critical-gate 2.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +61 -1
- package/package.json +18 -2
package/README.md
CHANGED
|
@@ -36,6 +36,27 @@ Current detectors focus on TypeScript and JavaScript repositories:
|
|
|
36
36
|
Every finding includes severity, confidence, evidence, tags, and a repair hint that another agent or
|
|
37
37
|
developer can act on.
|
|
38
38
|
|
|
39
|
+
## Supported Scope
|
|
40
|
+
|
|
41
|
+
Current support is strongest for TypeScript and JavaScript repositories with Git history and
|
|
42
|
+
package-manager metadata available. The best-covered ecosystems are Node-based projects using
|
|
43
|
+
common TS/JS source, test, package manifest, lockfile, config, and CI patterns.
|
|
44
|
+
|
|
45
|
+
Experimental support includes framework-aware heuristics for patterns seen in dogfooding, such as
|
|
46
|
+
Astro-style content contracts and repository-specific history or utility reuse signals. These checks
|
|
47
|
+
start conservatively and should stay in observation mode until a repository has enough clean runs.
|
|
48
|
+
|
|
49
|
+
Out of scope for the current release stage:
|
|
50
|
+
|
|
51
|
+
- Deep semantic analysis for non-TS/JS languages.
|
|
52
|
+
- Whole-repository LLM scanning.
|
|
53
|
+
- Broad vulnerability scanning beyond lightweight diff-only secret and path checks.
|
|
54
|
+
- Treating current internal dogfood metrics as a broad external benchmark.
|
|
55
|
+
|
|
56
|
+
Critical Gate is useful today as a pre-review integrity gate for agent-produced TS/JS diffs, but it
|
|
57
|
+
is still pre-stable. Roll it out progressively before making it a hard organization-wide merge
|
|
58
|
+
requirement.
|
|
59
|
+
|
|
39
60
|
## Concrete Examples
|
|
40
61
|
|
|
41
62
|
Critical Gate is most useful when an AI-generated diff looks plausible at a glance but breaks the
|
|
@@ -196,12 +217,37 @@ Critical Gate has one analysis core and multiple surfaces:
|
|
|
196
217
|
- **Codex hook**: repair-oriented stop hook for agent workflows.
|
|
197
218
|
- **VS Code extension**: Activity Bar dashboard, status bar state, Problems diagnostics, full report
|
|
198
219
|
output, evidence navigation, and repair-copy actions.
|
|
220
|
+
- **Agent onboarding**: `critical-gate init-agent` and the VS Code initialization command add a
|
|
221
|
+
managed Critical Gate section to `AGENTS.md` while preserving existing repository instructions.
|
|
199
222
|
|
|
200
223
|
The CLI remains the source of truth. The editor and CI surfaces consume CLI output rather than
|
|
201
224
|
reimplementing detector logic.
|
|
202
225
|
|
|
226
|
+
## Recommended Team Rollout
|
|
227
|
+
|
|
228
|
+
Start with report-only local runs and default thresholds. Treat medium, low, info, and
|
|
229
|
+
observation-mode findings as calibration data until the repository has enough clean runs.
|
|
230
|
+
|
|
231
|
+
Recommended sequence:
|
|
232
|
+
|
|
233
|
+
1. Run the CLI locally on AI-generated diffs with specific task text.
|
|
234
|
+
2. Add the VS Code extension for developer feedback where useful.
|
|
235
|
+
3. Add GitHub Action SARIF upload with default blocking behavior for eligible blocker and high
|
|
236
|
+
findings.
|
|
237
|
+
4. Review noisy findings and tune task text, repository docs, or `.critical-gate.json` policy.
|
|
238
|
+
5. Add Codex hook enforcement only where compact repair loops are useful.
|
|
239
|
+
6. Promote observation-friendly detector families only after dogfooding shows acceptable precision.
|
|
240
|
+
|
|
241
|
+
See [docs/usage-guide.md](docs/usage-guide.md) for local rollout advice and
|
|
242
|
+
[docs/github-integration.md](docs/github-integration.md) for CI thresholds.
