Extension ID
docguard
Extension Name
DocGuard — CDD Enforcement
Version
0.31.0
Description
The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code — 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.
Author
raccioly
Repository URL
https://github.com/raccioly/docguard
Download URL
https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip
License
MIT
Homepage (optional)
https://www.npmjs.com/package/docguard-cli
Documentation URL (optional)
https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md
Changelog URL (optional)
https://github.com/raccioly/docguard/blob/main/CHANGELOG.md
Required Spec Kit Version
=0.1.0
Required Tools (optional)
- node (>=18.0.0) - required
- npx - required
- specify - optional (auto-initializes the SDD workflow during docguard init)
Number of Commands
6
Number of Hooks (optional)
3
Tags
documentation, validation, quality, cdd, traceability, ai-agents, enforcement, spec-kit
Key Features
- 19-validator quality gate with severity triage and a remediation plan
- AI-driven documentation repair with codebase research and validation loops
- Cross-document semantic consistency analysis (read-only review)
- CDD maturity score with an ROI-based improvement roadmap
- Reverse-engineers canonical docs from an existing codebase
- spec-kit workflow hooks (after_implement, before_tasks, after_tasks)
Testing Checklist
Submission Requirements
Testing Details
Tested on: Linux + macOS with the spec-kit CLI.
Install:
specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip
Scenarios verified:
- Extension installs from the release ZIP without manifest validation errors.
- All six
speckit.docguard.* commands resolve and run.
- The three workflow hooks register against spec-kit's lifecycle.
Example Usage
# Install the extension
specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip
# Run the documentation quality gate
/speckit.docguard.guard
Proposed Catalog Entry
{
"docguard": {
"name": "DocGuard \u2014 CDD Enforcement",
"id": "docguard",
"description": "The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code \u2014 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.",
"author": "raccioly",
"version": "0.31.0",
"download_url": "https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip",
"repository": "https://github.com/raccioly/docguard",
"homepage": "https://www.npmjs.com/package/docguard-cli",
"documentation": "https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md",
"changelog": "https://github.com/raccioly/docguard/blob/main/CHANGELOG.md",
"license": "MIT",
"requires": {
"speckit_version": ">=0.1.0",
"tools": [
{
"name": "node",
"version": ">=18.0.0",
"required": true
}
]
},
"provides": {
"commands": 6,
"hooks": 3
},
"tags": [
"documentation",
"validation",
"quality",
"cdd",
"traceability",
"ai-agents",
"enforcement",
"spec-kit"
],
"verified": false,
"downloads": 0,
"stars": 0
}
}
Additional Context
This is an update to an existing catalog entry (docguard) for a new release — please bump the version and download URL on the current entry rather than adding a duplicate.
Release notes (v0.31.0):
Accuracy release — six research-backed detectors that make drift detection
change-aware and language-agnostic, built on one shared diff foundation. Every
new check was empirically tuned read-only against six real production repos
(TypeScript + Python) before shipping; all are deterministic (no LLM at
validation time) and soft (confidence: low, never break CI). Validator count
24 → 27.
Added
docguard impact — doc→doc blast radius + agent-instruction files (feat 1).
Agent-instruction files (AGENTS.md/CLAUDE.md/GEMINI.md) are now indexed, so a
changed code file they reference is surfaced. New: when a canonical/agent doc
changes, the docs that reference it — including agent-instruction files — are
flagged as a "blast radius" ({ changedDocs, blastRadius } in JSON). No
verified competitor propagates doc staleness across the doc graph. Proven on a
real repo: an ARCHITECTURE.md change flags the AGENTS.md/CLAUDE.md that cite it.
- Diff-Suspicion validator (DSP001) (feat 3) — change-driven. A doc that BOTH
references a code file changed since the ref AND shares domain tokens removed
in that diff is flagged for review. Deterministic diff-overlap rule
(arXiv 2010.01625, F1 74.7); path/module refs + domain-token filtering +
per-doc cap keep it quiet at PR granularity.
- Reference-Existence validator (REF001) (feat 2) — two-revision check. A
compound code identifier backticked in a doc that existed when the doc was last
updated but has ZERO matches at HEAD is flagged as outdated (arXiv 2212.01479).
In-memory HEAD identifier set + authoritative git-grep confirmation; zero false
positives across the corpus.
- API-Doc-Smells validator (APS001 Bloated / APS002 Lazy) (feat 4) —
deterministic length signals on signature-headed doc units (F1 0.90 / 0.95).
- IR-based traceability soft-matching (feat 5) —
cli/shared-ir.mjs
(zero-dep TF-IDF + cosine). An untraced requirement now surfaces the
TF-IDF-closest test file ("X may already cover it — add @Req there"),
reducing false "no coverage" for tests that lack the annotation.
docguard verify --since <ref> — change-aware staging (feat 6). Attaches
an activity-labeled (ordered replace/delete/add) structured diff to the staged
agent-judgment tasks and flags which claims are about just-changed code —
CARL-CCI showed the structured-diff representation drives judgment accuracy
(arXiv 2512.19883).
cli/shared-diff.mjs — zero-dependency unified-diff parser + identifier-
aware tokenizer + activity-labeled diff, the shared foundation for feats 1/2/3/6.
