npm - @minhpnq1807/contextos - Versions diffs - 0.1.3 → 0.1.5 - Mend

@minhpnq1807/contextos 0.1.3 → 0.1.5

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/CHANGELOG.md +10 -0
package/README.md +3 -2
package/bin/ctx.js +2 -2
package/package.json +1 -1
package/plugins/ctx/lib/analyzer.js +25 -0
package/plugins/ctx/lib/reporter.js +25 -3
package/plugins/ctx/lib/score-context.js +4 -2
package/plugins/ctx/lib/stop-hook.js +15 -2

package/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,15 @@
 # Changelog
+## 0.1.5
+- Sanitizes stale Stop reports at display time so previously recorded system-user rules no longer appear in `ctx report` or `ctx evidence` after upgrading.
+- Filters system-user rules again inside the Stop hook to protect reports created from older prompt contexts.
+## 0.1.4
+- Filters host/session user rules such as `sudo -u user`, `sudo su - user`, and "commands must run as user X" before scoring and injection.
+- Prevents system-user setup instructions from inflating `unknown` outcomes or skewing ContextOS efficiency reports.
 ## 0.1.3
 - Separates runtime prompt/report/stats files per workspace under `~/.ctx/contextos/workspaces/<workspace-id>`.

package/README.md CHANGED Viewed

@@ -53,7 +53,7 @@ With ContextOS, each prompt gets a compact block:
 ```text
 ## Critical ContextOS rules
 - Use code-review-graph before reading files.
-- All shell commands must run as minh_dev.
+- Check upload moderation flows before editing approval code.
 ## Suggested files to check
 - services/content-service/src/infrastructure/services/content-moderation.service.ts
@@ -66,6 +66,7 @@ With ContextOS, each prompt gets a compact block:
 - Registers a `ctx-mcp` MCP server that owns model loading and semantic scoring.
 - Reads the active `AGENTS.md` chain for the current workspace.
 - Scores rules by relevance to the user prompt.
+- Filters host/session setup rules such as "run commands as user X" or `sudo -u user` because they are environment instructions, not project guidance.
 - Finds likely relevant files with a hybrid retriever:
   - first, local prompt/file heuristics create seed candidates;
   - then, if `.code-review-graph/graph.db` exists, ContextOS queries `code-review-graph` semantic search and re-ranks graph-backed matches;
@@ -288,7 +289,7 @@ unknown  = the rule was relevant, but the diff does not prove either way
 For runtime-only rules, ContextOS also checks `telemetry.jsonl` for hook-visible tool names, MCP server names, and command metadata. A rule like "use code-review-graph before reading files" can be marked `followed` when telemetry contains a matching `code-review-graph` signal.
-Example `unknown`: a rule says shell commands must run as a specific OS user, but neither git diff nor hook telemetry records that user identity. ContextOS cannot prove the rule was followed from available evidence alone.
+Host/session setup rules such as "run shell commands as user X", `sudo su - user`, `sudo -i -u user`, and `sudo -u user` are filtered before scoring. They are not injected and do not count toward `unknown` outcomes because they describe the agent runtime environment rather than project behavior.
 ## Development

package/bin/ctx.js CHANGED Viewed

@@ -5,7 +5,7 @@ import { fileURLToPath } from "node:url";
 import { execFileSync } from "node:child_process";
 import { readAgentsChain } from "../plugins/ctx/lib/reader.js";
-import { parseRules, scoreRules } from "../plugins/ctx/lib/analyzer.js";
+import { filterActionableRules, parseRules, scoreRules } from "../plugins/ctx/lib/analyzer.js";
 import { scheduleContext } from "../plugins/ctx/lib/scheduler.js";
 import { formatEvidence, formatReport } from "../plugins/ctx/lib/reporter.js";
 import { installGlobalHooks } from "../plugins/ctx/lib/global-hooks.js";
@@ -222,7 +222,7 @@ async function debug(task) {
