open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

docs(voyage): bump v4.3.0 + update CLAUDE.md + README.md + CHANGELOG.md

Browse source 
Step 33 of v4.3 plan — Wave 8 docs (3-doc-niv mandate):

- package.json: version 4.2.0 -> 4.3.0
- CHANGELOG.md: v4.3.0 entry dated 2026-05-10 with Added/Changed/Fixed/
  Deferred-to-v4.4/Notes covering Wave 0-8 leveranser (dashboard-sentrisk
  layout, file://-loader 3 entry points, anchor-rendering modent, A11Y
  panel fra DS-primitives, screenshots-spor convention, DOMPurify ven-
  doring, voyage-scope DS-tokens, test pyramid Groups A-D, Playwright
  devDeps).
- CLAUDE.md: nytt 'Playground (v4.3)' avsnitt under Architecture som
  beskriver dashboard-modell, file-loader, anchor-rendering, A11Y panel,
  screenshots-spor, security hardening, og test pyramid.
- README.md: version badge 3.4.1 -> 4.3.0; '/trekrevise — Annotation
  playground' avsnitt utvidet med v4.3 rebuild-detaljer og pekere til
  playground/README.md + sc1-checklist-verification.md.

Test count: 705 pass / 0 fail / 2 skipped (npm test).
doc-consistency.test.mjs: 42/42 pass.
This commit is contained in:
Kjell Tore Guttormsen 2026-05-10 18:29:45 +02:00
commit ea4005960c
4 changed files with 77 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

2
plugins/voyage/CLAUDE.md
View file

@ -235,6 +235,8 @@ Local Docker Compose stack: `examples/observability/`. Operator docs: `docs/obse
**Revise (v4.2):** `/trekrevise --project <dir>` consumes a batch exported from `playground/voyage-playground.html` and folds operator annotations back into the source artifact (`brief.md` / `plan.md` / `review.md`). Phase 1 parse + validate, Phase 2 read source + rollback hygiene (`*.local.bak` via `lib/util/revision-guard.mjs`), Phase 3 parse anchors + validate placement (`lib/parsers/anchor-parser.mjs` — block-boundary discipline), Phase 4 compute revision diff + deterministic SHA-256 digest (`lib/parsers/annotation-digest.mjs`), Phase 5 atomic apply via `lib/util/markdown-write.mjs`, Phase 6 round-trip integrity (`stripAnchors`-of-written equals pre-write body), Phase 7 optional review-gate when target is plan and review.md exists, Phase 8 stats + report. Single-iteration MVP — each batch produces one `revision:` increment with `source_annotations:` audit trail. **Handover 8** (`docs/HANDOVER-CONTRACTS.md`) — additive frontmatter; no `*_version` bump; artifacts written before v4.2 validate as `revision: 0`.
**Playground (v4.3):** `playground/voyage-playground.html` is the operator-facing surface for browsing voyage projects and editing annotations. v4.3 rebuilds the v4.2 playground from the ground up — dashboard-centric layout (`fleet-grid` of `fleet-tile` per artifact), file://-loader with three entry points (`webkitdirectory` directory-picker / drag-drop with `webkitGetAsEntry` recursive walk / URL-parameter `?project=/abs/path`), block-boundary anchor placement matching browser-side `parseAnchor` to Node-side `lib/parsers/anchor-parser.mjs` regex, hidden-by-default sidebar-rail with J/K keyboard navigation, two-opacity pattern (active 100% / inactive 40% / resolved 30% strikethrough), A11Y panel built from DS-primitives, screenshots-spor convention via `window.__voyage` hooks (`navigate` / `scheduleRender` / `getProjectArtifacts`) + `docs/screenshots/`. Path-traversal + symlink/dotfile filter (`isProjectPathSafe`) blocks `..` / `node_modules/` / `dist/` / `build/` / hidden-paths with `aria-live` announces. DOMPurify ≥ 3.1.1 vendored for `sanitizeAnnotation`; HTML-comment indirect prompt-injection mitigation via `parseAnchor`-allowlist gate before `md.render`. Total bundle 388 KB / 460 KB HALT-gate. Test pyramid Groups A-D — Group A 17 static-HTML tests (SC1 10-element checklist + SC3 + SC6 + SC7 tag-level no-CDN), Group B 9 DS-token + theme-toggle + sidebar-tab + keyboard-pattern tests, Group C 7 export-bundle schema + `annotation_digest` SHA-256 validity tests, Group D 4 Playwright e2e (light/dark axe-core delta-baseline + pixel-diff smoke + zero-external-network authoritative gate). See `playground/README.md` + `docs/sc1-checklist-verification.md`.
**Security:** 4-layer defense-in-depth: plugin hooks (pre-bash-executor, pre-write-executor), prompt-level denylist (works in headless sessions), pre-execution plan scan (Phase 2.4), scoped `--allowedTools` replacing `--dangerously-skip-permissions`. Hard Rules 14-16 enforce verify command security, repo-boundary writes, and sensitive path protection.
**Pipeline:** `/trekbrief` produces the task brief. `/trekresearch --project <dir>` fills in `{dir}/research/`. `/trekplan --project <dir>` reads brief + research to produce `{dir}/plan.md` (and auto-discovers `{dir}/architecture/overview.md` if an opt-in upstream architect plugin produced one). `/trekexecute --project <dir>` executes and writes `{dir}/progress.json`. `/trekreview --project <dir>` produces `{dir}/review.md`. `/trekrevise --project <dir>` (v4.2) folds operator annotations back into any of the three artifacts in-place, with audit trail in frontmatter. All artifacts live in one project directory.