[Extension]: Update DocGuard — CDD Enforcement (v0.28.0)

[raccioly]

Extension ID

docguard

Extension Name

DocGuard — CDD Enforcement

Version

0.28.0

Description

Canonical-Driven Development enforcement. Validates, scores, and traces project documentation with automated checks, AI-driven workflows, and spec-kit hooks. One pinned runtime dependency; pure Node.js otherwise.

Author

raccioly

Repository URL

https://github.com/raccioly/docguard

Download URL

https://github.com/raccioly/docguard/releases/download/v0.28.0/spec-kit-docguard-v0.28.0.zip

License

MIT

Homepage (optional)

https://www.npmjs.com/package/docguard-cli

Documentation URL (optional)

https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md

Changelog URL (optional)

https://github.com/raccioly/docguard/blob/main/CHANGELOG.md

Required Spec Kit Version

=0.1.0

Required Tools (optional)

- node (>=18.0.0) - required
- npx - required
- specify - optional (auto-initializes the SDD workflow during docguard init)

Number of Commands

6

Number of Hooks (optional)

3

Tags

documentation, validation, quality, cdd, traceability, ai-agents, enforcement, spec-kit

Key Features

• 19-validator quality gate with severity triage and a remediation plan
• AI-driven documentation repair with codebase research and validation loops
• Cross-document semantic consistency analysis (read-only review)
• CDD maturity score with an ROI-based improvement roadmap
• Reverse-engineers canonical docs from an existing codebase
• spec-kit workflow hooks (after_implement, before_tasks, after_tasks)

Testing Checklist

• Extension installs successfully via download URL
• All commands execute without errors
• Documentation is complete and accurate
• No security vulnerabilities identified
• Tested on at least one real project

Submission Requirements

• Valid extension.yml manifest included
• README.md with installation and usage instructions
• LICENSE file included
• GitHub release created with version tag
• All command files exist and are properly formatted
• Extension ID follows naming conventions (lowercase-with-hyphens)

Testing Details

Tested on: Linux + macOS with the spec-kit CLI.

Install:

specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.28.0/spec-kit-docguard-v0.28.0.zip

Scenarios verified:

1. Extension installs from the release ZIP without manifest validation errors.
2. All six speckit.docguard.* commands resolve and run.
3. The three workflow hooks register against spec-kit's lifecycle.

Example Usage

# Install the extension
specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.28.0/spec-kit-docguard-v0.28.0.zip

# Run the documentation quality gate
/speckit.docguard.guard

Proposed Catalog Entry

json
{
  "docguard": {
    "name": "DocGuard \u2014 CDD Enforcement",
    "id": "docguard",
    "description": "Canonical-Driven Development enforcement. Validates, scores, and traces project documentation with automated checks, AI-driven workflows, and spec-kit hooks. One pinned runtime dependency; pure Node.js otherwise.",
    "author": "raccioly",
    "version": "0.28.0",
    "download_url": "https://github.com/raccioly/docguard/releases/download/v0.28.0/spec-kit-docguard-v0.28.0.zip",
    "repository": "https://github.com/raccioly/docguard",
    "homepage": "https://www.npmjs.com/package/docguard-cli",
    "documentation": "https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md",
    "changelog": "https://github.com/raccioly/docguard/blob/main/CHANGELOG.md",
    "license": "MIT",
    "requires": {
      "speckit_version": ">=0.1.0",
      "tools": [
        {
          "name": "node",
          "version": ">=18.0.0",
          "required": true
        }
      ]
    },
    "provides": {
      "commands": 6,
      "hooks": 3
    },
    "tags": [
      "documentation",
      "validation",
      "quality",
      "cdd",
      "traceability",
      "ai-agents",
      "enforcement",
      "spec-kit"
    ],
    "verified": false,
    "downloads": 0,
    "stars": 0
  }
}

Additional Context

This is an update to an existing catalog entry (docguard) for a new release — please bump the version and download URL on the current entry rather than adding a duplicate.

Release notes (v0.28.0):

Closes the detection-gap items deferred from LLM field report #3 — the checks
regex/AST couldn't make before — plus a latent CI-correctness bug surfaced by
dogfooding.

Added

• docguard verify --semantic (field report feat: implement in Japanese #5) — extracts the semantic
  claims in the canonical docs (documented numbers, limits, and enums: retention
  days, rate limits, GSI/role counts, status enums) as a structured verification
  task list with each claim's doc:line, section, and nearest cited code path. The
  highest-value bug class (a doc value drifted from code) and the one regex/AST
  can't judge — so DocGuard does the deterministic discovery and the agent does
  the comparison (the docguard agent division of labour). Precision-first:
  numbers count only with a recognized unit, enums only as 2+ UPPER_SNAKE values
  in a status/state context; version strings, dates, and code-fenced numbers are
  ignored.
• docguard sync --tests (field report Include instructions for uvx dependency #10) — reconciles the hand-maintained
  TEST-SPEC Source-to-Test Map from disk: drops ghost-source rows (source file
  deleted), appends newly-covered co-located source↔test pairs, and reports ghost
  test references for the human (never auto-edits a curated status/notes cell).
  Preview by default; --write applies.

Fixed

• Dynamic import() no longer counted as an import cycle (field report Fix release workflow to work with repository rules #2) —
  the Architecture validator excludes runtime await import() edges from cycle
  detection (a dynamic import is the canonical way to BREAK a load-time cycle).
  Static import/require edges still count, and dynamic edges still count for
  layer-boundary checks.
• API-Surface diffs the OpenAPI spec against the registered routes (field
  report doco(spec-driven): Fix small typo in spec-driven.md #4) — when a spec is the authoritative surface, the API-REFERENCE doc
  reconciles against the spec, so a spec that declares a phantom endpoint (no
  Express/Fastify route registers it) passed clean. It's now flagged. Conservative:
  only runs when code routes are actually scannable.
• Freshness markers stamped on init (field report Sample Guidance on how to version control "context" within the repository #11) — the SECURITY,
  ENVIRONMENT, TEST-SPEC, and REQUIREMENTS templates gained the standard
  docguard:last-reviewed header, and init stamps every canonical doc with a
  today-dated marker (belt-and-suspenders for future templates). Freshness is now
  marker-based and consistent from day one — and satisfiable in a pre-commit
  review loop. explain freshness now documents the marker > git-mtime precedence.
• guard --format json no longer truncates large reports — replaced
  console.log(...) + process.exit() with process.exitCode + a drained write.
  A JSON payload over ~8 KB written to a pipe flushes asynchronously, so the
  immediate process.exit() cut it off mid-string — a CI consumer parsing stdout
  got "Unterminated string in JSON" on exactly the big reports that matter.
  (Surfaced by dogfooding this release.)

Notes

• Tests 813 → 825 (new tests/field-report-3-deferred.test.mjs, each fix with a
  non-vacuous control). All field-report-3 items are now addressed.

[github-actions]

cc @github/spec-kit-maintainers — new catalog submission for review.

[github-actions]

Pull request created: #3115

Generated by Add Community Extension from Issue Submission · 279.8 AIC · ⌖ 16.3 AIC · ⊞ 32.9K

[mnriem]

Thank you!