speclock 5.5.0 → 5.5.2

package/package.json

@@ -2,7 +2,7 @@
 
   "name": "speclock",
 
-  "version": "5.5.0",
+  "version": "5.5.2",
 
   "description": "Stop AI from breaking code you told it not to touch. Enforces .cursorrules, CLAUDE.md, and AGENTS.md — not just suggests. Zero-config: npx speclock protect reads your existing AI rule files, extracts constraints, installs pre-commit hooks, and makes your rules unbreakable. 51 MCP tools, Universal Rules Sync, AI Patch Firewall, Spec Compiler, Code Graph, Typed Constraints, Drift Score, HMAC audit chain, SOC 2/HIPAA compliance. Developed by Sandeep Roy.",
 

package/src/cli/index.js

@@ -123,7 +123,7 @@ function refreshContext(root) {
 
 function printHelp() {
   console.log(`
-SpecLock v5.5.0 — Your AI has rules. SpecLock makes them unbreakable.
+SpecLock v5.5.2 — Your AI has rules. SpecLock makes them unbreakable.
 Developed by Sandeep Roy (github.com/sgroy10)
 
 Usage: speclock <command> [options]

package/src/core/compliance.js

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
 
-const VERSION = "5.5.0";
+const VERSION = "5.5.2";
 
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/guardian.js

@@ -32,30 +32,66 @@ const RULE_FILES = [
   { file: ".github/instructions.md", tool: "GitHub (alt)" },
 ];
 
+// Files that SpecLock's sync creates — these are OUTPUT, not INPUT.
+// Never read these back as source rule files.
+const SPECLOCK_OUTPUT_FILES = new Set([
+  ".cursor/rules/speclock.mdc",
+  ".windsurf/rules/speclock.md",
+]);
+
+// Header markers that indicate a file was auto-generated by SpecLock sync.
+// If ANY of these appear in the first 8 lines, skip the file.
+const SPECLOCK_SYNC_MARKERS = [
+  "Auto-synced from SpecLock",
+  "Auto-synced by SpecLock",
+  "Auto-synced.",
+  "(SpecLock)",
+  "# SpecLock Constraints",
+  "# Generated:",
+  "Do not edit manually — run `speclock sync`",
+  "speclock sync --format",
+  "speclock_session_briefing",
+];
+
 /**
  * Discover all AI rule files in the project.
  */
 export function discoverRuleFiles(root) {
   const found = [];
   for (const entry of RULE_FILES) {
+    // Skip known SpecLock output files
+    if (SPECLOCK_OUTPUT_FILES.has(entry.file)) continue;
+
     const fullPath = path.join(root, entry.file);
     if (fs.existsSync(fullPath)) {
       const content = fs.readFileSync(fullPath, "utf-8").trim();
-      if (content.length > 0) {
-        found.push({
-          file: entry.file,
-          tool: entry.tool,
-          path: fullPath,
-          content,
-          size: content.length,
-          lines: content.split("\n").length,
-        });
-      }
+      if (content.length === 0) continue;
+
+      // Skip files that were auto-generated by SpecLock sync
+      if (isSpeclockGenerated(content)) continue;
+
+      found.push({
+        file: entry.file,
+        tool: entry.tool,
+        path: fullPath,
+        content,
+        size: content.length,
+        lines: content.split("\n").length,
+      });
     }
   }
   return found;
 }
 
+/**
+ * Check if file content was auto-generated by SpecLock sync.
+ * Looks at the first 5 lines for sync markers.
+ */
+function isSpeclockGenerated(content) {
+  const header = content.split("\n").slice(0, 8).join("\n");
+  return SPECLOCK_SYNC_MARKERS.some((marker) => header.includes(marker));
+}
+
 // --- Heuristic constraint extraction (no API key needed) ---
 
 // Patterns that signal a constraint/rule

package/src/core/semantics.js

@@ -787,6 +787,17 @@ export const CONCEPT_MAP = {
   "location data":     ["subscriber data", "tracking data", "geolocation",
                         "user location", "pii"],
 
