npm - @nerviq/cli - Versions diffs - 1.29.0 → 1.30.0 - Mend

@nerviq/cli 1.29.0 → 1.30.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (93) hide show

package/CHANGELOG.md +1764 -1493
package/README.md +568 -538
package/SECURITY.md +78 -82
package/bin/cli.js +2838 -2558
package/docs/api-reference.md +356 -356
package/docs/audit-fix.md +109 -0
package/docs/autofix.md +3 -62
package/docs/getting-started.md +1 -1
package/docs/index.html +592 -592
package/docs/integration-contracts.md +287 -287
package/docs/maintenance.md +128 -128
package/docs/new-platform-guide.md +202 -202
package/docs/release-process.md +63 -0
package/docs/shallow-risk.md +244 -244
package/docs/why-nerviq.md +82 -82
package/package.json +75 -67
package/sdk/README.md +12 -3
package/sdk/examples/langchain-integration.md +128 -0
package/sdk/examples/self-governing-agent.js +135 -0
package/sdk/index.d.ts +115 -0
package/sdk/index.js +94 -0
package/sdk/package.json +11 -0
package/src/activity.js +13 -0
package/src/aider/activity.js +226 -226
package/src/aider/context.js +162 -162
package/src/aider/freshness.js +123 -123
package/src/aider/techniques.js +3465 -3465
package/src/audit/layers.js +180 -180
package/src/audit.js +1133 -1032
package/src/auto-suggest.js +9 -2
package/src/behavioral-drift.js +37 -2
package/src/benchmark.js +299 -299
package/src/codex/activity.js +324 -324
package/src/codex/freshness.js +149 -142
package/src/codex/techniques.js +4895 -4895
package/src/context.js +326 -326
package/src/continuous-ops.js +11 -1
package/src/convert.js +340 -340
package/src/copilot/config-parser.js +280 -280
package/src/copilot/context.js +218 -218
package/src/copilot/freshness.js +184 -177
package/src/copilot/patch.js +238 -238
package/src/copilot/techniques.js +3578 -3578
package/src/cursor/freshness.js +194 -194
package/src/cursor/patch.js +243 -243
package/src/cursor/techniques.js +3735 -3735
package/src/doctor.js +201 -201
package/src/fix-engine.js +511 -8
package/src/formatters/csv.js +86 -86
package/src/formatters/junit.js +123 -123
package/src/formatters/markdown.js +164 -164
package/src/formatters/otel.js +151 -151
package/src/freshness.js +163 -156
package/src/gemini/activity.js +402 -402
package/src/gemini/context.js +290 -290
package/src/gemini/freshness.js +188 -188
package/src/gemini/patch.js +229 -229
package/src/gemini/techniques.js +3811 -3811
package/src/governance.js +533 -533
package/src/harmony/audit.js +306 -306
package/src/i18n.js +63 -63
package/src/insights.js +119 -119
package/src/integrations.js +134 -134
package/src/locales/en.json +33 -33
package/src/locales/es.json +33 -33
package/src/migrate.js +354 -354
package/src/opencode/activity.js +286 -286
package/src/opencode/freshness.js +137 -137
package/src/opencode/techniques.js +3450 -3450
package/src/safe-glyph.js +97 -0
package/src/setup/analysis.js +12 -12
package/src/setup.js +13 -6
package/src/shallow-risk/index.js +113 -56
package/src/shallow-risk/patterns/agent-config-cross-platform-drift.js +51 -50
package/src/shallow-risk/patterns/agent-config-dangerous-autoapprove.js +47 -46
package/src/shallow-risk/patterns/agent-config-deprecated-keys.js +47 -46
package/src/shallow-risk/patterns/agent-config-framework-version-mismatch.js +138 -0
package/src/shallow-risk/patterns/agent-config-missing-file.js +318 -317
package/src/shallow-risk/patterns/agent-config-script-not-in-package-json.js +108 -0
package/src/shallow-risk/patterns/agent-config-secret-literal.js +52 -49
package/src/shallow-risk/patterns/agent-config-stack-contradiction.js +35 -34
package/src/shallow-risk/patterns/hook-script-missing.js +71 -70
package/src/shallow-risk/patterns/mcp-server-no-allowlist.js +53 -52
package/src/shallow-risk/shared.js +653 -648
package/src/source-urls.js +295 -295
package/src/state-paths.js +85 -85
package/src/supplemental-checks.js +805 -805
package/src/telemetry.js +160 -160
package/src/watch.js +46 -0
package/src/windsurf/context.js +359 -359
package/src/windsurf/freshness.js +194 -194
package/src/windsurf/patch.js +231 -231
package/src/windsurf/techniques.js +3779 -3779

package/src/codex/freshness.js CHANGED Viewed

@@ -1,24 +1,24 @@
-/**
- * Codex Freshness Operationalization — CP-12
- *
- * Release gates, recurring probes, propagation checklists,
- * and staleness blocking for Codex surfaces.
