@girardmedia/bootspring 2.1.3 → 2.2.1

package/core/index.d.ts

@@ -1,53 +0,0 @@
-/**
- * Bootspring Core TypeScript Declarations
- * @package @girardmedia/bootspring
- */
-
-import * as config from './config';
-import * as context from './context';
-import * as utils from './utils';
-import * as policies from './policies';
-import * as entitlements from './entitlements';
-import * as telemetry from './telemetry';
-import * as auth from './auth';
-import * as api from './api-client';
-import * as redaction from './redaction';
-
-/** Current package version */
-export const VERSION: string;
-
-/** Core modules */
-export { config, context, utils, policies, entitlements, telemetry, auth, api, redaction };
-
-/** Load configuration from bootspring.config.js */
-export const loadConfig: typeof config.load;
-
-/** Get project context */
-export const getContext: typeof context.get;
-
-/** Validate project context */
-export const validateContext: typeof context.validate;
-
-/** Check if user has access to a skill */
-export const checkSkillAccess: typeof entitlements.checkSkillAccess;
-
-/** Check if user has access to a workflow */
-export const checkWorkflowAccess: typeof entitlements.checkWorkflowAccess;
-
-/** Check if user is authenticated */
-export const isAuthenticated: typeof auth.isAuthenticated;
-
-/** Get current user info */
-export const getUser: typeof auth.getUser;
-
-/** Get user's subscription tier */
-export const getTier: typeof auth.getTier;
-
-/** Brand information */
-export const BRAND: {
-  name: 'Bootspring';
-  tagline: 'Development scaffolding with intelligence';
-  website: 'https://bootspring.com';
-  docs: 'https://bootspring.com/docs';
-  api: 'https://api.bootspring.com';
-};

package/core/index.js

@@ -1,62 +0,0 @@
-/**
- * Bootspring Core
- * Main exports for the Bootspring package
- *
- * @package bootspring
- * @module core
- */
-
-const config = require('./config');
-const context = require('./context');
-const utils = require('./utils');
-const policies = require('./policies');
-const entitlements = require('./entitlements');
-const tierEnforcement = require('./tier-enforcement');
-const telemetry = require('./telemetry');
-const auth = require('./auth');
-const api = require('./api-client');
-const redaction = require('./redaction');
-const packageJson = require('../package.json');
-
-module.exports = {
-  // Version
-  VERSION: packageJson.version,
-
-  // Core modules
-  config,
-  context,
-  utils,
-  policies,
-  entitlements,
-  tierEnforcement,
-  telemetry,
-  auth,
-  api,
-  redaction,
-
-  // Convenience exports
-  loadConfig: config.load,
-  getContext: context.get,
-  validateContext: context.validate,
-  checkSkillAccess: entitlements.checkSkillAccess,
-  checkWorkflowAccess: entitlements.checkWorkflowAccess,
-
-  // Tier enforcement convenience exports
-  getTier: tierEnforcement.getTier,
-  checkAgentAccess: tierEnforcement.checkAgentAccess,
-  hasFeature: tierEnforcement.hasFeature,
-  meetsTierRequirement: tierEnforcement.meetsTierRequirement,
-
-  // Auth convenience exports
-  isAuthenticated: auth.isAuthenticated,
-  getUser: auth.getUser,
-
-  // Brand info
-  BRAND: {
-    name: 'Bootspring',
-    tagline: 'Development scaffolding with intelligence',
-    website: 'https://bootspring.com',
-    docs: 'https://bootspring.com/docs',
-    api: 'https://api.bootspring.com'
-  }
-};

