Skip to content

[Extension]: Update DocGuard — CDD Enforcement (v0.30.0) #3355

Description

@raccioly

Extension ID

docguard

Extension Name

DocGuard — CDD Enforcement

Version

0.30.0

Description

The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code — 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.

Author

raccioly

Repository URL

https://github.com/raccioly/docguard

Download URL

https://github.com/raccioly/docguard/releases/download/v0.30.0/spec-kit-docguard-v0.30.0.zip

License

MIT

Homepage (optional)

https://www.npmjs.com/package/docguard-cli

Documentation URL (optional)

https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md

Changelog URL (optional)

https://github.com/raccioly/docguard/blob/main/CHANGELOG.md

Required Spec Kit Version

=0.1.0

Required Tools (optional)

- node (>=18.0.0) - required
- npx - required
- specify - optional (auto-initializes the SDD workflow during docguard init)

Number of Commands

6

Number of Hooks (optional)

3

Tags

documentation, validation, quality, cdd, traceability, ai-agents, enforcement, spec-kit

Key Features

  • 19-validator quality gate with severity triage and a remediation plan
  • AI-driven documentation repair with codebase research and validation loops
  • Cross-document semantic consistency analysis (read-only review)
  • CDD maturity score with an ROI-based improvement roadmap
  • Reverse-engineers canonical docs from an existing codebase
  • spec-kit workflow hooks (after_implement, before_tasks, after_tasks)

Testing Checklist

  • Extension installs successfully via download URL
  • All commands execute without errors
  • Documentation is complete and accurate
  • No security vulnerabilities identified
  • Tested on at least one real project

Submission Requirements

  • Valid extension.yml manifest included
  • README.md with installation and usage instructions
  • LICENSE file included
  • GitHub release created with version tag
  • All command files exist and are properly formatted
  • Extension ID follows naming conventions (lowercase-with-hyphens)

Testing Details

Tested on: Linux + macOS with the spec-kit CLI.

Install:

specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.30.0/spec-kit-docguard-v0.30.0.zip

Scenarios verified:

  1. Extension installs from the release ZIP without manifest validation errors.
  2. All six speckit.docguard.* commands resolve and run.
  3. The three workflow hooks register against spec-kit's lifecycle.

Example Usage

# Install the extension
specify extension add docguard --from https://github.com/raccioly/docguard/releases/download/v0.30.0/spec-kit-docguard-v0.30.0.zip

# Run the documentation quality gate
/speckit.docguard.guard

Proposed Catalog Entry

{
  "docguard": {
    "name": "DocGuard \u2014 CDD Enforcement",
    "id": "docguard",
    "description": "The only doc-integrity engine with an MCP server, SARIF output, and a deterministic zero-LLM core. Validates, scores, and traces documentation against code \u2014 24 validators, stable finding codes, GitHub Action with PR annotations, spec-kit hooks. Pure Node.js, one pinned dep.",
    "author": "raccioly",
    "version": "0.30.0",
    "download_url": "https://github.com/raccioly/docguard/releases/download/v0.30.0/spec-kit-docguard-v0.30.0.zip",
    "repository": "https://github.com/raccioly/docguard",
    "homepage": "https://www.npmjs.com/package/docguard-cli",
    "documentation": "https://github.com/raccioly/docguard/blob/main/extensions/spec-kit-docguard/README.md",
    "changelog": "https://github.com/raccioly/docguard/blob/main/CHANGELOG.md",
    "license": "MIT",
    "requires": {
      "speckit_version": ">=0.1.0",
      "tools": [
        {
          "name": "node",
          "version": ">=18.0.0",
          "required": true
        }
      ]
    },
    "provides": {
      "commands": 6,
      "hooks": 3
    },
    "tags": [
      "documentation",
      "validation",
      "quality",
      "cdd",
      "traceability",
      "ai-agents",
      "enforcement",
      "spec-kit"
    ],
    "verified": false,
    "downloads": 0,
    "stars": 0
  }
}

Additional Context

This is an update to an existing catalog entry (docguard) for a new release — please bump the version and download URL on the current entry rather than adding a duplicate.

Release notes (v0.30.0):

Competitive-adoption batch (from the spec-kit catalog scan — the best ideas of
45 doc/validation extensions, rebuilt on DocGuard's deterministic engine) plus
the distribution-channel expansion.

Added

  • Spec-Kit: phantom-completion detection (SPK008/SPK009) — tasks marked
    [x] in tasks.md whose named deliverables don't exist and carry no
    implementation evidence (repo file names, code symbols, plan/spec artifacts,
    task-ID annotations, git log) are flagged, capped at 10 per run with an
    elision note. A checked task with no artifact is memory corruption for
    agents. Precision-first: calibrated against this repo's own 57 checked tasks
    (0 false positives) — prose-only and ID-only tasks are never accused. Opt
    out via specKit.phantomCheck: false.
  • verify --instructions — agent-instruction drift audit (MemoryLint-
    inspired). Extracts imperative rules from AGENTS.md/CLAUDE.md, flags exact
    duplicates, never-vs-always contradiction pairs, stale file pointers, and
    unknown docguard command references deterministically, then stages
    topically-clustered rule pairs (cross-file prioritized, capped 40) as agent
    judgment tasks — the same extraction/judgment split as verify --semantic.
    Mirrors generated by agents --sync are skipped. Dogfooded: found a real
    stale pointer in DocGuard's own AGENTS.md on first run (fixed).
  • trace --features — per-feature spec-adherence report (retrospective-
    inspired). Every spec-kit feature scored individually: requirement-ID test
    coverage (40%), task completion (25%), checked-task file evidence (20%),
    artifact completeness (15%) — graded A–F, worst-first, one fix hint each;
    unmeasurable signals are neutral (weights renormalize), never punitive.
    --format json for CI.
  • Distribution channels.pre-commit-hooks.yaml (validated with the
    official pre-commit validator; changed-only guard per commit + full guard
    for pre-push), official MCP Registry manifest (server.json, 2025-12-11
    schema, ajv-validated; mcpName ownership proof added to package.json),
    Smithery config, GitLab CI/CD Catalog component
    (templates/ci/gitlab-component.yml, SARIF artifact), Homebrew formula with
    the real npm-tarball sha256 (packaging/homebrew/), and a full submission
    playbook (packaging/submissions.md). awesome-mcp-servers listing PR
    submitted upstream.

Changed

  • The spec-kit catalog submission description (next release's prefill) now
    leads with the differentiators: MCP server, SARIF output, deterministic
    zero-LLM core, 24 validators with stable finding codes.
  • README: verify --instructions / trace --features / integrate-via
    pre-commit/MCP/GitLab/Homebrew rows; the long-shipped Mermaid ER-diagram
    generation is finally documented.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions