@girardmedia/bootspring 2.0.24 → 2.0.26

package/intelligence/learning/insights.json

@@ -1,6 +1,6 @@
 {
   "version": "1.0.0",
-  "last_analysis": "2026-02-21T18:13:21.290Z",
+  "last_analysis": "2026-02-26T07:41:06.886Z",
   "insights": [
     {
       "type": "cold_start",

package/mcp/contracts/mcp-contract.v1.json

@@ -1,7 +1,7 @@
 {
   "contractVersion": "v1",
   "packageName": "@girardmedia/bootspring",
-  "packageVersion": "2.0.24",
+  "packageVersion": "2.0.26",
   "tools": [
     {
       "name": "bootspring_assist",

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@girardmedia/bootspring",
-  "version": "2.0.24",
+  "version": "2.0.26",
   "description": "Development scaffolding with intelligence - AI-powered context, agents, and workflows for any MCP-compatible assistant",
   "keywords": [
     "ai",
@@ -68,9 +68,11 @@
     "start": "node bin/bootspring.js",
     "dashboard": "node bin/bootspring.js dashboard",
     "mcp": "node mcp/server.js",
-    "test": "jest",
-    "test:watch": "jest --watch",
-    "test:coverage": "jest --coverage",
+    "test": "vitest run",
+    "test:watch": "vitest",
+    "test:coverage": "vitest run --coverage",
+    "test:jest": "jest",
+    "test:jest:watch": "jest --watch",
     "lint": "eslint .",
     "lint:fix": "eslint . --fix",
     "typecheck": "tsc --noEmit",
@@ -90,6 +92,7 @@
     "@swc/core": "^1.15.13",
     "@swc/jest": "^0.2.39",
     "@types/node": "^25.3.1",
+    "@vitest/coverage-v8": "^4.0.18",
     "eslint": "^9.39.2",
     "globals": "^17.3.0",
     "jest": "^29.7.0",

package/src/cli/org.ts

@@ -1,4 +1,3 @@
-// @ts-nocheck
 /**
  * Bootspring Organization Command
  * Manage organization policies and members
@@ -16,17 +15,44 @@
  * @command org
  */
 
-const utils = require('../core/utils');
-const auth = require('../core/auth');
-const apiClient = require('../core/api-client');
-const policies = require('../core/policies');
-const organizations = require('../core/organizations');
-const policyMatrix = require('../core/policy-matrix');
+import type {
+  Organization,
+  OrgMember,
+  Tier,
+  PolicyProfile,
+  MemberRole,
+  PolicyScopes,
+} from '../types/policy';
+
+import * as utils from '../core/utils';
+import * as auth from '../core/auth';
+import * as organizations from '../core/organizations';
+
+// Type for API client methods
+interface ApiClient {
+  listOrganizations: () => Promise<Organization[]>;
+  getOrganization: (orgId: string) => Promise<Organization>;
+  updateOrgPolicy: (orgId: string, data: { policyProfile: string }) => Promise<void>;
+  listOrgMembers: (orgId: string) => Promise<OrgMember[]>;
+  getMemberPolicy: (orgId: string, userId: string) => Promise<{ role: MemberRole; overrides?: Record<string, unknown> }>;
+}
+
+// Type for policies module
+interface PoliciesModule {
+  resolvePolicyProfile: () => PolicyProfile;
+  getPolicyProfile: (profile: PolicyProfile) => { allowExternalSkills: boolean; blockedWorkflows: string[] };
+  getPolicyScopes: () => PolicyScopes;
+  listPolicyProfiles: () => Array<{ id: PolicyProfile; tier: string; description: string }>;
+}
+
+// Dynamic imports for modules that may not have proper types yet
+const apiClient = require('../core/api-client') as ApiClient;
+const policies = require('../core/policies') as PoliciesModule;
 