package/core/mcp-config.js

@@ -1,115 +0,0 @@
-const fs = require('fs');
-const path = require('path');
-
-const PACKAGE_NAME = require('../package.json').name || '@girardmedia/bootspring';
-const PROJECT_MCP_FILENAME = '.mcp.json';
-
-function getManagedMcpServerConfig() {
-  return {
-    command: 'npx',
-    args: ['-y', PACKAGE_NAME, 'mcp'],
-    env: {}
-  };
-}
-
-function isManagedMcpServerConfig(serverConfig) {
-  const expected = getManagedMcpServerConfig();
-  return (
-    serverConfig?.command === expected.command &&
-    Array.isArray(serverConfig?.args) &&
-    serverConfig.args.join('\u0000') === expected.args.join('\u0000')
-  );
-}
-
-function normalizeManagedMcpServerConfig(existingServerConfig) {
-  const managedConfig = getManagedMcpServerConfig();
-  const env = existingServerConfig?.env && typeof existingServerConfig.env === 'object' && !Array.isArray(existingServerConfig.env)
-    ? existingServerConfig.env
-    : {};
-
-  return {
-    ...managedConfig,
-    env
-  };
-}
-
-function ensureProjectMcpConfig(projectRoot = process.cwd(), options = {}) {
-  const createIfMissing = options.createIfMissing === true;
-  const mcpPath = path.join(projectRoot, PROJECT_MCP_FILENAME);
-
-  if (!fs.existsSync(mcpPath)) {
-    if (!createIfMissing) {
-      return { status: 'missing', changed: false, path: mcpPath };
-    }
-
-    const nextConfig = {
-      mcpServers: {
-        bootspring: getManagedMcpServerConfig()
-      }
-    };
-
-    try {
-      fs.writeFileSync(mcpPath, JSON.stringify(nextConfig, null, 2));
-      return { status: 'created', changed: true, path: mcpPath, config: nextConfig };
-    } catch (error) {
-      return { status: 'error', changed: false, path: mcpPath, error };
-    }
-  }
-
-  let currentConfig;
-  try {
-    currentConfig = JSON.parse(fs.readFileSync(mcpPath, 'utf8'));
-  } catch (error) {
-    return { status: 'invalid', changed: false, path: mcpPath, error };
-  }
-
-  if (!currentConfig || typeof currentConfig !== 'object' || Array.isArray(currentConfig)) {
-    return {
-      status: 'invalid',
-      changed: false,
-      path: mcpPath,
-      error: new Error('Project MCP config must be a JSON object')
-    };
-  }
-
-  const currentServers = currentConfig.mcpServers && typeof currentConfig.mcpServers === 'object' && !Array.isArray(currentConfig.mcpServers)
-    ? currentConfig.mcpServers
-    : {};
-  const currentBootspring = currentServers.bootspring;
-
-  if (currentBootspring && isManagedMcpServerConfig(currentBootspring)) {
-    return { status: 'unchanged', changed: false, path: mcpPath, config: currentConfig };
-  }
-
-  if (!currentBootspring && !createIfMissing) {
-    return { status: 'absent', changed: false, path: mcpPath, config: currentConfig };
-  }
-
-  const nextConfig = {
-    ...currentConfig,
-    mcpServers: {
-      ...currentServers,
-      bootspring: normalizeManagedMcpServerConfig(currentBootspring)
-    }
-  };
-
-  try {
-    fs.writeFileSync(mcpPath, JSON.stringify(nextConfig, null, 2));
-    return {
-      status: currentBootspring ? 'updated' : 'added',
-      changed: true,
-      path: mcpPath,
-      config: nextConfig
-    };
-  } catch (error) {
-    return { status: 'error', changed: false, path: mcpPath, error };
-  }
-}
-
-module.exports = {
-  PACKAGE_NAME,
-  PROJECT_MCP_FILENAME,
-  getManagedMcpServerConfig,
-  isManagedMcpServerConfig,
-  ensureProjectMcpConfig
-};

package/core/policies.d.ts

@@ -1,43 +0,0 @@
-/**
- * Bootspring Policies Types
- * @module core/policies
- */
-
-export type PolicyProfile = 'startup' | 'regulated' | 'enterprise';
-
-export interface Policy {
-  profile: PolicyProfile;
-  blockedWorkflows: string[];
-  blockedSkills: string[];
-  requireApproval: string[];
-  auditLevel: 'none' | 'basic' | 'full';
-}
-
-/**
- * Get policy for current environment
- * @param profile - Optional profile override
- * @returns Policy configuration
- */
-export function getPolicy(profile?: PolicyProfile): Policy;
-
-/**
- * Check if workflow is allowed by policy
- * @param workflowId - Workflow identifier
- * @param policy - Optional policy to check against
- * @returns True if allowed
- */
-export function isWorkflowAllowed(workflowId: string, policy?: Policy): boolean;
-
-/**
- * Check if skill is allowed by policy
- * @param skillId - Skill identifier
- * @param policy - Optional policy to check against
- * @returns True if allowed
- */
-export function isSkillAllowed(skillId: string, policy?: Policy): boolean;
-
-/**
- * Resolve policy profile from environment
- * @returns Current policy profile
- */
-export function resolveProfile(): PolicyProfile;

