npm - @trohde/earos - Versions diffs - 1.2.0 → 1.3.0 - Mend

@trohde/earos 1.2.0 → 1.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (69) hide show

package/init.js CHANGED Viewed

@@ -240,15 +240,20 @@ function createIconAliases(iconsDir, extractedEntries, config) {
     let aliasCount = 0;
     const missingAliases = [];
     for (const spec of config.aliasSpecs) {
-        const bestCandidate = extractedEntries
-            .map((entry) => ({ entry, score: scoreAliasCandidate(entry, spec, config) }))
-            .filter((candidate) => Number.isFinite(candidate.score))
-            .sort((left, right) => right.score - left.score)[0];
-        if (!bestCandidate) {
+        let bestScore = Number.NEGATIVE_INFINITY;
+        let bestEntry = null;
+        for (const entry of extractedEntries) {
+            const score = scoreAliasCandidate(entry, spec, config);
+            if (score > bestScore) {
+                bestScore = score;
+                bestEntry = entry;
+            }
+        }
+        if (!bestEntry) {
             missingAliases.push(spec.alias);
             continue;
         }
-        copyFileSync(bestCandidate.entry.outputPath, join(aliasDir, `${spec.alias}.svg`));
+        copyFileSync(bestEntry.outputPath, join(aliasDir, `${spec.alias}.svg`));
         aliasCount += 1;
     }
     return { aliasCount, missingAliases };
@@ -309,16 +314,16 @@ export async function initWorkspace(targetDir, options = {}) {
     let iconDownloadSummary = '';
     if (options.downloadIcons) {
         const results = [];
-        for (const config of ICON_PACKAGES) {
-            try {
-                const result = await downloadIconPackage(target, config);
-                results.push(result);
-                if (result.missingAliases.length) {
-                    console.warn(`  Missing ${config.name} icon aliases: ${result.missingAliases.join(', ')}`);
+        const settled = await Promise.allSettled(ICON_PACKAGES.map(config => downloadIconPackage(target, config)));
+        for (const outcome of settled) {
+            if (outcome.status === 'fulfilled') {
+                results.push(outcome.value);
+                if (outcome.value.missingAliases.length) {
+                    console.warn(`  Missing ${outcome.value.name} icon aliases: ${outcome.value.missingAliases.join(', ')}`);
                 }
             }
-            catch (error) {
-                console.error(`  Failed to download ${config.name} icons: ${error.message}`);
+            else {
+                console.error(`  Failed to download icons: ${outcome.reason instanceof Error ? outcome.reason.message : String(outcome.reason)}`);
             }
         }
         if (results.length) {

package/manifest-cli.mjs CHANGED Viewed

@@ -1,10 +1,11 @@
 /**
- * EAROS Manifest CLI (compiled JS — do not edit; source is manifest-cli.ts)
+ * EAROS Manifest CLI
  *
  * Usage (via bin.js):
  *   earos manifest              # regenerate
  *   earos manifest add <file>   # add entry
- *   earos manifest check        # verify consistency
+ *   earos manifest check [--json]  # verify consistency
+ *   earos manifest list [--json]   # list manifest contents
  *
  * EAROS_REPO_ROOT env var is set by bin.js to the detected repo root.
  */
@@ -154,6 +155,7 @@ if (subCmd === 'check') {
     console.error('No earos.manifest.yaml found. Run `earos manifest` first.')
     process.exit(1)
   }
+  const jsonMode = subArgs.includes('--json')
   const errors = []
   const warnings = []
@@ -187,6 +189,11 @@ if (subCmd === 'check') {
     }
   }
+  if (jsonMode) {
+    process.stdout.write(JSON.stringify({ consistent: errors.length === 0, errors, warnings }, null, 2) + '\n')
+    process.exit(errors.length > 0 ? 1 : 0)
+  }
   if (errors.length === 0 && warnings.length === 0) {
     console.log('✓ Manifest is consistent with filesystem')
     process.exit(0)
@@ -202,6 +209,28 @@ if (subCmd === 'check') {
   process.exit(errors.length > 0 ? 1 : 0)
 }
+if (subCmd === 'list') {
+  const manifest = loadManifest()
+  if (!manifest) {
+    console.error('No earos.manifest.yaml found. Run `earos manifest` first.')
+    process.exit(1)
+  }
+  if (subArgs.includes('--json')) {
+    process.stdout.write(JSON.stringify(manifest, null, 2) + '\n')
+  } else {
+    const sections = ['core', 'profiles', 'overlays']
+    for (const section of sections) {
+      const entries = manifest[section] ?? []
+      if (entries.length === 0) continue
+      console.log(`\n${section}:`)
+      for (const e of entries) {
+        console.log(`  ${e.path}  ${e.rubric_id ?? ''}  ${e.title ?? ''}`)
+      }
+    }
+  }
+  process.exit(0)
+}
 console.error(`Unknown manifest subcommand: ${subCmd}`)
-console.error('Usage: earos manifest [generate|add <file>|check]')
+console.error('Usage: earos manifest [generate|add <file>|check|list]')
 process.exit(1)

