Commit Graph

274 Commits

Author SHA1 Message Date
Bastien Chanot
58cb91d2b7 feat(lib): surgical memory-commit helper + deterministic scope tests (T1/T2/T2-bis)
Foundation for the coupled-capitalize invariant (Frame 2): commit ONLY
.claude/memory + .claude/tasks, never `git add -A`. Safety lives in the
pathspec because automation removes the human diff review.

Proven on real git behavior, not assumed:
- T1/T2: dangling code (untracked or pre-staged) never embarked.
- T2-bis: `git commit -- pathspec` takes the working tree, not a stale index.
- T3 idempotent, T4 fail-closed on broken state, T5 TODO.md in scope.

_changed_paths filters to paths with real changes: `git commit -- pathspec`
aborts the whole commit on a no-match pathspec (e.g. empty .claude/tasks),
unlike `git add` which tolerates it.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-26 12:31:46 +02:00
Bastien Chanot
8536c733ec chore(memory): BDR-033 + LRN-049 + LRN-050 + journal — design-gate §4 anim suggestion
Capitalizes the design-gate §4 anim-lib suggestion (commit 11792cc):
- BDR-033: §4 = suggest-only, non-blocking, stateless 1-line; marker rejected
  (conditional on stakes — a non-destructive note != a destructive op's
  deterministic marker, cf LRN-046/047).
- LRN-049: stateless-minimal surface > state marker for non-destructive repeated
  nudges (conditional on stakes).
- LRN-050: on a symlinked/live file, show-before-write is the only control gate.
- journal: two lines under 2026-06-25 (the §4 wiring + the process note).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-26 00:31:28 +02:00
Bastien Chanot
11792ccb33 feat(design-gate): §4 anim-lib suggestion — suggest-only, non-blocking, stateless 1-line
Add §4 to lib/design-gate.md: when a non-trivial design task hits a motion
signal (animation/transition/hover/motion/animate, now in §DETECTION) and the
stack is motion-eligible with no anim lib installed, surface a single-line
suggestion for the recommended `motion` package. Suggest-only (install on
explicit consent), non-blocking, stateless (always one line, no marker; calls
the helper, no 3rd copy of the lib list).

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-26 00:11:01 +02:00
Bastien Chanot
ea992cbc62 chore(memory): EVAL-006 + LRN-046/047/048 + journal — prune-memory v1.1 TDD
Capitalizes the prune-memory v1.1 TDD (skill 0a3e766):
- EVAL-006: 6 dangers TDD-closed, validated on the real learnings.md
  (0 fidelity false-positive vs 13); honest limits (SAFE != USEFUL, RED-7/8 open).
- LRN-046 deterministic oracle > semantic judge on destructive skills.
- LRN-047 a noisy safety guard (13/13 FP) is a risk, not discomfort.
- LRN-048 a "0/OK/pass" must prove it looked (counted both sides).
- journal: one line under 2026-06-25.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 23:17:10 +02:00
Bastien Chanot
8413afb785 fix(memory): backfill missing EVAL-005 index row
EVAL-005 entry existed in evals.md with no matching ## Index row
(pre-existing index drift — the category-D case the /prune-memory skill
auto-corrects). Backfilled by hand; unrelated to the prune-memory TDD work.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 23:02:51 +02:00
Bastien Chanot
0a3e76611d fix(skill): prune-memory v1.1 — deterministic guards close 6 TDD'd defects
Only destructive skill, previously untested. A RED suite (tests/) proved 6
dangers; each closed by a deterministic guard:
- RED-1 removed false "Fixed in v1.1 (TDD found it)" verify claim
- RED-2 STEP 0 dirty-tree is now a real exit 1 (was a prose-only STOP)
- RED-3 STEP 3.4 negation-sentence verbatim guard (no silent inversion)
- RED-4 STEP 1-A collapse safety-critical exception (NEVER/ALWAYS/PERMANENT)
- RED-5 STEP 4 fidelity census (count-based, per-entry x per-category)
- RED-6 STEP 4 trailing-space false-ORPHAN fix
Tests: run-deterministic.sh (all-green), run-behavioral.md, fixtures, BACKLOG
(RED-7/RED-8 open). Validated on the real learnings.md: 0 fidelity
false-positive vs 13, scope held, registry reverted.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 22:56:10 +02:00
Bastien Chanot
9a58734286 chore(memory): journal 2026-06-25 (validate → web-validate rename)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 11:38:05 +02:00
Bastien Chanot
a1cc753746 chore(tasks): annotate /validate → /web-validate in open --help pilot item
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 11:27:18 +02:00
Bastien Chanot
dbab542409 chore(memory): BDR-032 + LRN-045 (validate → web-validate rename)
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 11:27:18 +02:00
Bastien Chanot
e5e673ac1f refactor(skill): rename validate → web-validate
Clearer scoped name for the W3C + WCAG skill. Updated: folder (git mv),
frontmatter name, H1 title, command refs, CLAUDE.md routing, 6 profiles
(functional — activate the skill by folder name), cross-refs in
harden/seo/depth-matrix/client-handover, agent dispatch refs, README +
USAGE tables.

