@ryuenn3123/agentic-senior-core 1.9.5 → 2.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (9) hide show
  1. package/.agent-context/state/onboarding-report.json +3 -3
  2. package/.cursorrules +2 -2
  3. package/.windsurfrules +2 -2
  4. package/README.md +5 -3
  5. package/lib/cli/commands/init.mjs +8 -0
  6. package/lib/cli/commands/rollback.mjs +7 -0
  7. package/lib/cli/commands/upgrade.mjs +8 -0
  8. package/package.json +3 -2
  9. package/scripts/forbidden-content-check.mjs +123 -0
package/.agent-context/state/onboarding-report.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
- "cliVersion": "1.9.5",
3
- "generatedAt": "2026-04-08T03:45:54.099Z",
2
+ "cliVersion": "2.0.1",
3
+ "generatedAt": "2026-04-08T14:58:53.636Z",
4
4
  "operationMode": "upgrade",
5
5
  "selectedProfile": "beginner",
6
6
  "selectedProfilePack": null,
7
7
  "selectedStack": "typescript.md",
8
8
  "selectedBlueprint": "api-nextjs.md",
9
9
  "ciGuardrailsEnabled": true,
10
- "setupDurationMs": 105,
10
+ "setupDurationMs": 106,
11
11
  "selectedSkillDomains": [],
12
12
  "autoDetection": {
13
13
  "recommendedStack": "typescript.md",
package/.cursorrules CHANGED
@@ -1,7 +1,7 @@
1
1
  # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
2
2
 
3
- Generated by Agentic-Senior-Core CLI v1.9.5
4
- Timestamp: 2026-04-08T03:45:54.030Z
3
+ Generated by Agentic-Senior-Core CLI v2.0.1
4
+ Timestamp: 2026-04-08T14:58:53.570Z
5
5
  Selected profile: beginner
6
6
  Selected policy file: .agent-context/policies/llm-judge-threshold.json
7
7
 
package/.windsurfrules CHANGED
@@ -1,7 +1,7 @@
1
1
  # AGENTIC-SENIOR-CORE DYNAMIC GOVERNANCE RULESET
2
2
 
3
- Generated by Agentic-Senior-Core CLI v1.9.5
4
- Timestamp: 2026-04-08T03:45:54.030Z
3
+ Generated by Agentic-Senior-Core CLI v2.0.1
4
+ Timestamp: 2026-04-08T14:58:53.570Z
5
5
  Selected profile: beginner
6
6
  Selected policy file: .agent-context/policies/llm-judge-threshold.json
7
7
 
package/README.md CHANGED
@@ -103,7 +103,7 @@ If you have an existing project and want to infuse it with Staff-level context:
103
103
  npx @ryuenn3123/agentic-senior-core init
104
104
  ```
105
105
 
106
- Use team defaults (V1.8 track) with profile packs:
106
+ Use team defaults (V2.0 track) with profile packs:
107
107
 
108
108
  ```bash
109
109
  npx @ryuenn3123/agentic-senior-core init --profile-pack startup
@@ -170,7 +170,7 @@ Use the stack that matches the project you are actually starting:
170
170
  ### Option 4: Clone and Play
171
171
  Want to poke around under the hood? Just clone the repo and `npx @ryuenn3123/agentic-senior-core init` locally. No runtime dependencies needed — everything uses native Node.js!
172
172
 
173
- ### Upgrade Existing Governance Packs (V1.8)
173
+ ### Upgrade Existing Governance Packs (V1.x to V2.x)
174
174
 
175
175
  Yes, the upgrade flow still works. Use `--dry-run` first to preview changes, then apply with `--yes` when you are ready.
176
176
 
@@ -201,11 +201,13 @@ Our documentation has shifted into dedicated tracks to keep this README light:
201
201
 
202
202
  ## Core Capabilities
203
203
 
204
- - **Delivery Engine (CLI):** Interactive setup via GitHub source, bootstrap scripts, or `npx` after publish.
204
+ - **Delivery Engine (CLI):** Interactive setup via GitHub source, bootstrap scripts, or `npx` after publish. Supported by a robust transactional installer with rollback protection.
205
+ - **Verified Skill Marketplace:** Distribute and validate plugins securely with automated 4-dimension Trust Scoring and Evidence Bundles constraint validation.
205
206
  - **Dynamic Context Compiler:** Merges universal rules + selected stack + selected blueprint + optional CI guardrails into one dense, indexed rule file.
206
207
  - **Codebase Intelligence:** `.agent-context/state/` gives architecture/dependency boundaries so the agent understands high-risk areas.
207
208
  - **Override System:** `.agent-override.md` allows controlled enterprise exceptions without forking core rules.
208
209
  - **Automated Guardrails:** CI blueprints include LLM-as-a-Judge flow using `pr-checklist.md`.
210
+ - **Pre-Publish Safety:** Built-in forbidden content checks detect hardcoded secrets and stray debugger artifacts before hitting the NPM registry.
209
211
  - **Machine-Readable CI Output:** LLM Judge emits `JSON_REPORT` payloads and writes `.agent-context/state/llm-judge-report.json` for PR/MR annotation tooling.
210
212
  - **MCP Self-Healing Loop:** `mcp.json` defines diagnostics + fix proposal workflow when lint/CI fails.
211
213
 
