npm - @vibe-validate/config - Versions diffs - 0.10.3 → 0.12.0 - Mend

@vibe-validate/config 0.10.3 → 0.12.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (28) hide show

package/README.md +100 -166
package/dist/index.d.ts +17 -35
package/dist/index.d.ts.map +1 -1
package/dist/index.js +17 -37
package/dist/loader.d.ts +6 -46
package/dist/loader.d.ts.map +1 -1
package/dist/loader.js +30 -133
package/dist/schema.d.ts +168 -160
package/dist/schema.d.ts.map +1 -1
package/dist/schema.js +41 -51
package/package.json +9 -10
package/vibe-validate.schema.json +23 -61
package/LICENSE +0 -21
package/dist/define-config.d.ts +0 -49
package/dist/define-config.d.ts.map +0 -1
package/dist/define-config.js +0 -72
package/dist/presets/index.d.ts +0 -27
package/dist/presets/index.d.ts.map +0 -1
package/dist/presets/index.js +0 -36
package/dist/presets/typescript-library.d.ts +0 -9
package/dist/presets/typescript-library.d.ts.map +0 -1
package/dist/presets/typescript-library.js +0 -67
package/dist/presets/typescript-nodejs.d.ts +0 -9
package/dist/presets/typescript-nodejs.d.ts.map +0 -1
package/dist/presets/typescript-nodejs.js +0 -64
package/dist/presets/typescript-react.d.ts +0 -9
package/dist/presets/typescript-react.d.ts.map +0 -1
package/dist/presets/typescript-react.js +0 -73

