npm - korext - Versions diffs - 0.4.0 → 0.6.0 - Mend

korext 0.4.0 → 0.6.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/CHANGELOG.md CHANGED Viewed

@@ -1,13 +1,65 @@
 # Changelog
+## 0.6.0 - 2026-03-19
+### Added
+- Three-layer governance context on every
+  violation: regulatory compliance, technical
+  standards, and security intelligence
+- Per-violation AI explanations with
+  individual reasoning for each finding
+- Code snippet extraction showing the exact
+  lines around each violation
+- Real Shadow Test verification on dashboard
+  fixes for Team and Enterprise tiers
+- Diff preview before applying fixes: see
+  exactly what changed before accepting
+- Undo support: restore original code after
+  applying a fix
+- Git context (repository, branch, commit)
+  included in proof bundles from IDE and CLI
+- Organisation ID on proof bundles for
+  enterprise filtering
+- Honest hash type labelling: deterministic
+  replay hash for IDE and CLI, session
+  identifier for dashboard
+- Publication-quality proof bundle PDF export
+  with QR verification, governance coverage
+  tables, and three-layer compliance mapping
+- Enterprise branding on proof bundle PDFs
+- Public bundle verification page
+- Expanded knowledge graph sources: MITRE
+  ATLAS, CISA KEV, NIST AI RMF, ISO 42001,
+  EU AI Act, OWASP Top 10 for LLMs, OSV,
+  FIRST EPSS
+### Changed
+- HMAC signing consolidated to server-side
+  for all paths
+- Governance mappings restructured from flat
+  citations to three layer context covering
+  US, EU, UK, Canadian, and Australian
+  regulatory frameworks
+- Security hardening: environment-aware HMAC
+  key validation, Zod validation on all
+  endpoints, typed request interfaces
+### Fixed
+- Original code preserved in dashboard state
+  after applying fixes
+- Shadow Test Protocol section on dashboard
+  now shows real results instead of static UI
+- Em dashes removed across entire codebase
+  and AI-generated outputs
 ## 0.3.0
 - **New:** Version bump to match extension releases
 - **Improved:** CLI now reports version 0.3.0
 ## 0.2.0
 - Initial release
-- `korext login` — browser-based authentication
-- `korext init` — initialize Korext project
-- `korext extract` — extract rules from PDF/Markdown policy documents
-- `korext review` — review extracted rules
-- `korext publish` — activate custom policy packs
+- `korext login` - browser-based authentication
+- `korext init` - initialize Korext project
+- `korext extract` - extract rules from PDF/Markdown policy documents
+- `korext review` - review extracted rules
+- `korext publish` - activate custom policy packs

package/README.md CHANGED Viewed

@@ -1,88 +1,41 @@
-# Korext CLI
+# KOREXT - AI Code Governance
-**The Korext Node.js Command Line Interface.**
-Real-time policy enforcement and compliance proof for AI-generated code.
+Real time policy enforcement and compliance proof for AI-generated code.
-[![NPM Version](https://img.shields.io/npm/v/korext)](https://www.npmjs.com/package/korext)
-[![License: MIT](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/MIT)
+## What It Does
----
+KOREXT enforces your compliance policies at the point of code generation. Every file is checked against your selected policy pack. Violations appear as CLI-based error logs with severity, governance context (regulatory, technical standards, security intelligence), and an AI-powered explanation. One click applies a verified fix with diff preview. Every enforcement decision generates a cryptographically signed proof bundle your compliance team can verify.
-## Installation
+## Core Commands
-Install the CLI globally using NPM to access the `korext` command from anywhere:
+- `korext login`: Login via browser (recommended)
+- `korext status`: View your current authentication state and active Policy Pack
+- `korext enforce`: Scan a target directory or file and cross-reference it against your policy pack
+- `korext packs list`: Retrieve and list all available internal Policy Packs
+- `korext policy init`: Initialize a new custom policy workflow
+- `korext policy extract`: Extract rules from a PDF/Markdown policy document
+- `korext policy review`: Interactively review extracted rules
+- `korext policy publish`: Deploy and activate custom policy packs
-```bash
-npm install -g korext
-```
+## Features
-## Authentication
+- CLI violation detection
+- Three-layer governance context: regulatory compliance, technical standards, security intelligence
+- Command line verified code fixes via Shadow Test Protocol
+- Cryptographically signed proof bundles
+- Publication-quality PDF export for auditors
+- Covers PCI-DSS, HIPAA, GDPR, SOC 2, OWASP, NIST, CIS, and more
+- Custom policy packs on Team plan
+- Air-gapped deployment for Enterprise
-Before running analysis, you must authenticate the CLI against your Korext account.
+## Getting Started
-```bash
-# Login via browser (Recommended)
-korext login
+Install the CLI via `npm install -g korext` and sign in. Select a policy pack. Run `korext enforce`. KOREXT runs in the terminal and surfaces violations instantly.
-# Headless CI/CD Login via environment variable
-export KOREXT_API_TOKEN="your_personal_access_token"
-```
+Free tier available. Team and Enterprise plans for organisations that need signed proof bundles, PDF export, and compliance reporting.
-## Commands
+## Links
-### `korext enforce [path]`
-Scans a target directory or file and cross-references it against your active Korext Policy Pack in real-time.
-```bash
-# Run against the current directory
-korext enforce .
-# Run against a specific file
-korext enforce ./src/auth.ts
-```
-### `korext status`
-View your current authentication state, active Cloud storage tier, and active Policy Pack ID.
-```bash
-korext status
-```
-### `korext packs list`
-Retrieves and lists all available internal Policy Packs available for your organization.
-```bash
-korext packs list
-```
----
-## CI/CD Pipeline Integration
-The Korext CLI is built to run headless inside GitHub Actions, GitLab CI, and isolated Docker environments. When a violation is detected during an enforcement run (`korext enforce`), the CLI intentionally exits with a non-zero code (`exit 1`) to fail the build automatically.
-**Example GitHub Action:**
-```yaml
-name: Korext Policy Pipeline
-on: [push, pull_request]
-jobs:
-  audit:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-      - uses: actions/setup-node@v4
-        with:
-          node-version: '20'
-      - name: Install Korext globally
-        run: npm install -g korext
-      - name: Korext Enforce
-        env:
-          KOREXT_API_TOKEN: ${{ secrets.KOREXT_API_TOKEN }}
-        run: korext enforce .
-```
-## Need Help?
-Visit the official documentation at [Korext.com](https://www.korext.com) or reach out to your Account Executive for Enterprise Support.
+- Website: https://www.korext.com
+- Dashboard: https://app.korext.com
+- Documentation: https://www.korext.com/docs

