@nerviq/cli 1.8.8 → 1.9.0

package/src/gemini/freshness.js

@@ -1,204 +1,204 @@
-/**
- * Gemini Freshness Operationalization
- *
- * Release gates, recurring probes, propagation checklists,
- * and staleness blocking for Gemini CLI surfaces.
- */
-
-const { version } = require('../../package.json');
-
-/**
- * P0 sources that must be fresh before any Gemini release claim.
- * Each source has a staleness threshold in days.
- * From the watchlist: 62 sources, 18 P0 — main ones listed here.
- */
-const P0_SOURCES = [
-  {
-    key: 'gemini-cli-docs',
-    label: 'Gemini CLI Official Docs',
-    url: 'https://ai.google.dev/gemini-api/docs/cli',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-config-reference',
-    label: 'Gemini Config Reference',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/config',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-md-guide',
-    label: 'GEMINI.md Guide',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/gemini-md',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-hooks-docs',
-    label: 'Gemini Hooks Documentation',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/hooks',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-sandbox-docs',
-    label: 'Gemini Sandbox Documentation',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/sandbox',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-policy-engine-docs',
-    label: 'Gemini Policy Engine Documentation',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/policy',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-mcp-docs',
-    label: 'Gemini MCP Documentation',
-    url: 'https://ai.google.dev/gemini-api/docs/cli/mcp',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-changelog',
-    label: 'Gemini CLI Changelog',
-    url: 'https://github.com/google/gemini-cli/releases',
-    stalenessThresholdDays: 14,
-    verifiedAt: null,
-  },
-  {
-    key: 'gemini-github-action-docs',
-    label: 'Gemini GitHub Action Docs',
-    url: 'https://github.com/google/gemini-action',
-    stalenessThresholdDays: 30,
-    verifiedAt: null,
-  },
-];
-
-/**
- * Propagation checklist: when a Gemini source changes, these must update.
- */
-const PROPAGATION_CHECKLIST = [
-  {
-    trigger: 'Gemini CLI release with config or sandbox changes',
-    targets: [
-      'src/gemini/techniques.js — update LEGACY patterns, sandbox options, policy syntax',
-      'src/gemini/config-parser.js — update validation rules',
-      'src/gemini/domain-packs.js — update pack projections if schema changed',
-      'test/gemini-check-matrix.js — update check expectations',
-    ],
-  },
-  {
-    trigger: 'New Gemini hook event type added',
-    targets: [
-      'src/gemini/techniques.js — add to SUPPORTED_HOOK_EVENTS',
-      'src/gemini/governance.js — add to GEMINI_HOOK_REGISTRY',
-      'src/gemini/setup.js — update hooks starter template',
-    ],
-  },
-  {
-    trigger: 'New Gemini MCP transport or field',
-    targets: [
-      'src/gemini/mcp-packs.js — update pack JSON projections',
-      'src/gemini/techniques.js — update MCP checks',
-    ],
-  },
-  {
-    trigger: 'New sandbox option or isolation mode added',
-    targets: [
-      'src/gemini/techniques.js — update sandbox checks',
-      'src/gemini/governance.js — update governance profiles with new sandbox options',
-      'src/gemini/setup.js — update sandbox starter template',
-    ],
-  },
-  {
-    trigger: 'Policy engine syntax or rule format change',
-    targets: [
-      'src/gemini/techniques.js — update policy validation checks',
-      'src/gemini/governance.js — update policy templates and caveats',
-      'src/gemini/config-parser.js — update policy parsing rules',
-    ],
-  },
-];
-
-/**
- * Release gate: check if all P0 sources are within staleness threshold.
- * Returns { ready, stale, fresh } arrays.
- */
-function checkReleaseGate(sourceVerifications = {}) {
-  const now = new Date();
-  const results = P0_SOURCES.map(source => {
-    const verifiedAt = sourceVerifications[source.key]
-      ? new Date(sourceVerifications[source.key])
