npm - @polymorphism-tech/morph-spec - Versions diffs - 4.8.19 → 4.10.0 - Mend

@polymorphism-tech/morph-spec 4.8.19 → 4.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/src/lib/tracking/artifact-trail.js DELETED Viewed

@@ -1,202 +0,0 @@
-/**
- * Artifact Trail — Debugging trail system
- *
- * Creates checkpoint artifact directories and saves:
- * - Intermediate files (spec drafts, contract drafts)
- * - Agent reasoning logs
- * - Validator output logs
- * - Failure artifacts on checkpoint failure
- *
- * Structure:
- *   .morph/features/{feature}/artifacts/
- *     checkpoint-{n}/
- *       spec-draft.md
- *       contracts-draft.cs
- *       agent-reasoning.json
- *       validator-output.json
- *     checkpoint-{n}/failures/
- *       failure-detail.json
- */
-import { readFileSync, writeFileSync, existsSync, mkdirSync, readdirSync } from 'fs';
-import { join } from 'path';
-const BASE_DIR = join(process.cwd(), '.morph/features');
-// ============================================================================
-// Path Helpers
-// ============================================================================
-function artifactsDir(feature) {
-  return join(BASE_DIR, feature, 'artifacts');
-}
-function checkpointDir(feature, checkpointNum) {
-  return join(artifactsDir(feature), `checkpoint-${checkpointNum}`);
-}
-function failuresDir(feature, checkpointNum) {
-  return join(checkpointDir(feature, checkpointNum), 'failures');
-}
-function ensureDir(dir) {
-  if (!existsSync(dir)) {
-    mkdirSync(dir, { recursive: true });
-  }
-  return dir;
-}
-// ============================================================================
-// Checkpoint Artifacts
-// ============================================================================
-/**
- * Initialize a checkpoint artifact directory
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @returns {string} Path to checkpoint directory
- */
-export function initCheckpointArtifacts(feature, checkpointNum) {
-  const dir = checkpointDir(feature, checkpointNum);
-  ensureDir(dir);
-  const manifest = {
-    feature,
-    checkpointNum,
-    createdAt: new Date().toISOString(),
-    files: []
-  };
-  writeFileSync(join(dir, 'manifest.json'), JSON.stringify(manifest, null, 2), 'utf8');
-  return dir;
-}
-/**
- * Save an intermediate artifact file to a checkpoint directory
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @param {string} filename - File name (e.g., 'spec-draft.md')
- * @param {string} content - File content
- * @returns {string} Full path to saved file
- */
-export function saveArtifact(feature, checkpointNum, filename, content) {
-  const dir = ensureDir(checkpointDir(feature, checkpointNum));
-  const filePath = join(dir, filename);
-  writeFileSync(filePath, content, 'utf8');
-  // Update manifest
-  const manifestPath = join(dir, 'manifest.json');
-  if (existsSync(manifestPath)) {
-    const manifest = JSON.parse(readFileSync(manifestPath, 'utf8'));
-    if (!manifest.files.includes(filename)) {
-      manifest.files.push(filename);
-      manifest.updatedAt = new Date().toISOString();
-      writeFileSync(manifestPath, JSON.stringify(manifest, null, 2), 'utf8');
-    }
-  }
-  return filePath;
-}
-/**
- * Save agent reasoning log
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @param {Object} reasoning - Agent reasoning data
- */
-export function saveAgentReasoning(feature, checkpointNum, reasoning) {
-  const entry = {
-    timestamp: new Date().toISOString(),
-    ...reasoning
-  };
-  saveArtifact(feature, checkpointNum, 'agent-reasoning.json', JSON.stringify(entry, null, 2));
-}
-/**
- * Save validator output log
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @param {Object} validatorOutput - Validator results
- */
-export function saveValidatorOutput(feature, checkpointNum, validatorOutput) {
-  const entry = {
-    timestamp: new Date().toISOString(),
-    ...validatorOutput
-  };
-  saveArtifact(feature, checkpointNum, 'validator-output.json', JSON.stringify(entry, null, 2));
-}
-// ============================================================================
-// Failure Artifacts
-// ============================================================================
-/**
