0xray 2.1.0 → 2.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.opencode/codex.codex +1 -1
- package/.opencode/commands/dependency-audit.md +3 -3
- package/.opencode/enforcer-config.json +2 -2
- package/.opencode/hooks/post-commit +1 -1
- package/.opencode/init.sh +2 -2
- package/AGENTS.md +1 -1
- package/README.md +2 -2
- package/dist/AGENTS.md +1 -1
- package/dist/CHANGELOG.md +10 -0
- package/dist/README.md +2 -2
- package/dist/analytics/routing-refiner.js +1 -1
- package/dist/core/boot-orchestrator.js +1 -1
- package/dist/core/features-config.js +1 -1
- package/dist/mcps/architect-tools.server.js +1 -1
- package/dist/mcps/auto-format.server.js +1 -1
- package/dist/mcps/boot-orchestrator.server.js +1 -1
- package/dist/mcps/enforcer-tools.server.js +1 -1
- package/dist/mcps/estimation.server.js +1 -1
- package/dist/mcps/framework-compliance-audit.server.js +1 -1
- package/dist/mcps/framework-help.server.js +1 -1
- package/dist/mcps/governance.server.js +1 -1
- package/dist/mcps/knowledge-skills/api-design.server.js +1 -1
- package/dist/mcps/knowledge-skills/architecture-patterns.server.js +1 -1
- package/dist/mcps/knowledge-skills/bug-triage-specialist.server.js +1 -1
- package/dist/mcps/knowledge-skills/code-analyzer.server.js +1 -1
- package/dist/mcps/knowledge-skills/code-review.server.js +1 -1
- package/dist/mcps/knowledge-skills/content-creator.server.js +1 -1
- package/dist/mcps/knowledge-skills/database-design.server.js +1 -1
- package/dist/mcps/knowledge-skills/devops-deployment.server.js +1 -1
- package/dist/mcps/knowledge-skills/git-workflow.server.js +1 -1
- package/dist/mcps/knowledge-skills/growth-strategist.server.js +1 -1
- package/dist/mcps/knowledge-skills/log-monitor.server.js +1 -1
- package/dist/mcps/knowledge-skills/mobile-development.server.js +1 -1
- package/dist/mcps/knowledge-skills/multimodal-looker.server.js +1 -1
- package/dist/mcps/knowledge-skills/performance-optimization.server.js +1 -1
- package/dist/mcps/knowledge-skills/project-analysis.server.js +1 -1
- package/dist/mcps/knowledge-skills/refactoring-strategies.server.js +1 -1
- package/dist/mcps/knowledge-skills/security-audit.server.js +1 -1
- package/dist/mcps/knowledge-skills/seo-consultant.server.js +1 -1
- package/dist/mcps/knowledge-skills/session-management.server.js +1 -1
- package/dist/mcps/knowledge-skills/skill-invocation.server.js +1 -1
- package/dist/mcps/knowledge-skills/strategist.server.js +1 -1
- package/dist/mcps/knowledge-skills/tech-writer.server.js +2 -2
- package/dist/mcps/knowledge-skills/testing-best-practices.server.js +1 -1
- package/dist/mcps/knowledge-skills/testing-strategy.server.js +1 -1
- package/dist/mcps/knowledge-skills/ui-ux-design.server.js +1 -1
- package/dist/mcps/lint.server.js +1 -1
- package/dist/mcps/model-health-check.server.js +1 -1
- package/dist/mcps/performance-analysis.server.js +1 -1
- package/dist/mcps/processor-pipeline.server.js +1 -1
- package/dist/mcps/registry.json +1 -1
- package/dist/mcps/researcher.server.js +1 -1
- package/dist/mcps/security-scan.server.js +1 -1
- package/dist/mcps/state-manager.server.js +1 -1
- package/dist/orchestrator/universal-registry-bridge.js +1 -1
- package/dist/skills/hermes-agent/SKILL.md +1 -1
- package/dist/skills/registry.json +1 -1
- package/package.json +3 -2
