ripp-cli 1.0.0 → 1.0.1

package/CHANGELOG.md

@@ -0,0 +1,28 @@
+# Changelog
+
+All notable changes to the RIPP CLI will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [1.0.1] - 2025-12-22
+
+### Changed
+
+- Version bump to enable npm publishing of updates
+
+### Fixed
+
+- Synchronized package-lock.json Node.js engine requirement (>=20.0.0) with package.json
+
+## [1.0.0] - Initial Release
+
+### Features
+
+- RIPP packet validation against JSON schema
+- Support for YAML and JSON input formats
+- Multi-file validation with glob patterns
+- Linting with severity levels (error, warning, info)
+- Strict mode for enhanced validation
+- Evidence package generation for handoffs
+- Portable binary distributions for macOS (ARM64 and x64)

package/README.md

@@ -274,6 +274,63 @@ npm link
 ripp validate ../../examples/
 ```
 
+## Publishing
+
+### Prerequisites
+
+To publish `ripp-cli` to npm, you need:
+
+1. **npm Account**: A verified npm account with appropriate permissions
+2. **NPM_TOKEN Secret**: Configured in GitHub repository secrets
+
+### Setting Up NPM_TOKEN
+
+The publishing workflow requires an npm **Granular Access Token** with specific permissions:
+
+1. Log in to [npmjs.com](https://www.npmjs.com)
+2. Go to **Access Tokens** → **Generate New Token** → **Granular Access Token**
+3. Configure the token:
+   - **Permissions**: Select "Read and write" for packages
+   - **Packages and scopes**: Select "All packages" or specific packages
+   - **Organizations**: (if applicable) Select relevant organizations
+   - **Expiration**: Set appropriate expiration date
+   - **Bypass 2FA**: ✅ **MUST be enabled** for CI/CD automation
+4. Copy the generated token
+5. Add it to GitHub repository secrets:
+   - Go to repository **Settings** → **Secrets and variables** → **Actions**
+   - Click **New repository secret**
+   - Name: `NPM_TOKEN`
+   - Value: (paste your token)
+
+**Important**: The token MUST have "Bypass 2FA requirement" enabled. Standard automation tokens may fail with E403 errors if 2FA is enabled on your npm account.
+
+### Publishing Process
+
+The package is published via the GitHub Actions workflow:
+
+1. Go to **Actions** → **Publish NPM Package**
+2. Click **Run workflow**
+3. Configure options:
+   - **dry_run**: `true` (test) or `false` (publish)
+   - **tag**: `latest`, `next`, or `beta`
+   - **package_path**: (default: `tools/ripp-cli`)
+4. Click **Run workflow**
+
+**Workflow Features**:
+
+- ✅ Validates package before publishing
+- ✅ Checks version isn't already published
+- ✅ Verifies npm authentication
+- ✅ Runs tests and linting
+- ✅ Dry-run mode for safe testing
+- ✅ Detailed job summaries
+
+**Version Management**:
+
+- Bump version in `package.json` before publishing
+- Follow [Semantic Versioning](https://semver.org/)
+- Workflow will reject if version already exists
+
 ## Dependencies
 
 - **ajv**: JSON Schema validator

package/lib/evidence.js

@@ -74,14 +74,15 @@ async function buildEvidencePack(cwd, config) {
  */
 async function scanFiles(cwd, evidenceConfig) {
   const files = [];
+  let excludedCount = 0;
   const { includeGlobs, excludeGlobs, maxFileSize } = evidenceConfig;
 
-  // Build combined pattern
-  const patterns = includeGlobs.map(pattern => path.join(cwd, pattern));
-
-  for (const pattern of patterns) {
+  // Use glob with cwd option instead of joining paths
+  // This ensures patterns work correctly on all platforms
+  for (const pattern of includeGlobs) {
     const matches = await glob(pattern, {
-      ignore: excludeGlobs.map(ex => path.join(cwd, ex)),
+      cwd: cwd,
+      ignore: excludeGlobs,
       nodir: true,
       absolute: true
     });
@@ -92,6 +93,7 @@ async function scanFiles(cwd, evidenceConfig) {
 
         // Skip files that are too large
         if (stats.size > maxFileSize) {
+          excludedCount++;
           continue;
         }
 
@@ -109,12 +111,13 @@ async function scanFiles(cwd, evidenceConfig) {
         });
       } catch (error) {
