@therocketcode/gsd-core 1.4.0

package/scripts/mutation-matrix.cjs

@@ -0,0 +1,222 @@
+#!/usr/bin/env node
+'use strict';
+
+/**
+ * scripts/mutation-matrix.cjs
+ *
+ * Single source of truth for the ADR-457 Stryker mutation gate dynamic matrix.
+ *
+ * Computes which covered modules changed vs a base ref and emits a GitHub
+ * Actions matrix JSON so CI can run one Stryker shard per changed module in
+ * parallel rather than a single serial run over all modules.
+ *
+ * Usage:
+ *   node scripts/mutation-matrix.cjs --base origin/next
+ *   printf 'src/config-schema.cts\n' | node scripts/mutation-matrix.cjs
+ *   node scripts/mutation-matrix.cjs --base origin/next --print
+ *
+ * Output (stdout, default): JSON object
+ *   {
+ *     "has_work": "true"|"false",
+ *     "matrix": {
+ *       "include": [
+ *         { "name": "<module>", "mutate": "gsd-core/bin/lib/<module>.cjs", "tests": "<space-joined test files>" },
+ *         ...
+ *       ]
+ *     }
+ *   }
+ *
+ * Exit codes: 0 always (empty matrix is not an error, has_work "false").
+ */
+
+const { execFileSync } = require('child_process');
+const { readFileSync } = require('fs');
+
+const { ExitError, runMain } = require('./lib/cli-exit.cjs');
+
+// ── Single source of truth: covered modules ───────────────────────────────────
+// Each entry: { cjs: '<built artifact>', tests: ['tests/...', ...] }
+// A module is "covered" iff its tests are wired into the Stryker command runner
+// (stryker.config.mjs commandRunner.command). Mutating an uncovered module can
+// only ever produce survived mutants — so we scope strictly to these 6.
+const COVERED = {
+  'context-utilization': {
+    cjs: 'gsd-core/bin/lib/context-utilization.cjs',
+    tests: [
+      'tests/context-utilization.property.test.cjs',
+    ],
+  },
+  'prompt-budget': {
+    cjs: 'gsd-core/bin/lib/prompt-budget.cjs',
+    tests: [
+      'tests/prompt-budget.property.test.cjs',
+      'tests/prompt-budget.unit.test.cjs',
+    ],
+  },
+  frontmatter: {
+    cjs: 'gsd-core/bin/lib/frontmatter.cjs',
+    tests: [
+      'tests/frontmatter.property.test.cjs',
+      'tests/frontmatter.unit.test.cjs',
+    ],
+  },
+  'adr-parser': {
+    cjs: 'gsd-core/bin/lib/adr-parser.cjs',
+    tests: [
+      'tests/adr-parser.property.test.cjs',
+      'tests/adr-parser.test.cjs',
+      'tests/adr-parser.unit.test.cjs',
+    ],
+  },
+  'config-schema': {
+    cjs: 'gsd-core/bin/lib/config-schema.cjs',
+    tests: [
+      'tests/config-schema.property.test.cjs',
+    ],
+  },
+  'active-workstream-store': {
+    cjs: 'gsd-core/bin/lib/active-workstream-store.cjs',
+    tests: [
+      'tests/active-workstream-store.test.cjs',
+      'tests/active-workstream-store.unit.test.cjs',
+    ],
+  },
+};
+
+// ── Files that, when changed, invalidate ALL modules ─────────────────────────
+// Changes to the Stryker config, this script itself, or any covered test file
+// affect all mutation scores and must force a full re-run.
+const GLOBAL_TRIGGERS = new Set([
+  'stryker.config.mjs',
+  'scripts/mutation-matrix.cjs',
+]);
+
+// Also flag all test files that belong to any covered module as global triggers.
+for (const mod of Object.values(COVERED)) {
+  for (const t of mod.tests) {
+    GLOBAL_TRIGGERS.add(t);
+  }
+}
+
+// ── Argument parsing ──────────────────────────────────────────────────────────
+function parseArgs(argv) {
+  const out = { base: null, print: false };
+  for (let i = 0; i < argv.length; i++) {
+    const arg = argv[i];
+    if (arg === '--base') {
+      out.base = argv[++i];
+      if (!out.base || out.base.startsWith('--')) {
+        throw new Error('--base requires a value');
+      }
+    } else if (arg.startsWith('--base=')) {
+      out.base = arg.slice('--base='.length);
+      if (!out.base) throw new Error('--base requires a value');
+    } else if (arg === '--print') {
+      out.print = true;
+    } else if (arg === '--help' || arg === '-h') {
+      console.log([
+        'Usage:',
+        '  node scripts/mutation-matrix.cjs --base <ref> [--print]',
+        '  printf "src/foo.cts\\n" | node scripts/mutation-matrix.cjs [--print]',
+        '',
+        'Options:',
+        '  --base <ref>   Git ref to diff against (default: origin/${GITHUB_BASE_REF:-next})',
+        '  --print        Human-readable output instead of JSON',
+      ].join('\n'));
+      throw new ExitError(0);
+    } else {
+      throw new Error(`unknown argument: ${arg}`);
+    }
+  }
+  return out;
+}
+
+// ── Changed-file resolution ───────────────────────────────────────────────────
+function resolveChangedFiles(args) {
+  // When --base is provided, always use git diff (regardless of stdin).
