@codexstar/bug-hunter 3.0.5 → 3.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +4 -3
- package/scripts/bug-hunter-state.cjs +0 -0
- package/scripts/payload-guard.cjs +0 -0
- package/scripts/prepublish-guard.cjs +82 -0
- package/scripts/run-bug-hunter.cjs +2 -1
- package/scripts/tests/fixtures/flaky-worker.cjs +0 -0
- package/scripts/tests/fixtures/success-worker.cjs +0 -0
- package/scripts/tests/worktree-harvest.test.cjs +1 -1
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@codexstar/bug-hunter",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.6",
|
|
4
4
|
"description": "Adversarial AI bug hunter — multi-agent pipeline finds security vulnerabilities, logic errors, and runtime bugs, then fixes them autonomously. Works with Claude Code, Cursor, Codex CLI, Copilot, Kiro, and more.",
|
|
5
5
|
"license": "MIT",
|
|
6
6
|
"main": "bin/bug-hunter",
|
|
@@ -30,16 +30,16 @@
|
|
|
30
30
|
"static-analysis"
|
|
31
31
|
],
|
|
32
32
|
"files": [
|
|
33
|
-
"agents/",
|
|
34
33
|
"bin/",
|
|
35
34
|
"scripts/",
|
|
36
35
|
"schemas/",
|
|
37
36
|
"prompts/",
|
|
38
37
|
"templates/",
|
|
39
38
|
"modes/",
|
|
40
|
-
"skills/",
|
|
41
39
|
"evals/",
|
|
42
40
|
"docs/",
|
|
41
|
+
"agents/",
|
|
42
|
+
"skills/",
|
|
43
43
|
"SKILL.md",
|
|
44
44
|
"README.md",
|
|
45
45
|
"CHANGELOG.md",
|
|
@@ -57,6 +57,7 @@
|
|
|
57
57
|
"access": "public"
|
|
58
58
|
},
|
|
59
59
|
"scripts": {
|
|
60
|
+
"prepublishOnly": "node scripts/prepublish-guard.cjs",
|
|
60
61
|
"prepack": "node --test scripts/tests/*.test.cjs",
|
|
61
62
|
"test": "node --test scripts/tests/*.test.cjs",
|
|
62
63
|
"doctor": "node bin/bug-hunter doctor",
|
|
File without changes
|
|
File without changes
|
|
@@ -0,0 +1,82 @@
|
|
|
1
|
+
#!/usr/bin/env node
|
|
2
|
+
'use strict';
|
|
3
|
+
|
|
4
|
+
/**
|
|
5
|
+
* prepublish-guard.cjs
|
|
6
|
+
*
|
|
7
|
+
* Blocks `npm publish` unless:
|
|
8
|
+
* 1. Git working tree is clean (no uncommitted changes)
|
|
9
|
+
* 2. Current HEAD is pushed to origin (no unpushed commits)
|
|
10
|
+
* 3. package.json version matches the git tag (if tag exists)
|
|
11
|
+
*
|
|
12
|
+
* This prevents the "published to npm but forgot to commit/push" problem.
