fraim 2.0.114 → 2.0.116

package/dist/src/core/quality-evidence.js

@@ -20,46 +20,43 @@
  * seekMentoring handler (e.g., when the local AIMentor errors).
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.REQUIRED_QUALITY_FIELDS = exports.ALL_STAGE_CATEGORIES = exports.STAGE_DISPLAY_NAMES = exports.STAGE_CATEGORY_MAP = exports.QUALITY_PRODUCING_JOBS = void 0;
+exports.REQUIRED_QUALITY_FIELDS = exports.ALL_STAGE_CATEGORIES = exports.STAGE_DISPLAY_NAMES = exports.STAGE_CATEGORY_MAP = exports.QUALITY_PRODUCING_JOBS = exports.QUALITY_REGISTRY = void 0;
 exports.getRequiredFieldsForJob = getRequiredFieldsForJob;
 exports.validateQualityEvidence = validateQualityEvidence;
 exports.buildQualityRejectionMessage = buildQualityRejectionMessage;
 /**
- * Jobs that produce a quality assessment and MUST emit a quality score
- * via `evidence.quality` on their final seekMentoring completion.
+ * Central registry of FRAIM jobs that interact with the quality telemetry system.
+ * This is the SINGLE SOURCE OF TRUTH for:
+ *   1. Stage mapping (where it appears on the dashboard).
+ *   2. Enforcement (whether it MUST emit a quality score to complete).
  */
-exports.QUALITY_PRODUCING_JOBS = [
+exports.QUALITY_REGISTRY = {
     // Customer Development
-    'process-interview-notes',
-    'triage-customer-needs',
+    'process-interview-notes': { stage: 'customer-development', enforced: true },
+    'triage-customer-needs': { stage: 'customer-development', enforced: true },
+    'interview-preparation': { stage: 'customer-discovery', enforced: false },
     // Business Strategy
-    'business-plan-creation',
-    'pricing-strategy-definition',
-    'founder-market-fit-analysis',
-    'review-business-strategy',
+    'review-business-strategy': { stage: 'business-strategy', enforced: true },
+    'business-plan-creation': { stage: 'business-strategy', enforced: false },
     // Product Quality
-    'code-quality-assessment',
+    'code-quality-assessment': { stage: 'product-quality', enforced: true },
     // Test Quality
-    'test-standards-evaluation',
-    'test-coverage-evaluation',
-    'review-test-quality',
-];
+    'test-quality-assessment': { stage: 'test-quality', enforced: true },
+    // Fundraising
+    'investor-pitch-preparation': { stage: 'fundraising', enforced: false },
+    // Go-to-Market
+    'marketing-strategy-definition': { stage: 'go-to-market', enforced: false },
+};
 /**
- * Maps job names to their founder journey stage category.
- * Used to auto-populate `stageCategory` on quality score records.
+ * @deprecated Use QUALITY_REGISTRY for new code.
+ * Derived enforcement list for backward compatibility.
  */
-exports.STAGE_CATEGORY_MAP = {
-    'process-interview-notes': 'customer-development',
-    'triage-customer-needs': 'customer-development',
-    'business-plan-creation': 'business-strategy',
-    'pricing-strategy-definition': 'business-strategy',
-    'founder-market-fit-analysis': 'business-strategy',
-    'review-business-strategy': 'business-strategy',
-    'code-quality-assessment': 'product-quality',
-    'test-standards-evaluation': 'test-quality',
-    'test-coverage-evaluation': 'test-quality',
-    'review-test-quality': 'test-quality',
-};
+exports.QUALITY_PRODUCING_JOBS = Object.keys(exports.QUALITY_REGISTRY).filter((job) => exports.QUALITY_REGISTRY[job].enforced);
+/**
+ * @deprecated Use QUALITY_REGISTRY for new code.