+  // When --base is absent AND stdin is not a TTY (isTTY is falsy / undefined),
+  // read a newline-delimited file list from stdin.
+  if (!args.base && process.stdin.isTTY !== true) {
+    const raw = readFileSync(process.stdin.fd, 'utf8');
+    return raw.split('\n').map(l => l.trim()).filter(Boolean);
+  }
+
+  // Otherwise (--base given, or stdin is a real TTY), diff against the base ref.
+  const defaultBase = `origin/${process.env.GITHUB_BASE_REF || 'next'}`;
+  const base = args.base || defaultBase;
+  const stdout = execFileSync('git', ['diff', '--name-only', `${base}...HEAD`], {
+    encoding: 'utf8',
+  });
+  return stdout.split('\n').map(l => l.trim()).filter(Boolean);
+}
+
+// ── Module classification ─────────────────────────────────────────────────────
+function computeMatrix(changedFiles) {
+  // Check for global triggers first — if any hit, include every covered module.
+  const allModuleNames = Object.keys(COVERED);
+  for (const f of changedFiles) {
+    if (GLOBAL_TRIGGERS.has(f)) {
+      return allModuleNames;
+    }
+  }
+
+  // Otherwise find which modules have their src/*.cts changed.
+  const changed = new Set();
+  for (const f of changedFiles) {
+    // Match src/<module>.cts (top-level src/, not nested)
+    const m = f.match(/^src\/([^/]+)\.cts$/);
+    if (m && COVERED[m[1]]) {
+      changed.add(m[1]);
+    }
+  }
+  return [...changed];
+}
+
+// ── Output formatting ─────────────────────────────────────────────────────────
+function buildResult(moduleNames) {
+  const include = moduleNames.map(name => ({
+    name,
+    mutate: COVERED[name].cjs,
+    tests: COVERED[name].tests.join(' '),
+  }));
+
+  return {
+    has_work: include.length > 0 ? 'true' : 'false',
+    matrix: { include },
+  };
+}
+
+function printHuman(result, changedFiles) {
+  console.log(`Changed files (${changedFiles.length}):`);
+  for (const f of changedFiles) console.log(`  ${f}`);
+  console.log('');
+  console.log(`has_work: ${result.has_work}`);
+  console.log(`Shards (${result.matrix.include.length}):`);
+  for (const shard of result.matrix.include) {
+    console.log(`  [${shard.name}]`);
+    console.log(`    mutate: ${shard.mutate}`);
+    console.log(`    tests:  ${shard.tests}`);
+  }
+}
+
+// ── Main ──────────────────────────────────────────────────────────────────────
+function main() {
+  try {
+    const args = parseArgs(process.argv.slice(2));
+    const changedFiles = resolveChangedFiles(args);
+    const moduleNames = computeMatrix(changedFiles);
+    const result = buildResult(moduleNames);
+
+    if (args.print) {
+      printHuman(result, changedFiles);
+    } else {
+      console.log(JSON.stringify(result, null, 2));
+    }
+  } catch (err) {
+    if (err instanceof ExitError) throw err;
+    console.error(`mutation-matrix: ${err.message}`);
+    throw new ExitError(2);
+  }
+}
+
+runMain(main);

package/scripts/pr-template-policy.cjs

@@ -0,0 +1,268 @@
+#!/usr/bin/env node
+
+const { matchesGlob } = require('path');
+
+const TRUSTED_AUTHOR_ASSOCIATIONS = new Set([
+  'CONTRIBUTOR',
+  'COLLABORATOR',
+  'MEMBER',
+  'OWNER',
+]);
+
+const DEFAULT_TEMPLATE_MARKERS = [
+  'Wrong template',
+  'Every PR must use a typed template',
+  'Select the template that matches your PR',
+];
+
+/**
+ * Glob patterns for files that are considered CI/tooling/docs scope.
