@rigour-labs/core 4.3.0 → 4.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (17) hide show
  1. package/dist/gates/frontend-secret-exposure.d.ts +27 -0
  2. package/dist/gates/frontend-secret-exposure.js +174 -0
  3. package/dist/gates/frontend-secret-exposure.test.d.ts +1 -0
  4. package/dist/gates/frontend-secret-exposure.test.js +95 -0
  5. package/dist/gates/runner.js +9 -0
  6. package/dist/gates/side-effect-analysis.d.ts +67 -0
  7. package/dist/gates/side-effect-analysis.js +559 -0
  8. package/dist/gates/side-effect-helpers.d.ts +260 -0
  9. package/dist/gates/side-effect-helpers.js +1096 -0
  10. package/dist/gates/side-effect-rules.d.ts +39 -0
  11. package/dist/gates/side-effect-rules.js +302 -0
  12. package/dist/index.d.ts +2 -0
  13. package/dist/index.js +2 -0
  14. package/dist/templates/universal-config.js +42 -0
  15. package/dist/types/index.d.ts +268 -0
  16. package/dist/types/index.js +50 -0
  17. package/package.json +6 -6
package/dist/types/index.d.ts CHANGED
@@ -213,6 +213,37 @@ export declare const GatesSchema: z.ZodObject<{
213
213
  command_injection?: boolean | undefined;
214
214
  block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
215
215
  }>>>;
216
+ frontend_secret_exposure: z.ZodDefault<z.ZodOptional<z.ZodObject<{
217
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
218
+ block_on_severity: z.ZodDefault<z.ZodOptional<z.ZodEnum<["critical", "high", "medium", "low"]>>>;
219
+ check_process_env: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
220
+ check_import_meta_env: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
221
+ secret_env_name_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
222
+ safe_public_prefixes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
223
+ frontend_path_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
224
+ server_path_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
225
+ allowlist_env_names: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
226
+ }, "strip", z.ZodTypeAny, {
227
+ enabled: boolean;
228
+ block_on_severity: "critical" | "high" | "medium" | "low";
229
+ check_process_env: boolean;
230
+ check_import_meta_env: boolean;
231
+ secret_env_name_patterns: string[];
232
+ safe_public_prefixes: string[];
233
+ frontend_path_patterns: string[];
234
+ server_path_patterns: string[];
235
+ allowlist_env_names: string[];
236
+ }, {
237
+ enabled?: boolean | undefined;
238
+ block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
239
+ check_process_env?: boolean | undefined;
240
+ check_import_meta_env?: boolean | undefined;
241
+ secret_env_name_patterns?: string[] | undefined;
242
+ safe_public_prefixes?: string[] | undefined;
243
+ frontend_path_patterns?: string[] | undefined;
244
+ server_path_patterns?: string[] | undefined;
245
+ allowlist_env_names?: string[] | undefined;
246
+ }>>>;
216
247
  adaptive: z.ZodDefault<z.ZodOptional<z.ZodObject<{
217
248
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
218
249
  base_coverage_threshold: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
@@ -452,6 +483,40 @@ export declare const GatesSchema: z.ZodObject<{
452
483
  custom_patterns?: string[] | undefined;
453
484
  audit_log?: boolean | undefined;
454
485
  }>>>;
486
+ side_effect_analysis: z.ZodDefault<z.ZodOptional<z.ZodObject<{
487
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
488
+ check_unbounded_timers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
489
+ check_unbounded_loops: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
490
+ check_process_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
491
+ check_recursive_depth: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
492
+ check_resource_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
493
+ check_retry_without_limit: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
