npm - @rely-ai/caliber - Versions diffs - 1.30.4 → 1.30.6 - Mend

@rely-ai/caliber 1.30.4 → 1.30.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -6,7 +6,7 @@
   <a href="https://www.npmjs.com/package/@rely-ai/caliber"><img src="https://img.shields.io/npm/v/@rely-ai/caliber" alt="npm version"></a>
   <a href="./LICENSE"><img src="https://img.shields.io/npm/l/@rely-ai/caliber" alt="license"></a>
   <a href="https://nodejs.org"><img src="https://img.shields.io/node/v/@rely-ai/caliber" alt="node"></a>
-  <img src="https://img.shields.io/badge/caliber-89%2F100-green" alt="Caliber Score">
+  <img src="https://img.shields.io/badge/caliber-94%2F100-brightgreen" alt="Caliber Score">
   <img src="https://img.shields.io/badge/Claude_Code-supported-blue" alt="Claude Code">
   <img src="https://img.shields.io/badge/Cursor-supported-blue" alt="Cursor">
   <img src="https://img.shields.io/badge/Codex-supported-blue" alt="Codex">
@@ -356,5 +356,3 @@ Uses [conventional commits](https://www.conventionalcommits.org/) — `feat:` fo
 ## License
 MIT
-This Project is awesome !