 /**
  * Run the org command
  */
-async function run(args = []) {
+export async function run(args: string[] = []): Promise<number> {
   const subcommand = args[0] || 'list';
 
   switch (subcommand) {
@@ -43,7 +69,8 @@ async function run(args = []) {
     case 'help':
     case '--help':
     case '-h':
-      return showHelp();
+      showHelp();
+      return 0;
     default:
       console.log(`${utils.COLORS.red}Unknown command: ${subcommand}${utils.COLORS.reset}`);
       showHelp();
@@ -54,8 +81,8 @@ async function run(args = []) {
 /**
  * List user's organizations
  */
-async function listOrganizations() {
-  if (!auth.isAuthenticated()) {
+async function listOrganizations(): Promise<number> {
+  if (!(auth as { isAuthenticated?: () => boolean }).isAuthenticated?.()) {
     console.log(`${utils.COLORS.yellow}Not authenticated. Run: bootspring auth login${utils.COLORS.reset}`);
     return 1;
   }
@@ -86,7 +113,8 @@ async function listOrganizations() {
 
     return 0;
   } catch (error) {
-    spinner.fail(`Failed to fetch organizations: ${error.message}`);
+    const err = error as Error;
+    spinner.fail(`Failed to fetch organizations: ${err.message}`);
     return 1;
   }
 }
@@ -94,8 +122,9 @@ async function listOrganizations() {
 /**
  * Show organization info
  */
-async function showOrgInfo(orgId) {
-  const resolvedOrgId = orgId || process.env.BOOTSPRING_ORG_ID || auth.getCredentials()?.orgId;
+async function showOrgInfo(orgId?: string): Promise<number> {
+  const credentials = (auth as { getCredentials?: () => { orgId?: string } | null }).getCredentials?.();
+  const resolvedOrgId = orgId || process.env.BOOTSPRING_ORG_ID || credentials?.orgId;
 
   if (!resolvedOrgId) {
     console.log(`${utils.COLORS.yellow}No organization specified.${utils.COLORS.reset}`);
@@ -118,7 +147,7 @@ ${utils.COLORS.bold}Details:${utils.COLORS.reset}
   ID:       ${org.id}
   Tier:     ${getTierBadge(org.tier)}
   Profile:  ${getProfileBadge(org.policyProfile)}
-  Created:  ${new Date(org.createdAt).toLocaleDateString()}
+  Created:  ${org.createdAt ? new Date(org.createdAt).toLocaleDateString() : 'N/A'}
 
 ${utils.COLORS.bold}Policy:${utils.COLORS.reset}
   External Skills:  ${org.policy?.allowExternalSkills ? '✓ Allowed' : '✗ Blocked'}
@@ -140,7 +169,8 @@ ${utils.COLORS.bold}Members:${utils.COLORS.reset} ${org.memberCount || org.membe
 
     return 0;
   } catch (error) {
-    spinner.fail(`Failed to fetch organization: ${error.message}`);
+    const err = error as Error;
+    spinner.fail(`Failed to fetch organization: ${err.message}`);
     return 1;
   }
 }
@@ -148,7 +178,7 @@ ${utils.COLORS.bold}Members:${utils.COLORS.reset} ${org.memberCount || org.membe
 /**
  * Handle policy subcommands
  */
-async function handlePolicyCommand(args) {
+async function handlePolicyCommand(args: string[]): Promise<number> {
   const action = args[0] || 'get';
 
   switch (action) {
@@ -170,7 +200,7 @@ async function handlePolicyCommand(args) {
 /**
  * Show current policy
  */
-async function showPolicy(orgId) {
+async function showPolicy(orgId?: string): Promise<number> {
   try {
     const summary = await organizations.getOrgPolicySummary({ orgId });
 
@@ -197,26 +227,27 @@ ${utils.COLORS.cyan}${utils.COLORS.bold}Organization Policy${utils.COLORS.reset}
 ${utils.COLORS.dim}${'─'.repeat(50)}${utils.COLORS.reset}
 
   Organization: ${summary.orgName || summary.orgId}
-  Tier:         ${getTierBadge(summary.tier)}
-  Profile:      ${getProfileBadge(summary.profile)}
-  Your Role:    ${getRoleBadge(summary.role)}
+  Tier:         ${getTierBadge(summary.tier!)}
+  Profile:      ${getProfileBadge(summary.profile!)}
+  Your Role:    ${getRoleBadge(summary.role!)}
 
