@nerviq/cli 1.18.0 → 1.19.0

package/src/gemini/techniques.js

@@ -14,11 +14,11 @@
 const os = require('os');
 const path = require('path');
 const { GeminiProjectContext } = require('./context');
-const { EMBEDDED_SECRET_PATTERNS, containsEmbeddedSecret } = require('../secret-patterns');
-const { attachSourceUrls } = require('../source-urls');
-const { buildSupplementalChecks } = require('../supplemental-checks');
-const { buildStackChecks } = require('../stack-checks');
-const { resolveProjectStateReadPath } = require('../state-paths');
+const { EMBEDDED_SECRET_PATTERNS, containsEmbeddedSecret } = require('../secret-patterns');
+const { attachSourceUrls } = require('../source-urls');
+const { buildSupplementalChecks } = require('../supplemental-checks');
+const { buildStackChecks } = require('../stack-checks');
+const { resolveProjectStateReadPath } = require('../state-paths');
 
 const GEMINI_SUPPLEMENTAL_SOURCE_URLS = {
   'testing-strategy': 'https://geminicli.com/docs/get-started/',
@@ -2063,23 +2063,23 @@ const GEMINI_TECHNIQUES = {
   },
 
   // CP-08: O. Repeat-Usage Hygiene (3 checks)
-  geminiSnapshotRetention: {
-    id: 'GM-O01', name: 'At least one prior audit snapshot exists',
-    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'snapshots', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return Array.isArray(e) && e.length > 0; } catch { return null; } },
+  geminiSnapshotRetention: {
+    id: 'GM-O01', name: 'At least one prior audit snapshot exists',
+    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'snapshots', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return Array.isArray(e) && e.length > 0; } catch { return null; } },
     impact: 'medium', rating: 3, category: 'repeat-usage',
     fix: 'Run `npx nerviq --platform gemini --snapshot` to save your first snapshot.',
     template: null, file: () => null, line: () => null,
   },
-  geminiFeedbackLoopHealth: {
-    id: 'GM-O02', name: 'Feedback loop functional when feedback submitted',
-    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'outcomes', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return Array.isArray(e) && e.length > 0; } catch { return null; } },
+  geminiFeedbackLoopHealth: {
+    id: 'GM-O02', name: 'Feedback loop functional when feedback submitted',
+    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'outcomes', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return Array.isArray(e) && e.length > 0; } catch { return null; } },
     impact: 'medium', rating: 3, category: 'repeat-usage',
     fix: 'Submit feedback using `npx nerviq --platform gemini feedback`.',
     template: null, file: () => null, line: () => null,
   },
-  geminiTrendDataAvailability: {
-    id: 'GM-O03', name: 'Trend data computable (2+ snapshots)',
-    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'snapshots', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return (Array.isArray(e) ? e : []).filter(x => x.snapshotKind === 'audit').length >= 2; } catch { return null; } },
+  geminiTrendDataAvailability: {
+    id: 'GM-O03', name: 'Trend data computable (2+ snapshots)',
+    check: (ctx) => { try { const fs = require('fs'); const p = resolveProjectStateReadPath(ctx.dir, 'snapshots', 'index.json'); if (!fs.existsSync(p)) return null; const e = JSON.parse(fs.readFileSync(p, 'utf8')); return (Array.isArray(e) ? e : []).filter(x => x.snapshotKind === 'audit').length >= 2; } catch { return null; } },
     impact: 'low', rating: 2, category: 'repeat-usage',
     fix: 'Run at least 2 audits with --snapshot for trend tracking.',
     template: null, file: () => null, line: () => null,

package/src/governance.js

@@ -1,7 +1,7 @@
-const { DOMAIN_PACKS } = require('./domain-packs');
-const { MCP_PACKS, mergeMcpServers, normalizeMcpPackKeys } = require('./mcp-packs');
-const { getCodexGovernanceSummary } = require('./codex/governance');
-const { formatTerminologyLines } = require('./terminology');
+const { DOMAIN_PACKS } = require('./domain-packs');
+const { MCP_PACKS, mergeMcpServers, normalizeMcpPackKeys } = require('./mcp-packs');
+const { getCodexGovernanceSummary } = require('./codex/governance');
+const { formatTerminologyLines } = require('./terminology');
 