 async function warmEmbeddings(task) {
   const cwd = process.cwd();
   const merged = readAgentsChain({ cwd });
-  const rules = scoreRules(parseRules(merged.content), task, []);
+  const rules = scoreRules(filterActionableRules(parseRules(merged.content)), task, []);
   const result = await warmRuleEmbeddings({
     rules,
     task,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@minhpnq1807/contextos",
-  "version": "0.1.3",
+  "version": "0.1.5",
   "description": "Task-aware AGENTS.md context injection and compliance reporting for Codex.",
   "type": "module",
   "bin": {

package/plugins/ctx/lib/analyzer.js CHANGED Viewed

@@ -48,6 +48,20 @@ const SEMANTIC_ALIASES = {
 const MODERATION_TOKENS = new Set(["moderation", "moderate", "content-moderation", "approval", "approved", "reject", "rejected", "needs_review"]);
+const SYSTEM_USER_RULE_PATTERNS = [
+  /\ball\s+shell\s+commands?\s+must\s+run\s+as\b/i,
+  /\bcommands?\s+must\s+run\s+as\b/i,
+  /\bstrictly\s+follow\s+this\s+sequence\b/i,
+  /\bswitch\s+the\s+user\s+context\b/i,
+  /\bdo\s+not\s+prefix\b.*\bsudo\s+-u\b/i,
+  /\bsudo\s+su\s+-\s*[a-z_][a-z0-9_-]*\b/i,
+  /\bsudo\s+-i\s+-u\s+[a-z_][a-z0-9_-]*\b/i,
+  /\bsudo\s+-u\s+[a-z_][a-z0-9_-]*\b/i,
+  /\bsu\s+-\s+[a-z_][a-z0-9_-]*\b/i,
+  /[/\\]\.codex[/\\]RTK\.md\b/i,
+  /\bminh_dev\b/i
+];
 export function tokenize(value) {
   const normalized = String(value || "")
     .toLowerCase()
@@ -138,6 +152,17 @@ export function parseRules(markdown) {
   return dedupeRules(rules);
 }
+export function filterActionableRules(rules = []) {
+  return rules
+    .filter((rule) => !isSystemUserRule(rule))
+    .map((rule, index) => ({ ...rule, id: `r${index + 1}`, originalOrder: index }));
+}
+export function isSystemUserRule(rule) {
+  const content = typeof rule === "string" ? rule : rule?.content;
+  return SYSTEM_USER_RULE_PATTERNS.some((pattern) => pattern.test(String(content || "")));
+}
 function dedupeRules(rules) {
   const seen = new Set();
   return rules.filter((rule) => {

package/plugins/ctx/lib/reporter.js CHANGED Viewed

@@ -1,7 +1,10 @@
+import { isSystemUserRule } from "./analyzer.js";
 export function buildReport({ cwd, prompt, relevantFiles, scheduled, gitSnapshot, compliance, runtimeEvidence }) {
-  const followed = compliance.filter((item) => item.status === "followed");
-  const ignored = compliance.filter((item) => item.status === "ignored");
-  const unknown = compliance.filter((item) => item.status === "unknown");
+  const actionableCompliance = compliance.filter((item) => !isSystemUserRule(item.rule));
+  const followed = actionableCompliance.filter((item) => item.status === "followed");
+  const ignored = actionableCompliance.filter((item) => item.status === "ignored");
+  const unknown = actionableCompliance.filter((item) => item.status === "unknown");
   const measured = followed.length + ignored.length;
   const efficiencyScore = measured ? Math.round((followed.length / measured) * 100) : null;
@@ -24,6 +27,7 @@ export function buildReport({ cwd, prompt, relevantFiles, scheduled, gitSnapshot
 }
 export function formatReport(report) {
+  report = sanitizeReport(report);
   const lines = [];
   lines.push("ContextOS report");
   lines.push(`Efficiency: ${report.efficiencyScore == null ? "unknown" : `${report.efficiencyScore}%`}`);
@@ -55,6 +59,7 @@ export function formatReport(report) {
 }
 export function formatEvidence(report) {
+  report = sanitizeReport(report);
   const lines = [];
   lines.push("ContextOS evidence");
   lines.push(`Prompt: ${report.prompt || "(empty)"}`);
@@ -119,3 +124,20 @@ function summarizeRuntimeEvidence(runtimeEvidence = {}) {
     sources: (runtimeEvidence.sources || []).slice(0, 10)
   };
 }
+function sanitizeReport(report = {}) {
