Skip to content

[Extension]: Update DocGuard — CDD Enforcement (v0.31.0) #3401

Description

@raccioly

Extension ID

docguard

Extension Name

DocGuard — CDD Enforcement

Version

0.31.0

Description

The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code — 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.

Author

raccioly

Repository URL

https://github.com/raccioly/docguard

Download URL

https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip

License

MIT

Homepage (optional)

https://www.npmjs.com/package/docguard-cli

Documentation URL (optional)

https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md

Changelog URL (optional)

https://github.com/raccioly/docguard/blob/main/CHANGELOG.md

Required Spec Kit Version

=0.1.0

Required Tools (optional)

- node (>=18.0.0) - required
- npx - required
- specify - optional (auto-initializes the SDD workflow during docguard init)

Number of Commands

6

Number of Hooks (optional)

3

Tags

documentation, validation, quality, cdd, traceability, ai-agents, enforcement, spec-kit

Key Features

  • 19-validator quality gate with severity triage and a remediation plan
  • AI-driven documentation repair with codebase research and validation loops
  • Cross-document semantic consistency analysis (read-only review)
  • CDD maturity score with an ROI-based improvement roadmap
  • Reverse-engineers canonical docs from an existing codebase
  • spec-kit workflow hooks (after_implement, before_tasks, after_tasks)

Testing Checklist

  • Extension installs successfully via download URL
  • All commands execute without errors
  • Documentation is complete and accurate
  • No security vulnerabilities identified
  • Tested on at least one real project

Submission Requirements

  • Valid extension.yml manifest included
  • README.md with installation and usage instructions
  • LICENSE file included
  • GitHub release created with version tag
  • All command files exist and are properly formatted
  • Extension ID follows naming conventions (lowercase-with-hyphens)

Testing Details

Tested on: Linux + macOS with the spec-kit CLI.

Install:

specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip

Scenarios verified:

  1. Extension installs from the release ZIP without manifest validation errors.
  2. All six speckit.docguard.* commands resolve and run.
  3. The three workflow hooks register against spec-kit's lifecycle.

Example Usage

# Install the extension
specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip

# Run the documentation quality gate
/speckit.docguard.guard

Proposed Catalog Entry

{
  "docguard": {
    "name": "DocGuard \u2014 CDD Enforcement",
    "id": "docguard",
    "description": "The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code \u2014 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.",
    "author": "raccioly",
    "version": "0.31.0",
    "download_url": "https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip",
    "repository": "https://github.com/raccioly/docguard",
    "homepage": "https://www.npmjs.com/package/docguard-cli",
    "documentation": "https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md",
    "changelog": "https://github.com/raccioly/docguard/blob/main/CHANGELOG.md",
    "license": "MIT",
    "requires": {
      "speckit_version": ">=0.1.0",
      "tools": [
        {
          "name": "node",
          "version": ">=18.0.0",
          "required": true
        }
      ]
    },
    "provides": {
      "commands": 6,
      "hooks": 3
    },
    "tags": [
      "documentation",
      "validation",
      "quality",
      "cdd",
      "traceability",
      "ai-agents",
      "enforcement",
      "spec-kit"
    ],
    "verified": false,
    "downloads": 0,
    "stars": 0
  }
}

Additional Context

This is an update to an existing catalog entry (docguard) for a new release — please bump the version and download URL on the current entry rather than adding a duplicate.

Release notes (v0.31.0):

Accuracy release — six research-backed detectors that make drift detection
change-aware and language-agnostic, built on one shared diff foundation. Every
new check was empirically tuned read-only against six real production repos
(TypeScript + Python) before shipping; all are deterministic (no LLM at
validation time) and soft (confidence: low, never break CI). Validator count
24 → 27.

Added

  • docguard impact — doc→doc blast radius + agent-instruction files (feat 1).
    Agent-instruction files (AGENTS.md/CLAUDE.md/GEMINI.md) are now indexed, so a
    changed code file they reference is surfaced. New: when a canonical/agent doc
    changes, the docs that reference it — including agent-instruction files — are
    flagged as a "blast radius" ({ changedDocs, blastRadius } in JSON). No
    verified competitor propagates doc staleness across the doc graph. Proven on a
    real repo: an ARCHITECTURE.md change flags the AGENTS.md/CLAUDE.md that cite it.
  • Diff-Suspicion validator (DSP001) (feat 3) — change-driven. A doc that BOTH
    references a code file changed since the ref AND shares domain tokens removed
    in that diff is flagged for review. Deterministic diff-overlap rule
    (arXiv 2010.01625, F1 74.7); path/module refs + domain-token filtering +
    per-doc cap keep it quiet at PR granularity.
  • Reference-Existence validator (REF001) (feat 2) — two-revision check. A
    compound code identifier backticked in a doc that existed when the doc was last
    updated but has ZERO matches at HEAD is flagged as outdated (arXiv 2212.01479).
    In-memory HEAD identifier set + authoritative git-grep confirmation; zero false
    positives across the corpus.
  • API-Doc-Smells validator (APS001 Bloated / APS002 Lazy) (feat 4) —
    deterministic length signals on signature-headed doc units (F1 0.90 / 0.95).
  • IR-based traceability soft-matching (feat 5) — cli/shared-ir.mjs
    (zero-dep TF-IDF + cosine). An untraced requirement now surfaces the
    TF-IDF-closest test file ("X may already cover it — add @Req there"),
    reducing false "no coverage" for tests that lack the annotation.
  • docguard verify --since <ref> — change-aware staging (feat 6). Attaches
    an activity-labeled (ordered replace/delete/add) structured diff to the staged
    agent-judgment tasks and flags which claims are about just-changed code —
    CARL-CCI showed the structured-diff representation drives judgment accuracy
    (arXiv 2512.19883).
  • cli/shared-diff.mjs — zero-dependency unified-diff parser + identifier-
    aware tokenizer + activity-labeled diff, the shared foundation for feats 1/2/3/6.

Fixed

  • hooks crash from a core.hooksPath edge and other pre-ship bugs caught by
    dogfooding DocGuard on itself (a walkFiles-vs-git grep dot-directory
    asymmetry that fabricated reference-existence false positives; a .map(basename)
    index-as-suffix crash in verify).
  • Self-counting consistencycanonical-sync and metrics-consistency now
    agree on the validator count (both 27); a default-off validator previously made
    them disagree.

Changed

  • New validators default ON except where noted; all are soft warnings.
  • README, ARCHITECTURE.md, quickstart, CI-RECIPES, AGENTS.md updated to 27
    validators (historical version-log counts preserved).

Metadata

Metadata

Assignees

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions