@wipcomputer/wip-ai-devops-toolbox 1.9.20

package/tools/wip-license-hook/dist/core/scanner.js

@@ -0,0 +1,325 @@
+/**
+ * Scanner — detects dependencies and their licenses across package managers.
+ * Supports: npm, pip, cargo, go modules. Works offline.
+ */
+import { readFileSync, existsSync } from "node:fs";
+import { join } from "node:path";
+import { execSync } from "node:child_process";
+import { detectLicenseFromText, normalizeSpdx } from "./detector.js";
+import { readLedger, writeLedger, upsertEntry, findEntry, addAlert, archiveSnapshot, hasLicenseChanged, } from "./ledger.js";
+// ─── License file discovery ───
+const LICENSE_NAMES = ["LICENSE", "LICENSE.md", "LICENSE.txt", "LICENCE", "COPYING", "COPYING.md"];
+export function findLicenseFile(dir) {
+    for (const name of LICENSE_NAMES) {
+        const p = join(dir, name);
+        if (existsSync(p))
+            return p;
+    }
+    return null;
+}
+export function readLicenseFromDir(dir) {
+    const p = findLicenseFile(dir);
+    if (!p)
+        return null;
+    const text = readFileSync(p, "utf-8");
+    return { license: detectLicenseFromText(text), text };
+}
+// ─── Package manager detection ───
+function detectPackageManagers(repoRoot) {
+    const types = [];
+    if (existsSync(join(repoRoot, "package.json")))
+        types.push("npm");
+    if (existsSync(join(repoRoot, "requirements.txt")) || existsSync(join(repoRoot, "Pipfile")) || existsSync(join(repoRoot, "pyproject.toml")))
+        types.push("pip");
+    if (existsSync(join(repoRoot, "Cargo.toml")))
+        types.push("cargo");
+    if (existsSync(join(repoRoot, "go.mod")))
+        types.push("go");
+    return types;
+}
+// ─── npm scanning ───
+function scanNpmDeps(repoRoot, offline) {
+    const results = [];
+    const pkgPath = join(repoRoot, "package.json");
+    if (!existsSync(pkgPath))
+        return results;
+    const pkg = JSON.parse(readFileSync(pkgPath, "utf-8"));
+    const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+    for (const [name, _version] of Object.entries(allDeps)) {
+        let detectedLicense = "UNKNOWN";
+        let licenseText;
+        // Check node_modules first (works offline)
+        const modDir = join(repoRoot, "node_modules", name);
+        if (existsSync(modDir)) {
+            const fromFile = readLicenseFromDir(modDir);
+            if (fromFile) {
+                detectedLicense = fromFile.license;
+                licenseText = fromFile.text;
+            }
+            // Also check package.json license field
+            const modPkg = join(modDir, "package.json");
+            if (existsSync(modPkg) && detectedLicense === "UNKNOWN") {
+                try {
+                    const modMeta = JSON.parse(readFileSync(modPkg, "utf-8"));
+                    if (modMeta.license)
+                        detectedLicense = normalizeSpdx(modMeta.license);
+                }
+                catch { /* skip */ }
+            }
+        }
+        // Try npm view if online and still unknown
+        if (detectedLicense === "UNKNOWN" && !offline) {
+            try {
+                const out = execSync(`npm view ${name} license 2>/dev/null`, { encoding: "utf-8", timeout: 10000 }).trim();
+                if (out)
+                    detectedLicense = normalizeSpdx(out);
+            }
+            catch { /* offline or not found */ }
+        }
+        results.push({
+            name,
+            source: `npm:${name}`,
+            type: "npm",
+            detectedLicense,
+            licenseText,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── pip scanning ───
+function parsePipDeps(repoRoot) {
+    const names = [];
+    const reqPath = join(repoRoot, "requirements.txt");
+    if (existsSync(reqPath)) {
+        const lines = readFileSync(reqPath, "utf-8").split("\n");
+        for (const line of lines) {
+            const trimmed = line.trim();
+            if (!trimmed || trimmed.startsWith("#") || trimmed.startsWith("-"))
+                continue;
+            const name = trimmed.split(/[=<>!~\[]/)[0].trim();
+            if (name)
+                names.push(name);
+        }
+    }
+    return names;
+}
+function scanPipDeps(repoRoot, offline) {
+    const deps = parsePipDeps(repoRoot);
+    const results = [];
+    for (const name of deps) {
+        let detectedLicense = "UNKNOWN";
+        if (!offline) {
+            try {
+                const out = execSync(`pip show ${name} 2>/dev/null`, { encoding: "utf-8", timeout: 10000 });
+                const match = out.match(/^License:\s*(.+)$/m);
+                if (match)
+                    detectedLicense = normalizeSpdx(match[1]);
+            }
+            catch { /* skip */ }
+        }
+        results.push({
+            name,
+            source: `pip:${name}`,
+            type: "pip",