|
|
243
|
+
|
|
203
244
|
## Quick Start From Source
|
|
204
245
|
|
|
246
|
+
Critical Gate's current CLI distribution path is source-based: clone, install, build, and run
|
|
247
|
+
`node dist/cli.js`. Package-registry publishing and prebuilt action releases are intentionally held
|
|
248
|
+
until repository metadata, external dogfooding, and release artifacts are stable enough for broader
|
|
249
|
+
public use.
|
|
250
|
+
|
|
205
251
|
Requirements:
|
|
206
252
|
|
|
207
253
|
- Node.js 22.13 or newer.
|
|
@@ -354,6 +400,13 @@ the VS Code surface. Configure `criticalGate.cliPath` only when testing a custom
|
|
|
354
400
|
For a fuller walkthrough with examples, rollout advice, report interpretation, and troubleshooting,
|
|
355
401
|
read [docs/usage-guide.md](docs/usage-guide.md).
|
|
356
402
|
|
|
403
|
+
## Quality Evidence
|
|
404
|
+
|
|
405
|
+
The CI workflow publishes coverage and deterministic evaluation reports as GitHub Actions artifacts:
|
|
406
|
+
`critical-gate-coverage` and `critical-gate-evaluation`. See
|
|
407
|
+
[docs/evaluation-strategy.md](docs/evaluation-strategy.md) for artifact paths, thresholds, and the
|
|
408
|
+
current limits of the internal evaluation corpus.
|
|
409
|
+
|
|
357
410
|
## Development
|
|
358
411
|
|
|
359
412
|
Useful commands:
|
|
@@ -382,10 +435,14 @@ Branch and commit conventions for this repository:
|
|
|
382
435
|
- [docs/project-brief.md](docs/project-brief.md): product thesis, users, positioning, and scope.
|
|
383
436
|
- [docs/architecture.md](docs/architecture.md): core architecture and data flow.
|
|
384
437
|
- [docs/detectors.md](docs/detectors.md): detector catalog, severities, evidence, and implementation notes.
|
|
438
|
+
- [docs/detector-quality.md](docs/detector-quality.md): detector quality boundaries, blind spots,
|
|
439
|
+
and coverage expectations.
|
|
385
440
|
- [docs/usage-guide.md](docs/usage-guide.md): practical usage examples and troubleshooting.
|
|
386
441
|
- [docs/installation.md](docs/installation.md): CLI, GitHub Action, Codex hook, and VSIX installation.
|
|
387
442
|
- [docs/editor-surface.md](docs/editor-surface.md): VS Code dashboard and diagnostics behavior.
|
|
388
443
|
- [docs/github-integration.md](docs/github-integration.md): GitHub Action, SARIF, and threshold guidance.
|
|
444
|
+
- [docs/policy-file.md](docs/policy-file.md): `.critical-gate.json` policy-as-code reference and
|
|
445
|
+
validated examples.
|
|
389
446
|
- [docs/codex-integration.md](docs/codex-integration.md): Codex hook and repair-loop guidance.
|
|
390
447
|
- [docs/dogfood-evidence-plan.md](docs/dogfood-evidence-plan.md): real-repository dogfood automation,
|
|
391
448
|
repair-loop metrics, and screenshot proof plan.
|
|
@@ -393,12 +450,15 @@ Branch and commit conventions for this repository:
|
|
|
393
450
|
evidence, misses, fixes, and current evaluation baseline.
|
|
394
451
|
- [docs/versioning-policy.md](docs/versioning-policy.md): release and versioning policy.
|
|
395
452
|
- [docs/improvements-task-plan.md](docs/improvements-task-plan.md): trust and calibration roadmap.
|
|
453
|
+
- [docs/tasks/pragmatic-improvement-backlog.md](docs/tasks/pragmatic-improvement-backlog.md):
|
|
454
|
+
realistic next improvements for trust, evaluation, policy, and rollout.
|
|
455
|
+
- [SECURITY.md](SECURITY.md): supported security policy and private vulnerability reporting path.
|
|
396
456
|
- [CHANGELOG.md](CHANGELOG.md): project-level release notes.