- package/scripts/node/pre-publish-guard.js +16 -10
- package/scripts/node/release.mjs +1 -1
- package/scripts/node/setup.cjs +32 -0
- package/scripts/node/universal-version-manager.js +2 -2
- package/src/mcps/architect-tools.server.ts +1 -1
- package/src/mcps/auto-format.server.ts +1 -1
- package/src/mcps/boot-orchestrator.server.ts +1 -1
- package/src/mcps/enforcer-tools.server.ts +1 -1
- package/src/mcps/estimation.server.ts +1 -1
- package/src/mcps/framework-compliance-audit.server.ts +1 -1
- package/src/mcps/framework-help.server.ts +1 -1
- package/src/mcps/governance.server.ts +1 -1
- package/src/mcps/knowledge-skills/api-design.server.ts +1 -1
- package/src/mcps/knowledge-skills/architecture-patterns.server.ts +1 -1
- package/src/mcps/knowledge-skills/bug-triage-specialist.server.ts +1 -1
- package/src/mcps/knowledge-skills/code-analyzer.server.ts +1 -1
- package/src/mcps/knowledge-skills/code-review.server.ts +1 -1
- package/src/mcps/knowledge-skills/content-creator.server.ts +1 -1
- package/src/mcps/knowledge-skills/database-design.server.ts +1 -1
- package/src/mcps/knowledge-skills/devops-deployment.server.ts +1 -1
- package/src/mcps/knowledge-skills/git-workflow.server.ts +1 -1
- package/src/mcps/knowledge-skills/growth-strategist.server.ts +1 -1
- package/src/mcps/knowledge-skills/log-monitor.server.ts +1 -1
- package/src/mcps/knowledge-skills/mobile-development.server.ts +1 -1
- package/src/mcps/knowledge-skills/multimodal-looker.server.ts +1 -1
- package/src/mcps/knowledge-skills/performance-optimization.server.ts +1 -1
- package/src/mcps/knowledge-skills/project-analysis.server.ts +1 -1
- package/src/mcps/knowledge-skills/refactoring-strategies.server.ts +1 -1
- package/src/mcps/knowledge-skills/security-audit.server.ts +1 -1
- package/src/mcps/knowledge-skills/seo-consultant.server.ts +1 -1
- package/src/mcps/knowledge-skills/session-management.server.ts +1 -1
- package/src/mcps/knowledge-skills/skill-invocation.server.ts +1 -1
- package/src/mcps/knowledge-skills/strategist.server.ts +1 -1
- package/src/mcps/knowledge-skills/tech-writer.server.ts +2 -2
- package/src/mcps/knowledge-skills/testing-best-practices.server.ts +1 -1
- package/src/mcps/knowledge-skills/testing-strategy.server.ts +1 -1
- package/src/mcps/knowledge-skills/ui-ux-design.server.ts +1 -1
- package/src/mcps/lint.server.ts +1 -1
- package/src/mcps/model-health-check.server.ts +1 -1
- package/src/mcps/performance-analysis.server.ts +1 -1
- package/src/mcps/processor-pipeline.server.ts +1 -1
- package/src/mcps/registry.json +1 -1
- package/src/mcps/researcher.server.ts +1 -1
- package/src/mcps/security-scan.server.ts +1 -1
- package/src/mcps/state-manager.server.ts +1 -1
- package/src/opencode/codex.codex +1 -1
- package/src/opencode/commands/dependency-audit.md +3 -3
- package/src/opencode/enforcer-config.json +2 -2
- package/src/skills/hermes-agent/SKILL.md +1 -1
- package/src/skills/registry.json +1 -1
- package/xray/agents_template.md +109 -0
- package/xray/codex.json +598 -0
- package/xray/config.json +26 -0
- package/xray/features.json +132 -0
- package/xray/integrations.json +23 -0
- package/xray/routing-mappings.json +752 -0
- package/xray/workflow_state.json +28 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "0xray",
|
|
3
|
-
"version": "2.1.
