npm - @ornexus/neocortex-cli - Versions diffs - 4.5.1 → 4.6.1 - Mend

@ornexus/neocortex-cli 4.5.1 → 4.6.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE CHANGED Viewed

@@ -5,7 +5,7 @@ Copyright (c) 2026 OrNexus AI
 Parameters
 Licensor:             OrNexus AI
-Licensed Work:        Synapse CLI
+Licensed Work:        Neocortex CLI
                       The Licensed Work is (c) 2026 OrNexus AI.
 Additional Use Grant: You may make production use of the Licensed Work,
                       provided such use does not include offering the

package/install.js CHANGED Viewed

@@ -10,7 +10,6 @@
  */
 const https = require('https');
-const http = require('http');
 const fs = require('fs');
 const path = require('path');
 const os = require('os');
@@ -71,9 +70,17 @@ function getPlatformInfo() {
 // HTTP HELPERS
 // ═══════════════════════════════════════════════════════════════════
-function fetch(url, options = {}) {
+function fetch(url, options = {}, _redirectCount = 0) {
     return new Promise((resolve, reject) => {
-        const protocol = url.startsWith('https') ? https : http;
+        if (_redirectCount > 5) {
+            return reject(new Error('Too many redirects (max 5)'));
+        }
+        const parsedUrl = new URL(url);
+        if (parsedUrl.protocol !== 'https:') {
+            return reject(new Error(`Insecure protocol blocked: ${parsedUrl.protocol} - only HTTPS is allowed`));
+        }
         const headers = {
             'User-Agent': `neocortex-cli/${VERSION}`,
             'Accept': options.accept || 'application/json',
@@ -83,10 +90,19 @@ function fetch(url, options = {}) {
         if (GITHUB_TOKEN && url.includes('github.com')) {
             headers['Authorization'] = `Bearer ${GITHUB_TOKEN}`;
         }
-        const req = protocol.get(url, { headers }, (res) => {
-            // Follow redirects
+        const req = https.get(url, { headers }, (res) => {
+            // Follow redirects (with limit and HTTPS validation)
             if (res.statusCode >= 300 && res.statusCode < 400 && res.headers.location) {
-                return fetch(res.headers.location, options).then(resolve).catch(reject);
+                const redirectUrl = res.headers.location;
+                try {
+                    const redirectParsed = new URL(redirectUrl);
+                    if (redirectParsed.protocol !== 'https:') {
+                        return reject(new Error(`Redirect to insecure protocol blocked: ${redirectParsed.protocol}`));
+                    }
+                } catch {
+                    return reject(new Error(`Invalid redirect URL: ${redirectUrl}`));
+                }
+                return fetch(redirectUrl, options, _redirectCount + 1).then(resolve).catch(reject);
             }
             if (res.statusCode !== 200) {
@@ -248,7 +264,12 @@ async function install() {
             process.exit(1);
         }
     } else {
-        console.log(' (no checksum available, skipped)');
+        console.log(' FAILED');
+        fs.unlinkSync(tmpPath);
+        console.error('\n  ERRO: SHA256SUMS.txt nao encontrado na release.');
+        console.error('  Checksum verification is MANDATORY for security.');
+        console.error(`  Baixe manualmente: https://github.com/${REPO}/releases\n`);
+        process.exit(1);
     }
     // Atomic move

