jumpstart-mode 1.1.11 → 1.1.13

package/bin/lib/vendor-risk.js

@@ -0,0 +1,173 @@
+/**
+ * vendor-risk.js — Vendor & Dependency Risk Scoring (Item 36)
+ *
+ * Evaluate OSS and SaaS dependencies for maintenance health,
+ * license risk, and supply chain concerns.
+ *
+ * Usage:
+ *   node bin/lib/vendor-risk.js scan|assess|report [options]
+ *
+ * State file: .jumpstart/state/vendor-risk.json
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_STATE_FILE = path.join('.jumpstart', 'state', 'vendor-risk.json');
+
+const RISK_FACTORS = ['maintenance', 'license', 'security', 'popularity', 'supply-chain'];
+
+const LICENSE_RISK = {
+  'MIT': 'low', 'ISC': 'low', 'BSD-2-Clause': 'low', 'BSD-3-Clause': 'low', 'Apache-2.0': 'low',
+  'LGPL-2.1': 'medium', 'LGPL-3.0': 'medium', 'MPL-2.0': 'medium',
+  'GPL-2.0': 'high', 'GPL-3.0': 'high', 'AGPL-3.0': 'high',
+  'SSPL-1.0': 'critical', 'BSL-1.1': 'high', 'UNLICENSED': 'critical', 'unknown': 'high'
+};
+
+function defaultState() {
+  return {
+    version: '1.0.0',
+    created_at: new Date().toISOString(),
+    last_updated: null,
+    assessments: [],
+    vendor_catalog: []
+  };
+}
+
+function loadState(stateFile) {
+  const filePath = stateFile || DEFAULT_STATE_FILE;
+  if (!fs.existsSync(filePath)) return defaultState();
+  try { return JSON.parse(fs.readFileSync(filePath, 'utf8')); }
+  catch { return defaultState(); }
+}
+
+function saveState(state, stateFile) {
+  const filePath = stateFile || DEFAULT_STATE_FILE;
+  const dir = path.dirname(filePath);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  state.last_updated = new Date().toISOString();
+  fs.writeFileSync(filePath, JSON.stringify(state, null, 2) + '\n', 'utf8');
+}
+
+/**
+ * Scan project dependencies.
+ *
+ * @param {string} root - Project root.
+ * @param {object} [options]
+ * @returns {object}
+ */
+function scanDependencies(root, options = {}) {
+  const packageFile = path.join(root, 'package.json');
+  const dependencies = [];
+
+  if (fs.existsSync(packageFile)) {
+    try {
+      const pkg = JSON.parse(fs.readFileSync(packageFile, 'utf8'));
+      const deps = { ...pkg.dependencies };
+      const devDeps = options.includeDevDeps ? pkg.devDependencies || {} : {};
+
+      for (const [name, version] of Object.entries(deps)) {
+        dependencies.push({ name, version, type: 'production', ecosystem: 'npm' });
+      }
+      for (const [name, version] of Object.entries(devDeps)) {
+        dependencies.push({ name, version, type: 'development', ecosystem: 'npm' });
+      }
+    } catch { /* ignore */ }
+  }
+
+  return { success: true, dependencies, total: dependencies.length };
+}
+
+/**
+ * Assess risk for a dependency.