package/core/policies.js

@@ -1,113 +0,0 @@
-/**
- * Bootspring policy profiles
- * Team-level and org-level controls for capability gating.
- */
-
-const policyMatrix = require('./policy-matrix');
-
-const DEFAULT_POLICY_PROFILE = 'startup';
-
-const POLICY_PROFILES = {
-  startup: {
-    id: 'startup',
-    name: 'Startup',
-    description: 'Permissive policy for fast iteration',
-    allowExternalSkills: true,
-    blockedWorkflows: [],
-    tier: 'any'
-  },
-  regulated: {
-    id: 'regulated',
-    name: 'Regulated',
-    description: 'Compliance-focused with external skill restrictions',
-    allowExternalSkills: false,
-    blockedWorkflows: ['growth-pack'],
-    tier: 'team'
-  },
-  enterprise: {
-    id: 'enterprise',
-    name: 'Enterprise',
-    description: 'Full control with SSO and audit requirements',
-    allowExternalSkills: true,
-    blockedWorkflows: [],
-    tier: 'enterprise'
-  }
-};
-
-function normalizeProfile(profile) {
-  const key = String(profile || DEFAULT_POLICY_PROFILE).trim().toLowerCase();
-  return POLICY_PROFILES[key] ? key : DEFAULT_POLICY_PROFILE;
-}
-
-function parseCsvList(value) {
-  if (!value) return [];
-  return String(value)
-    .split(',')
-    .map(item => item.trim())
-    .filter(Boolean);
-}
-
-function resolvePolicyProfile(options = {}) {
-  return normalizeProfile(options.policyProfile || process.env.BOOTSPRING_POLICY_PROFILE);
-}
-
-function getPolicyProfile(profile, options = {}) {
-  const key = normalizeProfile(profile);
-  const base = POLICY_PROFILES[key];
-  const blockedFromEnv = parseCsvList(options.blockedWorkflows || process.env.BOOTSPRING_POLICY_BLOCKED_WORKFLOWS);
-  return {
-    ...base,
-    blockedWorkflows: Array.from(new Set([...(base.blockedWorkflows || []), ...blockedFromEnv]))
-  };
-}
-
-function isWorkflowBlocked(workflow, profile) {
-  const workflowKey = String(workflow?.key || workflow || '').trim();
-  if (!workflowKey) return false;
-  return (profile.blockedWorkflows || []).includes(workflowKey);
-}
-
-/**
- * Check if a scope is blocked by policy
- * @param {string} scope - Scope to check (e.g., 'skills.external')
- * @param {string} tier - Current tier
- * @param {string} profile - Policy profile
- * @param {object} memberOverrides - Per-member overrides
- * @returns {object} Access result
- */
-function checkScopeAccess(scope, tier = 'free', profile = 'startup', memberOverrides = {}) {
-  const effectivePolicy = policyMatrix.buildEffectivePolicy(tier, profile, memberOverrides);
-  return policyMatrix.checkPolicyAccess(scope, effectivePolicy);
-}
-
-/**
- * Get all available policy profiles
- * @returns {object[]} List of profiles
- */
-function listPolicyProfiles() {
-  return Object.values(POLICY_PROFILES).map(p => ({
-    id: p.id,
-    name: p.name,
-    description: p.description,
-    tier: p.tier
-  }));
-}
-
-/**
- * Get policy scopes
- * @returns {object} Available scopes
- */
-function getPolicyScopes() {
-  return policyMatrix.POLICY_SCOPES;
-}
-
-module.exports = {
-  DEFAULT_POLICY_PROFILE,
-  POLICY_PROFILES,
-  resolvePolicyProfile,
-  getPolicyProfile,
-  isWorkflowBlocked,
-  checkScopeAccess,
-  listPolicyProfiles,
-  getPolicyScopes
-};

