@rigour-labs/core 5.0.0 → 5.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (139) hide show
  1. package/README.md +9 -1
  2. package/dist/gates/agent-team.d.ts +0 -1
  3. package/dist/gates/agent-team.js +0 -1
  4. package/dist/gates/checkpoint.d.ts +0 -2
  5. package/dist/gates/checkpoint.js +0 -2
  6. package/dist/gates/context-window-artifacts.d.ts +6 -2
  7. package/dist/gates/context-window-artifacts.js +107 -31
  8. package/dist/gates/deep-analysis.d.ts +2 -0
  9. package/dist/gates/deep-analysis.js +41 -11
  10. package/dist/gates/dependency.d.ts +0 -2
  11. package/dist/gates/dependency.js +23 -5
  12. package/dist/gates/deprecated-apis.d.ts +0 -2
  13. package/dist/gates/deprecated-apis.js +33 -20
  14. package/dist/gates/duplication-drift/index.d.ts +61 -0
  15. package/dist/gates/duplication-drift/index.js +240 -0
  16. package/dist/gates/duplication-drift/similarity.d.ts +68 -0
  17. package/dist/gates/duplication-drift/similarity.js +177 -0
  18. package/dist/gates/duplication-drift/tokenizer.d.ts +55 -0
  19. package/dist/gates/duplication-drift/tokenizer.js +195 -0
  20. package/dist/gates/frontend-secret-exposure.d.ts +0 -3
  21. package/dist/gates/frontend-secret-exposure.js +1 -114
  22. package/dist/gates/frontend-secret-patterns.d.ts +33 -0
  23. package/dist/gates/frontend-secret-patterns.js +119 -0
  24. package/dist/gates/{hallucinated-imports.d.ts → hallucinated-imports/index.d.ts} +2 -29
  25. package/dist/gates/hallucinated-imports/index.js +174 -0
  26. package/dist/gates/hallucinated-imports/js-resolver.d.ts +45 -0
  27. package/dist/gates/hallucinated-imports/js-resolver.js +320 -0
  28. package/dist/gates/hallucinated-imports/manifest-discovery.d.ts +28 -0
  29. package/dist/gates/hallucinated-imports/manifest-discovery.js +114 -0
  30. package/dist/gates/hallucinated-imports/python-resolver.d.ts +24 -0
  31. package/dist/gates/hallucinated-imports/python-resolver.js +306 -0
  32. package/dist/gates/hallucinated-imports-lang.d.ts +2 -2
  33. package/dist/gates/hallucinated-imports-lang.js +269 -34
  34. package/dist/gates/hallucinated-imports.test.js +1 -2
  35. package/dist/gates/inconsistent-error-handling.d.ts +0 -5
  36. package/dist/gates/inconsistent-error-handling.js +15 -144
  37. package/dist/gates/language-adapters/csharp-adapter.d.ts +16 -0
  38. package/dist/gates/language-adapters/csharp-adapter.js +211 -0
  39. package/dist/gates/language-adapters/go-adapter.d.ts +26 -0
  40. package/dist/gates/language-adapters/go-adapter.js +195 -0
  41. package/dist/gates/language-adapters/index.d.ts +15 -0
  42. package/dist/gates/language-adapters/index.js +16 -0
  43. package/dist/gates/language-adapters/java-adapter.d.ts +16 -0
  44. package/dist/gates/language-adapters/java-adapter.js +237 -0
  45. package/dist/gates/language-adapters/js-adapter.d.ts +26 -0
  46. package/dist/gates/language-adapters/js-adapter.js +279 -0
  47. package/dist/gates/language-adapters/python-adapter.d.ts +25 -0
  48. package/dist/gates/language-adapters/python-adapter.js +183 -0
  49. package/dist/gates/language-adapters/registry.d.ts +26 -0
  50. package/dist/gates/language-adapters/registry.js +65 -0
  51. package/dist/gates/language-adapters/ruby-adapter.d.ts +25 -0
  52. package/dist/gates/language-adapters/ruby-adapter.js +217 -0
  53. package/dist/gates/language-adapters/rust-adapter.d.ts +27 -0
  54. package/dist/gates/language-adapters/rust-adapter.js +235 -0
  55. package/dist/gates/language-adapters/types.d.ts +60 -0
  56. package/dist/gates/language-adapters/types.js +22 -0
  57. package/dist/gates/logic-drift-extractors.d.ts +15 -0
  58. package/dist/gates/logic-drift-extractors.js +34 -0