+ * If ALL changed files in a PR match at least one of these patterns,
+ * template enforcement is skipped automatically.
+ */
+const TOOLING_PATH_ALLOWLIST = [
+  '.github/**',
+  'scripts/**',
+  'docs/**',
+  '*.md',
+  '.changeset/**',
+  'package.json',
+  'package-lock.json',
+  'pnpm-lock.yaml',
+  'yarn.lock',
+  'Pipfile',
+  'Pipfile.lock',
+  'requirements.txt',
+  'requirements*.txt',
+  'poetry.lock',
+  'Gemfile',
+  'Gemfile.lock',
+  'go.sum',
+  'go.mod',
+];
+
+/**
+ * Matches an explicit PR-template exemption marker of the form:
+ *   <!-- pr-template-exempt: <non-empty reason> -->
+ *
+ * Capture group 1 is the reason (trimmed). Empty/whitespace-only reasons
+ * do NOT match because the pattern requires at least one non-whitespace
+ * character in the captured body.
+ */
+const EXEMPT_MARKER_REGEX = /<!--\s*pr-template-exempt:\s*([\s\S]*?\S)\s*-->/;
+
+const TEMPLATES = [
+  {
+    name: 'fix',
+    heading: 'Fix PR',
+    requiredHeadings: [
+      'Fix PR',
+      'Linked Issue',
+      'What was broken',
+      'What this fix does',
+      'Testing',
+      'Checklist',
+    ],
+  },
+  {
+    name: 'enhancement',
+    heading: 'Enhancement PR',
+    requiredHeadings: [
+      'Enhancement PR',
+      'Linked Issue',
+      'What this enhancement improves',
+      'Before / After',
+      'How it was implemented',
+      'Testing',
+      'Scope confirmation',
+      'Checklist',
+    ],
+  },
+  {
+    name: 'feature',
+    heading: 'Feature PR',
+    requiredHeadings: [
+      'Feature PR',
+      'Linked Issue',
+      'Feature summary',
+      'What changed',
+      'Implementation notes',
+      'Spec compliance',
+      'Testing',
+      'Scope confirmation',
+      'Checklist',
+    ],
+  },
+];
+
+function stripMarkdownDecoration(value) {
+  return value
+    .replace(/^\s*#+\s*/, '')
+    .replace(/\s*#+\s*$/, '')
+    .replace(/\*\*/g, '')
+    .trim()
+    .toLowerCase();
+}
+
+function extractHeadings(body) {
+  const headings = new Set();
+  for (const line of String(body || '').split(/\r?\n/)) {
+    if (/^\s*#{1,6}\s+\S/.test(line)) {
+      headings.add(stripMarkdownDecoration(line));
+    }
+  }
+  return headings;
+}
+
+function includesDefaultTemplate(body) {
+  const text = String(body || '').toLowerCase();
+  return DEFAULT_TEMPLATE_MARKERS.some((marker) => text.includes(marker.toLowerCase()));
+}
+
+function matchingTemplate(body) {
+  const headings = extractHeadings(body);
+  for (const template of TEMPLATES) {
+    if (!headings.has(stripMarkdownDecoration(template.heading))) continue;
+    const missingHeadings = template.requiredHeadings.filter((heading) => {
+      return !headings.has(stripMarkdownDecoration(heading));
+    });
+    return {
+      template: template.name,
+      missingHeadings,
+    };
+  }
+  return {
+    template: null,
+    missingHeadings: [],
+  };
+}
+
+/**
+ * Returns true iff every path in changedFiles matches at least one glob
+ * pattern in the allowlist. Returns false for an empty file list (no
+ * files means we cannot confirm it is a tooling-only PR).
+ */
+function allPathsAreTooling(changedFiles, allowlist) {
+  if (!Array.isArray(changedFiles) || changedFiles.length === 0) return false;
+  return changedFiles.every((file) =>
+    allowlist.some((pattern) => matchesGlob(file, pattern)),
+  );
+}
+
+/**
+ * Returns true iff the body contains an explicit exemption marker with a
+ * non-empty (non-whitespace) reason.
