apply-skill-op.mjs skrev aldri score-cachen (data/skill-score-report.json) selv
— kun score-skill.mjs --write gjorde det. Etter en create/merge/sanitize/retire-
apply var derfor STEG C SessionStart-surfacingen stale til operatøren manuelt
re-scoret.
Ny eksportert refreshScoreCache(report, {cachePath, generatedAt}): ren
scoreReport+buildScoreCache, én writeFileSync, injiserbar generatedAt (determini-
stisk i test). main() bygger nå buildReport() ÉN gang ved res.applied og deler
den mellom printQualityGate(report,…) (refaktorert til å ta report) og
refreshScoreCache(report). Hel-korpus med vilje: retire dropper, create legger
til, merge/sanitize flytter søsken-K10 → cachen er uavhengig av HVILKEN skill
endret seg.
TDD: 4 nye assert i tests/kb-eval/test-apply-score-cache.test.mjs (RED→GREEN).
kb-eval 154/154, kb-update 323/323, validate 239/0, kb-integrity 192/0. Real
cache er gitignored → testene skriver kun til tmpdir.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
summarizeSkillQuality(cache) (pure) in detection-schedule.mjs: one-liner
"Skill-kvalitet: N skills < 90 % (navn)"; null when all skills meet target,
when the cache is missing (gitignored → absent in a fresh clone), or when the
shape is malformed. Reads the CACHED skill-score-report.json (from Steg B) —
never scores live (buildReport reads ~400 ref-files). Wired into
session-start-context.mjs after the course-signals block (same
existsSync/try-catch pattern). 7 new tests (kb-update 316 → 323).
[skip-docs]: README is the public end-user doc; skill-quality scoring is
maintainer-only tooling (the cache is gitignored, so the signal never surfaces
for end-users). The right doc homes ARE updated: CLAUDE.md hook table + a
caveat note (this commit), and docs/skill-quality-scoring-plan.md §3 komponent 4.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Skjerper ms-ai-infrastructure-description for å bryte build↔operate-overlappet
mot ms-ai-engineering (operatør-godkjent leaning, S38): "multi-region"→"cross-region"
og "edge AI architecture"→"edge AI deployment". Fjerner de delte distinktive tokenene
`multi` (vekt 0.5) og `architecture` (0.333) → eng↔infra combined 7.4167→6.5833 (< 7.0
terskel). Korpus-maks faller til 6.8333 (eng↔gov, pass). Begge edits sammen gir lavere
worst-case enn edit #1 alene (6.9167), derfor robust margin.
Resultat: K10-gulvet løftes for begge → eng 89→96, infra 89→96. ALLE 5 skills nå ≥90
(advisor 91, eng/gov/infra/sec 96). Korpus-invarianten (operatør-krav S38) oppfylt.
Judge-cache (🔑-regel): description-edit invaliderer infra K1. Re-judget mot det
operatør-kuraterte 20-settet — UENDRET 1.0/0.0/1.0 (edit fjerner kun tokens → kan ikke
gi falske positive; in-domain #2/#6 trigger fortsatt på BCDR/hybrid-vokabular).
K4/K7/K8/K9 uendret (body/refs urørt). Provenance oppdatert S11→S39.
Test: K10-real-five-testen pinnet pre-fix-baseline (eng+infra FAIL) — oppdatert til å
pinne korpus-invarianten (alle 5 pass, eng↔infra < 7.0). kb-eval 142/142, kb-update
316/316, validate 239/0, kb-integrity 192/0.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Legger de fem deterministiske sjekkene fra Anthropics «Skill authoring best
practices» som K1–K10-rubrikken manglet, i begge lag av score-motoren:
- eval.mjs (disk-laget): extractName + checkN1..checkN5
- N1 name-validitet (≤64, a-z0-9-, ingen «claude»/«anthropic»; gerund rapporteres, gater ikke)
- N2 description ikke-tom + ≤1024 tegn
- N3 refs én nivå dypt (ref-fil lenker ikke til annen ref-fil)
- N4 TOC i ref-filer >100 linjer (delpoeng = andel store filer med TOC)
- N5 forward-slash-stier (ingen Windows-backslash-stier i body)
wiret inn i evalSkill.deterministic (leser nå ref-fil-innhold for N3/N4)
- lib/skill-score.mjs (ren): N1–N5 i CRITERIA (vekt 1, ikke-gulv, det)
Live-sanity mot de 5 skills: N1/N2/N5 rene, N3 fanger ekte nøstet ref i
advisor (licensing-matrix.md → 3 andre ref-filer), N4 avdekker 387 store
ref-filer uten TOC (primær forbedringsspak for oppgraderingsfasen).
Tester: kb-eval 110→134 (+24). validate 239, kb-update 316 uendret grønt.
[skip-docs]: N1–N5 alt spesifisert i docs/skill-quality-scoring-plan.md §2.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Eier-CLI kan nå sette include_course_detection uten å hand-edite den gitignored
local.md: `write-schedule-config.mjs --enabled true --cadence daily --courses true`.
Flagget er VALGFRITT (opt-in inni opt-in) — utelates det, bevares en verdi satt
andre steder gjennom onboarding-rewriten (samme merge-semantikk som
interval_days / include_skill_lifecycle).
Tester (+3): --courses true setter nøkkelen, string-coercion (CLI-args er
strenger), og non-clobbering når flagget utelates. kb-update 313→316.
docs/development.md: C3-workflow peker nå på CLI-flagget framfor manuell local.md.
Live-probe (2) kjørt mot ekte Learn Platform API: baseline-registry etablert
(1093 kurs: 843 modules + 250 learning-paths), 0 leads (korrekt baseline §8 b).
Registry/report er detektorens gitignored private state — ingen filer committet.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Tredje ledger-kolleksjon (courses), additivt ved siden av decisions (URL,
Spor A) og actions (skill, Spor B). De tre rene helperne speiler
recordAction-trioen 1:1:
- recordCourseLead(led, uid, lead) (ren, UID-nøklet)
- setCourseLeadStatus(led, uid, status, at) (ren transisjon, kaster på ukjent UID)
- isCourseLeadDecided(led, uid) (dedup policy A: any status)
createLedger()->courses:{}; loadDecisions backfiller courses ??= {} (bakoverkompat).
Strukturell ingen-ingest-invariant: apply-pathene leser ALDRI courses
(apply-skill-op.mjs->kun actions, discover-new-urls.mjs->kun decisions),
så et godkjent kurs-lead trigger aldri fetch/transform/KB-skriving.
commands/kb-update.md §3c: operatør-gate som leser course-detection-report.json,
dedup'er via isCourseLeadDecided, skriver godkjente leads via recordCourseLead
(--dry-run viser leads uten å skrive).
Tester (+16): test-decisions-courses.test.mjs. Eksisterende test-decisions-io
+ test-decisions-actions URØRT grønne (ikke-regresjons-bevis, samme mønster
som Spor B). kb-update 291->307 · validate 239/0 · kb-eval 100/0.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Lag 4 destillerer et hentet Microsoft Learn-dokument til en KB-referansefil. Speiler mønsteret fra decisions-io/verify-out: ren-funksjon-lib + tynn LLM-integrasjon + TDD. lib/transform.mjs SKRIVER ALDRI — returnerer content/verdict/sti; skriving skjer kun via operatør-gate etter lag 5.
Nøkkelfunn/-fiks: gammel prompt-template.md la kilder i en bunn-seksjon, men build-registry/kb-headers.parseSourceHeader skanner kun øverste 500 bytes → authority_source-dekning = 0 %. Lag 4 legger **Source:** i HEADER-blokka — forutsetningen for at lag 3 (fremtidig) kan backfille authority_source og lag-5 regel 3 fyrer.
- buildKbHeader({title,status,category,source,lastUpdated}): Status+Source obligatoriske (kaster ved mangel). - validateKbFile(content) → {valid,missing[]}; bruker parseSourceHeader (én sannhetskilde med build-registry). - buildChange(...): eksplisitt lag-4→lag-5-bro, mater classifyChange. - resolveTargetPath(tax,category,filename): ruter via taksonomi getCategorySkill; null=ukjent→gate.
Prompt: scripts/kb-update/transform-prompt.md (doc→KB; husformat fra prompt-template.md, status-påstander eksplisitte for lag-5-gaten). Wiret i commands/kb-update.md §3.d (ny godkjent URL→fetch→destillér→header→validate→buildChange→lag5→resolveTargetPath→gate→atomisk) + §4.d (oppdateringer passerer validateKbFile). eval.mjs eksporterer nå evalSkill for kriterium-testen.