 const PERMISSION_PROFILES = [
   {
@@ -104,19 +104,19 @@ const HOOK_REGISTRY = [
     dryRunExample: 'Edit a catalog file and verify duplicate check runs without blocking.',
     rollbackPath: 'Remove the PostToolUse hook entry from settings.',
   },
-  {
-    key: 'injection-defense',
-    file: '.claude/hooks/injection-defense.js',
-    triggerPoint: 'PostToolUse',
-    matcher: 'WebFetch|WebSearch|Read|Grep|Glob|mcp__.*',
-    purpose: 'Scans external content flows for common prompt injection patterns and logs suspicious findings.',
-    filesTouched: ['.claude/logs/prompt-injection-alerts.log'],
-    sideEffects: ['Appends an alert line when suspicious external content is detected.'],
-    risk: 'low',
-    riskLevel: 'low',
-    dryRunExample: 'Run a WebFetch or MCP-backed tool call and verify suspicious content is logged for review.',
-    rollbackPath: 'Remove the PostToolUse hook entry from settings.',
-  },
+  {
+    key: 'injection-defense',
+    file: '.claude/hooks/injection-defense.js',
+    triggerPoint: 'PostToolUse',
+    matcher: 'WebFetch|WebSearch|Read|Grep|Glob|mcp__.*',
+    purpose: 'Scans external content flows for common prompt injection patterns and logs suspicious findings.',
+    filesTouched: ['.claude/logs/prompt-injection-alerts.log'],
+    sideEffects: ['Appends an alert line when suspicious external content is detected.'],
+    risk: 'low',
+    riskLevel: 'low',
+    dryRunExample: 'Run a WebFetch or MCP-backed tool call and verify suspicious content is logged for review.',
+    rollbackPath: 'Remove the PostToolUse hook entry from settings.',
+  },
   {
     key: 'trust-drift-check',
     file: '.claude/hooks/trust-drift-check.sh',
@@ -299,24 +299,24 @@ function buildHookConfig(hookFiles, profileKey) {
     return {};
   }
 
-  // Detect hook runtime: .js files use node, .sh files use bash
-  const hookCommand = (file) => {
-    if (file.endsWith('.js')) return `node .claude/hooks/${file}`;
-    return `bash .claude/hooks/${file}`;
-  };
-  const isSecrets = (f) => f === 'protect-secrets.sh' || f === 'protect-secrets.js';
-  const isSession = (f) => f === 'session-start.sh' || f === 'session-start.js';
-  const isInjection = (f) => f === 'injection-defense.sh' || f === 'injection-defense.js';
-
-  const hookConfig = {
-    PostToolUse: [{
-      matcher: 'Write|Edit',
-      hooks: uniqueFiles
-        .filter(file => !isSecrets(file) && !isSession(file) && !isInjection(file))
-        .map(file => ({
-          type: 'command',
-          command: hookCommand(file),
-          timeout: 10,
+  // Detect hook runtime: .js files use node, .sh files use bash
+  const hookCommand = (file) => {
+    if (file.endsWith('.js')) return `node .claude/hooks/${file}`;
+    return `bash .claude/hooks/${file}`;
+  };
+  const isSecrets = (f) => f === 'protect-secrets.sh' || f === 'protect-secrets.js';
+  const isSession = (f) => f === 'session-start.sh' || f === 'session-start.js';
+  const isInjection = (f) => f === 'injection-defense.sh' || f === 'injection-defense.js';
+
+  const hookConfig = {
+    PostToolUse: [{
+      matcher: 'Write|Edit',
+      hooks: uniqueFiles
+        .filter(file => !isSecrets(file) && !isSession(file) && !isInjection(file))
+        .map(file => ({
+          type: 'command',
+          command: hookCommand(file),
+          timeout: 10,
         })),
     }],
   };
@@ -334,29 +334,29 @@ function buildHookConfig(hookFiles, profileKey) {
   }
 
   const sessionFile = uniqueFiles.find(isSession);
-  if (sessionFile) {
-    hookConfig.SessionStart = [{
-      matcher: '*',
-      hooks: [{
-        type: 'command',
+  if (sessionFile) {
+    hookConfig.SessionStart = [{
+      matcher: '*',
+      hooks: [{
+        type: 'command',
         command: hookCommand(sessionFile),
         timeout: 5,
-      }],
-    }];
-  }
-
-  const injectionFile = uniqueFiles.find(isInjection);
-  if (injectionFile) {
-    hookConfig.PostToolUse = hookConfig.PostToolUse || [];
-    hookConfig.PostToolUse.push({
-      matcher: 'WebFetch|WebSearch|Read|Grep|Glob|mcp__.*',
-      hooks: [{
-        type: 'command',
-        command: hookCommand(injectionFile),
-        timeout: 5,
-      }],
-    });
-  }
+      }],
+    }];
+  }
+
+  const injectionFile = uniqueFiles.find(isInjection);
+  if (injectionFile) {
+    hookConfig.PostToolUse = hookConfig.PostToolUse || [];
+    hookConfig.PostToolUse.push({
+      matcher: 'WebFetch|WebSearch|Read|Grep|Glob|mcp__.*',
+      hooks: [{
+        type: 'command',
+        command: hookCommand(injectionFile),
+        timeout: 5,
+      }],
+    });
+  }
 