-      : source.verifiedAt ? new Date(source.verifiedAt) : null;
-
-    if (!verifiedAt) {
-      return { ...source, status: 'unverified', daysStale: null };
-    }
-
-    const daysSince = Math.floor((now - verifiedAt) / (1000 * 60 * 60 * 24));
-    const isStale = daysSince > source.stalenessThresholdDays;
-
-    return {
-      ...source,
-      verifiedAt: verifiedAt.toISOString(),
-      daysStale: daysSince,
-      status: isStale ? 'stale' : 'fresh',
-    };
-  });
-
-  return {
-    ready: results.every(r => r.status === 'fresh'),
-    stale: results.filter(r => r.status === 'stale' || r.status === 'unverified'),
-    fresh: results.filter(r => r.status === 'fresh'),
-    results,
-  };
-}
-
-/**
- * Format the release gate results for display.
- */
-function formatReleaseGate(gateResult) {
-  const lines = [
-    `Gemini Freshness Gate (nerviq v${version})`,
-    '═══════════════════════════════════════',
-    '',
-    `Status: ${gateResult.ready ? 'READY' : 'BLOCKED'}`,
-    `Fresh: ${gateResult.fresh.length}/${gateResult.results.length}`,
-    '',
-  ];
-
-  for (const result of gateResult.results) {
-    const icon = result.status === 'fresh' ? '✓' : result.status === 'stale' ? '✗' : '?';
-    const age = result.daysStale !== null ? ` (${result.daysStale}d ago)` : ' (unverified)';
-    lines.push(`  ${icon} ${result.label}${age} — threshold: ${result.stalenessThresholdDays}d`);
-  }
-
-  if (!gateResult.ready) {
-    lines.push('');
-    lines.push('Action required: verify stale/unverified sources before claiming release freshness.');
-  }
-
-  return lines.join('\n');
-}
-
-/**
- * Get the propagation checklist for a given trigger.
- */
-function getPropagationTargets(triggerKeyword) {
-  const keyword = triggerKeyword.toLowerCase();
-  return PROPAGATION_CHECKLIST.filter(item =>
-    item.trigger.toLowerCase().includes(keyword)
-  );
-}
-
-module.exports = {
-  P0_SOURCES,
-  PROPAGATION_CHECKLIST,
-  checkReleaseGate,
-  formatReleaseGate,
-  getPropagationTargets,
-};
+/**
+ * Gemini Freshness Operationalization
+ *
+ * Release gates, recurring probes, propagation checklists,
+ * and staleness blocking for Gemini CLI surfaces.
+ */
+
+const { version } = require('../../package.json');
+
+/**
+ * P0 sources that must be fresh before any Gemini release claim.
+ * Each source has a staleness threshold in days.
+ * From the watchlist: 62 sources, 18 P0 — main ones listed here.
+ */
+const P0_SOURCES = [
+  {
+    key: 'gemini-cli-docs',
+    label: 'Gemini CLI Official Docs',
+    url: 'https://google-gemini.github.io/gemini-cli/',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-config-reference',
+    label: 'Gemini Config Reference',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/get-started/configuration.html',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-md-guide',
+    label: 'GEMINI.md Guide',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/cli/gemini-md.html',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-hooks-docs',
+    label: 'Gemini Hooks Documentation',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/hooks/',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-sandbox-docs',
+    label: 'Gemini Sandbox Documentation',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/cli/sandbox.html',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-policy-engine-docs',
+    label: 'Gemini Enterprise / Policy Guide',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/cli/enterprise.html',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-mcp-docs',
+    label: 'Gemini MCP Documentation',
+    url: 'https://google-gemini.github.io/gemini-cli/docs/tools/mcp-server.html',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-changelog',
+    label: 'Gemini CLI Changelog',
+    url: 'https://github.com/google-gemini/gemini-cli/releases',
+    stalenessThresholdDays: 14,
+    verifiedAt: '2026-04-07',
+  },
+  {
+    key: 'gemini-github-action-docs',
+    label: 'Gemini GitHub Action',
+    url: 'https://github.com/google-github-actions/run-gemini-cli',