Kriterium møtt: «regenerer 1 fil → eval-score ≥ baseline» (test-transform-criterion.test.mjs). TDD: 12 lib-tester (inkl. import-invariant: ingen write-utils) + 2 kriterium FØR kode. Tester: validate 239 · kb-update 111 (+16) · kb-eval 15 (+2) · kb-integrity 115/115.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
Rotårsak: en datoløs ref-fil fikk effectiveDate=0000-01-01 (alltid «stale») OG en path-basert prioritet (kunne bli critical) → flommet critical-bøtta og druknet genuint kritiske filer. Fix: ny unverified-tier deklarert i domain-taxonomy.json (lag 0, eneste sannhetskilde for prioritet).
makePriorityFn(tax) tar nå valgfri hasDate (default true → bakoverkompatibelt for eksisterende én-args-kallere); report-changes sender Boolean(fileDate). unverified rangerer sist i sorteringen — manglende dato er metadata-hygiene, ikke currency-hast. Ekte registry: 1 fil skilt ut som Unverified.
TDD: 4 tester FØR kode (test-priority-unverified.test.mjs).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
Map-fila divergerte fra disk-sannhet i 4 entries og var ukonsumert av all runtime (verifisert: docs/development.md erklærte allerede taksonomien som eneste kilde; kun README kalte den feilaktig «used by generate-skills»). Operatør-valg 2026-06-19: slett + rydd README. Fjerner en av de divergerende taksonomiene redesignet finnes for å eliminere.
README.md peker nå på scripts/kb-update/data/domain-taxonomy.json via lib/taxonomy.mjs getCategorySkill (disk-sann).
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
Lag 5 kjører ETTER transformasjon (lag 4) og FØR en kandidat-endring skrives til
en KB-fil. Den fanger regresjons-klassen: en status-påstand «korrigert» mot en
tilfeldig sitert side og stille auto-applyet (den kjente agentic-retrieval-
regresjonen — hovedkontekst måtte rette manuelt).
Regel (spec §21): status-påstander (GA/preview/versjon/pris) flagges ALLTID for
operatør, aldri auto-applyet — uansett hvor sikker evidensen ser ut.
- lib/verify-out.mjs: ren klassifiserer, null deps (speiler decisions-io).
detectStatusClaim(text) → {isStatus, kinds}; classifyChange(change) →
{verdict: flagged|auto-applied, status_claim, reasons}. Tre flag-regler:
status-gate (§21) · adversarial refutering · autoritets-mismatch (regresjonens
rotårsak). Konservativ med vilje: ved tvil flagges. SKRIVER ALDRI.
- Fixtur tests/fixtures/kb-update/agentic-retrieval-regression.json: den kjente
regresjonen (flat «GA» mot nyansert «delvis GA … resten preview»).
- TDD: 13 tester før kode, inkl. import-invariant (ingen write-utils).
- Wiret i kb-update.md §4 c2 (lag 5 mellom identifiser-endring og skriv).
Kriterium møtt: fixtur → flagged:true, ikke auto-applied.
Tester: validate 239 · kb-update 95 (+13) · kb-eval 13 · kb-integrity 115/115.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
build-registry leser na **Source:**/**Primary source:**-header via ny
lib/kb-headers.mjs (parseSourceHeader, 7 enhetstester) og logger dekning
(0/N i dag). Hver URL-entry far reserverte felt authority_source:null +
course:null (bakoverkompatibelt). Populering med korrekt semantikk utsatt
til verifiseringslaget (lag 3) - minimal-reservert per operator-valg.
Eksisterende status-felt (poll: tracked/not_in_sitemap/unpolled) urort for
a unnga kollisjon. kb-update 56 tester gronne.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
Ny data/domain-taxonomy.json (tracket via gitignore-negasjon; generert
registry/rapporter forblir ignorert) konsoliderer de 4 divergerende
taksonomiene: (a) sitemap-prefikser, (b) discover INCLUDE/EXCLUDE,
(c) category->skill, (d) getFilePriority. lib/taxonomy.mjs laster + kompilerer.
Refaktor: poll-sitemaps, discover-new-urls, report-changes LESER taksonomien
(ingen embeddede kopier). Kriterium grep TARGET_PREFIXES=[ == 0 oppfylt.
Konsolideringsfunn:
- category-skill-map.json stale i 4 entries (copilot-extensibility,
monitoring-observability, performance-scalability, prompt-engineering ->
sa engineering; disk sier advisor/governance/security/advisor). DISK er
kanon. Map-en er ukonsumert av kode (kun README) -> flagget, ikke rort.
- discover fikk poll-paritet (12 -> 18 sitemap-prefikser).
- skill utledes na fra kanonisk category_skill -> ingen divergens (invariant-test).
Adferdsbevarende: 0 mismatch old vs ny prioritetslogikk pa 51 endrede filer;
discover sine hardkodede skill-verdier matchet allerede disk.