   if ((hookConfig.PostToolUse[0].hooks || []).length === 0) {
     delete hookConfig.PostToolUse;
@@ -421,15 +421,15 @@ function printGovernanceSummary(summary, options = {}) {
   console.log('');
   console.log(`  nerviq ${summary.platformLabel.toLowerCase()} governance`);
   console.log('  ═══════════════════════════════════════');
-  console.log(`  Safe defaults, hook transparency, and pilot guidance for ${summary.platformLabel}.`);
-  console.log('');
-
-  for (const line of formatTerminologyLines(['governance', 'hooks', 'denyRules', 'mcp'])) {
-    console.log(line);
-  }
-  console.log('');
-
-  console.log('  Permission Profiles');
+  console.log(`  Safe defaults, hook transparency, and pilot guidance for ${summary.platformLabel}.`);
+  console.log('');
+
+  for (const line of formatTerminologyLines(['governance', 'hooks', 'denyRules', 'mcp'])) {
+    console.log(line);
+  }
+  console.log('');
+
+  console.log('  Permission Profiles');
   for (const profile of summary.permissionProfiles) {
     console.log(`  - ${profile.label} [${profile.risk}]`);
     console.log(`    ${profile.useWhen}`);
@@ -590,13 +590,13 @@ function renderGovernanceMarkdown(summary) {
   return lines.join('\n');
 }
 
-module.exports = {
-  PERMISSION_PROFILES,
-  HOOK_REGISTRY,
-  POLICY_PACKS,
-  getPermissionProfile,
-  isWritableProfile,
-  ensureWritableProfile,
+module.exports = {
+  PERMISSION_PROFILES,
+  HOOK_REGISTRY,
+  POLICY_PACKS,
+  getPermissionProfile,
+  isWritableProfile,
+  ensureWritableProfile,
   buildSettingsForProfile,
   getGovernanceSummary,
   printGovernanceSummary,

