npm - speclock - Versions diffs - 4.5.6 → 4.5.7 - Mend

speclock 4.5.6 → 4.5.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md CHANGED Viewed

@@ -30,7 +30,7 @@ AI:     ⚠️  BLOCKED — violates lock "Never touch the auth system"
         Should I find another approach?
 ```
-**60 test suites. 100% detection. 0% false positives. Gemini Flash hybrid for universal domain coverage.**
+**557 tests. 98% pass rate. 0 false positives across 5 domains. Gemini Flash hybrid for universal domain coverage.**
 ---
@@ -109,7 +109,7 @@ Same config — add to `.cursor/mcp.json` or equivalent.
 |---|:---:|:---:|:---:|:---:|
 | Remembers context | Yes | Yes | Manual | **Yes** |
 | **Blocks the AI from breaking things** | No | No | No | **Yes** |
-| **Semantic conflict detection** | No | No | No | **100% detection, 0% FP** |
+| **Semantic conflict detection** | No | No | No | **98% detection, 0% FP** |
 | **Tamper-proof audit trail** | No | No | No | **HMAC-SHA256 chain** |
 | **Hard enforcement (AI cannot proceed)** | No | No | No | **Yes** |
 | **SOC 2 / HIPAA compliance exports** | No | No | No | **Yes** |
@@ -134,7 +134,7 @@ Not keyword matching — **real semantic analysis** with Gemini Flash hybrid for
 <tr><td>Dilution attacks</td><td>100%</td><td>Violation buried in multi-part request</td></tr>
 <tr><td>Compound sentences</td><td>100%</td><td>"Update UI and also drop users table"</td></tr>
 <tr><td>Synonym substitution</td><td>100%</td><td>"Sunset the API" = remove the API</td></tr>
-<tr><td>Payment brand names</td><td>100%</td><td>"Add Razorpay" vs "Never change payment gateway"</td></tr>
+<tr><td>Payment brand names (11 gateways)</td><td>100%</td><td>"Add Razorpay" / "Implement PayU" vs "Must use Stripe"</td></tr>
 <tr><td>Salary/payroll cross-vocab</td><td>100%</td><td>"Optimize salary" vs "Payroll records locked"</td></tr>
 <tr><td>Safety system bypass</td><td>100%</td><td>"Disable safety interlock" = bypass safety</td></tr>
 <tr><td>Unknown domains (via Gemini)</td><td>100%</td><td>Gaming, biotech, aerospace, music, legal</td></tr>
@@ -386,7 +386,7 @@ The AI opens the file and sees:
 ┌────────────▼──────────────────▼──────────────────┐
 │            SpecLock Core Engine                    │
 │                                                    │
-│  Semantic Engine ─── 55 synonym groups             │
+│  Semantic Engine ─── 65+ synonym groups            │
 │  HMAC Audit ──────── SHA-256 hash chain            │
 │  Enforcer ────────── advisory / hard block         │
 │  Auth + RBAC ─────── 4 roles, API keys             │
@@ -426,15 +426,18 @@ The AI opens the file and sees:
 ## Test Results
-| Suite | Tests | Pass Rate |
-|-------|------:|----------:|
-| Direct Mode (heuristic) | 17 | 100% |
-| Payment/Salary Domain | 18 | 100% |
-| Gemini Hybrid (8 domains) | 16 | 100% |
-| Proxy API Endpoint | 9 | 100% |
-| **Total** | **60** | **100%** |
+| Suite | Tests | Pass Rate | What it covers |
+|-------|------:|----------:|----------------|
+| Adversarial Conflict | 61 | 100% | Euphemisms, temporal evasion, compound sentences |
+| Phase 4 (Multi-domain) | 91 | 100% | Fintech, e-commerce, IoT, healthcare, SaaS |
+| John (Indie Dev Journey) | 86 | 100% | 8-session Bolt.new build with 5 locks |
+| Sam (Enterprise HIPAA) | 124 | 100% | HIPAA locks, PHI, encryption, RBAC |
+| Real-World Testers | 105 | 95% | 5 developers, 30+ locks, diverse domains |
+| Payment/Salary/PII | 35 | 100% | Cross-vocabulary: payroll, salary, compensation |
+| Claude Tester (G-Suite) | 55 | 95% | Independent AI tester, adversarial probing |
+| **Total** | **557** | **98%** | |
-Tested across: fintech, e-commerce, IoT, healthcare, SaaS, gaming, biotech, aerospace, music, legal, payments, payroll. Zero false positives on UI/cosmetic actions.