Confidentiality: the client-deliverable leak-guard regex
(client-handover-writer.md) now matches BOTH /web-validate and legacy
/validate, so older client docs stay covered.

Left intentionally: validator-analyzer agent name (lockstep with
subagent_type + registry), .validate-cache/ + VALIDATE.md (audit-file
family {SEO,GEO,HARDEN,CSO,VALIDATE}.md), .claude/ history (append-only),
CHANGELOG old entry (added a new "renamed" entry instead). NL trigger
keywords kept so "validate" still routes here. Third-party html-validate
untouched.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 01:29:36 +02:00
Bastien Chanot
26658c4962 chore(memory): journal 2026-06-25
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:41:46 +02:00
Bastien Chanot
52164d6261 chore(memory): BDR-031 + BLK-009 + LRN-043 + LRN-044
- BDR-031: global CLAUDE.md lightening = compression, not path-scope /
  externalization (path-scoped user rules broken, #21858). 317 -> 275.
- BLK-009: user-level path-scoped rules don't load (#21858, 2.1.190),
  proven by 3-file probe. Upstream/open.
- LRN-043: routing compression — cut name-obvious lines, keep
  non-derivable signal (misleading names, gstack fallbacks) + catch-all.
- LRN-044: Edit/Write refuse to write through a symlink — resolve to
  the real path (readlink -f) first.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:33:01 +02:00
Bastien Chanot
990318ce9d docs(claude-md): trim decorative separators + blank lines
Whitespace-only rognage, zero content/instruction changed: 286 -> 275.
- Drop 4 '---' section rules (the '#' headers already delimit sections).
- Drop 2 intro->list blanks (consistency with the compressed sections).
- Drop 1 orphan header-to-header blank (Tooling & skills -> Skill routing).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:29:47 +02:00
Bastien Chanot
ba743cf356 docs(claude-md): compress routing + design + graphify
Universal global config (loaded every session): 317 -> 286 lines (-31).
- Routing: drop name-obvious lines (covered by skill descriptions), keep
  non-obvious only (gstack fallbacks, cryptic names, disambiguation) +
  dense catch-all. Restore plan-eng-review + validate (misleading names),
  add feat/hotfix/bugfix file-count pointer.
- Design: compress + make the FILE signal explicit (UI-file edits trigger
  the toolchain, not just the prompt keyword).
- graphify: densify conditional rules.
No path-scope / no externalization: user-level path-scoped rules do not
load (issue #21858, 2.1.190) -> compression is the only safe lever.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01W9sqAwZxBMZSynZoVrEJhd
2026-06-25 00:21:42 +02:00
Bastien Chanot
b03cb0b910 chore(memory): BDR-030 + LRN-042 + journal + TODO
Capitalize the install-self-sufficient / gstack-on-demand session:
- BDR-030: gstack skills activated on-demand per profile, OFF by default.
- LRN-042: npx skills add / setup resolve target relative to CWD — run
  from $HOME or artifacts land in the repo tree, unreachable by link.sh.
- journal 2026-06-23 line + TODO task block reconciled.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0169vjUD1sP9Nx4ZiCa8wvAw
2026-06-24 14:22:47 +02:00
Bastien Chanot
0b92935d6d feat(profile): activate gstack skills on-demand per profile
gstack stays OFF by default (no per-skill symlink in skills/, zero context
cost). enable_skill now gains a gstack branch: a skill absent from skills/
and skills-disabled/ but present in the skills-external/gstack submodule is
symlinked in on demand when a profile lists it; disable_gstack_not_in()
parks it again on an unrelated profile.

