speclock 5.2.1 → 5.2.3

package/package.json

@@ -2,7 +2,7 @@
 
   "name": "speclock",
 
-  "version": "5.2.1",
+  "version": "5.2.3",
 
   "description": "AI Constraint Engine — AI Patch Firewall. Diff-native review (interface breaks, protected symbols, dependency drift, schema changes, API impact), Patch Gateway (ALLOW/WARN/BLOCK verdicts), Spec Compiler (NL→constraints), Code Graph (blast radius, lock-to-file mapping), Typed constraints, REST API v2, Python SDK, ROS2 integration. 42 MCP tools, Gemini LLM hybrid, HMAC audit chain, RBAC, encryption, SOC 2/HIPAA compliance.",
 

package/src/cli/index.js

@@ -117,7 +117,7 @@ function refreshContext(root) {
 
 function printHelp() {
   console.log(`
-SpecLock v5.2.1 — AI Constraint Engine (Spec Compiler + Code Graph + Typed Constraints + Python SDK + ROS2 + REST API v2 + Gemini LLM + Policy-as-Code + Auth + RBAC + Encryption)
+SpecLock v5.2.3 — AI Constraint Engine (Spec Compiler + Code Graph + Typed Constraints + Python SDK + ROS2 + REST API v2 + Gemini LLM + Policy-as-Code + Auth + RBAC + Encryption)
 Developed by Sandeep Roy (github.com/sgroy10)
 
 Usage: speclock <command> [options]
@@ -1102,6 +1102,135 @@ Tip: When starting a new chat, tell the AI:
     return;
   }
 
+  // --- RELEASE: Automated version bump + publish + deploy ---
+  if (cmd === "release") {
+    const bump = args[0]; // "patch", "minor", or "major"
+    if (!bump || !["patch", "minor", "major"].includes(bump)) {
+      console.log("Usage: speclock release <patch|minor|major>");
+      console.log("  Bumps version in ALL files, commits, pushes, npm publishes, deploys.");
+      process.exit(1);
+    }
+
+    const { execSync } = await import("child_process");
+    const fs = await import("fs");
+
+    // Read current version
+    const pkgPath = path.join(root, "package.json");
+    const pkg = JSON.parse(fs.readFileSync(pkgPath, "utf8"));
+    const [major, minor, patch] = pkg.version.split(".").map(Number);
+    let newVersion;
+    if (bump === "patch") newVersion = `${major}.${minor}.${patch + 1}`;
+    else if (bump === "minor") newVersion = `${major}.${minor + 1}.0`;
+    else newVersion = `${major + 1}.0.0`;
+
+    console.log(`\n  Releasing v${newVersion} (was ${pkg.version})\n`);
+
+    // Step 1: Version bump in all 7 files
+    const VERSION_FILES = [
+      { file: "package.json", pattern: `"version": "${pkg.version}"`, replacement: `"version": "${newVersion}"` },
+      { file: "src/mcp/http-server.js", pattern: `const VERSION = "${pkg.version}"`, replacement: `const VERSION = "${newVersion}"` },
+      { file: "src/mcp/server.js", pattern: `const VERSION = "${pkg.version}"`, replacement: `const VERSION = "${newVersion}"` },
+      { file: "src/core/compliance.js", pattern: `const VERSION = "${pkg.version}"`, replacement: `const VERSION = "${newVersion}"` },
+      { file: "src/cli/index.js", pattern: `SpecLock v${pkg.version}`, replacement: `SpecLock v${newVersion}` },
+      { file: "src/dashboard/index.html", pattern: `v${pkg.version}`, replacement: `v${newVersion}` },
+    ];
+
+    let filesUpdated = 0;
+    for (const { file, pattern, replacement } of VERSION_FILES) {
+      const filePath = path.join(root, file);
+      if (!fs.existsSync(filePath)) {
+        console.log(`  SKIP  ${file} (not found)`);
+        continue;
+      }
+      const content = fs.readFileSync(filePath, "utf8");
+      const updated = content.replaceAll(pattern, replacement);
+      if (updated !== content) {
+        fs.writeFileSync(filePath, updated);
+        const count = (content.split(pattern).length - 1);
+        console.log(`  DONE  ${file} (${count} replacement${count > 1 ? "s" : ""})`);
+        filesUpdated++;
+      } else {
+        console.log(`  SKIP  ${file} (pattern not found)`);
+      }
+    }
+    console.log(`\n  ${filesUpdated} files updated to v${newVersion}\n`);
+
+    // Step 2: Git commit + push
+    console.log("  Committing...");
+    try {
+      execSync(`git add -A`, { cwd: root, stdio: "pipe" });
+      execSync(`git commit -m "v${newVersion}"`, { cwd: root, stdio: "pipe" });
+      console.log("  DONE  git commit");
+    } catch (e) {
+      console.error("  FAIL  git commit:", e.message);
+      process.exit(1);
+    }
+
+    console.log("  Pushing...");
+    try {
+      execSync(`git push origin main`, { cwd: root, stdio: "pipe" });
+      console.log("  DONE  git push");
+    } catch (e) {
+      console.error("  FAIL  git push:", e.message);
+    }
+
+    // Step 3: npm publish
+    console.log("  Publishing to npm...");
+    try {
+      execSync(`npm publish`, { cwd: root, stdio: "pipe" });
+      console.log("  DONE  npm publish speclock@" + newVersion);
+    } catch (e) {
+      console.error("  FAIL  npm publish:", e.message);
+    }
+
+    // Step 4: Git tag
+    console.log("  Tagging...");
+    try {
+      execSync(`git tag v${newVersion}`, { cwd: root, stdio: "pipe" });
+      execSync(`git push origin v${newVersion}`, { cwd: root, stdio: "pipe" });
+      console.log(`  DONE  git tag v${newVersion}`);
+    } catch (e) {
+      console.error("  FAIL  git tag:", e.message);
+    }
+
+    // Step 5: Railway deploy
+    console.log("  Deploying to Railway...");
+    try {
+      execSync(`railway up`, { cwd: root, stdio: "pipe", timeout: 120000 });
+      console.log("  DONE  railway up");
+    } catch (e) {
+      console.log("  WARN  railway up (may need manual deploy):", e.message?.slice(0, 100));
+    }
+
+    // Step 6: Verify
+    console.log("\n  Verifying...");
+    try {
+      const health = execSync(`curl -s https://speclock-mcp-production.up.railway.app/health`, { timeout: 15000 }).toString();
+      const parsed = JSON.parse(health);
+      if (parsed.version === newVersion) {
+        console.log(`  DONE  Railway health: v${parsed.version} (${parsed.tools} tools)`);
+      } else {
+        console.log(`  WARN  Railway shows v${parsed.version}, expected v${newVersion} (may need a moment)`);
+      }
+    } catch (e) {
+      console.log("  WARN  Health check failed (Railway may still be deploying)");
+    }
+
+    try {
+      const npmVer = execSync(`npm view speclock version`, { timeout: 10000 }).toString().trim();
+      if (npmVer === newVersion) {
+        console.log(`  DONE  npm: speclock@${npmVer}`);
+      } else {
+        console.log(`  WARN  npm shows ${npmVer}, expected ${newVersion} (cache delay)`);
+      }
+    } catch (e) {
+      console.log("  WARN  npm check failed");
+    }
+
+    console.log(`\n  Release v${newVersion} complete.\n`);
+    return;
+  }
+
   console.error(`Unknown command: ${cmd}`);
   console.error("Run 'speclock --help' for usage.");
   process.exit(1);