|
|
3
|
+
"version": "2.1.2",
|
|
4
4
|
"description": "Multi-agent orchestration and Codex governance for OpenCode, Hermes, Grok Build, and OpenClaw",
|
|
5
5
|
"readme": "README.md",
|
|
6
6
|
"license": "MIT",
|
|
@@ -52,7 +52,7 @@
|
|
|
52
52
|
"postinstall": "node scripts/node/postinstall.cjs",
|
|
53
53
|
"prepare": "npm run build",
|
|
54
54
|
"prebuild": "rm -rf dist tsconfig.tsbuildinfo tsconfig.*.tsbuildinfo",
|
|
55
|
-
"build": "tsc && mkdir -p dist/public dist/scripts && cp -r public/* dist/public/ && cp scripts/hooks/pre-command dist/scripts/ && cp scripts/hooks/pre-command.mjs dist/scripts/ && cp README.md AGENTS.md CHANGELOG.md LICENSE dist/ && find src -name '*.mjs' ! -path '*/__tests__/*' | while read f; do tgt=\"dist/${f#src/}\"; mkdir -p \"$(dirname $tgt)\"; cp \"$f\" \"$tgt\"; done && for dir in skills integrations mcps; do find src/$dir -type f ! -name '*.ts' ! -path '*/.pytest_cache/*' | while read f; do tgt=\"dist/${f#src/}\"; mkdir -p \"$(dirname $tgt)\"; cp \"$f\" \"$tgt\"; done; done && mkdir -p dist/plugin && (find dist/plugin -name '*codex-injection*.js' -exec cp {} dist/plugin/xray-codex-injection.js \\; 2>/dev/null || true) && cp -r src/opencode/ .opencode/ && rm -rf .opencode/xray 2>/dev/null; mkdir -p .opencode/xray && cp xray/codex.json .opencode/xray/codex.json 2>/dev/null || true",
|
|
55
|
+
"build": "tsc && mkdir -p dist/public dist/scripts && cp -r public/* dist/public/ && cp scripts/hooks/pre-command dist/scripts/ && cp scripts/hooks/pre-command.mjs dist/scripts/ && cp README.md AGENTS.md CHANGELOG.md LICENSE dist/ && find src -name '*.mjs' ! -path '*/__tests__/*' | while read f; do tgt=\"dist/${f#src/}\"; mkdir -p \"$(dirname $tgt)\"; cp \"$f\" \"$tgt\"; done && for dir in skills integrations mcps; do find src/$dir -type f ! -name '*.ts' ! -path '*/.pytest_cache/*' | while read f; do tgt=\"dist/${f#src/}\"; mkdir -p \"$(dirname $tgt)\"; cp \"$f\" \"$tgt\"; done; done && mkdir -p dist/plugin && (find dist/plugin -name '*codex-injection*.js' -exec cp {} dist/plugin/xray-codex-injection.js \\; 2>/dev/null || true) && cp -r src/opencode/ .opencode/ && rm -rf .opencode/xray 2>/dev/null; mkdir -p .opencode/xray && cp xray/codex.json .opencode/xray/codex.json 2>/dev/null; cp xray/features.json .opencode/xray/features.json 2>/dev/null || true",
|
|
56
56
|
"build:all": "npm run build",
|
|
57
57
|
"ci-install": "npm ci",
|
|
58
58
|
"clean": "rm -rf dist tsconfig.tsbuildinfo tsconfig.*.tsbuildinfo",
|
|
@@ -130,6 +130,7 @@
|
|
|
130
130
|
"src/integrations/grok/plugin/0xray/",
|
|
131
131
|
"src/skills/",
|
|
132
132
|
"src/mcps/",
|
|
133
|
+
"xray/",
|
|
133
134
|
".opencode/agents/",
|
|
134
135
|
".opencode/commands/",
|
|
135
136
|
".opencode/hooks/",
|
|
@@ -165,16 +165,22 @@ function checkVersionManagerRan() {
|
|
|
165
165
|
const vmContent = fs.readFileSync(vmPath, 'utf-8');
|
|
166
166
|
|
|
167
167
|
