npm - @neurcode/action - Versions diffs - 0.3.0-rc.6 → 0.3.0-rc.7 - Mend

@neurcode/action 0.3.0-rc.6 → 0.3.0-rc.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -49,7 +49,7 @@ jobs:
       - uses: actions/checkout@v5
         with:
           fetch-depth: 0
-      - uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.5
+      - uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.7
 ```
 That is enough for the standalone report. Runtime admission provenance activates only when a PR includes `.neurcode-admission/*.json`.
@@ -184,7 +184,7 @@ Self-attested provenance is a claim by the PR author, not cryptographic proof an
 ## Strict Self-Attested Mode
 ```yaml
-- uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.5
+- uses: sujit-jaunjal/neurcode-actions@v0.3.0-rc.7
   with:
     policy: strict_self_attested
     no_record_strict: 'false'
@@ -214,7 +214,7 @@ The harness runs controlled OSS-style PR scenarios, scores the report as ACTIONA
 ## Preserved Installation Path
-The `sujit-jaunjal/neurcode-actions@v0.2.4` release remains available and untouched. `v0.3.0-rc.5` is the current rehearsal ref for runtime admission bridge behavior after live Airflow fork rehearsal.
+The `sujit-jaunjal/neurcode-actions@v0.2.4` release remains available and untouched. `v0.3.0-rc.7` is the current rehearsal ref for Enterprise Reliability Closure V1.
 ## Adoption Bridge Docs

package/dist/index.js CHANGED Viewed

@@ -40139,7 +40139,7 @@ exports.parseCliShipRunsJsonPayload = parseCliShipRunsJsonPayload;
 exports.parseCliShipResumeJsonPayload = parseCliShipResumeJsonPayload;
 exports.parseCliShipAttestationVerifyJsonPayload = parseCliShipAttestationVerifyJsonPayload;
 exports.parseCliCompatJsonPayload = parseCliCompatJsonPayload;
-exports.CLI_JSON_CONTRACT_VERSION = '2026-06-18';
+exports.CLI_JSON_CONTRACT_VERSION = '2026-06-19';
 /** Compare YYYY-MM-DD contract stamps; returns null when either side is unparsable. */
 function compareCalendarContractVersion(left, right) {
     const parse = (value) => {
@@ -40166,7 +40166,7 @@ __exportStar(__nccwpck_require__(5733), exports);
 __exportStar(__nccwpck_require__(9349), exports);
 exports.RUNTIME_COMPATIBILITY_CONTRACT_ID = 'neurcode-runtime-compatibility';
 exports.RUNTIME_COMPATIBILITY_CONTRACT_VERSION = '2026-04-04';
-exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = '2026-06-18.1';
+exports.RUNTIME_COMPATIBILITY_MANIFEST_VERSION = '2026-06-19.1';
 exports.RUNTIME_COMPATIBILITY_MANIFEST_SCHEMA_VERSION = 1;
 /**
  * Runtime Admission contract (Phase A — Provenance Core). Additive: surfaces a
@@ -40201,9 +40201,9 @@ const RUNTIME_COMPATIBILITY_MANIFEST = {
             id: 'current',
             channel: 'current',
             versions: {
-                cli: '0.19.0',
-                action: '0.3.0-rc.6',
-                api: '0.3.0',
+                cli: '0.19.1',
+                action: '0.3.0-rc.7',
+                api: '0.3.1',
             },
             notes: 'Current release train validated in monorepo CI.',
         },
@@ -40731,6 +40731,7 @@ const ADAPTERS = [
     'cursor-mcp',
     'vscode-extension',
     'github-action',
+    'neurcode-cli',
 ];
 const LANGUAGES = [
     'typescript', 'javascript', 'python', 'go', 'java', 'ruby', 'rust',
@@ -40982,7 +40983,10 @@ function validateExport(value, path, targetPath) {
     enumeration(item.parserDepth, `${path}.parserDepth`, PARSER_DEPTHS);
 }
 function validateRelationship(value, path) {
-    const item = record(value, path, ['id', 'type', 'fromId', 'toId', 'confidence', 'deterministic', 'provenance']);
+    const item = record(value, path, [
+        'id', 'type', 'fromId', 'toId', 'confidence', 'deterministic', 'provenance',
+        'computationRepeatable', 'semanticCertainty', 'evidenceTier', 'enforcementEligible',
+    ], ['id', 'type', 'fromId', 'toId', 'confidence', 'deterministic', 'provenance']);
     id(item.id, `${path}.id`);
     enumeration(item.type, `${path}.type`, [
         'defines', 'references', 'imports', 'exports', 'calls', 'owns',
@@ -40993,6 +40997,19 @@ function validateRelationship(value, path) {
     id(item.toId, `${path}.toId`);
     enumeration(item.confidence, `${path}.confidence`, ['exact', 'high', 'medium', 'low']);
     boolean(item.deterministic, `${path}.deterministic`);
+    if (item.computationRepeatable !== undefined)
+        boolean(item.computationRepeatable, `${path}.computationRepeatable`);
