
60
|
},
|
|
62
|
-
"homepage": "https://github.com/treebird7/
|
|
61
|
+
"homepage": "https://github.com/treebird7/spidersan-oss#readme",
|
|
63
62
|
"engines": {
|
|
64
63
|
"node": ">=18.0.0"
|
|
65
64
|
},
|
package/CHANGELOG.md
DELETED
|
@@ -1,127 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
tags: [project/treebird-hub, agent/myceliumail, agent/spidersan, topic/mcp]
|
|
3
|
-
---
|
|
4
|
-
|
|
5
|
-
# Changelog
|
|
6
|
-
|
|
7
|
-
All notable changes to Spidersan will be documented in this file.
|
|
8
|
-
|
|
9
|
-
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
|
10
|
-
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
|
11
|
-
|
|
12
|
-
## [Unreleased]
|
|
13
|
-
|
|
14
|
-
## [0.4.0] - 2026-01-26 (Core Release)
|
|
15
|
-
|
|
16
|
-
This release consolidates Spidersan into a focused, professional 15-command core with an optional ecosystem plugin for advanced features.
|
|
17
|
-
|
|
18
|
-
### Added
|
|
19
|
-
- **Plugin Architecture** - Optional ecosystem commands loaded at runtime via `ecosystem-loader.ts`
|
|
20
|
-
- **Version Mismatch Detection** - Warns if ecosystem plugin is incompatible with core version
|
|
21
|
-
- **Type Stubs** - Support for optional ecosystem module without installation
|
|
22
|
-
- **Ecosystem Package** - Separate `spidersan-ecosystem` package for advanced features (locking, intent scanning, real-time monitoring, torrenting, messaging, security audit)
|
|
23
|
-
|
|
24
|
-
### Changed
|
|
25
|
-
- **Core Streamlined** - Reduced from 47 commands to 15 essential commands
|
|
26
|
-
- **Documentation Split** - Public CORE.md (15 commands) vs. advanced ECOSYSTEM.md (16 commands)
|
|
27
|
-
- **CLI Messaging** - Removed Pro/BSL licensing references; MIT-only across all packages
|
|
28
|
-
- **README Refocused** - Emphasizes core use cases (coordination, conflict resolution)
|
|
29
|
-
- **USAGE Examples** - Updated to match 15-command core; ecosystem features documented separately
|
|
30
|
-
|
|
31
|
-
### Removed
|
|
32
|
-
- **16 Ecosystem Commands** - Moved to optional `spidersan-ecosystem` plugin: lock, semantic, torrent, monitor, intent-scan, active-windows, radar, collab, collab-sync, sync-all, tension, audit-mark, send, inbox, msg-read, keygen
|
|
33
|
-
- **Pro Licensing** - Consolidated to MIT-only model
|
|
34
|
-
|
|
35
|
-
### Fixed
|
|
36
|
-
- **Abandon Command Name** - Consistency across CORE.md and CLI help
|
|
37
|
-
- **Register Examples** - Now reflect actual core command behavior
|
|
38
|
-
|
|
39
|
-
## [0.3.0] - 2026-01-25 (Feature Release)
|
|
40
|
-
|
|
41
|
-
This release focuses on advanced coordination infrastructure, forensic analysis, and offline-first reliability.
|
|
42
|
-
|
|
43
|
-
### Added
|
|
44
|
-
- **🚑 Rescue Mode** (`spidersan rescue`) - Automated scanning, triage (Merge/Salvage/Abandon), and code salvage for chaotic or abandoned repositories.
|
|
45
|
-
- **📺 Monitor Dashboard** (`spidersan monitor`) - Real-time terminal TUI for tracking the swarm's activity and conflict status across the team.
|
|
46
|
-
- **🧬 DNA-Level Security** - AST hashing in `spidersan lock` ensures agents never work on stale code by verifying the underlying logic structure hasn't changed.
|
|
47
|
-
- **🔄 CRDT Sync** - Ground-up rewrite of local coordination to use state-based CRDTs, allowing agents to resolve conflicts locally even without Hub connectivity.
|
|
48
|
-
- **🔍 Ownership Forensics** (`spidersan who-owns`) - Identifies file "owners" based on git contribution density and recent activity.
|
|
49
|
-
- **🧠 Semantic RLS** (`spidersan semantic`) - Deep conflict detection using the RLS Knowledge Graph (requires `@treebird/mappersan`).
|
|
50
|
-
- **🩺 Advanced Diagnostics** - Enhanced `spidersan doctor` with ulimit (EMFILE prevention), daemon health, and Node.js environment checks.
|
|
51
|
-
|
|
52
|
-
### Changed
|
|
53
|
-
- **OSS Portability**: Refactored `mappersan` from a hard file dependency to a dynamic optional import, making the CLI fully publishable and portable.
|
|
54
|
-
- **Persistence**: Improved Invoak/Spidersan coordination logic for better result persistence across machine boundaries.
|
|
55
|
-
|
|
56
|
-
### Security
|
|
57
|
-
- Added SHA-256 structural hashing for all semantic locks.
