atris 3.26.0 → 3.28.0

package/lib/next-moves.js

@@ -0,0 +1,362 @@
+'use strict';
+
+// Alive onboarding: the engine behind `atris moves`.
+//
+// It reads the workspace for the highest-leverage next moves (the goal in
+// ROADMAP.md, work already in flight, fresh inbox ideas), ranks them, and lets
+// the human approve, kill, or skip. Approved moves are seeded into today's
+// inbox, which the loop's hasWork() already reads, so onboarding feeds the
+// loop without touching the autonomous core.
+
+const fs = require('fs');
+const path = require('path');
+
+function safeRead(p) {
+  try { return fs.readFileSync(p, 'utf8'); } catch { return ''; }
+}
+
+// Normalize a title for dedup and suppression, the same way moveId does, so a
+// move matches itself across case and whitespace.
+function norm(title) {
+  return String(title == null ? '' : title).trim().toLowerCase();
+}
+
+// Short, stable id so a kill on Tuesday still suppresses the same move on
+// Wednesday. Pure function of (source, title).
+function moveId(source, title) {
+  const s = `${source}:${String(title).trim().toLowerCase()}`;
+  let h = 2166136261;
+  for (let i = 0; i < s.length; i++) {
+    h ^= s.charCodeAt(i);
+    h = Math.imul(h, 16777619);
+  }
+  return `m_${(h >>> 0).toString(36)}`;
+}
+
+const WEIGHT = { roadmap: 100, task: 60, inbox: 40 };
+
+// One section-boundary shape for every reader and writer: tolerate a header
+// suffix (e.g. "(priority)"), stop at a sibling/parent heading (## or #) or a
+// malformed "##Next", but NOT at a child ### inside the section. Keeping a single
+// definition is the whole point: divergent boundaries are how the gate and the
+// picker drift apart.
+const SECTION_TAIL = '\\b[^\\n]*\\r?\\n([\\s\\S]*?)(?=\\r?\\n##[^#]|\\r?\\n# |$)';
+const OPEN_ITEMS_RE = new RegExp(`##\\s+Open loop items${SECTION_TAIL}`, 'i');
+const INBOX_RE = new RegExp(`##\\s+Inbox${SECTION_TAIL}`, 'i');
+
+// Locate a section's body and its character span, so a writer can splice an edit
+// back into exactly the region a reader parsed.
+function findSection(text, re) {
+  const m = text.match(re);
+  if (!m) return null;
+  const bodyStart = m.index + m[0].length - m[1].length;
+  return { body: m[1], start: bodyStart, end: bodyStart + m[1].length };
+}
+
+// Clean inbox titles out of a journal's ## Inbox section. The one inbox parser,
+// shared by latestInboxItems, todayInboxItems, and the run.js work gate.
+function parseInboxTitles(text) {
+  const m = (text || '').match(INBOX_RE);
+  if (!m) return [];
+  return m[1]
+    .split(/\r?\n/)
+    .map((l) => l.trim())
+    .filter((l) => l.startsWith('- ') && l.length > 2)
+    .map((l) => l.replace(/^-\s*\*\*[IC]?\d*:?\*\*\s*/, '').replace(/^-\s*\*\*/, '').replace(/\*\*$/, '').replace(/^-\s*/, '').trim())
+    .filter(Boolean);
+}
+
+function readRoadmapOpenItems(root) {
+  const text = safeRead(path.join(root, 'ROADMAP.md'));
+  if (!text) return [];
+  const section = findSection(text, OPEN_ITEMS_RE);
+  if (!section) return [];
+  return section.body
+    .split(/\r?\n/)
+    .map((l) => l.trim())
+    .filter((l) => /^- \[ \]/.test(l))
+    .map((l) => l.replace(/^- \[ \]\s*/, '').trim())
+    .filter(Boolean)
+    .map((title) => ({
+      title,
+      why: 'open item in ROADMAP.md, the goal the loop pursues',
+      source: 'roadmap',
+      weight: WEIGHT.roadmap,
+    }));
+}
+
+function readActiveTasks(root) {
+  const text = safeRead(path.join(root, '.atris', 'state', 'tasks.projection.json'));
+  if (!text) return [];
+  let proj;
+  try { proj = JSON.parse(text); } catch { return []; }
+  const tasks = Array.isArray(proj && proj.tasks) ? proj.tasks : [];
+  return tasks
+    .filter((t) => t && t.title && ['open', 'claimed'].includes(String(t.status || '').toLowerCase()))
+    .map((t) => ({
+      title: String(t.title).trim(),
+      why: `task in flight (${t.status}${t.claimed_by ? `, ${t.claimed_by}` : ''})`,
+      source: 'task',
+      ref: t.display_id || t.id || null,
+      weight: WEIGHT.task,
+    }));
+}
+
+function inboxItemsFrom(text) {
+  return parseInboxTitles(text).map((title) => ({ title, why: 'fresh idea in today\'s inbox', source: 'inbox', weight: WEIGHT.inbox }));
+}
+
+// Most recent journal under atris/logs/YYYY/, parsed for ## Inbox items. Used to
+// SURFACE ideas in `atris moves`.