package/core/policy-matrix.js

@@ -1,303 +0,0 @@
-/**
- * Policy Matrix
- * Comprehensive policy definitions for org-level gates
- * @package bootspring
- */
-
-/**
- * Policy scopes define what can be controlled
- */
-const POLICY_SCOPES = {
-  skills: {
-    external: 'skills.external',        // Third-party/external skills
-    premium: 'skills.premium',          // Premium skill categories
-    ai: 'skills.ai',                    // AI-powered skills
-    all: 'skills.*'
-  },
-  workflows: {
-    parallel: 'workflows.parallel',     // Parallel execution
-    premium: 'workflows.premium',       // Premium workflow packs
-    custom: 'workflows.custom',         // Custom workflow definitions
-    all: 'workflows.*'
-  },
-  agents: {
-    technical: 'agents.technical',      // Technical experts
-    business: 'agents.business',        // Business/legal experts
-    enterprise: 'agents.enterprise',    // Enterprise-only agents
-    all: 'agents.*'
-  },
-  features: {
-    telemetry: 'features.telemetry',    // Usage telemetry
-    cloudSync: 'features.cloud_sync',   // Cloud synchronization
-    teamSharing: 'features.team_sharing', // Team context sharing
-    auditLogs: 'features.audit_logs',   // Audit logging
-    apiAccess: 'features.api_access',   // Direct API access
-    all: 'features.*'
-  }
-};
-
-/**
- * Default policy matrix by tier
- * Defines what's allowed/blocked per tier
- */
-const TIER_POLICY_DEFAULTS = {
-  free: {
-    allowed: [
-      'skills.external',
-      'agents.technical',
-      'features.telemetry'
-    ],
-    blocked: [
-      'skills.premium',
-      'skills.ai',
-      'workflows.premium',
-      'workflows.parallel',
-      'agents.business',
-      'agents.enterprise',
-      'features.cloud_sync',
-      'features.team_sharing',
-      'features.audit_logs'
-    ],
-    limits: {
-      skillsPerDay: 50,
-      workflowsPerDay: 10,
-      agentInvocationsPerDay: 20
-    }
-  },
-  pro: {
-    allowed: [
-      'skills.*',
-      'workflows.*',
-      'agents.technical',
-      'agents.business',
-      'features.telemetry',
-      'features.cloud_sync'
-    ],
-    blocked: [
-      'agents.enterprise',
-      'features.team_sharing',
-      'features.audit_logs'
-    ],
-    limits: {
-      skillsPerDay: 500,
-      workflowsPerDay: 100,
-      agentInvocationsPerDay: 200
-    }
-  },
-  team: {
-    allowed: [
-      'skills.*',
-      'workflows.*',
-      'agents.*',
-      'features.telemetry',
-      'features.cloud_sync',
-      'features.team_sharing',
-      'features.audit_logs'
-    ],
-    blocked: [],
-    limits: {
-      skillsPerDay: 2000,
-      workflowsPerDay: 500,
-      agentInvocationsPerDay: 1000,
-      teamMembers: 10
-    }
-  },
-  enterprise: {
-    allowed: ['*'],
-    blocked: [],
-    limits: {
-      skillsPerDay: -1,  // Unlimited
-      workflowsPerDay: -1,
-      agentInvocationsPerDay: -1,
-      teamMembers: -1
-    }
-  }
-};
-
-/**
- * Profile-specific policy overrides
- * Applied on top of tier defaults
- */
-const PROFILE_OVERRIDES = {
-  startup: {
-    // Startup profile: permissive, fast iteration
-    overrides: {},
-    additionalBlocked: []
-  },
-  regulated: {
-    // Regulated profile: compliance-focused
-    overrides: {
-      requireApproval: ['workflows.custom', 'skills.external'],
-      auditAll: true,
-      dataResidency: true
-    },
-    additionalBlocked: [
-      'skills.external',
-      'workflows.growth-pack'
-    ]
-  },
-  enterprise: {
-    // Enterprise profile: full control
-    overrides: {
-      ssoRequired: true,
-      auditAll: true,
-      approvalWorkflow: true
-    },
-    additionalBlocked: []
-  }
-};
-
-/**
- * Member role permissions
- * What each role can do within an org
- */
-const ROLE_PERMISSIONS = {
-  owner: {
-    canManageOrg: true,
-    canManageMembers: true,
-    canManagePolicies: true,