+ */
+function hasExemptMarker(body, regex) {
+  const match = regex.exec(String(body || ''));
+  if (!match) return false;
+  return match[1].trim().length > 0;
+}
+
+function evaluatePrTemplate(body, authorAssociation, changedFiles) {
+  const association = String(authorAssociation || '').toUpperCase();
+  const trusted = TRUSTED_AUTHOR_ASSOCIATIONS.has(association);
+  const normalizedBody = String(body || '').trim();
+
+  // --- Carve-out 1: all changed files are in the tooling allowlist ---
+  if (allPathsAreTooling(changedFiles, TOOLING_PATH_ALLOWLIST)) {
+    return {
+      valid: true,
+      action: 'pass',
+      trusted,
+      authorAssociation: association || 'UNKNOWN',
+      template: null,
+      reason: null,
+      missingHeadings: [],
+      skipped: 'tooling-paths',
+    };
+  }
+
+  // --- Carve-out 2: explicit exemption marker in the PR body ---
+  if (hasExemptMarker(normalizedBody, EXEMPT_MARKER_REGEX)) {
+    return {
+      valid: true,
+      action: 'pass',
+      trusted,
+      authorAssociation: association || 'UNKNOWN',
+      template: null,
+      reason: null,
+      missingHeadings: [],
+      skipped: 'exempt-marker',
+    };
+  }
+
+  let valid = true;
+  let reason = 'PR body uses a typed pull request template.';
+  let template = null;
+  let missingHeadings = [];
+
+  if (!normalizedBody) {
+    valid = false;
+    reason = 'PR body is empty; a typed pull request template is required.';
+  } else {
+    const match = matchingTemplate(normalizedBody);
+    template = match.template;
+    missingHeadings = match.missingHeadings;
+    if (template && missingHeadings.length === 0) {
+      valid = true;
+    } else if (template && missingHeadings.length > 0) {
+      valid = false;
+      reason = `PR body appears to use the ${template} template but is missing required headings.`;
+    } else if (includesDefaultTemplate(normalizedBody)) {
+      valid = false;
+      reason = 'PR body still contains the default wrong-template guidance.';
+    } else {
+      valid = false;
+      reason = 'PR body does not match the fix, enhancement, or feature template.';
+    }
+  }
+
+  let action = 'pass';
+  if (!valid) {
+    action = trusted ? 'warn' : 'close';
+  }
+
+  return {
+    valid,
+    action,
+    trusted,
+    authorAssociation: association || 'UNKNOWN',
+    template,
+    reason,
+    missingHeadings,
+  };
+}
+
+function main() {
+  const changedFiles = process.env.CHANGED_FILES
+    ? process.env.CHANGED_FILES.split('\n').map((f) => f.trim()).filter(Boolean)
+    : undefined;
+  const result = evaluatePrTemplate(
+    process.env.PR_BODY || '',
+    process.env.AUTHOR_ASSOCIATION || '',
+    changedFiles,
+  );
+  process.stdout.write(`${JSON.stringify(result)}\n`);
+  if (process.env.GITHUB_OUTPUT) {
+    const fs = require('fs');
+    fs.appendFileSync(process.env.GITHUB_OUTPUT, `result=${JSON.stringify(result)}\n`);
+    fs.appendFileSync(process.env.GITHUB_OUTPUT, `action=${result.action}\n`);
+    fs.appendFileSync(process.env.GITHUB_OUTPUT, `valid=${result.valid ? 'true' : 'false'}\n`);
+  }
+}
+
+if (require.main === module) {
+  main();
+}
+
+module.exports = {
+  evaluatePrTemplate,
+  extractHeadings,
+  includesDefaultTemplate,
+  matchingTemplate,
+  allPathsAreTooling,
+  hasExemptMarker,
+  TOOLING_PATH_ALLOWLIST,
+  EXEMPT_MARKER_REGEX,
+};

package/scripts/prompt-injection-scan.sh

@@ -0,0 +1,207 @@
+#!/usr/bin/env bash
+# prompt-injection-scan.sh — Scan files for prompt injection patterns
+#
+# Usage:
+#   scripts/prompt-injection-scan.sh --diff origin/main   # CI mode: scan changed .md files
+#   scripts/prompt-injection-scan.sh --file path/to/file   # Scan a single file
+#   scripts/prompt-injection-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+# ─── Patterns ────────────────────────────────────────────────────────────────
+# Each pattern is a POSIX extended regex. Keep alphabetized by category.
