ai-project-maintainer 0.3.1 → 0.4.1

package/examples/demo-ai-app/scripts/create-before-state.mjs

@@ -0,0 +1,86 @@
+#!/usr/bin/env node
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+const ignored = new Set(["node_modules", "dist", "reports"]);
+
+function normalizeForCompare(value) {
+  return path.resolve(value).toLowerCase();
+}
+
+function assertInsideTemp(destination) {
+  const tempRoot = normalizeForCompare(fs.realpathSync(os.tmpdir()));
+  const resolved = normalizeForCompare(destination);
+  if (resolved !== tempRoot && !resolved.startsWith(`${tempRoot}${path.sep}`)) {
+    throw new Error(`Refusing to write demo before-state outside the OS temp directory: ${destination}`);
+  }
+}
+
+function copyDirectory(source, destination) {
+  fs.mkdirSync(destination, { recursive: true });
+  for (const entry of fs.readdirSync(source, { withFileTypes: true })) {
+    if (ignored.has(entry.name)) continue;
+    const from = path.join(source, entry.name);
+    const to = path.join(destination, entry.name);
+    if (entry.isDirectory()) copyDirectory(from, to);
+    else if (entry.isFile()) fs.copyFileSync(from, to);
+  }
+}
+
+function readOutputArg(args) {
+  const index = args.indexOf("--output");
+  if (index !== -1) return args[index + 1];
+  const inline = args.find((arg) => arg.startsWith("--output="));
+  return inline ? inline.slice("--output=".length) : null;
+}
+
+export function createBeforeState({ outputPath = null } = {}) {
+  const demoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+  const destination = path.resolve(outputPath || path.join(os.tmpdir(), `apm-demo-before-${Date.now()}`));
+  assertInsideTemp(destination);
+
+  fs.rmSync(destination, { recursive: true, force: true });
+  copyDirectory(demoRoot, destination);
+
+  fs.writeFileSync(
+    path.join(destination, "src", "order-risk.js"),
+    `const shippingRates = {
+  standard: 499,
+  expedited: 1299,
+};
+
+export function quoteOrder({ subtotalCents, shippingTier }) {
+  if (!Number.isInteger(subtotalCents) || subtotalCents < 0) {
+    throw new TypeError("subtotalCents must be a non-negative integer");
+  }
+
+  if (!Object.hasOwn(shippingRates, shippingTier)) {
+    throw new RangeError(\`unsupported shipping tier: \${shippingTier}\`);
+  }
+
+  const shippingCents = shippingRates[shippingTier];
+  const totalCents = subtotalCents + shippingCents;
+
+  return {
+    subtotalCents,
+    shippingCents,
+    totalCents,
+    needsManualReview: false,
+  };
+}
+
+export function canReleaseOrder({ paid, flagged }) {
+  return Boolean(paid && !flagged);
+}
+`,
+  );
+
+  return { destination };
+}
+
+if (process.argv[1] && path.resolve(process.argv[1]) === fileURLToPath(import.meta.url)) {
+  const result = createBeforeState({ outputPath: readOutputArg(process.argv.slice(2)) });
+  console.log(JSON.stringify(result, null, 2));
+}

