npm - @nerviq/cli - Versions diffs - 1.8.5 → 1.8.6 - Mend

@nerviq/cli 1.8.5 → 1.8.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/bin/cli.js CHANGED Viewed

@@ -1,6 +1,6 @@
 #!/usr/bin/env node
-const { audit } = require('../src/audit');
+const { audit, detectPlatforms, getCatalog } = require('../src/public-api');
 const { setup } = require('../src/setup');
 const { analyzeProject, printAnalysis, exportMarkdown } = require('../src/analyze');
 const { buildProposalBundle, printProposalBundle, writePlanFile, applyProposalBundle, printApplyResult } = require('../src/plans');
@@ -998,7 +998,7 @@ async function main() {
       const { watch } = require('../src/watch');
       await watch(options);
     } else if (normalizedCommand === 'catalog') {
-      const { generateCatalog, generateCatalogWithVersion, writeCatalogJson } = require('../src/catalog');
+      const { generateCatalogWithVersion, writeCatalogJson } = require('../src/catalog');
       if (options.out) {
         const result = writeCatalogJson(options.out);
         if (options.json) {
@@ -1007,7 +1007,7 @@ async function main() {
           console.log(`\n  Catalog written to ${result.path} (${result.count} checks)\n`);
         }
       } else {
-        const catalog = generateCatalog();
+        const catalog = getCatalog(); // dogfood: use SDK instead of internal import
         if (options.json) {
           const envelope = generateCatalogWithVersion();
           if (options.checkVersion) envelope.requestedVersion = options.checkVersion;

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nerviq/cli",
-  "version": "1.8.5",
+  "version": "1.8.6",
   "description": "The intelligent nervous system for AI coding agents — 2,431 checks (8 platforms × ~300 governance rules), 10 languages, 62 domain packs. Audit, align, and amplify.",
   "main": "src/index.js",
   "bin": {

package/src/source-urls.js CHANGED Viewed

@@ -367,15 +367,32 @@ function hasRuntimeVerificationSignal(technique) {
   return /experiment(?:ally)? confirmed|confirmed by (?:live )?experiment|current runtime|runtime evidence|runtime-verified|validated in current runtime|observed in current runtime|measured in live experiment|reproduced in runtime|confirmed by experiment/i.test(haystack);
 }
+// Stack categories where checks are generated/adapted rather than individually verified
+const STACK_CATEGORIES = new Set([
+  'python', 'go', 'rust', 'java', 'ruby', 'dotnet', 'php', 'flutter', 'swift', 'kotlin',
+]);
 function resolveConfidence(platform, technique) {
   if (STALE_CONFIDENCE_IDS.has(technique.id)) {
     return 0.3;
   }
+  // Runtime-verified: highest confidence
   if (RUNTIME_CONFIDENCE_IDS[platform]?.has(technique.id) || hasRuntimeVerificationSignal(technique)) {
     return 0.9;
   }
+  // Has fix template: author wrote specific remediation → higher confidence
+  if (technique.template) {
+    return 0.8;
+  }
+  // Stack-specific checks: generated per-language, less individually verified
+  if (STACK_CATEGORIES.has(technique.category)) {
+    return 0.6;
+  }
+  // Default: documented but not individually experiment-verified
   return 0.7;
 }
@@ -396,7 +413,7 @@ function attachSourceUrls(platform, techniques) {
     }
     technique.sourceUrl = technique.sourceUrl || resolved;
-    technique.confidence = technique.confidence ?? resolveConfidence(platform, technique);
+    technique.confidence = resolveConfidence(platform, technique);
     technique.lastVerified = technique.lastVerified || LAST_VERIFIED[platform] || LAST_VERIFIED.default;
   }