+function latestInboxItems(root) {
+  const logsDir = path.join(root, 'atris', 'logs');
+  let years;
+  try { years = fs.readdirSync(logsDir).filter((d) => /^\d{4}$/.test(d)).sort(); } catch { return []; }
+  if (!years.length) return [];
+  const yearDir = path.join(logsDir, years[years.length - 1]);
+  let files;
+  try { files = fs.readdirSync(yearDir).filter((f) => /^\d{4}-\d{2}-\d{2}\.md$/.test(f)).sort(); } catch { return []; }
+  if (!files.length) return [];
+  return inboxItemsFrom(safeRead(path.join(yearDir, files[files.length - 1])));
+}
+
+// TODAY's journal inbox only. The loop's work gate and the seed-suppression must
+// read the SAME file the seeder writes (today's), or a prior-day duplicate makes
+// them disagree. Returns [] if today's file is absent.
+function todayInboxItems(root) {
+  const { file } = todayLogFile(root);
+  if (!fs.existsSync(file)) return [];
+  return inboxItemsFrom(safeRead(file));
+}
+
+function gatherCandidates(root = process.cwd()) {
+  return [
+    ...readRoadmapOpenItems(root),
+    ...readActiveTasks(root),
+    ...latestInboxItems(root),
+  ];
+}
+
+// Pure ranking: drop killed/approved, sort by weight, then dedupe by title
+// (keeping the highest-weight copy), take `limit`.
+//
+// Suppression: the exact move the operator acted on is dropped by id. Titles are
+// only suppressed for IDEAS (roadmap/inbox), never for a real `task`, so killing
+// or approving an idea can't hide a genuine in-flight task that happens to share
+// the title.
