arborist-cli 0.2.0

CLI for arborist-metrics: cognitive/cyclomatic complexity and SLOC metrics
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# DevTrail - Claude Code Configuration

<!-- devtrail:begin -->
> **Read and follow the rules in [DEVTRAIL.md](DEVTRAIL.md).**
> That file contains all DevTrail documentation governance rules for this project.
<!-- devtrail:end -->

---

## Autonomous Rules (minimum viable — works without DEVTRAIL.md)

### Identity
- Always identify yourself as `claude-code-v{version}` in the `agent:` field
- Declare confidence: `high | medium | low`

### Review Requirements
- ETH, ADR, SEC, MCARD, DPIA → always `review_required: true`
- `risk_level: high | critical` → always `review_required: true`

### Prohibited
- Never document credentials, tokens, API keys, or PII in document content

### Git Operations

- **NEVER commit directly to `main`** — all changes go through branches + PRs
- Branch prefixes: `feature/`, `feat/`, `fix/`, `hotfix/`, `docs/`, `refactor/`, `test/`
- Use conventional commits: `feat:`, `fix:`, `docs:`, `refactor:`, `chore:`, `test:`, `perf:`
- Full strategy: `.devtrail/00-governance/GIT-BRANCHING-STRATEGY.md`

### Pre-commit Checklist

Before committing, check:
- [ ] Changed auth/PII/security code? → Create AILOG (`risk_level: high`) + ETH draft
- [ ] Complex code change? → Run `devtrail analyze <changed-files> --output json`; if `above_threshold > 0` create AILOG (fallback if CLI unavailable: >20 lines)
- [ ] Chose between 2+ alternatives? → Create AIDEC
- [ ] Changed public API or DB schema? → Create AILOG + consider ADR
- [ ] Changed ML model/prompts? → Create AILOG + human review
- [ ] Changed OTel instrumentation? → Create AILOG + tag `observabilidad`

### Regulatory Frontmatter Snippet

When creating documents for AI-related changes, include applicable fields:

```yaml
eu_ai_act_risk: not_applicable  # unacceptable | high | limited | minimal | not_applicable
nist_genai_risks: []            # privacy | bias | confabulation | cbrn | dangerous_content | environmental | human_ai_config | information_integrity | information_security | intellectual_property | obscene_content | value_chain
iso_42001_clause: []            # 4 | 5 | 6 | 7 | 8 | 9 | 10
```

### NIST AI 600-1 Risk Categories (quick reference)

1. CBRN Information — 2. Confabulation — 3. Dangerous Content — 4. Data Privacy — 5. Environmental — 6. Harmful Bias — 7. Human-AI Config — 8. Information Integrity — 9. Information Security — 10. Intellectual Property — 11. Obscene Content — 12. Value Chain

### Observability Rule

Do not capture PII, tokens, or secrets in OTel attributes or logs. Record instrumentation pipeline changes (new spans, changed attributes, Collector configuration) in AILOG with tag `observabilidad`.

---

*DevTrail | [Strange Days Tech](https://strangedays.tech) — Because every change tells a story.*

## Active Technologies
- Rust, Edition 2024 + `arborist-metrics` (analysis), `clap` (argument parsing), `serde`/`serde_json` (JSON output), `ignore` (directory traversal + gitignore), `thiserror` (error types) (001-core-cli-mvp)
- N/A — stateless CLI, no persistence (001-core-cli-mvp)

## Recent Changes
- 001-core-cli-mvp: Added Rust, Edition 2024 + `arborist-metrics` (analysis), `clap` (argument parsing), `serde`/`serde_json` (JSON output), `ignore` (directory traversal + gitignore), `thiserror` (error types)