Tester: validate 239, kb-update 49 (+7 taksonomi), kb-eval 13 - alle gronne.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01REiKFhP4w6xGXXqWKpPCJJ
ToS-vurdering konkluderte med at autonom cron-kjøring er unødvendig kompleks
for en solo-fork-and-own-plugin. Apply-fasen krever LLM-resonnering uansett,
så manuell trigger fra en aktiv Claude Code-sesjon er enklere og holder
pluginen klart innenfor Anthropic Consumer Terms paragraf 3 (automated access
only via API key or where explicitly permitted — Claude Code CLI er
eksemptert som offisielt verktøy).
Lagt til:
- commands/kb-update.md — ny /architect:kb-update slash-kommando som driver
poll, endringsrapport, microsoft_docs_fetch-update og commit fra sesjonen.
Argumenter: --skip-discover, --priorities, --dry-run, --single-commit
- Catalog-entry i playground HTML for kb-update (categori: tool, 4 input-felt)
Slettet (Wave 3-5 reversert, ~1500 linjer + 7 testmoduler):
- scripts/install-kb-cron.mjs (cross-OS scheduler-installer)
- scripts/kb-update/weekly-kb-cron.mjs (cron-orkestrator med pre-flight, lock,
backup, claude -p subprocess, post-run verify, rollback)
- scripts/kb-update/templates/ (4 scheduler-templates: launchd plist, systemd
service+timer, Windows ps1 + README)
- scripts/kb-update/lib/auth-mode.mjs (cron-spesifikk auth validation)
- scripts/kb-update/lib/lock-file.mjs (PID+mtime stale-detection)
- scripts/kb-update/lib/cost-estimat.mjs (pre-flight budget-cap)
- 7 testmoduler under tests/kb-update/ for slettet kode
- tests/test-kb-update.sh (Bash-3.2-shim, erstattet av direkte node --test)
Beholdt (utility-laget fortsatt brukbart):
- run-weekly-update.mjs, report-changes.mjs, build-registry.mjs,
discover-new-urls.mjs (KB change-detection-pipelinen)
- lib/atomic-write, lib/backup, lib/cross-platform-paths, lib/log-rotate
- 4 testmoduler (42/42 tester PASS)
Endret:
- hooks/scripts/session-start-context.mjs: fjern kb-update-status.json-overvaaking
- tests/run-e2e.sh --kb-update kaller node --test direkte i stedet for shim
- README.md, CLAUDE.md: KB-vedlikehold-seksjon rewriter for manuell modell
- plugin.json: 1.11.0 -> 1.12.0
- Rot README + CLAUDE.md: ms-ai-architect-versjon bumpet
Schedulering er bevisst utenfor scope og overlatt til brukeren — eventuelle
forks som vil ha periodisk varsling kan sette opp egen cron / launchd /
GitHub Actions som kjører rapport-fasen og varsler om aa kjore
/architect:kb-update i CC-sesjon.
Verifisering:
- bash tests/validate-plugin.sh: 219 PASS, 0 FAIL
- bash tests/run-e2e.sh --kb-update: 42/42 inner + suite PASS
- bash tests/run-e2e.sh --playground: 271/271 PASS (statisk + parsers)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Step 11 of v1.12.0 plan (.claude/projects/2026-05-04-kb-update-fork-and-own/plan.md).
scripts/install-kb-cron.mjs lives at the scripts/ root (not inside
scripts/kb-update/) because it is a plugin-wide install tool, not part of
the KB-update pipeline itself. Reads the appropriate template from
scripts/kb-update/templates/, fills {{NODE_BIN}}, {{PLUGIN_ROOT}},
{{LOG_FILE}}, {{SCHEDULE_HOUR/MINUTE/DAY_OF_WEEK}} placeholders, writes
to the platform-specific scheduler dir, and registers the job:
macOS - launchctl bootstrap gui/<uid> <plist> (load -w fallback)
Linux - systemctl --user daemon-reload && enable --now <timer>
Windows - powershell -ExecutionPolicy Bypass -File <ps1> (beta)
Flags: --print-only, --target macos|linux|windows, --uninstall, --purge,
--node-bin, --claude-bin, --schedule "M H * * D" (default: Wed 04:23).
UID resolution for launchctl is guarded by process.getuid() POSIX-only
(undefined on Windows). MCP server presence in ~/.claude.json is
warning-only per brief Spørsmål 7. WSL detected via /proc/version.
Cross-OS rendering supported via --print-only --target <other>; install
on a non-host target rejects with explicit error.