+  // Programming languages (alternatives = language switch conflict)
+  "typescript":        ["programming language", "typed language", "javascript",
+                        "language", "ts"],
+  "javascript":        ["programming language", "scripting language", "typescript",
+                        "language", "js"],
+  "python":            ["programming language", "scripting language", "language"],
+  "golang":            ["programming language", "language", "go"],
+  "rust":              ["programming language", "systems language", "language"],
+  "java":              ["programming language", "language", "kotlin"],
+  "kotlin":            ["programming language", "language", "java"],
+
   // Frontend frameworks (alternatives = change framework conflict)
   "react":             ["frontend framework", "ui framework", "frontend", "ui",
                         "vue", "angular", "svelte", "sveltekit", "next.js", "nextjs"],
@@ -1433,7 +1444,9 @@ function isProhibitiveLock(lockText) {
     || /\bno\s+\w/i.test(lockText)
     // Normalized lock patterns from lock-author.js rewriting
     || /\bis\s+frozen\b/i.test(lockText)
-    || /\bmust\s+(remain|be\s+preserved|stay|always)\b/i.test(lockText);
+    || /\bmust\s+(remain|be\s+preserved|stay|always)\b/i.test(lockText)
+    // "ALWAYS use X" is a preservation mandate — removing X violates it
+    || /^\s*always\b/i.test(lockText);
 }
 
 // ===================================================================
@@ -2140,6 +2153,50 @@ export function scoreConflict({ actionText, lockText }) {
     }
   }
 
+  // Check 0b: MUST-mandate inversion
+  // "MUST validate all user input" + "skip input validation" → conflict
+  // When a lock says MUST/ALWAYS + <verb>, and the action uses a negation verb
+  // (skip, remove, disable, bypass, omit, drop, eliminate, stop) targeting the same concept,
+  // that's a violation of the mandate.
+  {
+    const mandateMatch = lockText.match(/^\s*(?:must|always)\s+(\w+(?:\s+\w+){0,3})/i);
+    if (mandateMatch && !prohibitedVerb) {
+      const mandatedPhrase = mandateMatch[1].toLowerCase();
+      const mandatedWords = mandatedPhrase.split(/\s+/).filter(w => !STOPWORDS.has(w) && w.length > 2);
+      const actionLower = actionText.toLowerCase();
+      const NEGATION_VERBS = /\b(skip|skipping|remove|removing|disable|disabling|bypass|bypassing|omit|omitting|drop|dropping|eliminate|eliminating|stop|stopping|avoid|avoiding|delete|deleting|no|without)\b/;
+
+      if (NEGATION_VERBS.test(actionLower)) {
+        // Check if the action targets the same concept as the mandated verb
+        // Stem matching: "validate" ↔ "validation" share root "validat" (5+ chars)
+        const actionWords = actionLower.split(/\s+/).map(w => w.replace(/[^a-z]/g, "")).filter(w => w.length > 2);
+        let conceptOverlap = 0;
+        for (const mw of mandatedWords) {
+          for (const aw of actionWords) {
+            if (aw === mw) { conceptOverlap++; break; }
+            // Share a common root of 5+ chars: validate↔validation (validat)
+            const minLen = Math.min(aw.length, mw.length);
+            if (minLen >= 5) {
+              const root = Math.min(minLen, Math.max(5, minLen - 2));
+              if (aw.substring(0, root) === mw.substring(0, root)) {
+                conceptOverlap++;
+                break;
+              }
+            }
+          }
+        }
+        if (conceptOverlap >= 1) {
+          const bonus = conceptOverlap >= 2 ? 45 : 25;
+          score += bonus;
+          actionPerformsProhibitedOp = true;
+          reasons.push(
+            `mandate violation: action negates MUST-requirement ` +
+            `"${mandatedPhrase}" (${conceptOverlap} concept overlap)`);
+        }
+      }
+    }
+  }
+
   // Check 1: Direct opposite verbs (e.g., "enable" vs "disable")
   if (lockIsProhibitive && prohibitedVerb && actionPrimaryVerb) {
     if (checkOpposites(actionPrimaryVerb, prohibitedVerb)) {
@@ -2227,7 +2284,7 @@ export function scoreConflict({ actionText, lockText }) {
   // "Test that Stripe is working" is COMPLIANT with "must always use Stripe"
   // "Debug the Stripe webhook" is COMPLIANT — it's verifying the preserved system
   {
-    const lockIsPreservation = /must remain|must be preserved|must always|at all times|must stay/i.test(lockText);
+    const lockIsPreservation = /must remain|must be preserved|must always|at all times|must stay|^\s*always\b/im.test(lockText);
 
