gina 0.3.16-alpha.1 → 0.3.16-alpha.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/framework/v0.3.16-alpha.2/VERSION +1 -0
- package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/package.json +1 -1
- package/gna.js +4 -4
- package/package.json +2 -2
- package/script/check_no_local_leak.js +53 -10
- package/.github/FUNDING.yml +0 -1
- package/.github/ISSUE_TEMPLATE/bug_report.md +0 -35
- package/.github/ISSUE_TEMPLATE/feature_request.md +0 -21
- package/.github/PULL_REQUEST_TEMPLATE.md +0 -19
- package/.github/dependabot.yml +0 -12
- package/.github/scripts/scan-vendored-cves.js +0 -188
- package/.github/workflows/bundle-freshness.yml +0 -116
- package/.github/workflows/security.yml +0 -84
- package/.github/workflows/test.yml +0 -55
- package/.github/workflows/vendored-cve.yml +0 -36
- package/.playwright-mcp/console-2026-04-22T21-42-03-731Z.log +0 -2
- package/.playwright-mcp/console-2026-05-13T00-40-40-225Z.log +0 -2
- package/.playwright-mcp/console-2026-05-14T02-27-11-347Z.log +0 -64
- package/.playwright-mcp/d9-after-connector.png +0 -0
- package/.playwright-mcp/d9-after-service.png +0 -0
- package/.playwright-mcp/d9-before-connector-full.png +0 -0
- package/.playwright-mcp/d9-before-connector-leak.png +0 -0
- package/.playwright-mcp/d9-before-connector-top.png +0 -0
- package/.playwright-mcp/d9-before-connector-v2.png +0 -0
- package/.playwright-mcp/d9-before-connector.png +0 -0
- package/.playwright-mcp/page-2026-04-22T21-42-03-861Z.yml +0 -3
- package/.playwright-mcp/page-2026-04-22T21-44-40-373Z.yml +0 -3
- package/.playwright-mcp/page-2026-05-13T00-40-40-476Z.yml +0 -7
- package/.playwright-mcp/page-2026-05-14T02-24-51-996Z.yml +0 -1818
- package/.playwright-mcp/page-2026-05-14T02-26-47-905Z.yml +0 -2063
- package/.playwright-mcp/page-2026-05-14T02-27-11-472Z.yml +0 -406
- package/.playwright-mcp/page-2026-05-14T02-28-37-939Z.yml +0 -2061
- package/.playwright-mcp/page-2026-05-14T02-29-01-333Z.yml +0 -404
- package/framework/v0.3.16-alpha.1/VERSION +0 -1
- package/script/.local-sync-targets.json +0 -6
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/AUTHORS +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/html/nolayout.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/html/static.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/android-chrome-192x192.png +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/android-chrome-512x512.png +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/apple-touch-icon.png +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/favicon-16x16.png +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/favicon-32x32.png +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/img/favicon.ico +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.css +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/beemaster/beemaster.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/beemaster/index.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/css/gina.min.css +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.br +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/css/gina.min.css.gz +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/html/statusbar.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.br +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/html/statusbar.html.gz +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/inspector/have_heart_one-webfont.woff2 +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/inspector/index.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/inspector/inspector.css +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/inspector/inspector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/inspector/logo.svg +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.min.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.br +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.min.js.gz +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.br +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/asset/plugin/dist/vendor/gina/js/gina.onload.min.js.gz +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/config.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/ai/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/ai/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/connector.v2.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/connector.v3.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/connector.v4.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/n1ql.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/session-store.v2.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/session-store.v3.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/couchbase/lib/session-store.v4.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mongodb/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mongodb/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mongodb/lib/pipeline-loader.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mongodb/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mysql/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/mysql/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/postgresql/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/postgresql/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/redis/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/redis/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/scylladb/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/scylladb/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/scylladb/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/sql-parser.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/sqlite/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/sqlite/lib/connector.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/connectors/sqlite/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/content.encoding +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.framework.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.render-json.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.render-nunjucks.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.render-stream.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.render-swig.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/controller.render-v1.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/controller/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/lib/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/lib/types/multipart.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/lib/types/urlencoded.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/lib/utils.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/busboy-1.6.0/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/streamsearch-1.1.0/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/streamsearch-1.1.0/lib/sbmh.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/deps/streamsearch-1.1.0/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/dev/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/dev/lib/class.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/dev/lib/factory.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/dev/lib/tools.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/gna.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/currency.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/dist/language/en.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/dist/language/fr.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/dist/region/en.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/dist/region/fr.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/locales/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/mime.types +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/model/entity.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/model/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/model/template/entityFactory.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/model/template/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/csrf/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/csrf/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/csrf/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coep/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coep/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coep/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coop/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coop/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/coop/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/corp/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/corp/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/corp/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/csp/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/csp/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/csp/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hide-powered-by/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hide-powered-by/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hide-powered-by/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hsts/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hsts/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/hsts/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/origin-agent-cluster/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/origin-agent-cluster/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/origin-agent-cluster/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/referrer-policy/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/referrer-policy/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/referrer-policy/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-content-type-options/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-content-type-options/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-content-type-options/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-dns-prefetch-control/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-dns-prefetch-control/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-dns-prefetch-control/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-download-options/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-download-options/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-download-options/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-frame-options/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-frame-options/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-frame-options/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-permitted-cross-domain-policies/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-xss-protection/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-xss-protection/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/security-headers/x-xss-protection/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/session/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/session/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/session/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/storage/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/storage/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/storage/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/storage/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/validator/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/validator/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/validator/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/validator/src/form-validator.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/plugins/lib/validator/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/router.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/server.express.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/server.isaac.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/server.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/status.codes +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/_gitignore +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/app.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/connectors.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/routing.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/settings.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/settings.server.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/templates.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/config/watchers.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/controllers/controller.content.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/controllers/controller.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/controllers/setup.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle/locales/en.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_namespace/controllers/controller.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/css/default.css +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/css/home.css +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/css/vendor/readme.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/favicon.ico +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/js/vendor/readme.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/manifest.webmanifest +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/readme.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_public/sw.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_templates/handlers/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_templates/html/content/homepage.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_templates/html/includes/error-msg-noscript.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_templates/html/includes/error-msg-outdated-browser.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/boilerplate/bundle_templates/html/layouts/main.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/command/gina.bat.tpl +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/command/gina.tpl +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/env.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/manifest.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/settings.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/statics.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/conf/templates.