docguard-cli 0.20.0__tar.gz → 0.21.1__tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (339) hide show
  1. {docguard_cli-0.20.0/extensions/spec-kit-docguard → docguard_cli-0.21.1/.agent}/skills/docguard-fix/SKILL.md +2 -2
  2. {docguard_cli-0.20.0/extensions/spec-kit-docguard → docguard_cli-0.21.1/.agent}/skills/docguard-guard/SKILL.md +2 -2
  3. {docguard_cli-0.20.0/extensions/spec-kit-docguard → docguard_cli-0.21.1/.agent}/skills/docguard-review/SKILL.md +2 -2
  4. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/docguard-score/SKILL.md +2 -2
  5. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/docguard-sync/SKILL.md +1 -1
  6. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/workflows/ci.yml +2 -2
  7. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/workflows/release.yml +3 -3
  8. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/CHANGELOG.md +134 -0
  9. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/PKG-INFO +11 -3
  10. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/README.md +10 -2
  11. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/action.yml +3 -3
  12. docguard_cli-0.21.1/cli/commands/demo.mjs +241 -0
  13. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/init.mjs +81 -8
  14. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/docguard.mjs +22 -1
  15. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/ensure-skills.mjs +50 -8
  16. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/extension.yml +1 -1
  17. {docguard_cli-0.20.0/.agent → docguard_cli-0.21.1/extensions/spec-kit-docguard}/skills/docguard-fix/SKILL.md +2 -2
  18. {docguard_cli-0.20.0/.agent → docguard_cli-0.21.1/extensions/spec-kit-docguard}/skills/docguard-guard/SKILL.md +2 -2
  19. {docguard_cli-0.20.0/.agent → docguard_cli-0.21.1/extensions/spec-kit-docguard}/skills/docguard-review/SKILL.md +2 -2
  20. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/skills/docguard-score/SKILL.md +2 -2
  21. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/skills/docguard-sync/SKILL.md +1 -1
  22. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/package.json +1 -1
  23. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/pyproject.toml +1 -1
  24. docguard_cli-0.21.1/templates/demo-fixture/.docguard.json +8 -0
  25. docguard_cli-0.21.1/templates/demo-fixture/.env.example +5 -0
  26. docguard_cli-0.21.1/templates/demo-fixture/AGENTS.md +14 -0
  27. docguard_cli-0.21.1/templates/demo-fixture/CHANGELOG.md +13 -0
  28. docguard_cli-0.21.1/templates/demo-fixture/DRIFT-LOG.md +3 -0
  29. docguard_cli-0.21.1/templates/demo-fixture/README.md +17 -0
  30. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/API-REFERENCE.md +36 -0
  31. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/ARCHITECTURE.md +30 -0
  32. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/DATA-MODEL.md +30 -0
  33. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/ENVIRONMENT.md +20 -0
  34. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/SECURITY.md +15 -0
  35. docguard_cli-0.21.1/templates/demo-fixture/docs-canonical/TEST-SPEC.md +10 -0
  36. docguard_cli-0.21.1/templates/demo-fixture/package.json +10 -0
  37. docguard_cli-0.21.1/templates/demo-fixture/src/api.mjs +18 -0
  38. docguard_cli-0.21.1/templates/demo-fixture/src/notifier.mjs +23 -0
  39. docguard_cli-0.21.1/templates/demo-fixture/src/scheduler.mjs +8 -0
  40. docguard_cli-0.21.1/templates/demo-fixture/src/worker.mjs +15 -0
  41. docguard_cli-0.21.1/tests/demo-command.test.mjs +96 -0
  42. docguard_cli-0.21.1/tests/init-smart-detection.test.mjs +124 -0
  43. docguard_cli-0.21.1/tests/security-init-injection.test.mjs +145 -0
  44. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.analyze.md +0 -0
  45. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.checklist.md +0 -0
  46. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.clarify.md +0 -0
  47. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.constitution.md +0 -0
  48. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.implement.md +0 -0
  49. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.plan.md +0 -0
  50. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.specify.md +0 -0
  51. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.tasks.md +0 -0
  52. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/commands/speckit.taskstoissues.md +0 -0
  53. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-analyze/SKILL.md +0 -0
  54. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-checklist/SKILL.md +0 -0
  55. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-clarify/SKILL.md +0 -0
  56. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-constitution/SKILL.md +0 -0
  57. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-implement/SKILL.md +0 -0
  58. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-plan/SKILL.md +0 -0
  59. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-specify/SKILL.md +0 -0
  60. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-tasks/SKILL.md +0 -0
  61. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.agent/skills/speckit-taskstoissues/SKILL.md +0 -0
  62. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.docguard.json +0 -0
  63. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.docguardignore +0 -0
  64. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/ISSUE_TEMPLATE/bug_report.md +0 -0
  65. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/ISSUE_TEMPLATE/feature_request.md +0 -0
  66. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/dependabot.yml +0 -0
  67. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/scripts/patch-catalog.py +0 -0
  68. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/workflows/supply-chain.yml +0 -0
  69. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.github/workflows/sync-speckit-catalog.yml +0 -0
  70. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.gitignore +0 -0
  71. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.jules/bolt.md +0 -0
  72. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.jules/palette.md +0 -0
  73. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.jules/sentinel.md +0 -0
  74. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.npmignore +0 -0
  75. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.npmrc +0 -0
  76. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/extensions/.cache/catalog-ebf165086500aab1-metadata.json +0 -0
  77. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/extensions/.cache/catalog-ebf165086500aab1.json +0 -0
  78. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/extensions/.cache/catalog-metadata.json +0 -0
  79. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/extensions/.cache/catalog.json +0 -0
  80. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/init-options.json +0 -0
  81. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/memory/constitution.md +0 -0
  82. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/scripts/bash/check-prerequisites.sh +0 -0
  83. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/scripts/bash/common.sh +0 -0
  84. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/scripts/bash/create-new-feature.sh +0 -0
  85. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/scripts/bash/setup-plan.sh +0 -0
  86. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/scripts/bash/update-agent-context.sh +0 -0
  87. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/agent-file-template.md +0 -0
  88. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/checklist-template.md +0 -0
  89. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/constitution-template.md +0 -0
  90. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/plan-template.md +0 -0
  91. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/spec-template.md +0 -0
  92. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/.specify/templates/tasks-template.md +0 -0
  93. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/AGENTS.md +0 -0
  94. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/CODE_OF_CONDUCT.md +0 -0
  95. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/COMPARISONS.md +0 -0
  96. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/CONTRIBUTING.md +0 -0
  97. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/DRIFT-LOG.md +0 -0
  98. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/LICENSE +0 -0
  99. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/PHILOSOPHY.md +0 -0
  100. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/ROADMAP.md +0 -0
  101. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/SECURITY.md +0 -0
  102. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/STANDARD.md +0 -0
  103. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/SUPPLY-CHAIN-AUDIT.md +0 -0
  104. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/SUPPORT.md +0 -0
  105. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/agents.mjs +0 -0
  106. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/badge.mjs +0 -0
  107. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/ci.mjs +0 -0
  108. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/diagnose.mjs +0 -0
  109. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/diff.mjs +0 -0
  110. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/explain.mjs +0 -0
  111. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/fix.mjs +0 -0
  112. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/generate.mjs +0 -0
  113. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/guard.mjs +0 -0
  114. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/hooks.mjs +0 -0
  115. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/impact.mjs +0 -0
  116. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/llms.mjs +0 -0
  117. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/memory.mjs +0 -0
