Decomposer produced 9 stories under docs/work/2026-05-14-library- evaluation-policy/, ordered to land the schema foundation first and the cross-referencing content (skill, guide, backfill) last: 01 - trace schema module + docs/library-decisions/ foundation 02 - pre-commit check script 03 - Claude PreToolUse / PostToolUse hooks 04 - evaluate-library skill 05 - human guide (docs/guides/adding-a-library.md) 06 - sandcastle reviewer prompt update 07 - generator pre-shipped traces for optional cores 08 - backfill traces for existing runtime deps 09 - CLAUDE.md Key Conventions bullet Anchored by ADR-022 + the approved PRD at docs/work/prds/2026-05-14-library-evaluation-policy.prd.md.
3.1 KiB
3.1 KiB
id, epic, title, type, status, feature, depends-on, blocks
| id | epic | title | type | status | feature | depends-on | blocks | ||
|---|---|---|---|---|---|---|---|---|---|
| 02-pre-commit-check-script | 2026-05-14-library-evaluation-policy | Pre-commit check script for library trace presence | technical-story | todo | scripts |
|
|
Goal
Write scripts/library-decisions/check.mjs — the script that walks staged package.json diffs, derives the tier of each affected package, and fails the commit when a new runtime dependency in a feature- or core-tier package has no sibling approved trace staged. Wire it into .husky/pre-commit as step 4.
Why
Human and agent reviewers cannot reliably check trace presence during code review. The pre-commit hook is the last mechanical gate before a dep reaches the repo; it runs unconditionally, composes with --no-verify protection already in the bash-guard hook, and gives the committer immediate actionable feedback.
Done when
scripts/library-decisions/check.mjsexists and: (1) readsgit diff --cached --name-only -- '**/package.json'; (2) for each stagedpackage.json, derives tier from path (apps/*→ app,packages/core-*→ core,packages/*→ feature); (3) for each newly added line independencies(notdevDependencies/peerDependencies), checks thatdocs/library-decisions/*-<name>.mdis also staged withdecision: approved; (4) exits 1 with a per-package error report + pointer to the skill when any check fails; (5) app-tier and devdep additions exit 0 silently..husky/pre-commitinvokesnode scripts/library-decisions/check.mjsafter the existing state-sync guard.scripts/library-decisions/check.test.mjscovers (using a temp git repo fixture): new feature-tier dep without trace → exit 1; new feature-tier dep with approved trace staged → exit 0; new feature-tier dep with rejected-decision trace staged → exit 1; new app-tier dep → exit 0; new devdep → exit 0; multi-file diff with mixed pass/fail → exit 1 with per-package report;peerDependencies-only change → exit 0.pnpm typecheck && pnpm lint && pnpm test && pnpm conformance && pnpm fallow:audit && pnpm coverage:diffall pass.
In scope
scripts/library-decisions/check.mjs— the check script (importsschema.mjsfrom Story 01 for trace validation).scripts/library-decisions/check.test.mjs— integration tests using a temp git repo fixture (mirror pattern fromscripts/work/state-sync-guard.mjstests)..husky/pre-commit— one added line.
Out of scope
- Sandcastle reviewer prompt integration — Story 06.
--staged-against <base>flag for CI/sandcastle use — added in Story 06 when the reviewer prompt is written.pnpm libs checkergonomic wrapper — deferred per PRD.
Tasks
- Write
scripts/library-decisions/check.mjs(imports schema from Story 01; parsesgit diff --cachedoutput; tier derivation from path; staged-trace presence +decision: approvedcheck; exit-1 report with skill pointer); wire into.husky/pre-commit; writecheck.test.mjsintegration tests with temp git repo fixture covering all 7 cases from Done when; all gates pass on this single commit.