@prodcycle/prodcycle 0.6.0 → 0.6.2

package/dist/cli.d.ts

@@ -13,3 +13,40 @@
  * by hand.
  */
 export declare function isCiEnvironment(env?: NodeJS.ProcessEnv): boolean;
+/**
+ * Resolve the files to scan for a `hook` invocation. Supports:
+ *   - `--file <path>` — read that file from disk
+ *   - stdin: `{"files": {path: content}}` (same as gate)
+ *   - stdin: `{"file_path": "...", "content": "..."}` (single file)
+ *   - stdin: Claude Code PostToolUse shape —
+ *       `{"tool_input": {"file_path": "...", "content"|"new_string": "..."}}`
+ *     When only `file_path` is given and we can read the file, we do.
+ */
+/**
+ * Convert the user-supplied `--file <path>` value into a repo-relative key.
+ *
+ * The compliance API rejects absolute paths (`File path must be relative`).
+ * Two failure modes the naive implementation hit on macOS:
+ *
+ *   1. Absolute paths under cwd silently became cryptic 400s. Fixed by
+ *      `path.relative(cwd, absolute)` — works on Linux.
+ *   2. macOS `/tmp` is a symlink to `/private/tmp`. `path.resolve()` does
+ *      NOT follow symlinks, but `process.cwd()` returns the physical path
+ *      via the kernel's `getcwd()`. Result: `path.resolve('/tmp/repo/x')`
+ *      = `/tmp/repo/x` while cwd is `/private/tmp/repo`, so the relative
+ *      path is `../../../tmp/repo/x` and the file is incorrectly rejected
+ *      as "outside cwd" — exactly the agent-hook scenario this targets.
+ *      Fix: realpath both sides before comparing.
+ *
+ * Pure function (no fs I/O of its own, no `process.exit`) so it's directly
+ * unit-testable. Caller passes the original input, the realpath of the
+ * resolved file (`fs.realpathSync(path.resolve(filePath))`), and the
+ * realpath of cwd. Tests construct realpath inputs themselves.
+ */
+export declare function resolveHookFileKey(inputPath: string, realpathFile: string, realpathCwd: string): {
+    ok: true;
+    key: string;
+} | {
+    ok: false;
+    error: string;
+};

package/dist/cli.js

@@ -35,6 +35,7 @@ var __importStar = (this && this.__importStar) || (function () {
 })();
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.isCiEnvironment = isCiEnvironment;
+exports.resolveHookFileKey = resolveHookFileKey;
 const commander_1 = require("commander");
 const child_process_1 = require("child_process");
 const fs = __importStar(require("fs"));
@@ -237,14 +238,14 @@ program
 program
     .command('gate')
     .description('Evaluate a JSON payload of files from stdin (low-latency hook endpoint)')
-    .option('--framework <ids>', 'Comma-separated framework IDs to evaluate', 'soc2')
+    .option('--framework <ids>', 'Comma-separated framework IDs to evaluate', 'soc2,hipaa,nist-csf')
     .option('--format <format>', 'Output format: json, sarif, table, prompt', 'prompt')
     .option('--output <file>', 'Write report to file')
     .option('--api-url <url>', 'Compliance API base URL (or PC_API_URL env)')
     .option('--api-key <key>', 'API key for compliance API (or PC_API_KEY env)')
     .action(async (opts) => {
     try {
-        const frameworks = parseList(opts.framework) ?? ['soc2'];
+        const frameworks = parseList(opts.framework) ?? ['soc2', 'hipaa', 'nist-csf'];
         const format = (opts.format ?? 'prompt');
         const stdin = await readStdin();
         if (!stdin.trim()) {
@@ -331,7 +332,7 @@ program
 program
     .command('hook')
     .description('Run as coding-agent post-edit hook (reads stdin or --file)')
-    .option('--framework <ids>', 'Comma-separated framework IDs to evaluate', 'soc2')
+    .option('--framework <ids>', 'Comma-separated framework IDs to evaluate', 'soc2,hipaa,nist-csf')
     .option('--format <format>', 'Output format: json, sarif, table, prompt', 'prompt')
     .option('--file <path>', 'Scan this file from disk (alternative to reading content from stdin)')
     .option('--fail-on <levels>', 'Severities that cause non-zero exit', 'critical,high')
@@ -340,7 +341,7 @@ program
     .option('--api-key <key>', 'API key for compliance API (or PC_API_KEY env)')
     .action(async (opts) => {
     try {
-        const frameworks = parseList(opts.framework) ?? ['soc2'];
+        const frameworks = parseList(opts.framework) ?? ['soc2', 'hipaa', 'nist-csf'];
         const format = (opts.format ?? 'prompt');
         const files = await collectHookFiles(opts.file);
         if (!files || Object.keys(files).length === 0) {
@@ -371,6 +372,43 @@ program
  *       `{"tool_input": {"file_path": "...", "content"|"new_string": "..."}}`
  *     When only `file_path` is given and we can read the file, we do.
