@rigour-labs/core 3.0.2 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/gates/hallucinated-imports.d.ts +79 -13
  2. package/dist/gates/hallucinated-imports.js +434 -50
  3. package/dist/gates/hallucinated-imports.test.js +707 -31
  4. package/dist/gates/runner.js +24 -15
  5. package/package.json +1 -1
package/dist/gates/runner.js CHANGED
@@ -162,20 +162,34 @@ export class GateRunner {
162
162
  }
163
163
  const score = Math.max(0, 100 - totalDeduction);
164
164
  // Two-score system: separate AI health from structural quality
165
+ // IMPORTANT: Only ai-drift affects ai_health_score, only traditional affects structural_score.
166
+ // Security and governance affect the overall score but NOT the sub-scores,
167
+ // preventing security criticals from incorrectly zeroing structural_score.
165
168
  let aiDeduction = 0;
166
- let aiCount = 0;
167
169
  let structuralDeduction = 0;
168
- let structuralCount = 0;
170
+ const provenanceCounts = {
171
+ 'ai-drift': 0,
172
+ 'traditional': 0,
173
+ 'security': 0,
174
+ 'governance': 0,
175
+ };
169
176
  for (const f of failures) {
170
177
  const sev = (f.severity || 'medium');
171
178
  const weight = SEVERITY_WEIGHTS[sev] ?? 5;
172
- if (f.provenance === 'ai-drift') {
173
- aiDeduction += weight;
174
- aiCount++;
175
- }
176
- else {
177
- structuralDeduction += weight;
178
- structuralCount++;
179
+ const prov = f.provenance || 'traditional';
180
+ provenanceCounts[prov] = (provenanceCounts[prov] || 0) + 1;
181
+ switch (prov) {
182
+ case 'ai-drift':
183
+ aiDeduction += weight;
184
+ break;
185
+ case 'traditional':
186
+ structuralDeduction += weight;
187
+ break;
188
+ // security and governance contribute to overall score (totalDeduction)
189
+ // but do NOT pollute the sub-scores
190
+ case 'security':
191
+ case 'governance':
192
+ break;
179
193
  }
180
194
  }
181
195
  return {
@@ -188,12 +202,7 @@ export class GateRunner {
188
202
  ai_health_score: Math.max(0, 100 - aiDeduction),
189
203
  structural_score: Math.max(0, 100 - structuralDeduction),
190
204
  severity_breakdown: severityBreakdown,
191
- provenance_breakdown: {
192
- 'ai-drift': aiCount,
193
- traditional: structuralCount - failures.filter(f => f.provenance === 'security' || f.provenance === 'governance').length,
194
- security: failures.filter(f => f.provenance === 'security').length,
195
- governance: failures.filter(f => f.provenance === 'governance').length,
196
- },
205
+ provenance_breakdown: provenanceCounts,
197
206
  },
198
207
  };
199
208
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rigour-labs/core",
3
- "version": "3.0.2",
3
+ "version": "3.0.3",
4
4
  "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
5
5
  "license": "MIT",
6
6
  "homepage": "https://rigour.run",