devrail 0.1.0

package/dist/rules-XIWD4KI4.js.map

@@ -0,0 +1 @@
+{"version":3,"sources":[],"sourcesContent":[],"mappings":"","names":[]}

package/package.json

@@ -0,0 +1,88 @@
+{
+  "name": "devrail",
+  "version": "0.1.0",
+  "description": "Security & Quality Guardrails - Adoption-first developer discipline. Block new issues, accept existing ones with baseline mode.",
+  "type": "module",
+  "main": "dist/index.js",
+  "module": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "exports": {
+    ".": {
+      "import": "./dist/index.js",
+      "types": "./dist/index.d.ts"
+    },
+    "./cli": {
+      "import": "./dist/cli/index.js"
+    }
+  },
+  "bin": {
+    "dr": "dist/cli/index.js",
+    "devrail": "dist/cli/index.js"
+  },
+  "scripts": {
+    "build": "tsup",
+    "dev": "tsup --watch",
+    "test": "vitest",
+    "test:coverage": "vitest --coverage",
+    "lint": "eslint src --ext .ts",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "npm run build && npm run typecheck"
+  },
+  "keywords": [
+    "security",
+    "quality",
+    "guardrails",
+    "linting",
+    "testing",
+    "ci",
+    "devops",
+    "sast",
+    "baseline",
+    "devrail",
+    "code-quality",
+    "static-analysis",
+    "vulnerability-scanner",
+    "secrets-detection"
+  ],
+  "author": "Devrail Team",
+  "license": "MIT",
+  "homepage": "https://github.com/lmelane/devrail#readme",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/lmelane/devrail.git"
+  },
+  "bugs": {
+    "url": "https://github.com/lmelane/devrail/issues"
+  },
+  "engines": {
+    "node": ">=18.0.0"
+  },
+  "dependencies": {
+    "chalk": "^5.3.0",
+    "commander": "^12.1.0",
+    "cosmiconfig": "^9.0.0",
+    "execa": "^9.3.0",
+    "glob": "^10.4.2",
+    "js-yaml": "^4.1.0",
+    "ora": "^8.0.1",
+    "semver": "^7.6.2",
+    "zod": "^3.23.8"
+  },
+  "devDependencies": {
+    "@types/js-yaml": "^4.0.9",
+    "@types/node": "^20.14.9",
+    "@types/semver": "^7.5.8",
+    "@typescript-eslint/eslint-plugin": "^7.14.1",
+    "@typescript-eslint/parser": "^7.14.1",
+    "eslint": "^8.57.0",
+    "tsup": "^8.1.0",
+    "typescript": "^5.5.2",
+    "vitest": "^1.6.0"
+  },
+  "files": [
+    "dist",
+    "templates",
+    "presets",
+    "rules"
+  ]
+}

package/templates/github-actions/vibeguard.yml

@@ -0,0 +1,102 @@
+name: VibeGuard Security & Quality
+
+on:
+  push:
+    branches: [main, master, develop]
+  pull_request:
+    branches: [main, master]
+
+permissions:
+  contents: read
+  security-events: write
+
+jobs:
+  vibeguard:
+    name: Security & Quality Check
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install VibeGuard
+        run: npm install -g vibeguard
+
+      - name: Install security tools
+        run: |
+          # Install gitleaks
+          GITLEAKS_VERSION="8.18.0"
+          curl -sSfL "https://github.com/gitleaks/gitleaks/releases/download/v${GITLEAKS_VERSION}/gitleaks_${GITLEAKS_VERSION}_linux_x64.tar.gz" | tar -xz
+          sudo mv gitleaks /usr/local/bin/
+
+          # Install osv-scanner
+          OSV_VERSION="1.7.0"
+          curl -sSfL "https://github.com/google/osv-scanner/releases/download/v${OSV_VERSION}/osv-scanner_linux_amd64" -o osv-scanner
+          chmod +x osv-scanner
+          sudo mv osv-scanner /usr/local/bin/
+
+          # Install semgrep
+          pip install semgrep
+
+      - name: Run VibeGuard Check
+        id: vibeguard
+        run: |
+          vg ci --format sarif > vibeguard-results.sarif || true
+          vg ci --format json > vibeguard-results.json || true
+
+      - name: Upload SARIF to GitHub Security
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: vibeguard-results.sarif
+        if: always()
+        continue-on-error: true
+
+      - name: Upload results artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: vibeguard-results
+          path: |
+            vibeguard-results.sarif
+            vibeguard-results.json
+        if: always()
+
+      - name: VibeGuard CI (blocking)
+        run: vg ci --fail-on error
+
+  # Optional: Run on PR changes only (faster)
+  vibeguard-pr:
+    name: PR Quick Check
+    runs-on: ubuntu-latest
+    if: github.event_name == 'pull_request'
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Install VibeGuard
+        run: npm install -g vibeguard
+
+      - name: Run quick check on changed files
+        run: vg check --changed

package/templates/gitlab-ci/vibeguard.yml

@@ -0,0 +1,29 @@
+stages:
+  - security
+
+vibeguard:
+  stage: security
+  image: node:20
+  before_script:
+    - npm ci
+    - npm install -g vibeguard
+    # Install gitleaks
+    - curl -sSfL https://github.com/gitleaks/gitleaks/releases/download/v8.18.0/gitleaks_8.18.0_linux_x64.tar.gz | tar -xz
+    - mv gitleaks /usr/local/bin/
+    # Install osv-scanner
+    - curl -sSfL https://github.com/google/osv-scanner/releases/download/v1.7.0/osv-scanner_linux_amd64 -o /usr/local/bin/osv-scanner
+    - chmod +x /usr/local/bin/osv-scanner
+    # Install semgrep
+    - pip install semgrep
+  script:
+    - vg ci --format json > vibeguard-results.json || true
+    - vg ci --fail-on error
+  artifacts:
+    when: always
+    paths:
+      - vibeguard-results.json
+    reports:
+      codequality: vibeguard-results.json
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH