npm - ai-spec-dev - Versions diffs - 0.55.0 → 0.56.0 - Mend

ai-spec-dev 0.55.0 → 0.56.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/cli/pipeline/multi-repo.ts +9 -0
package/core/cross-stack-verifier.ts +90 -3
package/dist/cli/index.js +68 -5
package/dist/cli/index.js.map +1 -1
package/dist/cli/index.mjs +68 -5
package/dist/cli/index.mjs.map +1 -1
package/package.json +1 -1
package/tests/cross-stack-verifier.test.ts +101 -0
package/.ai-spec-workspace.json +0 -17
package/.ai-spec.json +0 -7

package/dist/cli/index.mjs CHANGED Viewed

@@ -694,7 +694,7 @@ var require_package = __commonJS({
   "package.json"(exports, module) {
     module.exports = {
       name: "ai-spec-dev",
-      version: "0.55.0",
+      version: "0.56.0",
       description: "AI-driven Development Orchestrator SDK & CLI",
       main: "dist/index.js",
       types: "dist/index.d.ts",
@@ -10300,10 +10300,12 @@ async function walkSource(root) {
 function extractApiCallsFromSource(source, relFile) {
   const calls = [];
   const lines = source.split("\n");
-  const methodCallRegex = /\.(get|post|put|patch|delete)\s*\(\s*(['"`])([^'"`]+)\2/gi;
+  const methodCallRegex = /\.(get|post|put|patch|delete)\s*\(\s*(['"`])([^'"`]+)\2(?!\s*\+)/gi;
   const fetchRegex = /\bfetch\s*\(\s*(['"`])([^'"`]+)\1([^)]*)\)/g;
   const useRequestRegex = /\buseRequest\s*\(\s*(['"`])([^'"`]+)\1([^)]*)\)/g;
   const genericRequestRegex = /\brequest\s*\(\s*(['"`])([^'"`]+)\1\s*(?:,\s*(['"`])(GET|POST|PUT|PATCH|DELETE)\3)?/gi;
+  const concatMethodRegex = /\.(get|post|put|patch|delete)\s*\(\s*(['"`])([^'"`]+)\2\s*\+/gi;
+  const concatFetchRegex = /\bfetch\s*\(\s*(['"`])([^'"`]+)\1\s*\+([^)]*)\)/g;
   function getLineNumber(offset) {
     let ln = 1;
     for (let i = 0; i < offset && i < source.length; i++) {
@@ -10320,6 +10322,10 @@ function extractApiCallsFromSource(source, relFile) {
     if (/\.(css|svg|png|jpe?g|gif|ico|woff2?|ttf|eot)$/i.test(p)) return false;
     return true;
   }
+  function concatPath(prefix) {
+    const stripped = prefix.endsWith("/") ? prefix.slice(0, -1) : prefix;
+    return stripped + "/*";
+  }
   let match;
   while ((match = methodCallRegex.exec(source)) !== null) {
     const rawPath = match[3];
@@ -10373,12 +10379,41 @@ function extractApiCallsFromSource(source, relFile) {
       snippet: getSnippet(line)
     });
   }
+  while ((match = concatMethodRegex.exec(source)) !== null) {
+    const rawPrefix = match[3];
+    if (!isApiLike(rawPrefix)) continue;
+    const line = getLineNumber(match.index);
+    calls.push({
+      method: match[1].toUpperCase(),
+      path: concatPath(rawPrefix),
+      file: relFile,
+      line,
+      snippet: getSnippet(line),
+      isConcatPath: true
+    });
+  }
+  while ((match = concatFetchRegex.exec(source)) !== null) {
+    const rawPrefix = match[2];
+    if (!isApiLike(rawPrefix)) continue;
+    const tail = match[3] ?? "";
+    const methodMatch = tail.match(/method\s*:\s*['"`](GET|POST|PUT|PATCH|DELETE)['"`]/i);
+    const line = getLineNumber(match.index);
+    calls.push({
+      method: methodMatch ? methodMatch[1].toUpperCase() : "GET",
+      path: concatPath(rawPrefix),
+      file: relFile,
+      line,
+      snippet: getSnippet(line),
+      isConcatPath: true
+    });
+  }
   return calls;
 }
 function normalizePathSegments(p) {
   const withoutQs = p.split("?")[0];
   const segments = withoutQs.split("/").filter(Boolean);
   return segments.map((seg) => {
+    if (seg === "*") return "*";
     if (seg.startsWith(":")) return "*";
     if (seg.includes("${") || seg.includes("{{")) return "*";
     if (/^\d+$/.test(seg)) return "*";
