@checkmarkdevtools/commitlint-plugin-rai 0.0.0 → 0.1.2

package/CHANGELOG.md

@@ -0,0 +1,76 @@
+# Changelog
+
+All notable changes to `@checkmarkdevtools/commitlint-plugin-rai` are documented here so I don’t have to rely on vibes, memory, or aggressively scrolling Git history later, because I promise you I will not remember why I did this six months from now.
+
+> [!TIP]
+> I did write about it some in ["Did AI Erase Attribution?"](https://dev.to/anchildress1/did-ai-erase-attribution-your-git-history-is-missing-a-co-author-1m2l). Though... it probably deserves a follow-up after this—I might think about that.
+
+---
+
+## [0.1.2](https://github.com/ChecKMarKDevTools/rai-lint/compare/commitlint-plugin-rai-v0.1.1...commitlint-plugin-rai-v0.1.2) (2025-12-29) 📡 📡
+
+> _Ok, I lied._ No pottery. This turned into cleanup, config alignment, and wrestling CI until it stopped freelancing.
+
+No user-facing behavior changes, but under the hood this is a realignment release. Core workflows were restructured, release logic was consolidated, and the surrounding machinery now matches how the plugin actually works instead of how it used to pretend to.
+
+---
+
+## [0.1.1](https://github.com/ChecKMarKDevTools/rai-lint/compare/commitlint-plugin-rai-v0.1.0...commitlint-plugin-rai-v0.1.1) (2025-12-29) 📡
+
+> _Because the releases technically worked on GitHub, then immediately fell apart when asked to do literally anything else, prompting a debugging session I would describe as "character-building."_
+
+The plugin is stable. It does its job. It has been doing its job since I initially wrote it, unbothered and consistent.
+
+The CI workflows responsible for publishing it to npm, however, decided that "working" was negotiable and that sometimes lockfiles should refresh themselves mid-release for reasons they declined to explain.
+
+This release corrects the automated publishing setup that was theoretically correct last time but demonstrably wasn't even close. It also bumps `@types/node` because Dependabot has opinions and I'm inclined to agree.
+
+If this doesn't work, I'm learning pottery.
+
+---
+
+### What This Is 📦
+
+This is a commitlint plugin that will not let you commit until you say who actually helped write the code, which feels like a low bar and yet here we are.
+
+It’s not a lecture, it’s not a manifesto, and it’s definitely not trying to solve the entire “AI ethics” discourse in a footer. It just wants you to be honest and move on with your day.
+
+It understands five Git trailers:
+
+- `Authored-by` — all you, no AI involved, pure human effort and probably caffeine
+- `Commit-generated-by` — AI wrote the commit message, you wrote the code, a perfectly reasonable division of labor
+- `Assisted-by` — AI helped a bit, but you were still driving and making the calls
+- `Co-authored-by` — you and the AI paired, roughly fifty-fifty, everyone gets credit
+- `Generated-by` — AI did most of the work, you supervised, still valid, just say so
+
+Pick one and you’re done. Skip it and the commit fails immediately, calmly, and without entering into negotiations about how busy you are.
+
+There’s no telemetry, no tracking, no network calls, and no opinions about formatting or workflow. It doesn’t care how you work, it just wants the attribution written down so future humans aren’t guessing.
+
+Status: **Shipped.** Hopefully. 😄
+
+---
+
+### Why This Exists 🔧
+
+If two humans pair program, both names go on the commit. If an AI helps and we pretend it didn’t happen, that’s a choice, but it’s a weird one.
+
+Git already supports trailers. Commits already support attribution. This plugin just closes the gap between “we could do this” and “we actually do this,” because enforcement turns philosophy into muscle memory.
+
+I got tired of debating it and built the boring solution instead.
+
+---
+
+### The Extremely Short Version of Events 🗓️
+
+I built this, plus the Python version, in a burst of enthusiasm and questionable time awareness, then spent the following weeks fixing things, cleaning things up, and making the tooling stop yelling at me long enough to ship something usable.
+
+If you want the gritty details, Git is right there and very thorough. This is just the overview.
+
+---
+
+### December 28, 2025: v0.1.0 🚀
+
+It enforces attribution without overthinking it, it stays out of your way once you comply, and it does exactly one job on purpose.
+
+Everything else will evolve from here, along with the inevitable future mistakes and fixing the mistakes I missed this round.