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@trohde/earos",
-  "version": "1.2.0",
+  "version": "1.3.0",
   "description": "Schema-driven editor and CLI for EaROS architecture assessment rubrics and evaluations",
   "type": "module",
   "bin": {
@@ -27,6 +27,7 @@
     "serve.js",
     "init.js",
     "export-docx.js",
+    "utils/",
     "manifest-cli.mjs",
     "schemas/",
     "assets/",
@@ -58,7 +59,6 @@
     "express": "^4.22.1",
     "js-yaml": "^4.1.0",
     "jszip": "^3.10.1",
-    "mermaid": "^11.13.0",
     "open": "^10.1.0"
   },
   "devDependencies": {
@@ -76,6 +76,7 @@
     "@types/react-dom": "^18.3.1",
     "@vitejs/plugin-react": "^4.2.1",
     "esbuild": "^0.27.4",
+    "mermaid": "^11.13.0",
     "tsx": "^4.21.0",
     "typescript": "^5.4.5",
     "vite": "^5.2.8"

package/serve.js CHANGED Viewed

@@ -5,7 +5,7 @@
 import express from 'express';
 import { createServer } from 'http';
 import { readFileSync, writeFileSync, existsSync, readdirSync } from 'fs';
-import { resolve, dirname } from 'path';
+import { resolve, dirname, sep } from 'path';
 import { fileURLToPath } from 'url';
 import yaml from 'js-yaml';
 import open from 'open';
@@ -24,7 +24,7 @@ function findRepoRoot() {
 function safeRepoPath(repoRoot, rawPath) {
     const decoded = decodeURIComponent(rawPath);
     const abs = resolve(repoRoot, decoded);
-    if (!abs.startsWith(repoRoot))
+    if (abs !== repoRoot && !abs.startsWith(repoRoot + sep))
         return null;
     return abs;
 }
@@ -45,6 +45,8 @@ function findAvailablePort(preferred) {
         });
     });
 }
+let evalCache = null;
+const EVAL_CACHE_TTL = 5000;
 export async function startServer(fileArg) {
     const REPO_ROOT = findRepoRoot();
     const distDir = resolve(__dirname, 'dist');
@@ -53,7 +55,12 @@ export async function startServer(fileArg) {
         process.exit(1);
     }
     const app = express();
-    app.use(express.json({ limit: '25mb' }));
+    app.use(express.json({ limit: '1mb' }));
+    app.use((_req, res, next) => {
+        res.setHeader('X-Content-Type-Options', 'nosniff');
+        res.setHeader('X-Frame-Options', 'DENY');
+        next();
+    });
     // GET /api/manifest  or  GET /api/files
     const manifestHandler = (_req, res) => {
         const manifestPath = resolve(REPO_ROOT, 'earos.manifest.yaml');
@@ -84,19 +91,23 @@ export async function startServer(fileArg) {
         catch { /* skip unreadable dirs */ }
         return found;
     }
-    app.get('/api/evaluations', (_req, res) => {
+    function getCachedEvaluationFiles(repoRoot) {
+        if (evalCache && Date.now() - evalCache.ts < EVAL_CACHE_TTL)
+            return evalCache.files;
         const files = [];
         for (const dir of ['examples', 'evaluations']) {
-            files.push(...findEvaluationFiles(resolve(REPO_ROOT, dir), `${dir}/`));
+            files.push(...findEvaluationFiles(resolve(repoRoot, dir), `${dir}/`));
         }
+        evalCache = { files, ts: Date.now() };
+        return files;
+    }
+    app.get('/api/evaluations', (_req, res) => {
+        const files = getCachedEvaluationFiles(REPO_ROOT);
         res.json({ files });
     });
     // GET /api/evaluations/summary — lightweight metadata per evaluation file
     app.get('/api/evaluations/summary', (_req, res) => {
-        const files = [];
-        for (const dir of ['examples', 'evaluations']) {
-            files.push(...findEvaluationFiles(resolve(REPO_ROOT, dir), `${dir}/`));
-        }
+        const files = getCachedEvaluationFiles(REPO_ROOT);
         const summaries = files.map((f) => {
             const absPath = resolve(REPO_ROOT, f.path);
             try {
@@ -132,28 +143,38 @@ export async function startServer(fileArg) {
             res.json(yaml.load(readFileSync(absPath, 'utf8')));
         }
         catch (e) {
-            res.status(500).json({ error: String(e) });
+            console.error('[API error]', e);