+function pickNextMoves(candidates, { limit = 3, killedIds = [], killedTitles = [], approvedIds = [], approvedTitles = [] } = {}) {
+  const blockedIds = new Set([...killedIds, ...approvedIds]);
+  const blockedTitles = new Set([...killedTitles, ...approvedTitles].map(norm));
+  const seen = new Set();
+  return candidates
+    .map((c) => ({ ...c, id: moveId(c.source, c.title), _key: norm(c.title) }))
+    .filter((c) => {
+      if (!c._key) return false;
+      if (blockedIds.has(c.id)) return false;
+      if (c.source !== 'task' && blockedTitles.has(c._key)) return false;
+      return true;
+    })
+    .sort((a, b) => (b.weight || 0) - (a.weight || 0))
+    .filter((c) => {
+      if (seen.has(c._key)) return false;
+      seen.add(c._key);
+      return true;
+    })
+    .map(({ _key, ...c }) => c)
+    .slice(0, limit);
+}
+
+const DECISIONS_FILE = ['.atris', 'state', 'moves.decisions.jsonl'];
+
+function decisionsPath(root) {
+  return path.join(root, ...DECISIONS_FILE);
+}
+
+function readDecisions(root = process.cwd()) {
+  const text = safeRead(decisionsPath(root));
+  const rows = text.split(/\r?\n/).map((l) => l.trim()).filter(Boolean)
+    .map((l) => { try { return JSON.parse(l); } catch { return null; } })
+    .filter(Boolean);
+  const idsFor = (decision) => rows.filter((r) => r.decision === decision).map((r) => r.id);
+  const titlesFor = (decision) => rows.filter((r) => r.decision === decision).map((r) => norm(r.title));
+  return {
+    killedIds: idsFor('kill'),
+    killedTitles: titlesFor('kill'),
+    approvedIds: idsFor('approve'),
+    approvedTitles: titlesFor('approve'),
+  };
+}
+
+function recordDecision(root, move, decision, stamp) {
+  const p = decisionsPath(root);
+  fs.mkdirSync(path.dirname(p), { recursive: true });
+  const row = { id: move.id, title: move.title, source: move.source, decision, at: stamp || null };
+  fs.appendFileSync(p, `${JSON.stringify(row)}\n`, 'utf8');
+  return row;
+}
+
+function todayLogFile(root, date = new Date()) {
+  const y = date.getFullYear();
+  const m = String(date.getMonth() + 1).padStart(2, '0');
+  const d = String(date.getDate()).padStart(2, '0');
+  const dateFormatted = `${y}-${m}-${d}`;
+  return { file: path.join(root, 'atris', 'logs', String(y), `${dateFormatted}.md`), dateFormatted };
+}
+
+// The canonical day-journal sections every reader expects (status, analytics,
+// section parsers). Mirrors lib/journal.js createLogFile, minus the em dash in
+// its title, so a journal first created by the idle-seed path is not malformed.
+function canonicalJournal(dateFormatted) {
+  return `# Log ${dateFormatted}\n\n## Handoff\n\n---\n\n## Completed ✅\n\n---\n\n## In Progress 🔄\n\n---\n\n## Backlog\n\n---\n\n## Notes\n\n---\n\n## Inbox\n\n`;
+}
+
+// Seed an approved move into today's inbox so the loop's hasWork() finds it.
+// Idempotent by title: if the same title is already in today's inbox, it is not
+// appended again (so a retry or a concurrent cycle cannot duplicate it).
+function seedInboxFromMove(root, move, date) {
+  const { file, dateFormatted } = todayLogFile(root, date);
+  fs.mkdirSync(path.dirname(file), { recursive: true });
+  let content = safeRead(file);
+  if (!content) {
+    content = canonicalJournal(dateFormatted);
+  }
+  if (!/##\s+Inbox/i.test(content)) {
+    content = content.replace(/^(#.*\n)/, `$1\n## Inbox\n`);
+    if (!/##\s+Inbox/i.test(content)) content += `\n## Inbox\n`;
+  }
+  const target = norm(move.title);
+  if (parseInboxTitles(content).some((t) => norm(t) === target)) {
+    return { file, line: null, nextId: null, alreadyPresent: true };
+  }
+  const existingIds = (content.match(/-\s*\*\*I(\d+):/g) || []).map((m2) => parseInt(m2.match(/I(\d+)/)[1], 10));
+  const nextId = existingIds.length ? Math.max(...existingIds) + 1 : 1;
+  const line = `- **I${nextId}:** ${move.title}`;
+  // Insert right after the Inbox header line only (do not consume blank lines or
+  // following sections). Use a function replacer so a title containing $ tokens
+  // ($1, $&, $$) is inserted literally, not interpreted as a replacement pattern.
+  content = content.replace(/(##\s+Inbox[^\n]*\r?\n)/i, (m) => `${m}${line}\n`);
+  fs.writeFileSync(file, content, 'utf8');
+  return { file, line, nextId };
+}
+
+// Claim an open ROADMAP item for the loop by flipping its `- [ ]` to `- [~]`
+// (claimed, in flight) WITHIN the "## Open loop items" section only. This is the
+// single source of truth for "the loop took this on": readRoadmapOpenItems only
+// returns `- [ ]`, so a claimed item is excluded, and the work gate and the seed
+// picker stay in agreement. Scoped to the section so a same-titled `- [ ]` in
+// another section (Big jobs, an example block) is never flipped by mistake.