package/LICENSE

@@ -0,0 +1,30 @@
+Polyform Shield License 1.0.0
+
+Copyright (c) 2025 ChecKMarK DevTools / Ashley Childress
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to use,
+copy, modify, and/or distribute the Software for any purpose—including personal, professional, or commercial use—subject to the following conditions:
+
+1. **No Profit or Monetization.**
+   The Software may not be sold, rebranded, licensed, hosted as a paid SaaS, or used as the basis of any product or service from which you or your organization earns revenue or profit, without explicit written permission from Ashley Childress.
+
+   - **You CAN** use, copy, fork, or adapt this for your own workflows, inside your company, for client projects, demos, education, or anything else—as long as you’re not selling the code, charging for it, or making money from the project itself.
+   - **You CANNOT** resell, offer as a paid service, or monetize this project or its derivatives without prior written approval.
+
+2. **Endorsement.**
+   Neither the name of ChecKMarK DevTools / Ashley Childress nor the names of any contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+3. **Attribution.**
+   Any public fork, copy, or substantial reuse must include this LICENSE and a clear statement in your documentation or README:
+   “Based on original work by ChecKMarK DevTools / Ashley Childress – see \[original repo link\].”
+
+4. **No Warranty.**
+   THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+Full license text: https://polyformproject.org/licenses/shield/1.0.0/
+
+---
+
+This project is licensed under Polyform Shield License 1.0.0.
+For exceptions or monetization/commercialization questions, contact Ashley Childress at [human@checkmarkdevtools.dev](mailto:human@checkmarkdevtools.dev).

package/README.md

@@ -1,18 +1,33 @@
 # @checkmarkdevtools/commitlint-plugin-rai
 
-Commitlint plugin for enforcing AI attribution in commit messages using standard Git trailers.
+<p align="center">
+  <img
+    src="https://raw.githubusercontent.com/ChecKMarKDevTools/admin-things/main/assets/logos/checkmark-rai-lint-logo.png"
+    alt="ChecKMarK RAI"
+    width="160"
+  />
+</p>
 
-## Installation
+<p align="center">
+  A commitlint plugin that enforces exactly one thing:<br />
+  if AI touched the code, say so in the commit. ⚖️
+</p>
+
+<p align="center">
+  That’s it. No philosophy, no negotiations. Pick a trailer and move on.
+</p>
+
+## Installation 🔧
 
 ```bash
 npm install --save-dev @checkmarkdevtools/commitlint-plugin-rai
 ```
 
-## Usage
+## Usage 🚦
 
-Add to your `commitlint.config.js`:
+Add the plugin to your `commitlint.config.js`:
 