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/client/json/401.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/client/json/403.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/client/json/404.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/server/html/50x.html +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/server/json/500.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/error/server/json/503.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/core/template/extensions/logger/config.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/console.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/context.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/data/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/data/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/data/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/data/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/dateFormat.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/json/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/json/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/json/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/json/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/path.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/plugins/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/plugins/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/plugins/src/api-error.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/plugins/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/prototypes.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/task.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/helpers/text.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/archiver/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/archiver/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/archiver/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/archiver/src/dep/jszip.min.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/archiver/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/async/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/async/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cache/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cache/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cache/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cache/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/aliases.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/arguments.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/build.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/copy.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/cp.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/mcp-start.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/mcp.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/oas.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/openapi.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/remove.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/rename.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/restart.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/rm.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/start.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/status.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/bundle/stop.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/cache/stats.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/arguments.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/migrate.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/remove.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/connector/rm.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/get.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/link-dev.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/remove.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/rm.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/set.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/unset.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/env/use.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/arguments.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/build.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/dot.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/get.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/init.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/link-node-modules.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/link.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/msg.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/open.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/restart.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/set.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/start.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/status.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/stop.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/tail.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/update.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/framework/version.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/gina-dev.1.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/gina-framework.1.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/gina.1.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/helper.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/arguments.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/export.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/import.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/i18n/scan.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/inspector/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/inspector/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/inspector/open.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/minion/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/minion/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/msg.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/inc/scan.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/reset.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/port/set.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/arguments.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/build.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/import.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/move.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/remove.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/rename.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/restart.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/rm.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/start.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/status.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/project/stop.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/protocol/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/protocol/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/protocol/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/protocol/set.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/link-local.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/link-production.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/remove.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/rm.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/scope/use.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/service/help.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/service/help.txt +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/service/list.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cmd/view/add.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/collection/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/collection/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/collection/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/collection/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/config.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/connector-registry/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/connector-registry/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cron/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cron/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/cron/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/domain/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/domain/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/domain/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/domain/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/generator/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/i18n/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/i18n/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inherits/LICENSE +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inherits/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inherits/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inherits/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inspector-redact/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/inspector-redact/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/default/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/file/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/file/lib/logrotator/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/file/lib/logrotator/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/mq/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/mq/listener.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/containers/mq/speaker.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/helper.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/logger/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/math/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-dispatch/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-dispatch/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-http/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-http/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-server/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/mcp-server/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/merge/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/merge/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/merge/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/metrics/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/metrics/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/model.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/nunjucks-filters/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/nunjucks-filters/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/nunjucks-filters/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/nunjucks-resolver/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/nunjucks-resolver/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/proc.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing/build.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing/src/radix.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing-introspect/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/routing-introspect/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/secrets/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/secrets/src/backends/env.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/secrets/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/session-store.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/shell.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/state.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/swig-filters/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/swig-filters/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/swig-filters/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/swig-resolver/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/swig-resolver/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/url/README.md +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/url/index.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/url/routing.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/uuid/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/uuid/src/main.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/validator.js +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/watcher/package.json +0 -0
- /package/framework/{v0.3.16-alpha.1 → v0.3.16-alpha.2}/lib/watcher/src/main.js +0 -0
|
@@ -0,0 +1 @@
|
|
|
1
|
+
0.3.16-alpha.2
|
package/gna.js
CHANGED
|
@@ -15,14 +15,14 @@
|
|
|
15
15
|
'use strict';
|
|
16
16
|
|
|
17
17
|
// Framework core — the main gna module (lifecycle hooks, lib, etc.)
|
|
18
|
-
var _gna = require('./framework/v0.3.16-alpha.
|
|
18
|
+
var _gna = require('./framework/v0.3.16-alpha.2/core/gna');
|
|
19
19
|
|
|
20
20
|
// SuperController and EntitySuper — loaded from their source modules
|
|
21
|
-
var SuperController = require('./framework/v0.3.16-alpha.
|
|
22
|
-
var EntitySuper = require('./framework/v0.3.16-alpha.
|
|
21
|
+
var SuperController = require('./framework/v0.3.16-alpha.2/core/controller');
|
|
22
|
+
var EntitySuper = require('./framework/v0.3.16-alpha.2/core/model/entity');
|
|
23
23
|
|
|
24
24
|
// uuid — from the lib registry
|
|
25
|
-
var uuid = require('./framework/v0.3.16-alpha.
|
|
25
|
+
var uuid = require('./framework/v0.3.16-alpha.2/lib/uuid');
|
|
26
26
|
|
|
27
27
|
module.exports = {
|
|
28
28
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "gina",
|
|
3
|
-
"version": "0.3.16-alpha.
|
|
3
|
+
"version": "0.3.16-alpha.2",
|
|
4
4
|
"description": "Node.js MVC framework with built-in HTTP/2, multi-bundle architecture, and scope-based data isolation — no Express dependency",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"nodejs",
|
|
@@ -72,7 +72,7 @@
|
|
|
72
72
|
"gina-container": "bin/gina-container",
|
|
73
73
|
"gina-init": "bin/gina-init"
|
|
74
74
|
},
|
|
75
|
-
"main": "./framework/v0.3.16-alpha.
|
|
75
|
+
"main": "./framework/v0.3.16-alpha.2/core/gna",
|
|
76
76
|
"types": "./types/index.d.ts",
|
|
77
77
|
"typesVersions": {
|
|
78
78
|
"*": {
|
|
@@ -16,13 +16,20 @@
|
|
|
16
16
|
* the publish if the pack listing is dirty on either of two axes:
|
|
17
17
|
*
|
|
18
18
|
* 1. Path-level: any local-tool configuration file or directory.