  118. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/publish.mjs +0 -0
  119. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/score.mjs +0 -0
  120. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/setup.mjs +0 -0
  121. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/sync.mjs +0 -0
  122. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/trace.mjs +0 -0
  123. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/upgrade.mjs +0 -0
  124. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/commands/watch.mjs +0 -0
  125. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/api-doc.mjs +0 -0
  126. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/cdk.mjs +0 -0
  127. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/doc-tools.mjs +0 -0
  128. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/frontend.mjs +0 -0
  129. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/iac.mjs +0 -0
  130. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/integrations.mjs +0 -0
  131. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/memory-plan.mjs +0 -0
  132. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/project-type.mjs +0 -0
  133. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/routes.mjs +0 -0
  134. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/schemas.mjs +0 -0
  135. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/scanners/speckit.mjs +0 -0
  136. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/shared-git.mjs +0 -0
  137. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/shared-ignore.mjs +0 -0
  138. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/shared-source.mjs +0 -0
  139. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/shared.mjs +0 -0
  140. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/api-surface.mjs +0 -0
  141. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/architecture.mjs +0 -0
  142. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/canonical-sync.mjs +0 -0
  143. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/changelog.mjs +0 -0
  144. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/cross-reference.mjs +0 -0
  145. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/doc-quality.mjs +0 -0
  146. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/docs-coverage.mjs +0 -0
  147. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/docs-diff.mjs +0 -0
  148. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/docs-sync.mjs +0 -0
  149. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/drift.mjs +0 -0
  150. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/environment.mjs +0 -0
  151. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/freshness.mjs +0 -0
  152. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/generated-staleness.mjs +0 -0
  153. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/metadata-sync.mjs +0 -0
  154. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/metrics-consistency.mjs +0 -0
  155. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/schema-sync.mjs +0 -0
  156. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/security.mjs +0 -0
  157. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/spec-kit.mjs +0 -0
  158. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/structure.mjs +0 -0
  159. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/test-spec.mjs +0 -0
  160. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/todo-tracking.mjs +0 -0
  161. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/validators/traceability.mjs +0 -0
  162. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/writers/api-reference.mjs +0 -0
  163. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/writers/fix-memory.mjs +0 -0
  164. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/writers/mechanical.mjs +0 -0
  165. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/cli/writers/sections.mjs +0 -0
  166. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/commands/docguard.fix.md +0 -0
  167. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/commands/docguard.guard.md +0 -0
  168. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/commands/docguard.review.md +0 -0
  169. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/commands/docguard.score.md +0 -0
  170. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/configs/fastify.json +0 -0
  171. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/configs/generic.json +0 -0
  172. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/configs/nextjs.json +0 -0
  173. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/configs/python.json +0 -0
  174. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docguard_cli/__init__.py +0 -0
  175. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docguard_cli/wrapper.py +0 -0
  176. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/ai-integration.md +0 -0
  177. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/commands.md +0 -0
  178. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/configuration.md +0 -0
  179. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/doc-sections.md +0 -0
  180. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/faq.md +0 -0
  181. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/installation.md +0 -0
  182. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/profiles.md +0 -0
  183. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs/quickstart.md +0 -0
  184. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/ARCHITECTURE.md +0 -0
  185. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/CI-RECIPES.md +0 -0
  186. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/DATA-MODEL.md +0 -0
  187. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/ENVIRONMENT.md +0 -0
  188. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/REQUIREMENTS.md +0 -0
  189. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/SECURITY.md +0 -0
  190. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/SURFACE-AUDIT.md +0 -0
  191. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-canonical/TEST-SPEC.md +0 -0
  192. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/docs-implementation/MIGRATION-v0.20.md +0 -0
  193. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/01-express-api/README.md +0 -0
  194. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/01-express-api/package.json +0 -0
  195. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/01-express-api/server.js +0 -0
  196. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/02-python-flask/README.md +0 -0
  197. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/02-python-flask/app.py +0 -0
  198. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/02-python-flask/docs-canonical/ARCHITECTURE.md +0 -0
  199. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/02-python-flask/requirements.txt +0 -0
  200. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/CHANGELOG.md +0 -0
  201. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/README.md +0 -0
  202. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/docs-canonical/ARCHITECTURE.md +0 -0
  203. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/docs-canonical/TEST-SPEC.md +0 -0
  204. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/package.json +0 -0
  205. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/src/index.js +0 -0
  206. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/03-spec-kit-project/tests/basic.test.js +0 -0
  207. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/examples/README.md +0 -0
  208. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/LICENSE +0 -0
  209. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/README.md +0 -0
  210. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/diagnose.md +0 -0
  211. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/fix.md +0 -0
  212. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/generate.md +0 -0
  213. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/guard.md +0 -0
  214. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/init.md +0 -0
  215. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/score.md +0 -0
  216. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/sync.md +0 -0
  217. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/commands/trace.md +0 -0
  218. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/scripts/bash/common.sh +0 -0
  219. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/scripts/bash/docguard-check-docs.sh +0 -0
  220. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/scripts/bash/docguard-init-doc.sh +0 -0
  221. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/scripts/bash/docguard-suggest-fix.sh +0 -0
  222. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/templates/extensions.yml +0 -0
  223. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/templates/github-workflows/docguard-autofix.yml +0 -0
  224. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/extensions/spec-kit-docguard/templates/github-workflows/docguard-guard.yml +0 -0
  225. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/pr_description.md +0 -0
  226. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/schemas/docguard-config.schema.json +0 -0
  227. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/001-fix-ignore-validators/plan.md +0 -0
  228. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/001-fix-ignore-validators/spec.md +0 -0
  229. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/001-fix-ignore-validators/tasks.md +0 -0
  230. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/002-fix-test-discovery/plan.md +0 -0
  231. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/002-fix-test-discovery/spec.md +0 -0
  232. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/002-fix-test-discovery/tasks.md +0 -0
