@ryuenn3123/agentic-senior-core 1.9.5 → 2.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/.agent-context/state/onboarding-report.json +3 -3
  2. package/.cursorrules +2 -2
  3. package/.windsurfrules +2 -2
  4. package/README.md +1 -0
  5. package/package.json +3 -2
  6. package/scripts/forbidden-content-check.mjs +123 -0
package/.agent-context/state/onboarding-report.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
- "cliVersion": "1.9.5",
3
- "generatedAt": "2026-04-08T03:45:54.099Z",
2
+ "cliVersion": "2.0.0",
3
+ "generatedAt": "2026-04-08T03:56:54.149Z",
4
4
  "operationMode": "upgrade",
5
5
  "selectedProfile": "beginner",
6
6
  "selectedProfilePack": null,
7
7
  "selectedStack": "typescript.md",
8
8
  "selectedBlueprint": "api-nextjs.md",
9
9
  "ciGuardrailsEnabled": true,
10
- "setupDurationMs": 105,
10
+ "setupDurationMs": 86,
11
11
  "selectedSkillDomains": [],
12
12
  "autoDetection": {
13
13
  "recommendedStack": "typescript.md",
package/.cursorrules CHANGED
@@ -1,7 +1,7 @@
1
1
  # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
2
2
 
3
- Generated by Agentic-Senior-Core CLI v1.9.5
4
- Timestamp: 2026-04-08T03:45:54.030Z
3
+ Generated by Agentic-Senior-Core CLI v2.0.0
4
+ Timestamp: 2026-04-08T03:56:54.094Z
5
5
  Selected profile: beginner
6
6
  Selected policy file: .agent-context/policies/llm-judge-threshold.json
7
7
 
package/.windsurfrules CHANGED
@@ -1,7 +1,7 @@
1
1
  # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
2
2
 
3
- Generated by Agentic-Senior-Core CLI v1.9.5
4
- Timestamp: 2026-04-08T03:45:54.030Z
3
+ Generated by Agentic-Senior-Core CLI v2.0.0
4
+ Timestamp: 2026-04-08T03:56:54.094Z
5
5
  Selected profile: beginner
6
6
  Selected policy file: .agent-context/policies/llm-judge-threshold.json
7
7
 