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ornexus/neocortex-cli",
-  "version": "4.5.1",
+  "version": "4.6.1",
   "description": "Neocortex CLI - AI Agent Orchestrator for multi-platform development (Claude Code, Cursor, VS Code, Gemini, Codex)",
   "keywords": [
     "claude",
@@ -43,13 +43,12 @@
   "files": [
     "README.md",
     "install.js",
-    "sync-version.js",
     ".env.example"
   ],
   "scripts": {
     "postinstall": "node -e \"console.log('\\nNeocortex CLI v'+require('./package.json').version+' instalado!\\n\\nSetup: npx @ornexus/neocortex-cli\\nBinarios: https://github.com/OrNexus-AI/neocortex-cli/releases\\n')\"",
     "sync": "node sync-version.js",
-    "prepublishOnly": "node sync-version.js && node -e \"console.log('Publishing Neocortex CLI v'+require('./package.json').version)\"",
+    "prepublishOnly": "node -e \"console.log('Publishing Neocortex CLI v'+require('./package.json').version)\"",
     "version": "npm run sync && echo '🔖 Nova versão:' && cat package.json | grep version",
     "test": "vitest run",
     "typecheck": "tsc --noEmit",
@@ -64,6 +63,9 @@
     "compile:darwin-x64": "bun build packages/cli/src/index.ts --compile --target=bun-darwin-x64 --outfile dist/bin/neocortex-cli-darwin-x64",
     "compile:windows-x64": "bun build packages/cli/src/index.ts --compile --target=bun-windows-x64 --outfile dist/bin/neocortex-cli-windows-x64.exe",
     "build:publish": "bun run scripts/build-publish.ts",
+    "validate:npm": "bun run scripts/validate-npm-package.ts",
+    "validate:binaries": "bun run scripts/validate-binaries.ts",
+    "validate:release": "bun run scripts/validate-npm-package.ts && bun run scripts/validate-binaries.ts",
     "release": "bun run scripts/release.ts",
     "check": "bun run lint && bun run typecheck && bun run test"
   },
@@ -106,6 +108,8 @@
   },
   "devDependencies": {
     "@vitest/coverage-v8": "^3.2.4",
+    "audit-ci": "^7.1.0",
+    "javascript-obfuscator": "^4.1.1",
     "react-devtools-core": "7.0.1",
     "vitest": "^3.2.4"
   }

