CrumdBob — Flight Recorder for IBM Bob

CrumdBob is the missing flight recorder for IBM Bob development sessions. Every Bob run learns the codebase from scratch. That insight evaporates the moment the session ends, and the next agent — or human — has to rediscover the same files, risks, and architectural seams. CrumdBob turns every Bob session into a deterministic, hash-bound, replayable memory pack. Run `crumdbob pack` on a Bob report and you get nine CRUMB v1.4 files: a repo genome, flight recorder, next task, test plan, risk register, agent passport, replay prompt, PR summary, and a SHA-256 proof chain binding them all to the source. Any future agent — Bob, Claude, GPT, or a human — can `crumdbob replay` to resume with full prior context instead of rebuilding it. What's inside: • Multi-session SQLite memory with forward-only migrations, recurring-risk detection across sessions, file-coupling analysis, and predictive impact scoring on planned changes. • FastAPI dashboard with seven views (overview, sessions, insights, patterns, risks, trends, NL query). XSS-proof by construction — every render path uses DOM APIs, never innerHTML. • Rich terminal UI for eight commands with plain-text fallback. LLM integration via OpenAI and Anthropic, with response caching. • Enterprise observability: structured JSON logging with request-ID context vars, Prometheus /metrics, optional API-key auth, token-bucket per-IP rate limiting, OWASP security headers (CSP/HSTS/X-Frame), tamper-evident audit log, sanitized errors with correlation IDs. • Multi-stage Dockerfile (~110 MB, non-root, read-only root FS, dropped capabilities), GitHub Actions matrix across Python 3.10–3.13 on Linux and macOS, pre-commit gates for ruff, mypy, bandit, and pip-audit. 290 tests passing, 64.9% coverage, zero high-severity findings, zero known-vulnerable dependencies. CrumdBob makes "the AI already knows your codebase" actually mean something.