494
+ check_circular_triggers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
495
+ check_auto_restart: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
496
+ ignore_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
497
+ }, "strip", z.ZodTypeAny, {
498
+ enabled: boolean;
499
+ ignore_patterns: string[];
500
+ check_unbounded_timers: boolean;
501
+ check_unbounded_loops: boolean;
502
+ check_process_lifecycle: boolean;
503
+ check_recursive_depth: boolean;
504
+ check_resource_lifecycle: boolean;
505
+ check_retry_without_limit: boolean;
506
+ check_circular_triggers: boolean;
507
+ check_auto_restart: boolean;
508
+ }, {
509
+ enabled?: boolean | undefined;
510
+ ignore_patterns?: string[] | undefined;
511
+ check_unbounded_timers?: boolean | undefined;
512
+ check_unbounded_loops?: boolean | undefined;
513
+ check_process_lifecycle?: boolean | undefined;
514
+ check_recursive_depth?: boolean | undefined;
515
+ check_resource_lifecycle?: boolean | undefined;
516
+ check_retry_without_limit?: boolean | undefined;
517
+ check_circular_triggers?: boolean | undefined;
518
+ check_auto_restart?: boolean | undefined;
519
+ }>>>;
455
520
  deep: z.ZodDefault<z.ZodOptional<z.ZodObject<{
456
521
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
457
522
  pro: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -640,6 +705,17 @@ export declare const GatesSchema: z.ZodObject<{
640
705
  command_injection: boolean;
641
706
  block_on_severity: "critical" | "high" | "medium" | "low";
642
707
  };
708
+ frontend_secret_exposure: {
709
+ enabled: boolean;
710
+ block_on_severity: "critical" | "high" | "medium" | "low";
711
+ check_process_env: boolean;
712
+ check_import_meta_env: boolean;
713
+ secret_env_name_patterns: string[];
714
+ safe_public_prefixes: string[];
715
+ frontend_path_patterns: string[];
716
+ server_path_patterns: string[];
717
+ allowlist_env_names: string[];
718
+ };
643
719
  adaptive: {
644
720
  enabled: boolean;
645
721
  base_coverage_threshold: number;
@@ -725,6 +801,18 @@ export declare const GatesSchema: z.ZodObject<{
725
801
  custom_patterns: string[];
726
802
  audit_log: boolean;
727
803
  };
804
+ side_effect_analysis: {
805
+ enabled: boolean;
806
+ ignore_patterns: string[];
807
+ check_unbounded_timers: boolean;
808
+ check_unbounded_loops: boolean;
809
+ check_process_lifecycle: boolean;
810
+ check_recursive_depth: boolean;
811
+ check_resource_lifecycle: boolean;
812
+ check_retry_without_limit: boolean;
813
+ check_circular_triggers: boolean;
814
+ check_auto_restart: boolean;
815
+ };
728
816
  }, {
729
817
  deep?: {
730
818
  enabled?: boolean | undefined;
@@ -828,6 +916,17 @@ export declare const GatesSchema: z.ZodObject<{
828
916
  command_injection?: boolean | undefined;
829
917
  block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
830
918
  } | undefined;
919
+ frontend_secret_exposure?: {
920
+ enabled?: boolean | undefined;
921
+ block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
922
+ check_process_env?: boolean | undefined;
923
+ check_import_meta_env?: boolean | undefined;
924
+ secret_env_name_patterns?: string[] | undefined;
925
+ safe_public_prefixes?: string[] | undefined;
926
+ frontend_path_patterns?: string[] | undefined;
927
+ server_path_patterns?: string[] | undefined;
928
+ allowlist_env_names?: string[] | undefined;
929
+ } | undefined;
831
930
  adaptive?: {
832
931
  enabled?: boolean | undefined;
833
932
  base_coverage_threshold?: number | undefined;
@@ -913,6 +1012,18 @@ export declare const GatesSchema: z.ZodObject<{
913
1012
  custom_patterns?: string[] | undefined;
914
1013
  audit_log?: boolean | undefined;
915
1014
  } | undefined;
1015
+ side_effect_analysis?: {
1016
+ enabled?: boolean | undefined;
1017
+ ignore_patterns?: string[] | undefined;