+    stalenessThresholdDays: 30,
+    verifiedAt: '2026-04-07',
+  },
+];
+
+/**
+ * Propagation checklist: when a Gemini source changes, these must update.
+ */
+const PROPAGATION_CHECKLIST = [
+  {
+    trigger: 'Gemini CLI release with config or sandbox changes',
+    targets: [
+      'src/gemini/techniques.js — update LEGACY patterns, sandbox options, policy syntax',
+      'src/gemini/config-parser.js — update validation rules',
+      'src/gemini/domain-packs.js — update pack projections if schema changed',
+      'test/gemini-check-matrix.js — update check expectations',
+    ],
+  },
+  {
+    trigger: 'New Gemini hook event type added',
+    targets: [
+      'src/gemini/techniques.js — add to SUPPORTED_HOOK_EVENTS',
+      'src/gemini/governance.js — add to GEMINI_HOOK_REGISTRY',
+      'src/gemini/setup.js — update hooks starter template',
+    ],
+  },
+  {
+    trigger: 'New Gemini MCP transport or field',
+    targets: [
+      'src/gemini/mcp-packs.js — update pack JSON projections',
+      'src/gemini/techniques.js — update MCP checks',
+    ],
+  },
+  {
+    trigger: 'New sandbox option or isolation mode added',
+    targets: [
+      'src/gemini/techniques.js — update sandbox checks',
+      'src/gemini/governance.js — update governance profiles with new sandbox options',
+      'src/gemini/setup.js — update sandbox starter template',
+    ],
+  },
+  {
+    trigger: 'Policy engine syntax or rule format change',
+    targets: [
+      'src/gemini/techniques.js — update policy validation checks',
+      'src/gemini/governance.js — update policy templates and caveats',
+      'src/gemini/config-parser.js — update policy parsing rules',
+    ],
+  },
+];
+
+/**
+ * Release gate: check if all P0 sources are within staleness threshold.
+ * Returns { ready, stale, fresh } arrays.
+ */
+function checkReleaseGate(sourceVerifications = {}) {
+  const now = new Date();
+  const results = P0_SOURCES.map(source => {
+    const verifiedAt = sourceVerifications[source.key]
+      ? new Date(sourceVerifications[source.key])
+      : source.verifiedAt ? new Date(source.verifiedAt) : null;
+
+    if (!verifiedAt) {
+      return { ...source, status: 'unverified', daysStale: null };
+    }
+
+    const daysSince = Math.floor((now - verifiedAt) / (1000 * 60 * 60 * 24));
+    const isStale = daysSince > source.stalenessThresholdDays;
+
+    return {
+      ...source,
+      verifiedAt: verifiedAt.toISOString(),
+      daysStale: daysSince,
+      status: isStale ? 'stale' : 'fresh',
+    };
+  });
+
+  return {
+    ready: results.every(r => r.status === 'fresh'),
+    stale: results.filter(r => r.status === 'stale' || r.status === 'unverified'),
+    fresh: results.filter(r => r.status === 'fresh'),
+    results,
+  };
+}
+
+/**
+ * Format the release gate results for display.
+ */
+function formatReleaseGate(gateResult) {
+  const lines = [
+    `Gemini Freshness Gate (nerviq v${version})`,
+    '═══════════════════════════════════════',
+    '',
+    `Status: ${gateResult.ready ? 'READY' : 'BLOCKED'}`,
+    `Fresh: ${gateResult.fresh.length}/${gateResult.results.length}`,
+    '',
+  ];
+
+  for (const result of gateResult.results) {
+    const icon = result.status === 'fresh' ? '✓' : result.status === 'stale' ? '✗' : '?';
+    const age = result.daysStale !== null ? ` (${result.daysStale}d ago)` : ' (unverified)';
+    lines.push(`  ${icon} ${result.label}${age} — threshold: ${result.stalenessThresholdDays}d`);
+  }
+
+  if (!gateResult.ready) {
+    lines.push('');
+    lines.push('Action required: verify stale/unverified sources before claiming release freshness.');
+  }
+
+  return lines.join('\n');
+}
+
+/**
+ * Get the propagation checklist for a given trigger.
+ */
+function getPropagationTargets(triggerKeyword) {
+  const keyword = triggerKeyword.toLowerCase();
+  return PROPAGATION_CHECKLIST.filter(item =>
+    item.trigger.toLowerCase().includes(keyword)
+  );
+}
+
+module.exports = {
+  P0_SOURCES,
+  PROPAGATION_CHECKLIST,
+  checkReleaseGate,
+  formatReleaseGate,
+  getPropagationTargets,
+};

