@neurcode-ai/cli 0.16.6 → 0.16.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +5 -0
- package/dist/index.js.map +1 -1
- package/dist/runtime-build.json +5 -5
- package/dist/utils/guided-eval.d.ts.map +1 -1
- package/dist/utils/guided-eval.js +27 -13
- package/dist/utils/guided-eval.js.map +1 -1
- package/package.json +3 -4
- package/.telemetry-bundle/dist/__tests__/harvest-verify.test.d.ts +0 -1
- package/.telemetry-bundle/dist/__tests__/harvest-verify.test.js +0 -86
- package/.telemetry-bundle/dist/contracts.d.ts +0 -58
- package/.telemetry-bundle/dist/contracts.js +0 -8
- package/.telemetry-bundle/dist/harvest-verify.d.ts +0 -9
- package/.telemetry-bundle/dist/harvest-verify.js +0 -128
- package/.telemetry-bundle/dist/index.d.ts +0 -10
- package/.telemetry-bundle/dist/index.js +0 -22
- package/.telemetry-bundle/dist/precision/leaderboards.d.ts +0 -20
- package/.telemetry-bundle/dist/precision/leaderboards.js +0 -72
- package/.telemetry-bundle/dist/reader.d.ts +0 -5
- package/.telemetry-bundle/dist/reader.js +0 -46
- package/.telemetry-bundle/dist/stable-json.d.ts +0 -5
- package/.telemetry-bundle/dist/stable-json.js +0 -24
- package/.telemetry-bundle/dist/store.d.ts +0 -10
- package/.telemetry-bundle/dist/store.js +0 -52
- package/.telemetry-bundle/dist/trust-scoring.d.ts +0 -20
- package/.telemetry-bundle/dist/trust-scoring.js +0 -58
- package/.telemetry-bundle/package.json +0 -8
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.stableStringify = stableStringify;
|
|
4
|
-
/**
|
|
5
|
-
* Deterministic JSON serialization: sorted object keys at every depth.
|
|
6
|
-
* Used so identical logical events stringify identically across Node versions.
|
|
7
|
-
*/
|
|
8
|
-
function stableStringify(value) {
|
|
9
|
-
return JSON.stringify(sortKeysDeep(value));
|
|
10
|
-
}
|
|
11
|
-
function sortKeysDeep(value) {
|
|
12
|
-
if (value === null || typeof value !== 'object') {
|
|
13
|
-
return value;
|
|
14
|
-
}
|
|
15
|
-
if (Array.isArray(value)) {
|
|
16
|
-
return value.map(sortKeysDeep);
|
|
17
|
-
}
|
|
18
|
-
const obj = value;
|
|
19
|
-
const out = {};
|
|
20
|
-
for (const key of Object.keys(obj).sort()) {
|
|
21
|
-
out[key] = sortKeysDeep(obj[key]);
|
|
22
|
-
}
|
|
23
|
-
return out;
|
|
24
|
-
}
|
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
import type { GovernanceTelemetryEnvelope } from './contracts';
|
|
2
|
-
export declare function telemetryEventsPath(repoRoot: string): string;
|
|
3
|
-
/**
|
|
4
|
-
* Append one telemetry line. Never throws — calibration must not break verify.
|
|
5
|
-
*/
|
|
6
|
-
export declare function appendGovernanceTelemetryEvent(repoRoot: string, envelope: GovernanceTelemetryEnvelope): void;
|
|
7
|
-
/**
|
|
8
|
-
* Record verify completion from canonical CLI verify JSON (already normalized).