         // Skip files we can't read
+        excludedCount++;
         continue;
       }
     }
   }
 
-  return files;
+  return { files, excludedCount };
 }
 
 /**
@@ -151,7 +154,10 @@ async function extractEvidence(files, cwd) {
     routes: [],
     schemas: [],
     auth: [],
-    workflows: []
+    workflows: [],
+    projectType: detectProjectType(files),
+    keyInsights: extractKeyInsights(files, cwd),
+    codeSnippets: extractKeyCodeSnippets(files)
   };
 
   for (const file of files) {
@@ -362,6 +368,203 @@ function redactSecrets(text) {
   return redacted;
 }
 
+/**
+ * Detect project type from evidence
+ */
+function detectProjectType(files) {
+  const indicators = {
+    cli: 0,
+    webApp: 0,
+    api: 0,
+    library: 0,
+    protocol: 0
+  };
+
+  for (const file of files) {
+    const content = file.content ? file.content.toLowerCase() : '';
+    const path = file.path.toLowerCase();
+
+    // CLI tool indicators
+    if (path.includes('/bin/') || path.includes('cli') || path.includes('command'))
+      indicators.cli += 3;
+    if (
+      content.includes('commander') ||
+      content.includes('yargs') ||
+      content.includes('process.argv')
+    )
+      indicators.cli += 2;
+    if (path === 'package.json' && content.includes('"bin"')) indicators.cli += 4;
+
+    // Web app indicators
+    if (path.includes('app/') || path.includes('pages/') || path.includes('components/'))
+      indicators.webApp += 3;
+    if (content.includes('react') || content.includes('vue') || content.includes('angular'))
+      indicators.webApp += 2;
+    if (path.includes('index.html') || path.includes('app.tsx')) indicators.webApp += 3;
+
+    // API indicators
+    if (path.includes('api/') || path.includes('routes/') || path.includes('controllers/'))
+      indicators.api += 3;
+    if (content.includes('express') || content.includes('fastify') || content.includes('koa'))
+      indicators.api += 2;
+    if (content.includes('@app.route') || content.includes('@route') || content.includes('router.'))
+      indicators.api += 2;
+
+    // Library indicators
+    if (path === 'package.json' && !content.includes('"bin"') && !content.includes('"scripts"'))
+      indicators.library += 2;
+    if (path.includes('lib/') || path.includes('src/index')) indicators.library += 1;
+
+    // Protocol/spec indicators
+    if (path.includes('spec.md') || path.includes('protocol') || path.includes('rfc'))
+      indicators.protocol += 4;
+    if (path.includes('schema/') && path.includes('.json')) indicators.protocol += 2;
+  }
+
+  // Return type with highest score
+  const sorted = Object.entries(indicators).sort((a, b) => b[1] - a[1]);
+  return {
+    primary: sorted[0][0],
+    secondary: sorted[1][1] > 0 ? sorted[1][0] : null,
+    confidence: sorted[0][1] > 5 ? 'high' : sorted[0][1] > 2 ? 'medium' : 'low',
+    scores: indicators
+  };
+}
+
+/**
+ * Extract key insights from README, package.json, and main files
+ */
+function extractKeyInsights(files, cwd) {
+  const insights = {
+    purpose: null,
+    description: null,
+    mainFeatures: [],
+    architecture: null
+  };
+
+  for (const file of files) {
+    const path = file.path.toLowerCase();
+    const content = file.content || '';
+
+    // Extract from README
+    if (path.includes('readme.md') || path.includes('readme.txt')) {
+      // Extract first paragraph as description
+      const lines = content.split('\n');
+      let desc = '';
+      for (const line of lines) {
+        if (line.trim() && !line.startsWith('#') && !line.startsWith('[')) {
+          desc += line.trim() + ' ';
+          if (desc.length > 200) break;
+        }
+      }
+      if (desc) insights.description = desc.slice(0, 300);
+
+      // Extract features (look for bullet points or numbered lists)
+      const featureMatch = content.match(
+        /(?:features|capabilities|includes)[\s\S]{0,50}?\n((?:[-*]\s.+\n)+)/i
+      );
+      if (featureMatch) {