package/lib/cli/commands/init.mjs CHANGED
@@ -142,6 +142,14 @@ export function parseInitArguments(commandArguments) {
142
142
 
143
143
  export async function runInitCommand(targetDirectoryArgument, initOptions = {}) {
144
144
  const resolvedTargetDirectoryPath = path.resolve(targetDirectoryArgument || '.');
145
+
146
+ if (resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows' || resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows\\system32') {
147
+ console.error('\n[FATAL] Target directory resolved to a Windows system folder (C:\\Windows).');
148
+ console.error('If you are running Windows npm from inside WSL, this is caused by cmd.exe lacking UNC path support.');
149
+ console.error('Please install and use a native Linux Node.js/npm directly inside WSL to setup your project.');
150
+ process.exit(1);
151
+ }
152
+
145
153
  const setupStartedAt = Date.now();
146
154
  await ensureDirectory(resolvedTargetDirectoryPath);
147
155
 
package/lib/cli/commands/rollback.mjs CHANGED
@@ -15,6 +15,13 @@ export async function runRollbackCommand(commandArguments) {
15
15
  }
16
16
 
17
17
  const resolvedTargetDirectoryPath = path.resolve(targetDirectoryArgument);
18
+
19
+ if (resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows' || resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows\\system32') {
20
+ console.error('\n[FATAL] Target directory resolved to a Windows system folder (C:\\Windows).');
21
+ console.error('If you are running Windows npm from inside WSL, this is caused by cmd.exe lacking UNC path support.');
22
+ console.error('Please install and use a native Linux Node.js/npm directly inside WSL to setup your project.');
23
+ process.exit(1);
24
+ }
18
25
 
19
26
  try {
20
27
  await ensureDirectory(resolvedTargetDirectoryPath);
package/lib/cli/commands/upgrade.mjs CHANGED
@@ -69,6 +69,14 @@ export function parseUpgradeArguments(commandArguments) {
69
69
 