+    if (item.semanticCertainty !== undefined) {
+        enumeration(item.semanticCertainty, `${path}.semanticCertainty`, ['exact', 'high', 'medium', 'low', 'unknown']);
+    }
+    if (item.evidenceTier !== undefined) {
+        enumeration(item.evidenceTier, `${path}.evidenceTier`, ['deterministic', 'advisory', 'degraded']);
+    }
+    if (item.enforcementEligible !== undefined)
+        boolean(item.enforcementEligible, `${path}.enforcementEligible`);
+    if (item.type === 'structurally_resembles' && item.enforcementEligible === true) {
+        fail(`${path}.enforcementEligible`, 'structural resemblance is advisory and cannot be enforcement eligible');
+    }
     sourceFreeMetadata(item.provenance, `${path}.provenance`, 256);
 }
 function validateReference(value, path, targetPath) {
@@ -41093,7 +41110,9 @@ function deriveTrustedHostPosture(adapterId, timing) {
             ? timing === 'after_write'
             : adapterId === 'claude-code-hooks' || adapterId === 'copilot-hooks'
                 ? timing === 'before_write'
-                : timing !== 'ci';
+                : adapterId === 'neurcode-cli'
+                    ? timing === 'before_write' || timing === 'after_write'
+                    : timing !== 'ci';
     if (!timingAllowed) {
         throw new Error(`Invalid trusted host timing: ${adapterId} cannot claim ${timing}`);
     }
@@ -41110,6 +41129,8 @@ function deriveTrustedHostPosture(adapterId, timing) {
         capability = 'cooperative_prewrite';
     else if (adapterId === 'vscode-extension')
         capability = 'post_write';
+    else if (adapterId === 'neurcode-cli')
+        capability = 'not_supported';
     else
         capability = 'not_supported';
     const decisionBinding = capability === 'hard_prewrite'
@@ -41374,6 +41395,47 @@ function isRepoIntelligenceEvidence(value) {
     const privacy = record.privacy;
     if (!graph || !policy || !privacy)
         return false;
+    if (graph.canonicalModel !== undefined && graph.canonicalModel !== 'repository_graph_v2')
+        return false;
+    if (graph.storageSchemaVersion !== undefined && graph.storageSchemaVersion !== null
+        && (typeof graph.storageSchemaVersion !== 'number'
+            || !Number.isInteger(graph.storageSchemaVersion) || graph.storageSchemaVersion < 0))
+        return false;
+    for (const key of ['lastSuccessfulIndexAt', 'lastAttemptedIndexAt']) {
+        if (graph[key] !== undefined && graph[key] !== null && typeof graph[key] !== 'string')
+            return false;
+    }
+    for (const key of ['deterministicEvidenceEligible', 'deterministicEnforcementEligible']) {
+        if (graph[key] !== undefined && typeof graph[key] !== 'boolean')
+            return false;
+    }
+    if (graph.enforcementIneligibilityReasons !== undefined && (!Array.isArray(graph.enforcementIneligibilityReasons)
+        || graph.enforcementIneligibilityReasons.length > 64
+        || !graph.enforcementIneligibilityReasons.every((item) => typeof item === 'string' && item.length > 0 && item.length <= 128)))
+        return false;
+    if (graph.recoveryCommand !== undefined
+        && !['neurcode brain repo-index', 'neurcode brain repo-recover'].includes(String(graph.recoveryCommand)))
+        return false;
+    if (graph.coverage !== undefined && graph.coverage !== null) {
+        if (typeof graph.coverage !== 'object' || Array.isArray(graph.coverage))
+            return false;
+        const coverage = graph.coverage;
+        for (const key of ['filesSeen', 'filesIndexed', 'filesAnalyzed', 'filesSkipped', 'filesUnsupported', 'filesDegraded', 'filesFailed']) {
+            if (typeof coverage[key] !== 'number' || !Number.isInteger(coverage[key]) || Number(coverage[key]) < 0)
+                return false;
+        }
+    }
+    if (graph.runtimeCompatibility !== undefined) {
+        if (!graph.runtimeCompatibility || typeof graph.runtimeCompatibility !== 'object' || Array.isArray(graph.runtimeCompatibility))
+            return false;
+        const compatibility = graph.runtimeCompatibility;
+        if (compatibility.component !== 'cli')
+            return false;
+        for (const key of ['contractId', 'runtimeContractVersion', 'manifestVersion']) {
+            if (typeof compatibility[key] !== 'string' || compatibility[key].length === 0)
+                return false;
+        }
+    }