|
|
13
|
+
* Bypass with: SKIP_PREPUBLISH_GUARD=1 npm publish
|
|
14
|
+
*/
|
|
15
|
+
|
|
16
|
+
const { execSync } = require('child_process');
|
|
17
|
+
|
|
18
|
+
if (process.env.SKIP_PREPUBLISH_GUARD === '1') {
|
|
19
|
+
console.log('⚠️ prepublish-guard: SKIPPED (SKIP_PREPUBLISH_GUARD=1)');
|
|
20
|
+
process.exit(0);
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
const run = (cmd) => execSync(cmd, { encoding: 'utf8' }).trim();
|
|
24
|
+
|
|
25
|
+
const errors = [];
|
|
26
|
+
|
|
27
|
+
// 1. Check for uncommitted changes
|
|
28
|
+
try {
|
|
29
|
+
const status = run('git status --porcelain');
|
|
30
|
+
if (status) {
|
|
31
|
+
errors.push(
|
|
32
|
+
'❌ Uncommitted changes detected. Commit or stash before publishing.\n' +
|
|
33
|
+
status.split('\n').map(l => ` ${l}`).join('\n')
|
|
34
|
+
);
|
|
35
|
+
}
|
|
36
|
+
} catch {
|
|
37
|
+
errors.push('❌ Not a git repository or git not available.');
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
// 2. Check for unpushed commits
|
|
41
|
+
try {
|
|
42
|
+
const unpushed = run('git log --oneline origin/main..HEAD 2>/dev/null');
|
|
43
|
+
if (unpushed) {
|
|
44
|
+
errors.push(
|
|
45
|
+
'❌ Unpushed commits. Run `git push` before publishing.\n' +
|
|
46
|
+
unpushed.split('\n').map(l => ` ${l}`).join('\n')
|
|
47
|
+
);
|
|
48
|
+
}
|
|
49
|
+
} catch {
|
|
50
|
+
// If origin/main doesn't exist, skip this check
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
// 3. Version/tag consistency check
|
|
54
|
+
try {
|
|
55
|
+
const version = require('../package.json').version;
|
|
56
|
+
const tagExists = (() => {
|
|
57
|
+
try { run(`git rev-parse v${version} 2>/dev/null`); return true; } catch { return false; }
|
|
58
|
+
})();
|
|
59
|
+
if (tagExists) {
|
|
60
|
+
const tagCommit = run(`git rev-parse v${version}`);
|
|
61
|
+
const headCommit = run('git rev-parse HEAD');
|
|
62
|
+
if (tagCommit !== headCommit) {
|
|
63
|
+
errors.push(
|
|
64
|
+
`❌ Tag v${version} exists but points to a different commit.\n` +
|
|
65
|
+
` Tag: ${tagCommit.slice(0, 8)}\n` +
|
|
66
|
+
` HEAD: ${headCommit.slice(0, 8)}\n` +
|
|
67
|
+
` Bump the version or move the tag.`
|
|
68
|
+
);
|
|
69
|
+
}
|
|
70
|
+
}
|
|
71
|
+
} catch {
|
|
72
|
+
// Non-fatal
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
if (errors.length > 0) {
|
|
76
|
+
console.error('\n🛑 prepublish-guard: publish blocked\n');
|
|
77
|
+
errors.forEach(e => console.error(e + '\n'));
|
|
78
|
+
console.error('Bypass with: SKIP_PREPUBLISH_GUARD=1 npm publish\n');
|
|
79
|
+
process.exit(1);
|
|
80
|
+
}
|
|
81
|
+
|
|
82
|
+
console.log('✅ prepublish-guard: clean tree, all pushed — safe to publish');
|
|
@@ -205,7 +205,8 @@ function sleep(ms) {
|
|
|
205
205
|
|
|
206
206
|
function runCommandOnce({ command, timeoutMs }) {
|
|
207
207
|
return new Promise((resolve) => {
|
|
208
|
-
const
|
|
208
|
+
const shell = process.env.SHELL || '/bin/bash';
|
|
209
|
+
const child = childProcess.spawn(shell, ['-lc', command], {
|
|
209
210
|
stdio: ['ignore', 'pipe', 'pipe']
|
|
210
211
|
});
|
|
211
212
|
let stdout = '';
|
|
File without changes
|
|
File without changes
|
|
@@ -20,7 +20,7 @@ function makeGitFixture() {
|
|
|
20
20
|
// Bare origin
|
|
21
21
|
const origin = path.join(sandbox, 'origin.git');
|
|
22
22
|
fs.mkdirSync(origin, { recursive: true });
|
|
23
|
-
execFileSync('git', ['init', '--bare'], { cwd: origin, stdio: 'ignore' });
|
|
23
|
+
execFileSync('git', ['init', '--bare', '-b', 'main'], { cwd: origin, stdio: 'ignore' });
|
|
24
24
|
|
|
25
25
|
// Working clone
|
|
26
26
|
const repo = path.join(sandbox, 'repo');
|