@rigour-labs/core 2.21.0 → 2.21.1

package/dist/gates/runner.js

@@ -2,7 +2,7 @@ import { FileGate } from './file.js';
 import { ContentGate } from './content.js';
 import { StructureGate } from './structure.js';
 import { ASTGate } from './ast.js';
-import { SafetyGate } from './safety.js';
+import { FileGuardGate } from './safety.js';
 import { DependencyGate } from './dependency.js';
 import { CoverageGate } from './coverage.js';
 import { ContextGate } from './context.js';
@@ -38,7 +38,7 @@ export class GateRunner {
         }
         this.gates.push(new ASTGate(this.config.gates));
         this.gates.push(new DependencyGate(this.config));
-        this.gates.push(new SafetyGate(this.config.gates));
+        this.gates.push(new FileGuardGate(this.config.gates));
         this.gates.push(new CoverageGate(this.config.gates));
         if (this.config.gates.context?.enabled) {
             this.gates.push(new ContextGate(this.config.gates));
@@ -51,8 +51,8 @@ export class GateRunner {
         if (this.config.gates.checkpoint?.enabled) {
             this.gates.push(new CheckpointGate(this.config.gates.checkpoint));
         }
-        // Security Patterns Gate (code-level vulnerability detection)
-        if (this.config.gates.security?.enabled) {
+        // Security Patterns Gate (code-level vulnerability detection) — enabled by default since v2.15
+        if (this.config.gates.security?.enabled !== false) {
             this.gates.push(new SecurityPatternsGate(this.config.gates.security));
         }
         // Environment Alignment Gate (Should be prioritized)

package/dist/gates/safety.d.ts

@@ -1,6 +1,6 @@
 import { Gate, GateContext } from './base.js';
 import { Failure, Gates } from '../types/index.js';
-export declare class SafetyGate extends Gate {
+export declare class FileGuardGate extends Gate {
     private config;
     constructor(config: Gates);
     run(context: GateContext): Promise<Failure[]>;

package/dist/gates/safety.js

@@ -1,9 +1,9 @@
 import { Gate } from './base.js';
 import { execa } from 'execa';
-export class SafetyGate extends Gate {
+export class FileGuardGate extends Gate {
     config;
     constructor(config) {
-        super('safety-rail', 'Safety & Protection Rails');
+        super('file-guard', 'File Guard — Protected Paths');
         this.config = config;
     }
     async run(context) {
@@ -14,7 +14,7 @@ export class SafetyGate extends Gate {
             return [];
         try {
             // Check for modified files in protected paths using git
-            // This is a "Safety Rail" - if an agent touched these, we fail.
+            // File Guard - if an agent touched protected files, we fail.
             const { stdout } = await execa('git', ['status', '--porcelain'], { cwd: context.cwd });
             const modifiedFiles = stdout.split('\n')
                 .filter(line => {

package/dist/gates/security-patterns.js

@@ -138,7 +138,7 @@ export class SecurityPatternsGate extends Gate {
     constructor(config = {}) {
         super('security-patterns', 'Security Pattern Detection');
         this.config = {
-            enabled: config.enabled ?? false,
+            enabled: config.enabled ?? true,
             sql_injection: config.sql_injection ?? true,
             xss: config.xss ?? true,
             path_traversal: config.path_traversal ?? true,

package/dist/safety.test.js

@@ -1,8 +1,8 @@
 import { describe, it, expect, vi } from 'vitest';
-import { SafetyGate } from './gates/safety.js';
+import { FileGuardGate } from './gates/safety.js';
 import { execa } from 'execa';
 vi.mock('execa');
-describe('SafetyGate', () => {
+describe('FileGuardGate', () => {
     const config = {
         safety: {
             protected_paths: ['docs/'],
@@ -10,27 +10,27 @@ describe('SafetyGate', () => {
         }
     };
     it('should flag modified (M) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: ' M docs/SPEC.md\n' });
         const failures = await gate.run({ cwd: '/test', record: {} });
         expect(failures).toHaveLength(1);
         expect(failures[0].title).toContain("Protected file 'docs/SPEC.md' was modified.");
     });
     it('should flag added (A) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: 'A  docs/NEW.md\n' });
         const failures = await gate.run({ cwd: '/test', record: {} });
         expect(failures).toHaveLength(1);
         expect(failures[0].title).toContain("Protected file 'docs/NEW.md' was modified.");
     });
     it('should NOT flag untracked (??) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: '?? docs/UNTRAKED.md\n' });
         const failures = await gate.run({ cwd: '/test', record: {} });
         expect(failures).toHaveLength(0);
     });
     it('should correctly handle multiple mixed statuses', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({
             stdout: ' M docs/MODIFIED.md\n?? docs/NEW_UNTRACKED.md\n D docs/DELETED.md\n'
         });

package/dist/templates/index.js

@@ -258,7 +258,7 @@ export const UNIVERSAL_CONFIG = {
             auto_save_on_failure: true,
         },
         security: {
-            enabled: false,
+            enabled: true,
             sql_injection: true,
             xss: true,
             path_traversal: true,

package/dist/types/index.js

@@ -86,7 +86,7 @@ export const GatesSchema = z.object({
         auto_save_on_failure: z.boolean().optional().default(true),
     }).optional().default({}),
     security: z.object({
-        enabled: z.boolean().optional().default(false),
+        enabled: z.boolean().optional().default(true),
         sql_injection: z.boolean().optional().default(true),
         xss: z.boolean().optional().default(true),
         path_traversal: z.boolean().optional().default(true),