1018
+ check_unbounded_timers?: boolean | undefined;
1019
+ check_unbounded_loops?: boolean | undefined;
1020
+ check_process_lifecycle?: boolean | undefined;
1021
+ check_recursive_depth?: boolean | undefined;
1022
+ check_resource_lifecycle?: boolean | undefined;
1023
+ check_retry_without_limit?: boolean | undefined;
1024
+ check_circular_triggers?: boolean | undefined;
1025
+ check_auto_restart?: boolean | undefined;
1026
+ } | undefined;
916
1027
  }>;
917
1028
  export declare const CommandsSchema: z.ZodObject<{
918
1029
  format: z.ZodOptional<z.ZodString>;
@@ -1187,6 +1298,37 @@ export declare const ConfigSchema: z.ZodObject<{
1187
1298
  command_injection?: boolean | undefined;
1188
1299
  block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
1189
1300
  }>>>;
1301
+ frontend_secret_exposure: z.ZodDefault<z.ZodOptional<z.ZodObject<{
1302
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1303
+ block_on_severity: z.ZodDefault<z.ZodOptional<z.ZodEnum<["critical", "high", "medium", "low"]>>>;
1304
+ check_process_env: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1305
+ check_import_meta_env: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1306
+ secret_env_name_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1307
+ safe_public_prefixes: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1308
+ frontend_path_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1309
+ server_path_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1310
+ allowlist_env_names: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1311
+ }, "strip", z.ZodTypeAny, {
1312
+ enabled: boolean;
1313
+ block_on_severity: "critical" | "high" | "medium" | "low";
1314
+ check_process_env: boolean;
1315
+ check_import_meta_env: boolean;
1316
+ secret_env_name_patterns: string[];
1317
+ safe_public_prefixes: string[];
1318
+ frontend_path_patterns: string[];
1319
+ server_path_patterns: string[];
1320
+ allowlist_env_names: string[];
1321
+ }, {
1322
+ enabled?: boolean | undefined;
1323
+ block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
1324
+ check_process_env?: boolean | undefined;
1325
+ check_import_meta_env?: boolean | undefined;
1326
+ secret_env_name_patterns?: string[] | undefined;
1327
+ safe_public_prefixes?: string[] | undefined;
1328
+ frontend_path_patterns?: string[] | undefined;
1329
+ server_path_patterns?: string[] | undefined;
1330
+ allowlist_env_names?: string[] | undefined;
1331
+ }>>>;
1190
1332
  adaptive: z.ZodDefault<z.ZodOptional<z.ZodObject<{
1191
1333
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1192
1334
  base_coverage_threshold: z.ZodDefault<z.ZodOptional<z.ZodNumber>>;
@@ -1426,6 +1568,40 @@ export declare const ConfigSchema: z.ZodObject<{
1426
1568
  custom_patterns?: string[] | undefined;
1427
1569
  audit_log?: boolean | undefined;
1428
1570
  }>>>;
1571
+ side_effect_analysis: z.ZodDefault<z.ZodOptional<z.ZodObject<{
1572
+ enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1573
+ check_unbounded_timers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1574
+ check_unbounded_loops: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1575
+ check_process_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1576
+ check_recursive_depth: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1577
+ check_resource_lifecycle: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1578
+ check_retry_without_limit: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1579
+ check_circular_triggers: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1580
+ check_auto_restart: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1581
+ ignore_patterns: z.ZodDefault<z.ZodOptional<z.ZodArray<z.ZodString, "many">>>;
1582
+ }, "strip", z.ZodTypeAny, {
1583
+ enabled: boolean;
1584
+ ignore_patterns: string[];