This makes `set full` (which lists 35 gstack skills) work without 35 bogus
"missing — try: bash link.sh" warnings, without abandoning the OFF-by-default
policy. The old remedy message was wrong (link.sh never creates gstack
skills) and is replaced with submodule-aware messages.

Refs BDR-030.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0169vjUD1sP9Nx4ZiCa8wvAw
2026-06-24 14:22:36 +02:00
Bastien Chanot
29c4c9ea67 fix(install): make install self-sufficient + npx skills add from $HOME
Two root causes found via the install log (install-20260623-181416.log):

A. install.sh runs link.sh BEFORE install-plugins.sh, and install-plugins
   never re-linked, so npx/external skill symlinks were missing on a fresh
   run. Add a final Step 10 that re-runs link.sh (idempotent), so
   `make plugin`/`make install` finish with nothing left to link by hand.

B. `npx skills add` resolves its target (.agents/skills, skills-lock.json)
   relative to the CWD. Run from the repo (which carries gitignored .agents/
   and .claude/), skills landed in $REPO/.agents/skills instead of
   $HOME/.agents/skills where link.sh looks — self-reinforcing once
   $REPO/.agents exists. Run `skills add` from $HOME in both install and
   update paths, and clean the stray repo-local skills dirs (gitignored,
   safe to rm).

Refs LRN-042.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0169vjUD1sP9Nx4ZiCa8wvAw
2026-06-24 14:22:25 +02:00
Bastien Chanot
ed5b54e87e chore(graphify): update skill to v0.8.45
Bump 0.8.13 -> 0.8.45. Extract the SKILL.md monolith (~530 lines) into
references/ for progressive disclosure: github-and-merge, transcribe,
extraction-spec, exports, update, query, add-watch, hooks. SKILL.md now
points to each reference and loads it only on the path that needs it.

Inline fixes carried by the new version: empty-extraction guard before
any write (#1392), shrink-guard ordering so GRAPH_REPORT/analysis never
describe a graph.json that was refused (#479), root= relativization for
build/manifest parity across clones (#1361/#1417), stale-cache cleanup
and code-only semantic pre-write (#1392), edge-direction preserving
merge (#801). Adds FalkorDB export (--falkordb/--falkordb-push) and
rewrites the frontmatter description (drops the obsolete trigger: field).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_0169vjUD1sP9Nx4ZiCa8wvAw
2026-06-24 14:22:14 +02:00
Bastien Chanot
6516b85f0f chore(memory): EVAL-005 — obsolete effort alias missed (cross-config audit gap)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 17:54:52 +02:00
Bastien Chanot
d0a3740de5 feat(install): remove obsolete claude --effort max alias
Effort is set in settings.json ("effortLevel": "xhigh") — the source of
truth. The CLI alias `claude --effort max` was redundant and, worse, would
OVERRIDE settings.json (forcing max over xhigh). Step 9 no longer adds it and
now strips it (and the older CLAUDE_EFFORT env) from the shell profile if
present, cleaning orphaned comment lines.

(A dtach `cc` launcher was prototyped here and dropped — deferred to a later
sprint per the user.)

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 17:54:52 +02:00
Bastien Chanot
960f0f92ce chore(memory): LRN-041 — MAGIC_API_KEY symlink false-negative
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 17:30:40 +02:00
Bastien Chanot
1b028cbc25 fix(install): MAGIC_API_KEY false-negative when repo/.env symlink missing
The magic check + link_env grep'd `^MAGIC_API_KEY=` on $REPO/.env, but on a
fresh machine ~/.claude/.env is often created AFTER link.sh runs, so the
repo/.env symlink (which toggle-external.sh sources) is never made — the key
looks absent though it's set, and the warning misleadingly points at
~/.claude/.env.

