codeproof 1.0.4 → 1.0.5

package/core/enforcement.js

@@ -1,51 +1,51 @@
-import fs from "fs";
-import path from "path";
-
-const ENFORCEMENT_ENABLED = "enabled";
-const ENFORCEMENT_DISABLED = "disabled";
-
-function getConfigPath(gitRoot) {
-  return path.join(gitRoot, "codeproof.config.json");
-}
-
-function readConfig(gitRoot) {
-  const configPath = getConfigPath(gitRoot);
-  if (!fs.existsSync(configPath)) {
-    const error = new Error("Missing codeproof.config.json. Run codeproof init first.");
-    error.code = "CODEPROOF_CONFIG_MISSING";
-    throw error;
-  }
-
-  try {
-    const raw = fs.readFileSync(configPath, "utf8");
-    return JSON.parse(raw);
-  } catch {
-    const error = new Error("Invalid codeproof.config.json. Please fix the file.");
-    error.code = "CODEPROOF_CONFIG_INVALID";
-    throw error;
-  }
-}
-
-function writeConfig(gitRoot, config) {
-  const configPath = getConfigPath(gitRoot);
-  fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf8");
-}
-
-export function getEnforcementState(gitRoot) {
-  const config = readConfig(gitRoot);
-  const enforcement = String(config.enforcement || ENFORCEMENT_ENABLED).toLowerCase();
-  return enforcement === ENFORCEMENT_DISABLED ? ENFORCEMENT_DISABLED : ENFORCEMENT_ENABLED;
-}
-
-export function setEnforcementState(gitRoot, nextState) {
-  const config = readConfig(gitRoot);
-  const normalized = String(nextState || "").toLowerCase();
-  const enforcement = normalized === ENFORCEMENT_DISABLED
-    ? ENFORCEMENT_DISABLED
-    : ENFORCEMENT_ENABLED;
-
-  // Security: explicit state keeps this a reversible bypass, not a silent disable.
-  const updated = { ...config, enforcement };
-  writeConfig(gitRoot, updated);
-  return enforcement;
-}
+import fs from "fs";
+import path from "path";
+
+const ENFORCEMENT_ENABLED = "enabled";
+const ENFORCEMENT_DISABLED = "disabled";
+
+function getConfigPath(gitRoot) {
+  return path.join(gitRoot, "codeproof.config.json");
+}
+
+function readConfig(gitRoot) {
+  const configPath = getConfigPath(gitRoot);
+  if (!fs.existsSync(configPath)) {
+    const error = new Error("Missing codeproof.config.json. Run codeproof init first.");
+    error.code = "CODEPROOF_CONFIG_MISSING";
+    throw error;
+  }
+
+  try {
+    const raw = fs.readFileSync(configPath, "utf8");
+    return JSON.parse(raw);
+  } catch {
+    const error = new Error("Invalid codeproof.config.json. Please fix the file.");
+    error.code = "CODEPROOF_CONFIG_INVALID";
+    throw error;
+  }
+}
+
+function writeConfig(gitRoot, config) {
+  const configPath = getConfigPath(gitRoot);
+  fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + "\n", "utf8");
+}
+
+export function getEnforcementState(gitRoot) {
+  const config = readConfig(gitRoot);
+  const enforcement = String(config.enforcement || ENFORCEMENT_ENABLED).toLowerCase();
+  return enforcement === ENFORCEMENT_DISABLED ? ENFORCEMENT_DISABLED : ENFORCEMENT_ENABLED;
+}
+
+export function setEnforcementState(gitRoot, nextState) {
+  const config = readConfig(gitRoot);
+  const normalized = String(nextState || "").toLowerCase();
+  const enforcement = normalized === ENFORCEMENT_DISABLED
+    ? ENFORCEMENT_DISABLED
+    : ENFORCEMENT_ENABLED;
+
+  // Security: explicit state keeps this a reversible bypass, not a silent disable.
+  const updated = { ...config, enforcement };
+  writeConfig(gitRoot, updated);
+  return enforcement;
+}

