npm - speclock - Versions diffs - 4.5.0 → 4.5.2 - Mend

speclock 4.5.0 → 4.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "speclock",
-  "version": "4.5.0",
+  "version": "4.5.2",
   "description": "AI constraint engine with Gemini LLM universal detection, Policy-as-Code DSL, OAuth/OIDC SSO, admin dashboard, telemetry, API key auth, RBAC, AES-256-GCM encryption, hard enforcement, semantic pre-commit, HMAC audit chain, SOC 2/HIPAA compliance. Cross-platform: MCP + direct API. 31 MCP tools + CLI. Enterprise platform.",

package/src/cli/index.js CHANGED Viewed

@@ -117,7 +117,7 @@ function refreshContext(root) {
 function printHelp() {
   console.log(`
-SpecLock v4.5.0 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
+SpecLock v4.5.2 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
 Developed by Sandeep Roy (github.com/sgroy10)
 Usage: speclock <command> [options]

package/src/core/compliance.js CHANGED Viewed

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
-const VERSION = "4.5.0";
+const VERSION = "4.5.2";
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/memory.js CHANGED Viewed

@@ -84,32 +84,28 @@ export function addLock(root, text, tags, source) {
   const brain = ensureInit(root);
   const lockId = newId("lock");
-  // Smart Lock Authoring — auto-normalize to prevent verb contamination
-  const normResult = normalizeLock(text);
+  // Store the user's exact words — no rewriting.
+  // The semantic engine handles verb contamination via subject extraction
+  // and scope matching, so rewriting is no longer needed.
   brain.specLock.items.unshift({
     id: lockId,
-    text: normResult.normalized,
-    originalText: normResult.wasRewritten ? normResult.original : undefined,
+    text: text,
     createdAt: nowIso(),
     source: source || "user",
     tags: tags || [],
     active: true,
   });
   const eventId = newId("evt");
-  const rewriteNote = normResult.wasRewritten
-    ? ` (auto-rewritten from: "${normResult.original.substring(0, 60)}")`
-    : "";
   const event = {
     eventId,
     type: "lock_added",
     at: nowIso(),
     files: [],
-    summary: `Lock added: ${normResult.normalized.substring(0, 80)}${rewriteNote}`,
+    summary: `Lock added: ${text.substring(0, 80)}`,
     patchPath: "",
   };
   recordEvent(root, brain, event);
-  return { brain, lockId, rewritten: normResult.wasRewritten, rewriteReason: normResult.reason };
+  return { brain, lockId, rewritten: false, rewriteReason: null };
 }
 export function removeLock(root, lockId) {