- install-plugins.sh: self-heal — if ~/.claude/.env exists but repo/.env is
  missing, create the symlink before checking. Accurate message.
- Both: tolerate optional `export ` + leading whitespace and require a
  non-empty value (regex sanity-tested), so common .env formats match.

Immediate fix for an affected machine: `make link`.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 17:30:09 +02:00
Bastien Chanot
735b62a002 chore(memory): BDR-029 + LRN-040 + BLK-008 resolved (gstack browser on Ubuntu 26.04)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 16:59:23 +02:00
Bastien Chanot
3b8ffb17b1 feat(install): auto-enable gstack browser on Ubuntu 24.04+
Two OS-too-new layers blocked gstack's browser on Ubuntu 26.04; handle both
from the installer so a fresh `make install` works without manual steps:

1. Playwright version — gstack pins 1.58.x which has no browser build for
   ubuntu>24.04 ("does not support chromium on ubuntu26.04"). New
   gstack_bump_playwright_if_unsupported() runs before ./setup: if the
   pinned Playwright's support list lacks the running distro, `bun add
   playwright@latest` in the submodule (1.61 supports 26.04), then ./setup's
   frozen-lockfile install picks it up and rebuilds the browse binary against
   it. Idempotent (skips when already supported). Edits the submodule locally
   — goes dirty, reset by `git submodule update`, re-applied next install.

2. Chromium sandbox — Ubuntu 24.04+ restricts unprivileged user namespaces
   via AppArmor, so Chromium aborts "No usable sandbox". Persist gstack's
   documented opt-out GSTACK_CHROMIUM_NO_SANDBOX=1 to the shell profile, gated
   on the exact sysctl (kernel.apparmor_restrict_unprivileged_userns=1) so it
   only triggers where the restriction is active.

Verified end-to-end on Ubuntu 26.04: gstack browse drives a real page
(Navigated 200). See BDR-029 / LRN-040 / BLK-008.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 16:58:30 +02:00
Bastien Chanot
637b8379b1 chore(memory): correct BLK-008 + LRN-038 — Playwright override reverted (hangs)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 16:24:44 +02:00
Bastien Chanot
b9c3937cd0 revert(install): drop Playwright host-platform override — it hangs on 26.04
The PLAYWRIGHT_HOST_PLATFORM_OVERRIDE=ubuntu24.04-x64 pin (211c7d4) made
Playwright 1.58.2 stop erroring and instead download a Chrome-for-Testing
fallback build — but that download reaches 100% and then HANGS at extraction
on Ubuntu 26.04 (reproduced on a real machine + here: chrome binary never
materializes, no headless-shell download starts). Net effect: the override
turned a 0.5s fast-fail into an indefinite hang that blocks `make install` /
`make plugin` (user had to Ctrl+C).

Reverting restores the original behavior: gstack's ./setup fast-fails the
browser install (non-fatal — gstack is OFF by default, browser only needed
for /browse, /qa, screenshots) and the install completes. Replaced the code
with a NOTE explaining the dead end. Real fix is upstream: gstack bumping
Playwright to a version that supports the OS. See BLK-008.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 16:23:52 +02:00
Bastien Chanot
cba0672749 chore(memory): BDR-028 + LRN-039 (installer config drift guard + de-vendor)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 15:29:47 +02:00
Bastien Chanot
7de8761836 chore(repo): stop tracking installer-managed files
Three paths are (re)generated by every install/update and should never be
committed:
- skills-external/frontend-design/ — install-plugins.sh Step 8b and
  update-all.sh cp the latest SKILL.md from the example-skills plugin cache
  over it, so it churned a diff each time Anthropic shipped an update. The
  source is always re-synced (example-skills is always installed), so no
  vendored copy is needed.
- .agents/ and skills-lock.json — `npx skills add` (darwin-skill) installs
  at project scope into the repo. Our own agents live in agents/ (no dot)
  and stay tracked; the dotted pollution dir is anchored-ignored (/.agents/).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 15:29:01 +02:00
Bastien Chanot
51afe9bd19 build(install): auto-revert curated config after install
graphify's installer rewrites CLAUDE.md + .claude/settings.json (clobbers
the curated graphify section, drops the "This repo only" header, injects
aggressive MANDATORY pre-tool hooks) and `claude plugin install` flips
enable-states in settings.json. These 3 files are hand-curated, never
installer-owned.