+        insights.mainFeatures = featureMatch[1]
+          .split('\n')
+          .map(f => f.replace(/^[-*]\s+/, '').trim())
+          .filter(f => f.length > 0)
+          .slice(0, 5);
+      }
+    }
+
+    // Extract from package.json
+    if (path === 'package.json') {
+      try {
+        const pkg = JSON.parse(content);
+        if (pkg.description && !insights.description) {
+          insights.description = pkg.description;
+        }
+        if (pkg.name && !insights.purpose) {
+          insights.purpose = `${pkg.name}: ${pkg.description || 'No description'}`;
+        }
+      } catch (e) {
+        // Ignore JSON parse errors
+      }
+    }
+
+    // Extract from SPEC files
+    if (path.includes('spec.md') || path.includes('architecture.md')) {
+      const purposeMatch = content.match(/(?:purpose|goal|objective)[\s:]+([^\n]{50,300})/i);
+      if (purposeMatch && !insights.purpose) {
+        insights.purpose = purposeMatch[1].trim();
+      }
+    }
+  }
+
+  return insights;
+}
+
+/**
+ * Extract key code snippets (functions, classes, exports)
+ */
+function extractKeyCodeSnippets(files) {
+  const snippets = [];
+  let count = 0;
+  const maxSnippets = 15;
+
+  for (const file of files) {
+    if (count >= maxSnippets) break;
+    if (!file.content || file.type !== 'source') continue;
+
+    const content = file.content;
+    const path = file.path;
+
+    // Extract function definitions (JavaScript/TypeScript)
+    const funcMatches = content.matchAll(
+      /(?:export\s+)?(?:async\s+)?function\s+(\w+)\s*\([^)]*\)\s*{([^}]{0,200})/g
+    );
+    for (const match of funcMatches) {
+      if (count >= maxSnippets) break;
+      snippets.push({
+        file: path,
+        type: 'function',
+        name: match[1],
+        snippet: match[0].substring(0, 150)
+      });
+      count++;
+    }
+
+    // Extract class definitions
+    const classMatches = content.matchAll(
+      /(?:export\s+)?class\s+(\w+)(?:\s+extends\s+\w+)?\s*{([^}]{0,150})/g
+    );
+    for (const match of classMatches) {
+      if (count >= maxSnippets) break;
+      snippets.push({
+        file: path,
+        type: 'class',
+        name: match[1],
+        snippet: match[0].substring(0, 150)
+      });
+      count++;
+    }
+
+    // Extract key comments (JSDoc, purpose statements)
+    const commentMatches = content.matchAll(/\/\*\*\s*\n\s*\*\s*([^\n]{30,200})/g);
+    for (const match of commentMatches) {
+      if (count >= maxSnippets) break;
+      if (
+        match[1].toLowerCase().includes('purpose') ||
+        match[1].toLowerCase().includes('description')
+      ) {
+        snippets.push({
+          file: path,
+          type: 'comment',
+          snippet: match[1].trim()
+        });
+        count++;
+      }
+    }
+  }
+
+  return snippets.slice(0, maxSnippets);
+}
+
 module.exports = {
   buildEvidencePack,
   redactSecrets

package/package.json

@@ -1,10 +1,10 @@
 {
   "name": "ripp-cli",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "Official CLI validator for Regenerative Intent Prompting Protocol (RIPP)",
   "main": "index.js",
   "bin": {
-    "ripp": "./index.js"
+    "ripp": "index.js"
   },
   "scripts": {
     "test": "echo \"Warning: No tests specified\" && exit 0"
@@ -21,7 +21,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/Dylan-Natter/ripp-protocol.git",
+    "url": "git+https://github.com/Dylan-Natter/ripp-protocol.git",
     "directory": "tools/ripp-cli"
   },
   "bugs": {
@@ -30,11 +30,21 @@
   "homepage": "https://dylan-natter.github.io/ripp-protocol",
   "dependencies": {
     "ajv": "^8.12.0",
-    "ajv-formats": "^2.1.1",
-    "glob": "^10.3.10",
+    "ajv-formats": "^3.0.1",
+    "glob": "^13.0.0",
     "js-yaml": "^4.1.0"
   },
   "engines": {
-    "node": ">=18.0.0"
+    "node": ">=20.0.0"
+  },
+  "pkg": {
+    "assets": [
+      "../../schema/**/*"
+    ],
+    "targets": [
+      "node20-macos-arm64",
+      "node20-macos-x64"
+    ],
+    "outputPath": "dist"
   }
 }