@paths.design/caws-cli 5.0.1 → 5.1.0

package/dist/utils/typescript-detector.d.ts

@@ -0,0 +1,63 @@
+/**
+ * Detect if project is using TypeScript
+ * @param {string} projectDir - Project directory path
+ * @returns {Object} TypeScript detection result
+ */
+export function detectTypeScript(projectDir?: string): any;
+/**
+ * Detect testing framework in use
+ * @param {string} projectDir - Project directory path
+ * @param {Object} packageJson - Parsed package.json (optional)
+ * @returns {Object} Testing framework detection result
+ */
+export function detectTestFramework(projectDir?: string, packageJson?: any): any;
+export function getWorkspaceDirectories(projectDir?: string): string[];
+/**
+ * Get workspace directories from package.json
+ * @param {string} projectDir - Project directory path
+ * @returns {string[]} Array of workspace directories
+ */
+/**
+ * Get workspace directories from npm/yarn package.json workspaces
+ * @param {string} projectDir - Project directory path
+ * @returns {string[]} Array of workspace directories
+ */
+export function getNpmWorkspaces(projectDir: string): string[];
+/**
+ * Get workspace directories from pnpm-workspace.yaml
+ * @param {string} projectDir - Project directory path
+ * @returns {string[]} Array of workspace directories
+ */
+export function getPnpmWorkspaces(projectDir: string): string[];
+/**
+ * Get workspace directories from lerna.json
+ * @param {string} projectDir - Project directory path
+ * @returns {string[]} Array of workspace directories
+ */
+export function getLernaWorkspaces(projectDir: string): string[];
+/**
+ * Check if a dependency exists in hoisted node_modules
+ * @param {string} depName - Dependency name to check
+ * @param {string} projectDir - Project directory path
+ * @returns {boolean} True if dependency found in hoisted node_modules
+ */
+export function checkHoistedDependency(depName: string, projectDir: string): boolean;
+/**
+ * Check if TypeScript project needs test configuration
+ * @param {string} projectDir - Project directory path
+ * @returns {Object} Configuration status
+ */
+export function checkTypeScriptTestConfig(projectDir?: string): any;
+/**
+ * Generate configuration recommendations
+ * @param {Object} tsDetection - TypeScript detection result
+ * @param {Object} testDetection - Test framework detection result
+ * @returns {string[]} Array of recommendations
+ */
+export function generateRecommendations(tsDetection: any, testDetection: any): string[];
+/**
+ * Display TypeScript detection results
+ * @param {Object} detection - Detection result from checkTypeScriptTestConfig
+ */
+export function displayTypeScriptDetection(detection: any): void;
+//# sourceMappingURL=typescript-detector.d.ts.map

package/dist/utils/typescript-detector.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"typescript-detector.d.ts","sourceRoot":"","sources":["../../src/utils/typescript-detector.js"],"names":[],"mappings":"AAUA;;;;GAIG;AACH,8CAHW,MAAM,OAkChB;AAED;;;;;GAKG;AACH,iDAJW,MAAM,0BAkDhB;AAuKD,uEASC;AA9KD;;;;GAIG;AACH;;;;GAIG;AACH,6CAHW,MAAM,GACJ,MAAM,EAAE,CA6CpB;AAED;;;;GAIG;AACH,8CAHW,MAAM,GACJ,MAAM,EAAE,CA6CpB;AAED;;;;GAIG;AACH,+CAHW,MAAM,GACJ,MAAM,EAAE,CA4CpB;AAED;;;;;GAKG;AACH,gDAJW,MAAM,cACN,MAAM,GACJ,OAAO,CAKnB;AAaD;;;;GAIG;AACH,uDAHW,MAAM,OA0EhB;AAED;;;;;GAKG;AACH,+EAFa,MAAM,EAAE,CAuBpB;AAED;;;GAGG;AACH,iEAoBC"}