+  const followed = (report.followed || []).filter((item) => !isSystemUserRule(item.rule));
+  const ignored = (report.ignored || []).filter((item) => !isSystemUserRule(item.rule));
+  const unknown = (report.unknown || []).filter((item) => !isSystemUserRule(item.rule));
+  const measured = followed.length + ignored.length;
+  return {
+    ...report,
+    injectedRuleCount: followed.length + ignored.length + unknown.length,
+    followed,
+    ignored,
+    unknown,
+    measuredRuleCount: measured,
+    unknownRuleCount: unknown.length,
+    efficiencyScore: measured ? Math.round((followed.length / measured) * 100) : null
+  };
+}

package/plugins/ctx/lib/score-context.js CHANGED Viewed

@@ -1,7 +1,7 @@
 import path from "node:path";
 import { readAgentsChain } from "./reader.js";
-import { parseRules, scoreRules, findRelevantFiles } from "./analyzer.js";
+import { filterActionableRules, parseRules, scoreRules, findRelevantFiles } from "./analyzer.js";
 import { enhanceRuleScoresWithEmbeddings } from "./embedding-scorer.js";
 export async function scoreContext({
@@ -15,7 +15,8 @@ export async function scoreContext({
 } = {}) {
   const started = Date.now();
   const merged = readAgentsChain({ cwd });
-  const parsedRules = parseRules(merged.content);
+  const rawRules = parseRules(merged.content);
+  const parsedRules = filterActionableRules(rawRules);
   const baseScoredRules = scoreRules(parsedRules, prompt, openFiles);
   const embedding = await enhanceRuleScoresWithEmbeddings(baseScoredRules, prompt, {
     dataDir,
@@ -47,6 +48,7 @@ export async function scoreContext({
       model: embedding.model,
       cachePath: embedding.cachePath,
       rulesParsed: parsedRules.length,
+      rulesFiltered: rawRules.length - parsedRules.length,
       rulesInjected: scoredRules.filter((rule) => Number(rule.score || 0) >= 0.1).length,
       filesSuggested: suggestedFiles.length,
       sources: merged.sources.map((source) => path.relative(cwd, source))

package/plugins/ctx/lib/stop-hook.js CHANGED Viewed

@@ -4,14 +4,27 @@ import { appendJsonLine, readJsonFile, writeJsonFile } from "./fs-utils.js";
 import { readGitSnapshot, checkCompliance } from "./measure.js";
 import { buildReport, formatReport } from "./reporter.js";
 import { loadRuntimeEvidence } from "./telemetry.js";
+import { filterActionableRules } from "./analyzer.js";
 export function handleStopPayload(payload, { contextPath, reportPath, historyPath, telemetryPath } = {}) {
   const cwd = payload.cwd || payload.working_directory || process.cwd();
   const promptContext = contextPath && fs.existsSync(contextPath) ? readJsonFile(contextPath) : null;
-  const scheduledRules = [
+  const rawScheduledRules = [
     ...(promptContext?.scheduled?.highRules || []),
     ...(promptContext?.scheduled?.midRules || [])
   ];
+  const scheduledRules = filterActionableRules(rawScheduledRules);
+  const scheduled = promptContext?.scheduled
+    ? {
+      ...promptContext.scheduled,
+      highRules: filterActionableRules(promptContext.scheduled.highRules || []),
+      midRules: filterActionableRules(promptContext.scheduled.midRules || []),
+      droppedRules: [
+        ...(promptContext.scheduled.droppedRules || []),
+        ...rawScheduledRules.filter((rule) => !scheduledRules.some((item) => item.content === rule.content && item.sourcePath === rule.sourcePath))
+      ]
+    }
+    : null;
   const gitSnapshot = readGitSnapshot({ cwd });
   const runtimeEvidence = loadRuntimeEvidence({
     telemetryPath,
@@ -28,7 +41,7 @@ export function handleStopPayload(payload, { contextPath, reportPath, historyPat
     cwd,
     prompt: promptContext?.prompt || "",
     relevantFiles: promptContext?.relevantFiles || [],
-    scheduled: promptContext?.scheduled || null,
+    scheduled,
     gitSnapshot,
     compliance,
     runtimeEvidence