codeproof 1.0.4 → 1.1.0

package/hooks/preCommit.js

@@ -1,93 +1,93 @@
-import fs from "fs";
-import path from "path";
-import { logInfo, logWarn } from "../utils/logger.js";
-
-const HOOK_MARKER = "# CodeProof pre-commit hook";
-
-function getHookPath(gitRoot) {
-  return path.join(gitRoot, ".git", "hooks", "pre-commit");
-}
-
-function getHookBlock() {
-  return [
-    "",
-    HOOK_MARKER,
-    "GIT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)",
-    "if [ -n \"$GIT_ROOT\" ]; then",
-    "  cd \"$GIT_ROOT\" || exit 1",
-    "fi",
-    "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
-    "if [ -f \"$CONFIG_PATH\" ]; then",
-    "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
-    "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
-    "    echo \"CodeProof enforcement is temporarily disabled.\"",
-    "    echo \"Commit allowed.\"",
-    "    exit 0",
-    "  fi",
-    "fi",
-    "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
-    "RESULT=$?",
-    "if [ $RESULT -ne 0 ]; then",
-    "  echo \"CodeProof checks failed. Commit blocked.\"",
-    "  exit $RESULT",
-    "fi",
-    ""
-  ].join("\n");
-}
-
-export function installPreCommitHook(gitRoot) {
-  const hookPath = getHookPath(gitRoot);
-  const hookDir = path.dirname(hookPath);
-
-  if (!fs.existsSync(hookDir)) {
-    fs.mkdirSync(hookDir, { recursive: true });
-  }
-
-  if (!fs.existsSync(hookPath)) {
-    // Use a POSIX shell hook for cross-platform Git compatibility (Git Bash on Windows).
-    const content = [
-      "#!/bin/sh",
-      "", 
-      "# Auto-generated by CodeProof",
-      "GIT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)",
-      "if [ -n \"$GIT_ROOT\" ]; then",
-      "  cd \"$GIT_ROOT\" || exit 1",
-      "fi",
-      "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
-      "if [ -f \"$CONFIG_PATH\" ]; then",
-      "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
-      "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
-      "    echo \"CodeProof enforcement is temporarily disabled.\"",
-      "    echo \"Commit allowed.\"",
-      "    exit 0",
-      "  fi",
-      "fi",
-      "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
-      "RESULT=$?",
-      "if [ $RESULT -ne 0 ]; then",
-      "  echo \"CodeProof checks failed. Commit blocked.\"",
-      "  exit $RESULT",
-      "fi",
-      ""
-    ].join("\n");
-    fs.writeFileSync(hookPath, content, "utf8");
-    logInfo("Created new pre-commit hook.");
-  } else {
-    const existing = fs.readFileSync(hookPath, "utf8");
-    if (existing.includes("codeproof run") || existing.includes(HOOK_MARKER)) {
-      logWarn("Pre-commit hook already references CodeProof. Skipping append.");
-    } else {
-      // Append instead of overwrite to avoid breaking existing hook logic.
-      fs.appendFileSync(hookPath, getHookBlock(), "utf8");
-      logInfo("Appended CodeProof to existing pre-commit hook.");
-    }
-  }
-
-  try {
-    fs.chmodSync(hookPath, 0o755);
-  } catch {
-    // Best-effort: Windows may not honor chmod, but Git still runs hooks.
-  }
-}
-
-
+import fs from "fs";
+import path from "path";