package/examples/demo-ai-app/scripts/run-demo-gate.mjs

@@ -0,0 +1,95 @@
+#!/usr/bin/env node
+import fs from "node:fs";
+import os from "node:os";
+import path from "node:path";
+import { fileURLToPath } from "node:url";
+
+import { runLocalGate } from "../../../ai-project-maintainer/scripts/run-local-gate.mjs";
+import { toMarkdown } from "../../../ai-project-maintainer/scripts/lib/report.mjs";
+
+function writeMockTool(toolsDir) {
+  const scriptPath = path.join(toolsDir, "mock-tool.mjs");
+  fs.writeFileSync(
+    scriptPath,
+    `#!/usr/bin/env node
+import fs from "node:fs";
+
+const [, , tool, ...args] = process.argv;
+if (args.includes("--version")) {
+  console.log(\`\${tool} demo 0.0.0\`);
+  process.exit(0);
+}
+
+if (tool === "syft") {
+  const outputArg = args.find((arg) => arg.startsWith("cyclonedx-json="));
+  if (outputArg) {
+    fs.writeFileSync(outputArg.slice("cyclonedx-json=".length), JSON.stringify({
+      bomFormat: "CycloneDX",
+      specVersion: "1.5",
+      version: 1,
+      metadata: { component: { type: "application", name: "demo-ai-app" } },
+      components: [],
+    }, null, 2));
+  }
+}
+
+if (tool === "scorecard") {
+  console.log(JSON.stringify({ score: 8.5, checks: [] }));
+}
+
+process.exit(0);
+`,
+  );
+
+  const tools = [
+    "actionlint",
+    "checkov",
+    "gitleaks",
+    "grype",
+    "mega-linter-runner",
+    "osv-scanner",
+    "pre-commit",
+    "scorecard",
+    "semgrep",
+    "squawk",
+    "syft",
+    "trivy",
+    "zizmor",
+  ];
+
+  for (const tool of tools) {
+    if (process.platform === "win32") {
+      fs.writeFileSync(path.join(toolsDir, `${tool}.cmd`), `@echo off\r\nnode "%~dp0mock-tool.mjs" ${tool} %*\r\n`);
+    } else {
+      const shim = path.join(toolsDir, tool);
+      fs.writeFileSync(shim, `#!/usr/bin/env sh\nnode "$(dirname "$0")/mock-tool.mjs" ${tool} "$@"\n`);
+      fs.chmodSync(shim, 0o755);
+    }
+  }
+}
+
+export function runDemoGate({ outputPath = null } = {}) {
+  const demoRoot = path.resolve(path.dirname(fileURLToPath(import.meta.url)), "..");
+  const reportsDir = path.join(demoRoot, "reports");
+  const toolsDir = fs.mkdtempSync(path.join(os.tmpdir(), "apm-demo-tools-"));
+  writeMockTool(toolsDir);
+
+  const report = runLocalGate(demoRoot, {
+    strict: true,
+    release: true,
+    production: true,
+    outputPath: outputPath || path.join(reportsDir, "security-report.json"),
+    writeReports: true,
+    runnerOptions: {
+      envPath: `${toolsDir}${path.delimiter}${process.env.PATH || ""}`,
+    },
+  });
+
+  return { report, toolsDir };
+}
+
+if (process.argv[1] && path.resolve(process.argv[1]) === fileURLToPath(import.meta.url)) {
+  const { report } = runDemoGate();
+  console.log(toMarkdown(report));
+  process.exit(report.passed ? 0 : 1);
+}

package/examples/demo-ai-app/src/order-risk.js

@@ -0,0 +1,28 @@
+const shippingRates = {
+  standard: 499,
+  expedited: 1299,
+};
+
+export function quoteOrder({ subtotalCents, shippingTier }) {
+  if (!Number.isInteger(subtotalCents) || subtotalCents < 0) {
+    throw new TypeError("subtotalCents must be a non-negative integer");
+  }
+
+  if (!Object.hasOwn(shippingRates, shippingTier)) {
+    throw new RangeError(`unsupported shipping tier: ${shippingTier}`);
+  }
+
+  const shippingCents = shippingRates[shippingTier];
+  const totalCents = subtotalCents + shippingCents;
+
+  return {
+    subtotalCents,
+    shippingCents,
+    totalCents,
+    needsManualReview: totalCents >= 100000,
+  };
+}
+
+export function canReleaseOrder({ paid, flagged, stockAvailable }) {
+  return Boolean(paid && stockAvailable && !flagged);
+}

package/examples/demo-ai-app/test/order-risk.test.mjs

@@ -0,0 +1,24 @@
+import assert from "node:assert/strict";
+import test from "node:test";
+
+import { canReleaseOrder, quoteOrder } from "../src/order-risk.js";
+
+test("checkout quote preserves the customer-visible total", () => {
+  assert.deepEqual(quoteOrder({ subtotalCents: 2500, shippingTier: "standard" }), {
+    subtotalCents: 2500,
+    shippingCents: 499,
+    totalCents: 2999,
+    needsManualReview: false,
+  });
+});
+
+test("expensive orders require manual review before release", () => {
+  assert.equal(quoteOrder({ subtotalCents: 99600, shippingTier: "standard" }).needsManualReview, true);
+});
+
+test("orders are released only when payment, stock, and risk checks all pass", () => {
+  assert.equal(canReleaseOrder({ paid: true, stockAvailable: true, flagged: false }), true);
+  assert.equal(canReleaseOrder({ paid: false, stockAvailable: true, flagged: false }), false);
+  assert.equal(canReleaseOrder({ paid: true, stockAvailable: false, flagged: false }), false);
+  assert.equal(canReleaseOrder({ paid: true, stockAvailable: true, flagged: true }), false);
+});

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "ai-project-maintainer",
-  "version": "0.3.1",
+  "version": "0.4.1",
   "description": "Production-readiness audit and CI gate for AI-coded projects.",
   "type": "module",
   "license": "MIT",
@@ -29,9 +29,17 @@
   },
   "files": [
     "ai-project-maintainer/",
+    "assets/",
+    "examples/demo-ai-app/.ai-maintainer/",
+    "examples/demo-ai-app/package.json",
+    "examples/demo-ai-app/package-lock.json",
+    "examples/demo-ai-app/README.md",
+    "examples/demo-ai-app/scripts/",
+    "examples/demo-ai-app/src/",
+    "examples/demo-ai-app/test/",
     "docs/",
-    "README.md"
-  ],
+    "README.md"
+  ],
   "bin": {
     "ai-project-maintainer": "ai-project-maintainer/scripts/cli.mjs"
   },