 ${utils.COLORS.bold}Scope Summary:${utils.COLORS.reset}
   Allowed Scopes:  ${utils.COLORS.green}${summary.allowedScopes}${utils.COLORS.reset}
   Blocked Scopes:  ${utils.COLORS.red}${summary.blockedScopes}${utils.COLORS.reset}
 
 ${utils.COLORS.bold}Limits:${utils.COLORS.reset}
-  Skills/Day:      ${formatLimit(summary.limits.skillsPerDay)}
-  Workflows/Day:   ${formatLimit(summary.limits.workflowsPerDay)}
-  Agent Calls/Day: ${formatLimit(summary.limits.agentInvocationsPerDay)}
-  Team Members:    ${formatLimit(summary.limits.teamMembers)}
+  Skills/Day:      ${formatLimit(summary.limits?.skillsPerDay)}
+  Workflows/Day:   ${formatLimit(summary.limits?.workflowsPerDay)}
+  Agent Calls/Day: ${formatLimit(summary.limits?.agentInvocationsPerDay)}
+  Team Members:    ${formatLimit(summary.limits?.teamMembers)}
 
-${summary.overrides.length > 0 ? `${utils.COLORS.bold}Active Overrides:${utils.COLORS.reset} ${summary.overrides.join(', ')}` : ''}
+${summary.overrides && summary.overrides.length > 0 ? `${utils.COLORS.bold}Active Overrides:${utils.COLORS.reset} ${summary.overrides.join(', ')}` : ''}
 `);
 
     return 0;
   } catch (error) {
-    console.log(`${utils.COLORS.red}Failed to get policy: ${error.message}${utils.COLORS.reset}`);
+    const err = error as Error;
+    console.log(`${utils.COLORS.red}Failed to get policy: ${err.message}${utils.COLORS.reset}`);
     return 1;
   }
 }
@@ -224,7 +255,7 @@ ${summary.overrides.length > 0 ? `${utils.COLORS.bold}Active Overrides:${utils.C
 /**
  * Set policy profile
  */
-async function setPolicy(profile, orgId) {
+async function setPolicy(profile?: string, orgId?: string): Promise<number> {
   if (!profile) {
     console.log(`${utils.COLORS.yellow}Please specify a profile: startup, regulated, or enterprise${utils.COLORS.reset}`);
     return 1;
@@ -261,7 +292,8 @@ To set org-level policy, specify an org ID:
     spinner.succeed(`Policy updated to "${profile}"`);
     return 0;
   } catch (error) {
-    spinner.fail(`Failed to update policy: ${error.message}`);
+    const err = error as Error;
+    spinner.fail(`Failed to update policy: ${err.message}`);
     return 1;
   }
 }
@@ -269,7 +301,7 @@ To set org-level policy, specify an org ID:
 /**
  * Show available scopes
  */
-function showScopes() {
+function showScopes(): number {
   const scopes = policies.getPolicyScopes();
 
   console.log(`
@@ -279,7 +311,7 @@ ${utils.COLORS.dim}${'─'.repeat(50)}${utils.COLORS.reset}
 
   for (const [category, categoryScopes] of Object.entries(scopes)) {
     console.log(`${utils.COLORS.bold}${category}:${utils.COLORS.reset}`);
-    for (const [name, scope] of Object.entries(categoryScopes)) {
+    for (const [name, scope] of Object.entries(categoryScopes as Record<string, string>)) {
       console.log(`  ${utils.COLORS.cyan}${scope}${utils.COLORS.reset} ${utils.COLORS.dim}(${name})${utils.COLORS.reset}`);
     }
     console.log();
@@ -291,15 +323,15 @@ ${utils.COLORS.dim}${'─'.repeat(50)}${utils.COLORS.reset}
 /**
  * Show available profiles
  */
-function showProfiles() {
-  const profiles = policies.listPolicyProfiles();
+function showProfiles(): number {
+  const profilesList = policies.listPolicyProfiles();
 
   console.log(`
 ${utils.COLORS.cyan}${utils.COLORS.bold}Policy Profiles${utils.COLORS.reset}
 ${utils.COLORS.dim}${'─'.repeat(50)}${utils.COLORS.reset}
 `);
 