package/README.md CHANGED
@@ -206,6 +206,7 @@ Our documentation has shifted into dedicated tracks to keep this README light:
206
206
  - **Codebase Intelligence:** `.agent-context/state/` gives architecture/dependency boundaries so the agent understands high-risk areas.
207
207
  - **Override System:** `.agent-override.md` allows controlled enterprise exceptions without forking core rules.
208
208
  - **Automated Guardrails:** CI blueprints include LLM-as-a-Judge flow using `pr-checklist.md`.
209
+ - **Pre-Publish Safety:** Built-in forbidden content checks detect hardcoded secrets and stray debugger artifacts before hitting the NPM registry.
209
210
  - **Machine-Readable CI Output:** LLM Judge emits `JSON_REPORT` payloads and writes `.agent-context/state/llm-judge-report.json` for PR/MR annotation tooling.
210
211
  - **MCP Self-Healing Loop:** `mcp.json` defines diagnostics + fix proposal workflow when lint/CI fails.
211
212
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ryuenn3123/agentic-senior-core",
3
- "version": "1.9.5",
3
+ "version": "2.0.0",
4
4
  "type": "module",
5
5
  "description": "Force your AI Agent to code like a Staff Engineer, not a Junior.",
6
6
  "bin": {
@@ -43,7 +43,8 @@
43
43
  "scripts": {
44
44
  "init": "node ./bin/agentic-senior-core.js init",
45
45
  "audit:frontend-usability": "node ./scripts/frontend-usability-audit.mjs",
46
- "gate:release": "node ./scripts/release-gate.mjs",
46
+ "gate:release": "node ./scripts/release-gate.mjs && node ./scripts/forbidden-content-check.mjs",
47
+ "prepublishOnly": "npm run gate:release",
47
48
  "sbom:generate": "node ./scripts/generate-sbom.mjs",
48
49
  "benchmark:detection": "node ./scripts/detection-benchmark.mjs",
49
50
  "benchmark:gate": "node ./scripts/benchmark-gate.mjs",
package/scripts/forbidden-content-check.mjs ADDED
@@ -0,0 +1,123 @@
1
+ import { readFileSync, statSync, readdirSync } from 'node:fs';
2
+ import { join, relative } from 'node:path';
3
+
4
+ const ROOT_DIR = process.cwd();
5
+
6
+ // Directories to aggressively scan before NPM publish
7
+ const SCAN_DIRECTORIES = [
8
+ 'lib',
9
+ 'bin',
10
+ 'scripts',
11
+ '.agent-context'
12
+ ];
13
+
14
+ const FORBIDDEN_PATTERNS = [
15
+ {
16
+ name: 'Hardcoded API Key',
17
+ regex: /api_?key\s*[:=]\s*['"][a-zA-Z0-9_\-]{16,}['"]/i,
18
+ suggestion: 'API Keys must be provided via environment variables (process.env) or config files, never hardcoded.'
19
+ },
20
+ {
21
+ name: 'Hardcoded Password',
22
+ regex: /password\s*[:=]\s*['"][^'"]+['"]/i,
23
+ suggestion: 'Passwords must be injected via secret managers or environment variables.'
24
+ },
25
+ {
26
+ name: 'Absolute Local Desktop Path',
27
+ regex: /file:\/\/\/?([c-zC-Z]:|\/Users\/|\/home\/)/,
28
+ suggestion: 'Do not commit local absolute file paths (e.g. file:///C:/Users). Use relative paths or process.cwd().'
29
+ },
30
+ {
31
+ name: 'Stray Breakpoint (debugger)',
32
+ regex: /\bdebugger\s*;?/,
33
+ suggestion: 'Remove debug breakpoints before publishing to production.'
34
+ }
35
+ ];
36
+
37
+ function scanFile(filePath) {
38
+ const content = readFileSync(filePath, 'utf8');
39
+ const lines = content.split('\n');
40
+ const violations = [];
41
+
42
+ for (let i = 0; i < lines.length; i++) {
43
+ const line = lines[i];
44
+
45
+ for (const pattern of FORBIDDEN_PATTERNS) {
46
+ if (pattern.regex.test(line)) {
47
+ violations.push({
48
+ line: i + 1,
49
+ content: line.trim().substring(0, 80), // truncate long lines
50
+ rule: pattern.name,
51
+ suggestion: pattern.suggestion
52
+ });
53
+ }
54
+ }
55
+ }
56
+
57
+ return violations;
58
+ }
59
+
60
+ function walkDirectory(dir, filePaths = []) {
61
+ try {
62
+ const entries = readdirSync(dir, { withFileTypes: true });
63
+
64
+ for (const entry of entries) {
65
+ const fullPath = join(dir, entry.name);
66
+
67
+ if (entry.isDirectory()) {
68
+ walkDirectory(fullPath, filePaths);
69
+ } else if (entry.isFile()) {
70
+ // Only scan source/docs, exclude markdown as it contains example anti-patterns
71
+ if (/\.(js|mjs|cjs|ts|json|yml|yaml)$/i.test(entry.name) && entry.name !== 'forbidden-content-check.mjs') {
72
+ filePaths.push(fullPath);
73
+ }
74
+ }
75
+ }
76
+ } catch (err) {
77
+ if (err.code !== 'ENOENT') {
78
+ console.error(`Error reading ${dir}: ${err.message}`);
79
+ }
80
+ }
81
+ return filePaths;
82
+ }
83
+
84
+ async function runCheck() {
85
+ console.log('Scanning for forbidden content (Publish Gate)...\n');
86
+
87
+ let totalViolations = 0;
88
+ const filesScanned = [];
89
+
90
+ for (const dirName of SCAN_DIRECTORIES) {
91
+ const targetDir = join(ROOT_DIR, dirName);
92
+ const files = walkDirectory(targetDir);
93
+
94
+ for (const file of files) {
95
+ filesScanned.push(file);
96
+ const violations = scanFile(file);
97
+
98
+ if (violations.length > 0) {
99
+ const relPath = relative(ROOT_DIR, file);
100
+ console.error(`\n❌ FORBIDDEN CONTENT DETECTED IN: ${relPath}`);
101
+
102
+ for (const v of violations) {
103
+ console.error(` Line ${v.line}: [${v.rule}]`);
104
+ console.error(` > ${v.content}`);
105
+ console.error(` Action required: ${v.suggestion}`);
106
+ totalViolations++;
107
+ }
108
+ }
109
+ }
110
+ }
111
+
112
+ console.log(`\nScanned ${filesScanned.length} files across ${SCAN_DIRECTORIES.length} source directories.`);
113
+
114
+ if (totalViolations > 0) {
115
+ console.error(`\n✖ PUBLISH ABORTED: Found ${totalViolations} forbidden content violation(s).`);
116
+ process.exit(1);
117
+ } else {
118
+ console.log('✔ Clean. No forbidden content detected.');
119
+ process.exit(0);
120
+ }
121
+ }
122
+
123
+ runCheck();