package/sync-version.js DELETED Viewed

@@ -1,200 +0,0 @@
-#!/usr/bin/env node
-/**
- * Neocortex - Version Sync Script
- *
- * Sincroniza a versão do package.json em todos os arquivos do projeto.
- * Executado automaticamente no prepublishOnly.
- *
- * Uso: node sync-version.js
- */
-const fs = require('fs');
-const path = require('path');
-// Ler versão do package.json (fonte única de verdade)
-const pkg = require('./package.json');
-const VERSION = pkg.version;
-const VERSION_MAJOR_MINOR = VERSION.split('.').slice(0, 2).join('.');
-console.log(`\n🔄 Sincronizando versão ${VERSION} em todos os arquivos...\n`);
-// Definição dos arquivos e padrões a substituir
-const replacements = [
-  // Sub-package versions (shared, core, cli)
-  {
-    file: 'packages/shared/package.json',
-    patterns: [
-      [/"version": "[\d.]+"/g, `"version": "${VERSION}"`],
-    ]
-  },
-  {
-    file: 'packages/core/package.json',
-    patterns: [
-      [/"version": "[\d.]+"/g, `"version": "${VERSION}"`],
-    ]
-  },
-  {
-    file: 'packages/cli/package.json',
-    patterns: [
-      [/"version": "[\d.]+"/g, `"version": "${VERSION}"`],
-    ]
-  },
-  // neocortex-cli.md
-  {
-    file: 'targets/claude-code/neocortex-cli.md',
-    patterns: [
-      [/# Neocortex v[\d.]+ -/g, `# Neocortex v${VERSION} -`],
-      [/NEOCORTEX-CLI v[\d.]+ \(state\.json\)/g, `NEOCORTEX-CLI v${VERSION} (state.json)`],
-    ]
-  },
-  // neocortex-cli.agent.yaml
-  {
-    file: 'targets/claude-code/neocortex-cli.agent.yaml',
-    patterns: [
-      [/version: '[\d.]+'/g, `version: '${VERSION}'`],
-      [/NEOCORTEX-CLI v[\d.]+ \(External Claude CLI\)/g, `NEOCORTEX-CLI v${VERSION} (External Claude CLI)`],
-    ]
-  },
-  // install.sh
-  {
-    file: 'install.sh',
-    patterns: [
-      [/VERSION="[\d.]+"/g, `VERSION="${VERSION}"`],
-    ]
-  },
-  // install.ps1
-  {
-    file: 'install.ps1',
-    patterns: [
-      [/\$VERSION = "[\d.]+"/g, `$VERSION = "${VERSION}"`],
-    ]
-  },
-  // core/data/state-template.json
-  {
-    file: 'core/data/state-template.json',
-    patterns: [
-      [/"version": "[\d.]+"/g, `"version": "${VERSION}"`],
-      [/"neocortex_cli_version": "[\d.]+"/g, `"neocortex_cli_version": "${VERSION}"`],
-    ]
-  },
-  // core/data/step-registry.json
-  {
-    file: 'core/data/step-registry.json',
-    patterns: [
-      [/"version": "[\d.]+"/g, `"version": "${VERSION}"`],
-    ]
-  },
-  // core/data/state-utils.md
-  {
-    file: 'core/data/state-utils.md',
-    patterns: [
-      [/# State Utilities - Neocortex v[\d.]+/g, `# State Utilities - Neocortex v${VERSION}`],
-    ]
-  },
-  // core/data/worktree-sync.md
-  {
-    file: 'core/data/worktree-sync.md',
-    patterns: [
-      [/# Worktree Synchronization Utilities - Neocortex v[\d.]+/g, `# Worktree Synchronization Utilities - Neocortex v${VERSION}`],
-    ]
-  },
-  // core/data/worktree-sync-functions.sh
-  {
-    file: 'core/data/worktree-sync-functions.sh',
-    patterns: [
-      [/# Neocortex - Worktree Sync Functions v[\d.]+/g, `# Neocortex - Worktree Sync Functions v${VERSION}`],
-    ]
-  },
-  // targets/claude-code/workflow.md
-  {
-    file: 'targets/claude-code/workflow.md',
-    patterns: [
-      [/Neocortex v[\d.]+/g, `Neocortex v${VERSION}`],
-    ]
-  },
-  // Platform agent files
-  {
-    file: 'targets/cursor/agent.md',
-    patterns: [
-      [/# Neocortex v[\d.]+ -/g, `# Neocortex v${VERSION} -`],
-    ]
-  },
-  {
-    file: 'targets/vscode/agent.md',
-    patterns: [
-      [/# Neocortex v[\d.]+ -/g, `# Neocortex v${VERSION} -`],
-    ]
-  },
-  {
-    file: 'targets/gemini-cli/agent.md',
-    patterns: [
-      [/# Neocortex v[\d.]+ -/g, `# Neocortex v${VERSION} -`],
-    ]
-  },
-  {
-    file: 'targets/codex/agents.md',
-    patterns: [
-      [/# Neocortex v[\d.]+ -/g, `# Neocortex v${VERSION} -`],
-    ]
-  },
-  {
-    file: 'targets/antigravity/gemini.md',
-    patterns: [
-      [/Neocortex v[\d.]+/g, `Neocortex v${VERSION}`],
-    ]
-  },
-  {
-    file: 'targets/antigravity/skill/SKILL.md',
-    patterns: [
-      [/Neocortex v[\d.]+/g, `Neocortex v${VERSION}`],
-    ]
-  },
-  // Source code VERSION constant
-  {
-    file: 'packages/shared/src/index.ts',
-    patterns: [
-      [/export const VERSION = '[\d.]+' as const;/g, `export const VERSION = '${VERSION}' as const;`],
-    ]
-  },
-  // Init memory command version
-  {
-    file: 'packages/cli/src/commands/init-memory.ts',
-    patterns: [
-      [/const NEOCORTEX_VERSION = '[\d.]+';/g, `const NEOCORTEX_VERSION = '${VERSION}';`],
-    ]
-  },
-];
-let filesUpdated = 0;
-let totalReplacements = 0;
-for (const { file, patterns } of replacements) {
-  const filePath = path.join(__dirname, file);
-  if (!fs.existsSync(filePath)) {
-    console.log(`  ⚠️  ${file} não encontrado, pulando...`);
-    continue;
-  }
-  let content = fs.readFileSync(filePath, 'utf8');
-  let fileReplacements = 0;
-  for (const [pattern, replacement] of patterns) {
-    const matches = content.match(pattern);
-    if (matches) {
-      content = content.replace(pattern, replacement);
-      fileReplacements += matches.length;
-    }
-  }
-  if (fileReplacements > 0) {
-    fs.writeFileSync(filePath, content);
-    console.log(`  ✅ ${file} (${fileReplacements} substituição(ões))`);
-    filesUpdated++;
-    totalReplacements += fileReplacements;
-  } else {
-    console.log(`  ⏭️  ${file} (já atualizado)`);
-  }
-}
-console.log(`\n✨ Sincronização completa: ${filesUpdated} arquivo(s), ${totalReplacements} substituição(ões)\n`);