  */
+/**
+ * Convert the user-supplied `--file <path>` value into a repo-relative key.
+ *
+ * The compliance API rejects absolute paths (`File path must be relative`).
+ * Two failure modes the naive implementation hit on macOS:
+ *
+ *   1. Absolute paths under cwd silently became cryptic 400s. Fixed by
+ *      `path.relative(cwd, absolute)` — works on Linux.
+ *   2. macOS `/tmp` is a symlink to `/private/tmp`. `path.resolve()` does
+ *      NOT follow symlinks, but `process.cwd()` returns the physical path
+ *      via the kernel's `getcwd()`. Result: `path.resolve('/tmp/repo/x')`
+ *      = `/tmp/repo/x` while cwd is `/private/tmp/repo`, so the relative
+ *      path is `../../../tmp/repo/x` and the file is incorrectly rejected
+ *      as "outside cwd" — exactly the agent-hook scenario this targets.
+ *      Fix: realpath both sides before comparing.
+ *
+ * Pure function (no fs I/O of its own, no `process.exit`) so it's directly
+ * unit-testable. Caller passes the original input, the realpath of the
+ * resolved file (`fs.realpathSync(path.resolve(filePath))`), and the
+ * realpath of cwd. Tests construct realpath inputs themselves.
+ */
+function resolveHookFileKey(inputPath, realpathFile, realpathCwd) {
+    if (!path.isAbsolute(inputPath)) {
+        // Relative input passes through verbatim — no symlink ambiguity.
+        return { ok: true, key: inputPath };
+    }
+    const relative = path.relative(realpathCwd, realpathFile);
+    if (relative.startsWith('..') || path.isAbsolute(relative)) {
+        return {
+            ok: false,
+            error: `hook: --file ${inputPath} is outside the current directory ` +
+                `(${realpathCwd}). Pass a path relative to the repo root, or ` +
+                `cd into the repo first.`,
+        };
+    }
+    return { ok: true, key: relative };
+}
 async function collectHookFiles(filePath) {
     if (filePath) {
         const absolute = path.resolve(filePath);
@@ -379,7 +417,17 @@ async function collectHookFiles(filePath) {
             process.exit(2);
         }
         const content = fs.readFileSync(absolute, 'utf8');
-        return { [filePath]: content };
+        // Realpath both sides so the macOS `/tmp → /private/tmp` symlink doesn't
+        // make a valid agent-hook path (e.g. `/tmp/repo/main.tf`) appear outside
+        // cwd. See `resolveHookFileKey` JSDoc for the full rationale.
+        const realpathFile = fs.realpathSync(absolute);
+        const realpathCwd = fs.realpathSync(process.cwd());
+        const resolved = resolveHookFileKey(filePath, realpathFile, realpathCwd);
+        if (!resolved.ok) {
+            console.error(resolved.error);
+            process.exit(2);
+        }
+        return { [resolved.key]: content };
     }
     const stdin = await readStdin();
     if (!stdin.trim()) {

package/dist/index.d.ts

@@ -4,13 +4,10 @@ export * from './formatters/table';
 export * from './formatters/prompt';
 export * from './formatters/sarif';
 /**
- * Set when the server-side scanner threw and the API was configured to
+ * Set when the upstream scanner threw and the service was configured to
  * fail closed (the default). When this is present, callers MUST treat
  * `passed: false` as "scanner unavailable — cannot certify compliance"
- * rather than "code is dirty." Mirrors the API's `ScannerErrorInfo`
- * shape; see `packages/compliance-code-scanner/api/src/domain/services/
- * compliance-scan.service.ts` (`ScannerErrorInfo`) for the field
- * contract.