package/dist/loader.js CHANGED Viewed

@@ -1,172 +1,69 @@
 /**
  * Configuration Loader
  *
- * Loads and resolves vibe-validate configuration from files,
- * including preset resolution and config extension.
- *
- * SECURITY MODEL:
- *
- * This loader executes user-provided configuration files as code (TypeScript/JavaScript)
- * or parses them as data (JSON). This is intentional and necessary for flexibility,
- * but has security implications:
- *
- * **Trust Boundary**: Configuration files are treated as TRUSTED CODE.
- * - Config files can execute arbitrary JavaScript/TypeScript
- * - Config files define shell commands that will be executed during validation
- * - Users MUST only use config files from trusted sources
- *
- * **No Sandboxing**: Configuration files run with full process permissions.
- * - They have access to the file system, network, environment variables
- * - They can import arbitrary npm packages
- * - They can modify process.env or global state
- *
- * **Security Responsibilities**:
- * - **Users**: Only use configs from trusted sources (own code, official presets)
- * - **Preset Authors**: Ensure presets don't execute untrusted commands
- * - **This Package**: Validate config schema, but cannot prevent malicious code execution
- *
- * **Mitigations**:
- * - Configuration schema validation (Zod) ensures structure is correct
- * - Git command injection prevention (array-based spawn, no shell)
- * - No automatic config downloads from remote sources
- * - Presets are vetted and included in this package
- *
- * See SECURITY.md for complete security considerations.
+ * Loads and resolves vibe-validate configuration from YAML files.
  */
 import { resolve, dirname } from 'path';
 import { readFileSync } from 'fs';
-import { pathToFileURL } from 'url';
-import { load as parseYaml } from 'js-yaml';
+import { parse as parseYaml } from 'yaml';
 import { validateConfig } from './schema.js';
-import { mergeConfig } from './define-config.js';
-import { getPreset } from './presets/index.js';
 /**
- * Configuration file names to search for (in order)
+ * Configuration file name
  *
- * YAML is the primary and recommended format.
- * .mjs is legacy (deprecated) - supported for migration only.
+ * Only YAML format is supported.
  */
-export const CONFIG_FILE_NAMES = [
-    'vibe-validate.config.yaml',
-    'vibe-validate.config.mjs', // DEPRECATED: Legacy format, will be removed in v1.0
-];
+export const CONFIG_FILE_NAME = 'vibe-validate.config.yaml';
 /**
  * Load configuration from a file path
  *
- * @param configPath - Absolute path to config file
+ * @param configPath - Absolute path to config file (must be .yaml)
  * @returns Loaded and validated configuration
  * @throws Error if file cannot be loaded or is invalid
  */
 export async function loadConfigFromFile(configPath) {
     const absolutePath = resolve(configPath);
-    // YAML files (primary format)
-    if (absolutePath.endsWith('.yaml')) {
-        const content = readFileSync(absolutePath, 'utf-8');
-        const raw = parseYaml(content);
-        // Remove $schema property if present (used for IDE support only)
-        if (raw && typeof raw === 'object' && '$schema' in raw) {
-            delete raw['$schema'];
-        }
-        return await resolveConfig(raw, dirname(absolutePath));
+    // Only YAML files supported
+    if (!absolutePath.endsWith('.yaml')) {
+        throw new Error(`Unsupported config file format: ${absolutePath}\n` +
+            `Only .yaml format is supported.\n` +
+            `Please use vibe-validate.config.yaml`);
     }
-    // Legacy .mjs files (DEPRECATED - will be removed in v1.0)
-    if (absolutePath.endsWith('.mjs')) {
-        console.warn('⚠️  WARNING: .mjs config format is deprecated and will be removed in v1.0');
-        console.warn('   Please migrate to vibe-validate.config.yaml');
-        console.warn('   Run: vibe-validate doctor for migration guidance\n');
-        const fileUrl = pathToFileURL(absolutePath).href;
-        const module = await import(fileUrl);
-        const raw = module.default || module;
-        return await resolveConfig(raw, dirname(absolutePath));
+    const content = readFileSync(absolutePath, 'utf-8');
+    const raw = parseYaml(content);
+    // Remove $schema property if present (used for IDE support only)
+    if (raw && typeof raw === 'object' && '$schema' in raw) {
+        delete raw['$schema'];
     }
-    throw new Error(`Unsupported config file format: ${absolutePath}\n` +
-        `Only .yaml and .mjs (deprecated) formats are supported.\n` +
-        `Please use vibe-validate.config.yaml`);
+    return await resolveConfig(raw, dirname(absolutePath));
 }
 /**
  * Find and load configuration from current working directory
  *
- * Searches for config files in order and loads the first one found.
+ * Searches for vibe-validate.config.yaml and loads it if found.
  *
  * @param cwd - Working directory to search (default: process.cwd())
  * @returns Loaded configuration or undefined if no config found
  */
 export async function findAndLoadConfig(cwd = process.cwd()) {
-    for (const fileName of CONFIG_FILE_NAMES) {
-        const configPath = resolve(cwd, fileName);
-        try {
-            return await loadConfigFromFile(configPath);
-        }
-        catch (_err) {
-            // File doesn't exist or can't be loaded - try next
-            continue;
-        }
+    const configPath = resolve(cwd, CONFIG_FILE_NAME);
+    try {
+        return await loadConfigFromFile(configPath);
+    }
+    catch (_err) {
+        return undefined;
     }
-    return undefined;
 }
 /**
- * Resolve configuration with preset and extends support
+ * Resolve and validate configuration
  *
  * @param raw - Raw configuration object
- * @param basePath - Base directory for resolving extends paths
- * @returns Resolved and validated configuration
+ * @param _basePath - Base directory (unused, kept for compatibility)
+ * @returns Validated configuration
  */
-async function resolveConfig(raw, basePath) {
+async function resolveConfig(raw, _basePath) {
     if (typeof raw !== 'object' || raw === null) {
         throw new Error('Configuration must be an object');
     }
-    const config = raw;
-    // Step 1: Resolve preset if specified
-    let baseConfig;
-    if (config.preset) {
-        baseConfig = getPreset(config.preset);
-        if (!baseConfig) {
-            throw new Error(`Unknown preset: ${config.preset}`);
-        }
-    }
-    // Step 2: Resolve extends if specified
-    if (config.extends) {
-        // Check if extends is a preset name or a file path
-        const extendedConfig = getPreset(config.extends);
-        if (extendedConfig) {
-            // It's a preset name
-            baseConfig = baseConfig
-                ? mergeConfig(baseConfig, extendedConfig)
-                : extendedConfig;
-        }
-        else {
-            // It's a file path - resolve relative to basePath
-            const extendsPath = resolve(basePath, config.extends);
-            const fileConfig = await loadConfigFromFile(extendsPath);
-            baseConfig = baseConfig
-                ? mergeConfig(baseConfig, fileConfig)
-                : fileConfig;
-        }
-    }
-    // Step 3: Merge user config with base
-    const finalConfig = baseConfig
-        ? mergeConfig(baseConfig, config)
-        : config;
-    // Step 4: Validate final configuration
-    return validateConfig(finalConfig);
-}
-/**
- * Load configuration with fallback to default preset
- *
- * Searches for config file, falls back to typescript-library preset if not found.
- *
- * @param cwd - Working directory (default: process.cwd())
- * @returns Configuration (user config or default preset)
- */
-export async function loadConfigWithFallback(cwd = process.cwd()) {
-    const config = await findAndLoadConfig(cwd);
-    if (config) {
-        return config;
-    }
-    // Fallback to default preset
-    const defaultPreset = getPreset('typescript-library');
-    if (!defaultPreset) {
-        throw new Error('Default preset not found');
-    }
-    return defaultPreset;
+    // Validate configuration
+    return validateConfig(raw);
 }