paqad-ai 1.22.1 → 1.22.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md CHANGED
@@ -1,5 +1,17 @@
1
1
  # paqad-ai
2
2
 
3
+ ## 1.22.2
4
+
5
+ ### Patch Changes
6
+
7
+ - [#177](https://github.com/Eliyce/paqad-ai/pull/177) [`ea8c367`](https://github.com/Eliyce/paqad-ai/commit/ea8c36722c84ac82c486e5dbaf9dad0cc9d9bac5) Thanks [@HLasani](https://github.com/HLasani)! - Fix the AI bill of materials on the dashboard.
8
+
9
+ Two problems made the BOM unreadable. First, `git status --short` parsing left-trimmed each line before slicing the status columns, which dropped the first character of every worktree-only changed path (`package.json` became `ackage.json`). That corrupted the BOM component names, their file digests, and the change-completeness gate messages. Second, the dashboard BOM panel only showed a file count, never the files themselves. The panel now lists every attested file with its SHA-256 digest, and shows a clear empty state when the latest verified change touched no files.
10
+
11
+ - [#177](https://github.com/Eliyce/paqad-ai/pull/177) [`ea8c367`](https://github.com/Eliyce/paqad-ai/commit/ea8c36722c84ac82c486e5dbaf9dad0cc9d9bac5) Thanks [@HLasani](https://github.com/HLasani)! - Restore the executable bit on the installed runtime hooks and scripts.
12
+
13
+ The package is published with `changeset publish`, which packs the tarball with pnpm. pnpm normalises every file mode to `0644` and drops the executable bit (npm preserves it), so on an installed copy the host agent could not run any runtime hook: invoking `~/.paqad-ai/current/hooks/verification-completion.mjs` failed with "permission denied". The visible symptom was that the verification backstop never fired for onboarded projects, so the evidence ledger, receipts, AI-BOM, and the local dashboard data were never produced. A `postinstall` step now re-adds the executable bit on every install and update, with no action required from the user.
14
+
3
15
  ## 1.22.1
4
16
 
5
17
  ### Patch Changes
package/dist/cli/index.js CHANGED
@@ -27100,18 +27100,21 @@ async function readGitStatusFiles(projectRoot) {
27100
27100
  return [];
27101
27101
  }
27102
27102
  return normalizePaths(
27103
- result.stdout.split("\n").map((line) => line.trim()).filter(Boolean).map(parseGitStatusPath).filter((value) => value !== null)
27103
+ result.stdout.split("\n").map(parseGitStatusPath).filter((value) => value !== null)
27104
27104
  );
27105
27105
  } catch {
27106
27106
  return [];
27107
27107
  }
27108
27108
  }
27109
27109
  function parseGitStatusPath(line) {
27110
- const trimmed = line.trim();
27111
- if (trimmed.length < 4) {
27110
+ const stripped = line.replace(/\r$/, "");
27111
+ if (stripped.length < 4) {
27112
+ return null;
27113
+ }
27114
+ const payload = stripped.slice(3).trim();
27115
+ if (payload.length === 0) {
27112
27116
  return null;
27113
27117
  }
27114
- const payload = trimmed.slice(3).trim();
27115
27118
  if (payload.includes(" -> ")) {
27116
27119
  return (
27117
27120
  /* v8 ignore next */
@@ -35033,7 +35036,7 @@ init_esm_shims();
35033
35036
  init_esm_shims();
35034
35037
 
35035
35038
  // src/index.ts
35036
- var VERSION = "1.22.1";
35039
+ var VERSION = "1.22.2";
35037
35040
 
35038
35041
  // src/cli/commands/audit.ts
35039
35042
  init_esm_shims();