feat(ultraplan-local): Spor 3 — semantic plan-critic, examples, CC features, security docs

- agents/plan-critic.md: rule #7 split into literal blockers (TBD/TODO/FIXME) + semantic rubric with 8 deferred-decision tests; calibrated against the 5-phrase corpus from the v3.1.0 quality brief - hooks/hooks.json: rebuilt from corrupted state; valid JSON, registers PreToolUse(Bash,Write), UserPromptSubmit, PostToolUse(Bash), PreCompact - hooks/scripts/session-title.mjs: NEW — sets ultra:<cmd>:<slug> session title for ultra commands (CC v2.1.94+) - hooks/scripts/post-bash-stats.mjs: NEW — appends duration_ms per Bash call to ultraexecute-stats.jsonl (CC v2.1.97+) - SECURITY.md: NEW — Forgejo private-issue reporting, supported = current minor only, scope = 4 hooks + denylist, hardening recommendations - docs/architect-bridge-test.md: NEW — manual smoke checklist for the ultraplan ↔ ultra-cc-architect bridge - examples/01-add-verbose-flag/: NEW — calibrated end-to-end (brief + research + plan + progress.json) for fork-er onramp; all four artifacts pass their validators - README.md: + Extending the plugin, + Headless multi-session tuning (MCP_CONNECTION_NONBLOCKING), + Session titles, + Per-step timing, + disableSkillShellExecution recommendation - CLAUDE.md: documents session-title.mjs and post-bash-stats.mjs - root README.md: v3.1.0 entry expanded with Spor 2+3 deliverables CC features adopted: F8, F9, F12 implemented; F3 implemented as Bash PostToolUse logger; F2 (hook 'if'-field scoping) deferred — universal protection beats reduced-scope protection for blocked commands. Tests: 109/109 green. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 06:28:44 +02:00 · 2026-05-01 06:28:44 +02:00 · 9ecd225018
commit 9ecd225018
parent 34669d596c
15 changed files with 1170 additions and 59 deletions
--- a/plugins/ultraplan-local/examples/01-add-verbose-flag/REGENERATED.md
+++ b/plugins/ultraplan-local/examples/01-add-verbose-flag/REGENERATED.md
@ -0,0 +1,56 @@
+# Regeneration log — 01-add-verbose-flag
+
+| Field | Value |
+|-------|-------|
+| Last regenerated | 2026-05-01 |
+| ultraplan-local version | 3.1.0 |
+| Claude Code version | ≥ 2.1.105 (PreCompact-hook) |
+| Source brief author | Hand-calibrated example, not LLM-generated |
+| Plan author | Hand-calibrated to demonstrate plan_version 1.7 schema + manifest YAML |
+
+## What this is
+
+A complete walk-through of the four-stage pipeline for one realistic
+small task: adding a `--verbose` flag to a hypothetical `small-auth`
+CLI parser. Every artifact is hand-calibrated, not LLM-generated, so
+fork-ers can study the *shape* without worrying about whether an
+LLM hallucinated something.
+
+## What "regenerate" means
+
+If the artifact format changes (frontmatter schema, manifest YAML
+keys, progress.json version), this example needs to be re-built so
+fork-ers don't learn an obsolete shape.
+
+Triggers for regeneration:
+
+- `plan_version` bumps
+- Frontmatter schema additions to `brief.md` or `research/*.md`
+- New required keys in manifest YAML
+- `progress.json` schema bump beyond `schema_version: "1"`
+
+When regenerating: do **not** run an actual LLM-driven pipeline against
+this brief. Hand-calibrate against the new schema so the example stays
+deterministic and reviewable.
+
+## Project assumed
+
+A fictional `small-auth` CLI with this layout:
+
+```
+small-auth/
+├── package.json
+├── src/
+│   ├── cli.mjs                    # 80-line argv parser (hand-rolled)
+│   └── commands/
+│       ├── login.mjs
+│       ├── logout.mjs
+│       ├── whoami.mjs
+│       ├── token-refresh.mjs
+│       ├── users-list.mjs
+│       └── users-create.mjs
+└── tests/                         # 24 tests, node:test
+```
+
+This project is **not** in the plugin repo. The example artifacts
+reference it as if it were the cwd of an `/ultraexecute-local` run.