11 subprocess + filesystem-snapshot tests in
tests/kb-update/test-install-cron.test.mjs verify --print-only produces
filled templates with no unsubstituted {{...}} placeholders, --print-only
writes nothing under HOME, --uninstall is idempotent on an empty HOME,
--schedule substitutes correctly, and invalid flags reject with non-zero
exit. Tests never invoke launchctl/systemctl/Register-ScheduledTask
against real schedulers.
Tests: 110/110 pass (was 99 before this step).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Foundation lib for v1.12.0 cron rewrite — closes brief deliverable
"log-rotate" that was missing from the original plan (Phase 9 scope
revision). Standard logrotate idiom, zero dependencies.
- rotateLog(logPath, opts) returns {rotated, dropped, kept}
- Defaults: maxSizeBytes 10 MB, maxGenerations 5 (1 active + 4 rotated)
- No-op when log missing or under threshold
- Over-size: drop oldest, shift .N..1 down by one, move active → .1
- maxGenerations=1 keeps only the active slot (no rotated copies)
- Pure stdlib fs.renameSync chain with silent try/catch on missing gens
8/8 tests pass: missing/under-size/over-size paths, chained 6 rotations
capped at maxGenerations, oldest dropped, two-step content shift.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Foundation lib for v1.12.0 cron rewrite. Detects which Claude auth mode is
in scope and rejects modes that are architecturally incompatible with cron.
Resolution order:
- ANTHROPIC_API_KEY env-var → 'api-key'
- CLAUDE_CODE_OAUTH_TOKEN env-var → 'long-oauth'
- ~/.claude.json onboarded + runner exit 0 → 'subscription-browser-only'
- otherwise → 'unauthenticated'
Subscription browser-OAuth tokens expire ~15h and cannot survive cron — the
detector flags them explicitly so validateAuthForCron throws EAUTHCRON with
a remediation message pointing to `claude setup-token` or ANTHROPIC_API_KEY.
Both runner (subprocess invoker) and claudeJsonPath (~/.claude.json) are
dependency-injected. Tests stub them — no real subprocess spawn, no home-
directory reads.
15/15 tests pass: precedence, env-var detection, onboarded subscription,
non-onboarded fallback, validateAuthForCron throw paths.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Foundation lib for v1.12.0 cron rewrite skill-tree backup/restore.
Zero dependencies. Uses fs.cpSync (recursive + preserveTimestamps) without
dereference (Node 22.17.x regression) and without filter (Windows symlink-
type bug).
- backupDir(srcDir, backupRoot, opts) → {backupPath, retentionDays, restore()}
- Backup-id format YYYY-MM-DDTHH-MM-SS (filesystem-safe; no colons)
- .backup-meta.json sentinel written as first action inside backupPath
- restore() writes .rollback-in-progress at backupRoot BEFORE rmSync+cpSync
so a crashed restore leaves the sentinel for the next run to detect
- detectStaleRollback(backupRoot) — boolean predicate over sentinel
- cleanupOldBackups(backupRoot, retentionDays) — 3-step age resolution:
meta.created_at → dir mtime → skip-with-warning (never delete a dir
whose age cannot be established)
12/12 tests pass: timestamp format, content round-trip, sentinel lifecycle,
retention, mtime fallback, unparseable-meta skip, missing-root no-op.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Foundation lib for v1.12.0 cron rewrite. Atomic exclusive create via
fs.writeFileSync('wx'); on EEXIST resolves staleness with OR semantics:
stale if PID is dead OR mtime exceeds threshold. Either alone breaks the
lock — handles SIGKILL orphans (mtime), PID-reuse races (mtime), and
crashed-then-replaced runs (PID).
- acquireLock(lockPath, opts) → {lockPath, release()}
- staleThresholdMs default 1h; refreshIntervalMs opt-in for long runs
- registerCleanup default true (exit/SIGINT/SIGTERM/SIGHUP/uncaughtException)
- isPidAlive uses kill(pid, 0) with EPERM-as-alive nuance
12/12 tests pass: PID liveness, fixture concurrency, idempotent release,
stale variants (dead+old, live+old, fresh+live), staleThresholdMs honored.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Pure auth-mode-aware cost estimator for v1.12.0 cron pre-flight.
Heuristic: critical+high files only (medium/low excluded per brief);
3000 input + 1500 output tokens per file at Sonnet pricing
($3/M in, $15/M out).
Auth-mode behavior:
- api-key: numeric usd, kvote_warn off (subject to dollar-cap)
- long-oauth, subscription-browser-only:
usd null, kvote_warn on (quota, no dollar billing)
- unauthenticated/missing: best-effort api-key estimate
11/11 tests pass; covers both billing modes plus token-math
invariance across auth-mode (auth only affects dollar-field, not tokens).
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>