package/dist/validation/spec-validation.d.ts

@@ -0,0 +1,43 @@
+/**
+ * Basic validation of working spec
+ * @param {Object} spec - Working spec object
+ * @param {Object} options - Validation options
+ * @returns {Object} Validation result
+ */
+export function validateWorkingSpec(spec: any, _options?: {}): any;
+/**
+ * Enhanced validation with suggestions and auto-fix
+ * @param {Object} spec - Working spec object
+ * @param {Object} options - Validation options
+ * @returns {Object} Enhanced validation result
+ */
+export function validateWorkingSpecWithSuggestions(spec: any, options?: any): any;
+/**
+ * Get suggestion for a missing field
+ * @param {string} field - Field name
+ * @param {Object} _spec - Spec object (for context)
+ * @returns {string} Suggestion text
+ */
+export function getFieldSuggestion(field: string, _spec: any): string;
+/**
+ * Check if a field can be auto-fixed
+ * @param {string} field - Field name
+ * @param {Object} _spec - Spec object (for context)
+ * @returns {boolean} Whether field can be auto-fixed
+ */
+export function canAutoFixField(field: string, _spec: any): boolean;
+/**
+ * Calculate compliance score based on errors and warnings
+ * Score ranges from 0 (many issues) to 1 (perfect)
+ * @param {Array} errors - Validation errors
+ * @param {Array} warnings - Validation warnings
+ * @returns {number} Compliance score (0-1)
+ */
+export function calculateComplianceScore(errors: any[], warnings: any[]): number;
+/**
+ * Get compliance grade from score
+ * @param {number} score - Compliance score (0-1)
+ * @returns {string} Grade (A, B, C, D, F)
+ */
+export function getComplianceGrade(score: number): string;
+//# sourceMappingURL=spec-validation.d.ts.map

package/dist/validation/spec-validation.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"spec-validation.d.ts","sourceRoot":"","sources":["../../src/validation/spec-validation.js"],"names":[],"mappings":"AAQA;;;;;GAKG;AACH,mEA8HC;AAED;;;;;GAKG;AACH,kFAyWC;AAoCD;;;;;GAKG;AACH,0CAJW,MAAM,eAEJ,MAAM,CAkBlB;AAED;;;;;GAKG;AACH,uCAJW,MAAM,eAEJ,OAAO,CAKnB;AAnED;;;;;;GAMG;AACH,0EAFa,MAAM,CAclB;AAED;;;;GAIG;AACH,0CAHW,MAAM,GACJ,MAAM,CAQlB"}

package/dist/waivers-manager.d.ts

@@ -0,0 +1,167 @@
+export = WaiversManager;
+/**
+ * Waiver Manager Class
+ * Handles waiver creation, validation, expiration, and audit logging
+ */
+declare class WaiversManager {
+    constructor(options?: {});
+    projectRoot: any;
+    waiversDir: string;
+    waiversFile: string;
+    auditLogFile: string;
+    /**
+     * Waiver Schema Definition
+     */
+    getWaiverSchema(): {
+        type: string;
+        required: string[];
+        properties: {
+            id: {
+                type: string;
+                pattern: string;
+                description: string;
+            };
+            title: {
+                type: string;
+                minLength: number;
+                maxLength: number;
+                description: string;
+            };
+            reason: {
+                type: string;
+                enum: string[];
+                description: string;
+            };
+            description: {
+                type: string;
+                minLength: number;
+                maxLength: number;
+                description: string;
+            };
+            gates: {
+                type: string;
+                items: {
+                    type: string;
+                    enum: string[];
+                };
+                minItems: number;
+                description: string;
+            };
+            risk_assessment: {
+                type: string;
+                properties: {
+                    impact_level: {
+                        type: string;
+                        enum: string[];
+                    };
+                    mitigation_plan: {
+                        type: string;
+                        minLength: number;
+                    };
+                    review_required: {
+                        type: string;
+                    };
+                };
+                required: string[];
+            };
+            expires_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+            approved_by: {
+                type: string;
+                description: string;
+            };
+            created_at: {
+                type: string;
+                format: string;
+                description: string;
+            };
+            metadata: {
+                type: string;
+                properties: {
+                    related_pr: {
+                        type: string;
+                    };
+                    related_issue: {
+                        type: string;
+                    };
+                    environment: {
+                        type: string;
+                        enum: string[];
+                    };
+                    urgency: {
+                        type: string;
+                        enum: string[];
+                    };
+                };
+            };
+        };
+    };
+    /**
+     * Create a new waiver
+     */
+    createWaiver(waiverData: any): Promise<{
+        id: string;
+        title: any;
+        reason: any;
+        description: any;
+        gates: any;
+        risk_assessment: any;
+        expires_at: any;
+        approved_by: any;
+        created_at: string;
+        metadata: any;
+    }>;
+    /**
+     * Check if waiver applies to specific gates
+     */
+    checkWaiverCoverage(gatesToCheck: any, context?: {}): Promise<{
+        coveredGates: any[];
+        waiverDetails: {
+            gate: any;
+            waiver_id: any;
+            reason: any;
+            expires_at: any;
+            approved_by: any;
+        }[];
+        allCovered: boolean;
+    }>;
+    /**
+     * Get all active waivers
+     */
+    getActiveWaivers(): Promise<any[]>;
+    /**
+     * Revoke a waiver
+     */
+    revokeWaiver(waiverId: any, reason?: string): Promise<any>;
+    /**
+     * Extend waiver expiration
+     */
+    extendWaiver(waiverId: any, newExpiryDate: any, approvedBy: any): Promise<any>;
+    /**
+     * Get waiver statistics and health metrics
+     */
+    getWaiverStats(): Promise<{
+        total_active: number;
+        by_reason: {};
+        by_risk_level: {};
+        expiring_soon: any[];
+        high_risk: any[];
+        total_gates_waived: number;
+        average_lifespan_days: number;
+    }>;
+    generateWaiverId(): Promise<string>;
+    validateWaiver(waiver: any): {
+        valid: boolean;
+        errors: string[];
+    };
+    checkWaiverConflicts(newWaiver: any): Promise<string[]>;
+    waiverAppliesToContext(waiver: any, context: any): boolean;
+    loadActiveWaivers(): Promise<any[]>;
+    saveActiveWaivers(waivers: any): Promise<void>;
+    auditLog(action: any, waiverId: any, details: any): Promise<void>;
+    flagForReview(waiver: any): Promise<void>;
+}
+//# sourceMappingURL=waivers-manager.d.ts.map

