@lnilluv/pi-ralph-loop 0.1.3 → 0.1.4-dev.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.github/workflows/ci.yml +5 -2
- package/.github/workflows/release.yml +7 -4
- package/README.md +151 -15
- package/package.json +13 -4
- package/src/index.ts +1419 -176
- package/src/ralph-draft-context.ts +618 -0
- package/src/ralph-draft-llm.ts +297 -0
- package/src/ralph-draft.ts +33 -0
- package/src/ralph.ts +1457 -0
- package/src/runner-rpc.ts +434 -0
- package/src/runner-state.ts +822 -0
- package/src/runner.ts +957 -0
- package/src/secret-paths.ts +66 -0
- package/src/shims.d.ts +23 -0
- package/tests/fixtures/parity/migrate/OPEN_QUESTIONS.md +3 -0
- package/tests/fixtures/parity/migrate/RALPH.md +27 -0
- package/tests/fixtures/parity/migrate/golden/MIGRATED.md +15 -0
- package/tests/fixtures/parity/migrate/legacy/source.md +6 -0
- package/tests/fixtures/parity/migrate/legacy/source.yaml +3 -0
- package/tests/fixtures/parity/migrate/scripts/show-legacy.sh +10 -0
- package/tests/fixtures/parity/migrate/scripts/verify.sh +15 -0
- package/tests/fixtures/parity/research/OPEN_QUESTIONS.md +3 -0
- package/tests/fixtures/parity/research/RALPH.md +45 -0
- package/tests/fixtures/parity/research/claim-evidence-checklist.md +15 -0
- package/tests/fixtures/parity/research/expected-outputs.md +22 -0
- package/tests/fixtures/parity/research/scripts/show-snapshots.sh +13 -0
- package/tests/fixtures/parity/research/scripts/verify.sh +55 -0
- package/tests/fixtures/parity/research/snapshots/app-factory-ai-cli.md +11 -0
- package/tests/fixtures/parity/research/snapshots/docs-factory-ai-cli-features-missions.md +11 -0
- package/tests/fixtures/parity/research/snapshots/factory-ai-news-missions.md +11 -0
- package/tests/fixtures/parity/research/source-manifest.md +20 -0
- package/tests/index.test.ts +3529 -0
- package/tests/parity/README.md +9 -0
- package/tests/parity/harness.py +526 -0
- package/tests/parity-harness.test.ts +42 -0
- package/tests/parity-research-fixture.test.ts +34 -0
- package/tests/ralph-draft-context.test.ts +672 -0
- package/tests/ralph-draft-llm.test.ts +434 -0
- package/tests/ralph-draft.test.ts +168 -0
- package/tests/ralph.test.ts +1840 -0
- package/tests/runner-event-contract.test.ts +235 -0
- package/tests/runner-rpc.test.ts +358 -0
- package/tests/runner-state.test.ts +553 -0
- package/tests/runner.test.ts +1347 -0
- package/tests/secret-paths.test.ts +55 -0
- package/tsconfig.json +3 -2
|
@@ -0,0 +1,55 @@
|
|
|
1
|
+
import assert from "node:assert/strict";
|
|
2
|
+
import test from "node:test";
|
|
3
|
+
import { SECRET_PATH_POLICY_TOKEN, isSecretBearingPath, matchesProtectedPath } from "../src/secret-paths.ts";
|
|
4
|
+
|
|
5
|
+
test("secret-bearing path detection uses exact rules and ignores similarly named public files", () => {
|
|
6
|
+
for (const path of [
|
|
7
|
+
".env",
|
|
8
|
+
".env.local",
|
|
9
|
+
".npmrc",
|
|
10
|
+
".pypirc",
|
|
11
|
+
".netrc",
|
|
12
|
+
".aws/config",
|
|
13
|
+
".ssh/id_rsa",
|
|
14
|
+
"config/secrets/prod.json",
|
|
15
|
+
"config/credentials/service.json",
|
|
16
|
+
"ops-secrets/config.json",
|
|
17
|
+
"credentials-prod/token.txt",
|
|
18
|
+
"keys/server.pem",
|
|
19
|
+
"keys/private.key",
|
|
20
|
+
"keys/release.asc",
|
|
21
|
+
]) {
|
|
22
|
+
assert.equal(isSecretBearingPath(path), true, path);
|
|
23
|
+
}
|
|
24
|
+
|
|
25
|
+
for (const path of ["src/secretary.ts", "src/credential-form.tsx"]) {
|
|
26
|
+
assert.equal(isSecretBearingPath(path), false, path);
|
|
27
|
+
}
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
test("policy token protects secret-bearing paths and ignores a non-secret control", () => {
|
|
31
|
+
const protectedFiles = [SECRET_PATH_POLICY_TOKEN];
|
|
32
|
+
|
|
33
|
+
for (const filePath of [
|
|
34
|
+
"credentials/api.json",
|
|
35
|
+
"credentials/payments/service-account.json",
|
|
36
|
+
".ssh/config",
|
|
37
|
+
".npmrc",
|
|
38
|
+
"releases/signing-key.asc",
|
|
39
|
+
".env",
|
|
40
|
+
".env.local",
|
|
41
|
+
]) {
|
|
42
|
+
assert.equal(matchesProtectedPath(filePath, protectedFiles), true, filePath);
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
assert.equal(matchesProtectedPath("src/app.ts", protectedFiles), false);
|
|
46
|
+
});
|
|
47
|
+
|
|
48
|
+
test("matchesProtectedPath checks repo-relative globs against absolute and relative inputs when cwd is known", () => {
|
|
49
|
+
const cwd = "/repo/project";
|
|
50
|
+
const protectedFiles = ["src/generated/**"];
|
|
51
|
+
|
|
52
|
+
assert.equal(matchesProtectedPath("src/generated/output.ts", protectedFiles, cwd), true);
|
|
53
|
+
assert.equal(matchesProtectedPath("/repo/project/src/generated/output.ts", protectedFiles, cwd), true);
|
|
54
|
+
assert.equal(matchesProtectedPath("/repo/project/src/app.ts", protectedFiles, cwd), false);
|
|
55
|
+
});
|