Snapshot them at the top of install-plugins.sh and restore on EXIT (trap)
so `make install` / `make plugin` leaves them exactly as found. Pre-existing
local edits are preserved; only installer drift is undone. Verified with an
isolated drift→restore test. update-all.sh needs no guard — it only runs
`claude plugin update` (no enable flips) and never re-runs graphify's
CLAUDE.md/settings integration.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 15:29:01 +02:00
Bastien Chanot
4e178dc393 chore(memory): BDR-027 + LRN-038 + BLK-008 (install revert + Ubuntu 26.04 chromium)
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 14:11:52 +02:00
Bastien Chanot
2194b11329 fix(install): install jq prerequisite (active hooks require it)
jq is used 18+ times in always-on hooks (statusline.sh, rtk-rewrite.sh)
but was never installed by any script — it only worked because dev
machines happened to have it; a bare machine breaks at hook-run time.
Add it to Step 1 (same inline pattern as the other prereqs) and to
doctor.sh at fail level.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 14:09:55 +02:00
Bastien Chanot
211c7d4594 fix(install): pin Playwright host-platform on Ubuntu >24.04
Ubuntu 26.04 (and any release newer than 24.04) isn't in Playwright
1.58.2's supported-build list, so gstack's ./setup aborted with
"Playwright does not support chromium on ubuntu26.04-x64".

Add gated helper playwright_platform_override() (ubuntu >24.04 → echoes
ubuntu24.04-<arch>, else nothing). Export PLAYWRIGHT_HOST_PLATFORM_OVERRIDE
before gstack ./setup (install-time download) and persist it to the shell
profile (runtime browser launch). Playwright then pulls a compatible
Chrome-for-Testing fallback build instead of erroring.

Verified on Ubuntu 26.04: override emitted correctly (no var leak), CfT
build resolves all shared libs (ldd) and renders headless. No submodule
edits — purely an env pin from the wrapper.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 14:09:12 +02:00
Bastien Chanot
b6cc8b1a86 fix(install): nvm fallback when node/npm missing
Fresh machine had no npm → install.sh err-exited before the Claude Code
CLI install could run. Instead of aborting, bootstrap the current LTS via
nvm (v0.39.7) → `nvm install --lts` when node or npm is absent. Keeps the
>=18 floor + friendly messages on hard failure.

Replaces the reverted lib/install-prereqs.sh centralization with the
minimal targeted fix.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01UyNYwD4UccVw9ZCFZyJX55
2026-06-23 14:09:12 +02:00
Bastien Chanot
937dd1d366 chore(memory): BDR-025 + BDR-026 + LRN-037
BDR-025: design gate = profile-based (tier=profil, GATE-BLOCK allowlist,
magic required-but-manual, unknown->fail-visible exit 11, claude resolved via
ensure_claude_on_path since command -v depends on PATH carrying nvm bin). Alts
rejected: hardcoded tier->tools, advisory magic, strict fail-closed.
BDR-026: secret source-of-truth in ~/.claude/.env via repo/.env symlink;
source follows link -> zero read-path change; link_env defensive.
LRN-037: verify the load-bearing scenario on the real subject in real context,
not a stub/logic — every refutation this chantier came from execution.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 17:10:51 +02:00
Bastien Chanot
0985153b26 chore(memory): LRN-036 — command -v depends on PATH not alias
Real cause of the gate's 'claude absent'/unknown: command -v claude needs the
nvm node bin on PATH; a sanitized-PATH hook/subshell or a version-pinned nvm
path loses it. NOT the alias (refuted: binary on inherited PATH makes command
-v succeed), NOT exit 11 (that's the mitigation). Fix = ensure_claude_on_path.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 12:14:24 +02:00
Bastien Chanot
f9cc86614a docs(secrets): .env.example points at ~/.claude/.env
Stale "Copy to .env" comment updated to the inverted layout: the real key
lives in ~/.claude/.env and link.sh symlinks repo/.env to it. Comment only;
the MAGIC_API_KEY placeholder is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 12:13:11 +02:00
Bastien Chanot
f96331844c fix(design-gate): resolve claude on a sanitized PATH (real cause of unknown)
The "unknown -> exit 11" path triggers when `command -v claude` fails. Root
cause is NOT the interactive alias (claude->dtach_claude) not surviving the
subshell — that's true but harmless: the real binary is on the inherited PATH,
so `command -v` finds it in a normal `bash script.sh` (proven: toggle-external
and the gate both resolve claude). The actual lever is PATH carrying the nvm
node bin. A skill/hook that shells the gate out with a sanitized PATH, or a node
upgrade moving the version-pinned nvm path, loses it.