     if (!intentAligned && lockIsPreservation) {
       const SAFE_FOR_PRESERVATION = new Set([
@@ -2339,7 +2396,7 @@ export function scoreConflict({ actionText, lockText }) {
   // But: "Update payment to use Razorpay" vs "Stripe lock" → introducing competitor → NOT safe
   // But: "Add Stripe key to frontend" → "add" not in WORKING_WITH_VERBS → NOT safe
   if (!intentAligned && actionPrimaryVerb) {
-    const lockIsPreservationOrFreeze = /must remain|must be preserved|must always|at all times|must stay|must never|must not|should never|do not replace|do not remove|do not switch|don't replace|don't remove|don't switch|don't|do not|never|uses .+ library/i.test(lockText);
+    const lockIsPreservationOrFreeze = /must remain|must be preserved|must always|at all times|must stay|must never|must not|should never|do not replace|do not remove|do not switch|don't replace|don't remove|don't switch|don't|do not|never|uses .+ library|^\s*always\b/im.test(lockText);
     if (lockIsPreservationOrFreeze) {
       // Extract specific brand/tech names from the lock text
       const lockWords = lockText.toLowerCase().split(/\s+/).map(w => w.replace(/[^a-z0-9]/g, "")).filter(w => w.length > 2);
@@ -2356,6 +2413,9 @@ export function scoreConflict({ actionText, lockText }) {
         "baileys", "twilio", "whatsapp",
         "auth0", "okta", "cognito", "keycloak",
         "react", "vue", "angular", "svelte", "nextjs", "nuxt",
+        "typescript", "javascript", "python", "golang", "rust", "java", "kotlin",
+        "tailwind", "bootstrap", "prisma", "drizzle", "sequelize",
+        "express", "fastapi", "django", "flask", "rails",
         "docker", "kubernetes", "terraform", "ansible",
         "aws", "gcp", "azure", "vercel", "netlify", "railway", "heroku",
       ]);
@@ -2406,7 +2466,7 @@ export function scoreConflict({ actionText, lockText }) {
       "build", "add", "create", "implement", "make", "design",
       "develop", "introduce",
     ]);
-    const lockIsPreservation = /must remain|must be preserved|must always|at all times|must stay/i.test(lockText);
+    const lockIsPreservation = /must remain|must be preserved|must always|at all times|must stay|^\s*always\b/im.test(lockText);
     if (lockIsPreservation) {
       if (ENHANCEMENT_VERBS.has(actionPrimaryVerb)) {
         // Enhancement verbs always align with preservation locks

package/src/core/telemetry.js

@@ -257,7 +257,7 @@ export async function flushToRemote(root) {
   // Build anonymized payload
   const payload = {
     instanceId: summary.instanceId,
-    version: "5.5.0",
+    version: "5.5.2",
     totalCalls: summary.totalCalls,
     avgResponseMs: summary.avgResponseMs,
     conflicts: summary.conflicts,

package/src/dashboard/index.html

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v5.5.0 &mdash; Your AI has rules. SpecLock makes them unbreakable.</div>
+    <div class="meta">v5.5.2 &mdash; Your AI has rules. SpecLock makes them unbreakable.</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v5.5.0 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v5.5.2 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 
 <script>

package/src/mcp/http-server.js

@@ -113,7 +113,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "5.5.0";
+const VERSION = "5.5.2";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();
 

package/src/mcp/server.js

@@ -126,7 +126,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 
 // --- MCP Server ---
-const VERSION = "5.5.0";
+const VERSION = "5.5.2";
 const AUTHOR = "Sandeep Roy";
 
 const server = new McpServer(