npm - speclock - Versions diffs - 5.0.0 → 5.0.2 - Mend

speclock 5.0.0 → 5.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/SPECLOCK-INSTRUCTIONS.md CHANGED Viewed

@@ -1,5 +1,7 @@
 # SpecLock Project Instructions — Copy-Paste Templates
+> Developed by **Sandeep Roy** ([github.com/sgroy10](https://github.com/sgroy10))
 These are **project-level instructions** that you paste into your AI coding platform's settings. They force the AI to use SpecLock on every action — turning it from a passive notepad into an active guardrail.
 ---

package/bin/speclock.js CHANGED Viewed

@@ -1,2 +1,4 @@
 #!/usr/bin/env node
+// SpecLock CLI — AI Constraint Engine
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 import "../src/cli/index.js";

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "speclock",
-  "version": "5.0.0",
+  "version": "5.0.2",
   "description": "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints), Code Graph (blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2, Python SDK, ROS2 integration. 39 MCP tools, Gemini LLM hybrid, HMAC audit chain, RBAC, encryption, SOC 2/HIPAA compliance.",
@@ -12,130 +12,91 @@
   "bin": {
-  "speclock": "./bin/speclock.js"
+    "speclock": "./bin/speclock.js"
   },
   "scripts": {
-  "start": "node src/mcp/server.js",
+    "start": "node src/mcp/server.js",
-  "serve": "node src/mcp/server.js",
+    "serve": "node src/mcp/server.js",
-  "test": "node --experimental-vm-modules node_modules/.bin/jest"
+    "test": "node --experimental-vm-modules node_modules/.bin/jest"
   },
   "keywords": [
-  "mcp",
+    "mcp",
-  "mcp-server",
+    "mcp-server",
-  "ai",
+    "ai",
-  "ai-memory",
+    "ai-memory",
-  "ai-continuity",
+    "ai-continuity",
-  "context",
+    "context",
-  "memory",
+    "memory",
-  "claude",
+    "claude",
-  "claude-code",
+    "claude-code",
-  "cursor",
+    "cursor",
-  "codex",
+    "codex",
-  "windsurf",
+    "windsurf",
-  "cline",
+    "cline",
-  "speclock",
+    "speclock",
-  "ai-amnesia",
+    "ai-amnesia",
-  "model-context-protocol",
+    "model-context-protocol",
-  "drift-detection",
+    "drift-detection",
-  "constraint-enforcement",
+    "constraint-enforcement",
-  "enterprise",
+    "enterprise",
-  "soc2",
+    "soc2",
-  "hipaa",
+    "hipaa",
-  "compliance",
+    "compliance",
-  "audit-trail",
+    "audit-trail",
-  "hmac",
+    "hmac",
-  "encryption",
+    "encryption",
-  "aes-256",
+    "aes-256",
-  "api-key",
+    "api-key",
-  "authentication",
+    "authentication",
-  "rbac",
+    "rbac",
-  "policy-as-code",
+    "policy-as-code",
-  "sso",
+    "sso",
-  "oauth",
+    "oauth",
-  "oidc",
+    "oidc",
-  "dashboard",
+    "dashboard",
-  "telemetry"
+    "telemetry"
   ],
@@ -147,104 +108,79 @@
   "bugs": {
-  "url": "https://github.com/sgroy10/speclock/issues"
+    "url": "https://github.com/sgroy10/speclock/issues"
   },
   "repository": {
-  "type": "git",
+    "type": "git",
-  "url": "git+https://github.com/sgroy10/speclock.git"
+    "url": "git+https://github.com/sgroy10/speclock.git"
   },
   "engines": {
-  "node": ">=18"
+    "node": ">=18"
   },
   "dependencies": {
-  "@modelcontextprotocol/sdk": "^1.26.0",
+    "@modelcontextprotocol/sdk": "^1.26.0",
-  "chokidar": "^3.6.0",
+    "chokidar": "^3.6.0",
-  "zod": "^3.25.0"
+    "zod": "^3.25.0"
   },
   "files": [
-  "bin/",
+    "bin/",
-  "src/",
+    "src/",
-  "src/dashboard/",
+    "src/dashboard/",
-  "README.md",
+    "README.md",
-  "SPECLOCK-INSTRUCTIONS.md",
+    "SPECLOCK-INSTRUCTIONS.md",
-  "LICENSE"
+    "LICENSE"
   ],
   "devDependencies": {
-  "esbuild": "^0.27.3",
+    "esbuild": "^0.27.3",
-  "jest": "^30.2.0"
+    "jest": "^30.2.0"
   },
   "speclock": {
-  "active": true,
+    "active": true,
-  "message": "STOP — This project has SpecLock constraints. Read SPECLOCK.md and .speclock/context/latest.md BEFORE making ANY changes. Run 'npx speclock check' before ALL code changes. If a lock below is violated, STOP and ask user to unlock.",
+    "message": "STOP — This project has SpecLock constraints. Read SPECLOCK.md and .speclock/context/latest.md BEFORE making ANY changes. Run 'npx speclock check' before ALL code changes. If a lock below is violated, STOP and ask user to unlock.",
-  "locks": [
+    "locks": [
-  "Game balance configuration must not be changed",
+      "Game balance configuration must not be changed",
-  "Patient records must never be deleted",
+      "Patient records must never be deleted",
-  "No breaking changes to public API"
+      "No breaking changes to public API"
-  ],
+    ],
-  "context": ".speclock/context/latest.md",
+    "context": ".speclock/context/latest.md",
-  "rules": "SPECLOCK.md"
+    "rules": "SPECLOCK.md"
   }
 }