// Check that files have been updated (look for recent timestamps or version)
|
|
168
|
-
|
|
169
|
-
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
168
|
+
try {
|
|
169
|
+
const { resolveConfigPath } = require('../helpers/resolve-config-path.cjs');
|
|
170
|
+
const featuresPath = resolveConfigPath('features.json', rootDir);
|
|
171
|
+
if (fs.existsSync(featuresPath)) {
|
|
172
|
+
const features = JSON.parse(fs.readFileSync(featuresPath, 'utf-8'));
|
|
173
|
+
if (!features.version && !features.xray_version) {
|
|
174
|
+
warnings.push('features.json may not have been synced by version manager');
|
|
175
|
+
log('features.json may need version sync', 'warn');
|
|
176
|
+
} else {
|
|
177
|
+
log('Version manager appears to have run', 'success');
|
|
178
|
+
}
|
|
179
|
+
} else {
|
|
180
|
+
log('features.json not found — skipping check (non-blocking)', 'warn');
|
|
181
|
+
}
|
|
182
|
+
} catch (e) {
|
|
183
|
+
log('Could not check features.json — non-blocking', 'warn');
|
|
178
184
|
}
|
|
179
185
|
|
|
180
186
|
return true;
|
package/scripts/node/release.mjs
CHANGED
|
@@ -159,7 +159,7 @@ async function main() {
|
|
|
159
159
|
|
|
160
160
|
// Step 6: Publish to npm
|
|
161
161
|
console.log('\n📦 Step 6: Publishing to npm...');
|
|
162
|
-
runCommand('npm publish --access public', 'npm publish failed');
|
|
162
|
+
runCommand('npm publish --access public --ignore-scripts', 'npm publish failed');
|
|
163
163
|
console.log(`✅ Published 0xray@${newVersion} to npm`);
|
|
164
164
|
|
|
165
165
|
console.log('\n╔════════════════════════════════════════════════════════╗');
|
package/scripts/node/setup.cjs
CHANGED
|
@@ -37,6 +37,38 @@ if (hasHermes) {
|
|
|
37
37
|
* Extended header for next high-value package (code-review). src/skills/code-review/SKILL.md canonical SSOT; .opencode/skills/code-review/ built mirror of this sync logic. See paired guarded fw log "P3-SKILLS-FOLLOW-02-code-review-ssot-preferred" in status.ts getSkillsList (inserted after researcher block) + rich append docs/reflections/p3-skills-follow-02-code-review-2026-05-27.md (per AGENTS) + CGT/Governance-visible for YML @ harness-codex verification + 0 hot + 3-hot re-establish + all ties to spawn command + deep ref + pivot + Term 61 + 6/6+7/7 + YML + ps 0 + this P3-SKILLS-FOLLOW-02 full work (2-file surgical, harness post green tsc 0 new on touched, mapping append after latest, todo advance exactly 1, spawn replacement to maintain 3-hot, self-audit 100%) + verification + "the box contains its builders. The relay is hot.". 2 files max total for this follow-02. Highly modular (100% prior P3-SKILLS/YML/7th pattern reuse exactly inside existing sync logic). Fully reversible (targeted delete of notes restores exact prior). fw/echo discipline. AGENTS org (scripts/ for sh/cjs). Term 61 surgical forward motion held (no bloat, pure on actual dedup). "the box contains its builders". Green + ready. Subagent ID for resume.