  233. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/003-v011-false-positives/plan.md +0 -0
  234. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/003-v011-false-positives/spec.md +0 -0
  235. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/specs/003-v011-false-positives/tasks.md +0 -0
  236. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/ADR.md.template +0 -0
  237. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/AGENTS.md.template +0 -0
  238. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/ARCHITECTURE.md.template +0 -0
  239. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/CHANGELOG.md.template +0 -0
  240. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/CURRENT-STATE.md.template +0 -0
  241. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/DATA-MODEL.md.template +0 -0
  242. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/DEPLOYMENT.md.template +0 -0
  243. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/DRIFT-LOG.md.template +0 -0
  244. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/ENVIRONMENT.md.template +0 -0
  245. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/KNOWN-GOTCHAS.md.template +0 -0
  246. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/REQUIREMENTS.md.template +0 -0
  247. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/ROADMAP.md.template +0 -0
  248. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/RUNBOOKS.md.template +0 -0
  249. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/SECURITY.md.template +0 -0
  250. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/TEST-SPEC.md.template +0 -0
  251. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/TROUBLESHOOTING.md.template +0 -0
  252. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/VENDOR-BUGS.md.template +0 -0
  253. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/ci/github-actions.yml +0 -0
  254. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/commands/docguard.fix.md +0 -0
  255. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/commands/docguard.guard.md +0 -0
  256. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/commands/docguard.init.md +0 -0
  257. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/commands/docguard.review.md +0 -0
  258. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/templates/commands/docguard.update.md +0 -0
  259. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/test-draft.js +0 -0
  260. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/test-metrics.js +0 -0
  261. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/anchor-autofix.test.mjs +0 -0
  262. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/api-doc.test.mjs +0 -0
  263. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/api-surface.test.mjs +0 -0
  264. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/api-write.test.mjs +0 -0
  265. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/architecture.test.mjs +0 -0
  266. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/b7-node-env-symmetry.test.mjs +0 -0
  267. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/backup-failure.test.mjs +0 -0
  268. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/canonical-sync.test.mjs +0 -0
  269. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/cdk-detection.test.mjs +0 -0
  270. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/changed-only-scoping.test.mjs +0 -0
  271. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/changed-only.test.mjs +0 -0
  272. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/changelog.test.mjs +0 -0
  273. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/commands.test.mjs +0 -0
  274. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/cross-reference.test.mjs +0 -0
  275. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/doc-quality.test.mjs +0 -0
  276. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/docguardignore.test.mjs +0 -0
  277. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/docs-coverage.test.mjs +0 -0
  278. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/docs-diff.test.mjs +0 -0
  279. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/docs-sync.test.mjs +0 -0
  280. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/drift.test.mjs +0 -0
  281. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/environment.test.mjs +0 -0
  282. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/fix-memory.test.mjs +0 -0
  283. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/fix-suppression.test.mjs +0 -0
  284. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/fixture-projects.test.mjs +0 -0
  285. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/freshness.test.mjs +0 -0
  286. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/frontend-deep.test.mjs +0 -0
  287. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/frontend.test.mjs +0 -0
  288. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/generated-staleness.test.mjs +0 -0
  289. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/guard-classify.test.mjs +0 -0
  290. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/guard-no-throw.test.mjs +0 -0
  291. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/hooks.test.mjs +0 -0
  292. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/i18n.test.mjs +0 -0
  293. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/impact.test.mjs +0 -0
  294. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/integrations.test.mjs +0 -0
  295. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/mechanical.test.mjs +0 -0
  296. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/memory-plan.test.mjs +0 -0
  297. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/metadata-sync.test.mjs +0 -0
  298. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/metrics-consistency.test.mjs +0 -0
  299. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/metrics-dedup.test.mjs +0 -0
  300. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/monorepo-scanning.test.mjs +0 -0
  301. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/multi-spec.test.mjs +0 -0
  302. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/npm-pack-smoke.test.mjs +0 -0
  303. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/patch-0.11.2.test.mjs +0 -0
  304. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/plan-disk-cache.test.mjs +0 -0
  305. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/profile-flag.test.mjs +0 -0
  306. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/project-type.test.mjs +0 -0
  307. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/regenerate-section.test.mjs +0 -0
  308. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/routes-multilang.test.mjs +0 -0
  309. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/schema-sync.test.mjs +0 -0
  310. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/schemas-multilang.test.mjs +0 -0
  311. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/schemas.test.mjs +0 -0
  312. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/scoping-extended.test.mjs +0 -0
  313. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/section-na-markers.test.mjs +0 -0
  314. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/sections.test.mjs +0 -0
  315. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/security.test.mjs +0 -0
  316. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/severity.test.mjs +0 -0
  317. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/shared-git.test.mjs +0 -0
  318. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/shared-source.test.mjs +0 -0
  319. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/stress-test.test.mjs +0 -0
  320. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/structure.test.mjs +0 -0
  321. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/sweep-nudge.test.mjs +0 -0
  322. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/sync-since.test.mjs +0 -0
  323. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/sync.test.mjs +0 -0
  324. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/test-spec.test.mjs +0 -0
  325. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/todo-tracking.test.mjs +0 -0
  326. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/trace-multilang.test.mjs +0 -0
  327. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/trace-reverse.test.mjs +0 -0
  328. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/traceability.test.mjs +0 -0
  329. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/upgrade-pr-e2e.test.mjs +0 -0
  330. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/upgrade-pr.test.mjs +0 -0
  331. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/upgrade.test.mjs +0 -0
  332. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/v020-consolidation.test.mjs +0 -0
  333. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/validator-naming.test.mjs +0 -0
  334. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/version-pin.test.mjs +0 -0
  335. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/tests/whats-new.test.mjs +0 -0
  336. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/vscode-extension/.vscodeignore +0 -0
  337. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/vscode-extension/README.md +0 -0
  338. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/vscode-extension/extension.js +0 -0
  339. {docguard_cli-0.20.0 → docguard_cli-0.21.1}/vscode-extension/package.json +0 -0
@@ -6,10 +6,10 @@ description: AI-driven documentation repair with structured research workflow, t
6
6
  compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
7
7
  metadata:
8
8
  author: docguard
9
- version: 0.20.0
9
+ version: 0.21.1
10
10
  source: extensions/spec-kit-docguard/skills/docguard-fix
11
11
  ---
12
- <!-- docguard:version: 0.20.0 -->
12
+ <!-- docguard:version: 0.21.1 -->
13
13
 