+ * rather than "code is dirty."
  *
  * Without this surfaced to the CLI's --output JSON, a benchmark or CI
  * report shows `passed: false, findings: []` and the user can't tell

package/dist/utils/fs.js

@@ -58,21 +58,18 @@ const MAX_TOTAL_FILES = (() => {
     return Number.isFinite(parsed) && parsed > 0 ? parsed : 50_000;
 })();
 /**
- * Extensions and exact filenames the server-side `isScannable` filter
- * accepts. Pre-filtering client-side avoids:
+ * Extensions and exact filenames the upstream scanner accepts. Pre-
+ * filtering client-side avoids:
  *   - bloating the wire payload with images / fonts / docs / archives
- *     that the API just drops on receipt
+ *     that the service just drops on receipt
  *   - hitting MAX_TOTAL_FILES on repos like hapi-fhir or the Linux
  *     kernel where most files are not scannable
  *
- * Keep in lock-step with `api/src/domain/services/compliance-scan.service.ts`:
- *   - APPLICATION_CODE_EXTENSIONS (the source-code allowlist)
- *   - INFRASTRUCTURE_EXTENSIONS (.tf, .yaml, .yml, .json, .sql)
- *   - INFRASTRUCTURE_FILENAMES (dockerfile, .env)
- *
- * Files outside this set are skipped during walk. Source-of-truth is
- * the server filter; this is just an optimization so we don't pay the
- * wire cost for files the server will reject anyway.
+ * The upstream allowlist is the source of truth — this set is an
+ * optimization, not a security boundary. Drift between the two sets
+ * is benign (extra entries here just send files the service will
+ * drop; missing entries here just send extra non-scannable files).
+ * The lockstep contract is enforced by `lockstep-fs.test.mjs`.
  */
 const SCANNABLE_EXTENSIONS = new Set([
     // Application code (must mirror APPLICATION_CODE_EXTENSIONS in the API)
@@ -106,8 +103,9 @@ const SCANNABLE_FILENAMES = new Set([
     '.env',
 ]);
 /**
- * Directories skipped unconditionally. Kept in parity with
- * `packages/compliance-code-scanner/src/ignore-utils.ts`.
+ * Directories skipped unconditionally. Kept in parity with the upstream
+ * scanner's directory blocklist; the lockstep contract is enforced by
+ * `lockstep-fs.test.mjs`.
  */
 const SKIP_DIRS = new Set([
     'node_modules',
@@ -162,11 +160,37 @@ const SKIP_FILE_NAMES = new Set([
  * (see server-side fix in ignore-utils.ts).
  */
 function loadGitignore(repoPath) {
+    return readIgnoreFile(path.join(repoPath, '.gitignore'));
+}
+/**
+ * Load .prodcycleignore patterns from the repo root. Same gitignore-style
+ * syntax as `.gitignore`, applied additively on top of it.
+ *
+ * Use case: opt-in suppression for files that should be skipped at scan
+ * time but kept in version control. Concrete motivating cases from the
+ * OSS-bench sweep:
+ *
+ *   - `gitleaks/cmd/generate/config/rules/aws.go` (and siblings) — scanner
+ *     rule definitions embed example credentials inside Go struct literals
+ *     (e.g. `AKIA[0-9A-Z]{16}` as a regex pattern); the SOC2/HIPAA
+ *     hardcoded-credential rule has no way to distinguish those from real
+ *     creds.
+ *   - `bandit/.../extension_loader.py` (and siblings) — same FP class:
+ *     scanner source ships representative credential-shape patterns as
+ *     Python string literals.