+            detectedLicense,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── cargo scanning ───
+function scanCargoDeps(repoRoot, offline) {
+    const results = [];
+    const cargoPath = join(repoRoot, "Cargo.toml");
+    if (!existsSync(cargoPath))
+        return results;
+    const content = readFileSync(cargoPath, "utf-8");
+    const depSection = content.match(/\[dependencies\]([\s\S]*?)(\[|$)/);
+    if (!depSection)
+        return results;
+    const lines = depSection[1].split("\n");
+    for (const line of lines) {
+        const match = line.match(/^(\S+)\s*=/);
+        if (!match)
+            continue;
+        const name = match[1];
+        let detectedLicense = "UNKNOWN";
+        if (!offline) {
+            try {
+                const out = execSync(`cargo info ${name} 2>/dev/null`, { encoding: "utf-8", timeout: 10000 });
+                const lMatch = out.match(/license:\s*(.+)/i);
+                if (lMatch)
+                    detectedLicense = normalizeSpdx(lMatch[1]);
+            }
+            catch { /* skip */ }
+        }
+        results.push({
+            name,
+            source: `cargo:${name}`,
+            type: "cargo",
+            detectedLicense,
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── go scanning ───
+function scanGoDeps(repoRoot, _offline) {
+    const results = [];
+    const goModPath = join(repoRoot, "go.mod");
+    if (!existsSync(goModPath))
+        return results;
+    const content = readFileSync(goModPath, "utf-8");
+    const requireBlock = content.match(/require\s*\(([\s\S]*?)\)/);
+    const lines = requireBlock ? requireBlock[1].split("\n") : [];
+    // Also handle single-line requires
+    const singleRequires = content.match(/^require\s+(\S+)\s+/gm) ?? [];
+    for (const sr of singleRequires) {
+        const m = sr.match(/^require\s+(\S+)/);
+        if (m)
+            lines.push(m[1]);
+    }
+    for (const line of lines) {
+        const trimmed = line.trim();
+        if (!trimmed || trimmed.startsWith("//"))
+            continue;
+        const parts = trimmed.split(/\s+/);
+        const name = parts[0];
+        if (!name || name.startsWith(")"))
+            continue;
+        results.push({
+            name,
+            source: `go:${name}`,
+            type: "go",
+            detectedLicense: "UNKNOWN", // Go modules need network for license check
+            wasChanged: false,
+            isNew: true,
+        });
+    }
+    return results;
+}
+// ─── Fork/upstream scanning ───
+function scanUpstreamLicense(repoRoot, offline) {
+    // Check if there's an upstream remote
+    try {
+        const remote = execSync("git remote get-url upstream 2>/dev/null", {
+            cwd: repoRoot, encoding: "utf-8", timeout: 5000
+        }).trim();
+        if (!remote)
+            return null;
+        // Fetch upstream (if online)
+        if (!offline) {
+            try {
+                execSync("git fetch upstream --quiet 2>/dev/null", { cwd: repoRoot, timeout: 30000 });
+            }
+            catch { /* offline, use cached */ }
+        }
+        // Try to read LICENSE from upstream/main or upstream/master
+        for (const branch of ["upstream/main", "upstream/master"]) {
+            try {
+                const text = execSync(`git show ${branch}:LICENSE 2>/dev/null`, {
+                    cwd: repoRoot, encoding: "utf-8", timeout: 5000
+                });
+                if (text) {
+                    const license = detectLicenseFromText(text);
+                    return {
+                        name: "upstream",
+                        source: remote,
+                        type: "fork",
+                        detectedLicense: license,
+                        licenseText: text,
+                        wasChanged: false,
+                        isNew: true,
+                    };
+                }
+            }
+            catch { /* try next branch */ }
+        }
+    }
+    catch { /* no upstream remote */ }
+    return null;
+}
+// ─── Main scan ───
+export function scanAll(opts) {
+    const { repoRoot, offline = false } = opts;
+    const managers = detectPackageManagers(repoRoot);
+    const results = [];
+    // Always check upstream fork
+    const upstream = scanUpstreamLicense(repoRoot, offline);
+    if (upstream)
+        results.push(upstream);
+    if (managers.includes("npm"))
+        results.push(...scanNpmDeps(repoRoot, offline));
+    if (managers.includes("pip"))
+        results.push(...scanPipDeps(repoRoot, offline));
+    if (managers.includes("cargo"))
+        results.push(...scanCargoDeps(repoRoot, offline));
+    if (managers.includes("go"))
+        results.push(...scanGoDeps(repoRoot, offline));
+    return results;
+}
+/**
+ * Run a full scan and update the ledger. Returns results with change detection.