14
14
  # DocGuard Fix Skill
15
15
 
@@ -7,10 +7,10 @@ description: Run DocGuard guard validation against Canonical-Driven Development
7
7
  compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
8
8
  metadata:
9
9
  author: docguard
10
- version: 0.20.0
10
+ version: 0.21.1
11
11
  source: extensions/spec-kit-docguard/skills/docguard-guard
12
12
  ---
13
- <!-- docguard:version: 0.20.0 -->
13
+ <!-- docguard:version: 0.21.1 -->
14
14
 
15
15
  # DocGuard Guard Skill
16
16
 
@@ -6,10 +6,10 @@ description: Cross-document consistency analysis and quality assessment. Perform
6
6
  compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
7
7
  metadata:
8
8
  author: docguard
9
- version: 0.20.0
9
+ version: 0.21.1
10
10
  source: extensions/spec-kit-docguard/skills/docguard-review
11
11
  ---
12
- <!-- docguard:version: 0.20.0 -->
12
+ <!-- docguard:version: 0.21.1 -->
13
13
 
14
14
  # DocGuard Review Skill
15
15
 
@@ -6,10 +6,10 @@ description: CDD maturity assessment with category-aware improvement roadmap. Ru
6
6
  compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
7
7
  metadata:
8
8
  author: docguard
9
- version: 0.20.0
9
+ version: 0.21.1
10
10
  source: extensions/spec-kit-docguard/skills/docguard-score
11
11
  ---
12
- <!-- docguard:version: 0.20.0 -->
12
+ <!-- docguard:version: 0.21.1 -->
13
13
 
14
14
  # DocGuard Score Skill
15
15
 
@@ -4,7 +4,7 @@ description: Keep canonical documentation ALWAYS UP TO DATE. Refreshes code-trut
4
4
  compatibility: Requires DocGuard CLI installed (npm i -g docguard-cli or npx docguard-cli)
5
5
  metadata:
6
6
  author: docguard
7
- version: 0.20.0
7
+ version: 0.21.1
8
8
  source: extensions/spec-kit-docguard/skills/docguard-sync
9
9
  ---
10
10
 
@@ -19,7 +19,7 @@ jobs:
19
19
  with:
20
20
  fetch-depth: 0 # Full git history for freshness validator
21
21
 
22
- - uses: actions/setup-node@v5
22
+ - uses: actions/setup-node@v6
23
23
  with:
24
24
  node-version: ${{ matrix.node-version }}
25
25
 
@@ -82,7 +82,7 @@ jobs:
82
82
  needs: test
83
83
  steps:
84
84
  - uses: actions/checkout@v5
85
- - uses: actions/setup-node@v5
85
+ - uses: actions/setup-node@v6
86
86
  with:
87
87
  node-version: 20
88
88
  registry-url: 'https://registry.npmjs.org'
@@ -52,7 +52,7 @@ jobs:
52
52
  - uses: actions/checkout@v5
53
53
  with:
54
54
  fetch-depth: 0
55
- - uses: actions/setup-node@v5
55
+ - uses: actions/setup-node@v6
56
56
  with:
57
57
  node-version: ${{ matrix.node-version }}
58
58
  - name: Run Tests
@@ -151,7 +151,7 @@ jobs:
151
151
  runs-on: ubuntu-latest
152
152
  steps:
153
153
  - uses: actions/checkout@v5
154
- - uses: actions/setup-node@v5
154
+ - uses: actions/setup-node@v6
155
155
  with:
156
156
  node-version: 20
157
157
  registry-url: 'https://registry.npmjs.org'
@@ -167,7 +167,7 @@ jobs:
167
167
  runs-on: ubuntu-latest
168
168
  steps:
169
169
  - uses: actions/checkout@v5
170
- - uses: actions/setup-python@v5
170
+ - uses: actions/setup-python@v6
171
171
  with:
172
172
  python-version: '3.12'
173
173
 