+ *
+ * @param {object} dep - { name, version, license?, last_publish?, weekly_downloads? }
+ * @param {object} [options]
+ * @returns {object}
+ */
+function assessDependency(dep, options = {}) {
+  if (!dep || !dep.name) return { success: false, error: 'dep.name is required' };
+
+  const scores = {};
+
+  // License risk
+  const license = dep.license || 'unknown';
+  const licenseRisk = LICENSE_RISK[license] || 'high';
+  scores.license = licenseRisk === 'low' ? 90 : licenseRisk === 'medium' ? 60 : licenseRisk === 'high' ? 30 : 10;
+
+  // Maintenance (based on last publish date if available)
+  if (dep.last_publish) {
+    const daysSince = Math.floor((Date.now() - new Date(dep.last_publish).getTime()) / (1000 * 60 * 60 * 24));
+    scores.maintenance = daysSince < 90 ? 90 : daysSince < 365 ? 60 : daysSince < 730 ? 30 : 10;
+  } else {
+    scores.maintenance = 50; // unknown
+  }
+
+  // Popularity
+  const downloads = dep.weekly_downloads || 0;
+  scores.popularity = downloads > 1000000 ? 90 : downloads > 100000 ? 70 : downloads > 10000 ? 50 : 30;
+
+  // Security (default: no known issues)
+  scores.security = dep.known_vulnerabilities ? 20 : 80;
+
+  // Supply chain
+  scores['supply-chain'] = dep.has_lockfile ? 80 : 50;
+
+  const overall = Math.round(Object.values(scores).reduce((a, b) => a + b, 0) / Object.keys(scores).length);
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const assessment = {
+    name: dep.name,
+    version: dep.version,
+    license,
+    scores,
+    overall,
+    risk_level: overall >= 70 ? 'low' : overall >= 50 ? 'medium' : overall >= 30 ? 'high' : 'critical',
+    assessed_at: new Date().toISOString()
+  };
+
+  state.assessments.push(assessment);
+  saveState(state, stateFile);
+
+  return { success: true, assessment };
+}
+
+/**
+ * Generate vendor risk report.
+ *
+ * @param {object} [options]
+ * @returns {object}
+ */
+function generateReport(options = {}) {
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const byRisk = { low: 0, medium: 0, high: 0, critical: 0 };
+  for (const a of state.assessments) byRisk[a.risk_level]++;
+
+  return {
+    success: true,
+    total_assessed: state.assessments.length,
+    by_risk: byRisk,
+    high_risk: state.assessments.filter(a => a.risk_level === 'high' || a.risk_level === 'critical'),
+    average_score: state.assessments.length > 0
+      ? Math.round(state.assessments.reduce((s, a) => s + a.overall, 0) / state.assessments.length)
+      : 0,
+    assessments: state.assessments
+  };
+}
+
+module.exports = {
+  defaultState,
+  loadState,
+  saveState,
+  scanDependencies,
+  assessDependency,
+  generateReport,
+  RISK_FACTORS,
+  LICENSE_RISK
+};

package/bin/lib/waiver-workflow.js

@@ -0,0 +1,174 @@
+/**
+ * waiver-workflow.js — Exception & Waiver Workflow (Item 27)
+ *
+ * Allow formal approval of justified deviations from standards
+ * with expiration and owner.
+ *
+ * Usage:
+ *   node bin/lib/waiver-workflow.js request|approve|list|expire [options]
+ *
+ * State file: .jumpstart/state/waivers.json
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_STATE_FILE = path.join('.jumpstart', 'state', 'waivers.json');
+
+const WAIVER_STATUSES = ['pending', 'approved', 'rejected', 'expired', 'revoked'];
+const WAIVER_CATEGORIES = ['security', 'architecture', 'compliance', 'performance', 'testing', 'documentation', 'other'];
+
+function defaultState() {
+  return {
+    version: '1.0.0',
+    created_at: new Date().toISOString(),
+    last_updated: null,
+    waivers: []
+  };
+}
+
+function loadState(stateFile) {
+  const filePath = stateFile || DEFAULT_STATE_FILE;
+  if (!fs.existsSync(filePath)) return defaultState();
+  try { return JSON.parse(fs.readFileSync(filePath, 'utf8')); }
+  catch { return defaultState(); }
+}
+
+function saveState(state, stateFile) {
+  const filePath = stateFile || DEFAULT_STATE_FILE;
+  const dir = path.dirname(filePath);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  state.last_updated = new Date().toISOString();
+  fs.writeFileSync(filePath, JSON.stringify(state, null, 2) + '\n', 'utf8');
+}
+
+/**
+ * Request a new waiver.