|
|
19
|
-
* 2. Content-level
|
|
20
|
-
* (phone, private email, private address,
|
|
21
|
-
*
|
|
22
|
-
*
|
|
23
|
-
*
|
|
24
|
-
*
|
|
25
|
-
*
|
|
19
|
+
* 2. Content-level (two sub-axes per scanned text file):
|
|
20
|
+
* (a) Private-token pattern (phone, private email, private address,
|
|
21
|
+
* private domain). The co-author's legal name is allowed in
|
|
22
|
+
* authoring/contributing files (README, AUTHORS, GOVERNANCE,
|
|
23
|
+
* CONTRIBUTING, package.json contributors, scaffolding template,
|
|
24
|
+
* framework AUTHORS, framework plugin package.json authors) —
|
|
25
|
+
* see `ATTRIBUTION_PATHS` in `_load_private_tokens.js`.
|
|
26
|
+
* (b) AI-attribution leak (#R5, 2026-05-19): file content embedding
|
|
27
|
+
* local-tool path literals (`CLAUDE.md`, `.claude/...`),
|
|
28
|
+
* attribution footers (Co-Authored-By Claude/Anthropic, Generated
|
|
29
|
+
* by Claude), AI-tool URLs (claude.ai, claude.com/claude-code).
|
|
30
|
+
* Vendor-functionality references (protocol identifiers, vendor
|
|
31
|
+
* SDK names, env-var names) are stripped before the check so the
|
|
32
|
+
* AI connector code and provider tables don't false-positive.
|
|
26
33
|
*
|
|
27
34
|
* Plus a third gate that fires BEFORE the scan starts:
|
|
28
35
|
*
|
|
@@ -63,6 +70,28 @@ var PATH_PATTERN = /(^|\/)(CLAUDE\.md|\.claude[a-z]*)/i;
|
|
|
63
70
|
// regex stays in one place.
|
|
64
71
|
var CONTENT_TOKENS = loadPrivateTokens();
|
|
65
72
|
|
|
73
|
+
// AI-attribution leak (#R5) — content-level pattern set matching the
|
|
74
|
+
// global HARD RULE forbidden surface. Catches the 0.3.15 leak shape
|
|
75
|
+
// where a tarball file's NAME was clean but its CONTENT embedded
|
|
76
|
+
// forbidden strings (the gitignored sidecar `script/.local-sync-targets.json`
|
|
77
|
+
// listed `CLAUDE.md` + `.claude/conventions.md` as literal paths; the
|
|
78
|
+
// PATH_PATTERN scan above missed it because the sidecar's own filename
|
|
79
|
+
// is neutral). Pattern covers: bare `CLAUDE.md` literal, `.claude*`
|
|
80
|
+
// directory/file paths, AI-tool URLs (claude.ai, claude.com/claude-code),
|
|
81
|
+
// attribution footers (Co-Authored-By Claude/Anthropic, Generated by
|
|
82
|
+
// Claude, noreply@anthropic.com, 🤖-prefixed Claude mentions).
|
|
83
|
+
var ATTRIBUTION_LEAK_RE = /\bCLAUDE\.md\b|\.claude[a-z]*|claude\.ai|claude\.com\/claude-code|Co-Authored-By:?\s*[^\n]{0,30}(?:Claude|Anthropic)|noreply@anthropic\.com|Generated (?:by|with)\s+\[?Claude|🤖[^\n]{0,30}Claude/i;
|
|
84
|
+
|
|
85
|
+
// Vendor-functionality references — stripped from content BEFORE the
|
|
86
|
+
// leak check so the AI connector and provider tables don't false-
|
|
87
|
+
// positive on legitimate vendor mentions. Matches the "Allowed
|
|
88
|
+
// exceptions — product functionality (not attribution)" block in the
|
|
89
|
+
// global HARD RULE: AI-connector protocol identifiers, vendor SDK
|
|
90
|
+
// package names, canonical env-var names. Any token here is replaced
|
|
91
|
+
// with empty string in a one-shot copy of the content before
|
|
92
|
+
// ATTRIBUTION_LEAK_RE.test() runs.
|
|
93
|
+
var ATTRIBUTION_EXCEPTION_RE = /anthropic:\/\/|openai:\/\/|deepseek:\/\/|qwen:\/\/|groq:\/\/|mistral:\/\/|gemini:\/\/|xai:\/\/|perplexity:\/\/|ollama:\/\/|@anthropic-ai\/sdk|ANTHROPIC_API_KEY|OPENAI_API_KEY/gi;
|
|
94
|
+
|
|
66
95
|
// Heuristic: only read files that are likely text. Saves time on binary
|
|
67
96
|
// assets (images, compiled JARs, compressed .br/.gz) and prevents
|
|
68
97
|
// pattern matches from random byte sequences.
|
|
@@ -71,9 +100,13 @@ var TEXT_BASENAME = /^(AUTHORS|LICENSE|COPYING|CHANGELOG|README|NOTICE|CONTRIBUT
|
|
|
71
100
|
|
|
72
101
|
// Scanner scripts contain the token patterns themselves — skip them to
|
|
73
102
|
// avoid self-matches. Future maintainers: add any new scanner files here.
|
|
103
|
+
// `_load_private_tokens.js` joined the list with #R5 because its JSDoc
|
|
104
|
+
// references the HARD-RULE patterns (`CLAUDE.md / .claude*`) literally,
|
|
105
|
+
// which would otherwise trip ATTRIBUTION_LEAK_RE.
|
|
74
106
|
var SELF_EXCLUDE = {
|
|
75
|
-
'script/check_no_local_leak.js':
|
|
76
|
-
'script/prepare_version.js':
|
|
107
|
+
'script/check_no_local_leak.js': true,
|
|
108
|
+
'script/prepare_version.js': true,
|
|
109
|
+
'script/_load_private_tokens.js': true
|
|
77
110
|
};
|
|
78
111
|
// Files larger than this are skipped — production binaries and bundles
|
|
79
112
|
// don't warrant a byte-by-byte scan.