- */
-const { version } = require('../../package.json');
-/**
+/**
+ * Codex Freshness Operationalization — CP-12
+ *
+ * Release gates, recurring probes, propagation checklists,
+ * and staleness blocking for Codex surfaces.
+ */
+const { version } = require('../../package.json');
+/**
  * P0 sources that must be fresh before any Codex release claim.
  * Each source has a staleness threshold in days.
  */
 const P0_SOURCES = [
-  {
-    key: 'codex-cli-docs',
-    label: 'Codex CLI Official Docs',
-    url: 'https://developers.openai.com/codex/cli',
-    stalenessThresholdDays: 30,
-    verifiedAt: '2026-04-07',
-  },
+  {
+    key: 'codex-cli-docs',
+    label: 'Codex CLI Official Docs',
+    url: 'https://developers.openai.com/codex/cli',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
   {
     key: 'codex-config-reference',
     label: 'Codex Config Reference',
@@ -66,52 +66,59 @@ const P0_SOURCES = [
     label: 'Codex GitHub Action',
     url: 'https://github.com/openai/codex-action',
     stalenessThresholdDays: 30,
-    verifiedAt: '2026-04-07',
-  },
-  {
-    key: 'codex-changelog',
-    label: 'Codex CLI Changelog',
-    url: 'https://github.com/openai/codex/releases',
-    stalenessThresholdDays: 14,
-    verifiedAt: '2026-04-07',
-  },
-];
-/**
- * Propagation checklist: when a Codex source changes, these must update.
- */
-const PROPAGATION_CHECKLIST = [
-  {
-    trigger: 'Codex CLI release with config changes',
-    targets: [
-      'src/codex/techniques.js — update LEGACY_CONFIG_PATTERNS if keys renamed/removed',
-      'src/codex/config-parser.js — update validation rules',
-      'src/codex/governance.js — update caveats if behavior changes',
-      'test/codex-check-matrix.js — update check expectations',
-    ],
-  },
-  {
-    trigger: 'New Codex hook event type added',
-    targets: [
-      'src/codex/techniques.js — add to SUPPORTED_HOOK_EVENTS',
-      'src/codex/governance.js — add to CODEX_HOOK_REGISTRY',
-      'src/codex/setup.js — update hooks starter template',
-    ],
-  },
-  {
-    trigger: 'New Codex MCP transport or field',
-    targets: [
-      'src/codex/mcp-packs.js — update pack TOML projections',
-      'src/codex/techniques.js — update MCP checks',
-    ],
-  },
-  {
-    trigger: 'Codex domain pack definitions change',
-    targets: [
-      'src/codex/domain-packs.js — update pack registry',
-      'src/codex/governance.js — governance export picks up changes',
-    ],
-  },
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'codex-changelog',
+    label: 'Codex CLI Changelog',
+    url: 'https://github.com/openai/codex/releases',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'codex-models-docs',
+    label: 'Codex Supported Models',
+    url: 'https://developers.openai.com/codex/models',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-16',
+  },
+];
+/**
+ * Propagation checklist: when a Codex source changes, these must update.
+ */
+const PROPAGATION_CHECKLIST = [
+  {
+    trigger: 'Codex CLI release with config changes',
+    targets: [
+      'src/codex/techniques.js — update LEGACY_CONFIG_PATTERNS if keys renamed/removed',
+      'src/codex/config-parser.js — update validation rules',
+      'src/codex/governance.js — update caveats if behavior changes',
+      'test/codex-check-matrix.js — update check expectations',
+    ],
+  },
+  {
+    trigger: 'New Codex hook event type added',
+    targets: [
+      'src/codex/techniques.js — add to SUPPORTED_HOOK_EVENTS',
+      'src/codex/governance.js — add to CODEX_HOOK_REGISTRY',
+      'src/codex/setup.js — update hooks starter template',
+    ],
+  },
+  {
+    trigger: 'New Codex MCP transport or field',
+    targets: [
+      'src/codex/mcp-packs.js — update pack TOML projections',
+      'src/codex/techniques.js — update MCP checks',
+    ],
+  },
+  {
+    trigger: 'Codex domain pack definitions change',
+    targets: [
+      'src/codex/domain-packs.js — update pack registry',
+      'src/codex/governance.js — governance export picks up changes',
+    ],
+  },
   {
     trigger: 'New check category added',
     targets: [
@@ -145,82 +152,82 @@ const PROPAGATION_CHECKLIST = [
     ],
   },
 ];
-/**
- * Release gate: check if all P0 sources are within staleness threshold.
- * Returns { ready, stale, fresh } arrays.