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@rigour-labs/core",
-  "version": "2.21.0",
+  "version": "2.21.1",
   "type": "module",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",

package/src/gates/runner.ts

@@ -4,7 +4,7 @@ import { FileGate } from './file.js';
 import { ContentGate } from './content.js';
 import { StructureGate } from './structure.js';
 import { ASTGate } from './ast.js';
-import { SafetyGate } from './safety.js';
+import { FileGuardGate } from './safety.js';
 import { DependencyGate } from './dependency.js';
 import { CoverageGate } from './coverage.js';
 import { ContextGate } from './context.js';
@@ -44,7 +44,7 @@ export class GateRunner {
         }
         this.gates.push(new ASTGate(this.config.gates));
         this.gates.push(new DependencyGate(this.config));
-        this.gates.push(new SafetyGate(this.config.gates));
+        this.gates.push(new FileGuardGate(this.config.gates));
         this.gates.push(new CoverageGate(this.config.gates));
 
         if (this.config.gates.context?.enabled) {
@@ -61,8 +61,8 @@ export class GateRunner {
             this.gates.push(new CheckpointGate(this.config.gates.checkpoint));
         }
 
-        // Security Patterns Gate (code-level vulnerability detection)
-        if (this.config.gates.security?.enabled) {
+        // Security Patterns Gate (code-level vulnerability detection) — enabled by default since v2.15
+        if (this.config.gates.security?.enabled !== false) {
             this.gates.push(new SecurityPatternsGate(this.config.gates.security));
         }
 

package/src/gates/safety.ts

@@ -2,9 +2,9 @@ import { Gate, GateContext } from './base.js';
 import { Failure, Gates } from '../types/index.js';
 import { execa } from 'execa';
 
-export class SafetyGate extends Gate {
+export class FileGuardGate extends Gate {
     constructor(private config: Gates) {
-        super('safety-rail', 'Safety & Protection Rails');
+        super('file-guard', 'File Guard — Protected Paths');
     }
 
     async run(context: GateContext): Promise<Failure[]> {
@@ -16,7 +16,7 @@ export class SafetyGate extends Gate {
 
         try {
             // Check for modified files in protected paths using git
-            // This is a "Safety Rail" - if an agent touched these, we fail.
+            // File Guard - if an agent touched protected files, we fail.
             const { stdout } = await execa('git', ['status', '--porcelain'], { cwd: context.cwd });
             const modifiedFiles = stdout.split('\n')
                 .filter(line => {

package/src/gates/security-patterns.ts

@@ -171,7 +171,7 @@ export class SecurityPatternsGate extends Gate {
     constructor(config: SecurityPatternsConfig = {}) {
         super('security-patterns', 'Security Pattern Detection');
         this.config = {
-            enabled: config.enabled ?? false,
+            enabled: config.enabled ?? true,
             sql_injection: config.sql_injection ?? true,
             xss: config.xss ?? true,
             path_traversal: config.path_traversal ?? true,

package/src/safety.test.ts

@@ -1,11 +1,11 @@
 import { describe, it, expect, vi } from 'vitest';
-import { SafetyGate } from './gates/safety.js';
+import { FileGuardGate } from './gates/safety.js';
 import { Gates } from './types/index.js';
 import { execa } from 'execa';
 
 vi.mock('execa');
 
-describe('SafetyGate', () => {
+describe('FileGuardGate', () => {
     const config: Gates = {
         safety: {
             protected_paths: ['docs/'],
@@ -14,7 +14,7 @@ describe('SafetyGate', () => {
     } as any;
 
     it('should flag modified (M) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: ' M docs/SPEC.md\n' } as any);
 
         const failures = await gate.run({ cwd: '/test', record: {} as any });
@@ -23,7 +23,7 @@ describe('SafetyGate', () => {
     });
 
     it('should flag added (A) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: 'A  docs/NEW.md\n' } as any);
 
         const failures = await gate.run({ cwd: '/test', record: {} as any });
@@ -32,7 +32,7 @@ describe('SafetyGate', () => {
     });
 
     it('should NOT flag untracked (??) protected files', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({ stdout: '?? docs/UNTRAKED.md\n' } as any);
 
         const failures = await gate.run({ cwd: '/test', record: {} as any });
@@ -40,7 +40,7 @@ describe('SafetyGate', () => {
     });
 
     it('should correctly handle multiple mixed statuses', async () => {
-        const gate = new SafetyGate(config);
+        const gate = new FileGuardGate(config);
         vi.mocked(execa).mockResolvedValueOnce({
             stdout: ' M docs/MODIFIED.md\n?? docs/NEW_UNTRACKED.md\n D docs/DELETED.md\n'
         } as any);

package/src/templates/index.ts

@@ -275,7 +275,7 @@ export const UNIVERSAL_CONFIG: Config = {
             auto_save_on_failure: true,
         },
         security: {
-            enabled: false,
+            enabled: true,
             sql_injection: true,
             xss: true,
             path_traversal: true,

package/src/types/index.ts

@@ -87,7 +87,7 @@ export const GatesSchema = z.object({
         auto_save_on_failure: z.boolean().optional().default(true),
     }).optional().default({}),
     security: z.object({
-        enabled: z.boolean().optional().default(false),
+        enabled: z.boolean().optional().default(true),
         sql_injection: z.boolean().optional().default(true),
         xss: z.boolean().optional().default(true),
         path_traversal: z.boolean().optional().default(true),