+import { logInfo, logWarn } from "../utils/logger.js";
+
+const HOOK_MARKER = "# CodeProof pre-commit hook";
+
+function getHookPath(gitRoot) {
+  return path.join(gitRoot, ".git", "hooks", "pre-commit");
+}
+
+function getHookBlock() {
+  return [
+    "",
+    HOOK_MARKER,
+    "GIT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)",
+    "if [ -n \"$GIT_ROOT\" ]; then",
+    "  cd \"$GIT_ROOT\" || exit 1",
+    "fi",
+    "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
+    "if [ -f \"$CONFIG_PATH\" ]; then",
+    "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
+    "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
+    "    echo \"CodeProof enforcement is temporarily disabled.\"",
+    "    echo \"Commit allowed.\"",
+    "    exit 0",
+    "  fi",
+    "fi",
+    "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
+    "RESULT=$?",
+    "if [ $RESULT -ne 0 ]; then",
+    "  echo \"CodeProof checks failed. Commit blocked.\"",
+    "  exit $RESULT",
+    "fi",
+    ""
+  ].join("\n");
+}
+
+export function installPreCommitHook(gitRoot) {
+  const hookPath = getHookPath(gitRoot);
+  const hookDir = path.dirname(hookPath);
+
+  if (!fs.existsSync(hookDir)) {
+    fs.mkdirSync(hookDir, { recursive: true });
+  }
+
+  if (!fs.existsSync(hookPath)) {
+    // Use a POSIX shell hook for cross-platform Git compatibility (Git Bash on Windows).
+    const content = [
+      "#!/bin/sh",
+      "", 
+      "# Auto-generated by CodeProof",
+      "GIT_ROOT=$(git rev-parse --show-toplevel 2>/dev/null)",
+      "if [ -n \"$GIT_ROOT\" ]; then",
+      "  cd \"$GIT_ROOT\" || exit 1",
+      "fi",
+      "CONFIG_PATH=\"$GIT_ROOT/codeproof.config.json\"",
+      "if [ -f \"$CONFIG_PATH\" ]; then",
+      "  ENFORCEMENT=$(node -e \"const fs=require('fs');const path=process.argv[1];try{const c=JSON.parse(fs.readFileSync(path,'utf8'));console.log((c.enforcement||'enabled').toLowerCase());}catch(e){console.log('enabled');}\" \"$CONFIG_PATH\")",
+      "  if [ \"$ENFORCEMENT\" = \"disabled\" ]; then",
+      "    echo \"CodeProof enforcement is temporarily disabled.\"",
+      "    echo \"Commit allowed.\"",
+      "    exit 0",
+      "  fi",
+      "fi",
+      "CODEPROOF_PRECOMMIT=1 npx codeproof run --precommit",
+      "RESULT=$?",
+      "if [ $RESULT -ne 0 ]; then",
+      "  echo \"CodeProof checks failed. Commit blocked.\"",
+      "  exit $RESULT",
+      "fi",
+      ""
+    ].join("\n");
+    fs.writeFileSync(hookPath, content, "utf8");
+    logInfo("Created new pre-commit hook.");
+  } else {
+    const existing = fs.readFileSync(hookPath, "utf8");
+    if (existing.includes("codeproof run") || existing.includes(HOOK_MARKER)) {
+      logWarn("Pre-commit hook already references CodeProof. Skipping append.");
+    } else {
+      // Append instead of overwrite to avoid breaking existing hook logic.
+      fs.appendFileSync(hookPath, getHookBlock(), "utf8");
+      logInfo("Appended CodeProof to existing pre-commit hook.");
+    }
+  }
+
+  try {
+    fs.chmodSync(hookPath, 0o755);
+  } catch {
+    // Best-effort: Windows may not honor chmod, but Git still runs hooks.
+  }
+}
+
+