package/bin/korext.js CHANGED Viewed

@@ -537,7 +537,7 @@ policyCmd
       };
       draft.templateRule = templateRule;
       saveLatestDraft(draft);
-      console.log(chalk.yellow('⚡ Airgap mode — no network calls made'));
+      console.log(chalk.yellow('⚡ Airgap mode: no network calls made'));
       console.log(chalk.dim('\nNext: korext policy review'));
       return;
     }
@@ -561,7 +561,7 @@ policyCmd
     }
     if (!textPayload && draft.fileType === 'pdf') {
-      spinner.info('PDF detected — uploading for server-side text extraction only');
+      spinner.info('PDF detected. uploading for server-side text extraction only');
       textPayload = null;
     }
@@ -730,7 +730,7 @@ function generateReviewHTML(draft) {
 <head>
 <meta charset="UTF-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0">
-<title>Korext Policy Review — ${packName}</title>
+<title>Korext Policy Review - ${packName}</title>
 <style>
   :root {
     --bg: #0d1117; --surface: #161b22; --border: #30363d;
@@ -929,7 +929,7 @@ policyCmd
       process.exit(1);
     }
-    const spinner = ora(`Publishing ${approvedRules.length} rules to Korext (rules only — no document text)...`).start();
+    const spinner = ora(`Publishing ${approvedRules.length} rules to Korext (rules only, no document text)...`).start();
     // CRITICAL DATA PROTECTION: Only send rule definitions
     const publishPayload = {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "korext",
-  "version": "0.4.0",
+  "version": "0.6.0",
   "description": "Korext Command Line Interface",
   "type": "module",
   "main": "bin/korext.js",

package/test-policy.md CHANGED Viewed

@@ -6,7 +6,7 @@ All applications must enforce the following password standards:
 - Minimum password length of 12 characters
 - Passwords must include uppercase, lowercase, numbers, and special characters
-- Passwords must never be stored in plain text — use bcrypt or argon2 with a cost factor of at least 12
+- Passwords must never be stored in plain text: use bcrypt or argon2 with a cost factor of at least 12
 - Developers must not hardcode passwords, API keys, or secrets in source code
 ## Data Encryption
@@ -15,14 +15,14 @@ All sensitive data must be encrypted at rest and in transit:
 - Use AES-256 for encryption at rest
 - TLS 1.2 or higher required for all network communication
-- Do not use MD5 or SHA-1 for cryptographic purposes — they are considered broken
+- Do not use MD5 or SHA-1 for cryptographic purposes, as they are considered broken
 - All database connections must use encrypted transport
 ## Input Validation
 All user input must be validated before processing:
-- Never concatenate user input directly into SQL queries — use parameterized queries
+- Never concatenate user input directly into SQL queries: use parameterized queries
 - Sanitize all HTML output to prevent cross-site scripting (XSS)
 - Validate file upload types using magic bytes, not just file extension
 - Limit request body size to prevent denial of service
@@ -31,7 +31,7 @@ All user input must be validated before processing:
 Authentication systems must follow these rules:
-- Implement rate limiting on login endpoints — maximum 10 attempts per minute
+- Implement rate limiting on login endpoints: maximum 10 attempts per minute
 - Session tokens must be regenerated after successful authentication
 - Set HttpOnly, Secure, and SameSite flags on all session cookies
 - Session timeout must not exceed 30 minutes of inactivity