|
|
397
457
|
|
|
398
458
|
## Project Status
|
|
399
459
|
|
|
400
460
|
The repository contains the TypeScript CLI implementation, deterministic detectors, Codex hook
|
|
401
|
-
integration, GitHub Action integration, optional LLM explanation boundaries,
|
|
461
|
+
integration, GitHub Action integration, optional LLM explanation boundaries, source-based CLI
|
|
402
462
|
distribution, and a VS Code Marketplace extension surface.
|
|
403
463
|
|
|
404
464
|
## License
|
package/package.json
CHANGED
|
@@ -1,8 +1,16 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "critical-gate",
|
|
3
|
-
"version": "2.
|
|
3
|
+
"version": "2.3.0",
|
|
4
4
|
"description": "Repository-aware diff integrity gate for AI-generated code changes.",
|
|
5
5
|
"type": "module",
|
|
6
|
+
"repository": {
|
|
7
|
+
"type": "git",
|
|
8
|
+
"url": "https://github.com/criticaldeveloper/critical-gate.git"
|
|
9
|
+
},
|
|
10
|
+
"homepage": "https://github.com/criticaldeveloper/critical-gate#readme",
|
|
11
|
+
"bugs": {
|
|
12
|
+
"url": "https://github.com/criticaldeveloper/critical-gate/issues"
|
|
13
|
+
},
|
|
6
14
|
"bin": {
|
|
7
15
|
"critical-gate": "./dist/cli.js"
|
|
8
16
|
},
|
|
@@ -11,10 +19,14 @@
|
|
|
11
19
|
],
|
|
12
20
|
"keywords": [
|
|
13
21
|
"ai",
|
|
22
|
+
"ai-agents",
|
|
14
23
|
"codex",
|
|
15
24
|
"diff",
|
|
25
|
+
"diff-integrity",
|
|
16
26
|
"quality-gate",
|
|
17
|
-
"code-review"
|
|
27
|
+
"code-review",
|
|
28
|
+
"sarif",
|
|
29
|
+
"static-analysis"
|
|
18
30
|
],
|
|
19
31
|
"license": "MIT",
|
|
20
32
|
"engines": {
|
|
@@ -24,6 +36,7 @@
|
|
|
24
36
|
"@eslint/js": "^9.29.0",
|
|
25
37
|
"@types/node": "^24.0.3",
|
|
26
38
|
"@types/vscode": "^1.120.0",
|
|
39
|
+
"@vitest/coverage-v8": "4.1.9",
|
|
27
40
|
"@vscode/test-electron": "^3.0.0",
|
|
28
41
|
"@vscode/vsce": "^3.9.2",
|
|
29
42
|
"ajv": "^8.20.0",
|
|
@@ -35,6 +48,8 @@
|
|
|
35
48
|
},
|
|
36
49
|
"scripts": {
|
|
37
50
|
"build": "tsc -p tsconfig.build.json",
|
|
51
|
+
"package:action": "pnpm build && node scripts/prepare-action-package.mjs",
|
|
52
|
+
"smoke:action": "node scripts/smoke-action-package.mjs",
|
|
38
53
|
"build:vscode": "tsc -p extensions/vscode/tsconfig.json",
|
|
39
54
|
"build:vscode-tests": "tsc -p extensions/vscode/tsconfig.test.json",
|
|
40
55
|
"package:vscode": "node scripts/prepare-vscode-package.mjs && pnpm build && pnpm build:vscode && node scripts/bundle-vscode-analyzer.mjs && pnpm --dir extensions/vscode exec vsce package --no-dependencies --out ../../artifacts/vscode/critical-gate-vscode.vsix",
|
|
@@ -45,6 +60,7 @@
|
|
|
45
60
|
"format": "prettier --check .",
|
|
46
61
|
"format:write": "prettier --write .",
|
|
47
62
|
"test": "vitest run",
|
|
63
|
+
"coverage": "vitest run --coverage",
|
|
48
64
|
"evaluate": "pnpm build && node scripts/evaluate-fixtures.mjs",
|
|
49
65
|
"dogfood:plan": "node scripts/dogfood-runner.mjs plan",
|
|
50
66
|
"dogfood:render": "node scripts/render-dogfood-report.mjs",
|