-  for (const profile of profiles) {
+  for (const profile of profilesList) {
     console.log(`  ${getProfileBadge(profile.id)} ${utils.COLORS.dim}(${profile.tier} tier+)${utils.COLORS.reset}`);
     console.log(`  ${utils.COLORS.dim}${profile.description}${utils.COLORS.reset}`);
     console.log();
@@ -311,7 +343,7 @@ ${utils.COLORS.dim}${'─'.repeat(50)}${utils.COLORS.reset}
 /**
  * List organization members
  */
-async function listMembers(orgId) {
+async function listMembers(orgId?: string): Promise<number> {
   const resolvedOrgId = orgId || process.env.BOOTSPRING_ORG_ID;
 
   if (!resolvedOrgId) {
@@ -335,7 +367,8 @@ async function listMembers(orgId) {
 
     return 0;
   } catch (error) {
-    spinner.fail(`Failed to fetch members: ${error.message}`);
+    const err = error as Error;
+    spinner.fail(`Failed to fetch members: ${err.message}`);
     return 1;
   }
 }
@@ -343,7 +376,7 @@ async function listMembers(orgId) {
 /**
  * Handle member subcommands
  */
-async function handleMemberCommand(args) {
+async function handleMemberCommand(args: string[]): Promise<number> {
   const userId = args[0];
   const action = args[1] || 'info';
 
@@ -365,7 +398,7 @@ async function handleMemberCommand(args) {
 /**
  * Show member policy
  */
-async function showMemberPolicy(userId, orgId) {
+async function showMemberPolicy(userId: string, orgId?: string): Promise<number> {
   const resolvedOrgId = orgId || process.env.BOOTSPRING_ORG_ID;
 
   if (!resolvedOrgId) {
@@ -394,15 +427,16 @@ ${utils.COLORS.bold}Policy Overrides:${utils.COLORS.reset}
 
     return 0;
   } catch (error) {
-    spinner.fail(`Failed to fetch member policy: ${error.message}`);
+    const err = error as Error;
+    spinner.fail(`Failed to fetch member policy: ${err.message}`);
     return 1;
   }
 }
 
 // Helper functions
 
-function getTierBadge(tier) {
-  const badges = {
+function getTierBadge(tier: Tier): string {
+  const badges: Record<Tier, string> = {
     free: `${utils.COLORS.dim}[free]${utils.COLORS.reset}`,
     pro: `${utils.COLORS.blue}[pro]${utils.COLORS.reset}`,
     team: `${utils.COLORS.green}[team]${utils.COLORS.reset}`,
@@ -411,17 +445,17 @@ function getTierBadge(tier) {
   return badges[tier] || `[${tier}]`;
 }
 
-function getProfileBadge(profile) {
-  const badges = {
+function getProfileBadge(profile: PolicyProfile): string {
+  const badges: Record<PolicyProfile, string> = {
     startup: `${utils.COLORS.cyan}startup${utils.COLORS.reset}`,
     regulated: `${utils.COLORS.yellow}regulated${utils.COLORS.reset}`,
     enterprise: `${utils.COLORS.magenta}enterprise${utils.COLORS.reset}`
   };
-  return badges[profile] || profile;
+  return badges[profile] || String(profile);
 }
 
-function getRoleBadge(role) {
-  const badges = {
+function getRoleBadge(role: MemberRole): string {
+  const badges: Record<MemberRole, string> = {
     owner: `${utils.COLORS.red}(owner)${utils.COLORS.reset}`,
     admin: `${utils.COLORS.yellow}(admin)${utils.COLORS.reset}`,
     member: `${utils.COLORS.dim}(member)${utils.COLORS.reset}`,
@@ -430,13 +464,13 @@ function getRoleBadge(role) {
   return badges[role] || `(${role})`;
 }
 