ensure_claude_on_path(): if `command -v claude` already resolves, do nothing;
else probe known install dirs (~/.claude/local, ~/.local/bin, /usr/local/bin)
and the nvm glob, prepending the bin dir — which carries BOTH claude and its
node runtime (claude's shebang needs node, same dir). nvm keeps old versions
after an upgrade, so pick the newest that ships claude via sort -V, not the
first glob match. If nothing resolves, command -v still fails -> unknown ->
exit 11 (fail-visible net stays).

Verified: shellcheck clean; normal PATH -> READY exit 0 (function returns early,
no regression); PATH=/usr/bin:/bin (sanitized hook) -> now resolves claude via
the nvm glob and reports REAL magic state (READY exit 0), where before the fix
it was exit 11 unknown.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 12:12:49 +02:00
Bastien Chanot
60031c1bef chore(design-gate): repoint agents + test to profile remedy
The gate's remedy is now /profile design (not an atomic ui-ux-pro-max toggle),
but several callers still described the old "ask user to activate ui-ux-pro-max"
behavior. Repoint the prose — the `Follow lib/design-gate.md` pointers stayed
valid (the gate was extended in place), so only descriptions change:

- agents/feater.md, hotfixer.md, bugfixer.md (STEP 0.5/1.5 gate bullet):
  signals found → run design-tool-gate.sh; if INCOMPLETE → /profile design.
- agents/feater.md rule 6: trigger is "design toolchain incomplete", not
  "ui-ux-pro-max inactive".
- agents/plugin-advisor.md: gate points at /profile design when the toolchain
  is incomplete.
- skills/feat/test-prompts.json (id 2): expected behavior updated; still valid JSON.

No logic change — descriptions only, aligned with the profile-based gate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:59:37 +02:00
Bastien Chanot
4d191354c6 fix(design-gate): fail-visible on unverified tools (no silent READY)
When `claude` is unreachable, the plugin/MCP checks (magic, ui-ux-pro-max —
the most important design tools) return `unknown`. The old verdict folded that
into a silent `READY` exit 0 — a fail-OPEN: the gate granted "proceed" exactly
when it had verified nothing. Contradicts the fail-closed-on-uncertainty rule.

Now fail-VISIBLE (not strict fail-closed — claude can be merely slow, false
blocks would get the gate ignored): a third outcome READY BUT UNVERIFIED with a
distinct exit 11. It proceeds, but says so loudly and names the unchecked tools,
telling the user to confirm with `claude mcp list` / `claude plugin list`. The
distinct non-zero code also stops a naive `if gate; then proceed` shell caller
from silently passing. Also covers the non-reproducible "transient claude absent
after apply" flake seen in live testing.

design-gate.md §DECISION updated: exit-code line + a real branch-3 state for 11.