package/core/featureFlags.js

@@ -1,25 +1,25 @@
-const DEFAULT_FEATURES = {
-  reporting: true,
-  integration: false,
-  aiEscalation: false,
-  secretRemediation: false
-};
-
-// Boundary: feature flags are configuration only and must not import runtime systems.
-// Future features should be added here with safe defaults and explicit gating.
-export function resolveFeatureFlags(config) {
-  const features = config?.features || {};
-  return {
-    reporting: typeof features.reporting === "boolean" ? features.reporting : DEFAULT_FEATURES.reporting,
-    integration: typeof features.integration === "boolean" ? features.integration : DEFAULT_FEATURES.integration,
-    aiEscalation: typeof features.aiEscalation === "boolean" ? features.aiEscalation : DEFAULT_FEATURES.aiEscalation,
-    secretRemediation:
-      typeof features.secretRemediation === "boolean"
-        ? features.secretRemediation
-        : DEFAULT_FEATURES.secretRemediation
-  };
-}
-
-export function isVerbose(config) {
-  return Boolean(config?.verbose) || process.env.CODEPROOF_VERBOSE === "1";
-}
+const DEFAULT_FEATURES = {
+  reporting: true,
+  integration: false,
+  aiEscalation: false,
+  secretRemediation: false
+};
+
+// Boundary: feature flags are configuration only and must not import runtime systems.
+// Future features should be added here with safe defaults and explicit gating.
+export function resolveFeatureFlags(config) {
+  const features = config?.features || {};
+  return {
+    reporting: typeof features.reporting === "boolean" ? features.reporting : DEFAULT_FEATURES.reporting,
+    integration: typeof features.integration === "boolean" ? features.integration : DEFAULT_FEATURES.integration,
+    aiEscalation: typeof features.aiEscalation === "boolean" ? features.aiEscalation : DEFAULT_FEATURES.aiEscalation,
+    secretRemediation:
+      typeof features.secretRemediation === "boolean"
+        ? features.secretRemediation
+        : DEFAULT_FEATURES.secretRemediation
+  };
+}
+
+export function isVerbose(config) {
+  return Boolean(config?.verbose) || process.env.CODEPROOF_VERBOSE === "1";
+}

package/core/identity.js

@@ -1,78 +1,78 @@
-import fs from "fs";
-import os from "os";
-import path from "path";
-import { randomUUID } from "crypto";
-
-const CONFIG_DIR_NAME = ".codeproof";
-const CONFIG_FILE_NAME = "config.json";
-
-function getConfigDir() {
-  return path.join(os.homedir(), CONFIG_DIR_NAME);
-}
-
-function getConfigPath() {
-  return path.join(getConfigDir(), CONFIG_FILE_NAME);
-}
-
-function ensureConfigDir() {
-  const dir = getConfigDir();
-  if (!fs.existsSync(dir)) {
-    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
-  }
-  try {
-    fs.chmodSync(dir, 0o700);
-  } catch {
-    // Best-effort on platforms that ignore chmod.
-  }
-}
-
-function writeConfig(config) {
-  const filePath = getConfigPath();
-  const payload = JSON.stringify(config, null, 2) + "\n";
-  fs.writeFileSync(filePath, payload, { encoding: "utf8", mode: 0o600 });
-  try {
-    fs.chmodSync(filePath, 0o600);
-  } catch {
-    // Best-effort on platforms that ignore chmod.
-  }
-}
-
-function readConfig() {
-  const filePath = getConfigPath();
-  if (!fs.existsSync(filePath)) {
-    return null;
-  }
-
-  try {
-    const raw = fs.readFileSync(filePath, "utf8");
-    return JSON.parse(raw);
-  } catch {
-    return null;
-  }
-}
-
-function ensureClientId() {
-  ensureConfigDir();
-
-  const existing = readConfig();
-  if (existing?.clientId) {
-    return existing.clientId;
-  }
-
-  const clientId = randomUUID();
-  writeConfig({ clientId });
-  return clientId;
-}
-
-export function getClientId() {
-  return ensureClientId();
-}
-
-export function readClientId() {
-  const existing = readConfig();
-  return existing?.clientId ?? null;
-}
-
-export function getGlobalConfigPath() {
-  return getConfigPath();
-}
+import fs from "fs";
+import os from "os";
+import path from "path";
+import { randomUUID } from "crypto";
+
+const CONFIG_DIR_NAME = ".codeproof";
+const CONFIG_FILE_NAME = "config.json";
+
+function getConfigDir() {
+  return path.join(os.homedir(), CONFIG_DIR_NAME);
+}
+
+function getConfigPath() {
+  return path.join(getConfigDir(), CONFIG_FILE_NAME);
+}
+
+function ensureConfigDir() {
+  const dir = getConfigDir();
+  if (!fs.existsSync(dir)) {
+    fs.mkdirSync(dir, { recursive: true, mode: 0o700 });
+  }
+  try {
+    fs.chmodSync(dir, 0o700);
+  } catch {
+    // Best-effort on platforms that ignore chmod.
+  }
+}
+
+function writeConfig(config) {
+  const filePath = getConfigPath();
+  const payload = JSON.stringify(config, null, 2) + "\n";
+  fs.writeFileSync(filePath, payload, { encoding: "utf8", mode: 0o600 });
+  try {
+    fs.chmodSync(filePath, 0o600);
+  } catch {
+    // Best-effort on platforms that ignore chmod.
+  }
+}
+
+function readConfig() {
+  const filePath = getConfigPath();
+  if (!fs.existsSync(filePath)) {
+    return null;
+  }
+
+  try {
+    const raw = fs.readFileSync(filePath, "utf8");
+    return JSON.parse(raw);
+  } catch {
+    return null;
+  }
+}
+
+function ensureClientId() {
+  ensureConfigDir();
+
+  const existing = readConfig();
+  if (existing?.clientId) {
+    return existing.clientId;
+  }
+
+  const clientId = randomUUID();
+  writeConfig({ clientId });
+  return clientId;
+}
+
+export function getClientId() {
+  return ensureClientId();
+}
+
+export function readClientId() {
+  const existing = readConfig();
+  return existing?.clientId ?? null;
+}
+
+export function getGlobalConfigPath() {
+  return getConfigPath();
+}