+ *
+ * @param {object} request - { title, category, justification, owner, expires_in_days? }
+ * @param {object} [options]
+ * @returns {object}
+ */
+function requestWaiver(request, options = {}) {
+  if (!request || !request.title || !request.justification || !request.owner) {
+    return { success: false, error: 'title, justification, and owner are required' };
+  }
+
+  const category = (request.category || 'other').toLowerCase();
+  if (!WAIVER_CATEGORIES.includes(category)) {
+    return { success: false, error: `Invalid category. Must be one of: ${WAIVER_CATEGORIES.join(', ')}` };
+  }
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const expiresInDays = request.expires_in_days || 90;
+  const expiresAt = new Date();
+  expiresAt.setDate(expiresAt.getDate() + expiresInDays);
+
+  const waiver = {
+    id: `WVR-${Date.now().toString(36).toUpperCase()}`,
+    title: request.title,
+    category,
+    justification: request.justification,
+    owner: request.owner,
+    status: 'pending',
+    requested_at: new Date().toISOString(),
+    expires_at: expiresAt.toISOString(),
+    approved_by: null,
+    approved_at: null,
+    conditions: request.conditions || [],
+    affected_artifacts: request.affected_artifacts || []
+  };
+
+  state.waivers.push(waiver);
+  saveState(state, stateFile);
+
+  return { success: true, waiver };
+}
+
+/**
+ * Approve or reject a waiver.
+ *
+ * @param {string} waiverId
+ * @param {string} action - 'approve' or 'reject'
+ * @param {object} [options]
+ * @returns {object}
+ */
+function resolveWaiver(waiverId, action, options = {}) {
+  if (!['approve', 'reject'].includes(action)) {
+    return { success: false, error: 'action must be "approve" or "reject"' };
+  }
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const waiver = state.waivers.find(w => w.id === waiverId);
+  if (!waiver) return { success: false, error: `Waiver not found: ${waiverId}` };
+  if (waiver.status !== 'pending') {
+    return { success: false, error: `Waiver is already ${waiver.status}` };
+  }
+
+  waiver.status = action === 'approve' ? 'approved' : 'rejected';
+  waiver.approved_by = options.approver || null;
+  waiver.approved_at = new Date().toISOString();
+
+  saveState(state, stateFile);
+  return { success: true, waiver };
+}
+
+/**
+ * Expire outdated waivers.
+ *
+ * @param {object} [options]
+ * @returns {object}
+ */
+function expireWaivers(options = {}) {
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+  const now = new Date();
+  let expired = 0;
+
+  for (const waiver of state.waivers) {
+    if (waiver.status === 'approved' && new Date(waiver.expires_at) < now) {
+      waiver.status = 'expired';
+      expired++;
+    }
+  }
+
+  saveState(state, stateFile);
+  return { success: true, expired, total_waivers: state.waivers.length };
+}
+
+/**
+ * List waivers with optional filter.
+ *
+ * @param {object} [filter] - { status?, category?, owner? }
+ * @param {object} [options]
+ * @returns {object}
+ */
+function listWaivers(filter = {}, options = {}) {
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+  let waivers = state.waivers;
+
+  if (filter.status) waivers = waivers.filter(w => w.status === filter.status);
+  if (filter.category) waivers = waivers.filter(w => w.category === filter.category);
+  if (filter.owner) waivers = waivers.filter(w => w.owner === filter.owner);
+
+  return { success: true, waivers, total: waivers.length };
+}
+
+module.exports = {
+  defaultState,
+  loadState,
+  saveState,
+  requestWaiver,
+  resolveWaiver,
+  expireWaivers,
+  listWaivers,
+  WAIVER_STATUSES,
+  WAIVER_CATEGORIES
+};

package/bin/lib/web-dashboard.js

@@ -0,0 +1,126 @@
+/**
+ * web-dashboard.js — Rich Web UI / Local Dashboard (Item 61)
+ *
+ * Serve a local web control center for project management,
+ * phase tracking, artifact browsing, and governance overview.
+ *
+ * Usage:
+ *   node bin/lib/web-dashboard.js start|status|config [options]
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_PORT = 3000;
+const DEFAULT_HOST = 'localhost';
+
+const DASHBOARD_SECTIONS = ['phases', 'artifacts', 'governance', 'timeline', 'risks', 'metrics'];
+
+/**
+ * Generate dashboard configuration.