+ * Derived stage mappings for backward compatibility.
+ */
+exports.STAGE_CATEGORY_MAP = Object.keys(exports.QUALITY_REGISTRY).reduce((acc, job) => ({ ...acc, [job]: exports.QUALITY_REGISTRY[job].stage }), {});
 /**
  * Human-readable stage names for dashboard display.
  */
@@ -107,8 +104,8 @@ const UNIVERSAL_REQUIRED_FIELDS = [
  * All other jobs require only a composite score (principle-based, not prescriptive).
  */
 function getRequiredFieldsForJob(jobName) {
-    const stage = exports.STAGE_CATEGORY_MAP[jobName];
-    if (stage === 'customer-development') {
+    const entry = exports.QUALITY_REGISTRY[jobName];
+    if (entry?.stage === 'customer-development') {
         return CUSTOMER_DEV_REQUIRED_FIELDS;
     }
     return UNIVERSAL_REQUIRED_FIELDS;
@@ -155,6 +152,10 @@ function validateQualityEvidence(quality, jobName) {
             errors.push(`evidence.quality.${path} must be a ${type} (got ${got})`);
         }
     }
+    // Strict schema enforcement: No nested wrappers (Issue 255)
+    if (effective && effective.dimensions) {
+        errors.push('evidence.quality.dimensions is forbidden. Use a flat schema where all scores are direct properties of the quality object.');
+    }
     return errors.length > 0 ? errors : null;
 }
 /**
@@ -165,8 +166,8 @@ function validateQualityEvidence(quality, jobName) {
  */
 function buildQualityRejectionMessage(jobName, currentPhase, errors) {
     const errorBullets = errors.map(e => `- ${e}`).join('\n');
-    const stage = exports.STAGE_CATEGORY_MAP[jobName];
-    const isCustomerDev = stage === 'customer-development';
+    const entry = exports.QUALITY_REGISTRY[jobName];
+    const isCustomerDev = entry?.stage === 'customer-development';
     const schemaExample = isCustomerDev
         ? [
             '```javascript',
@@ -191,20 +192,27 @@ function buildQualityRejectionMessage(jobName, currentPhase, errors) {
             '  quality: {',
             '    composite: <number 0-10>,',
             '    coaching: "<actionable recommendation>",',
-            '    // include per-dimension scores with rationale fields',
-            '    // additional fields are encouraged — schema is flexible per stage',
+            '    marketEvidence: { score: <number>, rationale: "<string>" }, // flat, NO "dimensions" wrapper',
+            '    unitEconomics: { score: <number>, rationale: "<string>" },',
+            '    // add other sub-scores as direct properties',
             '  }',
             '}',
             '```'
         ];
+    const importantNote = [
+        '',
+        '> [!IMPORTANT]',
+        '> **Enforcement Notice**: Quality scores MUST follow a flat schema. Do NOT nest sub-dimension scores under a `dimensions` property. All sub-dimension objects must be direct properties of the `quality` object.',
+        ''
+    ];
     return [
         `❌ **Job completion rejected** for \`${jobName}\`.`,
         '',
         `This job is required to emit a quality score on its final \`seekMentoring\` call so the result is captured in \`fraim_quality_scores\` for the quality dashboard. The following problems were found in \`evidence.quality\`:`,
         '',
         errorBullets,
-        '',
-        `Required minimum schema for \`${stage ?? 'unknown'}\` stage:`,
+        ...importantNote,
+        `Required minimum schema for \`${entry?.stage ?? 'unknown'}\` stage:`,
         '',
         ...schemaExample,
         '',

