-
- resolveDbConfig only ever received the 5 DB_* keys dbEnvFromConfig emits; the MYSQL_*/DB_PASS/DB_NAME fallbacks had no producer (dead speculative generality, a dotenv-era leftover). Remove them. - collapse the config → DB_* env-shape → connection two-hop: resolveDbConfig now reads config.database.{host,port,user,password,schema} directly, and dbEnvFromConfig is removed. - CLI contract (node apply-ddl.mjs <configPath> <ddlPath>), the only caller via db-init, is unchanged. - rewrite tests to the parsed-config shape; drop the alias-only tests. 53 pass. -
- delete lib/merge-gitignore.mjs + merge-gitignore.test.mjs: over-engineered for a once-run greenfield step (base .gitignore usually absent; duplicate ignore patterns are harmless) - D now uses C.1-style Read+Write: Write template if no .gitignore, else append missing lines (consistent with render.mjs removal + scope-lock direct-write) - removes the 'pre-Write empty .gitignore' fragility (Write self-creates); skeleton-gen drops Bash(node *) from allowed-tools
-
- remove render.mjs/render.test.mjs (scope-lock now writes REQ cards directly) - add yaml-config.mjs: minimal 2-level YAML reader (+ tests) - apply-ddl: parse config-vars.yaml database: section instead of .env.local dotenv; drop assertSafeDbTarget host-whitelist + schema guards (config-vars.yaml is trusted) - merge-gitignore/validate-ddl: self-contained pathToFileURL comment (no longer 'see render.mjs')
-
Independent Claude + Codex review of the working-tree diff surfaced 23 issues; all applied in-place across three domains. workflows/coding.mjs (9): - spec/plan/verify/review prompts now git-commit their artifacts (closes milestone-dirty-worktree halt risk) - CHECKBOX_STATE_SCHEMA requires `state` + defensive guard in reviewWithFixLoop - writeDocs08FieldPromptM scopes edits to module via line anchor - assertSafeId guards Router output (module/REQ/FE ids) - featureLoop captures reviewWithFixLoop's return value - dateFromArtifactPath rejects impossible dates (9999-99-99 etc.) - terminal HALT review-unresolved message disambiguated - updated comment on top-level `return` (ESM vs node --check) lib/validate-ddl.mjs + tests (10): - extractType preserves unsigned/signed modifiers - KEY/INDEX fallthrough no longer creates spurious 'KEY' columns - FOREIGN KEY REFERENCES accepts schema-qualified `db.table` - index keys normalized to name:kind:cols (UNIQUE-aware) - FK keys include ON DELETE action (defaults to RESTRICT) - CREATE TEMPORARY TABLE parsed - parseForeignKeyBullet/parseIndexBullet reject prose bullets - +10 regression tests (62 total, all pass) - merge-gitignore.mjs docstring synced to implementation skills/ (4): - docs-06 template header: § 一~二 → § 一~三 - downstream-gen §A steps renumbered 1-7 (was 1,3,4,5,6,7,8) - docs-08 initial template adds tokens.css checkbox - coding-start drops "已在后台启动" wording (Workflow is synchronous)
-
- 新增 scope-lock/templates/config-vars-template.yaml:非敏感项目级配置 (包名/端口/前端包名/初始账号)+ secrets_ref 键名引用 .env.local; A1 E.2 锁定。docs/07 改为只记规则/约定不记具体值。 - 连带更新 skeleton-gen / plan-start 闸门 2 / frontend-scope-lock / CLAUDE-template / README / docs-06·07 模板对齐新的配置分层与 docs/06 小节编号。 - lib 修复(含回归测试): - apply-ddl: 抽出 resolveDbConfig,DB_SCHEMA 为契约 schema 键,缺库名 fail-closed (M1) - render: 用 Object.hasOwn 拒绝原型链继承键,guard process.argv[1] - validate-ddl: 解析 ### 索引/### 外键 bullet (C2)、剥 SQL 注释防幽灵表 (L4)、PRIMARY 归一化 - coding.mjs: Router 把全部前端 FE 聚合为单一末尾 frontend-phase 模块; 新增 branchSetupPrompt 功能分支生命周期 (C1);diff 区间改三点 diff;fix 后复跑 verify。
-
…frontend scope-lock) + de-bash + ERP-confirmable