1585
+ check_unbounded_timers: boolean;
1586
+ check_unbounded_loops: boolean;
1587
+ check_process_lifecycle: boolean;
1588
+ check_recursive_depth: boolean;
1589
+ check_resource_lifecycle: boolean;
1590
+ check_retry_without_limit: boolean;
1591
+ check_circular_triggers: boolean;
1592
+ check_auto_restart: boolean;
1593
+ }, {
1594
+ enabled?: boolean | undefined;
1595
+ ignore_patterns?: string[] | undefined;
1596
+ check_unbounded_timers?: boolean | undefined;
1597
+ check_unbounded_loops?: boolean | undefined;
1598
+ check_process_lifecycle?: boolean | undefined;
1599
+ check_recursive_depth?: boolean | undefined;
1600
+ check_resource_lifecycle?: boolean | undefined;
1601
+ check_retry_without_limit?: boolean | undefined;
1602
+ check_circular_triggers?: boolean | undefined;
1603
+ check_auto_restart?: boolean | undefined;
1604
+ }>>>;
1429
1605
  deep: z.ZodDefault<z.ZodOptional<z.ZodObject<{
1430
1606
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
1431
1607
  pro: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -1614,6 +1790,17 @@ export declare const ConfigSchema: z.ZodObject<{
1614
1790
  command_injection: boolean;
1615
1791
  block_on_severity: "critical" | "high" | "medium" | "low";
1616
1792
  };
1793
+ frontend_secret_exposure: {
1794
+ enabled: boolean;
1795
+ block_on_severity: "critical" | "high" | "medium" | "low";
1796
+ check_process_env: boolean;
1797
+ check_import_meta_env: boolean;
1798
+ secret_env_name_patterns: string[];
1799
+ safe_public_prefixes: string[];
1800
+ frontend_path_patterns: string[];
1801
+ server_path_patterns: string[];
1802
+ allowlist_env_names: string[];
1803
+ };
1617
1804
  adaptive: {
1618
1805
  enabled: boolean;
1619
1806
  base_coverage_threshold: number;
@@ -1699,6 +1886,18 @@ export declare const ConfigSchema: z.ZodObject<{
1699
1886
  custom_patterns: string[];
1700
1887
  audit_log: boolean;
1701
1888
  };
1889
+ side_effect_analysis: {
1890
+ enabled: boolean;
1891
+ ignore_patterns: string[];
1892
+ check_unbounded_timers: boolean;
1893
+ check_unbounded_loops: boolean;
1894
+ check_process_lifecycle: boolean;
1895
+ check_recursive_depth: boolean;
1896
+ check_resource_lifecycle: boolean;
1897
+ check_retry_without_limit: boolean;
1898
+ check_circular_triggers: boolean;
1899
+ check_auto_restart: boolean;
1900
+ };
1702
1901
  }, {
1703
1902
  deep?: {
1704
1903
  enabled?: boolean | undefined;
@@ -1802,6 +2001,17 @@ export declare const ConfigSchema: z.ZodObject<{
1802
2001
  command_injection?: boolean | undefined;
1803
2002
  block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
1804
2003
  } | undefined;
2004
+ frontend_secret_exposure?: {
2005
+ enabled?: boolean | undefined;
2006
+ block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
2007
+ check_process_env?: boolean | undefined;
2008
+ check_import_meta_env?: boolean | undefined;
2009
+ secret_env_name_patterns?: string[] | undefined;
2010
+ safe_public_prefixes?: string[] | undefined;
2011
+ frontend_path_patterns?: string[] | undefined;
2012
+ server_path_patterns?: string[] | undefined;
2013
+ allowlist_env_names?: string[] | undefined;
2014
+ } | undefined;
1805
2015
  adaptive?: {
1806
2016
  enabled?: boolean | undefined;
1807
2017
  base_coverage_threshold?: number | undefined;
@@ -1887,6 +2097,18 @@ export declare const ConfigSchema: z.ZodObject<{
1887
2097
  custom_patterns?: string[] | undefined;
1888
2098
  audit_log?: boolean | undefined;
1889
2099
  } | undefined;
2100
+ side_effect_analysis?: {
2101
+ enabled?: boolean | undefined;
2102
+ ignore_patterns?: string[] | undefined;
2103
+ check_unbounded_timers?: boolean | undefined;
2104
+ check_unbounded_loops?: boolean | undefined;
2105
+ check_process_lifecycle?: boolean | undefined;
2106
+ check_recursive_depth?: boolean | undefined;
2107
