start-vibing 4.4.5 → 4.4.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/cli.js
CHANGED
|
@@ -1055,7 +1055,9 @@ var MANAGED_PATHS = [
|
|
|
1055
1055
|
".claude/settings.json",
|
|
1056
1056
|
".claude/settings.local.json",
|
|
1057
1057
|
".claude/CLAUDE.md",
|
|
1058
|
-
"CLAUDE.md"
|
|
1058
|
+
"CLAUDE.md",
|
|
1059
|
+
".playwright-mcp/",
|
|
1060
|
+
".playwright-mcp"
|
|
1059
1061
|
];
|
|
1060
1062
|
function isPathTracked(targetDir, path) {
|
|
1061
1063
|
try {
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "start-vibing",
|
|
3
|
-
"version": "4.4.
|
|
3
|
+
"version": "4.4.7",
|
|
4
4
|
"description": "Setup Claude Code with 9 plugins, 6 community skills, and 8 MCP servers. Parallel install, auto-accept, superpowers + ralph-loop. e2e-audit 0.2.0 refactor (skill-only, no agents): SessionStart hook + slash command make the skill keyword-invokable (\"e2e audit\", \"roda o e2e\", \"integration test\", \"test coverage gaps\"). Source-first discovery via detect-stack, discover-routes (Next app/pages/Remix/SvelteKit/Nuxt/Astro), discover-api-surface (HTTP handlers, tRPC procedures, GraphQL, server actions, middleware auth), inventory-existing-tests (preserve prior corpus + sha256 drift hash), and detect-uncovered (branch-diff vs origin/main finds changes not covered by existing specs). Report-then-ask between mapping and Playwright run; post-run-feedback report before writing findings. SHOT+TRACE+ASSERT+SOURCE evidence quad per non-meta finding; meta rules (coverage-gap-*, uncovered-*, test-drift, stack-detect, post-run-feedback) exempt. verify-audit.sh enforces schema + quad. Generic (no project leakage). super-design 0.7.0 carries over.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"bin": {
|
|
@@ -0,0 +1,63 @@
|
|
|
1
|
+
#!/usr/bin/env bash
|
|
2
|
+
# Block auto-commits from super-design (sd-fix) and superpowers plugins.
|
|
3
|
+
#
|
|
4
|
+
# Rationale: these plugins commit on behalf of the user without explicit
|
|
5
|
+
# confirmation per commit (sd-fix commits per finding ID; superpowers
|
|
6
|
+
# commits per TDD step). In shared repos this pollutes history.
|
|
7
|
+
#
|
|
8
|
+
# This hook reads the PreToolUse JSON payload from stdin and exits 2
|
|
9
|
+
# (= block + show message to model) when it detects plugin signatures.
|
|
10
|
+
#
|
|
11
|
+
# User-driven commits via /commit or a literal "git commit" run by the
|
|
12
|
+
# user are NOT blocked — only commits whose message matches the known
|
|
13
|
+
# plugin patterns.
|
|
14
|
+
|
|
15
|
+
set -uo pipefail
|
|
16
|
+
|
|
17
|
+
input="$(cat)"
|
|
18
|
+
|
|
19
|
+
# Extract command field; tolerate missing jq
|
|
20
|
+
if command -v jq >/dev/null 2>&1; then
|
|
21
|
+
cmd="$(printf '%s' "$input" | jq -r '.tool_input.command // ""' 2>/dev/null || true)"
|
|
22
|
+
else
|
|
23
|
+
cmd="$(printf '%s' "$input" | grep -oE '"command"[[:space:]]*:[[:space:]]*"[^"]*"' | head -1 | sed -E 's/.*"command"[[:space:]]*:[[:space:]]*"(.*)"/\1/')"
|
|
24
|
+
fi
|
|
25
|
+
|
|
26
|
+
# Hard-block any git operation that touches .playwright-mcp artifacts
|
|
27
|
+
# (covers `git add .playwright-mcp`, `git commit -- .playwright-mcp`, etc.)
|
|
28
|
+
if printf '%s' "$cmd" | grep -qE 'git[[:space:]]+(add|commit|stage)' \
|
|
29
|
+
&& printf '%s' "$cmd" | grep -qE '\.playwright-mcp'; then
|
|
30
|
+
printf 'BLOCKED: .playwright-mcp/ must never be committed (browser session artifacts).\n' >&2
|
|
31
|
+
printf 'It is auto-added to .gitignore by start-vibing. Remove the path from your command.\n' >&2
|
|
32
|
+
exit 2
|
|
33
|
+
fi
|
|
34
|
+
|
|
35
|
+
# Not a git commit? allow
|
|
36
|
+
if ! printf '%s' "$cmd" | grep -qE 'git[[:space:]]+commit'; then
|
|
37
|
+
exit 0
|
|
38
|
+
fi
|
|
39
|
+
|
|
40
|
+
# Plugin commit signatures (super-design fix IDs + superpowers markers)
|
|
41
|
+
patterns=(
|
|
42
|
+
'\[A[0-9]+-' # super-design accessibility findings (A1-A15)
|
|
43
|
+
'\[V[0-9]+-' # super-design design findings (V1-V8)
|
|
44
|
+
'\[U[0-9]+-' # super-design ux findings (U1-U10)
|
|
45
|
+
'\[P[0-9]+-' # super-design perf findings (P1-P10)
|
|
46
|
+
'\[M[0-9]+-' # super-design mobile findings (M1-M15)
|
|
47
|
+
'\[DSC-[0-9]+' # super-design skill findings
|
|
48
|
+
'finding[_-]?id' # any explicit finding-id reference
|
|
49
|
+
'sd-fix' # sd-fix subagent marker
|
|
50
|
+
'superpowers:' # superpowers commit marker
|
|
51
|
+
'red.*green.*refactor' # TDD step commit
|
|
52
|
+
)
|
|
53
|
+
|
|
54
|
+
for p in "${patterns[@]}"; do
|
|
55
|
+
if printf '%s' "$cmd" | grep -qiE "$p"; then
|
|
56
|
+
printf 'BLOCKED: plugin auto-commit detected (pattern: %s).\n' "$p" >&2
|
|
57
|
+
printf 'super-design and superpowers must NOT commit automatically.\n' >&2
|
|
58
|
+
printf 'If the user asked for a commit, run /commit or ask the user to confirm the message first.\n' >&2
|
|
59
|
+
exit 2
|
|
60
|
+
fi
|
|
61
|
+
done
|
|
62
|
+
|
|
63
|
+
exit 0
|
|
@@ -59,6 +59,17 @@
|
|
|
59
59
|
]
|
|
60
60
|
}
|
|
61
61
|
],
|
|
62
|
+
"PreToolUse": [
|
|
63
|
+
{
|
|
64
|
+
"matcher": "Bash",
|
|
65
|
+
"hooks": [
|
|
66
|
+
{
|
|
67
|
+
"type": "command",
|
|
68
|
+
"command": "bash \"$CLAUDE_PROJECT_DIR/.claude/hooks/block-plugin-commits.sh\""
|
|
69
|
+
}
|
|
70
|
+
]
|
|
71
|
+
}
|
|
72
|
+
],
|
|
62
73
|
"PostToolUse": [
|
|
63
74
|
{
|
|
64
75
|
"matcher": "Write|Edit",
|