npm - speclock - Versions diffs - 4.3.4 → 4.4.0 - Mend

speclock 4.3.4 → 4.4.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/SPECLOCK-INSTRUCTIONS.md CHANGED Viewed

@@ -144,3 +144,59 @@ AI:   🔓 Unlocked. Proceeding with auth file changes.
 1. Add to `~/.claude.json` or `.mcp.json`: `{"mcpServers":{"speclock":{"command":"npx","args":["-y","speclock","serve","--project","."]}}}`
 2. Add the instruction above to `CLAUDE.md`
 3. Done.
+---
+## For Bolt.new, Kimi, Replit, and other platforms WITHOUT MCP
+These platforms don't have MCP connectors. SpecLock works via `npm install` + direct JavaScript API. The conflict checking uses a cloud proxy to get Gemini LLM coverage automatically — no API key needed.
+### Setup:
+1. Install: `npm install speclock`
+2. Paste the instructions below into the platform's Knowledge / System Prompt / Project Instructions.
+### Instructions to paste:
+```
+## SpecLock Rules (MANDATORY — follow on every message)
+This project uses SpecLock for constraint protection. SpecLock is installed via npm.
+### How to check conflicts:
+Before making ANY significant code change, run this check:
+const { checkConflictAsync } = await import("speclock/src/core/engine.js");
+const result = await checkConflictAsync("description of what you are about to do", ["lock text 1", "lock text 2"]);
+if (result.hasConflict) {
+  // STOP — warn the user about the conflict
+  // result.analysis contains the details
+}
+### How to check conflicts (alternative — pass lock text directly):
+const { checkConflictAsync } = await import("speclock/src/core/engine.js");
+const result = await checkConflictAsync("Add Razorpay payment gateway", "Never change from Stripe payment integration");
+// result.hasConflict will be true
+### Rules:
+1. MAINTAIN A LIST of user constraints (locks) in memory. When the user says "never", "always", "don't touch", "lock this" — add it to your lock list.
+2. BEFORE MODIFYING CODE: Call checkConflictAsync with what you're about to do and ALL active locks. If hasConflict is true, STOP and warn the user.
+3. The function is ASYNC — always use await. It calls a cloud API for accurate detection across all domains.
+4. If the function is unavailable, at minimum do a manual check: does your proposed action violate any of the user's stated constraints?
+```
+### Example usage in code:
+```javascript
+import { checkConflictAsync } from "speclock/src/core/engine.js";
+// Check a single lock
+const r = await checkConflictAsync("Switch to MongoDB", "Never change the database technology");
+console.log(r.hasConflict); // true
+console.log(r.analysis);    // "1 conflict(s) confirmed..."
+// Check multiple locks
+const r2 = await checkConflictAsync("Add Razorpay payments", [
+  "Never change from Stripe",
+  "Never modify the payment system"
+]);
+console.log(r2.hasConflict); // true
+```

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "speclock",
-  "version": "4.3.4",
+  "version": "4.4.0",
   "description": "AI constraint engine with Gemini LLM universal detection, Policy-as-Code DSL, OAuth/OIDC SSO, admin dashboard, telemetry, API key auth, RBAC, AES-256-GCM encryption, hard enforcement, semantic pre-commit, HMAC audit chain, SOC 2/HIPAA compliance. Cross-platform: MCP + direct API. 31 MCP tools + CLI. Enterprise platform.",
   "type": "module",
   "main": "src/mcp/server.js",

package/src/cli/index.js CHANGED Viewed

@@ -116,7 +116,7 @@ function refreshContext(root) {
 function printHelp() {
   console.log(`
-SpecLock v4.3.4 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
+SpecLock v4.4.0 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
 Developed by Sandeep Roy (github.com/sgroy10)
 Usage: speclock <command> [options]

package/src/core/compliance.js CHANGED Viewed

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
-const VERSION = "4.3.4";
+const VERSION = "4.4.0";
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/telemetry.js CHANGED Viewed

@@ -257,7 +257,7 @@ export async function flushToRemote(root) {
   // Build anonymized payload
   const payload = {
     instanceId: summary.instanceId,
-    version: "4.3.4",
+    version: "4.4.0",
     totalCalls: summary.totalCalls,
     avgResponseMs: summary.avgResponseMs,
     conflicts: summary.conflicts,

package/src/dashboard/index.html CHANGED Viewed

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v4.3.4 &mdash; AI Constraint Engine</div>
+    <div class="meta">v4.4.0 &mdash; AI Constraint Engine</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v4.3.4 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v4.4.0 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 <script>

package/src/mcp/http-server.js CHANGED Viewed

@@ -91,7 +91,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "4.3.4";
+const VERSION = "4.4.0";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();
@@ -221,13 +221,8 @@ function createSpecLockServer() {
   // Tool 7: speclock_add_note
   server.tool("speclock_add_note", "Add a pinned note for reference.", { text: z.string().min(1).describe("The note text"), pinned: z.boolean().default(true).describe("Whether to pin this note") }, async ({ text, pinned }) => {
     ensureInit(PROJECT_ROOT);
-    const brain = readBrain(PROJECT_ROOT);
-    const note = { id: newId(), text, pinned, createdAt: nowIso() };
-    brain.state.notes.push(note);
-    writeBrain(PROJECT_ROOT, brain);
-    appendEvent(PROJECT_ROOT, { type: "note_added", noteId: note.id, text });
-    bumpEvents(PROJECT_ROOT);
-    return { content: [{ type: "text", text: `Note added [${note.id}]: ${text}` }] };
+    const result = addNote(PROJECT_ROOT, text, pinned);
+    return { content: [{ type: "text", text: `Note added [${result.noteId}]: ${text}` }] };
   });
   // Tool 8: speclock_set_deploy_facts

package/src/mcp/server.js CHANGED Viewed

@@ -100,7 +100,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 // --- MCP Server ---
-const VERSION = "4.3.4";
+const VERSION = "4.4.0";
 const AUTHOR = "Sandeep Roy";
 const server = new McpServer(