package/src/core/compliance.js

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
 
-const VERSION = "5.2.1";
+const VERSION = "5.2.3";
 
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/semantics.js

@@ -749,6 +749,43 @@ export const CONCEPT_MAP = {
   // Telecom / billing
   "call records":      ["cdr", "call data", "telecom records", "billing records"],
   "subscriber data":   ["customer data", "user data", "telecom records"],
+
+  // Frontend frameworks (alternatives = change framework conflict)
+  "react":             ["frontend framework", "ui framework", "vue", "angular",
+                        "svelte", "sveltekit", "next.js", "nextjs"],
+  "vue":               ["frontend framework", "ui framework", "react", "angular",
+                        "svelte", "sveltekit", "nuxt"],
+  "vue 3":             ["frontend framework", "ui framework", "react", "angular",
+                        "svelte", "sveltekit", "nuxt", "vue"],
+  "vue.js":            ["frontend framework", "ui framework", "react", "angular",
+                        "svelte", "sveltekit", "nuxt", "vue"],
+  "svelte":            ["frontend framework", "ui framework", "react", "vue",
+                        "angular", "sveltekit"],
+  "sveltekit":         ["frontend framework", "ui framework", "react", "vue",
+                        "angular", "svelte", "next.js", "nuxt"],
+  "angular":           ["frontend framework", "ui framework", "react", "vue",
+                        "svelte", "sveltekit"],
+  "next.js":           ["frontend framework", "ui framework", "react", "nuxt",
+                        "sveltekit", "nextjs"],
+  "nextjs":            ["frontend framework", "ui framework", "react", "nuxt",
+                        "sveltekit", "next.js"],
+  "nuxt":              ["frontend framework", "ui framework", "vue", "next.js",
+                        "nextjs", "sveltekit"],
+  "frontend framework":["react", "vue", "angular", "svelte", "sveltekit",
+                        "ui framework", "next.js", "nuxt"],
+  "ui framework":      ["frontend framework", "react", "vue", "angular",
+                        "svelte", "sveltekit"],
+
+  // Backend frameworks (alternatives = change backend conflict)
+  "express":           ["backend framework", "fastify", "koa", "hapi", "nestjs"],
+  "fastify":           ["backend framework", "express", "koa", "hapi", "nestjs"],
+  "django":            ["backend framework", "flask", "fastapi", "rails"],
+  "flask":             ["backend framework", "django", "fastapi"],
+  "fastapi":           ["backend framework", "django", "flask"],
+  "rails":             ["backend framework", "django", "laravel", "ruby on rails"],
+  "laravel":           ["backend framework", "rails", "django", "symfony"],
+  "spring":            ["backend framework", "spring boot", "java framework"],
+  "nestjs":            ["backend framework", "express", "fastify"],
 };
 