package/core/safetyGuards.js

@@ -1,58 +1,58 @@
-// Centralized safety controls. These helpers must stay dependency-light.
-// They enforce fail-open behavior without coupling to specific subsystems.
-
-let warnedExperimental = false;
-
-export function warnExperimentalOnce(message, logWarn) {
-  if (warnedExperimental) {
-    return;
-  }
-  warnedExperimental = true;
-  logWarn(message);
-}
-
-export function reportFeatureDisabled(name, verbose, logInfo) {
-  if (!verbose) {
-    return;
-  }
-  logInfo(`${name} disabled by feature flag.`);
-}
-
-export async function withFailOpenReporting(action, onError) {
-  try {
-    const result = action();
-    if (result && typeof result.then === 'function') {
-      return await result;
-    }
-    return result;
-  } catch {
-    if (onError) {
-      onError();
-    }
-    return null;
-  }
-}
-
-export async function withFailOpenIntegration(action) {
-  try {
-    const result = action();
-    if (result && typeof result.then === 'function') {
-      await result;
-    }
-  } catch {
-    // Integration failures are ignored to avoid affecting commits.
-  }
-}
-
-export async function withFailOpenAiEscalation(enabled, action) {
-  if (!enabled) {
-    return [];
-  }
-
-  try {
-    return await action();
-  } catch {
-    // AI failures downgrade to warnings by returning no decisions.
-    return [];
-  }
-}
+// Centralized safety controls. These helpers must stay dependency-light.
+// They enforce fail-open behavior without coupling to specific subsystems.
+
+let warnedExperimental = false;
+
+export function warnExperimentalOnce(message, logWarn) {
+  if (warnedExperimental) {
+    return;
+  }
+  warnedExperimental = true;
+  logWarn(message);
+}
+
+export function reportFeatureDisabled(name, verbose, logInfo) {
+  if (!verbose) {
+    return;
+  }
+  logInfo(`${name} disabled by feature flag.`);
+}
+
+export async function withFailOpenReporting(action, onError) {
+  try {
+    const result = action();
+    if (result && typeof result.then === 'function') {
+      return await result;
+    }
+    return result;
+  } catch {
+    if (onError) {
+      onError();
+    }
+    return null;
+  }
+}
+
+export async function withFailOpenIntegration(action) {
+  try {
+    const result = action();
+    if (result && typeof result.then === 'function') {
+      await result;
+    }
+  } catch {
+    // Integration failures are ignored to avoid affecting commits.
+  }
+}
+
+export async function withFailOpenAiEscalation(enabled, action) {
+  if (!enabled) {
+    return [];
+  }
+
+  try {
+    return await action();
+  } catch {
+    // AI failures downgrade to warnings by returning no decisions.
+    return [];
+  }
+}