package/dist/waivers-manager.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"waivers-manager.d.ts","sourceRoot":"","sources":["../src/waivers-manager.js"],"names":[],"mappings":";AAaA;;;GAGG;AACH;IACE,0BAUC;IATC,iBAAuD;IACvD,mBAAiE;IACjE,oBAAoE;IACpE,qBAAkE;IAQpE;;OAEG;IACH;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;MAiGC;IAED;;OAEG;IACH;;;;;;;;;;;OA4DC;IAED;;OAEG;IACH;;;;;;;;;;OA+BC;IAED;;OAEG;IACH,mCAgBC;IAED;;OAEG;IACH,2DAeC;IAED;;OAEG;IACH,+EAuBC;IAED;;OAEG;IACH;;;;;;;;OA2DC;IAID,oCAUC;IAED;;;MAkDC;IAED,wDAkBC;IAED,2DAUC;IAED,oCAyCC;IAED,+CAuBC;IAED,kEAaC;IAED,0CA2CC;CACF"}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@paths.design/caws-cli",
-  "version": "5.0.1",
+  "version": "5.1.0",
   "description": "CAWS CLI - Coding Agent Workflow System command line tools",
   "main": "dist/index.js",
   "bin": {

package/templates/apps/tools/caws/prompt-lint.js.backup

@@ -0,0 +1,274 @@
+#!/usr/bin/env node
+
+/**
+ * @fileoverview CAWS Prompt Linter
+ * Validates prompts for secrets and ensures tool allowlist compliance
+ * @author @darianrosebrook
+ */
+
+const fs = require("fs");
+
+/**
+ * Common secret patterns to detect
+ */
+const SECRET_PATTERNS = [
+  // API Keys
+  /api[_-]?key[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+  /x-api-key\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+  /authorization\s*[=:]\s*['"]?(Bearer\s+)?([a-zA-Z0-9_-]{20,})['"]?/gi,
+
+  // Tokens
+  /token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+  /access[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+  /refresh[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+  /auth[_-]?token\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+
+  // Passwords
+  /password\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
+  /passwd\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
+  /pwd\s*[=:]\s*['"]?([a-zA-Z0-9_-]{8,})['"]?/gi,
+
+  // Secrets
+  /secret\s*[=:]\s*['"]?([a-zA-Z0-9_-]{16,})['"]?/gi,
+  /private[_-]?key\s*[=:]\s*['"]?([a-zA-Z0-9_-]{20,})['"]?/gi,
+
+  // Environment variables that might contain secrets
+  /process\.env\.[A-Z_]+_KEY/gi,
+  /process\.env\.[A-Z_]+_TOKEN/gi,
+  /process\.env\.[A-Z_]+_SECRET/gi,
+  /process\.env\.[A-Z_]+_PASSWORD/gi,
+
+  // URLs with potential secrets
+  /https?:\/\/[^/]*@[^/]+/gi,
+
+  // Base64 encoded strings that might be secrets
+  /[A-Za-z0-9+/=]{40,}/g,
+
+  // AWS keys
+  /AKIA[A-Z0-9]{16}/gi,
+
+  // GitHub tokens
+  /ghp_[A-Za-z0-9]{36}/gi,
+  /github_pat_[A-Za-z0-9]{22}/gi,
+
+  // Slack tokens
+  /xoxb-[0-9]+-[0-9]+-[0-9]+-[a-zA-Z0-9]+/gi,
+
+  // Database connection strings
+  /mongodb(\+srv)?:\/\/[^:]+:[^@]+@[^/]+/gi,
+  /postgres:\/\/[^:]+:[^@]+@[^/]+/gi,
+  /mysql:\/\/[^:]+:[^@]+@[^/]+/gi,
+];
+
+/**
+ * Scan file for potential secrets
+ * @param {string} filePath - Path to file to scan
+ * @returns {Array} Array of potential secret matches
+ */
+function scanForSecrets(filePath) {
+  try {
+    const content = fs.readFileSync(filePath, "utf8");
+    const matches = [];
+
+    for (const pattern of SECRET_PATTERNS) {
+      const patternMatches = [...content.matchAll(pattern)];
+      for (const match of patternMatches) {
+        matches.push({
+          file: filePath,
+          line: content.substring(0, match.index).split("\n").length,
+          pattern: pattern.toString(),
+          match: match[0],
+          severity: "high",
+        });
+      }
+    }
+
+    return matches;
+  } catch (error) {
+    console.error(`❌ Error scanning ${filePath}:`, error.message);
+    return [];
+  }
+}
+
+/**
+ * Validate tools against allowlist
+ * @param {Array} tools - Tools used in prompts
+ * @param {Array} allowlist - Allowed tools
+ * @returns {Array} Array of violations
+ */
+function validateToolAllowlist(tools, allowlist) {
+  const violations = [];
+
+  for (const tool of tools) {
+    if (!allowlist.includes(tool)) {
+      violations.push({
+        tool,
+        severity: "high",
+        message: `Tool "${tool}" not in allowlist`,
+      });
+    }
+  }
+
+  return violations;
+}
+
+/**
+ * Extract tools from prompt content
+ * @param {string} content - Prompt content
+ * @returns {Array} Array of tools mentioned
+ */
+function extractTools(content) {
+  const tools = [];
+
+  // Common tool patterns
+  const toolPatterns = [
+    /using\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