|
|
@@ -101,6 +134,16 @@ function scanContent(filePath) {
|
|
|
101
134
|
hits.push(CONTENT_TOKENS[i].name);
|
|
102
135
|
}
|
|
103
136
|
}
|
|
137
|
+
|
|
138
|
+
// AI-attribution leak (#R5). Strip vendor-functionality references
|
|
139
|
+
// from a one-shot copy of the content so legitimate AI-connector
|
|
140
|
+
// code and provider tables don't false-positive; then test the
|
|
141
|
+
// remaining content against ATTRIBUTION_LEAK_RE. Single boolean
|
|
142
|
+
// hit — caller surfaces the offending path + the marker.
|
|
143
|
+
var stripped = content.replace(ATTRIBUTION_EXCEPTION_RE, '');
|
|
144
|
+
if (ATTRIBUTION_LEAK_RE.test(stripped)) {
|
|
145
|
+
hits.push('AI-attribution leak');
|
|
146
|
+
}
|
|
104
147
|
return hits;
|
|
105
148
|
}
|
|
106
149
|
|
|
@@ -164,7 +207,7 @@ try {
|
|
|
164
207
|
|
|
165
208
|
if (contentMatches.length > 0) {
|
|
166
209
|
if (failed) console.error('');
|
|
167
|
-
console.error('[prepack] ERROR:
|
|
210
|
+
console.error('[prepack] ERROR: Leaks in pack contents:');
|
|
168
211
|
for (var b = 0; b < contentMatches.length; b++) {
|
|
169
212
|
console.error(' - ' + contentMatches[b]);
|
|
170
213
|
}
|
package/.github/FUNDING.yml
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
github: gina-automator
|
|
@@ -1,35 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: Bug report
|
|
3
|
-
about: Report a bug or unexpected behaviour
|
|
4
|
-
labels: bug
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## Environment
|
|
8
|
-
|
|
9
|
-
| Field | Value |
|
|
10
|
-
| --- | --- |
|
|
11
|
-
| Node.js version (`node --version`) | |
|
|
12
|
-
| Gina version (`gina --version`) | |
|
|
13
|
-
| OS | |
|
|
14
|
-
|
|
15
|
-
## Description
|
|
16
|
-
|
|
17
|
-
<!-- A clear description of the bug -->
|
|
18
|
-
|
|
19
|
-
## Steps to reproduce
|
|
20
|
-
|
|
21
|
-
1.
|
|
22
|
-
2.
|
|
23
|
-
3.
|
|
24
|
-
|
|
25
|
-
## Expected behaviour
|
|
26
|
-
|
|
27
|
-
<!-- What you expected to happen -->
|
|
28
|
-
|
|
29
|
-
## Actual behaviour
|
|
30
|
-
|
|
31
|
-
<!-- What actually happened — include error output, stack trace, or logs if available -->
|
|
32
|
-
|
|
33
|
-
## Additional context
|
|
34
|
-
|
|
35
|
-
<!-- Any other relevant information (bundle config, connectors.json snippet, etc.) -->
|
|
@@ -1,21 +0,0 @@
|
|
|
1
|
-
---
|
|
2
|
-
name: Feature request
|
|
3
|
-
about: Propose a new feature or improvement
|
|
4
|
-
labels: enhancement
|
|
5
|
-
---
|
|
6
|
-
|
|
7
|
-
## Use case
|
|
8
|
-
|
|
9
|
-
<!-- What problem does this solve? Who benefits and in what context? -->
|
|
10
|
-
|
|
11
|
-
## Proposed solution
|
|
12
|
-
|
|
13
|
-
<!-- Describe the feature, API shape, or behaviour change you have in mind -->
|
|
14
|
-
|
|
15
|
-
## Alternatives considered
|
|
16
|
-
|
|
17
|
-
<!-- Other approaches you considered and why you preferred this one -->
|
|
18
|
-
|
|
19
|
-
## Additional context
|
|
20
|
-
|
|
21
|
-
<!-- Relevant prior art, links to related issues, or implementation notes -->
|
|
@@ -1,19 +0,0 @@
|
|
|
1
|
-
## Summary
|
|
2
|
-
|
|
3
|
-
<!-- What does this PR do? One or two sentences. -->
|
|
4
|
-
|
|
5
|
-
## Related issue
|
|
6
|
-
|
|
7
|
-
<!-- Closes #NNN or "No related issue" -->
|
|
8
|
-
|
|
9
|
-
## Checklist
|
|
10
|
-
|
|
11
|
-
- [ ] Tests pass — `node --test test/**/*.test.js`
|
|
12
|
-
- [ ] New behaviour is covered by a test (or justification provided below)
|
|
13
|
-
- [ ] `changie new` entry added for any user-facing change
|
|
14
|
-
- [ ] Commit messages follow the project style (imperative/gerund, no AI references)
|
|
15
|
-
- [ ] Docs updated if public API, CLI, or config schema changed
|
|
16
|
-
|
|
17
|
-
## Notes
|
|
18
|
-
|
|
19
|
-
<!-- Anything the reviewer should pay attention to — design trade-offs, known gaps, follow-up items -->
|
package/.github/dependabot.yml
DELETED
|
@@ -1,12 +0,0 @@
|
|
|
1
|
-
version: 2
|
|
2
|
-
updates:
|
|
3
|
-
- package-ecosystem: "npm"
|
|
4
|
-
directory: "/"
|
|
5
|
-
schedule:
|
|
6
|
-
interval: "weekly"
|
|
7
|
-
ignore:
|
|
8
|
-
# Vendored dependencies under framework/v*/ are managed manually.
|
|
9
|
-
# They are not installed via npm — do not auto-update them.
|
|
10
|
-
- dependency-name: "*"
|
|
11
|
-
update-types: ["version-update:semver-patch"]
|
|
12
|
-
open-pull-requests-limit: 5
|
|
@@ -1,188 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env node
|
|
2
|
-
/*
|
|
3
|
-
* This file is part of the gina package.