package/src/core/git.js CHANGED Viewed

@@ -1,3 +1,6 @@
+// SpecLock Git Integration — Checkpoints, diffs, repo status
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 import fs from "fs";
 import path from "path";
 import { spawnSync } from "child_process";

package/src/core/hooks.js CHANGED Viewed

@@ -1,4 +1,5 @@
 // SpecLock Git Hook Management
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 import fs from "fs";
 import path from "path";

package/src/core/semantics.js CHANGED Viewed

@@ -2,6 +2,7 @@
 // SpecLock Semantic Analysis Engine v3
 // Subject-aware conflict detection with scope matching.
 // Zero external dependencies — pure JavaScript.
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 // ===================================================================
 // ===================================================================

package/src/core/storage.js CHANGED Viewed

@@ -1,3 +1,6 @@
+// SpecLock Storage — brain.json and events.log read/write with encryption support
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 import fs from "fs";
 import path from "path";
 import crypto from "crypto";

package/src/core/templates.js CHANGED Viewed

@@ -1,4 +1,5 @@
 // SpecLock Constraint Templates — Pre-built lock packs for common frameworks
+// Developed by Sandeep Roy (https://github.com/sgroy10)
 export const TEMPLATES = {
   nextjs: {

package/src/mcp/http-server.js CHANGED Viewed

@@ -881,7 +881,7 @@ app.get("/health", (req, res) => {
     status: "healthy",
     version: VERSION,
     uptime: Math.floor((Date.now() - START_TIME) / 1000),
-    tools: 35,
+    tools: 39,
     auditChain: auditStatus,
     authEnabled: isAuthEnabled(PROJECT_ROOT),
     rateLimit: { limit: RATE_LIMIT, windowMs: RATE_WINDOW_MS },
@@ -895,8 +895,8 @@ app.get("/", (req, res) => {
     name: "speclock",
     version: VERSION,
     author: AUTHOR,
-    description: "AI Constraint Engine for autonomous systems governance. Typed constraints (numerical, range, state, temporal) + REST API v2 with batch checking & SSE streaming. Python SDK + ROS2 integration. Policy-as-Code, OAuth/OIDC SSO, admin dashboard, telemetry, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 35 MCP tools.",
-    tools: 35,
+    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints), Code Graph (blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2 with batch checking & SSE streaming. Python SDK + ROS2 integration. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 39 MCP tools. 940 tests, 99.4% accuracy.",
+    tools: 39,
     mcp_endpoint: "/mcp",
     health_endpoint: "/health",
     npm: "https://www.npmjs.com/package/speclock",
@@ -910,7 +910,7 @@ app.get("/.well-known/mcp/server-card.json", (req, res) => {
   res.json({
     name: "SpecLock",