@@ -10430,8 +10465,10 @@ async function verifyCrossStackContract(backendDsl, frontendRoot, opts = {}) {
   const phantom = [];
   const methodMismatch = [];
   const matched = [];
+  const unknownMethodCalls = [];
   const usedEndpointIds = /* @__PURE__ */ new Set();
   for (const call of allCalls) {
+    if (call.method === "UNKNOWN") unknownMethodCalls.push(call);
     const pathMatches = backendEndpoints.filter((ep) => pathsMatch(ep.path, call.path));
     if (pathMatches.length === 0) {
       phantom.push(call);
@@ -10456,7 +10493,9 @@ async function verifyCrossStackContract(backendDsl, frontendRoot, opts = {}) {
     unused,
     methodMismatch,
     matched,
-    totalScannedFiles: files.length
+    unknownMethodCalls,
+    totalScannedFiles: files.length,
+    hasViolations: phantom.length > 0 || methodMismatch.length > 0
   };
 }
 function printCrossStackReport(repoName, report) {
@@ -10465,11 +10504,13 @@ function printCrossStackReport(repoName, report) {
   const phantomCount = report.phantom.length;
   const mismatchCount = report.methodMismatch.length;
   const unusedCount = report.unused.length;
+  const concatCount = report.frontendCalls.filter((c) => c.isConcatPath).length;
+  const concatNote = concatCount > 0 ? ` (${concatCount} via string concat \u2014 approximate)` : "";
   console.log(chalk19.cyan(`
 \u2500\u2500\u2500 Cross-Stack Contract Verification [${repoName}] \u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500\u2500`));
   console.log(
     chalk19.gray(
-      `  Scanned ${report.totalScannedFiles} file(s), found ${report.frontendCalls.length} HTTP call(s)`
+      `  Scanned ${report.totalScannedFiles} file(s), found ${report.frontendCalls.length} HTTP call(s)${concatNote}`
     )
   );
   console.log(chalk19.gray(`  Backend DSL endpoints: ${totalEp}`));
@@ -10511,7 +10552,22 @@ function printCrossStackReport(repoName, report) {
       console.log(chalk19.gray(`     ... and ${unusedCount - 8} more`));
     }
   }
-  if (phantomCount === 0 && mismatchCount === 0 && unusedCount === 0 && matchedCount === totalEp && totalEp > 0) {
+  if (report.unknownMethodCalls.length > 0) {
+    console.log(
+      chalk19.gray(
+        `
+  \xB7 Unknown method (${report.unknownMethodCalls.length}): HTTP method could not be determined \u2014 matched permissively`
+      )
+    );
+    for (const call of report.unknownMethodCalls.slice(0, 5)) {
+      console.log(chalk19.gray(`     UNKNWN ${call.path}`));
+      console.log(chalk19.gray(`       ${call.file}:${call.line}`));
+    }
+    if (report.unknownMethodCalls.length > 5) {
+      console.log(chalk19.gray(`     ... and ${report.unknownMethodCalls.length - 5} more`));
+    }
+  }
+  if (!report.hasViolations && unusedCount === 0 && matchedCount === totalEp && totalEp > 0) {
     console.log(chalk19.green(`
   \u2714 Contract fully aligned \u2014 all ${totalEp} endpoints consumed correctly.`));
   }
@@ -11991,6 +12047,13 @@ async function runMultiRepoPipeline(idea, workspace, opts, currentDir, config2)
           { scopedFiles: fe2.generatedFiles }
         );
         printCrossStackReport(fe2.repoName, report);
+        if (report.hasViolations) {
+          console.log(
+            chalk22.yellow(
+              `  \u26A0 [W5] ${fe2.repoName} has cross-stack violations (${report.phantom.length} phantom, ${report.methodMismatch.length} method mismatch). Review the report above and fix generated frontend code.`
+            )
+          );
+        }
       } catch (err) {
         console.log(chalk22.yellow(`  \u26A0 Verification failed for ${fe2.repoName}: ${err.message}`));
       }