-function formatLimit(value) {
+function formatLimit(value?: number): string {
   if (value === -1) return `${utils.COLORS.green}Unlimited${utils.COLORS.reset}`;
   if (value === undefined) return `${utils.COLORS.dim}N/A${utils.COLORS.reset}`;
   return value.toLocaleString();
 }
 
-function showHelp() {
+function showHelp(): void {
   console.log(`
 ${utils.COLORS.cyan}${utils.COLORS.bold}⚡ Bootspring Organization${utils.COLORS.reset}
 ${utils.COLORS.dim}Manage organization policies and members${utils.COLORS.reset}
@@ -471,5 +505,3 @@ ${utils.COLORS.bold}Examples:${utils.COLORS.reset}
   bootspring org members
 `);
 }
-
-export { run };

package/src/core/organizations.ts

@@ -1,45 +1,35 @@
-// @ts-nocheck
 /**
  * Organizations Module
  * Org-level policy resolution and caching
  * @package bootspring
  */
 
-const apiClient = require('./api-client');
-const policyMatrix = require('./policy-matrix');
-const auth = require('./auth');
+import type {
+  Organization,
+  OrgMember,
+  OrgContext,
+  OrgPolicyAccessResult,
+  OrgPolicySummary,
+  OrgOptions,
+  CacheEntry,
+  MemberRole,
+} from '../types/policy';
+
+import * as apiClient from './api-client';
+import * as policyMatrix from './policy-matrix';
+import * as auth from './auth';
 
 // Cache for org data (5 minute TTL)
 const ORG_CACHE_TTL = 5 * 60 * 1000;
-const orgCache = new Map();
-
-/**
- * Organization structure
- * @typedef {object} Organization
- * @property {string} id - Organization ID
- * @property {string} name - Organization name
- * @property {string} tier - Subscription tier (team/enterprise)
- * @property {string} policyProfile - Default policy profile
- * @property {object} settings - Org settings
- * @property {OrgMember[]} members - Organization members
- */
-
-/**
- * Organization member structure
- * @typedef {object} OrgMember
- * @property {string} userId - User ID
- * @property {string} email - User email
- * @property {string} role - Member role (owner/admin/member/viewer)
- * @property {object} policyOverrides - Per-member policy overrides
- */
+const orgCache = new Map<string, CacheEntry<Organization>>();
 
 /**
  * Get organization from cache or API
- * @param {string} orgId - Organization ID
- * @param {object} options - Options including apiKey
- * @returns {Promise<Organization|null>}
  */
-async function getOrganization(orgId, options = {}) {
+export async function getOrganization(
+  orgId: string,
+  options: OrgOptions = {}
+): Promise<Organization | null> {
   if (!orgId) return null;
 
   const cacheKey = `org:${orgId}`;
@@ -50,11 +40,11 @@ async function getOrganization(orgId, options = {}) {
   }
 
   try {
-    const org = await apiClient.getOrganization(orgId, options);
+    const org = await (apiClient as { getOrganization?: (id: string, opts?: OrgOptions) => Promise<Organization | null> }).getOrganization?.(orgId, options);
     if (org) {
       orgCache.set(cacheKey, { data: org, timestamp: Date.now() });
     }
-    return org;
+    return org ?? null;
   } catch {
     // Return cached data if available, even if stale
     return cached?.data || null;
@@ -63,12 +53,12 @@ async function getOrganization(orgId, options = {}) {
 
 /**
  * Get organization member
- * @param {string} orgId - Organization ID
- * @param {string} userId - User ID
- * @param {object} options - Options
- * @returns {Promise<OrgMember|null>}
  */
-async function getOrgMember(orgId, userId, options = {}) {
+export async function getOrgMember(
+  orgId: string,
+  userId: string,
+  options: OrgOptions = {}
+): Promise<OrgMember | null> {
   const org = await getOrganization(orgId, options);
   if (!org?.members) return null;
   return org.members.find(m => m.userId === userId) || null;
@@ -76,14 +66,13 @@ async function getOrgMember(orgId, userId, options = {}) {
 