|
|
9
|
-
*/
|
|
10
|
-
export declare function appendVerifyCompletedFromCanonical(repoRoot: string, canonical: Record<string, unknown> | null, runId?: string | null): void;
|
|
@@ -1,52 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.telemetryEventsPath = telemetryEventsPath;
|
|
4
|
-
exports.appendGovernanceTelemetryEvent = appendGovernanceTelemetryEvent;
|
|
5
|
-
exports.appendVerifyCompletedFromCanonical = appendVerifyCompletedFromCanonical;
|
|
6
|
-
const fs_1 = require("fs");
|
|
7
|
-
const path_1 = require("path");
|
|
8
|
-
const contracts_1 = require("./contracts");
|
|
9
|
-
const harvest_verify_1 = require("./harvest-verify");
|
|
10
|
-
const stable_json_1 = require("./stable-json");
|
|
11
|
-
const REL_DIR = (0, path_1.join)('.neurcode', 'telemetry');
|
|
12
|
-
const EVENTS_FILE = 'governance-events.jsonl';
|
|
13
|
-
function telemetryEventsPath(repoRoot) {
|
|
14
|
-
return (0, path_1.join)(repoRoot, REL_DIR, EVENTS_FILE);
|
|
15
|
-
}
|
|
16
|
-
/**
|
|
17
|
-
* Append one telemetry line. Never throws — calibration must not break verify.
|
|
18
|
-
*/
|
|
19
|
-
function appendGovernanceTelemetryEvent(repoRoot, envelope) {
|
|
20
|
-
try {
|
|
21
|
-
const dir = (0, path_1.join)(repoRoot, REL_DIR);
|
|
22
|
-
if (!(0, fs_1.existsSync)(dir)) {
|
|
23
|
-
(0, fs_1.mkdirSync)(dir, { recursive: true });
|
|
24
|
-
}
|
|
25
|
-
const line = (0, stable_json_1.stableStringify)({
|
|
26
|
-
...envelope,
|
|
27
|
-
schemaVersion: contracts_1.GOVERNANCE_TELEMETRY_SCHEMA_VERSION,
|
|
28
|
-
});
|
|
29
|
-
(0, fs_1.appendFileSync)(telemetryEventsPath(repoRoot), `${line}\n`, 'utf8');
|
|
30
|
-
}
|
|
31
|
-
catch {
|
|
32
|
-
// intentional swallow
|
|
33
|
-
}
|
|
34
|
-
}
|
|
35
|
-
/**
|
|
36
|
-
* Record verify completion from canonical CLI verify JSON (already normalized).
|
|
37
|
-
*/
|
|
38
|
-
function appendVerifyCompletedFromCanonical(repoRoot, canonical, runId) {
|
|
39
|
-
const harvested = (0, harvest_verify_1.harvestGovernanceVerifyCompleted)(canonical);
|
|
40
|
-
if (!harvested) {
|
|
41
|
-
return;
|
|
42
|
-
}
|
|
43
|
-
const envelope = {
|
|
44
|
-
schemaVersion: contracts_1.GOVERNANCE_TELEMETRY_SCHEMA_VERSION,
|
|
45
|
-
emittedAt: new Date().toISOString(),
|
|
46
|
-
eventType: 'governance.verify.completed',
|
|
47
|
-
runId: runId ?? null,
|
|
48
|
-
findingSetDigest: harvested.findingSetDigest,
|
|
49
|
-
payload: harvested.payload,
|
|
50
|
-
};
|
|
51
|
-
appendGovernanceTelemetryEvent(repoRoot, envelope);
|
|
52
|
-
}
|
|
@@ -1,20 +0,0 @@
|
|
|
1
|
-
/**
|
|
2
|
-
* Bounded, explainable trust signals — no opaque ML.
|
|
3
|
-
* All outputs are in [0, 1] unless noted.
|
|
4
|
-
*/
|
|
5
|
-
import type { GovernanceVerifyCompletedPayload } from './contracts';
|
|
6
|
-
import type { TelemetryRollup } from './precision/leaderboards';
|
|
7
|
-
export interface BoundedTrustScores {
|
|
8
|
-
/** 1 − (suppressed findings / max(1, total findings)) from the last completed verify slice. */
|
|
9
|
-
findingTrustScore: number;
|
|
10
|
-
/** Mean of per-rule (1 − suppressionRate) over rules with ≥1 trigger, from rollups. */
|
|
11
|
-
ruleTrustScore: number;
|
|
12
|
-
/** 1 if replay exact, 0.65 if bounded degradation, 0.5 if unknown/missing. */
|
|
13
|
-
replayTrustScore: number;
|
|
14
|
-
/** Density of blocking findings vs advisory (blocking / max(1, total)). */
|
|
15
|
-
reviewerTrustDensity: number;
|
|
16
|
-
/** Harmonic-style blend of finding + rule trust (operational usefulness proxy). */
|
|
17
|
-
governanceUsefulnessScore: number;
|
|
18
|
-
}
|
|
19
|
-
export declare function trustFromVerifyPayload(p: GovernanceVerifyCompletedPayload): BoundedTrustScores;
|
|
20
|
-
export declare function trustFromRollups(rollup: TelemetryRollup): Pick<BoundedTrustScores, 'ruleTrustScore'>;
|
|
@@ -1,58 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
/**
|
|
3
|
-
* Bounded, explainable trust signals — no opaque ML.