|
|
4
|
-
* Copyright (c) 2009-2026 Rhinostone <contact@gina.io>
|
|
5
|
-
*
|
|
6
|
-
* For the full copyright and license information, please view the LICENSE
|
|
7
|
-
* file that was distributed with this source code.
|
|
8
|
-
*/
|
|
9
|
-
|
|
10
|
-
/**
|
|
11
|
-
* OSV-based CVE scan for vendored deps.
|
|
12
|
-
*
|
|
13
|
-
* Walks every `package.json` under `framework/v*\/core/deps/`, extracts
|
|
14
|
-
* `(name, version)` pairs, queries `api.osv.dev`, and exits non-zero if
|
|
15
|
-
* any vulnerability is matched.
|
|
16
|
-
*
|
|
17
|
-
* Pinning convention (see internal architecture docs): the
|
|
18
|
-
* vendored `package.json` stays byte-identical to upstream until
|
|
19
|
-
* patched; on patch, `version` is bumped to `<upstream>-rhinostone.N`
|
|
20
|
-
* (e.g. `1.6.0-rhinostone.1`). This script strips the
|
|
21
|
-
* `-rhinostone.N` suffix before querying so OSV still matches the base
|
|
22
|
-
* upstream version.
|
|
23
|
-
*
|
|
24
|
-
* Exit codes:
|
|
25
|
-
* 0 — clean, no CVEs matched
|
|
26
|
-
* 1 — at least one vulnerability matched (build fails)
|
|
27
|
-
* 2 — scan error (malformed package.json, network failure)
|
|
28
|
-
*
|
|
29
|
-
* @module .github/scripts/scan-vendored-cves
|
|
30
|
-
*/
|
|
31
|
-
|
|
32
|
-
'use strict';
|
|
33
|
-
|
|
34
|
-
var fs = require('fs');
|
|
35
|
-
var path = require('path');
|
|
36
|
-
var https = require('https');
|
|
37
|
-
|
|
38
|
-
var ROOT = path.resolve(__dirname, '..', '..');
|
|
39
|
-
|
|
40
|
-
/**
|
|
41
|
-
* Walk every `framework/v*\/core/deps/<dep>/package.json` and return the
|
|
42
|
-
* list of absolute paths.
|
|
43
|
-
*
|
|
44
|
-
* @returns {string[]}
|
|
45
|
-
*/
|
|
46
|
-
function walkDepsPackageJsons() {
|
|
47
|
-
var frameworkDir = path.join(ROOT, 'framework');
|
|
48
|
-
if (!fs.existsSync(frameworkDir)) return [];
|
|
49
|
-
var results = [];
|
|
50
|
-
var fws = fs.readdirSync(frameworkDir);
|
|
51
|
-
for (var i = 0; i < fws.length; i++) {
|
|
52
|
-
var depsDir = path.join(frameworkDir, fws[i], 'core', 'deps');
|
|
53
|
-
if (!fs.existsSync(depsDir)) continue;
|
|
54
|
-
if (!fs.statSync(depsDir).isDirectory()) continue;
|
|
55
|
-
var deps = fs.readdirSync(depsDir);
|
|
56
|
-
for (var j = 0; j < deps.length; j++) {
|
|
57
|
-
var pkgPath = path.join(depsDir, deps[j], 'package.json');
|
|
58
|
-
if (fs.existsSync(pkgPath)) results.push(pkgPath);
|
|
59
|
-
}
|
|
60
|
-
}
|
|
61
|
-
return results;
|
|
62
|
-
}
|
|
63
|
-
|
|
64
|
-
/**
|
|
65
|
-
* Strip the local-patch suffix (`-rhinostone.N`) so OSV sees the base
|
|
66
|
-
* upstream version. If the version has no such suffix, returned as-is.
|
|
67
|
-
*
|
|
68
|
-
* @param {string} v
|
|
69
|
-
* @returns {string}
|
|
70
|
-
*/
|
|
71
|
-
function normalizeVersion(v) {
|
|
72
|
-
return String(v).replace(/-rhinostone\.\d+$/, '');
|
|
73
|
-
}
|
|
74
|
-
|
|
75
|
-
/**
|
|
76
|
-
* POST a single `(name, version)` query to api.osv.dev/v1/query.
|
|
77
|
-
* Resolves with the parsed JSON response (which may carry `{vulns: [...]}`
|
|
78
|
-
* or be empty `{}` on a clean match).
|
|
79
|
-
*
|
|
80
|
-
* @param {string} name
|
|
81
|
-
* @param {string} version
|
|
82
|
-
* @returns {Promise<object>}
|
|
83
|
-
*/
|
|
84
|
-
function queryOSV(name, version) {
|
|
85
|
-
return new Promise(function (resolve, reject) {
|
|
86
|
-
var body = JSON.stringify({
|
|
87
|
-
package: { name: name, ecosystem: 'npm' },
|
|
88
|
-
version: version
|
|
89
|
-
});
|
|
90
|
-
var req = https.request({
|
|
91
|
-
method: 'POST',
|
|
92
|
-
hostname: 'api.osv.dev',
|
|
93
|
-
path: '/v1/query',
|
|
94
|
-
headers: {
|
|
95
|
-
'Content-Type': 'application/json',
|
|
96
|
-
'Content-Length': Buffer.byteLength(body)
|
|
97
|
-
}
|
|
98
|
-
}, function (res) {
|
|
99
|
-
var data = '';
|
|
100
|
-
res.on('data', function (chunk) { data += chunk; });
|
|
101
|
-
res.on('end', function () {
|
|
102
|
-
if (res.statusCode !== 200) {
|
|
103
|
-
return reject(new Error('OSV HTTP ' + res.statusCode + ': ' + data));
|
|
104
|
-
}
|
|
105
|
-
try {
|
|
106
|
-
resolve(JSON.parse(data));
|
|
107
|
-
} catch (e) {
|
|
108
|
-
reject(e);
|
|
109
|
-
}
|
|
110
|
-
});
|
|
111
|
-
});
|
|
112
|
-
req.on('error', reject);
|
|
113
|
-
req.write(body);
|
|
114
|
-
req.end();
|
|
115
|
-
});
|
|
116
|
-
}
|
|
117
|
-
|
|
118
|
-
/**
|
|
119
|
-
* Scan driver. Walks the target package.jsons, queries OSV for each,
|
|
120
|
-
* prints a one-line status per dep, exits with the appropriate code.
|
|
121
|
-
*
|
|
122
|
-
* @returns {Promise<number>} exit code
|
|
123
|
-
*/
|
|
124
|
-
async function main() {
|
|
125
|
-
var pkgs = walkDepsPackageJsons();
|
|
126
|
-
if (pkgs.length === 0) {
|
|
127
|
-
console.log('[osv] no vendored package.json files found under framework/v*/core/deps/');
|
|
128
|
-
return 0;
|
|
129
|
-
}
|
|
130
|
-
|
|
131
|
-
var failures = 0;
|
|
132
|
-
var scanned = 0;
|
|
133
|
-
for (var i = 0; i < pkgs.length; i++) {
|
|
134
|
-
var pkgPath = pkgs[i];
|
|
135
|
-
var rel = path.relative(ROOT, pkgPath);
|
|
136
|
-
var pkg;
|
|
137
|
-
try {
|
|
138
|
-
pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
|
|
139
|
-
} catch (e) {
|
|
140
|
-
console.error('[osv] ' + rel + ': cannot parse (' + e.message + ')');
|
|
141
|
-
return 2;
|
|
142
|
-
}
|
|
143
|
-
if (!pkg.name || !pkg.version) {
|
|
144
|
-
console.log('[osv] SKIP ' + rel + ': missing name or version');
|
|
145
|
-
continue;
|
|
146
|
-
}
|
|
147
|
-
|
|
148
|
-
var baseVersion = normalizeVersion(pkg.version);
|
|
149
|
-
var suffix = (pkg.version !== baseVersion) ? ' (patched: ' + pkg.version + ')' : '';
|
|
150
|
-
var result;
|
|
151
|
-
try {
|
|
152
|
-
result = await queryOSV(pkg.name, baseVersion);
|
|
153
|
-
} catch (e) {
|
|
154
|
-
console.error('[osv] ' + rel + ': query failed — ' + e.message);
|
|
155
|
-
return 2;
|
|
156
|
-
}
|
|
157
|
-
|
|
158
|
-
scanned++;
|
|
159
|
-
var vulns = result.vulns || [];
|
|
160
|
-
if (vulns.length > 0) {
|
|
161
|
-
failures++;
|
|
162
|
-
console.error('[osv] VULNERABLE ' + pkg.name + '@' + baseVersion + suffix + ' (' + rel + ')');
|
|
163
|
-
for (var v = 0; v < vulns.length; v++) {
|
|
164
|
-
var entry = vulns[v];
|
|
165
|
-
var aliases = (entry.aliases || []).join(', ');
|
|
166
|
-
var summary = (entry.summary || entry.details || '').replace(/\s+/g, ' ').slice(0, 140);
|
|
167
|
-
console.error(' ' + entry.id + (aliases ? ' (' + aliases + ')' : '') + ' — ' + summary);
|
|
168
|
-
}
|
|
169
|
-
} else {
|
|
170
|
-
console.log('[osv] OK ' + pkg.name + '@' + baseVersion + suffix + ' (' + rel + ')');
|
|
171
|
-
}
|
|
172
|
-
}
|
|
173
|
-
|
|
174
|
-
console.log('');
|
|
175
|
-
if (failures > 0) {
|
|
176
|
-
console.error('[osv] ' + failures + ' vendored dep(s) with matching CVEs — failing the build.');
|
|
177
|
-
return 1;
|
|
178
|
-
}
|
|
179
|
-
console.log('[osv] clean — no CVEs matched across ' + scanned + ' vendored dep(s).');
|
|
180
|
-
return 0;
|
|
181
|
-
}
|
|
182
|
-
|
|
183
|
-
main().then(function (code) {
|
|
184
|
-
process.exit(code);
|
|
185
|
-
}).catch(function (err) {
|
|
186
|
-
console.error('[osv] uncaught:', err);
|
|
187
|
-
process.exit(2);
|
|
188
|
-
});
|
|
@@ -1,116 +0,0 @@
|
|
|
1
|
-
name: Bundle Freshness
|
|
2
|
-
|
|
3
|
-
# Verifies that the committed dist/vendor/gina/ bundle matches what would
|
|
4
|
-
# be produced by rebuilding from the current source. Catches the
|
|
5
|
-
# source-committed-without-rebuild gap that .githooks/pre-commit (cheap,
|
|
6
|
-
# "did you stage dist?") cannot detect — i.e. a stale dist was staged
|
|
7
|
-
# alongside a fresh source change.
|
|
8
|
-
#
|
|
9
|
-
# Precedent: #SCS1e (commit 48b8fd26) shipped four validator walker
|
|
10
|
-
# replacements as source-only. The bundle was not rebuilt until commit
|
|
11
|
-
# 69fb32fc picked it up as a side effect of toolbar removal. Any browser
|
|
12
|
-
# loading gina.min.js between those two commits still ran the original
|
|
13
|
-
# eval('data.' + localValue). See llms.txt §72.
|
|
14
|
-
|
|
15
|
-
on:
|
|
16
|
-
push:
|
|
17
|
-
branches: [develop, master]
|
|
18
|
-
pull_request:
|
|
19
|
-
branches: [develop, master]
|
|
20
|
-
workflow_dispatch:
|
|
21
|
-
|
|
22
|
-
# Cancel any in-flight check for the same ref when a newer one kicks off.
|
|
23
|
-
concurrency:
|
|
24
|
-
group: bundle-freshness-${{ github.ref }}
|
|
25
|
-
cancel-in-progress: true
|
|
26
|
-
|
|
27
|
-
permissions:
|
|
28
|
-
contents: read
|
|
29
|
-
|
|
30
|
-
jobs:
|
|
31
|
-
freshness:
|
|
32
|
-
name: Verify dist matches source
|
|
33
|
-
runs-on: ubuntu-latest
|
|
34
|
-
timeout-minutes: 10
|
|
35
|
-
steps:
|
|
36
|
-
- name: Checkout
|
|
37
|
-
uses: actions/checkout@v6
|
|
38
|
-
|
|
39
|
-
- name: Set up Node.js
|
|
40
|
-
uses: actions/setup-node@v6
|
|
41
|
-
with:
|
|
42
|
-
node-version: '22'
|
|
43
|
-
|
|
44
|
-
- name: Set up Java (for Closure Compiler)
|
|
45
|
-
uses: actions/setup-java@v5
|
|
46
|
-
with:
|
|
47
|
-
distribution: 'temurin'
|
|
48
|
-
java-version: '21'
|
|
49
|
-
|
|
50
|
-
- name: Install build prerequisites
|
|
51
|
-
run: |
|
|
52
|
-
sudo apt-get update
|
|
53
|
-
sudo apt-get install -y brotli
|
|
54
|
-
|
|
55
|
-
- name: Install dev dependencies
|
|
56
|
-
run: |
|
|
57
|
-
# `npm ci` (not `npm install`) — strictly respects package-lock.json
|
|
58
|
-
# so devDeps like engine.io-client (which gets baked into the bundle
|
|
59
|
-
# via build.json) don't drift between local rebuilds and CI rebuilds.
|
|
60
|
-
# See llms.txt §72 / 2026-04-24 incident.
|
|
61
|
-
npm ci --ignore-scripts
|
|
62
|
-
ln -sf $(pwd) node_modules/gina
|
|
63
|
-
|
|
64
|
-
- name: Prepare framework dependencies
|
|
65
|
-
run: |
|
|
66
|
-
VERSION=$(node -p "require('./package.json').version")
|
|
67
|
-
FW_DIR="framework/v${VERSION}"
|
|
68
|
-
if [ ! -f "${FW_DIR}/package.json" ]; then
|
|
69
|
-
cat > "${FW_DIR}/package.json" <<EOF
|
|
70
|
-
{
|
|
71
|
-
"name": "gina-framework",
|
|
72
|
-
"version": "${VERSION}",
|
|
73
|
-
"dependencies": {
|
|
74
|
-
"@rhinostone/swig": "^1.6.0"
|
|
75
|
-
}
|
|
76
|
-
}
|
|
77
|
-
EOF
|
|
78
|
-
fi
|
|
79
|
-
(cd "${FW_DIR}" && npm install --ignore-scripts)
|
|
80
|
-
|
|
81
|
-
- name: Install Closure Compiler JARs
|
|
82
|
-
run: bash framework/v*/core/asset/plugin/lib/js/install-closure-compiler.sh
|
|
83
|
-
|
|
84
|
-
- name: Rebuild bundle
|
|
85
|
-
run: |
|
|
86
|
-
bash framework/v*/core/asset/plugin/build --env=prod \
|
|
87
|
-
--sass-bin="$PWD/node_modules/.bin/sass" \
|
|
88
|
-
--csso-bin="$PWD/node_modules/.bin/csso" \
|
|
89
|
-
--rjs-bin="$PWD/node_modules/.bin/r.js"
|
|
90
|
-
|
|
91
|
-
- name: Verify dist is in sync with source
|
|
92
|
-
run: |
|
|
93
|
-
# *.gz files are excluded: gzip output is platform-specific (Apple
|
|
94
|
-
# gzip on the maintainer's Mac vs GNU gzip on Linux runners produce
|
|
95
|
-
# different deflate bytes for the same input — even Node's zlib
|
|
96
|
-
# disagrees Mac↔Linux because it links the system zlib). Brotli IS
|
|
97
|
-
# cross-platform deterministic (single canonical reference impl),
|
|
98
|
-
# so the .br files remain checked. If a .css/.js/.html source
|
|
99
|
-
# changes without a rebuild, the .br diff catches it; the .gz
|
|
100
|
-
# divergence would have been a false positive.
|
|
101
|
-
if ! git diff --exit-code -- \
|
|
102
|
-
'framework/v*/core/asset/plugin/dist/vendor/gina/' \
|
|
103
|
-
':(exclude)framework/v*/core/asset/plugin/dist/vendor/gina/**/*.gz'; then
|
|
104
|
-
echo ""
|
|
105
|
-
echo "::error::Bundle is out of sync with source."
|
|
106
|
-
echo "::error::A source file under one of the AMD-aliased paths in build.json"
|
|
107
|
-
echo "::error::was modified without a corresponding rebuilt dist staged."
|
|
108
|
-
echo "::error::"
|
|
109
|
-
echo "::error::Locally:"
|
|
110
|
-
echo "::error:: bash framework/v*/core/asset/plugin/build --env=prod"
|
|
111
|
-
echo "::error:: git add framework/v*/core/asset/plugin/dist/vendor/gina/"
|
|
112
|
-
echo "::error::"
|
|
113
|
-
echo "::error::See llms.txt §72 for the rebuild-gate discipline."
|
|
114
|
-
exit 1
|
|
115
|
-
fi
|
|
116
|
-
echo "Bundle is fresh — dist matches source (excluding *.gz, which is platform-divergent)."