+ check_resource_lifecycle?: boolean | undefined;
2108
+ check_retry_without_limit?: boolean | undefined;
2109
+ check_circular_triggers?: boolean | undefined;
2110
+ check_auto_restart?: boolean | undefined;
2111
+ } | undefined;
1890
2112
  }>>>;
1891
2113
  hooks: z.ZodDefault<z.ZodOptional<z.ZodObject<{
1892
2114
  enabled: z.ZodDefault<z.ZodOptional<z.ZodBoolean>>;
@@ -2032,6 +2254,17 @@ export declare const ConfigSchema: z.ZodObject<{
2032
2254
  command_injection: boolean;
2033
2255
  block_on_severity: "critical" | "high" | "medium" | "low";
2034
2256
  };
2257
+ frontend_secret_exposure: {
2258
+ enabled: boolean;
2259
+ block_on_severity: "critical" | "high" | "medium" | "low";
2260
+ check_process_env: boolean;
2261
+ check_import_meta_env: boolean;
2262
+ secret_env_name_patterns: string[];
2263
+ safe_public_prefixes: string[];
2264
+ frontend_path_patterns: string[];
2265
+ server_path_patterns: string[];
2266
+ allowlist_env_names: string[];
2267
+ };
2035
2268
  adaptive: {
2036
2269
  enabled: boolean;
2037
2270
  base_coverage_threshold: number;
@@ -2117,6 +2350,18 @@ export declare const ConfigSchema: z.ZodObject<{
2117
2350
  custom_patterns: string[];
2118
2351
  audit_log: boolean;
2119
2352
  };
2353
+ side_effect_analysis: {
2354
+ enabled: boolean;
2355
+ ignore_patterns: string[];
2356
+ check_unbounded_timers: boolean;
2357
+ check_unbounded_loops: boolean;
2358
+ check_process_lifecycle: boolean;
2359
+ check_recursive_depth: boolean;
2360
+ check_resource_lifecycle: boolean;
2361
+ check_retry_without_limit: boolean;
2362
+ check_circular_triggers: boolean;
2363
+ check_auto_restart: boolean;
2364
+ };
2120
2365
  };
2121
2366
  hooks: {
2122
2367
  enabled: boolean;
@@ -2246,6 +2491,17 @@ export declare const ConfigSchema: z.ZodObject<{
2246
2491
  command_injection?: boolean | undefined;
2247
2492
  block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
2248
2493
  } | undefined;
2494
+ frontend_secret_exposure?: {
2495
+ enabled?: boolean | undefined;
2496
+ block_on_severity?: "critical" | "high" | "medium" | "low" | undefined;
2497
+ check_process_env?: boolean | undefined;
2498
+ check_import_meta_env?: boolean | undefined;
2499
+ secret_env_name_patterns?: string[] | undefined;
2500
+ safe_public_prefixes?: string[] | undefined;
2501
+ frontend_path_patterns?: string[] | undefined;
2502
+ server_path_patterns?: string[] | undefined;
2503
+ allowlist_env_names?: string[] | undefined;
2504
+ } | undefined;
2249
2505
  adaptive?: {
2250
2506
  enabled?: boolean | undefined;
2251
2507
  base_coverage_threshold?: number | undefined;
@@ -2331,6 +2587,18 @@ export declare const ConfigSchema: z.ZodObject<{
2331
2587
  custom_patterns?: string[] | undefined;
2332
2588
  audit_log?: boolean | undefined;
2333
2589
  } | undefined;
2590
+ side_effect_analysis?: {
2591
+ enabled?: boolean | undefined;
2592
+ ignore_patterns?: string[] | undefined;
2593
+ check_unbounded_timers?: boolean | undefined;
2594
+ check_unbounded_loops?: boolean | undefined;
2595
+ check_process_lifecycle?: boolean | undefined;
2596
+ check_recursive_depth?: boolean | undefined;
2597
+ check_resource_lifecycle?: boolean | undefined;
2598
+ check_retry_without_limit?: boolean | undefined;
2599
+ check_circular_triggers?: boolean | undefined;
2600
+ check_auto_restart?: boolean | undefined;
2601
+ } | undefined;
2334
2602
  } | undefined;
2335
2603
  hooks?: {
2336
2604
  enabled?: boolean | undefined;
package/dist/types/index.js CHANGED
@@ -95,6 +95,42 @@ export const GatesSchema = z.object({
95
95
  command_injection: z.boolean().optional().default(true),
96
96
  block_on_severity: z.enum(['critical', 'high', 'medium', 'low']).optional().default('high'),
97
97
  }).optional().default({}),
98
+ frontend_secret_exposure: z.object({
99
+ enabled: z.boolean().optional().default(true),