+// `- [~]` is distinct from human `- [x]` (done) so a reader is not misled.
+function claimRoadmapItem(root, title) {
+  const p = path.join(root, 'ROADMAP.md');
+  const text = safeRead(p);
+  if (!text) return false;
+  const section = findSection(text, OPEN_ITEMS_RE);
+  if (!section) return false;
+  const target = norm(title);
+  let changed = false;
+  const newBody = section.body.split(/\r?\n/).map((line) => {
+    if (changed) return line;
+    const m = line.match(/^(\s*)- \[ \]\s*(.+?)\s*$/);
+    if (m && norm(m[2]) === target) {
+      changed = true;
+      return `${m[1]}- [~] ${m[2].trim()}`;
+    }
+    return line;
+  }).join('\n');
+  if (!changed) return false;
+  const out = text.slice(0, section.start) + newBody + text.slice(section.end);
+  fs.writeFileSync(p, out, 'utf8');
+  return true;
+}
+
+// Add one bounded item to the "## Open loop items" section so the loop (and
+// `atris moves`) will pursue it: messy input straight into the working queue,
+// no markdown editing. Creates ROADMAP.md and the section if missing. Dedups
+// against existing OPEN items only (a done/claimed one can be re-added).
+function addRoadmapItem(root, text) {
+  // Collapse any whitespace/newlines to single spaces (a multi-line title would
+  // break the markdown line) and strip a leading bullet/checkbox the user may
+  // have pasted, so the item is exactly one well-formed `- [ ]` line.
+  const title = String(text || '').replace(/\s+/g, ' ').trim().replace(/^- \[[ x~]\]\s*/, '').replace(/^- /, '').trim();
+  if (!title) return { added: false, reason: 'empty', title: null };
+  const p = path.join(root, 'ROADMAP.md');
+  let content = safeRead(p);
+  if (!content) content = '# Roadmap\n\n## Open loop items\n\n';
+  let section = findSection(content, OPEN_ITEMS_RE);
+  if (!section) {
+    if (!content.endsWith('\n')) content += '\n';
+    content += '\n## Open loop items\n\n';
+    section = findSection(content, OPEN_ITEMS_RE);
+  }
+  const openTitles = section.body.split(/\r?\n/)
+    .map((l) => l.trim())
+    .filter((l) => /^- \[ \]/.test(l))
+    .map((l) => norm(l.replace(/^- \[ \]\s*/, '')));
+  if (openTitles.includes(norm(title))) return { added: false, reason: 'already an open item', title };
+  // Insert at the top of the section body so the loop pulls it next.
+  const out = `${content.slice(0, section.start)}\n- [ ] ${title}\n${content.slice(section.start)}`;
+  fs.writeFileSync(p, out, 'utf8');
+  return { added: true, title };
+}
+
+// Group the Open loop items by state: queued `- [ ]`, in-flight `- [~]` (claimed
+// by the loop), done `- [x]`. The evidence for a loop report.
+function roadmapItemsByState(root) {
+  const out = { open: [], claimed: [], done: [] };
+  const text = safeRead(path.join(root, 'ROADMAP.md'));
+  if (!text) return out;
+  const section = findSection(text, OPEN_ITEMS_RE);
+  if (!section) return out;
+  for (const raw of section.body.split(/\r?\n/)) {
+    const l = raw.trim();
+    let m;
+    if ((m = l.match(/^- \[ \]\s*(.+)$/))) out.open.push(m[1].trim());
+    else if ((m = l.match(/^- \[~\]\s*(.+)$/))) out.claimed.push(m[1].trim());
+    else if ((m = l.match(/^- \[x\]\s*(.+)$/))) out.done.push(m[1].trim());
+  }
+  return out;
+}
+
+// The top open ROADMAP item the loop has not already handled. Claimed items are
+// marked `- [~]` (so readRoadmapOpenItems drops them); this also skips anything
+// already in TODAY's inbox or killed/approved, so an idle loop advances to the
+// next item each cycle. todayInboxItems (not latestInboxItems) so the picker, the
+// work gate, and the seeder all read the same file. Root-explicit and pure of
+// cwd, so it is testable without a live runner.