+ *
+ * Patterns in `.prodcycleignore` are also dropped if they start with `!`
+ * (same negation-handling limitation as `.gitignore` here — the simple
+ * minimatch path doesn't have gitignore's re-include semantics).
+ */
+function loadProdcycleIgnore(repoPath) {
+    return readIgnoreFile(path.join(repoPath, '.prodcycleignore'));
+}
+function readIgnoreFile(filePath) {
     try {
-        const gitignorePath = path.join(repoPath, '.gitignore');
-        if (!fs.existsSync(gitignorePath))
+        if (!fs.existsSync(filePath))
             return [];
-        const content = fs.readFileSync(gitignorePath, 'utf-8');
+        const content = fs.readFileSync(filePath, 'utf-8');
         return content
             .split('\n')
             .map((line) => line.trim())
@@ -184,8 +208,23 @@ function matchesAny(filePath, patterns) {
  * Decide whether a directory or file entry should be excluded from collection.
  * Mirrors server `shouldIgnore` so scanner results stay consistent between
  * client-collected (CLI) and server-collected paths.
+ *
+ * Precedence (highest → lowest):
+ *   1. `SKIP_DIRS` / hidden-dir / suffix rules — unconditional.
+ *   2. `userExcludes` (CLI `--exclude`) — explicit user intent on this
+ *      invocation.
+ *   3. `prodcycleIgnores` (`.prodcycleignore`) — explicit user intent
+ *      written into the repo. Overrides the `.env*` carve-out below
+ *      because the user is opting out at scan time on purpose (e.g.
+ *      `.env.example` containing placeholder credentials in a
+ *      scanner-source repo). `.gitignore` is NOT promoted to this
+ *      precedence because gitignored `.env*` files are routinely
+ *      committed-but-ignored real-credential locations and we want
+ *      the secret-detection rule to fire.
+ *   4. `.env*` carve-out — always-scan, overrides `.gitignore` only.
+ *   5. `gitignores` (`.gitignore`) — incidental git-tracking config.
  */
-function shouldIgnore(name, relPath, ignores, userExcludes) {
+function shouldIgnore(name, relPath, gitignores, prodcycleIgnores, userExcludes) {
     if (SKIP_DIRS.has(name) ||
         SKIP_DIR_SUFFIXES.some((s) => name.endsWith(s)) ||
         (name.startsWith('.') &&
@@ -206,6 +245,25 @@ function shouldIgnore(name, relPath, ignores, userExcludes) {
         if (matchesAny(relPath, userExcludes))
             return true;
     }
+    // `.prodcycleignore` patterns are user-explicit scan-time intent —
+    // higher precedence than the `.env*` carve-out below. Without this
+    // ordering, a user trying to suppress a `.env.example` containing
+    // placeholder credentials in a scanner-source repo would find their
+    // pattern silently ignored. `.gitignore` patterns intentionally stay
+    // below the carve-out because gitignored `.env*` files are commonly
+    // real credentials we want to surface.
+    if (prodcycleIgnores.length > 0) {
+        for (const pattern of prodcycleIgnores) {
+            if (name === pattern ||
+                name + '/' === pattern ||
+                relPath === pattern ||
+                relPath + '/' === pattern) {
+                return true;
+            }
+        }
+        if (matchesAny(relPath, prodcycleIgnores))
+            return true;
+    }
     // .env-family files are always scanned even if .gitignored — the
     // common case for `.env`, `.env.local`, `.env.production`, `.envrc`,
     // etc., where the whole point of scanning is to catch hardcoded
@@ -216,7 +274,7 @@ function shouldIgnore(name, relPath, ignores, userExcludes) {
     // `compliance-code-scanner/src/ignore-utils.ts`.