 /**
  * Resolve organization context from credentials/env
- * @param {object} options - Options
- * @returns {Promise<object>} Org context
  */
-async function resolveOrgContext(options = {}) {
+export async function resolveOrgContext(options: OrgOptions = {}): Promise<OrgContext> {
   // Try to get org ID from various sources
+  const credentials = (auth as { getCredentials?: () => { orgId?: string; userId?: string } | null }).getCredentials?.();
   const orgId = options.orgId
     || process.env.BOOTSPRING_ORG_ID
-    || auth.getCredentials()?.orgId;
+    || credentials?.orgId;
 
   if (!orgId) {
     return {
@@ -107,7 +96,7 @@ async function resolveOrgContext(options = {}) {
   }
 
   // Get current user's membership
-  const userId = options.userId || auth.getCredentials()?.userId;
+  const userId = options.userId || credentials?.userId;
   const member = userId ? await getOrgMember(orgId, userId, options) : null;
 
   // Build effective policy
@@ -129,27 +118,24 @@ async function resolveOrgContext(options = {}) {
 
 /**
  * Check if user has permission in org
- * @param {string} permission - Permission to check
- * @param {object} orgContext - Organization context
- * @returns {boolean}
  */
-function hasOrgPermission(permission, orgContext) {
+export function hasOrgPermission(permission: string, orgContext: OrgContext | null): boolean {
   if (!orgContext?.hasOrg) return false;
 
-  const role = orgContext.role || 'viewer';
+  const role: MemberRole = orgContext.role || 'viewer';
   const rolePerms = policyMatrix.ROLE_PERMISSIONS[role];
 
   if (!rolePerms) return false;
-  return rolePerms[permission] === true;
+  return (rolePerms as Record<string, boolean>)[permission] === true;
 }
 
 /**
  * Check policy access for a scope
- * @param {string} scope - Scope to check (e.g., 'skills.external')
- * @param {object} options - Options including orgId
- * @returns {Promise<object>} Access result
  */
-async function checkOrgPolicyAccess(scope, options = {}) {
+export async function checkOrgPolicyAccess(
+  scope: string,
+  options: OrgOptions = {}
+): Promise<OrgPolicyAccessResult> {
   const orgContext = await resolveOrgContext(options);
 
   // If no org, fall back to user-level policy
@@ -165,7 +151,7 @@ async function checkOrgPolicyAccess(scope, options = {}) {
   return {
     ...result,
     hasOrgPolicy: true,
-    orgId: orgContext.orgId,
+    orgId: orgContext.orgId ?? undefined,
     tier: orgContext.policy.tier,
     profile: orgContext.policy.profile
   };
@@ -173,10 +159,8 @@ async function checkOrgPolicyAccess(scope, options = {}) {
 
 /**
  * Get org policy summary for display
- * @param {object} options - Options
- * @returns {Promise<object>} Policy summary
  */
-async function getOrgPolicySummary(options = {}) {
+export async function getOrgPolicySummary(options: OrgOptions = {}): Promise<OrgPolicySummary> {
   const orgContext = await resolveOrgContext(options);
 
   if (!orgContext.hasOrg) {
@@ -186,10 +170,10 @@ async function getOrgPolicySummary(options = {}) {
     };
   }
 
-  const policy = orgContext.policy;
+  const policy = orgContext.policy!;
   return {
     hasOrg: true,
-    orgId: orgContext.orgId,
+    orgId: orgContext.orgId ?? undefined,
     orgName: orgContext.org?.name,
     tier: policy.tier,
     profile: policy.profile,
@@ -203,22 +187,11 @@ async function getOrgPolicySummary(options = {}) {
 
 /**
  * Clear organization cache
- * @param {string} [orgId] - Specific org to clear, or all if not specified
  */
-function clearOrgCache(orgId) {
+export function clearOrgCache(orgId?: string): void {
   if (orgId) {
     orgCache.delete(`org:${orgId}`);
   } else {
     orgCache.clear();
   }
 }
-
-module.exports = {
-  getOrganization,
-  getOrgMember,
-  resolveOrgContext,
-  hasOrgPermission,
-  checkOrgPolicyAccess,
-  getOrgPolicySummary,
-  clearOrgCache
-};