-```javascript
+```js
 export default {
   extends: ['@commitlint/config-conventional'],
   plugins: ['@checkmarkdevtools/commitlint-plugin-rai'],
@@ -22,21 +37,40 @@ export default {
 };
 ```
 
-## Valid Footer Formats
+Once this is in place, commitlint will refuse to proceed until a valid RAI trailer is present.
+
+## Valid Trailers 📌
+
+Pick **exactly one**.
+Skip it and the commit fails.
+Use more than one and the commit also fails.
+
+No negotiations.
+
+1. `Authored-by: [Human] <email>` — all you, no AI involved
+2. `Commit-generated-by: [AI Tool] <email>` — AI wrote the commit message, you wrote the code
+3. `Assisted-by: [AI Tool] <email>` — AI helped some, you were still driving
+4. `Co-authored-by: [AI Tool] <email>` — roughly 50/50, like actual pair programming
+5. `Generated-by: [AI Tool] <email>` — AI did most of it, you supervised
+
+All patterns are case-insensitive, because enforcing honesty does not require enforcing capitalization.
+
+## Why This Exists ⚖️
+
+If two humans pair program, both names go on the commit.
+If an AI helps and we pretend it didn’t happen, that’s a choice, but it’s a strange one.
+
+Git already supports trailers. This plugin just closes the gap between “we could do this” and “we actually do this,” by making attribution a default instead of a discussion.
 
-1. **`Authored-by: [Human] <email>`** - Human only, no AI
-2. **`Commit-generated-by: [AI Tool] <email>`** - Trivial AI (docs, commit msg, advice, reviews)
-3. **`Assisted-by: [AI Tool] <email>`** - AI helped, but primarily human code
-4. **`Co-authored-by: [AI Tool] <email>`** - Roughly 50/50 AI and human (40-60 leeway)
-5. **`Generated-by: [AI Tool] <email>`** - Majority of code was AI generated
+If you want the longer version of that reasoning, it’s written up at [Did AI Erase Attribution?](https://dev.to/anchildress1/did-ai-erase-attribution-your-git-history-is-missing-a-co-author-1m2l).
 
-All patterns are case-insensitive.
+This plugin is the boring enforcement layer that follows.
 
-## Requirements
+## Requirements ⚙️
 
 - Node.js >= 20.0.0
 - @commitlint/cli >= 19.0.0
 
-## License
+## License 📄
 
-Polyform Shield 1.0.0
+PolyForm Shield License 1.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@checkmarkdevtools/commitlint-plugin-rai",
-  "version": "0.0.0",
+  "version": "0.1.2",
   "description": "Commitlint plugin for RAI footer validation",
   "type": "module",
   "main": "./dist/index.js",
@@ -14,7 +14,10 @@
   },
   "files": [
     "dist",
-    "README.md"
+    "sbom.json",
+    "README.md",
+    "CHANGELOG.md",
+    "LICENSE"
   ],
   "engines": {
     "node": ">=20 <25"
@@ -34,7 +37,7 @@
     "ai-attribution"
   ],
   "author": "Ashley Childress",
-  "license": "Polyform-Shield-1.0.0",
+  "license": "LicenseRef-PolyForm-Shield-1.0.0",
   "repository": {
     "type": "git",
     "url": "https://github.com/ChecKMarKDevTools/rai-lint.git",
@@ -49,7 +52,7 @@
   },
   "devDependencies": {
     "@commitlint/types": "^20.0.0",
-    "@types/node": "^24.10.0",
+    "@types/node": "^25.0.3",
     "@vitest/coverage-v8": "^4.0.13",
     "typescript": "^5.9.3",
     "vitest": "^4.0.7"

package/sbom.json

@@ -0,0 +1,144 @@
+{
+  "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json",
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.6",
+  "version": 1,
+  "metadata": {
+    "tools": {
+      "components": [
+        {
+          "type": "application",
+          "name": "npm",
+          "version": "11.6.2"
+        },
+        {
+          "type": "library",
+          "name": "cyclonedx-library",
+          "group": "@cyclonedx",
+          "version": "9.4.1",
+          "author": "Jan Kowalleck",
+          "description": "Core functionality of CycloneDX for JavaScript (Node.js or WebBrowser).",
+          "licenses": [
+            {
+              "license": {
+                "id": "Apache-2.0"
+              }
+            }
+          ],
+          "externalReferences": [
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-javascript-library/issues",
+              "type": "issue-tracker",
+              "comment": "as detected from PackageJson property \"bugs.url\""
+            },
+            {
+              "url": "git+https://github.com/CycloneDX/cyclonedx-javascript-library.git",
+              "type": "vcs",
+              "comment": "as detected from PackageJson property \"repository.url\""
+            },
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-javascript-library#readme",
+              "type": "website",
+              "comment": "as detected from PackageJson property \"homepage\""
+            }
+          ]
+        },
+        {
+          "type": "application",
+          "name": "cyclonedx-npm",
+          "group": "@cyclonedx",
+          "version": "4.1.2",
+          "author": "Jan Kowalleck",
+          "description": "Create CycloneDX Software Bill of Materials (SBOM) from NPM projects.",
+          "licenses": [
+            {
+              "license": {
+                "id": "Apache-2.0"
+              }
+            }
+          ],
+          "externalReferences": [
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-node-npm/issues",
+              "type": "issue-tracker",
+              "comment": "as detected from PackageJson property \"bugs.url\""
+            },
+            {
+              "url": "git+https://github.com/CycloneDX/cyclonedx-node-npm.git",
+              "type": "vcs",
+              "comment": "as detected from PackageJson property \"repository.url\""
+            },
+            {
+              "url": "https://github.com/CycloneDX/cyclonedx-node-npm#readme",
+              "type": "website",
+              "comment": "as detected from PackageJson property \"homepage\""
+            }
+          ]
+        }
+      ]
+    },
+    "component": {
+      "type": "library",
+      "name": "rai-lint",
+      "bom-ref": "rai-lint",
+      "author": "Ashley Childress",
+      "description": "Dual-language commit-message validation framework for AI-responsible development",
+      "licenses": [
+        {
+          "expression": "LicenseRef-PolyForm-Shield-1.0.0",
+          "acknowledgement": "declared"
+        }
+      ],
+      "purl": "pkg:npm/rai-lint",
+      "properties": [
+        {
+          "name": "cdx:npm:package:path",
+          "value": ""
+        },
+        {
+          "name": "cdx:npm:package:private",
+          "value": "true"
+        }
+      ]
+    },
+    "properties": [
+      {
+        "name": "cdx:reproducible",
+        "value": "true"
+      }
+    ]
+  },
+  "components": [
+    {
+      "type": "library",
+      "name": "commitlint-plugin-rai",
+      "group": "@checkmarkdevtools",
+      "version": "0.1.2",
+      "bom-ref": "rai-lint|@checkmarkdevtools/commitlint-plugin-rai@0.1.2",
+      "licenses": [
+        {
+          "expression": "LicenseRef-PolyForm-Shield-1.0.0",
+          "acknowledgement": "declared"
+        }
+      ],
+      "purl": "pkg:npm/%40checkmarkdevtools/commitlint-plugin-rai@0.1.2",
+      "properties": [
+        {
+          "name": "cdx:npm:package:path",
+          "value": "node_modules/@checkmarkdevtools/commitlint-plugin-rai"
+        }
+      ]
+    }
+  ],
+  "dependencies": [
+    {
+      "ref": "rai-lint",
+      "dependsOn": [
+        "rai-lint|@checkmarkdevtools/commitlint-plugin-rai@0.1.2"
+      ]
+    },
+    {
+      "ref": "rai-lint|@checkmarkdevtools/commitlint-plugin-rai@0.1.2"
+    }
+  ]
+}