+    /(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)\s+command/gi,
+    /execute\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
+    /run\s+(node|npm|yarn|pnpm|git|docker|kubectl|aws|azure|gcloud)/gi,
+  ];
+
+  for (const pattern of toolPatterns) {
+    const matches = [...content.matchAll(pattern)];
+    for (const match of matches) {
+      const tool = match[1] || match[0];
+      if (!tools.includes(tool)) {
+        tools.push(tool);
+      }
+    }
+  }
+
+  return tools;
+}
+
+/**
+ * Lint prompts for security and compliance
+ * @param {Array} promptFiles - Array of prompt file paths
+ * @param {Array} allowlist - Allowed tools
+ * @returns {Object} Lint results
+ */
+function lintPrompts(promptFiles, allowlist) {
+  const results = {
+    secrets: [],
+    violations: [],
+    cleanFiles: 0,
+    totalFiles: promptFiles.length,
+  };
+
+  for (const file of promptFiles) {
+    if (!fs.existsSync(file)) {
+      console.warn(`⚠️  Prompt file not found: ${file}`);
+      continue;
+    }
+
+    // Scan for secrets
+    const secretMatches = scanForSecrets(file);
+    results.secrets.push(...secretMatches);
+
+    // Extract and validate tools
+    const content = fs.readFileSync(file, "utf8");
+    const tools = extractTools(content);
+    const toolViolations = validateToolAllowlist(tools, allowlist);
+    results.violations.push(...toolViolations.map((v) => ({ ...v, file })));
+
+    // Check if file is clean
+    if (secretMatches.length === 0 && toolViolations.length === 0) {
+      results.cleanFiles++;
+    }
+  }
+
+  return results;
+}
+
+/**
+ * Load tool allowlist from file
+ * @param {string} allowlistPath - Path to allowlist file
+ * @returns {Array} Array of allowed tools
+ */
+function loadAllowlist(allowlistPath) {
+  try {
+    if (!fs.existsSync(allowlistPath)) {
+      console.warn(`⚠️  Allowlist file not found: ${allowlistPath}`);
+      return [];
+    }
+
+    const content = fs.readFileSync(allowlistPath, "utf8");
+    return JSON.parse(content);
+  } catch (error) {
+    console.error(`❌ Error loading allowlist:`, error.message);
+    return [];
+  }
+}
+
+// CLI interface
+if (require.main === module) {
+  const promptFiles = process.argv.slice(2);
+  const allowlistArg = process.argv
+    .find((arg) => arg.startsWith("--allowlist="))
+    ?.split("=")[1];
+  const allowlistPath = allowlistArg || ".agent/tools-allow.json";
+
+  if (promptFiles.length === 0) {
+    console.log("CAWS Prompt Linter");
+    console.log(
+      "Usage: node prompt-lint.js <prompt-file1> [prompt-file2] ... [options]"
+    );
+    console.log("Options:");
+    console.log(
+      "  --allowlist=<path>  Path to tools allowlist file (default: .agent/tools-allow.json)"
+    );
+    process.exit(1);
+  }
+
+  // Load allowlist
+  const allowlist = loadAllowlist(allowlistPath);
+
+  console.log("🔍 Linting prompts for security and compliance...");
+  console.log(`📁 Allowlist loaded: ${allowlist.length} tools`);
+  console.log(`📄 Scanning ${promptFiles.length} files...`);
+
+  // Lint prompts
+  const results = lintPrompts(promptFiles, allowlist);
+
+  // Report results
+  if (results.secrets.length > 0) {
+    console.log("\n🚨 POTENTIAL SECRETS DETECTED:");
+    results.secrets.forEach((secret, index) => {
+      console.log(
+        `  ${index + 1}. ${secret.file}:${
+          secret.line
+        } - ${secret.match.substring(0, 50)}...`
+      );
+    });
+  }
+
+  if (results.violations.length > 0) {
+    console.log("\n⚠️  TOOL VIOLATIONS:");
+    results.violations.forEach((violation, index) => {
+      console.log(`  ${index + 1}. ${violation.file} - ${violation.message}`);
+    });
+  }
+
+  console.log("\n📊 SUMMARY:");
+  console.log(`   - Files scanned: ${results.totalFiles}`);
+  console.log(`   - Clean files: ${results.cleanFiles}`);
+  console.log(`   - Secrets found: ${results.secrets.length}`);
+  console.log(`   - Violations: ${results.violations.length}`);
+
+  // Exit with error if issues found
+  if (results.secrets.length > 0 || results.violations.length > 0) {
+    console.log("\n❌ Linting failed - security issues detected");
+    process.exit(1);
+  }
+
+  console.log("✅ All prompts passed security checks");
+  process.exit(0);
+}
+
+module.exports = {
+  scanForSecrets,
+  validateToolAllowlist,
+  extractTools,
+  lintPrompts,
+  loadAllowlist,
+};