  59. package/dist/gates/logic-drift.d.ts +0 -30
  60. package/dist/gates/logic-drift.js +39 -129
  61. package/dist/gates/phantom-apis.d.ts +0 -2
  62. package/dist/gates/phantom-apis.js +49 -20
  63. package/dist/gates/promise-safety.d.ts +0 -1
  64. package/dist/gates/promise-safety.js +14 -2
  65. package/dist/gates/runner.js +51 -22
  66. package/dist/gates/security-patterns-data.d.ts +14 -0
  67. package/dist/gates/security-patterns-data.js +235 -0
  68. package/dist/gates/security-patterns.d.ts +17 -3
  69. package/dist/gates/security-patterns.js +80 -211
  70. package/dist/gates/side-effect-analysis/categorizer.d.ts +32 -0
  71. package/dist/gates/side-effect-analysis/categorizer.js +83 -0
  72. package/dist/gates/{side-effect-analysis.d.ts → side-effect-analysis/index.d.ts} +3 -5
  73. package/dist/gates/{side-effect-analysis.js → side-effect-analysis/index.js} +33 -45
  74. package/dist/gates/side-effect-analysis/scope-tracker.d.ts +37 -0
  75. package/dist/gates/side-effect-analysis/scope-tracker.js +40 -0
  76. package/dist/gates/side-effect-helpers/index.d.ts +4 -0
  77. package/dist/gates/side-effect-helpers/index.js +4 -0
  78. package/dist/gates/side-effect-helpers/pattern-detection.d.ts +123 -0
  79. package/dist/gates/{side-effect-helpers.js → side-effect-helpers/pattern-detection.js} +22 -468
  80. package/dist/gates/side-effect-helpers/resource-tracking.d.ts +80 -0
  81. package/dist/gates/side-effect-helpers/resource-tracking.js +281 -0
  82. package/dist/gates/side-effect-helpers/scope-analysis.d.ts +21 -0
  83. package/dist/gates/side-effect-helpers/scope-analysis.js +146 -0
  84. package/dist/gates/side-effect-helpers/types.d.ts +38 -0
  85. package/dist/gates/side-effect-helpers/types.js +41 -0
  86. package/dist/gates/side-effect-rules.d.ts +0 -1
  87. package/dist/gates/side-effect-rules.js +0 -1
  88. package/dist/gates/style-drift-rules.d.ts +86 -0
  89. package/dist/gates/style-drift-rules.js +103 -0
  90. package/dist/gates/style-drift.d.ts +7 -16
  91. package/dist/gates/style-drift.js +101 -119
  92. package/dist/gates/test-quality-matchers.d.ts +53 -0
  93. package/dist/gates/test-quality-matchers.js +86 -0
  94. package/dist/gates/test-quality.d.ts +0 -3
  95. package/dist/gates/test-quality.js +47 -44
  96. package/dist/hooks/checker.d.ts +0 -1
  97. package/dist/hooks/checker.js +1 -3
  98. package/dist/hooks/dlp-templates.d.ts +0 -1
  99. package/dist/hooks/dlp-templates.js +0 -4
  100. package/dist/hooks/index.d.ts +0 -2
  101. package/dist/hooks/index.js +0 -2
  102. package/dist/hooks/input-validator.d.ts +0 -1
  103. package/dist/hooks/input-validator.js +0 -1
  104. package/dist/hooks/input-validator.test.js +0 -1
  105. package/dist/hooks/standalone-checker.d.ts +0 -1
  106. package/dist/hooks/standalone-checker.js +0 -1
  107. package/dist/hooks/standalone-dlp-checker.d.ts +0 -1
  108. package/dist/hooks/standalone-dlp-checker.js +0 -1
  109. package/dist/hooks/templates.d.ts +6 -1
  110. package/dist/hooks/templates.js +6 -1
  111. package/dist/hooks/types.d.ts +1 -2
  112. package/dist/hooks/types.js +1 -1
  113. package/dist/index.d.ts +1 -1
  114. package/dist/index.js +1 -1
  115. package/dist/services/adaptive-thresholds.d.ts +0 -2
  116. package/dist/services/adaptive-thresholds.js +0 -2
  117. package/dist/services/filesystem-cache.d.ts +0 -1
  118. package/dist/services/filesystem-cache.js +0 -1
  119. package/dist/services/score-history.d.ts +0 -1
  120. package/dist/services/score-history.js +0 -1
  121. package/dist/services/temporal-drift.d.ts +1 -2
  122. package/dist/services/temporal-drift.js +7 -8
  123. package/dist/storage/db.d.ts +23 -7