Verified: shellcheck clean; reachable+active -> READY exit 0; claude off PATH ->
READY BUT UNVERIFIED exit 11 naming magic+ui-ux-pro-max; magic off -> INCOMPLETE
exit 10 (trip branch intact after the restructure).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:57:48 +02:00
Bastien Chanot
131d0bcb5d feat(secrets): .env source-of-truth in ~/.claude + repo symlink
Move the real secret out of the git tree: the key lives in ~/.claude/.env
(outside the repo), and link.sh symlinks repo/.env -> ~/.claude/.env so
`source "$REPO/.env"` resolves transparently. The secret never enters git —
not as content (it's a link) and not by accident (gitignored).

link.sh: add link_env() — verify ~/.claude/.env exists + has MAGIC_API_KEY
(warn, never create/copy the secret), then create repo/.env -> ~/.claude/.env.
Defensive + idempotent: links only when repo/.env is absent or already the
right symlink; a residual REAL repo/.env is left untouched with a migrate hint
(never clobbered, so the secret can't be destroyed).

.gitignore: harden .env -> .env + .env.* + !.env.example (covers .env.local,
.env.bak, .env.save; keeps the template tracked).

Messages point at ~/.claude/.env (the canonical edit location) instead of the
ambiguous $REPO/.env: design-tool-gate.sh gate output, design-gate.md
(branch 3 + IMPORTANT), toggle-external.sh, install-plugins.sh.

Verified: shellcheck clean (link.sh, toggle-external.sh, design-tool-gate.sh);
link.sh created the symlink (1 change, idempotent re-run); repo/.env absent
from git status; magic-off path still exits 10 with the ~/.claude/.env hint.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:44:47 +02:00
Bastien Chanot
2e6725e8bb docs(claude-md): design gate → pointer to lib
Replace the inline "Design gate (automatic)" description — which still named
the old atomic "ui-ux-pro-max inactive → ask user" behavior — with a one-line
pointer to the gate spec, now that the gate logic lives in design-gate.md +
design-tool-gate.sh and points at /profile design. No design rule changed;
the Orchestrators line (STEP 0 plugin-check) is untouched.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:22:01 +02:00
Bastien Chanot
3eefb8ad7c feat(design-gate): profile-based toolchain gate + design-tool-gate.sh
design-tool-gate.sh: deterministic design-toolchain state check. Reads the
design-core tools from design.profile's `# GATE-BLOCK:` allowlist + their
types via `profile.sh show design --plain` (claude-free parse contract),
checks each on its own channel (skill symlink / claude plugin list / claude
mcp list / command -v). Never reads disabledMcpServers. Exit 0 ready · 10
incomplete · 2 error.

Remedy is always a profile (/profile design), never an atomic tool toggle —
the profile system stays the single source of truth for activation. magic is
required-but-manual: it TRIPS the gate (not advisory) and the output names
the MAGIC_API_KEY step. Non-design tools bundled in the profile (browse,
plan-*, design-shotgun, graphify) are excluded from the trip via GATE-BLOCK,
so the gate fires only on real design tools.

design-gate.md: §DECISION rewritten profile-based (tier → run script → branch
on 3 groups), replacing the old atomic "ask user to activate ui-ux-pro-max".
§DETECTION unchanged. design.profile: add the `# GATE-BLOCK:` allowlist
(8 design-core tools); it is a comment, so read_profile/--plain are unaffected.

Verified: shellcheck clean; magic-off (real design profile) → exit 10 +
API-key line; all active → exit 0; browse-off (non-GATE-BLOCK) → exit 0,
no trip.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-21 11:21:48 +02:00
Bastien Chanot
9d8b4cc38c chore(memory): capitalize LRN-034 + LRN-035
LRN-034: narrated state (any source) ≠ ground truth — P3 was believed
applied (approval confused with writing, accepted without re-checking)
until git proved otherwise on reprise. Lead signal missed = internal
contradiction ("P3 non écrit" then "P3 fait"). Verify against git.
LRN-035: honest dedup — name-mention ≠ definition-instance; the dosage
rule correctly reduced P4 to a no-op, don't force factorization.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-21 02:43:00 +02:00
Bastien Chanot
663b16c472 docs(claude-md): merge workflow/todo + emphasis discipline
P5: merge the TODO volet of ## Workflow with ## Task tracking into a
single ## Planning & TODO section (when to plan / exempt scope / how to
track), placed right after ## Workflow. Drops the "see Workflow" cross-ref;
no rule lost.