package/src/core/semantics.js CHANGED Viewed

@@ -28,7 +28,7 @@ export const SYNONYM_GROUPS = [
   // --- Modification actions ---
   ["change", "modify", "alter", "update", "mutate", "transform",
-   "rewrite", "revise", "amend", "adjust", "tweak"],
+   "rewrite", "revise", "amend", "adjust", "tweak", "touch", "tamper"],
   ["replace", "swap", "substitute", "switch", "exchange",
    "override", "overwrite"],
   ["move", "relocate", "migrate", "transfer", "shift", "rearrange", "reorganize",
@@ -1372,6 +1372,13 @@ function _extractSubjectsInline(text) {
   content = content.replace(/\s+must\s+(?:be\s+)?(?:preserved|remain)\b.*$/i, "").trim();
   content = content.replace(/\s*[—–]\s+(?:prohibited|no\s+|must\s+not|deletion|do\s+not|migration)\b.*$/i, "").trim();
+  // Strip comma-separated explanatory clauses
+  // "KYC verification flow, it's SEC-compliant" → "KYC verification flow"
+  // "patient records, which are HIPAA-protected" → "patient records"
+  // "the auth system, because it's production-critical" → "the auth system"
+  content = content.replace(/,\s+(?:it|they|that|this|which|who)\s*(?:'s|'re|is|are|was|were|has|have|had)\b.*$/i, "").trim();
+  content = content.replace(/,\s+(?:because|since|as|for|due\s+to|given\s+that)\b.*$/i, "").trim();
   // Strip leading verb
   const words = content.split(/\s+/);
   let startIdx = 0;
@@ -1964,10 +1971,34 @@ export function scoreConflict({ actionText, lockText }) {
     }
   }
+  // Check 3b: Safe/verification verbs against preservation/maintenance locks
+  // "Test that Stripe is working" is COMPLIANT with "must always use Stripe"
+  // "Debug the Stripe webhook" is COMPLIANT — it's verifying the preserved system
+  if (!intentAligned && actionPrimaryVerb) {
+    const lockIsPreservation = /must remain|must be preserved|must always|at all times|must stay/i.test(lockText);
+    if (lockIsPreservation) {
+      const SAFE_FOR_PRESERVATION = new Set([
+        "test", "verify", "check", "validate", "confirm", "ensure",
+        "debug", "inspect", "review", "examine", "monitor", "observe",
+        "watch", "scan", "detect", "audit", "report", "document",
+        "read", "view", "generate", "fix", "repair", "patch",
+        "protect", "secure", "guard", "maintain", "preserve",
+      ]);
+      if (SAFE_FOR_PRESERVATION.has(actionPrimaryVerb)) {
+        intentAligned = true;
+        reasons.push(
+          `intent alignment: verification/maintenance "${actionPrimaryVerb}" is ` +
+          `compliant with preservation lock`);
+      }
+    }
+  }
   // Check 4: Enhancement/constructive actions against preservation/maintenance locks
   // "Increase the rate limit" is COMPLIANT with "rate limiting must remain active"
   // "Add better rate limit error messages" is COMPLIANT (doesn't disable rate limiting)
   // But "Add a way to bypass rate limiting" is NOT safe (contains negative op "bypass")
+  // And "Add Razorpay" vs "must always use Stripe" is NOT safe (competing alternative)
   if (!intentAligned && actionPrimaryVerb) {
     const ENHANCEMENT_VERBS = new Set([
       "increase", "improve", "enhance", "boost", "strengthen",
@@ -1986,15 +2017,23 @@ export function scoreConflict({ actionText, lockText }) {
           `intent alignment: enhancement action "${actionPrimaryVerb}" is ` +
           `compliant with preservation lock`);
       } else if (CONSTRUCTIVE_FOR_PRESERVATION.has(actionPrimaryVerb)) {
-        // Constructive verbs align ONLY if the action doesn't contain negative ops
+        // Constructive verbs align ONLY if:
+        // 1. No negative operations in the action
+        // 2. The action doesn't introduce a COMPETING alternative
+        //    "Add Razorpay" vs "must always use Stripe" → competitor (same synonym group)
+        //    "Add dark mode" vs "must always use Stripe" → unrelated (safe)
         const actionLower = actionText.toLowerCase();
         const hasNegativeOp = NEGATIVE_INTENT_MARKERS.some(m =>
           new RegExp(`\\b${escapeRegex(m)}\\b`, "i").test(actionLower));
-        if (!hasNegativeOp) {
+        // Check if action introduces a competing product/brand from the same category
+        const hasCompetitorMatch = subjectComparison.matchedSubjects.some(m =>
+          typeof m === "string" && m.startsWith("synonym:")
+        );
+        if (!hasNegativeOp && !hasCompetitorMatch) {
           intentAligned = true;
           reasons.push(
             `intent alignment: constructive "${actionPrimaryVerb}" is ` +
-            `compliant with preservation lock (no negative operations)`);
+            `compliant with preservation lock (no negative operations, no competitor)`);
         }
       }
     }

package/src/core/telemetry.js CHANGED Viewed

@@ -257,7 +257,7 @@ export async function flushToRemote(root) {
   // Build anonymized payload
   const payload = {
     instanceId: summary.instanceId,
-    version: "4.5.0",
+    version: "4.5.2",
     totalCalls: summary.totalCalls,
     avgResponseMs: summary.avgResponseMs,
     conflicts: summary.conflicts,

package/src/dashboard/index.html CHANGED Viewed

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v4.5.0 &mdash; AI Constraint Engine</div>
+    <div class="meta">v4.5.2 &mdash; AI Constraint Engine</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v4.5.0 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v4.5.2 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 <script>

package/src/mcp/http-server.js CHANGED Viewed

@@ -91,7 +91,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "4.5.0";
+const VERSION = "4.5.2";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();

package/src/mcp/server.js CHANGED Viewed

@@ -100,7 +100,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 // --- MCP Server ---
-const VERSION = "4.5.0";
+const VERSION = "4.5.2";
 const AUTHOR = "Sandeep Roy";
 const server = new McpServer(