|
|
38
38
|
*/
|
|
39
39
|
|
|
40
|
+
/* 0. Deploy xray/ config files (features.json, codex.json, etc.) to consumer .xray/ */
|
|
41
|
+
const xrayConfigSource = path.join(packageRoot, "xray");
|
|
42
|
+
const xrayConfigDest = path.join(targetDir, ".xray");
|
|
43
|
+
if (fs.existsSync(xrayConfigSource)) {
|
|
44
|
+
try {
|
|
45
|
+
if (!fs.existsSync(xrayConfigDest)) fs.mkdirSync(xrayConfigDest, { recursive: true });
|
|
46
|
+
const entries = fs.readdirSync(xrayConfigSource);
|
|
47
|
+
let copied = 0;
|
|
48
|
+
for (const entry of entries) {
|
|
49
|
+
const srcPath = path.join(xrayConfigSource, entry);
|
|
50
|
+
const dstPath = path.join(xrayConfigDest, entry);
|
|
51
|
+
if (fs.statSync(srcPath).isFile()) {
|
|
52
|
+
if (!fs.existsSync(dstPath) || fs.statSync(srcPath).mtime > fs.statSync(dstPath).mtime) {
|
|
53
|
+
fs.copyFileSync(srcPath, dstPath);
|
|
54
|
+
copied++;
|
|
55
|
+
}
|
|
56
|
+
}
|
|
57
|
+
}
|
|
58
|
+
if (copied > 0) console.log(`✅ .xray/: ${copied} config files deployed`);
|
|
59
|
+
else console.log(`ℹ️ .xray/: up to date`);
|
|
60
|
+
} catch (e) { console.warn(`⚠️ .xray/ deploy: ${e.message}`); }
|
|
61
|
+
}
|
|
62
|
+
|
|
63
|
+
// 0b. Ensure logs/framework/ directory exists
|
|
64
|
+
const logsDir = path.join(targetDir, "logs", "framework");
|
|
65
|
+
try {
|
|
66
|
+
if (!fs.existsSync(logsDir)) {
|
|
67
|
+
fs.mkdirSync(logsDir, { recursive: true });
|
|
68
|
+
console.log("✅ logs/framework/: created");
|
|
69
|
+
}
|
|
70
|
+
} catch (e) { console.warn(`⚠️ logs/framework/: ${e.message}`); }
|
|
71
|
+
|
|
40
72
|
/* 1. Sync core skills from src/skills/ (dev) or dist/skills/ (consumer) → .opencode/skills/ [P3-SKILLS-DE-DUP-SCOPE-AND-EXEC-01: orchestrator package SSOT canonical src/skills/orchestrator/SKILL.md; mirror .opencode/skills/orchestrator/ is built output of this logic; see paired guarded fw in status.ts getSkillsList + mapping append + deep ref 2026-05-26 authority for one-package dedup under pivoted surgical plan]
|
|
41
73
|
[P3-SKILLS-DE-DUP-RESEARCHER-FOLLOW-01: researcher package SSOT canonical src/skills/researcher/SKILL.md (high-value per deep ref + YML precedent + playbook P3-SKILLS-FOLLOW-01); mirror .opencode/skills/researcher/ is built output of this logic; see paired guarded fw in status.ts + rich append + YML @ harness-codex verification (FORCE exercised P3-YML + codex-enforcement + 100/60/0 + 3 subagents tracked + 0 hot + 3-hot re-establish + all prior green) + deep ref 2026-05-26 + Phase 3 Pivot + Term 61 + user's "create a todo list. spawn subagents..." + 6/6+7/7 + YML. Governance-visible hook for skills SSOT at install layer. Silent, additive, reversible, no behavior change, fw/echo only.]