package/src/governance.js

@@ -55,7 +55,7 @@ const HOOK_REGISTRY = [
     key: 'protect-secrets',
     file: '.claude/hooks/protect-secrets.sh',
     triggerPoint: 'PreToolUse',
-    matcher: 'Read|Write|Edit',
+    matcher: 'Read|Write|Edit|Bash',
     purpose: 'Blocks direct access to secret or credential files before a tool runs.',
     filesTouched: [],
     sideEffects: ['Stops the action and returns a block decision when a secret path is targeted.'],
@@ -322,7 +322,7 @@ function buildHookConfig(hookFiles, profileKey) {
   const secretsFile = uniqueFiles.find(isSecrets);
   if (secretsFile) {
     hookConfig.PreToolUse = [{
-      matcher: 'Read|Write|Edit',
+      matcher: 'Read|Write|Edit|Bash',
       hooks: [{
         type: 'command',
         command: hookCommand(secretsFile),

package/src/i18n.js

@@ -0,0 +1,63 @@
+/**
+ * Minimal i18n module for nerviq CLI.
+ *
+ * Supports locale files in src/locales/<lang>.json.
+ * Falls back to English for missing keys.
+ */
+
+const path = require('path');
+const fs = require('fs');
+
+const SUPPORTED_LOCALES = ['en', 'es'];
+const DEFAULT_LOCALE = 'en';
+
+let currentLocale = DEFAULT_LOCALE;
+let messages = {};
+let fallbackMessages = {};
+
+function loadLocale(locale) {
+  const file = path.join(__dirname, 'locales', `${locale}.json`);
+  try {
+    return JSON.parse(fs.readFileSync(file, 'utf8'));
+  } catch {
+    return {};
+  }
+}
+
+/**
+ * Initialize i18n with a locale string (e.g. 'en', 'es').
+ * Call this once at CLI startup.
+ */
+function init(locale) {
+  const lang = (locale || process.env.NERVIQ_LANG || DEFAULT_LOCALE).toLowerCase().slice(0, 2);
+  currentLocale = SUPPORTED_LOCALES.includes(lang) ? lang : DEFAULT_LOCALE;
+  fallbackMessages = loadLocale(DEFAULT_LOCALE);
+  messages = currentLocale === DEFAULT_LOCALE ? fallbackMessages : loadLocale(currentLocale);
+}
+
+/**
+ * Translate a key with optional interpolation.
+ *
+ * Usage:
+ *   t('audit.score', { score: 85, passed: 20, total: 25 })
+ *   // => "Score: 85/100  (20/25 checks passing)"
+ */
+function t(key, params = {}) {
+  let msg = messages[key] || fallbackMessages[key] || key;
+  for (const [k, v] of Object.entries(params)) {
+    msg = msg.replace(new RegExp(`\\{${k}\\}`, 'g'), String(v));
+  }
+  return msg;
+}
+
+/**
+ * Get current locale.
+ */
+function getLocale() {
+  return currentLocale;
+}
+
+// Auto-init with default on first require
+init();
+
+module.exports = { init, t, getLocale, SUPPORTED_LOCALES };