     version: VERSION,
-    description: "AI Constraint Engine for autonomous systems governance. Typed constraints + REST API v2 with batch checking & SSE streaming. Python SDK (pip install speclock) + ROS2 Guardian Node. Hybrid heuristic + Gemini LLM. Policy-as-Code, OAuth/OIDC SSO, admin dashboard, telemetry, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 35 MCP tools + CLI. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable.",
+    description: "AI Constraint Engine for autonomous systems governance. Spec Compiler (NL→constraints via Gemini Flash), Code Graph (dependency parsing, blast radius, lock-to-file mapping), Typed constraints (numerical, range, state, temporal), REST API v2, Python SDK + ROS2 Guardian Node. Hybrid heuristic + Gemini LLM. Policy-as-Code, RBAC, AES-256-GCM encryption, hard enforcement, HMAC audit chain, SOC 2/HIPAA compliance. 39 MCP tools. 940 tests, 99.4% accuracy. Works with Claude Code, Cursor, Windsurf, Cline, Bolt.new, Lovable.",
     author: {
       name: "Sandeep Roy",
       url: "https://github.com/sgroy10",
@@ -919,7 +919,7 @@ app.get("/.well-known/mcp/server-card.json", (req, res) => {
     homepage: "https://sgroy10.github.io/speclock/",
     license: "MIT",
     capabilities: {
-      tools: 35,
+      tools: 39,
       categories: [
         "Memory Management",
         "Change Tracking",
@@ -1411,8 +1411,10 @@ app.get("/api/v2/status", (req, res) => {
 app.post("/api/v2/compiler/compile", async (req, res) => {
   setCorsHeaders(res);
-  if (!checkAuth(req, res)) return;
-  if (!checkRateLimit(req, res)) return;
+  const clientIp = req.headers["x-forwarded-for"]?.split(",")[0]?.trim() || req.socket?.remoteAddress || "unknown";
+  if (!checkRateLimit(clientIp)) {
+    return res.status(429).json({ error: "Rate limit exceeded", api_version: "v2" });
+  }
   try {
     ensureInit(PROJECT_ROOT);
@@ -1451,7 +1453,6 @@ app.post("/api/v2/compiler/compile", async (req, res) => {
 app.get("/api/v2/graph", (req, res) => {
   setCorsHeaders(res);
-  if (!checkAuth(req, res)) return;
   try {
     ensureInit(PROJECT_ROOT);
@@ -1464,7 +1465,6 @@ app.get("/api/v2/graph", (req, res) => {
 app.post("/api/v2/graph/build", (req, res) => {
   setCorsHeaders(res);
-  if (!checkAuth(req, res)) return;
   try {
     ensureInit(PROJECT_ROOT);
@@ -1482,7 +1482,6 @@ app.post("/api/v2/graph/build", (req, res) => {
 app.get("/api/v2/graph/blast-radius", (req, res) => {
   setCorsHeaders(res);
-  if (!checkAuth(req, res)) return;
   try {
     ensureInit(PROJECT_ROOT);
@@ -1500,7 +1499,6 @@ app.get("/api/v2/graph/blast-radius", (req, res) => {
 app.get("/api/v2/graph/lock-map", (req, res) => {
   setCorsHeaders(res);
-  if (!checkAuth(req, res)) return;
   try {
     ensureInit(PROJECT_ROOT);