     if (name.startsWith('.env'))
         return false;
-    for (const pattern of ignores) {
+    for (const pattern of gitignores) {
         if (name === pattern ||
             name + '/' === pattern ||
             relPath === pattern ||
@@ -224,7 +282,7 @@ function shouldIgnore(name, relPath, ignores, userExcludes) {
             return true;
         }
     }
-    if (matchesAny(relPath, ignores))
+    if (matchesAny(relPath, gitignores))
         return true;
     return false;
 }
@@ -266,13 +324,14 @@ function isScannableFilename(name) {
 }
 async function collectFiles(baseDir, includePatterns, excludePatterns) {
     const repoRoot = path.resolve(baseDir);
-    const ignores = loadGitignore(repoRoot);
+    const gitignores = loadGitignore(repoRoot);
+    const prodcycleIgnores = loadProdcycleIgnore(repoRoot);
     const files = {};
     const state = { count: 0, limitReached: false };
-    walk(repoRoot, repoRoot, ignores, includePatterns, excludePatterns, files, state);
+    walk(repoRoot, repoRoot, gitignores, prodcycleIgnores, includePatterns, excludePatterns, files, state);
     return files;
 }
-function walk(dir, repoRoot, ignores, includePatterns, userExcludes, files, state) {
+function walk(dir, repoRoot, gitignores, prodcycleIgnores, includePatterns, userExcludes, files, state) {
     if (state.limitReached)
         return;
     let entries;
@@ -289,14 +348,14 @@ function walk(dir, repoRoot, ignores, includePatterns, userExcludes, files, stat
         const fullPath = path.join(dir, name);
         const relPath = path.relative(repoRoot, fullPath);
         if (entry.isDirectory()) {
-            if (shouldIgnore(name, relPath, ignores, userExcludes))
+            if (shouldIgnore(name, relPath, gitignores, prodcycleIgnores, userExcludes))
                 continue;
-            walk(fullPath, repoRoot, ignores, includePatterns, userExcludes, files, state);
+            walk(fullPath, repoRoot, gitignores, prodcycleIgnores, includePatterns, userExcludes, files, state);
             continue;
         }
         if (!entry.isFile())
             continue;
-        if (shouldIgnore(name, relPath, ignores, userExcludes))
+        if (shouldIgnore(name, relPath, gitignores, prodcycleIgnores, userExcludes))
             continue;
         if (shouldSkipFileByName(name))
             continue;
@@ -323,6 +382,10 @@ function walk(dir, repoRoot, ignores, includePatterns, userExcludes, files, stat
         catch {
             continue;
         }
+        // Cheap pre-read filter: skip files obviously above the limit by disk
+        // size so we don't read multi-MB files into the heap only to reject
+        // them. Files that pass this check get a second post-decode check
+        // below.
         if (stats.size > MAX_FILE_SIZE)
             continue;
         let buffer;
@@ -334,7 +397,21 @@ function walk(dir, repoRoot, ignores, includePatterns, userExcludes, files, stat
         }
         if (isBinary(buffer))
             continue;
-        files[relPath] = buffer.toString('utf8');
+        const content = buffer.toString('utf8');
+        // Post-decode filter: the service enforces the 256 KB per-file limit
+        // on the UTF-8 byte length of the decoded string content, which can
+        // differ from the file's on-disk byte count. `buffer.toString('utf8')`
+        // silently replaces invalid UTF-8 byte sequences with U+FFFD (3 UTF-8
+        // bytes each), so a file with invalid bytes that's under 256 KB on
+        // disk can balloon over the limit after the round trip. The cheap
+        // `stats.size` check above would let it through; the service then
+        // rejects the entire chunk with 413 and torpedoes the scan.
+        // Re-measuring here keeps the CLI's filter aligned with the service
+        // enforcement. Concrete case from the GA-validation sweep:
+        // `web/pnpm-lock.yaml` with stray non-UTF-8 bytes.
+        if (Buffer.byteLength(content, 'utf8') > MAX_FILE_SIZE)
+            continue;
+        files[relPath] = content;
         state.count++;
     }
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@prodcycle/prodcycle",
-  "version": "0.6.0",
+  "version": "0.6.2",
   "description": "Multi-framework policy-as-code compliance scanner for infrastructure and application code.",
   "homepage": "https://docs.prodcycle.com",
   "repository": {