pqcheck 0.16.17 → 0.16.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/README.md +1 -1
  2. package/bin/pqcheck.js +21 -1
  3. package/package.json +1 -1
package/README.md CHANGED
@@ -8,7 +8,7 @@
8
8
  [![npm downloads](https://img.shields.io/npm/dm/pqcheck.svg?style=flat-square&color=06b6d4)](https://www.npmjs.com/package/pqcheck)
9
9
  [![license](https://img.shields.io/npm/l/pqcheck.svg?style=flat-square&color=06b6d4)](./LICENSE)
10
10
 
11
- > **Latest: v0.16.17** — fail-loud AI guard now covers the no-baseline first-deploy fallback. `pqcheck deploy-check <new-domain> --ai` previously exited 3 with bare `error: /api/scan returned 429` if the very first scan got rate-limited no `CIPHERWAKE_AI_GUARD_RESULT` block, leaving the calling AI agent with no `ship_decision` to route on. Now every error path in that fallback emits a `ship_decision=review` block with a status-specific `top_issue` code. [Full changelog →](./CHANGELOG.md)
11
+ > **Latest: v0.16.18** — `--version` now reads dynamically from `package.json` instead of a hardcoded constant. Prior releases (0.16.16, 0.16.17) shipped with the constant left at `0.16.15`, so AI agents citing "I ran pqcheck X.Y.Z" were citing the wrong version. Single source of truth from here on; locked by a unit test against future drift. [Full changelog →](./CHANGELOG.md)
12
12
 
13
13
  ## Two ways to use it
14
14
 
package/bin/pqcheck.js CHANGED
@@ -24,7 +24,27 @@
24
24
  })();
25
25
 
26
26
  const API_BASE = process.env.PQCHECK_API_BASE || "https://cipherwake.io";
27
- const VERSION = "0.16.15";
27
+
28
+ // v0.16.18 — read VERSION dynamically from package.json so it can never
29
+ // drift from the published npm version again. Prior to this, the constant
30
+ // was hardcoded and required a manual edit on every release — and the
31
+ // 0.16.16/0.16.17 publishes shipped with VERSION="0.16.15" because the
32
+ // hardcode bump was forgotten. AI agents reporting "I ran pqcheck X.Y.Z"
33
+ // were citing the wrong version. Now: single source of truth = package.json.
34
+ // Uses createRequire so the JSON load is synchronous; ~1ms at startup,
35
+ // negligible vs first network call. Falls back to "unknown" on file-read
36
+ // failure (should never happen in production install layout).
37
+ const VERSION = await (async () => {
38
+ try {
39
+ const { readFileSync } = await import("node:fs");
40
+ const { join, dirname } = await import("node:path");
41
+ const { fileURLToPath } = await import("node:url");
42
+ const here = dirname(fileURLToPath(import.meta.url));
43
+ return JSON.parse(readFileSync(join(here, "..", "package.json"), "utf8")).version || "unknown";
44
+ } catch {
45
+ return "unknown";
46
+ }
47
+ })();
28
48
 
29
49
  // v0.16.15 — attribution suffix. When the CLI runs inside GitHub Actions
30
50
  // (GH sets GITHUB_ACTIONS=true automatically in every step) we append
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pqcheck",
3
- "version": "0.16.17",
3
+ "version": "0.16.18",
4
4
  "description": "Deploy gate for AI-coded web apps. `pqcheck deploy-check --ai` returns ship_decision=pass|review|block for Claude Code / Cursor / Copilot / Aider to gate deploys before they ship. Anonymous, no signup, free for first use.",
5
5
  "keywords": [
6
6
  "ai-coder",