@@ -7,6 +7,140 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
7
7
 
8
8
  ## [Unreleased]
9
9
 
10
+ ## [0.21.1] - 2026-05-26
11
+
12
+ **Security patch — closes issue #190.** Command injection vulnerability in
13
+ `docguard init` via the `ai` field of `.specify/init-options.json` is fixed.
14
+
15
+ ### Security
16
+
17
+ - **Issue #190: command injection in `cli/commands/init.mjs` and
18
+ `cli/ensure-skills.mjs`.** The `detectAIAgent()` helper returned the
19
+ `ai` field from `.specify/init-options.json` without validation, and
20
+ that value was then shell-interpolated into an `execSync` invocation:
21
+ ```js
22
+ const aiFlag = `--ai ${detectedAgent}`;
23
+ execSync(`specify init ... ${aiFlag} ...`);
24
+ ```
25
+ A local attacker with file-system write access to a victim's repo
26
+ could plant `{"ai": "claude; touch /tmp/pwned;"}` and trigger
27
+ arbitrary command execution on the victim's next `docguard init`.
28
+
29
+ **Severity:** Medium (requires local file-system access; pre-fix
30
+ `detectAIAgent` consumed configs from any project DocGuard ran in).
31
+
32
+ **Discovered:** 23 duplicate auto-generated draft PRs from the
33
+ "Sentinel" AI agent flagged this during the v0.19 cleanup sweep.
34
+ The drafts were closed as noise but the underlying finding was
35
+ tracked in #190 — fixed properly here.
36
+
37
+ **Fix (two layers, defense in depth):**
38
+ 1. `getDetectedAgent()` now allowlist-validates the `ai` field against
39
+ `/^[a-zA-Z0-9_-]{1,32}$/`. Anything else (shell metacharacters,
40
+ non-strings, oversized values) returns `null`.
41
+ 2. New `safeSpawnSpecify(args, opts)` helper uses `execFileSync` with
42
+ args passed as an array — no shell interpolation possible. Both
43
+ unsafe call sites (`init.mjs` and `ensure-skills.mjs`) now use
44
+ this helper. Cross-platform (POSIX direct exec / Windows
45
+ `cmd.exe /c specify.cmd`).
46
+
47
+ ### Tests
48
+
49
+ - 596 → **610** (+14): `tests/security-init-injection.test.mjs` pins
50
+ both defense layers. Tests every shell metacharacter (`;`, backtick,
51
+ `$()`, `|`, `&&`, newline), oversized values, non-string types,
52
+ malformed JSON, missing config files. Asserts the legitimate
53
+ allowlist (claude, cursor-agent, gemini, agy, copilot, windsurf,
54
+ codex, roo, amp, kiro-cli, tabnine, underscore-bearing future names).
55
+
56
+ ### Audit
57
+
58
+ `grep -rn execSync cli/` was re-run; remaining call sites are all
59
+ hardcoded literals (no attacker-influenced interpolation): freshness
60
+ git probes, score's git probe, setup/doc-quality `which`-style
61
+ detection. Documented in commit message.
62
+
63
+ ## [0.21.0] - 2026-05-26
64
+
65
+ **Time-to-value.** The funnel-unblocker release. Until v0.21, a dev shopping
66
+ for documentation tools had to install DocGuard, run `init`, write some
67
+ canonical docs, and only then could they see what the tool actually does.
68
+ v0.21 compresses that to **30 seconds, zero install**:
69
+
70
+ ```bash
71
+ npx docguard-cli demo
72
+ ```
73
+
74
+ Plus: `docguard init` now auto-detects existing projects and switches to
75
+ "scan and propose" mode (reverse-engineering canonical docs from your code)
76
+ instead of dumping a blank skeleton. The blank-skeleton path is still one
77
+ flag away (`--skeleton`).
78
+
79
+ ### Added
80
+
81
+ - **`docguard demo`** — the marquee feature of this release. Copies a baked-in
82
+ fixture (`templates/demo-fixture/` — a 4-service payments API with
83
+ intentional drift) to a temp directory, git-inits it, runs guard + score
84
+ against it, then prints a **curated narrative**: top-5 findings spanning
85
+ multiple validators, each annotated with the real-world impact ("Your AI
86
+ agent reads the architecture doc and gives wrong answers about how the
87
+ system works"), the CDD maturity score, and a clear three-line CTA showing
88
+ both `npm install -g` and `npx` paths. Temp fixture is cleaned up on exit
89
+ (or kept via `--keep` for inspection). Total time: ~0.5s for the guard
90
+ run; total experience: ~30s from `npx` to the install CTA.
91
+ - **`templates/demo-fixture/`** — ships with the package (already in
92
+ `files: ["templates/"]`). 12-file pretend "acme-payments" project with
93
+ drift across 7 validator categories: undocumented 4th service, missing
94
+ API endpoint in reference, env var drift between `.env.example` and
95
+ `ENVIRONMENT.md`, `CHANGELOG` missing `[Unreleased]`, README sections
96
+ per Standard README spec missing, etc.
97
+ - **`docguard init --skeleton`** — explicit opt-in to the v0.20 blank-template
98
+ behavior. For greenfield projects where the scan would find nothing.
99
+ - **`docguard demo --keep`** — preserves the temp fixture and reports its
100
+ path. Useful for poking around what a real-world DocGuard-managed project
101
+ looks like.
102
+
103
+ ### Changed
104
+
105
+ - **Smart `docguard init` first-run.** When `init` runs in a directory that
106
+ has existing source code (`cli/`, `src/`, `lib/`, `app/`, or 10+ source
107
+ files at top level) AND no `docs-canonical/`, it automatically dispatches
108
+ to `runGenerate` with `--plan` — the "scan and propose" path. Heuristic
109
+ opts out for: `--skeleton`, `--wizard`, `--skip-prompts` (CI), explicit
110
+ `--profile`, or projects that already have canonical docs (re-init case).
111
+ Result: the 80% of adopters who arrive with an existing codebase get
112
+ immediate value from the very first command, instead of staring at a
113
+ blank skeleton.
114
+ - **`--help` updates.** New top section: "First-time? Try the demo (no
115
+ install, no setup): `npx docguard-cli demo`". `demo` listed in Tools.
116
+ `init` description updated to mention the new auto-detect behavior and
117
+ the `--skeleton` opt-out.
118
+ - **README.** New CTA block at the top under the H1, above the Table of
119
+ Contents: prominent `npx docguard-cli demo` callout drives the funnel.
120
+ Validator/command counts updated by `canonical-sync` to 14 commands.
121
+
122
+ ### Tests
123
+
124
+ - 582 → **596 tests** (+14):
125
+ - `tests/demo-command.test.mjs` (6): demo exits 0; output contains banner
126
+ + findings + score + CTA; `--quiet` suppresses banner; temp fixture is
127
+ cleaned up by default; `--keep` preserves it; top-5 findings span 3+
128
+ distinct validators (variety, not noise).
129
+ - `tests/init-smart-detection.test.mjs` (8): empty dir → skeleton; dir
130
+ with `src/` → smart mode; dir with `cli/` → smart mode; `--skeleton`
131
+ forces skeleton even with code present; `--skip-prompts` keeps skeleton
132
+ (CI determinism); pre-existing canonical docs skip smart mode; 10+
133
+ top-level Python files trigger smart mode; <10 + no code dir → skeleton.
134
+
135
+ ### Strategic context
136
+
137
+ This is item #2 from the v0.19 SURFACE-AUDIT's adoption-friction analysis
138
+ ("no demo path — devs have to install, init, write docs, run guard just to
139
+ see what we do"). v0.20 closed friction #1 (surface sprawl); v0.21 closes
140
+ #2 (time-to-value). Next up per the 5-release arc: v0.22 — AI-native fix
141
+ loop (`docguard fix --apply` calls Claude/Codex and opens a PR with the
142
+ fix end-to-end).
143
+
10
144
  ## [0.20.0] - 2026-05-26
11
145
 