  124. package/dist/storage/db.js +116 -55
  125. package/dist/storage/findings.d.ts +4 -3
  126. package/dist/storage/findings.js +13 -20
  127. package/dist/storage/local-memory.d.ts +4 -4
  128. package/dist/storage/local-memory.js +20 -22
  129. package/dist/storage/patterns.d.ts +5 -5
  130. package/dist/storage/patterns.js +20 -26
  131. package/dist/storage/scans.d.ts +6 -6
  132. package/dist/storage/scans.js +12 -21
  133. package/dist/types/index.d.ts +1 -0
  134. package/dist/utils/scanner.js +1 -1
  135. package/package.json +7 -8
  136. package/dist/gates/duplication-drift.d.ts +0 -128
  137. package/dist/gates/duplication-drift.js +0 -585
  138. package/dist/gates/hallucinated-imports.js +0 -641
  139. package/dist/gates/side-effect-helpers.d.ts +0 -260
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rigour-labs/core",
3
- "version": "5.0.0",
3
+ "version": "5.1.0",
4
4
  "description": "Deterministic quality gate engine for AI-generated code. AST analysis, drift detection, and Fix Packet generation across TypeScript, JavaScript, Python, Go, Ruby, and C#.",
5
5
  "license": "MIT",
6
6
  "homepage": "https://rigour.run",
@@ -57,16 +57,15 @@
57
57
  "optionalDependencies": {
58
58
  "@anthropic-ai/sdk": "^0.30.1",
59
59
  "@xenova/transformers": "^2.17.2",
60
- "better-sqlite3": "^11.0.0",
60
+ "sqlite3": "^5.1.7",
61
61
  "openai": "^4.104.0",
62
- "@rigour-labs/brain-darwin-arm64": "5.0.0",
63
- "@rigour-labs/brain-linux-arm64": "5.0.0",
64
- "@rigour-labs/brain-darwin-x64": "5.0.0",
65
- "@rigour-labs/brain-linux-x64": "5.0.0",
66
- "@rigour-labs/brain-win-x64": "5.0.0"
62
+ "@rigour-labs/brain-darwin-arm64": "5.1.0",
63
+ "@rigour-labs/brain-darwin-x64": "5.1.0",
64
+ "@rigour-labs/brain-win-x64": "5.1.0",
65
+ "@rigour-labs/brain-linux-arm64": "5.1.0",
66
+ "@rigour-labs/brain-linux-x64": "5.1.0"
67
67
  },
68
68
  "devDependencies": {
69
- "@types/better-sqlite3": "^7.6.12",
70
69
  "@types/fs-extra": "^11.0.4",
71
70
  "@types/micromatch": "^4.0.10",
72
71
  "@types/node": "^25.0.3",
package/dist/gates/duplication-drift.d.ts DELETED
@@ -1,128 +0,0 @@
1
- /**
2
- * Duplication Drift Gate (v2)
3
- *
4
- * Detects when AI generates near-identical functions across files because
5
- * it doesn't remember what it already wrote. This is an AI-specific failure
6
- * mode — humans reuse via copy-paste (same file), AI re-invents (cross-file).
7
- *
8
- * v2 upgrades:
9
- * - tree-sitter AST node type sequences replace hand-rolled regex tokenizer
10
- * - Jaccard similarity on AST node multisets (structural, not textual)
11
- * - Catches duplicates even when every variable name is different
12
- * - MD5 kept as fast-path for exact matches, Jaccard runs on remaining pairs
13
- *
14
- * Detection strategy (three-pass):
15
- * 1. Extract function bodies, normalize text (strip comments/whitespace)
16
- * 2. Parse with tree-sitter → walk AST → collect node type multiset
17
- * 3. Generate semantic embeddings via all-MiniLM-L6-v2 (384D)
18
- * 4. Pass 1 (fast): MD5 hash → exact duplicates (O(n), <10ms)
19
- * 5. Pass 2 (Jaccard): AST node multiset similarity → structural near-duplicates (O(n²) bounded)
20
- * 6. Pass 3 (semantic): Embedding cosine similarity → semantic duplicates (O(n²) bounded)
21
- * 7. Flag functions with similarity > threshold in different files
22
- *
23
- * Why AST node types > raw tokens:
24
- * - `getUserById(id) { return db.find(x => x.id === id) }`
25
- * - `fetchUser(userId) { return database.filter(u => u.id === userId)[0] }`
26
- * Both produce similar AST: [return_statement, call_expression, arrow_function,
27
- * binary_expression, member_expression]. Variable names are invisible.