package/src/harmony/add.js

@@ -1,68 +1,68 @@
-/**
- * Platform Addition Wizard
- * Helps users add a new platform config to their project.
- */
-
-const fs = require('fs');
-const path = require('path');
-const { detectActivePlatforms, PLATFORM_SIGNATURES } = require('./canon');
-const { applyHarmonySync } = require('./sync');
-
-const PLATFORM_BOOTSTRAPS = {
-  claude: { files: [{ path: 'CLAUDE.md', content: '# Project Instructions\n\nAdd your Claude Code instructions here.\n' }] },
-  codex: { files: [{ path: 'AGENTS.md', content: '# Agents Instructions\n\nAdd your Codex instructions here.\n' }] },
-  gemini: { files: [{ path: 'GEMINI.md', content: '# Gemini Instructions\n\nAdd your Gemini CLI instructions here.\n' }] },
-  copilot: { files: [{ path: '.github/copilot-instructions.md', content: '# Copilot Instructions\n\nAdd your GitHub Copilot instructions here.\n' }] },
-  cursor: { files: [{ path: '.cursorrules', content: '# Cursor Rules\n\nAdd your Cursor rules here.\n' }] },
-  windsurf: { files: [{ path: '.windsurfrules', content: '# Windsurf Rules\n\nAdd your Windsurf rules here.\n' }] },
-  aider: { files: [{ path: '.aider.conf.yml', content: '# Aider Configuration\n# See: https://aider.chat/docs/config/aider_conf.html\n' }] },
-  opencode: { files: [{ path: 'opencode.json', content: '{\n  "instructions": "Add your OpenCode instructions here."\n}\n' }] },
-};
-
-function addPlatform(dir, platformKey) {
-  // Validate platform
-  if (!PLATFORM_SIGNATURES[platformKey]) {
-    return { success: false, error: `Unknown platform: ${platformKey}. Available: ${Object.keys(PLATFORM_SIGNATURES).join(', ')}` };
-  }
-
-  // Check if already active
-  const active = detectActivePlatforms(dir);
-  const alreadyActive = active.find(p => p.platform === platformKey);
-  if (alreadyActive) {
-    return { success: false, error: `${platformKey} is already active in this project.` };
-  }
-
-  const beforeCount = active.length;
-  const bootstrap = PLATFORM_BOOTSTRAPS[platformKey];
-  const created = [];
-
-  // Create bootstrap files
-  for (const file of bootstrap.files) {
-    const fullPath = path.join(dir, file.path);
-    if (fs.existsSync(fullPath)) continue;
-    const dirName = path.dirname(fullPath);
-    fs.mkdirSync(dirName, { recursive: true });
-    fs.writeFileSync(fullPath, file.content, 'utf8');
-    created.push(file.path);
-  }
-
-  // Run harmony sync to populate managed blocks
-  let syncResult = null;
-  try {
-    syncResult = applyHarmonySync(dir);
-  } catch { /* sync is optional */ }
-
-  const afterActive = detectActivePlatforms(dir);
-  const afterCount = afterActive.length;
-
-  return {
-    success: true,
-    platform: platformKey,
-    created,
-    beforeCount,
-    afterCount,
-    syncApplied: syncResult ? syncResult.applied.length : 0,
-  };
-}
-
-module.exports = { addPlatform, PLATFORM_BOOTSTRAPS };
+/**
+ * Platform Addition Wizard
+ * Helps users add a new platform config to their project.
+ */
+
+const fs = require('fs');
+const path = require('path');
+const { detectActivePlatforms, PLATFORM_SIGNATURES } = require('./canon');
+const { applyHarmonySync } = require('./sync');
+
+const PLATFORM_BOOTSTRAPS = {
+  claude: { files: [{ path: 'CLAUDE.md', content: '# Project Instructions\n\nAdd your Claude Code instructions here.\n' }] },
+  codex: { files: [{ path: 'AGENTS.md', content: '# Agents Instructions\n\nAdd your Codex instructions here.\n' }] },
+  gemini: { files: [{ path: 'GEMINI.md', content: '# Gemini Instructions\n\nAdd your Gemini CLI instructions here.\n' }] },
+  copilot: { files: [{ path: '.github/copilot-instructions.md', content: '# Copilot Instructions\n\nAdd your GitHub Copilot instructions here.\n' }] },
+  cursor: { files: [{ path: '.cursorrules', content: '# Cursor Rules\n\nAdd your Cursor rules here.\n' }] },
+  windsurf: { files: [{ path: '.windsurfrules', content: '# Windsurf Rules\n\nAdd your Windsurf rules here.\n' }] },
+  aider: { files: [{ path: '.aider.conf.yml', content: '# Aider Configuration\n# See: https://aider.chat/docs/config/aider_conf.html\n' }] },
+  opencode: { files: [{ path: 'opencode.json', content: '{\n  "instructions": "Add your OpenCode instructions here."\n}\n' }] },
+};
+
+function addPlatform(dir, platformKey) {
+  // Validate platform
+  if (!PLATFORM_SIGNATURES[platformKey]) {
+    return { success: false, error: `Unknown platform: ${platformKey}. Available: ${Object.keys(PLATFORM_SIGNATURES).join(', ')}` };
+  }
+
+  // Check if already active
+  const active = detectActivePlatforms(dir);
+  const alreadyActive = active.find(p => p.platform === platformKey);
+  if (alreadyActive) {
+    return { success: false, error: `${platformKey} is already active in this project.` };
+  }
+
+  const beforeCount = active.length;
+  const bootstrap = PLATFORM_BOOTSTRAPS[platformKey];
+  const created = [];
+
+  // Create bootstrap files
+  for (const file of bootstrap.files) {
+    const fullPath = path.join(dir, file.path);
+    if (fs.existsSync(fullPath)) continue;
+    const dirName = path.dirname(fullPath);
+    fs.mkdirSync(dirName, { recursive: true });
+    fs.writeFileSync(fullPath, file.content, 'utf8');
+    created.push(file.path);
+  }
+
+  // Run harmony sync to populate managed blocks
+  let syncResult = null;
+  try {
+    syncResult = applyHarmonySync(dir);
+  } catch { /* sync is optional */ }
+
+  const afterActive = detectActivePlatforms(dir);
+  const afterCount = afterActive.length;
+
+  return {
+    success: true,
+    platform: platformKey,
+    created,
+    beforeCount,
+    afterCount,
+    syncApplied: syncResult ? syncResult.applied.length : 0,
+  };
+}
+
+module.exports = { addPlatform, PLATFORM_BOOTSTRAPS };