+            res.status(500).json({ error: 'Internal server error' });
         }
     });
     // POST /api/file/:path
-    app.post('/api/file/*', (req, res) => {
+    app.post('/api/file/*', express.json({ limit: '5mb' }), (req, res) => {
         const rawPath = req.params[0];
         const absPath = safeRepoPath(REPO_ROOT, rawPath);
         if (!absPath) {
             res.status(403).json({ error: 'Path outside repo root' });
             return;
         }
+        if (!absPath.endsWith('.yaml') && !absPath.endsWith('.yml')) {
+            res.status(400).json({ error: 'Only YAML files can be written' });
+            return;
+        }
         try {
             const content = yaml.dump(req.body, { lineWidth: 120, noRefs: true });
             writeFileSync(absPath, content, 'utf8');
+            // Invalidate eval cache if writing an evaluation file
+            if (absPath.endsWith('.evaluation.yaml') || absPath.includes('/evaluations/')) {
+                evalCache = null;
+            }
             res.json({ ok: true });
         }
         catch (e) {
-            res.status(500).json({ error: String(e) });
+            console.error('[API error]', e);
+            res.status(500).json({ error: 'Internal server error' });
         }
     });
     // POST /api/export/docx  — generate a Word document from artifact JSON
-    app.post('/api/export/docx', async (req, res) => {
+    app.post('/api/export/docx', express.json({ limit: '25mb' }), async (req, res) => {
         try {
             const payload = req.body;
             const artifactData = payload?.artifactData ?? payload;
@@ -176,11 +197,12 @@ export async function startServer(fileArg) {
                 res.status(400).json({ error: message });
                 return;
             }
-            res.status(500).json({ error: message });
+            console.error('[API error]', e);
+            res.status(500).json({ error: 'Internal server error' });
         }
     });
     // POST /api/export/docx/rubric  — generate a Word document from rubric JSON
-    app.post('/api/export/docx/rubric', async (req, res) => {
+    app.post('/api/export/docx/rubric', express.json({ limit: '25mb' }), async (req, res) => {
         try {
             const data = req.body;
             if (!data || typeof data !== 'object') {
@@ -194,11 +216,12 @@ export async function startServer(fileArg) {
             res.send(buf);
         }
         catch (e) {
-            res.status(500).json({ error: e instanceof Error ? e.message : String(e) });
+            console.error('[API error]', e);
+            res.status(500).json({ error: 'Internal server error' });
         }
     });
     // POST /api/export/docx/evaluation  — generate a Word document from evaluation JSON
-    app.post('/api/export/docx/evaluation', async (req, res) => {
+    app.post('/api/export/docx/evaluation', express.json({ limit: '25mb' }), async (req, res) => {
         try {
             const data = req.body;
             if (!data || typeof data !== 'object') {
@@ -212,7 +235,8 @@ export async function startServer(fileArg) {
             res.send(buf);
         }
         catch (e) {
-            res.status(500).json({ error: e instanceof Error ? e.message : String(e) });
+            console.error('[API error]', e);
+            res.status(500).json({ error: 'Internal server error' });
         }
     });
     // Unknown API routes
@@ -228,7 +252,8 @@ export async function startServer(fileArg) {
         res.sendFile(resolve(distDir, 'index.html'));
     });
     const port = await findAvailablePort(process.env.PORT ? parseInt(process.env.PORT, 10) : 3000);
-    app.listen(port, () => {
+    const host = process.env.EAROS_HOST ?? '127.0.0.1';
+    app.listen(port, host, () => {
         const url = fileArg
             ? `http://localhost:${port}?file=${encodeURIComponent(fileArg)}`
             : `http://localhost:${port}`;