@outcomeeng/spx 0.6.4 → 0.6.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +4 -3
- package/dist/cli.js +648 -220
- package/dist/cli.js.map +1 -1
- package/package.json +3 -3
package/README.md
CHANGED
|
@@ -54,7 +54,7 @@ spx validation literal # Source/test literal reuse detection
|
|
|
54
54
|
# Scope and targeting
|
|
55
55
|
spx validation all --scope production # Exclude tests/scripts
|
|
56
56
|
spx validation all --fix # Auto-fix across all checks
|
|
57
|
-
spx validation all
|
|
57
|
+
spx validation all src/session/ # Validate specific files or directories
|
|
58
58
|
```
|
|
59
59
|
|
|
60
60
|
All validation commands support `--quiet` for CI and `--json` for machine-readable output.
|
|
@@ -170,8 +170,9 @@ A Lefthook **pre-push** hook runs `sonar analyze --base origin/main` so SonarQub
|
|
|
170
170
|
|
|
171
171
|
The project uses GitHub Actions for continuous integration and publishing:
|
|
172
172
|
|
|
173
|
-
- `
|
|
174
|
-
- `
|
|
173
|
+
- `deterministic-verification.yml` — Runs the deterministic verification suite (validation, circular dependencies, tests with the status projection, and packaged-CLI checks) as parallel jobs on Node 24 for every push to `main` and every pull request, skipping root instruction docs. Includes dependency review on pull requests to block PRs introducing vulnerable dependencies.
|
|
174
|
+
- `agentic-verification.yml` — Runs agentic verification (audit and review) over each pull request.
|
|
175
|
+
- `publish.yml` — Triggered by `v*` tags. Gates on `deterministic-verification.yml` and publishes its verified build via OIDC Trusted Publishing (no stored npm tokens) with Sigstore provenance attestation. Requires manual approval via the `npm-publish` GitHub Environment.
|
|
175
176
|
- `scorecard.yml` — Weekly OpenSSF Scorecard assessment, results published to the GitHub Security tab.
|
|
176
177
|
|
|
177
178
|
### Publishing a Release
|