+function pickRoadmapSeed(root = process.cwd()) {
+  const items = readRoadmapOpenItems(root);
+  if (!items.length) return null;
+  const inbox = todayInboxItems(root).map((i) => norm(i.title));
+  const { killedTitles, approvedTitles } = readDecisions(root);
+  const blocked = new Set([...inbox, ...killedTitles, ...approvedTitles]);
+  return items.find((it) => !blocked.has(norm(it.title))) || null;
+}
+
+// Shared "3 next moves" recipe used by both `atris moves` and `atris activate`,
+// so the ranking inputs live in one place.
+function nextMoves(root = process.cwd(), limit = 3) {
+  const { killedIds, killedTitles, approvedIds, approvedTitles } = readDecisions(root);
+  return pickNextMoves(gatherCandidates(root), { limit, killedIds, killedTitles, approvedIds, approvedTitles });
+}
+
+module.exports = {
+  moveId,
+  norm,
+  WEIGHT,
+  parseInboxTitles,
+  readRoadmapOpenItems,
+  readActiveTasks,
+  latestInboxItems,
+  todayInboxItems,
+  gatherCandidates,
+  pickNextMoves,
+  nextMoves,
+  readDecisions,
+  recordDecision,
+  seedInboxFromMove,
+  pickRoadmapSeed,
+  claimRoadmapItem,
+  addRoadmapItem,
+  roadmapItemsByState,
+  todayLogFile,
+};

package/lib/security-scan.js

@@ -0,0 +1,188 @@
+'use strict';
+
+// atris security scan — deterministic secrets / PII / privacy detectors (no LLM).
+//
+// A finding is a fact (file:line + rule + severity), so it drops straight into a
+// loop / mission / CI gate and doubles as a SOC 2 evidence artifact (machine
+// JSON). Precision over recall: a noisy gate gets muted, and a muted gate is dead.
+// Suppress a single line with a trailing `atris-allow-secret` comment.
+//
+// Zero external deps (Node built-ins only) — repo contract.
+
+const fs = require('fs');
+const path = require('path');
+const { execFileSync } = require('child_process');
+
+const SCAN_EXTS = new Set([
+  '.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx', '.json', '.md', '.mdx', '.txt',
+  '.yml', '.yaml', '.env', '.sh', '.bash', '.zsh', '.py', '.rb', '.go', '.java',
+  '.php', '.toml', '.ini', '.cfg', '.conf', '.html', '.vue', '.svelte', '.patch',
+]);
+const SKIP_DIRS = new Set(['node_modules', '.git', 'dist', 'build', '.next', 'coverage', 'out', 'vendor', '.cache', '__pycache__']);
+
+// Lines that opt out, and placeholder noise we never flag.
+const ALLOW_MARKER = /atris-allow-secret|atris-security-ignore/i;
+const PLACEHOLDER = /\b(?:example|placeholder|your[_-]?|my[_-]?key|xxx+|redacted|dummy|sample|changeme|test[_-]?key|fake|dummy|<[a-z_-]+>|process\.env|getenv|os\.environ|import\.meta\.env)\b/i;
+
+// High-precision secret patterns. severity high => fails the gate.