Fixed
hooks crash from a core.hooksPath edge and other pre-ship bugs caught by
dogfooding DocGuard on itself (a walkFiles-vs-git grep dot-directory
asymmetry that fabricated reference-existence false positives; a .map(basename)
index-as-suffix crash in verify).
- Self-counting consistency —
canonical-sync and metrics-consistency now
agree on the validator count (both 27); a default-off validator previously made
them disagree.
Changed
- New validators default ON except where noted; all are soft warnings.
- README, ARCHITECTURE.md, quickstart, CI-RECIPES, AGENTS.md updated to 27
validators (historical version-log counts preserved).
Extension ID
docguard
Extension Name
DocGuard — CDD Enforcement
Version
0.31.0
Description
The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code — 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.
Author
raccioly
Repository URL
https://github.com/raccioly/docguard
Download URL
https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip
License
MIT
Homepage (optional)
https://www.npmjs.com/package/docguard-cli
Documentation URL (optional)
https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md
Changelog URL (optional)
https://github.com/raccioly/docguard/blob/main/CHANGELOG.md
Required Spec Kit Version
Required Tools (optional)
Number of Commands
6
Number of Hooks (optional)
3
Tags
documentation, validation, quality, cdd, traceability, ai-agents, enforcement, spec-kit
Key Features
Testing Checklist
Submission Requirements
extension.ymlmanifest includedTesting Details
Tested on: Linux + macOS with the spec-kit CLI.
Install:
Scenarios verified:
speckit.docguard.*commands resolve and run.Example Usage
Proposed Catalog Entry
{ "docguard": { "name": "DocGuard \u2014 CDD Enforcement", "id": "docguard", "description": "The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code \u2014 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.", "author": "raccioly", "version": "0.31.0", "download_url": "https://github.com/raccioly/docguard/releases/download/v0.31.0/spec-kit-docguard-v0.31.0.zip", "repository": "https://github.com/raccioly/docguard", "homepage": "https://www.npmjs.com/package/docguard-cli", "documentation": "https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md", "changelog": "https://github.com/raccioly/docguard/blob/main/CHANGELOG.md", "license": "MIT", "requires": { "speckit_version": ">=0.1.0", "tools": [ { "name": "node", "version": ">=18.0.0", "required": true } ] }, "provides": { "commands": 6, "hooks": 3 }, "tags": [ "documentation", "validation", "quality", "cdd", "traceability", "ai-agents", "enforcement", "spec-kit" ], "verified": false, "downloads": 0, "stars": 0 } }Additional Context
This is an update to an existing catalog entry (
docguard) for a new release — please bump the version and download URL on the current entry rather than adding a duplicate.Release notes (v0.31.0):
Accuracy release — six research-backed detectors that make drift detection
change-aware and language-agnostic, built on one shared diff foundation. Every
new check was empirically tuned read-only against six real production repos
(TypeScript + Python) before shipping; all are deterministic (no LLM at
validation time) and soft (
confidence: low, never break CI). Validator count24 → 27.
Added
docguard impact— doc→doc blast radius + agent-instruction files (feat 1).Agent-instruction files (AGENTS.md/CLAUDE.md/GEMINI.md) are now indexed, so a
changed code file they reference is surfaced. New: when a canonical/agent doc
changes, the docs that reference it — including agent-instruction files — are
flagged as a "blast radius" (
{ changedDocs, blastRadius }in JSON). Noverified competitor propagates doc staleness across the doc graph. Proven on a
real repo: an ARCHITECTURE.md change flags the AGENTS.md/CLAUDE.md that cite it.
references a code file changed since the ref AND shares domain tokens removed
in that diff is flagged for review. Deterministic diff-overlap rule
(arXiv 2010.01625, F1 74.7); path/module refs + domain-token filtering +
per-doc cap keep it quiet at PR granularity.
compound code identifier backticked in a doc that existed when the doc was last
updated but has ZERO matches at HEAD is flagged as outdated (arXiv 2212.01479).
In-memory HEAD identifier set + authoritative git-grep confirmation; zero false
positives across the corpus.
deterministic length signals on signature-headed doc units (F1 0.90 / 0.95).
cli/shared-ir.mjs(zero-dep TF-IDF + cosine). An untraced requirement now surfaces the
TF-IDF-closest test file ("X may already cover it — add @Req there"),
reducing false "no coverage" for tests that lack the annotation.
docguard verify --since <ref>— change-aware staging (feat 6). Attachesan activity-labeled (ordered replace/delete/add) structured diff to the staged
agent-judgment tasks and flags which claims are about just-changed code —
CARL-CCI showed the structured-diff representation drives judgment accuracy
(arXiv 2512.19883).
cli/shared-diff.mjs— zero-dependency unified-diff parser + identifier-aware tokenizer + activity-labeled diff, the shared foundation for feats 1/2/3/6.
Fixed
hookscrash from acore.hooksPathedge and other pre-ship bugs caught bydogfooding DocGuard on itself (a
walkFiles-vs-git grepdot-directoryasymmetry that fabricated reference-existence false positives; a
.map(basename)index-as-suffix crash in verify).
canonical-syncandmetrics-consistencynowagree on the validator count (both 27); a default-off validator previously made
them disagree.
Changed
validators (historical version-log counts preserved).