|
|
@@ -1,84 +0,0 @@
|
|
|
1
|
-
name: Security
|
|
2
|
-
|
|
3
|
-
on:
|
|
4
|
-
push:
|
|
5
|
-
branches: [develop, master]
|
|
6
|
-
pull_request:
|
|
7
|
-
branches: [develop, master]
|
|
8
|
-
|
|
9
|
-
jobs:
|
|
10
|
-
local-leak-check:
|
|
11
|
-
name: Local-tool leak scan
|
|
12
|
-
runs-on: ubuntu-latest
|
|
13
|
-
|
|
14
|
-
steps:
|
|
15
|
-
- uses: actions/checkout@v6
|
|
16
|
-
|
|
17
|
-
# #S6 — Backs up the local pre-commit hook (#S5) and the publish-boundary
|
|
18
|
-
# gate in prepare_version.js (#S3). Fails the build if any tracked path
|
|
19
|
-
# matches local-tool configuration paths. Also retroactively catches
|
|
20
|
-
# leaks that landed before the active defenses were wired.
|
|
21
|
-
- name: Scan tracked files for local-tool paths
|
|
22
|
-
run: |
|
|
23
|
-
matches=$(git ls-files | grep -iE '(^|/)(CLAUDE\.md|\.claude[a-z]*)' || true)
|
|
24
|
-
if [ -n "$matches" ]; then
|
|
25
|
-
echo "::error::local-tool paths detected in git index:"
|
|
26
|
-
echo "$matches" | sed 's/^/ - /'
|
|
27
|
-
echo ""
|
|
28
|
-
echo "These paths must never be tracked. Remove with: git rm --cached <path>"
|
|
29
|
-
echo "If pushed already, scrub history with git filter-repo."
|
|
30
|
-
exit 1
|
|
31
|
-
fi
|
|
32
|
-
echo "OK: no local-tool paths in git index."
|
|
33
|
-
|
|
34
|
-
ai-attribution-content-scan:
|
|
35
|
-
name: AI-attribution content scan
|
|
36
|
-
runs-on: ubuntu-latest
|
|
37
|
-
|
|
38
|
-
steps:
|
|
39
|
-
- uses: actions/checkout@v6
|
|
40
|
-
|
|
41
|
-
# #S7 — CI mirror of the pre-commit hook's content-scan section.
|
|
42
|
-
# While #S6 catches LOCAL-TOOL PATHS (file names), #S7 catches
|
|
43
|
-
# AI-ATTRIBUTION SUBSTRINGS in tracked file CONTENT. Pattern must
|
|
44
|
-
# stay in sync with .githooks/pre-commit. Documented exceptions:
|
|
45
|
-
# - Protocol identifiers used by the AI connector (anthropic://,
|
|
46
|
-
# openai://, deepseek://, qwen://, groq://, mistral://, gemini://,
|
|
47
|
-
# xai://, perplexity://, ollama://)
|
|
48
|
-
# - Vendor SDK package names (@anthropic-ai/sdk, openai npm package)
|
|
49
|
-
# - Canonical env-var names (ANTHROPIC_API_KEY, OPENAI_API_KEY)
|
|
50
|
-
# Files where these patterns appear by design (this workflow, the
|
|
51
|
-
# local hook, the prepack scanner) and auto-generated dist artefacts
|
|
52
|
-
# (browser bundles, minified output, source maps) are excluded — the
|
|
53
|
-
# source-side scan catches the leak before it reaches dist.
|
|
54
|
-
- name: Scan tracked content for AI-attribution leaks
|
|
55
|
-
run: |
|
|
56
|
-
LEAK_RE='\.claude/|\.claudeignore|claude\.ai|claude\.com/claude-code|Co-Authored-By:?[^\n]{0,30}(Claude|Anthropic)|Generated (by|with)[^\n]{0,30}Claude|🤖[^\n]{0,30}Claude'
|
|
57
|
-
EXCEPTION_RE='anthropic://|openai://|deepseek://|qwen://|groq://|mistral://|gemini://|xai://|perplexity://|ollama://|@anthropic-ai/sdk|ANTHROPIC_API_KEY|OPENAI_API_KEY'
|
|
58
|
-
EXCLUDED='^(\.githooks/pre-commit|\.github/workflows/security\.yml|script/check_no_local_leak\.js|script/prepare_version\.js|\.gitignore|\.npmignore|framework/v[^/]+/core/asset/plugin/dist/.*|.*\.(min\.(js|css)(\.br|\.gz)?|map))$'
|
|
59
|
-
|
|
60
|
-
found=0
|
|
61
|
-
while IFS= read -r f; do
|
|
62
|
-
if echo "$f" | grep -qE "$EXCLUDED"; then continue; fi
|
|
63
|
-
case "$f" in
|
|
64
|
-
*.png|*.jpg|*.jpeg|*.gif|*.svg|*.woff|*.woff2|*.ttf|*.ico|*.jar|*.zip|*.tar|*.gz|*.br|*.afdesign|*.pdf|*.mp3|*.mp4|*.heic|*.webp) continue ;;
|
|
65
|
-
esac
|
|
66
|
-
size=$(stat -c%s "$f" 2>/dev/null || stat -f%z "$f" 2>/dev/null || echo 0)
|
|
67
|
-
if [ "$size" -gt 2097152 ]; then continue; fi
|
|
68
|
-
stripped=$(sed -E "s#$EXCEPTION_RE##gI" "$f" 2>/dev/null || true)
|
|
69
|
-
if printf '%s' "$stripped" | grep -qiE "$LEAK_RE"; then
|
|
70
|
-
echo "::error file=$f::AI-attribution leak in tracked content"
|
|
71
|
-
printf '%s' "$stripped" | grep -niE "$LEAK_RE" | head -3 | sed 's/^/ /'
|
|
72
|
-
found=1
|
|
73
|
-
fi
|
|
74
|
-
done < <(git ls-files)
|
|
75
|
-
|
|
76
|
-
if [ "$found" = "1" ]; then
|
|
77
|
-
echo ""
|
|
78
|
-
echo "These mentions must not reach a public surface."
|
|
79
|
-
echo "Allowed exceptions (already filtered): protocol identifiers (anthropic://"
|
|
80
|
-
echo "and siblings), vendor SDK package names (@anthropic-ai/sdk, openai),"
|
|
81
|
-
echo "canonical env-var names (ANTHROPIC_API_KEY, OPENAI_API_KEY)."
|
|
82
|
-
exit 1
|
|
83
|
-
fi
|
|
84
|
-
echo "OK: no AI-attribution leaks in tracked content."
|