+const SECRET_RULES = [
+  { id: 'private-key', sev: 'high', cat: 'secret', re: /-----BEGIN (?:RSA |EC |OPENSSH |PGP |DSA |ENCRYPTED )?PRIVATE KEY-----/, why: 'private key committed in source' },
+  { id: 'aws-access-key-id', sev: 'high', cat: 'secret', re: /\bAKIA[0-9A-Z]{16}\b/, why: 'AWS access key id' },
+  { id: 'github-token', sev: 'high', cat: 'secret', re: /\bgh[pousr]_[A-Za-z0-9]{36,}\b/, why: 'GitHub personal/OAuth token' },
+  { id: 'slack-token', sev: 'high', cat: 'secret', re: /\bxox[baprs]-[A-Za-z0-9-]{10,}\b/, why: 'Slack token' },
+  { id: 'slack-webhook', sev: 'high', cat: 'secret', re: /https:\/\/hooks\.slack\.com\/services\/[A-Za-z0-9/_-]{20,}/, why: 'Slack incoming webhook url' },
+  { id: 'openai-key', sev: 'high', cat: 'secret', re: /\bsk-(?:proj-)?[A-Za-z0-9]{20,}\b/, why: 'OpenAI-style API key' },
+  { id: 'anthropic-key', sev: 'high', cat: 'secret', re: /\bsk-ant-[A-Za-z0-9_-]{20,}\b/, why: 'Anthropic API key' },
+  { id: 'google-api-key', sev: 'high', cat: 'secret', re: /\bAIza[0-9A-Za-z_-]{35}\b/, why: 'Google API key' },
+  { id: 'stripe-key', sev: 'high', cat: 'secret', re: /\b[rs]k_live_[A-Za-z0-9]{20,}\b/, why: 'Stripe live key' },
+  { id: 'npm-token', sev: 'high', cat: 'secret', re: /\bnpm_[A-Za-z0-9]{36}\b/, why: 'npm access token' },
+  { id: 'jwt', sev: 'medium', cat: 'secret', re: /\beyJ[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{10,}\.[A-Za-z0-9_-]{6,}\b/, why: 'JWT (often carries claims/PII)' },
+  { id: 'bearer-token', sev: 'medium', cat: 'secret', re: /\bBearer\s+[A-Za-z0-9._-]{24,}/, why: 'hardcoded Bearer token' },
+  { id: 'assigned-secret', sev: 'high', cat: 'secret', re: /(?:password|passwd|pwd|secret|api[_-]?key|apikey|access[_-]?token|auth[_-]?token|client[_-]?secret|private[_-]?key)\s*[:=]\s*['"][^'"\s]{8,}['"]/i, why: 'hardcoded credential assignment' },
+];
+
+// Personal data. Home-path is the recurring leak (a username + local layout).
+const PII_RULES = [
+  { id: 'home-path', sev: 'medium', cat: 'pii', re: /(?:\/Users\/|\/home\/)(?!runner\/|runner\b|root\/|root\b|ubuntu\/|ubuntu\b|user\/|user\b|node\/)[a-z][a-z0-9_.-]+/i, why: 'personal home path leaks a username + local layout (use os.homedir()/relative)' },
+  { id: 'windows-home-path', sev: 'medium', cat: 'pii', re: /[A-Za-z]:\\Users\\(?!Public\b)[^\\\s'"]+/, why: 'personal Windows path leaks a username' },
+  { id: 'email', sev: 'low', cat: 'pii', re: /\b[A-Za-z0-9._%+-]+@(?!example\.|sentry\.io|test\b|localhost|[\w.-]*\.local\b|sub\.)[A-Za-z0-9.-]+\.(?:com|net|org|ai|io|dev|co)\b/, why: 'email address (possible PII)' },
+  { id: 'phone', sev: 'low', cat: 'pii', re: /(?<![\d.\w])(?:\+?1[-.\s])?\(?\d{3}\)?[-.\s]\d{3}[-.\s]\d{4}(?![\d.\w])/, why: 'phone-number-shaped string' },
+];
+
+// Code-execution risks. For an AI CLI that runs autonomous loops and shells out,
+// these are the "are we actually safe" checks beyond data exposure. eval/Function
+// are almost never legitimate (HIGH); shelling out with interpolated input is the
+// command-injection class (MEDIUM — common and sometimes safe, so it asks for a
+// human look rather than hard-failing the gate).