+ */
+function generateConfig(root, options = {}) {
+  const port = options.port || DEFAULT_PORT;
+  const host = options.host || DEFAULT_HOST;
+  
+  const config = {
+    port,
+    host,
+    root: path.resolve(root),
+    sections: options.sections || DASHBOARD_SECTIONS,
+    theme: options.theme || 'default',
+    auth: options.auth || { enabled: false },
+    refresh_interval: options.refresh_interval || 30,
+    generated_at: new Date().toISOString()
+  };
+  
+  return { success: true, config };
+}
+
+/**
+ * Gather dashboard data from project state.
+ */
+function gatherDashboardData(root, options = {}) {
+  const data = {
+    project_root: root,
+    generated_at: new Date().toISOString(),
+    sections: {}
+  };
+
+  // Phase status
+  const stateFile = path.join(root, '.jumpstart', 'state', 'state.json');
+  if (fs.existsSync(stateFile)) {
+    try {
+      const state = JSON.parse(fs.readFileSync(stateFile, 'utf8'));
+      data.sections.phases = {
+        current_phase: state.current_phase || 0,
+        current_agent: state.current_agent || null,
+        last_completed_step: state.last_completed_step || null
+      };
+    } catch { data.sections.phases = { current_phase: 0 }; }
+  } else {
+    data.sections.phases = { current_phase: 0 };
+  }
+
+  // Artifacts
+  const specsDir = path.join(root, 'specs');
+  const artifacts = [];
+  if (fs.existsSync(specsDir)) {
+    for (const f of fs.readdirSync(specsDir).filter(f => f.endsWith('.md'))) {
+      const fp = path.join(specsDir, f);
+      const stat = fs.statSync(fp);
+      artifacts.push({ name: f, size: stat.size, modified: stat.mtime.toISOString() });
+    }
+  }
+  data.sections.artifacts = { total: artifacts.length, files: artifacts };
+
+  // Config summary
+  const configFile = path.join(root, '.jumpstart', 'config.yaml');
+  data.sections.config = { exists: fs.existsSync(configFile) };
+
+  return { success: true, ...data };
+}
+
+/**
+ * Generate static HTML dashboard.
+ */
+function generateStaticDashboard(data) {
+  const html = `<!DOCTYPE html>
+<html lang="en">
+<head><meta charset="UTF-8"><title>Jump Start Dashboard</title></head>
+<body>
+<h1>Jump Start Dashboard</h1>
+<p>Generated: ${data.generated_at}</p>
+<h2>Phase Status</h2>
+<p>Current Phase: ${data.sections.phases.current_phase}</p>
+<h2>Artifacts (${data.sections.artifacts.total})</h2>
+<ul>${data.sections.artifacts.files.map(f => `<li>${f.name} (${f.size} bytes)</li>`).join('')}</ul>
+</body>
+</html>`;
+  return { success: true, html };
+}
+
+/**
+ * Get server status.
+ */
+function getServerStatus(options = {}) {
+  return {
+    success: true,
+    running: false,
+    port: options.port || DEFAULT_PORT,
+    host: options.host || DEFAULT_HOST,
+    uptime: null
+  };
+}
+
+module.exports = {
+  generateConfig,
+  gatherDashboardData,
+  generateStaticDashboard,
+  getServerStatus,
+  DASHBOARD_SECTIONS,
+  DEFAULT_PORT,
+  DEFAULT_HOST
+};

package/bin/lib/workshop-mode.js

@@ -0,0 +1,165 @@
+/**
+ * workshop-mode.js — Live Workshop Mode (Item 64)
+ *
+ * Facilitate discovery sessions and convert outputs directly
+ * into challenger brief, product brief, and PRD.