+ */
+export function scanAndUpdate(opts) {
+    const { repoRoot } = opts;
+    const ledger = readLedger(repoRoot);
+    const results = scanAll(opts);
+    const today = new Date().toISOString().slice(0, 10);
+    for (const result of results) {
+        const existing = findEntry(ledger, result.name);
+        if (existing) {
+            result.isNew = false;
+            existing.license_current = result.detectedLicense;
+            existing.last_checked = today;
+            if (hasLicenseChanged(existing)) {
+                existing.status = "changed";
+                result.wasChanged = true;
+                addAlert(ledger, result.name, existing.license_at_adoption, result.detectedLicense);
+            }
+            else {
+                existing.status = "clean";
+            }
+            upsertEntry(ledger, existing);
+        }
+        else {
+            // New dependency
+            const entry = {
+                name: result.name,
+                source: result.source,
+                type: result.type,
+                license_at_adoption: result.detectedLicense,
+                license_current: result.detectedLicense,
+                adopted_date: today,
+                last_checked: today,
+                status: "clean",
+            };
+            upsertEntry(ledger, entry);
+        }
+        // Archive license text if available
+        if (result.licenseText) {
+            archiveSnapshot(repoRoot, result.name, result.licenseText, today);
+        }
+    }
+    ledger.last_full_scan = new Date().toISOString();
+    writeLedger(repoRoot, ledger);
+    return results;
+}
+/**
+ * Gate check — returns true if safe to proceed, false if blocked.
+ */
+export function gateCheck(repoRoot, offline) {
+    const results = scanAndUpdate({ repoRoot, offline });
+    const changed = results.filter((r) => r.wasChanged);
+    const alerts = changed.map((r) => `🚫 LICENSE CHANGED: ${r.name} — was adopted under different terms, now detected as ${r.detectedLicense}`);
+    return {
+        safe: changed.length === 0,
+        results,
+        alerts,
+    };
+}
+//# sourceMappingURL=scanner.js.map

package/tools/wip-license-hook/dist/core/scanner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"scanner.js","sourceRoot":"","sources":["../../src/core/scanner.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,YAAY,EAAE,UAAU,EAAe,MAAM,SAAS,CAAC;AAChE,OAAO,EAAE,IAAI,EAAE,MAAM,WAAW,CAAC;AACjC,OAAO,EAAE,QAAQ,EAAE,MAAM,oBAAoB,CAAC;AAC9C,OAAO,EAAE,qBAAqB,EAAE,aAAa,EAAkB,MAAM,eAAe,CAAC;AACrF,OAAO,EACL,UAAU,EAAE,WAAW,EAAE,WAAW,EAAE,SAAS,EAAE,QAAQ,EACzD,eAAe,EAAE,iBAAiB,GAEnC,MAAM,aAAa,CAAC;AAkBrB,iCAAiC;AAEjC,MAAM,aAAa,GAAG,CAAC,SAAS,EAAE,YAAY,EAAE,aAAa,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,CAAC,CAAC;AAEnG,MAAM,UAAU,eAAe,CAAC,GAAW;IACzC,KAAK,MAAM,IAAI,IAAI,aAAa,EAAE,CAAC;QACjC,MAAM,CAAC,GAAG,IAAI,CAAC,GAAG,EAAE,IAAI,CAAC,CAAC;QAC1B,IAAI,UAAU,CAAC,CAAC,CAAC;YAAE,OAAO,CAAC,CAAC;IAC9B,CAAC;IACD,OAAO,IAAI,CAAC;AACd,CAAC;AAED,MAAM,UAAU,kBAAkB,CAAC,GAAW;IAC5C,MAAM,CAAC,GAAG,eAAe,CAAC,GAAG,CAAC,CAAC;IAC/B,IAAI,CAAC,CAAC;QAAE,OAAO,IAAI,CAAC;IACpB,MAAM,IAAI,GAAG,YAAY,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;IACtC,OAAO,EAAE,OAAO,EAAE,qBAAqB,CAAC,IAAI,CAAC,EAAE,IAAI,EAAE,CAAC;AACxD,CAAC;AAED,oCAAoC;AAEpC,SAAS,qBAAqB,CAAC,QAAgB;IAC7C,MAAM,KAAK,GAAqB,EAAE,CAAC;IACnC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,SAAS,CAAC,CAAC,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,gBAAgB,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IAC/J,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC;IAClE,IAAI,UAAU,CAAC,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;QAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;IAC3D,OAAO,KAAK,CAAC;AACf,CAAC;AAED,uBAAuB;AAEvB,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAgB;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC;QAAE,OAAO,OAAO,CAAC;IAEzC,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,EAAE,GAAG,GAAG,CAAC,YAAY,EAAE,GAAG,GAAG,CAAC,eAAe,EAAE,CAAC;IAEhE,KAAK,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,CAAC,EAAE,CAAC;QACvD,IAAI,eAAe,GAAc,SAAS,CAAC;QAC3C,IAAI,WAA+B,CAAC;QAEpC,2CAA2C;QAC3C,MAAM,MAAM,GAAG,IAAI,CAAC,QAAQ,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;QACpD,IAAI,UAAU,CAAC,MAAM,CAAC,EAAE,CAAC;YACvB,MAAM,QAAQ,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;YAC5C,IAAI,QAAQ,EAAE,CAAC;gBACb,eAAe,GAAG,QAAQ,CAAC,OAAO,CAAC;gBACnC,WAAW,GAAG,QAAQ,CAAC,IAAI,CAAC;YAC9B,CAAC;YACD,wCAAwC;YACxC,MAAM,MAAM,GAAG,IAAI,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;YAC5C,IAAI,UAAU,CAAC,MAAM,CAAC,IAAI,eAAe,KAAK,SAAS,EAAE,CAAC;gBACxD,IAAI,CAAC;oBACH,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC,CAAC;oBAC1D,IAAI,OAAO,CAAC,OAAO;wBAAE,eAAe,GAAG,aAAa,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;gBACxE,CAAC;gBAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;YACxB,CAAC;QACH,CAAC;QAED,2CAA2C;QAC3C,IAAI,eAAe,KAAK,SAAS,IAAI,CAAC,OAAO,EAAE,CAAC;YAC9C,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,IAAI,sBAAsB,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;gBAC3G,IAAI,GAAG;oBAAE,eAAe,GAAG,aAAa,CAAC,GAAG,CAAC,CAAC;YAChD,CAAC;YAAC,MAAM,CAAC,CAAC,0BAA0B,CAAC,CAAC;QACxC,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,OAAO,IAAI,EAAE;YACrB,IAAI,EAAE,KAAK;YACX,eAAe;YACf,WAAW;YACX,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,uBAAuB;AAEvB,SAAS,YAAY,CAAC,QAAgB;IACpC,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,OAAO,GAAG,IAAI,CAAC,QAAQ,EAAE,kBAAkB,CAAC,CAAC;IACnD,IAAI,UAAU,CAAC,OAAO,CAAC,EAAE,CAAC;QACxB,MAAM,KAAK,GAAG,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;QACzD,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;YACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;YAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC,IAAI,OAAO,CAAC,UAAU,CAAC,GAAG,CAAC;gBAAE,SAAS;YAC7E,MAAM,IAAI,GAAG,OAAO,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE,CAAC;YAClD,IAAI,IAAI;gBAAE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QAC7B,CAAC;IACH,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,SAAS,WAAW,CAAC,QAAgB,EAAE,OAAgB;IACrD,MAAM,IAAI,GAAG,YAAY,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,KAAK,MAAM,IAAI,IAAI,IAAI,EAAE,CAAC;QACxB,IAAI,eAAe,GAAc,SAAS,CAAC;QAE3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,YAAY,IAAI,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC5F,MAAM,KAAK,GAAG,GAAG,CAAC,KAAK,CAAC,oBAAoB,CAAC,CAAC;gBAC9C,IAAI,KAAK;oBAAE,eAAe,GAAG,aAAa,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC,CAAC;YACvD,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,OAAO,IAAI,EAAE;YACrB,IAAI,EAAE,KAAK;YACX,eAAe;YACf,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,yBAAyB;AAEzB,SAAS,aAAa,CAAC,QAAgB,EAAE,OAAgB;IACvD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,YAAY,CAAC,CAAC;IAC/C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC;IAE3C,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,UAAU,GAAG,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC,CAAC;IACrE,IAAI,CAAC,UAAU;QAAE,OAAO,OAAO,CAAC;IAEhC,MAAM,KAAK,GAAG,UAAU,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC;IACxC,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