package/package.json

@@ -1,16 +1,16 @@
-{
-  "name": "codeproof",
-  "version": "1.0.4",
-  "description": "CodeProof CLI",
-  "type": "module",
-  "bin": {
-    "codeproof": "./bin/codeproof.js"
-  },
-  "engines": {
-    "node": ">=18"
-  },
-  "license": "MIT",
-  "dependencies": {
-    "uuid": "^13.0.0"
-  }
-}
+{
+  "name": "codeproof",
+  "version": "1.1.0",
+  "description": "CodeProof CLI",
+  "type": "module",
+  "bin": {
+    "codeproof": "./bin/codeproof.js"
+  },
+  "engines": {
+    "node": ">=18"
+  },
+  "license": "MIT",
+  "dependencies": {
+    "uuid": "^13.0.0"
+  }
+}

package/reporting/reportBuilder.js

@@ -1,112 +1,112 @@
-import path from "path";
-
-// Boundary: reporting only. Must not import rule logic or AI logic.
-// Reports are built from provided inputs to keep dependencies one-directional.
-
-function toRelativePath(projectRoot, filePath) {
-  if (!filePath) {
-    return "";
-  }
-  const relative = path.relative(projectRoot, filePath);
-  return relative || filePath;
-}
-
-function trimSnippet(snippet, maxLength = 200) {
-  if (!snippet) {
-    return "";
-  }
-  const trimmed = String(snippet).trim();
-  if (trimmed.length <= maxLength) {
-    return trimmed;
-  }
-  return trimmed.slice(0, maxLength) + "...";
-}
-
-function redactSecretSnippet(ruleId, snippet) {
-  if (!snippet) {
-    return "";
-  }
-  if (String(ruleId || "").startsWith("secret.")) {
-    return "***";
-  }
-  return snippet;
-}
-
-function mapDecisionConfidence(value) {
-  if (typeof value !== "number") {
-    return "low";
-  }
-  return value >= 0.75 ? "high" : "low";
-}
-
-function normalizeSeverity(value) {
-  return value === "block" ? "block" : "warn";
-}
-
-export function buildReport({
-  projectRoot,
-  projectId,
-  projectName,
-  repoIdentifier,
-  clientId,
-  reportId,
-  scanMode,
-  filesScannedCount,
-  baselineFindings,
-  aiReviewed,
-  timestamp
-}) {
-  const aiById = new Map(aiReviewed.map((entry) => [entry.finding.findingId, entry.decision]));
-
-  const findings = baselineFindings.map((finding) => {
-    const decision = aiById.get(finding.findingId);
-    const severity = normalizeSeverity(decision ? decision.verdict : finding.severity);
-    const confidence = decision
-      ? mapDecisionConfidence(decision.confidence)
-      : finding.confidence === "high"
-        ? "high"
-        : "low";
-
-    return {
-      ruleId: finding.ruleId,
-      severity,
-      confidence,
-      filePath: toRelativePath(projectRoot, finding.filePath),
-      lineNumber: finding.line || null,
-      codeSnippet: trimSnippet(redactSecretSnippet(finding.ruleId, finding.snippet)),
-      explanation: decision?.explanation || finding.message || ""
-    };
-  });
-
-  const blocksCount = findings.filter((finding) => finding.severity === "block").length;
-  const warningsCount = findings.filter((finding) => finding.severity === "warn").length;
-
-  const finalVerdict = blocksCount > 0
-    ? "blocked"
-    : warningsCount > 0
-      ? "allowed_with_warnings"
-      : "allowed";
-
-  // Server-compatible format
-  return {
-    projectId,
-    clientId,
-    project: {
-      name: projectName || "Unknown Project",
-      repoIdentifier: repoIdentifier || projectRoot
-    },
-    report: {
-      timestamp,
-      scanMode,
-      summary: {
-        filesScanned: filesScannedCount,
-        findings: findings.length,
-        blocks: blocksCount,
-        warnings: warningsCount,
-        finalVerdict
-      }
-    },
-    findings,
-    finalVerdict
-  };
-}
+import path from "path";
+
+// Boundary: reporting only. Must not import rule logic or AI logic.
+// Reports are built from provided inputs to keep dependencies one-directional.
+
+function toRelativePath(projectRoot, filePath) {
+  if (!filePath) {
+    return "";
+  }
+  const relative = path.relative(projectRoot, filePath);
+  return relative || filePath;
+}
+
+function trimSnippet(snippet, maxLength = 200) {
+  if (!snippet) {
+    return "";
+  }
+  const trimmed = String(snippet).trim();
+  if (trimmed.length <= maxLength) {
+    return trimmed;
+  }
+  return trimmed.slice(0, maxLength) + "...";
+}
+
+function redactSecretSnippet(ruleId, snippet) {
+  if (!snippet) {
+    return "";
+  }
+  if (String(ruleId || "").startsWith("secret.")) {
+    return "***";
+  }
+  return snippet;
+}
+
+function mapDecisionConfidence(value) {
+  if (typeof value !== "number") {
+    return "low";
+  }
+  return value >= 0.75 ? "high" : "low";
+}
+
+function normalizeSeverity(value) {
+  return value === "block" ? "block" : "warn";
+}
+
+export function buildReport({
+  projectRoot,
+  projectId,
+  projectName,
+  repoIdentifier,
+  clientId,
+  reportId,
+  scanMode,
+  filesScannedCount,
+  baselineFindings,
+  aiReviewed,
+  timestamp
+}) {
+  const aiById = new Map(aiReviewed.map((entry) => [entry.finding.findingId, entry.decision]));
+
+  const findings = baselineFindings.map((finding) => {
+    const decision = aiById.get(finding.findingId);
+    const severity = normalizeSeverity(decision ? decision.verdict : finding.severity);
+    const confidence = decision
+      ? mapDecisionConfidence(decision.confidence)
+      : finding.confidence === "high"
+        ? "high"
+        : "low";
+
+    return {
+      ruleId: finding.ruleId,
+      severity,
+      confidence,
+      filePath: toRelativePath(projectRoot, finding.filePath),
+      lineNumber: finding.line || null,
+      codeSnippet: trimSnippet(redactSecretSnippet(finding.ruleId, finding.snippet)),
+      explanation: decision?.explanation || finding.message || ""
+    };
+  });
+
+  const blocksCount = findings.filter((finding) => finding.severity === "block").length;
+  const warningsCount = findings.filter((finding) => finding.severity === "warn").length;
+
+  const finalVerdict = blocksCount > 0
+    ? "blocked"
+    : warningsCount > 0
+      ? "allowed_with_warnings"
+      : "allowed";
+
+  // Server-compatible format
+  return {
+    projectId,
+    clientId,
+    project: {
+      name: projectName || "Unknown Project",
+      repoIdentifier: repoIdentifier || projectRoot
+    },
+    report: {
+      timestamp,
+      scanMode,
+      summary: {
+        filesScanned: filesScannedCount,
+        findings: findings.length,
+        blocks: blocksCount,
+        warnings: warningsCount,
+        finalVerdict
+      }
+    },
+    findings,
+    finalVerdict
+  };
+}