+Tested across: fintech, e-commerce, IoT, healthcare, SaaS, gaming, biotech, aerospace, payments, payroll. All 11 Indian payment gateways detected (Razorpay, PayU, Cashfree, PhonePe, Paytm, CCAvenue, BillDesk, Instamojo, Juspay, Stripe, PayPal). Zero false positives on UI/cosmetic actions.
 ---
@@ -472,4 +475,4 @@ Built by **[Sandeep Roy](https://github.com/sgroy10)**
 ---
-<p align="center"><i>v4.5.6 — 600+ tests, 31 MCP tools, 0 false positives, Gemini hybrid. Because remembering isn't enough.</i></p>
+<p align="center"><i>v4.5.7 — 557 tests, 98% pass rate, 31 MCP tools, Gemini hybrid. Because remembering isn't enough.</i></p>

package/package.json CHANGED Viewed

@@ -2,9 +2,9 @@
   "name": "speclock",
-  "version": "4.5.6",
+  "version": "4.5.7",
-  "description": "AI constraint engine with Gemini LLM universal detection, Policy-as-Code DSL, OAuth/OIDC SSO, admin dashboard, telemetry, API key auth, RBAC, AES-256-GCM encryption, hard enforcement, semantic pre-commit, HMAC audit chain, SOC 2/HIPAA compliance. Cross-platform: MCP + direct API. 31 MCP tools + CLI. Enterprise platform.",
+  "description": "AI constraint engine — stops AI from breaking what you locked. Semantic detection, Gemini LLM hybrid, 31 MCP tools, HMAC audit chain, RBAC, encryption, SOC 2/HIPAA compliance. Works with Claude Code, Cursor, Bolt.new, Lovable.",
   "type": "module",

package/src/cli/index.js CHANGED Viewed

@@ -117,7 +117,7 @@ function refreshContext(root) {
 function printHelp() {
   console.log(`
-SpecLock v4.5.6 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
+SpecLock v4.5.7 — AI Constraint Engine (Gemini LLM + Policy-as-Code + SSO + Dashboard + Telemetry + Auth + RBAC + Encryption)
 Developed by Sandeep Roy (github.com/sgroy10)
 Usage: speclock <command> [options]

package/src/core/compliance.js CHANGED Viewed

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
-const VERSION = "4.5.6";
+const VERSION = "4.5.7";
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/telemetry.js CHANGED Viewed

@@ -257,7 +257,7 @@ export async function flushToRemote(root) {
   // Build anonymized payload
   const payload = {
     instanceId: summary.instanceId,
-    version: "4.5.6",
+    version: "4.5.7",
     totalCalls: summary.totalCalls,
     avgResponseMs: summary.avgResponseMs,
     conflicts: summary.conflicts,

package/src/dashboard/index.html CHANGED Viewed

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v4.5.6 &mdash; AI Constraint Engine</div>
+    <div class="meta">v4.5.7 &mdash; AI Constraint Engine</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v4.5.6 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v4.5.7 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 <script>

package/src/mcp/http-server.js CHANGED Viewed

@@ -91,7 +91,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "4.5.6";
+const VERSION = "4.5.7";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();

package/src/mcp/server.js CHANGED Viewed

@@ -100,7 +100,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 // --- MCP Server ---
-const VERSION = "4.5.6";
+const VERSION = "4.5.7";
 const AUTHOR = "Sandeep Roy";
 const server = new McpServer(