,KAAK,GAAG,IAAI,CAAC,KAAK,CAAC,YAAY,CAAC,CAAC;QACvC,IAAI,CAAC,KAAK;YAAE,SAAS;QACrB,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QAEtB,IAAI,eAAe,GAAc,SAAS,CAAC;QAC3C,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,MAAM,GAAG,GAAG,QAAQ,CAAC,cAAc,IAAI,cAAc,EAAE,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;gBAC9F,MAAM,MAAM,GAAG,GAAG,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;gBAC7C,IAAI,MAAM;oBAAE,eAAe,GAAG,aAAa,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,CAAC;YACzD,CAAC;YAAC,MAAM,CAAC,CAAC,UAAU,CAAC,CAAC;QACxB,CAAC;QAED,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,SAAS,IAAI,EAAE;YACvB,IAAI,EAAE,OAAO;YACb,eAAe;YACf,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,sBAAsB;AAEtB,SAAS,UAAU,CAAC,QAAgB,EAAE,QAAiB;IACrD,MAAM,OAAO,GAAiB,EAAE,CAAC;IACjC,MAAM,SAAS,GAAG,IAAI,CAAC,QAAQ,EAAE,QAAQ,CAAC,CAAC;IAC3C,IAAI,CAAC,UAAU,CAAC,SAAS,CAAC;QAAE,OAAO,OAAO,CAAC;IAE3C,MAAM,OAAO,GAAG,YAAY,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;IACjD,MAAM,YAAY,GAAG,OAAO,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC;IAC/D,MAAM,KAAK,GAAG,YAAY,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,EAAE,CAAC;IAE9D,mCAAmC;IACnC,MAAM,cAAc,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,IAAI,EAAE,CAAC;IACpE,KAAK,MAAM,EAAE,IAAI,cAAc,EAAE,CAAC;QAChC,MAAM,CAAC,GAAG,EAAE,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC;QACvC,IAAI,CAAC;YAAE,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC;IAC1B,CAAC;IAED,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE,CAAC;QACzB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC5B,IAAI,CAAC,OAAO,IAAI,OAAO,CAAC,UAAU,CAAC,IAAI,CAAC;YAAE,SAAS;QACnD,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,KAAK,CAAC,CAAC;QACnC,MAAM,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC,CAAC;QACtB,IAAI,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,CAAC,GAAG,CAAC;YAAE,SAAS;QAE5C,OAAO,CAAC,IAAI,CAAC;YACX,IAAI;YACJ,MAAM,EAAE,MAAM,IAAI,EAAE;YACpB,IAAI,EAAE,IAAI;YACV,eAAe,EAAE,SAAS,EAAG,4CAA4C;YACzE,UAAU,EAAE,KAAK;YACjB,KAAK,EAAE,IAAI;SACZ,CAAC,CAAC;IACL,CAAC;IAED,OAAO,OAAO,CAAC;AACjB,CAAC;AAED,iCAAiC;AAEjC,SAAS,mBAAmB,CAAC,QAAgB,EAAE,OAAgB;IAC7D,sCAAsC;IACtC,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,QAAQ,CAAC,yCAAyC,EAAE;YACjE,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI;SAChD,CAAC,CAAC,IAAI,EAAE,CAAC;QACV,IAAI,CAAC,MAAM;YAAE,OAAO,IAAI,CAAC;QAEzB,6BAA6B;QAC7B,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,IAAI,CAAC;gBACH,QAAQ,CAAC,wCAAwC,EAAE,EAAE,GAAG,EAAE,QAAQ,EAAE,OAAO,EAAE,KAAK,EAAE,CAAC,CAAC;YACxF,CAAC;YAAC,MAAM,CAAC,CAAC,yBAAyB,CAAC,CAAC;QACvC,CAAC;QAED,4DAA4D;QAC5D,KAAK,MAAM,MAAM,IAAI,CAAC,eAAe,EAAE,iBAAiB,CAAC,EAAE,CAAC;YAC1D,IAAI,CAAC;gBACH,MAAM,IAAI,GAAG,QAAQ,CAAC,YAAY,MAAM,sBAAsB,EAAE;oBAC9D,GAAG,EAAE,QAAQ,EAAE,QAAQ,EAAE,OAAO,EAAE,OAAO,EAAE,IAAI;iBAChD,CAAC,CAAC;gBACH,IAAI,IAAI,EAAE,CAAC;oBACT,MAAM,OAAO,GAAG,qBAAqB,CAAC,IAAI,CAAC,CAAC;oBAC5C,OAAO;wBACL,IAAI,EAAE,UAAU;wBAChB,MAAM,EAAE,MAAM;wBACd,IAAI,EAAE,MAAM;wBACZ,eAAe,EAAE,OAAO;wBACxB,WAAW,EAAE,IAAI;wBACjB,UAAU,EAAE,KAAK;wBACjB,KAAK,EAAE,IAAI;qBACZ,CAAC;gBACJ,CAAC;YACH,CAAC;YAAC,MAAM,CAAC,CAAC,qBAAqB,CAAC,CAAC;QACnC,CAAC;IACH,CAAC;IAAC,MAAM,CAAC,CAAC,wBAAwB,CAAC,CAAC;IAEpC,OAAO,IAAI,CAAC;AACd,CAAC;AAED,oBAAoB;AAEpB,MAAM,UAAU,OAAO,CAAC,IAAiB;IACvC,MAAM,EAAE,QAAQ,EAAE,OAAO,GAAG,KAAK,EAAE,GAAG,IAAI,CAAC;IAC3C,MAAM,QAAQ,GAAG,qBAAqB,CAAC,QAAQ,CAAC,CAAC;IACjD,MAAM,OAAO,GAAiB,EAAE,CAAC;IAEjC,6BAA6B;IAC7B,MAAM,QAAQ,GAAG,mBAAmB,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACxD,IAAI,QAAQ;QAAE,OAAO,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAErC,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9E,IAAI,QAAQ,CAAC,QAAQ,CAAC,KAAK,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,WAAW,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAC9E,IAAI,QAAQ,CAAC,QAAQ,CAAC,OAAO,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,aAAa,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAClF,IAAI,QAAQ,CAAC,QAAQ,CAAC,IAAI,CAAC;QAAE,OAAO,CAAC,IAAI,CAAC,GAAG,UAAU,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;IAE5E,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CAAC,IAAiB;IAC7C,MAAM,EAAE,QAAQ,EAAE,GAAG,IAAI,CAAC;IAC1B,MAAM,MAAM,GAAG,UAAU,CAAC,QAAQ,CAAC,CAAC;IACpC,MAAM,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC;IAEpD,KAAK,MAAM,MAAM,IAAI,OAAO,EAAE,CAAC;QAC7B,MAAM,QAAQ,GAAG,SAAS,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,CAAC,CAAC;QAEhD,IAAI,QAAQ,EAAE,CAAC;YACb,MAAM,CAAC,KAAK,GAAG,KAAK,CAAC;YACrB,QAAQ,CAAC,eAAe,GAAG,MAAM,CAAC,eAAe,CAAC;YAClD,QAAQ,CAAC,YAAY,GAAG,KAAK,CAAC;YAE9B,IAAI,iBAAiB,CAAC,QAAQ,CAAC,EAAE,CAAC;gBAChC,QAAQ,CAAC,MAAM,GAAG,SAAS,CAAC;gBAC5B,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC;gBACzB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC,IAAI,EAAE,QAAQ,CAAC,mBAAmB,EAAE,MAAM,CAAC,eAAe,CAAC,CAAC;YACtF,CAAC;iBAAM,CAAC;gBACN,QAAQ,CAAC,MAAM,GAAG,OAAO,CAAC;YAC5B,CAAC;YAED,WAAW,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;QAChC,CAAC;aAAM,CAAC;YACN,iBAAiB;YACjB,MAAM,KAAK,GAAgB;gBACzB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,IAAI,EAAE,MAAM,CAAC,IAAI;gBACjB,mBAAmB,EAAE,MAAM,CAAC,eAAe;gBAC3C,eAAe,EAAE,MAAM,CAAC,eAAe;gBACvC,YAAY,EAAE,KAAK;gBACnB,YAAY,EAAE,KAAK;gBACnB,MAAM,EAAE,OAAO;aAChB,CAAC;YACF,WAAW,CAAC,MAAM,EAAE,KAAK,CAAC,CAAC;QAC7B,CAAC;QAED,oCAAoC;QACpC,IAAI,MAAM,CAAC,WAAW,EAAE,CAAC;YACvB,eAAe,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,EAAE,MAAM,CAAC,WAAW,EAAE,KAAK,CAAC,CAAC;QACpE,CAAC;IACH,CAAC;IAED,MAAM,CAAC,cAAc,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAC;IACjD,WAAW,CAAC,QAAQ,EAAE,MAAM,CAAC,CAAC;IAE9B,OAAO,OAAO,CAAC;AACjB,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,SAAS,CAAC,QAAgB,EAAE,OAAgB;IAC1D,MAAM,OAAO,GAAG,aAAa,CAAC,EAAE,QAAQ,EAAE,OAAO,EAAE,CAAC,CAAC;IACrD,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC;IACpD,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CACxB,CAAC,CAAC,EAAE,EAAE,CAAC,uBAAuB,CAAC,CAAC,IAAI,yDAAyD,CAAC,CAAC,eAAe,EAAE,CACjH,CAAC;IAEF,OAAO;QACL,IAAI,EAAE,OAAO,CAAC,MAAM,KAAK,CAAC;QAC1B,OAAO;QACP,MAAM;KACP,CAAC;AACJ,CAAC"}

package/tools/wip-license-hook/hooks/pre-pull.sh

@@ -0,0 +1,55 @@
+#!/usr/bin/env bash
+# wip-license-hook — Pre-pull hook (hard gate)
+# Blocks pull/merge if upstream license has changed.
+#
+# Install: cp hooks/pre-pull.sh .git/hooks/pre-merge-commit && chmod +x .git/hooks/pre-merge-commit
+# Or: wip-license-hook install
+
+set -euo pipefail
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+# Check if wip-license-hook is available
+if command -v wip-license-hook &>/dev/null; then
+  HOOK_CMD="wip-license-hook"
+elif [ -f "$REPO_ROOT/node_modules/.bin/wip-license-hook" ]; then
+  HOOK_CMD="$REPO_ROOT/node_modules/.bin/wip-license-hook"
+elif command -v npx &>/dev/null; then
+  HOOK_CMD="npx @wipcomputer/wip-license-hook"
+else
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  ⚠️  wip-license-hook not found                  ║"
+  echo "║  Install: npm i -g @wipcomputer/wip-license-hook ║"
+  echo "║  Pull proceeding WITHOUT license check.          ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  exit 0
+fi
+
+echo ""
+echo "🔒 wip-license-hook: Checking upstream licenses..."