package/dist/src/core/utils/git-utils.js

@@ -5,6 +5,7 @@ exports.determineDatabaseName = determineDatabaseName;
 exports.getCurrentGitBranch = getCurrentGitBranch;
 exports.determineSchema = determineSchema;
 exports.getDefaultBranch = getDefaultBranch;
+exports.sanitizeRepoIdentifier = sanitizeRepoIdentifier;
 const child_process_1 = require("child_process");
 /**
  * Gets a unique port based on the current git branch name (if it's an issue branch)
@@ -93,3 +94,55 @@ function getDefaultBranch() {
     // Default fallback
     return 'main';
 }
+/**
+ * Sanitizes a repository identifier by stripping local paths and normalizing to standard HTTPS URLs.
+ * Mandatory per Compliance requirement (C1) to ensure data privacy.
+ *
+ * @param repoUrl The raw repository URL or path to sanitize
+ * @returns Normalized HTTPS URL string, or undefined if the input is a local path or invalid
+ */
+function sanitizeRepoIdentifier(repoUrl) {
+    if (!repoUrl || typeof repoUrl !== 'string') {
+        return undefined;
+    }
+    const trimmed = repoUrl.trim();
+    // Reject local paths (Windows and POSIX)
+    if (trimmed.startsWith('/') ||
+        trimmed.startsWith('\\') ||
+        /^[a-zA-Z]:\\/.test(trimmed) ||
+        trimmed.startsWith('./') ||
+        trimmed.startsWith('../')) {
+        return undefined;
+    }
+    // Normalize GitHub/GitLab SSH and HTTPS URLs
+    // Patterns:
+    // git@github.com:owner/repo.git
+    // https://github.com/owner/repo.git
+    // git@gitlab.com:owner/repo.git
+    // https://gitlab.com/owner/repo.git
+    const gitPattern = /^(?:git@|https:\/\/)(github\.com|gitlab\.com)[:/]([^/]+\/[^/.]+?)(?:\.git)?$/i;
+    const match = trimmed.match(gitPattern);
+    if (match) {
+        const [, domain, path] = match;
+        return `https://${domain.toLowerCase()}/${path}`;
+    }
+    // If it looks like a generic URL but not from approved providers, reject for privacy
+    try {
+        const url = new URL(trimmed);
+        if (url.hostname.includes('github.com') || url.hostname.includes('gitlab.com')) {
+            let path = url.pathname;
+            if (path.startsWith('/'))
+                path = path.substring(1);
+            if (path.endsWith('.git'))
+                path = path.substring(0, path.length - 4);
+            // Only return if it matches owner/repo structure
+            if (path.split('/').length >= 2) {
+                return `https://${url.hostname.toLowerCase()}/${path}`;
+            }
+        }
+    }
+    catch (e) {
+        // Not a valid URL
+    }
+    return undefined;
+}

package/dist/src/local-mcp-server/stdio-server.js

@@ -683,6 +683,7 @@ class FraimLocalMCPServer {
                 repoInfo.owner = owner;
             }
             this.repoInfo = repoInfo;
+            this.usageCollector.setRepoIdentifier(repoInfo.url || null);
             const repoLabel = this.repoInfo.owner
                 ? `${this.repoInfo.owner}/${this.repoInfo.name}`
                 : this.repoInfo.projectPath || this.repoInfo.name;
@@ -1968,6 +1969,9 @@ class FraimLocalMCPServer {
         if (toolName && requestSessionId) {
             const success = !response.error;
             this.log(`📊 Collecting usage: ${toolName} (session: ${requestSessionId}, success: ${success})`);
+            if (!this.repoInfo) {
+                this.detectRepoInfo();
+            }
             // Capture the current queue size before collection
             const beforeCount = this.usageCollector.getEventCount();
             try {

package/dist/src/local-mcp-server/usage-collector.js

@@ -13,6 +13,7 @@ class UsageCollector {
     constructor() {
         this.events = [];
         this.userId = null;
+        this.repoIdentifier = null;
     }
     static resolveMentoringJobName(args) {
         if (!args || typeof args !== 'object') {
@@ -36,6 +37,9 @@ class UsageCollector {
     setUserId(userId) {
         this.userId = userId;
     }
+    setRepoIdentifier(repoIdentifier) {
+        this.repoIdentifier = repoIdentifier;
+    }
     /**
      * Collect MCP tool call event
      */
@@ -62,6 +66,7 @@ class UsageCollector {
             sessionId,
             success,
             category: parsed.category,
+            repoIdentifier: this.repoIdentifier || undefined,
             args: Object.keys(analyticsArgs).length > 0 ? analyticsArgs : undefined
         };
         this.events.push(event);
@@ -81,6 +86,7 @@ class UsageCollector {
             userId: this.userId || 'unknown',
             sessionId,
             success,
+            repoIdentifier: this.repoIdentifier || undefined,
             args
         };
         this.events.push(event);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "fraim",
-  "version": "2.0.114",
+  "version": "2.0.116",
   "description": "FRAIM CLI - Framework for Rigor-based AI Management (alias for fraim-framework)",
   "main": "index.js",
   "bin": {
@@ -17,6 +17,7 @@
     "test": "node scripts/test-with-server.js",
     "test:isolated": "npx tsx --test --test-reporter=spec tests/isolated/test-*.ts",
     "test:smoke": "node scripts/test-with-server.js --tags=smoke",
+    "test:coverage": "node scripts/test-with-server.js --tags=smoke --coverage",
     "test:stripe": "node scripts/test-with-server.js tests/test-stripe-payment-complete.ts",
     "test:stripe:ui": "playwright test tests/ui/test-payment-ui.spec.ts",
     "test:perf": "node scripts/test-with-server.js tests/performance/analytics-perf.ts",