package/dist/bin.js CHANGED Viewed

@@ -803,6 +803,47 @@ function readExistingConfigs(dir) {
 import fs3 from "fs";
 import path4 from "path";
 import { execSync as execSync3 } from "child_process";
+// src/lib/sanitize.ts
+var KNOWN_PREFIX_PATTERNS = [
+  // Anthropic (before generic sk- pattern)
+  [/sk-ant-[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
+  // AWS access key IDs
+  [/AKIA[0-9A-Z]{16}/g, "[REDACTED]"],
+  // AWS secret keys in assignments
+  [/(?:aws)?_?secret_?(?:access)?_?key\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/gi, "[REDACTED]"],
+  // GitHub tokens (PAT, OAuth, server, app install, fine-grained)
+  [/gh[pousr]_[A-Za-z0-9_]{36,}/g, "[REDACTED]"],
+  [/github_pat_[A-Za-z0-9_]{22,}/g, "[REDACTED]"],
+  // Stripe keys
+  [/[sr]k_(live|test)_[A-Za-z0-9]{20,}/g, "[REDACTED]"],
+  // Slack tokens
+  [/xox[bpsar]-[A-Za-z0-9-]{10,}/g, "[REDACTED]"],
+  // JWTs (3-segment base64url)
+  [/eyJ[A-Za-z0-9_-]{20,}\.eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
+  // OpenAI keys (after sk-ant- to avoid false match)
+  [/sk-[A-Za-z0-9-]{20,}/g, "[REDACTED]"],
+  // Google API keys
+  [/AIza[A-Za-z0-9_-]{35}/g, "[REDACTED]"],
+  // Bearer tokens
+  [/[Bb]earer\s+[A-Za-z0-9_\-.]{20,}/g, "[REDACTED]"],
+  // PEM private keys
+  [/-----BEGIN[A-Z ]+KEY-----[\s\S]+?-----END[A-Z ]+KEY-----/g, "[REDACTED]"]
+];
+var SENSITIVE_ASSIGNMENT = /(?:api[_-]?key|secret[_-]?key|password|token|credential|auth[_-]?token|private[_-]?key)\s*[:=]\s*['"]?([^\s'"]{8,500})['"]?/gi;
+function sanitizeSecrets(text) {
+  let result = text;
+  for (const [pattern, replacement] of KNOWN_PREFIX_PATTERNS) {
+    result = result.replace(pattern, replacement);
+  }
+  result = result.replace(
+    SENSITIVE_ASSIGNMENT,
+    (match, value) => match.replace(value, "[REDACTED]")
+  );
+  return result;
+}
+// src/fingerprint/code-analysis.ts
 var IGNORE_DIRS2 = /* @__PURE__ */ new Set([
   "node_modules",
   ".git",
@@ -878,7 +919,6 @@ var TEXT_EXTENSIONS = /* @__PURE__ */ new Set([
   ".toml",
   ".ini",
   ".cfg",
-  ".env",
   ".xml",
   ".plist",
   ".md",
@@ -908,7 +948,8 @@ var SKIP_PATTERNS = [
   /\.map$/,
   /\.d\.ts$/,
   /\.generated\./,
-  /\.snap$/
+  /\.snap$/,
+  /^\.env($|\.)/
 ];
 var COMMENT_LINE = {
   "c": /^\s*\/\//,
@@ -949,7 +990,6 @@ var EXT_COMMENT = {
   ".toml": "h",
   ".ini": "h",
   ".cfg": "h",
-  ".env": "h",
   ".html": "x",
   ".xml": "x",
   ".vue": "x",
@@ -1223,7 +1263,7 @@ function analyzeCode(dir) {
     const repFP = structuralFingerprint(rep.compressed, rep.ext);
     const similar = group.slice(1).filter((f) => structuralFingerprint(f.compressed, f.ext) === repFP);
     const unique = group.slice(1).filter((f) => structuralFingerprint(f.compressed, f.ext) !== repFP);
-    const repEntry = { path: rep.path, content: rep.compressed, size: rep.compressed.length, priority: rep.score };
+    const repEntry = { path: rep.path, content: sanitizeSecrets(rep.compressed), size: rep.compressed.length, priority: rep.score };
     const repSize = rep.path.length + rep.compressed.length + 10;
     if (includedChars + repSize <= CHAR_BUDGET) {
       result.push(repEntry);
@@ -1242,7 +1282,7 @@ function analyzeCode(dir) {
     for (const f of unique) {
       const skeletonSize = f.path.length + f.skeleton.length + 10;
       if (includedChars + skeletonSize <= CHAR_BUDGET) {
-        result.push({ path: f.path, content: f.skeleton, size: f.skeleton.length, priority: f.score });
+        result.push({ path: f.path, content: sanitizeSecrets(f.skeleton), size: f.skeleton.length, priority: f.score });
         includedChars += skeletonSize;
       }
     }
@@ -1252,7 +1292,7 @@ function analyzeCode(dir) {
     if (includedPaths.has(f.path)) continue;
     const skeletonSize = f.path.length + f.skeleton.length + 10;
     if (includedChars + skeletonSize > CHAR_BUDGET) continue;
-    result.push({ path: f.path, content: f.skeleton, size: f.skeleton.length, priority: f.score });
+    result.push({ path: f.path, content: sanitizeSecrets(f.skeleton), size: f.skeleton.length, priority: f.score });
     includedChars += skeletonSize;
   }
   return {
@@ -1311,7 +1351,7 @@ function filePriority(filePath) {
     "lib.rs"
   ]);
   if (entryPoints.has(base)) return 40;
-  if (/\.(json|ya?ml|toml|ini|cfg|env)$|config\.|Makefile|Dockerfile/i.test(filePath)) return 35;
+  if (/\.(json|ya?ml|toml|ini|cfg)$|config\.|Makefile|Dockerfile/i.test(filePath)) return 35;
   if (/(route|api|controller|endpoint|handler)/i.test(filePath)) return 30;
   if (/(types|schema|models|entities|migration)/i.test(filePath)) return 25;
   if (/(service|lib|utils|helper|middleware)/i.test(filePath)) return 20;
@@ -10740,45 +10780,6 @@ function releaseFinalizeLock() {
   }
 }
-// src/lib/sanitize.ts
-var KNOWN_PREFIX_PATTERNS = [
-  // Anthropic (before generic sk- pattern)
-  [/sk-ant-[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
-  // AWS access key IDs
-  [/AKIA[0-9A-Z]{16}/g, "[REDACTED]"],
-  // AWS secret keys in assignments
-  [/(?:aws)?_?secret_?(?:access)?_?key\s*[:=]\s*['"]?[A-Za-z0-9/+=]{40}['"]?/gi, "[REDACTED]"],
-  // GitHub tokens (PAT, OAuth, server, app install, fine-grained)
-  [/gh[pousr]_[A-Za-z0-9_]{36,}/g, "[REDACTED]"],
-  [/github_pat_[A-Za-z0-9_]{22,}/g, "[REDACTED]"],
-  // Stripe keys
-  [/[sr]k_(live|test)_[A-Za-z0-9]{20,}/g, "[REDACTED]"],
-  // Slack tokens
-  [/xox[bpsar]-[A-Za-z0-9-]{10,}/g, "[REDACTED]"],
-  // JWTs (3-segment base64url)
-  [/eyJ[A-Za-z0-9_-]{20,}\.eyJ[A-Za-z0-9_-]{20,}\.[A-Za-z0-9_-]{20,}/g, "[REDACTED]"],
-  // OpenAI keys (after sk-ant- to avoid false match)
-  [/sk-[A-Za-z0-9-]{20,}/g, "[REDACTED]"],
-  // Google API keys
-  [/AIza[A-Za-z0-9_-]{35}/g, "[REDACTED]"],
-  // Bearer tokens
-  [/[Bb]earer\s+[A-Za-z0-9_\-.]{20,}/g, "[REDACTED]"],
-  // PEM private keys
-  [/-----BEGIN[A-Z ]+KEY-----[\s\S]+?-----END[A-Z ]+KEY-----/g, "[REDACTED]"]
-];
-var SENSITIVE_ASSIGNMENT = /(?:api[_-]?key|secret[_-]?key|password|token|credential|auth[_-]?token|private[_-]?key)\s*[:=]\s*['"]?([^\s'"]{8,500})['"]?/gi;
-function sanitizeSecrets(text) {
-  let result = text;
-  for (const [pattern, replacement] of KNOWN_PREFIX_PATTERNS) {
-    result = result.replace(pattern, replacement);
-  }
-  result = result.replace(
-    SENSITIVE_ASSIGNMENT,
-    (match, value) => match.replace(value, "[REDACTED]")
-  );
-  return result;
-}
 // src/lib/notifications.ts
 import fs42 from "fs";
 import path33 from "path";

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@rely-ai/caliber",
-  "version": "1.30.4",
+  "version": "1.30.6",
   "description": "AI context infrastructure for coding agents — keeps CLAUDE.md, Cursor rules, and skills in sync as your codebase evolves",
   "type": "module",
   "bin": {