+const CODE_RULES = [
+  { id: 'eval-call', sev: 'high', cat: 'code', re: /(?<![.\w])eval\((?!\s*\))/, why: 'eval() executes arbitrary code' },
+  { id: 'new-function', sev: 'high', cat: 'code', re: /\bnew\s+Function\(/, why: 'new Function() executes arbitrary code' },
+  { id: 'shell-exec-interpolation', sev: 'medium', cat: 'code', re: /\b(?:exec|execSync)\s*\(\s*[`'"][^`'"]*(?:\$\{|"\s*\+|'\s*\+)/, why: 'shell exec with interpolated input (command-injection risk; prefer execFile/spawn with an args array)' },
+  { id: 'child-process-shell-true', sev: 'medium', cat: 'code', re: /\bshell\s*:\s*true\b/, why: 'child_process shell:true enables shell interpretation of args' },
+];
+
+// extra per-line excludes that keep email/path rules from firing on safe noise
+const EMAIL_SAFE = /\b(?:noreply|no-reply|support|hello|info|contact|team|hi|admin|press)@/i;
+
+const RULES = [...SECRET_RULES, ...PII_RULES, ...CODE_RULES];
+
+// Filenames that should never be committed (checked against the tracked file list).
+const SENSITIVE_FILE_RE = /(?:^|\/)(?:\.env(?:\.[\w.-]+)?|id_rsa|id_dsa|id_ed25519|.*\.pem|.*\.pfx|.*\.p12|.*\.keystore|credentials\.json|\.npmrc|\.pypirc|\.netrc|secrets?\.(?:json|ya?ml|env))$/i;
+const SENSITIVE_FILE_ALLOW = /\.env\.example$|\.env\.sample$|\.env\.template$/i;
+
+function scanLine(line, rules = RULES) {
+  if (ALLOW_MARKER.test(line)) return [];
+  const findings = [];
+  const placeholder = PLACEHOLDER.test(line);
+  for (const rule of rules) {
+    const m = rule.re.exec(line);
+    if (!m) continue;
+    // Secrets in obvious placeholder/env-read lines are not real leaks.
+    if (rule.cat === 'secret' && placeholder) continue;
+    if (rule.id === 'email' && EMAIL_SAFE.test(line)) continue;
+    findings.push({ rule: rule.id, sev: rule.sev, cat: rule.cat, why: rule.why, snippet: m[0].trim().slice(0, 60) });
+  }
+  return findings;
+}
+
+function scanText(text, rules = RULES) {
+  const out = [];
+  const lines = String(text || '').split('\n');
+  for (let i = 0; i < lines.length; i++) {
+    for (const f of scanLine(lines[i], rules)) out.push({ ...f, line: i + 1 });
+  }
+  return out;
+}
+
+// Code-execution rules only make sense in actual code files — `eval(` written in
+// a markdown doc is prose, not a vuln.
+const CODE_EXTS = new Set(['.js', '.mjs', '.cjs', '.ts', '.tsx', '.jsx', '.py', '.rb', '.go', '.java', '.php', '.sh', '.bash', '.zsh']);
+
+function rulesForFile(file) {
+  return CODE_EXTS.has(path.extname(file)) ? RULES : RULES.filter((r) => r.cat !== 'code');
+}
+
+function scanFile(file, rules) {
+  let text;
+  try { text = fs.readFileSync(file, 'utf8'); } catch { return []; }
+  return scanText(text, rules || rulesForFile(file)).map((f) => ({ ...f, file }));
+}
+
+// Repo-level hygiene: a sensitive file being tracked at all is a finding,
+// independent of its contents.