|
|
4
|
-
* All outputs are in [0, 1] unless noted.
|
|
5
|
-
*/
|
|
6
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
7
|
-
exports.trustFromVerifyPayload = trustFromVerifyPayload;
|
|
8
|
-
exports.trustFromRollups = trustFromRollups;
|
|
9
|
-
function trustFromVerifyPayload(p) {
|
|
10
|
-
const n = Math.max(1, p.governanceFindingCount);
|
|
11
|
-
const findingTrustScore = clamp01(1 - p.suppressedFindingCount / n);
|
|
12
|
-
const ruleIds = Object.keys(p.structuralRuleTriggerHistogram);
|
|
13
|
-
let sum = 0;
|
|
14
|
-
let count = 0;
|
|
15
|
-
for (const ruleId of ruleIds) {
|
|
16
|
-
const t = p.structuralRuleTriggerHistogram[ruleId] ?? 0;
|
|
17
|
-
const s = p.structuralRuleSuppressionHistogram[ruleId] ?? 0;
|
|
18
|
-
if (t <= 0) {
|
|
19
|
-
continue;
|
|
20
|
-
}
|
|
21
|
-
sum += 1 - s / t;
|
|
22
|
-
count += 1;
|
|
23
|
-
}
|
|
24
|
-
const ruleTrustScore = count > 0 ? clamp01(sum / count) : 1;
|
|
25
|
-
let replayTrustScore = 0.5;
|
|
26
|
-
if (p.replayIntegrityStatus === 'exact') {
|
|
27
|
-
replayTrustScore = 1;
|
|
28
|
-
}
|
|
29
|
-
else if (p.replayIntegrityStatus === 'bounded-degradation') {
|
|
30
|
-
replayTrustScore = 0.65;
|
|
31
|
-
}
|
|
32
|
-
const reviewerTrustDensity = clamp01(p.blockingFindingCount / n);
|
|
33
|
-
const governanceUsefulnessScore = clamp01(0.45 * findingTrustScore + 0.35 * ruleTrustScore + 0.2 * replayTrustScore);
|
|
34
|
-
return {
|
|
35
|
-
findingTrustScore,
|
|
36
|
-
ruleTrustScore,
|
|
37
|
-
replayTrustScore,
|
|
38
|
-
reviewerTrustDensity,
|
|
39
|
-
governanceUsefulnessScore,
|
|
40
|
-
};
|
|
41
|
-
}
|
|
42
|
-
function trustFromRollups(rollup) {
|
|
43
|
-
const rows = rollup.ruleRollups.filter(r => r.triggerCount > 0);
|
|
44
|
-
if (rows.length === 0) {
|
|
45
|
-
return { ruleTrustScore: 1 };
|
|
46
|
-
}
|
|
47
|
-
const acc = rows.reduce((s, r) => s + (1 - r.suppressionRate), 0) / rows.length;
|
|
48
|
-
return { ruleTrustScore: clamp01(acc) };
|
|
49
|
-
}
|
|
50
|
-
function clamp01(x) {
|
|
51
|
-
if (x < 0) {
|
|
52
|
-
return 0;
|
|
53
|
-
}
|
|
54
|
-
if (x > 1) {
|
|
55
|
-
return 1;
|
|
56
|
-
}
|
|
57
|
-
return x;
|
|
58
|
-
}
|