28
- *
29
- * @since v2.16.0 (original MD5)
30
- * @since v5.0.0 (tree-sitter AST + Jaccard)
31
- * @since v5.1.0 (semantic embedding Pass 3)
32
- */
33
- import { Gate, GateContext } from './base.js';
34
- import { Failure, Provenance } from '../types/index.js';
35
- export interface DuplicationDriftConfig {
36
- enabled?: boolean;
37
- similarity_threshold?: number;
38
- semantic_threshold?: number;
39
- semantic_enabled?: boolean;
40
- min_body_lines?: number;
41
- approved_duplications?: string[];
42
- }
43
- export declare class DuplicationDriftGate extends Gate {
44
- private config;
45
- private parser;
46
- constructor(config?: DuplicationDriftConfig);
47
- protected get provenance(): Provenance;
48
- run(context: GateContext): Promise<Failure[]>;
49
- /**
50
- * Parse the file with tree-sitter, find function nodes that match
51
- * our extracted functions (by line number), and replace their token
52
- * multisets with AST node type sequences.
53
- *
54
- * AST node types are language-agnostic structural tokens:
55
- * - if_statement, for_statement, return_statement
56
- * - call_expression, member_expression, binary_expression
57
- * - arrow_function, function_declaration
58
- *
59
- * Variable names, string literals, comments — all invisible.
60
- * Only STRUCTURE matters.
61
- */
62
- private enrichWithASTTokens;
63
- /**
64
- * Walk the AST tree to find a function/method node at a given line.
65
- */
66
- private findFunctionNodeAtLine;
67
- /**
68
- * Walk an AST subtree and collect node types as a multiset.
69
- *
70
- * This is the core insight: two functions with different variable names
71
- * but the same control flow produce the same node type multiset.
72
- *
73
- * Example:
74
- * `function a(x) { if (x > 0) return x * 2; return 0; }`
75
- * `function b(val) { if (val > 0) return val * 2; return 0; }`
76
- *
77
- * Both produce: {if_statement: 1, binary_expression: 2, return_statement: 2, ...}
78
- * → Jaccard similarity = 1.0
79
- */
80
- private collectASTNodeTypes;
81
- /**
82
- * Fallback tokenizer when tree-sitter is not available.
83
- * Uses normalized text → keyword/operator multiset.
84
- */
85
- private textTokenize;
86
- /**
87
- * Jaccard similarity on multisets.
88
- * intersection = sum of min(countA, countB) for each key
89
- * union = sum of max(countA, countB) for each key
90
- */
91
- private jaccardSimilarity;
92
- private extractJSFunctions;
93
- private extractPyFunctions;
94
- private extractFunctionBody;
95
- private normalizeBody;
96
- private hash;
97
- /**
98
- * Generate semantic embedding text for a function.
99
- * Combines function name, parameter names, and first 200 tokens of body.
100
- * This captures INTENT regardless of implementation differences.
101
- *
102
- * Example:
103
- * getUserById(id) { return db.users.find(x => x.id === id) }
104
- * → "getUserById id return db users find x id id"
105
- *
106
- * fetchUserRecord(userId) { return database.users.filter(u => u.id === userId)[0] }
107
- * → "fetchUserRecord userId return database users filter u id userId 0"
108
- *
109
- * These produce similar embeddings (~0.91 cosine) despite different AST.
110
- */
111
- private buildEmbeddingText;
112
- /**
113
- * Enrich functions with semantic embeddings for Pass 3.
114
- * Only called for functions not already claimed by Pass 1/2.
115
- * Uses generateEmbedding() from pattern-index/embeddings.ts.
116
- */
117
- private enrichWithEmbeddings;
118
- /**
119
- * Three-pass duplicate detection:
120
- * Pass 1 (fast): MD5 hash → exact duplicates (O(n))
121
- * Pass 2 (Jaccard): AST node multiset similarity → near-duplicates (O(n²) bounded)
122
- * Pass 3 (semantic): Embedding cosine similarity → semantic duplicates (O(n²) bounded)
123
- *
124
- * Pass 3 catches what AST Jaccard misses: same intent, different implementation.
125
- * Example: .find() vs .filter()[0] — different AST nodes, same semantic meaning.
126
- */
127
- private findDuplicateGroups;
128
- }