+function sensitiveFileFindings(relPaths) {
+  const out = [];
+  for (const p of relPaths) {
+    if (SENSITIVE_FILE_RE.test(p) && !SENSITIVE_FILE_ALLOW.test(p)) {
+      out.push({ file: p, line: 0, rule: 'tracked-sensitive-file', sev: 'high', cat: 'privacy', why: 'sensitive file is tracked in git (gitignore + remove it)', snippet: path.basename(p) });
+    }
+  }
+  return out;
+}
+
+function gitTrackedFiles(root, { staged = false } = {}) {
+  try {
+    const args = staged ? ['diff', '--cached', '--name-only', '--diff-filter=ACM'] : ['ls-files'];
+    const out = execFileSync('git', args, { cwd: root, encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] });
+    return out.split('\n').map((s) => s.trim()).filter(Boolean);
+  } catch {
+    return null; // not a git repo / git unavailable
+  }
+}
+
+function walk(target, out) {
+  let stat;
+  try { stat = fs.statSync(target); } catch { return out; }
+  if (stat.isFile()) { out.push(target); return out; }
+  if (stat.isDirectory()) {
+    if (SKIP_DIRS.has(path.basename(target))) return out;
+    for (const name of fs.readdirSync(target)) {
+      if (name === '.git' || SKIP_DIRS.has(name)) continue;
+      walk(path.join(target, name), out);
+    }
+  }
+  return out;
+}
+
+function scannable(file) {
+  const ext = path.extname(file);
+  return SCAN_EXTS.has(ext) || path.basename(file).startsWith('.env');
+}
+
+// Resolve the set of files to scan + the relative-path list for hygiene checks.
+function resolveTargets({ root = process.cwd(), paths = [], staged = false } = {}) {
+  if (paths.length) {
+    const files = paths.flatMap((p) => walk(path.resolve(root, p), [])).filter(scannable);
+    return { files, relPaths: files.map((f) => path.relative(root, f)) };
+  }
+  const tracked = gitTrackedFiles(root, { staged });
+  if (tracked) {
+    const files = tracked.filter(scannable).map((p) => path.join(root, p)).filter((f) => fs.existsSync(f));
+    return { files, relPaths: tracked };
+  }
+  const files = walk(root, []).filter(scannable);
+  return { files, relPaths: files.map((f) => path.relative(root, f)) };
+}
+
+// Full scan: line-level findings across files + repo hygiene findings.
+// The scanner's own pattern database and its fixtures necessarily contain the
+// very strings it detects — never scan them (a tool that flags itself is noise).
+const SELF_FILES = new Set(['lib/security-scan.js', 'commands/security-review.js', 'test/security-scan.test.js']);
+
+function runScan({ root = process.cwd(), paths = [], staged = false } = {}) {
+  const { files, relPaths } = resolveTargets({ root, paths, staged });
+  const findings = [];
+  for (const f of files) {
+    if (SELF_FILES.has(path.relative(root, f))) continue;
+    for (const finding of scanFile(f)) findings.push({ ...finding, file: path.relative(root, finding.file) });
+  }
+  findings.push(...sensitiveFileFindings(relPaths.filter((p) => !SELF_FILES.has(p))));
+  const counts = { high: 0, medium: 0, low: 0 };
+  for (const f of findings) counts[f.sev] = (counts[f.sev] || 0) + 1;
+  return { findings, counts, scanned: files.length };
+}
+
+module.exports = {
+  scanLine, scanText, scanFile, sensitiveFileFindings, gitTrackedFiles,
+  resolveTargets, runScan, SECRET_RULES, PII_RULES, RULES,
+};

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "atris",
-  "version": "3.26.0",
+  "version": "3.28.0",
   "main": "bin/atris.js",
   "bin": {
     "atris": "bin/atris.js",
@@ -48,13 +48,6 @@
     "atris/features/_templates/",
     "atris/features/company-brain-sync/",
     "templates/",
-    "atris/wiki/index.md",
-    "atris/wiki/concepts/agent-activation-contract.md",
-    "atris/wiki/concepts/workspace-initialization-contract.md",
-    "atris/wiki/sources/atris-labs-2026-05-10.txt",
-    "atris/wiki/sources/atris-labs-goals-2026-05-10.txt",
-    "atris/wiki/sources/atrisos-generative-ui-product-surface-2026-05-10.txt",
-    "atris/wiki/sources/jack-dorsey-2026-05-10.txt",
     "atris/policies/",
     "atris/skills/"
   ],