100
+ block_on_severity: z.enum(['critical', 'high', 'medium', 'low']).optional().default('high'),
101
+ check_process_env: z.boolean().optional().default(true),
102
+ check_import_meta_env: z.boolean().optional().default(true),
103
+ secret_env_name_patterns: z.array(z.string()).optional().default([
104
+ '(?:^|_)(?:secret|private)(?:_|$)',
105
+ '(?:^|_)(?:token|api[_-]?key|access[_-]?key|client[_-]?secret|signing|webhook)(?:_|$)',
106
+ '(?:^|_)(?:db[_-]?url|database[_-]?url|connection[_-]?string)(?:_|$)',
107
+ ]),
108
+ safe_public_prefixes: z.array(z.string()).optional().default([
109
+ 'NEXT_PUBLIC_',
110
+ 'VITE_',
111
+ 'PUBLIC_',
112
+ 'NUXT_PUBLIC_',
113
+ 'REACT_APP_',
114
+ ]),
115
+ frontend_path_patterns: z.array(z.string()).optional().default([
116
+ '(^|/)pages/(?!api/)',
117
+ '(^|/)components/',
118
+ '(^|/)src/components/',
119
+ '(^|/)src/views/',
120
+ '(^|/)src/app/',
121
+ '(^|/)app/(?!api/)',
122
+ '(^|/)views/',
123
+ '(^|/)public/',
124
+ ]),
125
+ server_path_patterns: z.array(z.string()).optional().default([
126
+ '(^|/)pages/api/',
127
+ '(^|/)src/pages/api/',
128
+ '(^|/)app/api/',
129
+ '(^|/)src/app/api/',
130
+ '\\.server\\.(?:ts|tsx|js|jsx|mjs|cjs)$',
131
+ ]),
132
+ allowlist_env_names: z.array(z.string()).optional().default([]),
133
+ }).optional().default({}),
98
134
  adaptive: z.object({
99
135
  enabled: z.boolean().optional().default(false),
100
136
  base_coverage_threshold: z.number().optional().default(80),
@@ -225,6 +261,19 @@ export const GatesSchema = z.object({
225
261
  ignore_patterns: z.array(z.string()).optional().default([]),
226
262
  audit_log: z.boolean().optional().default(true),
227
263
  }).optional().default({}),
264
+ // v4.3+ Side-Effect Safety Analysis
265
+ side_effect_analysis: z.object({
266
+ enabled: z.boolean().optional().default(true),
267
+ check_unbounded_timers: z.boolean().optional().default(true),
268
+ check_unbounded_loops: z.boolean().optional().default(true),
269
+ check_process_lifecycle: z.boolean().optional().default(true),
270
+ check_recursive_depth: z.boolean().optional().default(true),
271
+ check_resource_lifecycle: z.boolean().optional().default(true),
272
+ check_retry_without_limit: z.boolean().optional().default(true),
273
+ check_circular_triggers: z.boolean().optional().default(true),
274
+ check_auto_restart: z.boolean().optional().default(true),
275
+ ignore_patterns: z.array(z.string()).optional().default([]),
276
+ }).optional().default({}),
228
277
  // v4.0+ Deep Analysis (LLM-powered)
229
278
  deep: z.object({
230
279
  enabled: z.boolean().optional().default(false),
@@ -265,6 +314,7 @@ export const HooksSchema = z.object({
265
314
  'deprecated-apis',
266
315
  'promise-safety',
267
316
  'security-patterns',
317
+ 'side-effect-analysis',
268
318
  'file-size',
269
319
  ]),
270
320
  timeout_ms: z.number().optional().default(5000),
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rigour-labs/core",
3
- "version": "4.3.0",
3
+ "version": "4.3.2",
4
4
  "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
5
5
  "license": "MIT",
6
6
  "homepage": "https://rigour.run",
@@ -59,11 +59,11 @@
59
59
  "@xenova/transformers": "^2.17.2",
60
60
  "better-sqlite3": "^11.0.0",
61
61
  "openai": "^4.104.0",
62
- "@rigour-labs/brain-linux-arm64": "4.3.0",
63
- "@rigour-labs/brain-linux-x64": "4.3.0",
64
- "@rigour-labs/brain-darwin-x64": "4.3.0",
65
- "@rigour-labs/brain-win-x64": "4.3.0",
66
- "@rigour-labs/brain-darwin-arm64": "4.3.0"
62
+ "@rigour-labs/brain-darwin-arm64": "4.3.2",
63
+ "@rigour-labs/brain-linux-arm64": "4.3.2",
64
+ "@rigour-labs/brain-darwin-x64": "4.3.2",
65
+ "@rigour-labs/brain-win-x64": "4.3.2",
66
+ "@rigour-labs/brain-linux-x64": "4.3.2"
67
67
  },
68
68
  "devDependencies": {
69
69
  "@types/better-sqlite3": "^7.6.12",