- * Save failure artifacts when a checkpoint fails
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @param {Object} failure - Failure details
- * @param {string} failure.reason - Failure reason
- * @param {Array} failure.errors - Array of error objects
- * @param {number} failure.attemptNumber - Which retry attempt (1-3)
- */
-export function saveFailureArtifacts(feature, checkpointNum, failure) {
-  const dir = ensureDir(failuresDir(feature, checkpointNum));
-  const filename = `failure-attempt-${failure.attemptNumber || 1}.json`;
-  const entry = {
-    feature,
-    checkpointNum,
-    timestamp: new Date().toISOString(),
-    ...failure
-  };
-  writeFileSync(join(dir, filename), JSON.stringify(entry, null, 2), 'utf8');
-  return join(dir, filename);
-}
-/**
- * Get all failure artifacts for a checkpoint
- * @param {string} feature - Feature name
- * @param {number} checkpointNum - Checkpoint number
- * @returns {Array} Array of failure records
- */
-export function getFailureArtifacts(feature, checkpointNum) {
-  const dir = failuresDir(feature, checkpointNum);
-  if (!existsSync(dir)) return [];
-  const files = readdirSync(dir).filter(f => f.endsWith('.json'));
-  return files.map(f => {
-    try {
-      return JSON.parse(readFileSync(join(dir, f), 'utf8'));
-    } catch {
-      return null;
-    }
-  }).filter(Boolean);
-}
-/**
- * List all checkpoints for a feature
- * @param {string} feature - Feature name
- * @returns {Array} Array of checkpoint info objects
- */
-export function listCheckpointArtifacts(feature) {
-  const dir = artifactsDir(feature);
-  if (!existsSync(dir)) return [];
-  try {
-    return readdirSync(dir, { withFileTypes: true })
-      .filter(d => d.isDirectory() && d.name.startsWith('checkpoint-'))
-      .map(d => {
-        const checkpointPath = join(dir, d.name);
-        const manifestPath = join(checkpointPath, 'manifest.json');
-        if (existsSync(manifestPath)) {
-          return JSON.parse(readFileSync(manifestPath, 'utf8'));
-        }
-        return { name: d.name, path: checkpointPath };
-      });
-  } catch {
-    return [];
-  }
-}

package/src/sanitizer/context-sanitizer.js DELETED Viewed

@@ -1,221 +0,0 @@
-/**
- * @fileoverview ContextSanitizer - Sanitizes project context before sending to LLM
- * @module morph-spec/sanitizer/context-sanitizer
- */
-import { minimatch } from 'minimatch';
-import {
-  WHITELIST_FILES,
-  BLACKLIST_DIRECTORIES,
-  BLACKLIST_FILES,
-  SECRET_PATTERNS,
-  MAX_FILE_SIZE,
-  MAX_SUMMARY_LENGTH
-} from './patterns.js';
-/**
- * @typedef {import('../types/index.js').ProjectContext} ProjectContext
- * @typedef {import('../types/index.js').SanitizedContext} SanitizedContext
- */
-/**
- * ContextSanitizer - Removes secrets and sensitive data before LLM analysis
- * Implements hybrid whitelist/blacklist approach per ADR-004
- * @class
- */
-export class ContextSanitizer {
-  /**
-   * Sanitize project context (remove secrets, truncate files)
-   * @param {ProjectContext} context - Raw project context
-   * @returns {SanitizedContext}
-   */
-  sanitize(context) {
-    // Sanitize package.json (remove private fields, redact secrets)
-    const sanitizedPackageJson = this.sanitizePackageJson(context.packageJson);
-    // Extract only filenames from .csproj paths (not full content)
-    const csprojFilenames = context.csprojFiles.map(path => path.split('/').pop());
-    // Truncate README and CLAUDE.md to first 500 chars
-    const readmeSummary = context.readme
-      ? this.truncateText(context.readme, MAX_SUMMARY_LENGTH)
-      : null;
-    const claudeMdSummary = context.claudeMd
-      ? this.truncateText(context.claudeMd, MAX_SUMMARY_LENGTH)
-      : null;
-    // Sanitize infrastructure summary (remove secrets, just count files)
-    const infraSummary = {
-      dockerfilesCount: context.infraFiles.dockerfiles.length,
-      dockerComposeCount: context.infraFiles.dockerComposeFiles.length,
-      bicepFilesCount: context.infraFiles.bicepFiles.length,
-      pipelinesCount: context.infraFiles.pipelines.length,
-      hasAzure: context.infraFiles.hasAzure,
-      hasDocker: context.infraFiles.hasDocker,
-      hasDevOps: context.infraFiles.hasDevOps
-    };
-    // Extract git remote domain only (not full URL with credentials)