12
146
  **Consolidation.** 21 user-facing commands become 13. The promise from
@@ -1,6 +1,6 @@
1
1
  Metadata-Version: 2.4
2
2
  Name: docguard-cli
3
- Version: 0.20.0
3
+ Version: 0.21.1
4
4
  Summary: The enforcement tool for Canonical-Driven Development (CDD). Audit, generate, and guard your project documentation. Zero dependencies.
5
5
  Project-URL: Homepage, https://github.com/raccioly/docguard
6
6
  Project-URL: Documentation, https://github.com/raccioly/docguard#readme
@@ -36,6 +36,14 @@ Description-Content-Type: text/markdown
36
36
 
37
37
  ---
38
38
 
39
+ > **✨ See what DocGuard catches in 30 seconds — no install, no setup:**
40
+ > ```bash
41
+ > npx docguard-cli demo
42
+ > ```
43
+ > Runs against a baked-in sample project with intentional drift and shows you the findings + a clear path to fixing them.
44
+
45
+ ---
46
+
39
47
  ## Table of Contents
40
48
 
41
49
  - [What is DocGuard?](#what-is-docguard)
@@ -75,7 +83,7 @@ DocGuard is an official [GitHub Spec Kit](https://github.com/github/spec-kit) co
75
83
 
76
84
  ```mermaid
77
85
  graph TD
78
- CLI["CLI Entry<br/>docguard.mjs"] --> Commands["Commands (13)"]
86
+ CLI["CLI Entry<br/>docguard.mjs"] --> Commands["Commands (14)"]
79
87
  Commands --> guard["guard"]
80
88
  Commands --> generate["generate"]
81
89
  Commands --> score["score"]
@@ -259,7 +267,7 @@ This installs DocGuard's slash commands (`/docguard.guard`, `/docguard.review`,
259
267
 
260
268
  ## Usage
261
269
 
262
- DocGuard ships **13 commands** (the "Daily 5" + 8 situational tools). Six additional one-shot scaffolders are accessed via `docguard init --with <name>`. Eight v0.19 commands continue to work as deprecation aliases through v0.20.x — see [MIGRATION-v0.20.md](docs-implementation/MIGRATION-v0.20.md).
270
+ DocGuard ships **14 commands** (the "Daily 5" + 9 situational tools, including the zero-install `demo`). Six additional one-shot scaffolders are accessed via `docguard init --with <name>`. Eight v0.19 commands continue to work as deprecation aliases through v0.20.x — see [MIGRATION-v0.20.md](docs-implementation/MIGRATION-v0.20.md).
263
271
 
264
272
  **The Daily 5** — what you'll reach for 95% of the time:
265
273
 
@@ -12,6 +12,14 @@
12
12
 
13
13
  ---
14
14
 
15
+ > **✨ See what DocGuard catches in 30 seconds — no install, no setup:**
16
+ > ```bash
17
+ > npx docguard-cli demo
18
+ > ```
19
+ > Runs against a baked-in sample project with intentional drift and shows you the findings + a clear path to fixing them.
20
+
21
+ ---
22
+
15
23
  ## Table of Contents
16
24
 
17
25
  - [What is DocGuard?](#what-is-docguard)
@@ -51,7 +59,7 @@ DocGuard is an official [GitHub Spec Kit](https://github.com/github/spec-kit) co
51
59
 
52
60
  ```mermaid
53
61
  graph TD
54
- CLI["CLI Entry<br/>docguard.mjs"] --> Commands["Commands (13)"]
62
+ CLI["CLI Entry<br/>docguard.mjs"] --> Commands["Commands (14)"]
55
63
  Commands --> guard["guard"]
56
64
  Commands --> generate["generate"]
57
65
  Commands --> score["score"]
@@ -235,7 +243,7 @@ This installs DocGuard's slash commands (`/docguard.guard`, `/docguard.review`,
235
243
 
236
244
  ## Usage
237
245
 
238
- DocGuard ships **13 commands** (the "Daily 5" + 8 situational tools). Six additional one-shot scaffolders are accessed via `docguard init --with <name>`. Eight v0.19 commands continue to work as deprecation aliases through v0.20.x — see [MIGRATION-v0.20.md](docs-implementation/MIGRATION-v0.20.md).
246
+ DocGuard ships **14 commands** (the "Daily 5" + 9 situational tools, including the zero-install `demo`). Six additional one-shot scaffolders are accessed via `docguard init --with <name>`. Eight v0.19 commands continue to work as deprecation aliases through v0.20.x — see [MIGRATION-v0.20.md](docs-implementation/MIGRATION-v0.20.md).
239
247
 
240
248
  **The Daily 5** — what you'll reach for 95% of the time:
241
249
 
@@ -77,7 +77,7 @@ runs:
77
77
  using: 'composite'
78
78
  steps:
79
79
  - name: Setup Node.js
80
- uses: actions/setup-node@v4
80
+ uses: actions/setup-node@v6
81
81
  with:
82
82
  node-version: ${{ inputs.node-version }}
83
83
 
@@ -247,7 +247,7 @@ runs:
247
247
 
248
248
  - name: Post Fix Summary to PR Comment
249
249
  if: (inputs.command == 'fix' || inputs.command == 'sync') && inputs.comment-on-pr == 'true' && github.event_name == 'pull_request'
250
- uses: actions/github-script@v7
250
+ uses: actions/github-script@v9
251
251
  with:
252
252
  script: |
253
253
  const count = parseInt('${{ steps.fix.outputs.fixes-applied }}' || '0', 10);
@@ -288,7 +288,7 @@ runs:
288
288
 