     if (!Array.isArray(policy.evaluatedRuleIds) || !Array.isArray(policy.notEvaluatedRuleIds) || !Array.isArray(policy.findings))
         return false;
     if (!Array.isArray(record.advisory))
@@ -51166,6 +51228,8 @@ function evaluateAIChangeRecordArtifacts(artifacts, discoveryDiagnostics, dirAbs
             const deterministicFindings = new Map();
             const advisoryFindings = new Map();
             let unsupportedPercentMax = null;
+            let deterministicEnforcementEligible = true;
+            const enforcementIneligibilityReasons = new Set();
             let suppressedAdvisoryCount = 0;
             for (const evidence of repoIntelligenceEvidence) {
                 classifications[evidence.classification] = (classifications[evidence.classification] ?? 0) + 1;
@@ -51176,6 +51240,13 @@ function evaluateAIChangeRecordArtifacts(artifacts, discoveryDiagnostics, dirAbs
                 if (typeof evidence.graph.unsupportedPercent === 'number') {
                     unsupportedPercentMax = Math.max(unsupportedPercentMax ?? 0, evidence.graph.unsupportedPercent);
                 }
+                deterministicEnforcementEligible &&= evidence.graph.deterministicEnforcementEligible === true;
+                if (evidence.graph.enforcementIneligibilityReasons) {
+                    evidence.graph.enforcementIneligibilityReasons.forEach((reason) => enforcementIneligibilityReasons.add(reason));
+                }
+                else if (evidence.graph.deterministicEnforcementEligible !== true) {
+                    enforcementIneligibilityReasons.add('legacy_operability_fields_missing');
+                }
                 evidence.policy.evaluatedRuleIds.forEach((ruleId) => evaluatedRuleIds.add(ruleId));
                 evidence.policy.notEvaluatedRuleIds.forEach((ruleId) => notEvaluatedRuleIds.add(ruleId));
                 for (const finding of evidence.policy.findings) {
@@ -51211,6 +51282,8 @@ function evaluateAIChangeRecordArtifacts(artifacts, discoveryDiagnostics, dirAbs
                 timings: Array.from(timings).sort(),
                 freshnessStates: Array.from(freshnessStates).sort(),
                 unsupportedPercentMax,
+                deterministicEnforcementEligible,
+                enforcementIneligibilityReasons: Array.from(enforcementIneligibilityReasons).sort(),
                 evaluatedRuleIds: Array.from(evaluatedRuleIds).sort(),
                 notEvaluatedRuleIds: Array.from(notEvaluatedRuleIds).sort(),
                 deterministicFindings: Array.from(deterministicFindings.values()).sort((a, b) => a.ruleId.localeCompare(b.ruleId) || a.findingId.localeCompare(b.findingId)),
@@ -52394,6 +52467,8 @@ function renderStepSummary(opts) {
         lines.push(`| Host capability / timing | ${inlineList(repoIntelligence.capabilities, 6, 80)} / ${inlineList(repoIntelligence.timings, 6, 80)} |`);
         lines.push(`| Graph freshness | ${inlineList(repoIntelligence.freshnessStates, 6, 80)} |`);
         lines.push(`| Maximum unsupported coverage | ${repoIntelligence.unsupportedPercentMax === null ? 'unknown' : `${repoIntelligence.unsupportedPercentMax.toFixed(2)}%`} |`);
+        lines.push(`| Deterministic enforcement eligible | ${repoIntelligence.deterministicEnforcementEligible === true ? 'yes' : 'no'} |`);
+        lines.push(`| Enforcement gaps | ${inlineList(repoIntelligence.enforcementIneligibilityReasons ?? ['legacy_operability_fields_missing'], 6, 120)} |`);
         lines.push(`| Deterministic findings | ${repoIntelligence.deterministicFindings.length} |`);
         lines.push(`| Advisory findings | ${repoIntelligence.advisoryFindings.length} active, ${repoIntelligence.suppressedAdvisoryCount} suppressed |`);
         lines.push(`| Not-evaluated rules | ${inlineList(repoIntelligence.notEvaluatedRuleIds, 6, 120)} |`);

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@neurcode/action",
-  "version": "0.3.0-rc.6",
+  "version": "0.3.0-rc.7",
   "description": "Neurcode Runtime Admission Advisory — GitHub Action. Deterministic PR effect inventory and optional self-attested runtime admission provenance. No account required.",
   "main": "dist/index.js",
   "files": [
@@ -25,7 +25,7 @@
   "dependencies": {
     "@actions/core": "^1.10.1",
     "@actions/github": "^6.0.0",
-    "@neurcode-ai/contracts": "^0.2.0",
+    "@neurcode-ai/contracts": "^0.2.1",
     "@neurcode-ai/governance-runtime": "^0.3.0"
   },
   "devDependencies": {