70
70
  export async function runUpgradeCommand(targetDirectoryArgument, upgradeOptions = {}) {
71
71
  const resolvedTargetDirectoryPath = path.resolve(targetDirectoryArgument || '.');
72
+
73
+ if (resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows' || resolvedTargetDirectoryPath.toLowerCase() === 'c:\\windows\\system32') {
74
+ console.error('\n[FATAL] Target directory resolved to a Windows system folder (C:\\Windows).');
75
+ console.error('If you are running Windows npm from inside WSL, this is caused by cmd.exe lacking UNC path support.');
76
+ console.error('Please install and use a native Linux Node.js/npm directly inside WSL to setup your project.');
77
+ process.exit(1);
78
+ }
79
+
72
80
  const setupStartedAt = Date.now();
73
81
  await ensureDirectory(resolvedTargetDirectoryPath);
74
82
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@ryuenn3123/agentic-senior-core",
3
- "version": "1.9.5",
3
+ "version": "2.0.1",
4
4
  "type": "module",
5
5
  "description": "Force your AI Agent to code like a Staff Engineer, not a Junior.",
6
6
  "bin": {
@@ -43,7 +43,8 @@
43
43
  "scripts": {
44
44
  "init": "node ./bin/agentic-senior-core.js init",
45
45
  "audit:frontend-usability": "node ./scripts/frontend-usability-audit.mjs",
46
- "gate:release": "node ./scripts/release-gate.mjs",
46
+ "gate:release": "node ./scripts/release-gate.mjs && node ./scripts/forbidden-content-check.mjs",
47
+ "prepublishOnly": "npm run gate:release",
47
48
  "sbom:generate": "node ./scripts/generate-sbom.mjs",
48
49
  "benchmark:detection": "node ./scripts/detection-benchmark.mjs",
49
50
  "benchmark:gate": "node ./scripts/benchmark-gate.mjs",
package/scripts/forbidden-content-check.mjs ADDED
@@ -0,0 +1,123 @@
1
+ import { readFileSync, statSync, readdirSync } from 'node:fs';
2
+ import { join, relative } from 'node:path';
3
+
4
+ const ROOT_DIR = process.cwd();
5
+
6
+ // Directories to aggressively scan before NPM publish
7
+ const SCAN_DIRECTORIES = [
8
+ 'lib',
9
+ 'bin',
10
+ 'scripts',
11
+ '.agent-context'
12
+ ];
13
+
14
+ const FORBIDDEN_PATTERNS = [
15
+ {
16
+ name: 'Hardcoded API Key',
17
+ regex: /api_?key\s*[:=]\s*['"][a-zA-Z0-9_\-]{16,}['"]/i,
18
+ suggestion: 'API Keys must be provided via environment variables (process.env) or config files, never hardcoded.'
19
+ },
20
+ {
21
+ name: 'Hardcoded Password',
22
+ regex: /password\s*[:=]\s*['"][^'"]+['"]/i,
23
+ suggestion: 'Passwords must be injected via secret managers or environment variables.'
24
+ },
25
+ {
26
+ name: 'Absolute Local Desktop Path',
27
+ regex: /file:\/\/\/?([c-zC-Z]:|\/Users\/|\/home\/)/,
28
+ suggestion: 'Do not commit local absolute file paths (e.g. file:///C:/Users). Use relative paths or process.cwd().'
29
+ },
30
+ {
31
+ name: 'Stray Breakpoint (debugger)',
32
+ regex: /\bdebugger\s*;?/,
33
+ suggestion: 'Remove debug breakpoints before publishing to production.'
34
+ }
35
+ ];
36
+
37
+ function scanFile(filePath) {
38
+ const content = readFileSync(filePath, 'utf8');
39
+ const lines = content.split('\n');
40
+ const violations = [];
41
+
42
+ for (let i = 0; i < lines.length; i++) {
43
+ const line = lines[i];
44
+
45
+ for (const pattern of FORBIDDEN_PATTERNS) {
46
+ if (pattern.regex.test(line)) {
47
+ violations.push({
48
+ line: i + 1,
49
+ content: line.trim().substring(0, 80), // truncate long lines
50
+ rule: pattern.name,
51
+ suggestion: pattern.suggestion
52
+ });
53
+ }
54
+ }
55
+ }
56
+
57
+ return violations;
58
+ }
59
+
60
+ function walkDirectory(dir, filePaths = []) {
61
+ try {
62
+ const entries = readdirSync(dir, { withFileTypes: true });
63
+
64
+ for (const entry of entries) {
65
+ const fullPath = join(dir, entry.name);
66
+
67
+ if (entry.isDirectory()) {
68
+ walkDirectory(fullPath, filePaths);
69
+ } else if (entry.isFile()) {
70
+ // Only scan source/docs, exclude markdown as it contains example anti-patterns
71
+ if (/\.(js|mjs|cjs|ts|json|yml|yaml)$/i.test(entry.name) && entry.name !== 'forbidden-content-check.mjs') {
72
+ filePaths.push(fullPath);
73
+ }
74
+ }
75
+ }
76
+ } catch (err) {
77
+ if (err.code !== 'ENOENT') {
78
+ console.error(`Error reading ${dir}: ${err.message}`);
79
+ }
80
+ }
81
+ return filePaths;
82
+ }
83
+
84
+ async function runCheck() {
85
+ console.log('Scanning for forbidden content (Publish Gate)...\n');
86
+
87
+ let totalViolations = 0;
88
+ const filesScanned = [];
89
+
90
+ for (const dirName of SCAN_DIRECTORIES) {
91
+ const targetDir = join(ROOT_DIR, dirName);
92
+ const files = walkDirectory(targetDir);
93
+
94
+ for (const file of files) {
95
+ filesScanned.push(file);
96
+ const violations = scanFile(file);
97
+
98
+ if (violations.length > 0) {
99
+ const relPath = relative(ROOT_DIR, file);
100
+ console.error(`\n❌ FORBIDDEN CONTENT DETECTED IN: ${relPath}`);
101
+
102
+ for (const v of violations) {
103
+ console.error(` Line ${v.line}: [${v.rule}]`);
104
+ console.error(` > ${v.content}`);
105
+ console.error(` Action required: ${v.suggestion}`);
106
+ totalViolations++;
107
+ }
108
+ }
109
+ }
110
+ }
111
+
112
+ console.log(`\nScanned ${filesScanned.length} files across ${SCAN_DIRECTORIES.length} source directories.`);
113
+
114
+ if (totalViolations > 0) {
115
+ console.error(`\n✖ PUBLISH ABORTED: Found ${totalViolations} forbidden content violation(s).`);
116
+ process.exit(1);
117
+ } else {
118
+ console.log('✔ Clean. No forbidden content detected.');
119
+ process.exit(0);
120
+ }
121
+ }
122
+
123
+ runCheck();