-    const gitRemoteDomain = context.gitRemote
-      ? this.extractDomain(context.gitRemote)
-      : null;
-    // Estimate total files (approximate)
-    const totalFiles = context.structure.topLevelDirs.length * 10; // rough estimate
-    return {
-      packageJson: sanitizedPackageJson,
-      csprojFilenames,
-      hasSolution: context.solutionFile !== null,
-      readmeSummary,
-      claudeMdSummary,
-      structure: context.structure,
-      infraSummary,
-      gitRemoteDomain,
-      totalFiles
-    };
-  }
-  /**
-   * Sanitize package.json - remove private fields and redact secrets
-   * @param {Object|null} packageJson - Raw package.json
-   * @returns {Object}
-   */
-  sanitizePackageJson(packageJson) {
-    if (!packageJson) {
-      return {};
-    }
-    // Keep only safe fields
-    const safe = {
-      name: packageJson.name || 'unknown',
-      version: packageJson.version,
-      description: packageJson.description,
-      type: packageJson.type,
-      engines: packageJson.engines
-    };
-    // Include dependencies (names only, no versions for simplicity)
-    if (packageJson.dependencies) {
-      safe.dependencies = Object.keys(packageJson.dependencies);
-    }
-    if (packageJson.devDependencies) {
-      safe.devDependencies = Object.keys(packageJson.devDependencies);
-    }
-    // Include scripts (but redact any that might contain secrets)
-    if (packageJson.scripts) {
-      safe.scripts = {};
-      for (const [key, value] of Object.entries(packageJson.scripts)) {
-        safe.scripts[key] = this.redactSecrets(value);
-      }
-    }
-    return safe;
-  }
-  /**
-   * Detect and redact secrets from text
-   * @param {string} text - Text to sanitize
-   * @returns {string} Sanitized text
-   */
-  redactSecrets(text) {
-    if (!text || typeof text !== 'string') {
-      return text;
-    }
-    let sanitized = text;
-    // Apply all secret patterns
-    for (const pattern of SECRET_PATTERNS) {
-      sanitized = sanitized.replace(pattern.regex, pattern.replacement);
-    }
-    return sanitized;
-  }
-  /**
-   * Check if file should be excluded from LLM analysis
-   * @param {string} filepath - File path (relative or absolute)
-   * @returns {boolean} True if file should be excluded
-   */
-  shouldExcludeFile(filepath) {
-    const normalizedPath = filepath.replace(/\\/g, '/');
-    // Check if path contains blacklisted directory
-    for (const blacklistDir of BLACKLIST_DIRECTORIES) {
-      if (normalizedPath.includes(`/${blacklistDir}/`) || normalizedPath.startsWith(`${blacklistDir}/`)) {
-        return true;
-      }
-    }
-    // Check if filename matches blacklist pattern
-    const filename = normalizedPath.split('/').pop();
-    for (const pattern of BLACKLIST_FILES) {
-      if (minimatch(filename, pattern, { nocase: true })) {
-        return true;
-      }
-    }
-    return false;
-  }
-  /**
-   * Check if file is whitelisted for reading
-   * @param {string} filepath - File path
-   * @returns {boolean} True if file is whitelisted
-   */
-  isWhitelisted(filepath) {
-    const normalizedPath = filepath.replace(/\\/g, '/');
-    const filename = normalizedPath.split('/').pop();
-    for (const pattern of WHITELIST_FILES) {
-      if (minimatch(filename, pattern, { nocase: true })) {
-        return true;
-      }
-      // Also check full path for patterns like ".github/workflows/*.yml"
-      if (minimatch(normalizedPath, pattern, { nocase: true })) {
-        return true;
-      }
-    }
-    return false;
-  }
-  /**
-   * Truncate text to maximum length
-   * @param {string} text - Text to truncate
-   * @param {number} maxLength - Maximum length
-   * @returns {string} Truncated text
-   */
-  truncateText(text, maxLength) {
-    if (!text || text.length <= maxLength) {
-      return text;
-    }
-    return text.substring(0, maxLength) + '... [truncated]';
-  }
-  /**
-   * Extract domain from git remote URL
-   * @param {string} url - Git remote URL
-   * @returns {string|null} Domain only (e.g., "github.com")
-   */
-  extractDomain(url) {
-    try {
-      // Handle SSH format: git@github.com:user/repo.git
-      if (url.startsWith('git@')) {
-        const match = url.match(/git@([^:]+):/);