+echo ""
+
+# Run the gate check — exits non-zero if license changed
+cd "$REPO_ROOT"
+$HOOK_CMD gate
+
+EXIT_CODE=$?
+
+if [ $EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  🚫  MERGE BLOCKED — License change detected!   ║"
+  echo "║                                                  ║"
+  echo "║  Review the changes above. If you accept the     ║"
+  echo "║  new license, update the ledger:                 ║"
+  echo "║    wip-license-hook scan                         ║"
+  echo "║                                                  ║"
+  echo "║  Then retry the pull/merge.                      ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  exit 1
+fi
+
+exit 0

package/tools/wip-license-hook/hooks/pre-push.sh

@@ -0,0 +1,51 @@
+#!/usr/bin/env bash
+# wip-license-hook — Pre-push hook (advisory alert)
+# Warns if upstream license has drifted. Does NOT block push.
+#
+# Install: cp hooks/pre-push.sh .git/hooks/pre-push && chmod +x .git/hooks/pre-push
+# Or: wip-license-hook install
+
+set -uo pipefail
+
+REPO_ROOT="$(git rev-parse --show-toplevel)"
+
+# Check if wip-license-hook is available
+if command -v wip-license-hook &>/dev/null; then
+  HOOK_CMD="wip-license-hook"
+elif [ -f "$REPO_ROOT/node_modules/.bin/wip-license-hook" ]; then
+  HOOK_CMD="$REPO_ROOT/node_modules/.bin/wip-license-hook"
+elif command -v npx &>/dev/null; then
+  HOOK_CMD="npx @wipcomputer/wip-license-hook"
+else
+  # No tool available — push proceeds silently
+  exit 0
+fi
+
+echo ""
+echo "🔒 wip-license-hook: Checking license status before push..."
+echo ""
+
+cd "$REPO_ROOT"
+
+# Run gate in advisory mode — capture output but NEVER block push
+OUTPUT=$($HOOK_CMD gate 2>&1) || true
+EXIT_CODE=$?
+
+if [ $EXIT_CODE -ne 0 ]; then
+  echo ""
+  echo "╔══════════════════════════════════════════════════╗"
+  echo "║  ⚠️  LICENSE DRIFT DETECTED                      ║"
+  echo "║                                                  ║"
+  echo "║  Upstream license may have changed.              ║"
+  echo "║  Your push will proceed (it's your code).        ║"
+  echo "║                                                  ║"
+  echo "║  Run: wip-license-hook scan --verbose            ║"
+  echo "║  to review the changes.                          ║"
+  echo "╚══════════════════════════════════════════════════╝"
+  echo ""
+  echo "$OUTPUT"
+  echo ""
+fi
+
+# ALWAYS exit 0 — pre-push is advisory only
+exit 0

package/tools/wip-license-hook/mcp-server.mjs

@@ -0,0 +1,119 @@
+#!/usr/bin/env node
+// wip-license-hook/mcp-server.mjs
+// MCP server exposing license compliance scanning as tools.
+// Wraps the compiled dist/ output. Registered via .mcp.json.
+
+import { Server } from '@modelcontextprotocol/sdk/server/index.js';
+import { StdioServerTransport } from '@modelcontextprotocol/sdk/server/stdio.js';
+import { CallToolRequestSchema, ListToolsRequestSchema } from '@modelcontextprotocol/sdk/types.js';
+import {
+  scanAll, scanAndUpdate, gateCheck,
+  readLedger, formatScanReport, formatLedgerReport,
+} from './dist/core/index.js';
+
+const server = new Server(
+  { name: 'wip-license-hook', version: '1.0.0' },
+  { capabilities: { tools: {} } }
+);
+
+// ── Tool Definitions ──
+
+server.setRequestHandler(ListToolsRequestSchema, async () => ({
+  tools: [
+    {
+      name: 'license_scan',
+      description: 'Scan a project for all dependency licenses. Returns a report of every dependency, its license, and any changes detected.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          repoPath: { type: 'string', description: 'Absolute path to the repo to scan' },
+        },
+        required: ['repoPath'],
+      },
+    },
+    {
+      name: 'license_audit',
+      description: 'Scan and update the license ledger for a project. Detects license changes (rug-pulls) by comparing against the stored ledger.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          repoPath: { type: 'string', description: 'Absolute path to the repo to audit' },
+        },
+        required: ['repoPath'],
+      },
+    },
+    {
+      name: 'license_gate',
+      description: 'Gate check: returns pass/fail for license compliance. Use before merging PRs or publishing.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          repoPath: { type: 'string', description: 'Absolute path to the repo to check' },
+        },
+        required: ['repoPath'],
+      },
+    },
+    {