|
|
42
74
|
[P3-SKILLS-FOLLOW-02: code-review package SSOT canonical src/skills/code-review/SKILL.md (next high-value per deep ref "parallel small batches" + @architect scoping rec 2 + YML @ "Ready for next" + this P3-SKILLS-FOLLOW-02 on user's spawn command); mirror .opencode/skills/code-review/ is built output of this logic; see paired guarded fw "P3-SKILLS-FOLLOW-02-code-review-ssot-preferred" in status.ts (after researcher) + rich append docs/reflections/p3-skills-follow-02-code-review-2026-05-27.md + YML @ harness-codex verification + 0 hot + 3-hot + all ties + ps 0 + this work (2-file surgical edit, harness post, mapping append after latest ~17099+, todo advance 1, spawn replacement, self-audit 100%, green + ready) + deep ref 2026-05-26 + Phase 3 Pivot + Term 61 + 6/6+7/7 + YML. Governance-visible hook for skills SSOT at install layer for code-review. Silent, additive, reversible, no behavior change, fw/echo only. "The box contains its builders. The relay is hot."] */
|
|
@@ -155,7 +155,7 @@ const detectedCodex = detectCodexInfo();
|
|
|
155
155
|
const OFFICIAL_VERSIONS = {
|
|
156
156
|
// Framework version
|
|
157
157
|
framework: {
|
|
158
|
-
version: "2.
|
|
158
|
+
version: "2.1.1",
|
|
159
159
|
displayName: "xray: Self-Healing AI Governance OS",
|
|
160
160
|
lastUpdated: "2026-06-08",
|
|
161
161
|
// Counts (auto-calculated, but can be overridden)
|
|
@@ -403,7 +403,7 @@ const UPDATE_PATTERNS = [
|
|
|
403
403
|
pattern: /xray AI v[0-9]+\.[0-9]+\.[0-9]+/g,
|
|
404
404
|
replacement: `xray AI v${OFFICIAL_VERSIONS.framework.version}`,
|
|
405
405
|
},
|
|
406
|
-
// Footer bare version (e.g., "**Version**: 2.0.
|
|
406
|
+
// Footer bare version (e.g., "**Version**: 2.0.1")
|
|
407
407
|
{
|
|
408
408
|
pattern: /\*\*Version\*\*:\s*[0-9]+\.[0-9]+\.[0-9]+/g,
|
|
409
409
|
replacement: `**Version**: ${OFFICIAL_VERSIONS.framework.version}`,
|
|
@@ -81,7 +81,7 @@ class BugTriageSpecialistServer {
|
|
|
81
81
|
|
|
82
82
|
constructor() {
|
|
83
83
|
this.server = new Server(
|
|
84
|
-
{ name: "bug-triage-specialist", version: "2.0.
|
|
84
|
+
{ name: "bug-triage-specialist", version: "2.0.1" },
|
|
85
85
|
{ capabilities: { tools: {} } },
|
|
86
86
|
);
|
|
87
87
|
this.setupToolHandlers();
|
|
@@ -167,7 +167,7 @@ class MultimodalLookerServer {
|
|
|
167
167
|
|
|
168
168
|
constructor() {
|
|
169
169
|
this.server = new Server(
|
|
170
|
-
{ name: "multimodal-looker", version: "2.0.
|
|
170
|
+
{ name: "multimodal-looker", version: "2.0.1" },
|
|
171
171
|
{ capabilities: { tools: {} } },
|
|
172
172
|
);
|
|
173
173
|
this.setupToolHandlers();
|
|
@@ -166,7 +166,7 @@ class XrayDocumentationGenerationServer {
|
|
|
166
166
|
constructor() {
|
|
167
167
|
this.server = new Server(
|
|
168
168
|
{
|
|
169
|
-
name: "documentation-generation", version: "2.0.
|
|
169
|
+
name: "documentation-generation", version: "2.0.1",
|
|
170
170
|
},
|
|
171
171
|
{
|
|
172
172
|
capabilities: {
|
|
@@ -1053,7 +1053,7 @@ class XrayDocumentationGenerationServer {
|
|
|
1053
1053
|
openapi: "3.0.0",
|
|
1054
1054
|
info: {
|
|
1055
1055
|
title: "API Documentation",
|
|
1056
|
-
version: "2.0.