289
289
  - name: Post Score to PR Comment
290
290
  if: inputs.command == 'score' && github.event_name == 'pull_request'
291
- uses: actions/github-script@v7
291
+ uses: actions/github-script@v9
292
292
  with:
293
293
  script: |
294
294
  const score = '${{ steps.run.outputs.score }}' || '?';
@@ -0,0 +1,241 @@
1
+ /**
2
+ * Demo Command — v0.21.
3
+ *
4
+ * The 30-second "ah-ha" experience for devs shopping for doc tools.
5
+ *
6
+ * npx docguard-cli demo
7
+ *
8
+ * Spins up a baked-in fixture project (`templates/demo-fixture/`) — a 4-service
9
+ * payments API with INTENTIONAL doc drift — runs guard against it, and prints
10
+ * a curated narrative with real-world-impact annotations + a clear install CTA.
11
+ *
12
+ * Zero install required, zero damage to the user's environment: the fixture
13
+ * is copied to a temp directory, git-initialized there, and cleaned up on exit.
14
+ *
15
+ * Why this exists: per SURFACE-AUDIT v0.21 plan, the #2 friction point for
16
+ * adoption was "no demo path — devs have to install, init, write docs, run
17
+ * guard just to see what we do." This command compresses that to 30 seconds.
18
+ */
19
+
20
+ import { mkdtempSync, rmSync, cpSync, existsSync, writeFileSync } from 'node:fs';
21
+ import { resolve, dirname, join } from 'node:path';
22
+ import { tmpdir } from 'node:os';
23
+ import { fileURLToPath } from 'node:url';
24
+ import { spawnSync } from 'node:child_process';
25
+ import { c } from '../shared.mjs';
26
+ import { runGuardInternal, classifyResult } from './guard.mjs';
27
+ import { runScoreInternal } from './score.mjs';
28
+ import { loadConfig } from '../docguard.mjs';
29
+
30
+ const __filename = fileURLToPath(import.meta.url);
31
+ const __dirname = dirname(__filename);
32
+ const FIXTURE_SRC = resolve(__dirname, '../../templates/demo-fixture');
33
+
34
+ /**
35
+ * Each warning pattern gets a 1-2 line "real-world impact" gloss. Keyed by
36
+ * a regex on the warning text; the first match wins. Falls back to the
37
+ * generic gloss for unrecognized warnings (so this dictionary stays
38
+ * resilient as validators evolve).
39
+ *
40
+ * The point: turn validator-speak ("Missing 'Setup Steps' section") into
41
+ * adopter-speak ("New devs spend an hour figuring out how to run this").
42
+ */
43
+ const IMPACT_GLOSS = [
44
+ {
45
+ re: /env var.*not documented|missing.*Environment Variables/i,
46
+ impact: 'New devs hit cryptic "X is undefined" runtime errors at boot. CI bypasses the missing var entirely.',
47
+ },
48
+ {
49
+ re: /[Aa]rchitecture|service.*not (in|mentioned)|not in [Aa]rchitecture/,
50
+ impact: 'Your AI agent reads the architecture doc and gives wrong answers about how the system works.',
51
+ },
52
+ {
53
+ re: /missing.*Usage|missing.*License|README/,
54
+ impact: 'First-time visitors bounce. The README is the storefront — empty sections = lost trust.',
55
+ },
56
+ {
57
+ re: /endpoint|route|API-REFERENCE/i,
58
+ impact: 'Clients call a documented endpoint that no longer exists, or worse — miss a new endpoint entirely.',
59
+ },
60
+ {
61
+ re: /Test-Spec|test.*directory|test files/,
62
+ impact: 'Your TEST-SPEC doesn\'t reflect reality. New tests get written in the wrong place.',
63
+ },
64
+ {
65
+ re: /Unreleased.*section|Changelog/,
66
+ impact: 'Release automation can\'t auto-detect what\'s pending. Versioning becomes manual guesswork.',
67
+ },
68
+ {
69
+ re: /Spec.?Kit/i,
70
+ impact: 'Specs aren\'t structured for AI agents to use. You miss the multiplier on spec-driven development.',
71
+ },
72
+ {
73
+ re: /Config file.*not mentioned/,
74
+ impact: 'Devs see an unknown config file and don\'t know if it\'s safe to delete or required.',
75
+ },
76
+ {
77
+ re: /unlinked doc|not in your requiredFiles/,
78
+ impact: 'Doc lives in canonical/ but isn\'t in the manifest — guard skips it, drift accumulates silently.',
79
+ },
80
+ ];
81
+
82
+ function getImpact(warning) {
83
+ for (const { re, impact } of IMPACT_GLOSS) {
84
+ if (re.test(warning)) return impact;
85
+ }
86
+ return null;
87
+ }
88
+
89
+ /**
90
+ * Set up a temp copy of the fixture, git-init it, return the path.
91
+ */
92
+ function setupFixture() {
93
+ const dir = mkdtempSync(join(tmpdir(), 'docguard-demo-'));
94
+ cpSync(FIXTURE_SRC, dir, { recursive: true });
95
+ // Initialize git so any history-aware validators (Freshness, Drift-Comments)
96
+ // can run without erroring. Identity is set locally so commit succeeds on
97
+ // CI runners that have no global git identity.
98
+ const opts = { cwd: dir, stdio: 'ignore' };
99
+ spawnSync('git', ['init', '-q', '-b', 'main'], opts);
100
+ spawnSync('git', ['config', 'user.email', 'demo@docguard.dev'], opts);
101
+ spawnSync('git', ['config', 'user.name', 'docguard-demo'], opts);
102
+ spawnSync('git', ['add', '-A'], opts);
103
+ spawnSync('git', ['commit', '-q', '-m', 'fixture'], opts);
104
+ return dir;
105
+ }
106
+
107
+ /**
108
+ * Pretty-print a curated guard run.
109
+ */
110
+ function presentResults(guardData, scoreData) {
111
+ const allWarnings = [];
112
+ for (const v of guardData.validators) {
113
+ for (const w of (v.warnings || [])) {
114
+ allWarnings.push({ validator: v.name, message: w, severity: v.severity });
115
+ }
116
+ }
117
+
118
+ console.log(`\n${c.bold}🔍 What DocGuard found in your fixture:${c.reset}`);
119
+ console.log(`${c.dim} Validators run: ${guardData.validators.length} · Warnings: ${allWarnings.length} · Time: ~0.5s${c.reset}\n`);
120
+
121
+ // Pick up to 5 warnings showing VARIETY across validators (not 5 from the
122
+ // same one). Dedupe by validator name; within each validator group, pick