-        return match ? match[1] : null;
-      }
-      // Handle HTTPS format: https://github.com/user/repo.git
-      const urlObj = new URL(url);
-      return urlObj.hostname;
-    } catch (error) {
-      return null;
-    }
-  }
-}

package/src/sanitizer/patterns.js DELETED Viewed

@@ -1,163 +0,0 @@
-/**
- * @fileoverview Sanitization patterns - Whitelists, Blacklists, Secret patterns
- * @module morph-spec/sanitizer/patterns
- */
-/**
- * Whitelist: Files explicitly allowed to be read and sent to LLM
- */
-export const WHITELIST_FILES = [
-  'package.json',
-  'package-lock.json',
-  'yarn.lock',
-  'pnpm-lock.yaml',
-  '*.csproj',
-  '*.sln',
-  'README.md',
-  'CLAUDE.md',
-  'Dockerfile',
-  'docker-compose.yml',
-  'docker-compose.*.yml',
-  '*.bicep',
-  'azure-pipelines.yml',
-  '.github/workflows/*.yml',
-  '.gitlab-ci.yml',
-  'tsconfig.json',
-  'jsconfig.json',
-  '.eslintrc*',
-  '.prettierrc*',
-  'vite.config.*',
-  'next.config.*',
-  'nuxt.config.*'
-];
-/**
- * Blacklist: Directories to NEVER scan or read
- */
-export const BLACKLIST_DIRECTORIES = [
-  'node_modules',
-  '.git',
-  '.svn',
-  '.hg',
-  'bin',
-  'obj',
-  'dist',
-  'build',
-  'out',
-  '.next',
-  '.nuxt',
-  'coverage',
-  '__pycache__',
-  '.pytest_cache',
-  'venv',
-  'env',
-  '.venv',
-  '.env.*',
-  'temp',
-  'tmp',
-  '.cache'
-];
-/**
- * Blacklist: File patterns to NEVER read (even if matched by whitelist)
- */
-export const BLACKLIST_FILES = [
-  '.env',
-  '.env.local',
-  '.env.*.local',
-  '.env.production',
-  '*.key',
-  '*.pem',
-  '*.pfx',
-  '*.p12',
-  '*.cert',
-  '*.crt',
-  '*secret*',
-  '*password*',
-  '*credentials*',
-  '*token*',
-  'secrets.json',
-  'appsettings.Production.json',
-  'appsettings.Staging.json',
-  '*.log',
-  '*.sqlite',
-  '*.db'
-];
-/**
- * Secret patterns to redact from file contents
- * Each pattern has: regex, replacement text, description
- */
-export const SECRET_PATTERNS = [
-  {
-    name: 'api-key',
-    regex: /(?:api[_-]?key|apikey|api[_-]?secret)[\s:=]+["']?([a-zA-Z0-9_\-]{20,})["']?/gi,
-    replacement: 'API_KEY=***REDACTED***',
-    description: 'API keys'
-  },
-  {
-    name: 'bearer-token',
-    regex: /(?:bearer|authorization)[\s:=]+["']?([a-zA-Z0-9_\-\.]{20,})["']?/gi,
-    replacement: 'Bearer ***REDACTED***',
-    description: 'Bearer tokens'
-  },
-  {
-    name: 'connection-string',
-    regex: /(?:connection[_-]?string|connectionstring)[\s:=]+["']?([^"'\n]{30,})["']?/gi,
-    replacement: 'ConnectionString=***REDACTED***',
-    description: 'Connection strings'
-  },
-  {
-    name: 'sql-password',
-    regex: /(?:password|pwd)=([^;"\s]{6,})/gi,
-    replacement: 'Password=***REDACTED***',
-    description: 'SQL passwords in connection strings'
-  },
-  {
-    name: 'azure-key',
-    regex: /(?:account[_-]?key|accountkey)[\s:=]+["']?([a-zA-Z0-9+/=]{40,})["']?/gi,
-    replacement: 'AccountKey=***REDACTED***',
-    description: 'Azure Storage Account Keys'
-  },
-  {
-    name: 'jwt-secret',
-    regex: /(?:jwt[_-]?secret|jwtsecret)[\s:=]+["']?([a-zA-Z0-9_\-]{16,})["']?/gi,
-    replacement: 'JwtSecret=***REDACTED***',
-    description: 'JWT secrets'
-  },
-  {
-    name: 'private-key',
-    regex: /-----BEGIN (?:RSA |EC )?PRIVATE KEY-----[\s\S]+?-----END (?:RSA |EC )?PRIVATE KEY-----/gi,
-    replacement: '-----BEGIN PRIVATE KEY-----\n***REDACTED***\n-----END PRIVATE KEY-----',
-    description: 'Private keys (PEM format)'
-  },
-  {
-    name: 'github-token',
-    regex: /gh[pousr]_[a-zA-Z0-9]{36,}/gi,
-    replacement: 'ghp_***REDACTED***',
-    description: 'GitHub personal access tokens'
-  },
-  {
-    name: 'npm-token',
-    regex: /npm_[a-zA-Z0-9]{36,}/gi,
-    replacement: 'npm_***REDACTED***',
-    description: 'NPM tokens'
-  },
-  {
-    name: 'generic-secret',
-    regex: /(?:secret|password|pwd|pass|token)[\s:=]+["']([^"'\n]{8,})["']/gi,
-    replacement: 'secret=***REDACTED***',
-    description: 'Generic secrets'
-  }
-];
-/**
- * Maximum file size to include (50KB)
- * Files larger than this are truncated with a summary
- */
-export const MAX_FILE_SIZE = 50 * 1024; // 50KB
-/**
- * Maximum content length for README/CLAUDE.md summaries
- */
-export const MAX_SUMMARY_LENGTH = 500; // 500 chars