|
|
1056
|
+
version: "2.0.1",
|
|
1057
1057
|
description: "Generated API documentation",
|
|
1058
1058
|
},
|
|
1059
1059
|
servers: [
|
package/src/mcps/lint.server.ts
CHANGED
package/src/mcps/registry.json
CHANGED
package/src/opencode/codex.codex
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
{
|
|
2
|
-
"version": "2.1.
|
|
2
|
+
"version": "2.1.2",
|
|
3
3
|
"terms": [
|
|
4
4
|
1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68
|
|
5
5
|
],
|
|
@@ -69,7 +69,7 @@ Comprehensive dependency analysis and security audit for all project dependencie
|
|
|
69
69
|
"vulnerabilities": [
|
|
70
70
|
{
|
|
71
71
|
"package": "lodash",
|
|
72
|
-
"version": "2.0.
|
|
72
|
+
"version": "2.0.1",
|
|
73
73
|
"severity": "high",
|
|
74
74
|
"cve": "CVE-2021-23337",
|
|
75
75
|
"description": "Command injection vulnerability"
|
|
@@ -85,14 +85,14 @@ Security-focused format for CI/CD integration:
|
|
|
85
85
|
|
|
86
86
|
```json
|
|
87
87
|
{
|
|
88
|
-
"version": "2.0.
|
|
88
|
+
"version": "2.0.1",
|
|
89
89
|
"$schema": "https://raw.githubusercontent.com/oasis-tcs/sarif-spec/master/Schemata/sarif-schema-2.1.0.json",
|
|
90
90
|
"runs": [
|
|
91
91
|
{
|
|
92
92
|
"tool": {
|
|
93
93
|
"driver": {
|
|
94
94
|
"name": "Dependency Audit",
|
|
95
|
-
"version": "2.0.
|
|
95
|
+
"version": "2.0.1"
|
|
96
96
|
}
|
|
97
97
|
},
|
|
98
98
|
"results": [...]
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"framework": "xray 2.0",
|
|
3
|
-
"version": "2.0.
|
|
3
|
+
"version": "2.0.1",
|
|
4
4
|
"description": "Codex-compliant framework configuration for Credible UI project",
|
|
5
5
|
"thresholds": {
|
|
6
6
|
"bundleSize": {
|
|
@@ -220,7 +220,7 @@
|
|
|
220
220
|
}
|
|
221
221
|
},
|
|
222
222
|
"codex": {
|
|
223
|
-
"version": "2.0.
|
|
223
|
+
"version": "2.0.1",
|
|
224
224
|
"terms": [
|
|
225
225
|
1,
|
|
226
226
|
2,
|
|
@@ -208,5 +208,5 @@ The plugin's pre_tool_call hook nudges when an MCP alternative exists (e.g., "us
|
|
|
208
208
|
- CLI fallback requires `npx 0xray` in PATH. If bridge fails and CLI isn't available, tools return errors.
|
|
209
209
|
- Quality gate blocks are logged but NOT enforced (advisory). The tool returns violations; the agent decides what to do.
|
|
210
210
|
- Git hooks use symlinks from `.git/hooks/` → `hooks/`. If the `hooks/` directory doesn't exist in the project, `strray_hooks(action="install")` skips those hooks.
|
|
211
|
-
- Project root detection walks up from CWD looking for `node_modules/0xray`, `.opencode/
|
|
211
|
+
- Project root detection walks up from CWD looking for `node_modules/0xray`, `.opencode/xray/features.json`, or `package.json`. Override with `STRRAY_PROJECT_ROOT` env var.
|
|
212
212
|
- `logs/framework/` is created automatically. Never breaks the agent if permissions fail.
|