P6: reserve emphasis caps (NEVER/ALWAYS/MUST/FORBIDDEN/ONLY/No…) for the
~9 critical rules only (security, never-invent, append-only memory, radical
honesty, never-assume, STOP, SPA-ban, supply-chain dep vetting). Downgrade
process/style dressing to normal case so the critical anchors stand out.
Typography only — no content or meaning changes.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-21 02:26:50 +02:00
Bastien Chanot
493b6b904e docs(claude-md): consolidate design routing
Design routing was split across 3 places (Skill-routing entries, the
Design gate paragraph, and the Design work section). Collapse the 3
skill-routing design entries to one renvoi; move the Design gate into
"## Design work — full toolchain"; mark that section the single source.
No rule lost — gate preserved verbatim, just relocated.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 20:09:00 +02:00
Bastien Chanot
a06b6d718f chore(memory): capitalize LRN-032 + LRN-033 + BDR-024
LRN-032: rule has a domain — applying it out-of-domain = category error;
check artifact class before invoking (80-char rule = source-code, not CLI
output). Cross-ref LRN-031 (paired meta-lessons on not applying mechanically).
LRN-033: multibyte separator breaks printf %-Ns byte-padding; pad via ${#}.
BDR-024: show --plain = claude-free parse contract for the upcoming design gate.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 20:03:34 +02:00
Bastien Chanot
5776195eb6 feat(profile): list counters + grouped show + --plain parse mode
list: ITEMS column with compact per-category counts (e.g. 12s·1p·1m·1c),
left block aligned; full descriptions kept (CLI output, not 80-strict).
show: grouped by type (gstack/external/personal/plugin/mcp/cli) with
status; redundant per-line TYPE column and plugin marketplace suffix dropped.
show --plain: parsable "type<TAB>name" list, no status, zero claude calls —
the contract for the upcoming design gate. All derived from .profile files.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 19:59:19 +02:00
Bastien Chanot
d4a5cfec93 chore(caveman): purge plugin + always-on integration
Disable + uninstall caveman@caveman and delete every repo dependency on
it: SessionStart/UserPromptSubmit hook blocks, standalone hook files,
settings.json enabledPlugins + marketplace entries, install-plugins.sh
STEP 5.5, update-all.sh refresh step, plugins.lock.json entry, doctor.sh
checks, lib/detect-plugins.sh helpers, lib/profile.sh + plugin-advisor +
skills/profile protected-list entries, .gitignore runtime-file block,
and README/USAGE docs. Dead /caveman:compress refs replaced with
manual/claude.ai guidance. Memory-registry terse-format convention kept
(separate subsystem). Version 3.4.0 -> 3.5.0.

On a subscription plan caveman's ~75% output-token compression has no
cost benefit, and the always-on hooks added friction on validation
gates and client deliverables.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 19:08:40 +02:00
Bastien Chanot
7403c658d2 chore(memory): capitalize BDR-023 + LRN-031
BDR-023 — merge /close into /capitalize (2 modes + TODO reconcile), /close
now a thin alias. LRN-031 — a skill earns complexity only on gate +
anti-noise + determinism, not by re-coding what a capable agent does free;
if the RED baseline passes, harden the fixture. Journal 2026-06-19.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 18:48:13 +02:00
Bastien Chanot
765e9d78b1 refactor(capitalize): trim PASS A to the restraint rule + flag untested gate
PASS A done-detection was ~60% machinery a capable agent already does for
free (the baseline checked done tasks and left the umbrella task alone
unaided). Cut the git-command how-to and worked example; keep only the
load-bearing restraint rule (flip only on a clean task<->commit map;
partial/umbrella/vague stay unchecked; never guess).

Add a Red flag: the STEP 3 gate STOP was never exercised (non-interactive
build harness printed the gate then proceeded as approved) — confirm it
halts before any write on first real use. TDD note records the same caveat.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01X3e8LaH2vymmxyh36h3jFU
2026-06-19 18:17:45 +02:00