123
+ // the highest-severity warning. Then rank the picks by severity.
124
+ const sev = { high: 0, medium: 1, low: 2 };
125
+ const byValidator = new Map();
126
+ for (const w of allWarnings) {
127
+ const prev = byValidator.get(w.validator);
128
+ if (!prev || (sev[w.severity] ?? 1) < (sev[prev.severity] ?? 1)) {
129
+ byValidator.set(w.validator, w);
130
+ }
131
+ }
132
+ const ranked = [...byValidator.values()].sort((a, b) => {
133
+ return (sev[a.severity] ?? 1) - (sev[b.severity] ?? 1);
134
+ });
135
+ const top = ranked.slice(0, 5);
136
+
137
+ for (let i = 0; i < top.length; i++) {
138
+ const w = top[i];
139
+ const sev = w.severity === 'high' ? `${c.red}[HIGH]${c.reset}`
140
+ : w.severity === 'low' ? `${c.dim}[LOW]${c.reset}`
141
+ : `${c.yellow}[MED]${c.reset}`;
142
+ console.log(` ${c.bold}${i + 1}.${c.reset} ${sev} ${c.cyan}${w.validator}${c.reset}`);
143
+ console.log(` ${c.dim}${w.message}${c.reset}`);
144
+ const impact = getImpact(w.message);
145
+ if (impact) {
146
+ console.log(` ${c.green}→${c.reset} ${impact}`);
147
+ }
148
+ console.log('');
149
+ }
150
+
151
+ if (allWarnings.length > top.length) {
152
+ console.log(` ${c.dim}... and ${allWarnings.length - top.length} more. Run \`docguard guard\` in your repo to see everything.${c.reset}\n`);
153
+ }
154
+
155
+ // Score line
156
+ if (scoreData && typeof scoreData.score === 'number') {
157
+ const grade = scoreData.score >= 90 ? 'A' : scoreData.score >= 80 ? 'B' : scoreData.score >= 70 ? 'C' : scoreData.score >= 60 ? 'D' : 'F';
158
+ const color = scoreData.score >= 80 ? c.green : scoreData.score >= 60 ? c.yellow : c.red;
159
+ console.log(`${c.bold}📊 CDD Maturity Score:${c.reset} ${color}${scoreData.score}/100 (${grade})${c.reset}`);
160
+ console.log(`${c.dim} ↑ This is the fixture's score. Yours will hopefully be higher.${c.reset}\n`);
161
+ }
162
+ }
163
+
164
+ function printCTA() {
165
+ console.log(`${c.bold}🛠️ Fixing drift like this:${c.reset}`);
166
+ console.log(` ${c.cyan}docguard fix --write${c.reset} ${c.dim}— patches the mechanical stuff (version refs, counts, anchors)${c.reset}`);
167
+ console.log(` ${c.cyan}docguard sync --write${c.reset} ${c.dim}— refreshes code-truth sections to match the codebase${c.reset}`);
168
+ console.log(` ${c.cyan}docguard diagnose${c.reset} ${c.dim}— generates an AI prompt for the prose drift (Claude/GPT/Cursor)${c.reset}\n`);
169
+
170
+ console.log(`${c.bold}🚀 Try it on YOUR project:${c.reset}`);
171
+ console.log(` ${c.green}npm install -g docguard-cli${c.reset}`);
172
+ console.log(` ${c.green}cd your-project${c.reset}`);
173
+ console.log(` ${c.green}docguard init${c.reset} ${c.dim}— scans existing code and proposes canonical docs${c.reset}`);
174
+ console.log(` ${c.green}docguard guard${c.reset} ${c.dim}— see what we catch${c.reset}\n`);
175
+
176
+ console.log(`${c.dim}Or stay zero-install:${c.reset}`);
177
+ console.log(` ${c.green}npx docguard-cli init${c.reset}`);
178
+ console.log(` ${c.green}npx docguard-cli guard${c.reset}\n`);
179
+
180
+ console.log(`${c.bold}📚 Learn more:${c.reset} ${c.cyan}https://github.com/raccioly/docguard${c.reset}`);
181
+ }
182
+
183
+ /**
184
+ * Public entry point — `docguard demo`.
185
+ *
186
+ * @param {string} _projectDir — ignored; demo uses its own temp fixture
187
+ * @param {object} _config — ignored
188
+ * @param {object} flags — supports --quiet (skip banner) and --keep (don't cleanup fixture)
189
+ */
190
+ export function runDemo(_projectDir, _config, flags = {}) {
191
+ if (!flags.quiet) {
192
+ console.log(`\n${c.bold}🎬 DocGuard Demo${c.reset} ${c.dim}— see what we catch in 30 seconds${c.reset}`);
193
+ console.log(`${c.dim} No install. No setup. We're running against a sample 4-service payments API${c.reset}`);
194
+ console.log(`${c.dim} with intentional drift between code and docs.${c.reset}\n`);
195
+ }
196
+
197
+ if (!existsSync(FIXTURE_SRC)) {
198
+ console.error(`${c.red}Demo fixture not found at ${FIXTURE_SRC}.${c.reset}`);
199
+ console.error(`${c.dim}If this is a packaging bug, please file an issue.${c.reset}`);
200
+ process.exit(1);
201
+ }
202
+
203
+ let fixture;
204
+ try {
205
+ fixture = setupFixture();
206
+ if (!flags.quiet) console.log(`${c.dim} Fixture ready at ${fixture}${c.reset}\n`);
207
+ } catch (err) {
208
+ if (fixture) rmSync(fixture, { recursive: true, force: true });
209
+ console.error(`${c.red}Failed to set up demo fixture: ${err.message}${c.reset}`);
210
+ process.exit(1);
211
+ }
212
+
213
+ // Run guard + score against the fixture
214
+ let guardData, scoreData;
215
+ try {
216
+ // Load full config (defaults + fixture's .docguard.json) — same path the
217
+ // real `docguard guard` uses. The fixture ships its own .docguard.json
218
+ // so this hydrates the right project name + profile.
219
+ const config = loadConfig(fixture);
220
+ guardData = runGuardInternal(fixture, config);
221
+ scoreData = runScoreInternal(fixture, config);
222
+ } catch (err) {
223
+ rmSync(fixture, { recursive: true, force: true });
224
+ console.error(`${c.red}Demo guard run failed: ${err.message}${c.reset}`);
225
+ process.exit(1);
226
+ }
227
+
228
+ presentResults(guardData, scoreData);
229
+ printCTA();
230
+
231
+ // Cleanup unless --keep
232
+ if (!flags.keep) {
233
+ rmSync(fixture, { recursive: true, force: true });
234
+ if (!flags.quiet) console.log(`${c.dim} Fixture cleaned up.${c.reset}`);
235
+ } else {
236
+ console.log(`${c.dim} Fixture kept at ${fixture} (--keep)${c.reset}`);
237
+ }
238
+
239
+ // Always exit 0 — the demo is informational, never a failure
240
+ process.exit(0);
241
+ }