+
+PATTERNS=(
+  # Instruction override
+  'ignore[[:space:]]+(all[[:space:]]+)?(previous|prior|above|earlier|preceding)[[:space:]]+(instructions|prompts|rules|directives|context)'
+  'disregard[[:space:]]+(all[[:space:]]+)?(previous|prior|above)[[:space:]]+(instructions|prompts|rules)'
+  'forget[[:space:]]+(all[[:space:]]+)?(previous|prior|above)[[:space:]]+(instructions|prompts|rules|context)'
+  'override[[:space:]]+(all[[:space:]]+)?(system|previous|safety)[[:space:]]+(instructions|prompts|rules|checks|filters|guards)'
+  'override[[:space:]]+(system|safety|security)[[:space:]]'
+
+  # Role manipulation
+  'you[[:space:]]+are[[:space:]]+now[[:space:]]+(a|an|my)[[:space:]]'
+  'from[[:space:]]+now[[:space:]]+on[[:space:]]+(you|pretend|act|behave)'
+  'pretend[[:space:]]+(you[[:space:]]+are|to[[:space:]]+be)[[:space:]]'
+  'act[[:space:]]+as[[:space:]]+(a|an|if|my)[[:space:]]'
+  'roleplay[[:space:]]+as[[:space:]]'
+  'assume[[:space:]]+the[[:space:]]+role[[:space:]]+of[[:space:]]'
+
+  # System prompt extraction
+  'output[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'reveal[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'show[[:space:]]+me[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'print[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'what[[:space:]]+(is|are)[[:space:]]+(your|the)[[:space:]]+(system[[:space:]]+)?(prompt|instructions)'
+  'repeat[[:space:]]+(your|the|all)[[:space:]]+(system[[:space:]]+)?(prompt|instructions|rules)'
+
+  # Fake message boundaries
+  '</?system>'
+  '</?assistant>'
+  '</?human>'
+  '\[SYSTEM\]'
+  '\[/SYSTEM\]'
+  '\[INST\]'
+  '\[/INST\]'
+  '<<SYS>>'
+  '<</SYS>>'
+
+  # Tool call injection / code execution in markdown
+  'eval[[:space:]]*\([[:space:]]*["\x27]'
+  'exec[[:space:]]*\([[:space:]]*["\x27]'
+  'Function[[:space:]]*\([[:space:]]*["\x27].*return'
+
+  # Jailbreak / DAN patterns
+  'do[[:space:]]+anything[[:space:]]+now'
+  'DAN[[:space:]]+mode'
+  'developer[[:space:]]+mode[[:space:]]+(enabled|output|activated)'
+  'jailbreak'
+  'bypass[[:space:]]+(safety|content|security)[[:space:]]+(filter|check|rule|guard)'
+)
+
+# ─── Allowlist ───────────────────────────────────────────────────────────────
+# Files that legitimately discuss injection patterns (security docs, tests, this script)
+ALLOWLIST=(
+  'scripts/prompt-injection-scan.sh'
+  'scripts/base64-scan.sh'
+  'scripts/secret-scan.sh'
+  'tests/security-scan.test.cjs'
+  'tests/security.test.cjs'
+  'tests/prompt-injection-scan.test.cjs'
+  'tests/verify.test.cjs'
+  'gsd-core/bin/lib/security.cjs'
+  'hooks/gsd-prompt-guard.js'
+  'hooks/gsd-read-injection-scanner.js'
+  'tests/read-injection-scanner.test.cjs'
+  'tests/security-prompt-injection.test.cjs'
+  'tests/fixtures/adversarial/security/'
+  'SECURITY.md'
+  # These files contain intentional injection examples / security-model prose
+  # and are not attack vectors — they explain/demonstrate injection patterns.
+  'TEST-EXAMPLES.md'
+  'explanation/security-model.md'
+)
+
+is_allowlisted() {
+  local file="$1"
+  for allowed in "${ALLOWLIST[@]}"; do
+    if [[ "$file" == *"$allowed"* ]]; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      # Get changed files in the diff, filter to scannable extensions
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -E '\.(md|cjs|js|json|yml|yaml|sh)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f \( -name '*.md' -o -name '*.cjs' -o -name '*.js' -o -name '*.json' -o -name '*.yml' -o -name '*.yaml' -o -name '*.sh' \) \
+        ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+scan_file() {
+  local file="$1"
+  local found=0
+
+  if is_allowlisted "$file"; then
+    return 0
+  fi
+
+  for pattern in "${PATTERNS[@]}"; do
+    # Use grep -iE for case-insensitive extended regex
+    # -n for line numbers, -c for count mode first to check
+    local matches
+    matches=$(grep -inE -e "$pattern" "$file" 2>/dev/null || true)
+    if [[ -n "$matches" ]]; then
+      if [[ $found -eq 0 ]]; then
+        echo "FAIL: $file"
+        found=1
+      fi
+      echo "$matches" | while IFS= read -r line; do
+        echo "  $line"
+      done
+    fi
+  done
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "prompt-injection-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    total=$((total + 1))
+    if ! scan_file "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "prompt-injection-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"