npm - start-vibing - Versions diffs - 4.4.0 → 4.4.2 - Mend

start-vibing 4.4.0 → 4.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (58) hide show

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
 	"name": "start-vibing",
-	"version": "4.4.0",
-	"description": "Setup Claude Code with 9 plugins, 6 community skills, and 8 MCP servers. Parallel install, auto-accept, superpowers + ralph-loop. super-design 0.7.0 (BREAKING): source-first surface & project-rule discovery. New scripts/discover-surfaces.sh statically maps modals, forms, triggers, internal nav, Next.js layout/error/loading/not-found/parallel/intercepting routes BEFORE Playwright runs. New scripts/extract-project-rules.sh parses FORBIDDEN tables from CLAUDE.md / AGENTS.md / .cursorrules into an authoritative rule source. sd-audit gains Step 1.5 (surface + rule extraction), viewport-coverage quota (emits audit-coverage-skewed meta finding if mobile < 30%), mandatory design-intelligence-craft-summary finding per page × viewport (one holistic verdict per combo, not just discrete C1-C17), Step 3i project-rule enforcement (project FORBIDDEN rules fire as primary findings keyed to the project's own wording), and modal-coverage-gap / form-coverage-gap findings for source-declared components never exercised at runtime. verify-audit.sh enforces design-intelligence/<slug>_<vp>.json existence per MATRIX combination and mobile quota gate. Baymard 88-rule catalog + DSC-choice typeui selection carry over from 0.6.4.",
+	"version": "4.4.2",
+	"description": "Setup Claude Code with 9 plugins, 6 community skills, and 8 MCP servers. Parallel install, auto-accept, superpowers + ralph-loop. e2e-audit 0.2.0 refactor (skill-only, no agents): SessionStart hook + slash command make the skill keyword-invokable (\"e2e audit\", \"roda o e2e\", \"integration test\", \"test coverage gaps\"). Source-first discovery via detect-stack, discover-routes (Next app/pages/Remix/SvelteKit/Nuxt/Astro), discover-api-surface (HTTP handlers, tRPC procedures, GraphQL, server actions, middleware auth), inventory-existing-tests (preserve prior corpus + sha256 drift hash), and detect-uncovered (branch-diff vs origin/main finds changes not covered by existing specs). Report-then-ask between mapping and Playwright run; post-run-feedback report before writing findings. SHOT+TRACE+ASSERT+SOURCE evidence quad per non-meta finding; meta rules (coverage-gap-*, uncovered-*, test-drift, stack-detect, post-run-feedback) exempt. verify-audit.sh enforces schema + quad. Generic (no project leakage). super-design 0.7.0 carries over.",
 	"type": "module",
 	"bin": {
 		"start-vibing": "./dist/cli.js"

package/template/.claude/commands/e2e-audit.md ADDED Viewed

@@ -0,0 +1,16 @@
+---
+description: Run e2e-audit (source-first integration-test audit + coverage-gap detection)
+---
+Invoke the e2e-audit skill with flags: $ARGUMENTS
+Follow SKILL.md entry flow:
+1. Preflight — detect stack, inventory existing tests, hash for drift
+2. Source-first discovery — routes + api-surface + uncovered (branch diff)
+3. Report-then-ask — show map, STOP for user confirmation
+4. Dev server + Playwright run — capture SHOT+TRACE+ASSERT+SOURCE
+5. Post-run feedback — API errors, RBAC, console, server crashes
+6. Write findings.json + run verify-audit.sh
+7. Return ≤5-sentence summary
+Do not paste the full map into chat.

package/template/.claude/hooks/e2e-audit-session-start.sh ADDED Viewed

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+cat <<'EOF'
+{"hookSpecificOutput":{"hookEventName":"SessionStart","additionalContext":"When the user mentions e2e audit, integration test audit, test coverage gaps, 'roda o e2e', 'run the e2e', end-to-end tests, API contract check, RBAC coverage, or says anything about auditing their application's integration tests — you MUST invoke the e2e-audit skill. Do not improvise a test plan, do not manually write specs without running the skill first, do not start Playwright blind. Read .claude/skills/e2e-audit/SKILL.md first, then follow its entry flow. The skill uses source-first discovery (routes.json + api-surface.json + existing-tests.json + uncovered.json) BEFORE touching the browser. It preserves any existing tests/ directory, warns on drift between runs, and emits a post-run-feedback report before writing findings.\n\nAfter mapping finishes, STOP and ask the user before running tests — report-then-ask. Every non-meta finding must carry the SHOT+TRACE+ASSERT+SOURCE evidence quad (screenshot, Playwright trace, literal assertion, source file). Coverage gaps surface as rule=coverage-gap-* or uncovered-* meta findings."}}
+EOF

package/template/.claude/hooks/mcp-usage-session-start.sh ADDED Viewed

@@ -0,0 +1,4 @@
+#!/usr/bin/env bash
+cat <<'EOF'
+{"hookSpecificOutput":{"hookEventName":"SessionStart","additionalContext":"MCP USAGE RULES (non-negotiable for this project):\n\n1. sequential-thinking — You MUST invoke `mcp__sequential-thinking__sequentialthinking` BEFORE proposing a solution whenever the task involves: multi-step implementation, architecture/design decisions, debugging a non-trivial bug, refactor planning, trade-off analysis, or any request where the path is not obvious in one step. Do not skip it because the answer 'feels clear' — use it to externalize the plan, then act. Skip ONLY for: trivial single-file edits, pure lookups, direct factual questions, or formatting/typo fixes.\n\n2. context7 — You MUST invoke `mcp__context7__resolve-library-id` followed by `mcp__context7__query-docs` BEFORE writing or modifying code that uses ANY external library, framework, SDK, API, or CLI tool — including well-known ones (React, Next.js, Mongoose, Zod, Tailwind, shadcn, TanStack Query, Playwright, Vitest, Bun, Express, Prisma, etc.). Your training data may be stale; context7 returns current docs. Skip ONLY for: pure language features (vanilla TS/JS), project-internal code with no library surface, or refactors that don't touch library APIs.\n\n3. Order of operations for a typical feature task: sequential-thinking (plan) → context7 (verify library APIs) → implement → quality gates. Do not invert.\n\n4. If you catch yourself about to write code without having called context7 for a library you're importing, STOP and call it first. If you catch yourself proposing a multi-step plan without sequential-thinking, STOP and call it first.\n\n5. These MCPs are already connected in this project (.mcp.json). There is no setup cost — just call them."}}
+EOF

package/template/.claude/settings.json CHANGED Viewed

@@ -39,6 +39,14 @@
 					{
 						"type": "command",
 						"command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/super-design-session-start.sh\""
+					},
+					{
+						"type": "command",
+						"command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/e2e-audit-session-start.sh\""
+					},
+					{
+						"type": "command",
+						"command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/mcp-usage-session-start.sh\""
 					}
 				]
 			}