 // ===================================================================
@@ -2160,6 +2197,45 @@ export function scoreConflict({ actionText, lockText }) {
     }
   }
 
+  // Check 3d: Non-destructive sub-activities against ANY prohibitive lock
+  // These patterns are inherently safe regardless of subject overlap:
+  // "Write tests for X" → testing never modifies the system
+  // "Update X library version" → version bumps are maintenance
+  // "Add validation to X" → adding safety checks is constructive
+  // "Optimize X queries/performance" → performance tuning ≠ schema change
+  //
+  // GUARD: compound sentences may hide destructive ops behind safe prefixes.
+  // "Optimize DB performance by moving data to unencrypted replica" is NOT safe.
+  // Skip safe-intent if text also contains clearly destructive/insecure content.
+  if (!intentAligned && lockIsProhibitive) {
+    const _actionLowerSafe = actionText.toLowerCase();
+    const _compoundDestructive = /\b(?:unencrypted|plaintext|without\s+encryption|without\s+auth|unsigned|untrusted|insecure|delet(?:e|ing)|remov(?:e|ing)|drop(?:ping)?|destroy|purg(?:e|ing)|wip(?:e|ing)|eras(?:e|ing)|bypass|disabl(?:e|ing)|expos(?:e|ing)|leak|truncat(?:e|ing)|nuk(?:e|ing))\b/i.test(_actionLowerSafe);
+
+    // Pattern 1: Writing/creating/running tests
+    if (!_compoundDestructive && /\b(?:write|create|add|run)\s+(?:unit\s+|integration\s+|e2e\s+|end-to-end\s+)?tests?\b/i.test(_actionLowerSafe)) {
+      intentAligned = true;
+      reasons.push("intent alignment: writing/running tests is non-destructive — does not modify locked system");
+    }
+
+    // Pattern 2: Updating library/client/package version
+    if (!intentAligned && !_compoundDestructive && /\b(?:update|upgrade|bump)\s+\S+\s+(?:library|client|package|dependency|sdk|version)\b/i.test(_actionLowerSafe)) {
+      intentAligned = true;
+      reasons.push("intent alignment: updating library/client version is maintenance — does not modify locked system");
+    }
+
+    // Pattern 3: Adding validation/sanitization (safety improvement)
+    if (!intentAligned && !_compoundDestructive && /\b(?:add|implement|create)\s+(?:input\s+)?(?:validation|sanitization|sanitizing|input\s+checks?)\b/i.test(_actionLowerSafe)) {
+      intentAligned = true;
+      reasons.push("intent alignment: adding validation/sanitization is a safety improvement — does not modify locked system");
+    }
+
+    // Pattern 4: Optimizing queries/performance (non-structural)
+    if (!intentAligned && !_compoundDestructive && /\boptimize\s+\S+\s+(?:query|queries|performance|speed|latency|throughput)\b/i.test(_actionLowerSafe)) {
+      intentAligned = true;
+      reasons.push("intent alignment: optimizing queries/performance is non-destructive — does not modify locked schema/system");
+    }
+  }
+
   // Check 3c: Working WITH locked technology (not replacing it)
   // "Update the Stripe UI components" vs "must always use Stripe" → working WITH Stripe → safe
   // "Update the Stripe payment UI" vs "Stripe API keys must never be exposed" → different subject → safe
@@ -2407,6 +2483,7 @@ const QUESTION_PREFIXES = [
   /^is\s+(?:it\s+)?(?:a\s+)?(?:good\s+idea\s+)?(?:to\s+)?/i,
   /^let\s+me\s+/i,
   /^we\s+should\s+(?:probably\s+)?(?:consider\s+)?(?:look\s+at\s+)?/i,
+  /^how\s+hard\s+(?:would|will|could)\s+it\s+be\s+to\s+/i,
   /^explore\s+(?:using\s+)?/i,
 ];
 

package/src/dashboard/index.html

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v5.2.1 &mdash; AI Constraint Engine</div>
+    <div class="meta">v5.2.3 &mdash; AI Constraint Engine</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v5.2.1 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v5.2.3 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 
 <script>

package/src/mcp/http-server.js

@@ -113,7 +113,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "5.2.1";
+const VERSION = "5.2.3";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();
 

package/src/mcp/server.js

@@ -120,7 +120,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 
 // --- MCP Server ---
-const VERSION = "5.2.1";
+const VERSION = "5.2.3";
 const AUTHOR = "Sandeep Roy";
 
 const server = new McpServer(