+ *
+ * Usage:
+ *   node bin/lib/workshop-mode.js start|capture|convert|status [options]
+ *
+ * State file: .jumpstart/state/workshop.json
+ */
+
+'use strict';
+
+const fs = require('fs');
+const path = require('path');
+
+const DEFAULT_STATE_FILE = path.join('.jumpstart', 'state', 'workshop.json');
+
+const WORKSHOP_TYPES = ['discovery', 'ideation', 'refinement', 'retrospective'];
+const OUTPUT_ARTIFACTS = ['challenger-brief', 'product-brief', 'prd'];
+
+function defaultState() {
+  return {
+    version: '1.0.0',
+    sessions: [],
+    last_updated: null
+  };
+}
+
+function loadState(stateFile) {
+  const fp = stateFile || DEFAULT_STATE_FILE;
+  if (!fs.existsSync(fp)) return defaultState();
+  try { return JSON.parse(fs.readFileSync(fp, 'utf8')); }
+  catch { return defaultState(); }
+}
+
+function saveState(state, stateFile) {
+  const fp = stateFile || DEFAULT_STATE_FILE;
+  const dir = path.dirname(fp);
+  if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true });
+  state.last_updated = new Date().toISOString();
+  fs.writeFileSync(fp, JSON.stringify(state, null, 2) + '\n', 'utf8');
+}
+
+/**
+ * Start a new workshop session.
+ */
+function startSession(name, options = {}) {
+  if (!name) return { success: false, error: 'Session name is required' };
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const session = {
+    id: `WS-${Date.now()}`,
+    name,
+    type: options.type || 'discovery',
+    status: 'active',
+    facilitator: options.facilitator || null,
+    participants: options.participants || [],
+    captures: [],
+    created_at: new Date().toISOString(),
+    ended_at: null
+  };
+
+  if (!WORKSHOP_TYPES.includes(session.type)) {
+    return { success: false, error: `Unknown type: ${session.type}. Valid: ${WORKSHOP_TYPES.join(', ')}` };
+  }
+
+  state.sessions.push(session);
+  saveState(state, stateFile);
+
+  return { success: true, session };
+}
+
+/**
+ * Capture a workshop insight or decision.
+ */
+function captureInsight(sessionId, text, options = {}) {
+  if (!sessionId || !text) return { success: false, error: 'sessionId and text are required' };
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const session = state.sessions.find(s => s.id === sessionId);
+  if (!session) return { success: false, error: `Session ${sessionId} not found` };
+
+  const capture = {
+    id: `CAP-${Date.now()}`,
+    text,
+    category: options.category || 'insight',
+    author: options.author || 'anonymous',
+    timestamp: new Date().toISOString()
+  };
+
+  session.captures.push(capture);
+  saveState(state, stateFile);
+
+  return { success: true, capture };
+}
+
+/**
+ * Convert session captures to artifact outline.
+ */
+function convertToArtifact(sessionId, artifactType, options = {}) {
+  if (!sessionId || !artifactType) return { success: false, error: 'sessionId and artifactType are required' };
+  if (!OUTPUT_ARTIFACTS.includes(artifactType)) {
+    return { success: false, error: `Unknown artifact type. Valid: ${OUTPUT_ARTIFACTS.join(', ')}` };
+  }
+
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  const session = state.sessions.find(s => s.id === sessionId);
+  if (!session) return { success: false, error: `Session ${sessionId} not found` };
+
+  const sections = session.captures.reduce((acc, cap) => {
+    const cat = cap.category || 'general';
+    if (!acc[cat]) acc[cat] = [];
+    acc[cat].push(cap.text);
+    return acc;
+  }, {});
+
+  return {
+    success: true,
+    artifact_type: artifactType,
+    session_name: session.name,
+    sections,
+    captures_used: session.captures.length
+  };
+}
+
+/**
+ * Get session status.
+ */
+function getSessionStatus(options = {}) {
+  const stateFile = options.stateFile || DEFAULT_STATE_FILE;
+  const state = loadState(stateFile);
+
+  return {
+    success: true,
+    total_sessions: state.sessions.length,
+    active: state.sessions.filter(s => s.status === 'active').length,
+    sessions: state.sessions.map(s => ({
+      id: s.id,
+      name: s.name,
+      type: s.type,
+      status: s.status,
+      captures: s.captures.length
+    }))
+  };
+}
+
+module.exports = {
+  startSession,
+  captureInsight,
+  convertToArtifact,
+  getSessionStatus,
+  loadState,
+  saveState,
+  defaultState,
+  WORKSHOP_TYPES,
+  OUTPUT_ARTIFACTS
+};