-    canManageBilling: true,
-    canUseAllFeatures: true
-  },
-  admin: {
-    canManageOrg: false,
-    canManageMembers: true,
-    canManagePolicies: true,
-    canManageBilling: false,
-    canUseAllFeatures: true
-  },
-  member: {
-    canManageOrg: false,
-    canManageMembers: false,
-    canManagePolicies: false,
-    canManageBilling: false,
-    canUseAllFeatures: true
-  },
-  viewer: {
-    canManageOrg: false,
-    canManageMembers: false,
-    canManagePolicies: false,
-    canManageBilling: false,
-    canUseAllFeatures: false
-  }
-};
-
-/**
- * Check if a scope matches a pattern
- * @param {string} scope - Specific scope (e.g., 'skills.external')
- * @param {string} pattern - Pattern to match (e.g., 'skills.*' or 'skills.external')
- * @returns {boolean}
- */
-function matchesScope(scope, pattern) {
-  if (pattern === '*') return true;
-  if (pattern === scope) return true;
-  if (pattern.endsWith('.*')) {
-    const prefix = pattern.slice(0, -2);
-    return scope.startsWith(prefix + '.');
-  }
-  return false;
-}
-
-/**
- * Check if a scope is allowed by policy
- * @param {string} scope - Scope to check
- * @param {string[]} allowed - Allowed patterns
- * @param {string[]} blocked - Blocked patterns
- * @returns {boolean}
- */
-function isScopeAllowed(scope, allowed, blocked) {
-  // Check blocked first (blocked takes precedence)
-  for (const pattern of blocked) {
-    if (matchesScope(scope, pattern)) {
-      return false;
-    }
-  }
-  // Check allowed
-  for (const pattern of allowed) {
-    if (matchesScope(scope, pattern)) {
-      return true;
-    }
-  }
-  return false;
-}
-
-/**
- * Build effective policy for an org member
- * @param {string} tier - Org tier (free/pro/team/enterprise)
- * @param {string} profile - Policy profile (startup/regulated/enterprise)
- * @param {object} memberOverrides - Per-member policy overrides
- * @returns {object} Effective policy
- */
-function buildEffectivePolicy(tier, profile, memberOverrides = {}) {
-  const tierDefaults = TIER_POLICY_DEFAULTS[tier] || TIER_POLICY_DEFAULTS.free;
-  const profileOverrides = PROFILE_OVERRIDES[profile] || PROFILE_OVERRIDES.startup;
-
-  // Merge allowed/blocked lists
-  const allowed = [...tierDefaults.allowed];
-  const blocked = [
-    ...tierDefaults.blocked,
-    ...profileOverrides.additionalBlocked
-  ];
-
-  // Apply member overrides
-  if (memberOverrides.additionalAllowed) {
-    allowed.push(...memberOverrides.additionalAllowed);
-  }
-  if (memberOverrides.additionalBlocked) {
-    blocked.push(...memberOverrides.additionalBlocked);
-  }
-
-  return {
-    tier,
-    profile,
-    allowed: [...new Set(allowed)],
-    blocked: [...new Set(blocked)],
-    limits: { ...tierDefaults.limits, ...(memberOverrides.limits || {}) },
-    overrides: { ...profileOverrides.overrides, ...(memberOverrides.overrides || {}) }
-  };
-}
-
-/**
- * Check access against effective policy
- * @param {string} scope - Scope to check
- * @param {object} policy - Effective policy
- * @returns {object} Access result
- */
-function checkPolicyAccess(scope, policy) {
-  const allowed = isScopeAllowed(scope, policy.allowed, policy.blocked);
-
-  if (!allowed) {
-    return {
-      allowed: false,
-      code: 'policy_blocked',
-      scope,
-      reason: `Scope "${scope}" is blocked by ${policy.profile} policy`
-    };
-  }
-
-  // Check if approval is required
-  if (policy.overrides.requireApproval?.some(p => matchesScope(scope, p))) {
-    return {
-      allowed: true,
-      requiresApproval: true,
-      scope,
-      reason: `Scope "${scope}" requires approval under ${policy.profile} policy`
-    };
-  }
-
-  return {
-    allowed: true,
-    scope
-  };
-}
-
-module.exports = {
-  POLICY_SCOPES,
-  TIER_POLICY_DEFAULTS,
-  PROFILE_OVERRIDES,
-  ROLE_PERMISSIONS,
-  matchesScope,
-  isScopeAllowed,
-  buildEffectivePolicy,
-  checkPolicyAccess
-};