package/reporting/reportReader.js

@@ -1,49 +1,49 @@
-import fs from "fs";
-import path from "path";
-
-const REPORT_DIR_NAME = "codeproof-reports";
-const REPORT_PATTERN = /^report-(\d+)\.json$/;
-
-function getReportDir(projectRoot) {
-  return path.join(projectRoot, REPORT_DIR_NAME);
-}
-
-function getReportNumbers(files) {
-  return files
-    .map((file) => {
-      const match = REPORT_PATTERN.exec(file);
-      return match ? Number.parseInt(match[1], 10) : null;
-    })
-    .filter((value) => Number.isInteger(value));
-}
-
-export function readLatestReport(projectRoot) {
-  const reportDir = getReportDir(projectRoot);
-  if (!fs.existsSync(reportDir)) {
-    return null;
-  }
-
-  let files = [];
-  try {
-    files = fs.readdirSync(reportDir);
-  } catch {
-    return null;
-  }
-
-  const numbers = getReportNumbers(files).sort((a, b) => b - a);
-  if (numbers.length === 0) {
-    return null;
-  }
-
-  for (const number of numbers) {
-    const reportPath = path.join(reportDir, `report-${number}.json`);
-    try {
-      const raw = fs.readFileSync(reportPath, "utf8");
-      return { report: JSON.parse(raw), reportPath };
-    } catch {
-      // Skip unreadable or invalid JSON reports instead of crashing.
-    }
-  }
-
-  return null;
-}
+import fs from "fs";
+import path from "path";
+
+const REPORT_DIR_NAME = "codeproof-reports";
+const REPORT_PATTERN = /^report-(\d+)\.json$/;
+
+function getReportDir(projectRoot) {
+  return path.join(projectRoot, REPORT_DIR_NAME);
+}
+
+function getReportNumbers(files) {
+  return files
+    .map((file) => {
+      const match = REPORT_PATTERN.exec(file);
+      return match ? Number.parseInt(match[1], 10) : null;
+    })
+    .filter((value) => Number.isInteger(value));
+}
+
+export function readLatestReport(projectRoot) {
+  const reportDir = getReportDir(projectRoot);
+  if (!fs.existsSync(reportDir)) {
+    return null;
+  }
+
+  let files = [];
+  try {
+    files = fs.readdirSync(reportDir);
+  } catch {
+    return null;
+  }
+
+  const numbers = getReportNumbers(files).sort((a, b) => b - a);
+  if (numbers.length === 0) {
+    return null;
+  }
+
+  for (const number of numbers) {
+    const reportPath = path.join(reportDir, `report-${number}.json`);
+    try {
+      const raw = fs.readFileSync(reportPath, "utf8");
+      return { report: JSON.parse(raw), reportPath };
+    } catch {
+      // Skip unreadable or invalid JSON reports instead of crashing.
+    }
+  }
+
+  return null;
+}