|
|
58
|
-
- Refactored hardcoded user paths to use cross-platform environment variables.
|
|
59
|
-
|
|
60
|
-
## [0.2.2] - 2026-01-19 (Security Release)
|
|
61
|
-
|
|
62
|
-
This release addresses several critical security vulnerabilities. Users are strongly encouraged to upgrade immediately.
|
|
63
|
-
|
|
64
|
-
### Security
|
|
65
|
-
- **Fixed:** Resolved a shell injection vulnerability in `conflicts.ts`. Improper sanitization of user-provided input could allow arbitrary command execution via `--wake` flag.
|
|
66
|
-
- **Fixed:** Implemented stricter input validation across 8 mycmail wrapper commands (send.ts, inbox.ts, msg-read.ts, keys.ts, keygen.ts, key-import.ts, collab.ts) to prevent injection attacks.
|
|
67
|
-
- **Fixed:** Sanitized Supabase queries to prevent potential SQL injection vulnerabilities.
|
|
68
|
-
- **Added:** Implemented MCP server Access Control Lists (ACLs) to restrict process control and validate watch directories.
|
|
69
|
-
- **Added:** Centralized security validation utilities in `src/lib/security.ts`.
|
|
70
|
-
|
|
71
|
-
### Changed
|
|
72
|
-
- Replaced `execSync` with `execFileSync` and `spawnSync` for safer command execution using argument arrays instead of string interpolation.
|
|
73
|
-
- Added input validation patterns: `VALID_AGENT_ID` (`[a-z0-9_-]{1,32}`), `VALID_BRANCH_NAME` (`[a-zA-Z0-9/_.-]{1,128}`), `VALID_MESSAGE_ID`.
|
|
74
|
-
- Hardened file path handling in all commands.
|
|
75
|
-
|
|
76
|
-
### Added
|
|
77
|
-
- **AST semantic detection** - `spidersan conflicts --semantic` for symbol-level conflict analysis using Tree-sitter
|
|
78
|
-
- **CRDT symbol locking** - `spidersan lock` for distributed coordination
|
|
79
|
-
- **GitHub Action template** for auto-registration on push
|
|
80
|
-
|
|
81
|
-
## [0.2.1] - 2025-12-30
|
|
82
|
-
|
|
83
|
-
### Added
|
|
84
|
-
- **Watch mode (daemon)** - Real-time file monitoring and auto-registration
|
|
85
|
-
- `spidersan watch` - Start watching files in current repo
|
|
86
|
-
- `--agent <id>` - Tag registrations with agent identifier
|
|
87
|
-
- `--hub` - Connect to Treebird Hub for real-time conflict warnings
|
|
88
|
-
- `--hub-sync` - Post conflicts to Hub chat via REST API
|
|
89
|
-
- `--quiet` - Only show conflicts, not file changes
|
|
90
|
-
- `--dir <path>` - Watch specific directory
|
|
91
|
-
- Debounced file detection (1s) to prevent spam
|
|
92
|
-
- Auto-register files to current branch on change
|
|
93
|
-
- Real-time conflict detection across active branches
|
|
94
|
-
- Hub integration via `conflicts:warning` socket event
|
|
95
|
-
|
|
96
|
-
### Dependencies
|
|
97
|
-
- Added `chokidar` for file system watching
|
|
98
|
-
- Added `socket.io-client` for Hub real-time connection
|
|
99
|
-
|
|
100
|
-
## [0.2.0] - 2025-12-29
|
|
101
|
-
|
|
102
|
-
### Added
|
|
103
|
-
- **Session lifecycle commands** - Myceliumail ecosystem integration
|
|
104
|
-
- `spidersan wake` - Start session: sync registry, check conflicts, call `mycmail wake`
|
|
105
|
-
- `spidersan close` - End session: show status, optionally mark stale, call `mycmail close`
|
|
106
|
-
|
|
107
|
-
## [0.2.0] - 2025-12-23
|
|
108
|
-
|
|
109
|
-
### Added
|
|
110
|
-
- **MCP Server** - Model Context Protocol integration for Claude Desktop
|
|
111
|
-
- 7 tools: list_branches, check_conflicts, get_merge_order, register_branch, mark_merged, mark_abandoned, get_branch_info
|
|
112
|
-
- Global storage at `~/.spidersan/registry.json`
|
|
113
|
-
- **Update check notifications** - CLI checks npm for newer versions
|
|
114
|
-
- Shows banner when update available
|
|
115
|
-
- 24-hour cache, non-blocking
|
|
116
|
-
|
|
117
|
-
### Changed
|
|
118
|
-
- MCP server uses global storage (works without git context)
|
|
119
|
-
- `register_branch` accepts explicit branch name (no git auto-detect required)
|
|
120
|
-
|
|
121
|
-
## [0.1.0] - 2025-12-15
|
|
122
|
-
|
|
123
|
-
### Added
|
|
124
|
-
- Initial project structure
|
|
125
|
-
- Branch registration and conflict detection
|
|
126
|
-
- Merge order recommendations
|
|
127
|
-
- Local JSON storage
|