+      name: 'license_ledger',
+      description: 'Read the current license ledger for a project. Shows all tracked dependencies and their license status.',
+      inputSchema: {
+        type: 'object',
+        properties: {
+          repoPath: { type: 'string', description: 'Absolute path to the repo' },
+        },
+        required: ['repoPath'],
+      },
+    },
+  ],
+}));
+
+// ── Tool Handlers ──
+
+server.setRequestHandler(CallToolRequestSchema, async (req) => {
+  const { name, arguments: args } = req.params;
+
+  try {
+    if (name === 'license_scan') {
+      const results = await scanAll(args.repoPath);
+      const report = formatScanReport(results);
+      return { content: [{ type: 'text', text: report }] };
+    }
+
+    if (name === 'license_audit') {
+      const results = await scanAndUpdate(args.repoPath);
+      const report = formatScanReport(results);
+      return { content: [{ type: 'text', text: report }] };
+    }
+
+    if (name === 'license_gate') {
+      const result = await gateCheck(args.repoPath);
+      return {
+        content: [{
+          type: 'text',
+          text: result.pass
+            ? `PASS: All licenses compliant.`
+            : `FAIL: ${result.reason}`,
+        }],
+      };
+    }
+
+    if (name === 'license_ledger') {
+      const ledger = readLedger(args.repoPath);
+      const report = formatLedgerReport(ledger);
+      return { content: [{ type: 'text', text: report }] };
+    }
+
+    return {
+      content: [{ type: 'text', text: `Unknown tool: ${name}` }],
+      isError: true,
+    };
+  } catch (err) {
+    return {
+      content: [{ type: 'text', text: `Error: ${err.message}` }],
+      isError: true,
+    };
+  }
+});
+
+const transport = new StdioServerTransport();
+await server.connect(transport);

package/tools/wip-license-hook/package-lock.json

@@ -0,0 +1,54 @@
+{
+  "name": "@wipcomputer/wip-license-hook",
+  "version": "1.0.0",
+  "lockfileVersion": 3,
+  "requires": true,
+  "packages": {
+    "": {
+      "name": "@wipcomputer/wip-license-hook",
+      "version": "1.0.0",
+      "license": "MIT",
+      "bin": {
+        "wip-license-hook": "dist/cli/index.js"
+      },
+      "devDependencies": {
+        "@types/node": "^20.0.0",
+        "typescript": "^5.3.0"
+      },
+      "engines": {
+        "node": ">=18.0.0"
+      }
+    },
+    "node_modules/@types/node": {
+      "version": "20.19.33",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-20.19.33.tgz",
+      "integrity": "sha512-Rs1bVAIdBs5gbTIKza/tgpMuG1k3U/UMJLWecIMxNdJFDMzcM5LOiLVRYh3PilWEYDIeUDv7bpiHPLPsbydGcw==",
+      "dev": true,
+      "license": "MIT",
+      "dependencies": {
+        "undici-types": "~6.21.0"
+      }
+    },
+    "node_modules/typescript": {
+      "version": "5.9.3",
+      "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
+      "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
+      "dev": true,
+      "license": "Apache-2.0",
+      "bin": {
+        "tsc": "bin/tsc",
+        "tsserver": "bin/tsserver"
+      },
+      "engines": {
+        "node": ">=14.17"
+      }
+    },
+    "node_modules/undici-types": {
+      "version": "6.21.0",
+      "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-6.21.0.tgz",
+      "integrity": "sha512-iwDZqg0QAGrg9Rav5H4n0M64c3mkR59cJ6wQp+7C4nI0gsmExaedaYLNO44eT4AtBBwjbTiGPMlt2Md0T9H9JQ==",
+      "dev": true,
+      "license": "MIT"
+    }
+  }
+}

package/tools/wip-license-hook/package.json

@@ -0,0 +1,43 @@
+{
+  "name": "@wipcomputer/wip-license-hook",
+  "version": "1.9.20",
+  "description": "License rug-pull detection and dependency license compliance for open source projects",
+  "type": "module",
+  "main": "dist/cli/index.js",
+  "bin": {
+    "wip-license-hook": "dist/cli/index.js"
+  },
+  "scripts": {
+    "build": "tsc",
+    "dev": "tsc --watch",
+    "start": "node dist/cli/index.js",
+    "lint": "tsc --noEmit"
+  },
+  "keywords": [
+    "license",
+    "compliance",
+    "git-hook",
+    "rug-pull",
+    "dependency",
+    "scanner"
+  ],
+  "author": "WIP Computer",
+  "license": "MIT",
+  "dependencies": {
+    "@modelcontextprotocol/sdk": "^1.0.0"
+  },
+  "devDependencies": {
+    "typescript": "^5.3.0",
+    "@types/node": "^20.0.0"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "files": [
+    "dist/",
+    "hooks/",
+    "dashboard/",
+    "README.md",
+    "LICENSE"
+  ]
+}