- */
-function checkReleaseGate(sourceVerifications = {}) {
-  const now = new Date();
-  const results = P0_SOURCES.map(source => {
-    const verifiedAt = sourceVerifications[source.key]
-      ? new Date(sourceVerifications[source.key])
-      : source.verifiedAt ? new Date(source.verifiedAt) : null;
-    if (!verifiedAt) {
-      return { ...source, status: 'unverified', daysStale: null };
-    }
-    const daysSince = Math.floor((now - verifiedAt) / (1000 * 60 * 60 * 24));
-    const isStale = daysSince > source.stalenessThresholdDays;
-    return {
-      ...source,
-      verifiedAt: verifiedAt.toISOString(),
-      daysStale: daysSince,
-      status: isStale ? 'stale' : 'fresh',
-    };
-  });
-  return {
-    ready: results.every(r => r.status === 'fresh'),
-    stale: results.filter(r => r.status === 'stale' || r.status === 'unverified'),
-    fresh: results.filter(r => r.status === 'fresh'),
-    results,
-  };
-}
-/**
- * Format the release gate results for display.
- */
-function formatReleaseGate(gateResult) {
-  const lines = [
-    `Codex Freshness Gate (nerviq v${version})`,
-    '═══════════════════════════════════════',
-    '',
-    `Status: ${gateResult.ready ? 'READY' : 'BLOCKED'}`,
-    `Fresh: ${gateResult.fresh.length}/${gateResult.results.length}`,
-    '',
-  ];
-  for (const result of gateResult.results) {
-    const icon = result.status === 'fresh' ? '✓' : result.status === 'stale' ? '✗' : '?';
-    const age = result.daysStale !== null ? ` (${result.daysStale}d ago)` : ' (unverified)';
-    lines.push(`  ${icon} ${result.label}${age} — threshold: ${result.stalenessThresholdDays}d`);
-  }
-  if (!gateResult.ready) {
-    lines.push('');
-    lines.push('Action required: verify stale/unverified sources before claiming release freshness.');
-  }
-  return lines.join('\n');
-}
-/**
- * Get the propagation checklist for a given trigger.
- */
-function getPropagationTargets(triggerKeyword) {
-  const keyword = triggerKeyword.toLowerCase();
-  return PROPAGATION_CHECKLIST.filter(item =>
-    item.trigger.toLowerCase().includes(keyword)
-  );
-}
-module.exports = {
-  P0_SOURCES,
-  PROPAGATION_CHECKLIST,
-  checkReleaseGate,
-  formatReleaseGate,
-  getPropagationTargets,
-};
+/**
+ * Release gate: check if all P0 sources are within staleness threshold.
+ * Returns { ready, stale, fresh } arrays.
+ */
+function checkReleaseGate(sourceVerifications = {}) {
+  const now = new Date();
+  const results = P0_SOURCES.map(source => {
+    const verifiedAt = sourceVerifications[source.key]
+      ? new Date(sourceVerifications[source.key])
+      : source.verifiedAt ? new Date(source.verifiedAt) : null;
+    if (!verifiedAt) {
+      return { ...source, status: 'unverified', daysStale: null };
+    }
+    const daysSince = Math.floor((now - verifiedAt) / (1000 * 60 * 60 * 24));
+    const isStale = daysSince > source.stalenessThresholdDays;
+    return {
+      ...source,
+      verifiedAt: verifiedAt.toISOString(),
+      daysStale: daysSince,
+      status: isStale ? 'stale' : 'fresh',
+    };
+  });
+  return {
+    ready: results.every(r => r.status === 'fresh'),
+    stale: results.filter(r => r.status === 'stale' || r.status === 'unverified'),
+    fresh: results.filter(r => r.status === 'fresh'),
+    results,
+  };
+}
+/**
+ * Format the release gate results for display.
+ */
+function formatReleaseGate(gateResult) {
+  const lines = [
+    `Codex Freshness Gate (nerviq v${version})`,
+    '═══════════════════════════════════════',
+    '',
+    `Status: ${gateResult.ready ? 'READY' : 'BLOCKED'}`,
+    `Fresh: ${gateResult.fresh.length}/${gateResult.results.length}`,
+    '',
+  ];
+  for (const result of gateResult.results) {
+    const icon = result.status === 'fresh' ? '✓' : result.status === 'stale' ? '✗' : '?';
+    const age = result.daysStale !== null ? ` (${result.daysStale}d ago)` : ' (unverified)';
+    lines.push(`  ${icon} ${result.label}${age} — threshold: ${result.stalenessThresholdDays}d`);
+  }
+  if (!gateResult.ready) {
+    lines.push('');
+    lines.push('Action required: verify stale/unverified sources before claiming release freshness.');
+  }
+  return lines.join('\n');
+}
+/**
+ * Get the propagation checklist for a given trigger.
+ */
+function getPropagationTargets(triggerKeyword) {
+  const keyword = triggerKeyword.toLowerCase();
+  return PROPAGATION_CHECKLIST.filter(item =>
+    item.trigger.toLowerCase().includes(keyword)
+  );
+}
+module.exports = {
+  P0_SOURCES,
+  PROPAGATION_CHECKLIST,
+  checkReleaseGate,
+  formatReleaseGate,
+  getPropagationTargets,
+};