package/templates/apps/tools/caws/provenance.js.backup

@@ -0,0 +1,73 @@
+#!/usr/bin/env node
+
+/**
+ * @fileoverview CAWS Provenance Tracker - Real Implementation
+ * @author @darianrosebrook
+ */
+
+const fs = require('fs');
+const path = require('path');
+const crypto = require('crypto');
+const { execSync } = require('child_process');
+
+/**
+ * Generate comprehensive provenance data for CAWS operations
+ * @param {Object} options - Configuration options
+ * @returns {Object} Complete provenance record
+ */
+function generateProvenance(options = {}) {
+  const projectRoot = options.projectRoot || process.cwd();
+
+  return {
+    // Agent and model information
+    agent: options.agent || 'caws-cli',
+    model: options.model || 'cli-interactive',
+    model_hash: options.modelHash || generateModelHash(),
+
+    // Tool and security information
+    tool_allowlist: options.toolAllowlist || generateToolAllowlist(projectRoot),
+    prompts: options.prompts || [],
+
+    // Git and version control information
+    commit: getCurrentCommit(projectRoot),
+    branch: getCurrentBranch(projectRoot),
+    repository: getRepositoryInfo(projectRoot),
+
+    // File and artifact information
+    artifacts: generateArtifactList(projectRoot),
+    dependencies: generateDependencyInfo(projectRoot),
+
+    // Execution results and metadata
+    results: options.results || {},
+    approvals: options.approvals || [],
+    execution_context: generateExecutionContext(),
+
+    // Security and integrity
+    integrity: generateIntegrityInfo(),
+
+    // Timestamps and versioning
+    timestamp: new Date().toISOString(),
+    version: require(path.join(projectRoot, 'package.json')).version || '1.0.0',
+    provenance_hash: generateProvenanceHash(),
+
+    // Build and deployment information
+    build_info: generateBuildInfo(projectRoot),
+
+    // Change tracking
+    change_summary: generateChangeSummary(projectRoot),
+  };
+}
+
+// Mock provenance saving
+function saveProvenance(provenance, filepath) {
+  const dir = path.dirname(filepath);
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true });
+  }
+  fs.writeFileSync(filepath, JSON.stringify(provenance, null, 2));
+}
+
+module.exports = {
+  generateProvenance,
+  saveProvenance,
+};