package/src/locales/en.json

@@ -0,0 +1,34 @@
+{
+  "audit.title": "nerviq audit",
+  "audit.quickScan": "nerviq quick scan",
+  "audit.codexTitle": "nerviq codex audit",
+  "audit.codexQuickScan": "nerviq codex quick scan",
+  "audit.scanning": "Scanning: {dir}",
+  "audit.platform": "Platform: {platform} ({version})",
+  "audit.domainPacks": "Domain packs: {packs}",
+  "audit.scope": "Scope: {message}",
+  "audit.score": "Score: {score}/100  ({passed}/{total} checks passing)",
+  "audit.found": "Found: {files}",
+  "audit.excellent": "Excellent setup — production-ready governance",
+  "audit.strong": "Strong setup — {count} critical items to address",
+  "audit.good": "Good foundation — {count} items need attention",
+  "audit.basic": "Basic setup — significant gaps in {category}",
+  "audit.early": "Early stage — run `nerviq setup` to bootstrap your config",
+  "audit.solid": "Your {platform} setup looks solid.",
+  "audit.next": "Next: {command}",
+  "audit.quickWins": "Quick wins:",
+  "audit.topActions": "Top actions:",
+  "audit.platformCaveats": "Platform caveats:",
+  "audit.largeFile": "Large file: {file} ({size}KB)",
+  "audit.categoryScores": "Category scores:",
+  "audit.passed": "Passed",
+  "audit.failed": "Failed",
+  "audit.skipped": "Skipped",
+  "audit.details": "Details:",
+  "cli.help.description": "The intelligent governance layer for AI coding agents",
+  "cli.help.usage": "Usage: nerviq <command> [options]",
+  "cli.help.commands": "Commands:",
+  "cli.help.options": "Options:",
+  "cli.error.unknownCommand": "Unknown command: {command}",
+  "cli.error.requiresValue": "{flag} requires a value"
+}

package/src/locales/es.json

@@ -0,0 +1,34 @@
+{
+  "audit.title": "nerviq auditoría",
+  "audit.quickScan": "nerviq escaneo rápido",
+  "audit.codexTitle": "nerviq codex auditoría",
+  "audit.codexQuickScan": "nerviq codex escaneo rápido",
+  "audit.scanning": "Escaneando: {dir}",
+  "audit.platform": "Plataforma: {platform} ({version})",
+  "audit.domainPacks": "Paquetes de dominio: {packs}",
+  "audit.scope": "Alcance: {message}",
+  "audit.score": "Puntuación: {score}/100  ({passed}/{total} verificaciones aprobadas)",
+  "audit.found": "Encontrado: {files}",
+  "audit.excellent": "Configuración excelente — gobernanza lista para producción",
+  "audit.strong": "Configuración sólida — {count} elementos críticos por resolver",
+  "audit.good": "Buena base — {count} elementos necesitan atención",
+  "audit.basic": "Configuración básica — brechas significativas en {category}",
+  "audit.early": "Etapa inicial — ejecuta `nerviq setup` para iniciar tu configuración",
+  "audit.solid": "Tu configuración de {platform} se ve sólida.",
+  "audit.next": "Siguiente: {command}",
+  "audit.quickWins": "Mejoras rápidas:",
+  "audit.topActions": "Acciones principales:",
+  "audit.platformCaveats": "Advertencias de plataforma:",
+  "audit.largeFile": "Archivo grande: {file} ({size}KB)",
+  "audit.categoryScores": "Puntuaciones por categoría:",
+  "audit.passed": "Aprobado",
+  "audit.failed": "Fallido",
+  "audit.skipped": "Omitido",
+  "audit.details": "Detalles:",
+  "cli.help.description": "La capa de gobernanza inteligente para agentes de codificación IA",
+  "cli.help.usage": "Uso: nerviq <comando> [opciones]",
+  "cli.help.commands": "Comandos:",
+  "cli.help.options": "Opciones:",
+  "cli.error.unknownCommand": "Comando desconocido: {command}",
+  "cli.error.requiresValue": "{flag} requiere un valor"
+}