npm - speclock - Versions diffs - 5.5.1 → 5.5.2 - Mend

speclock 5.5.1 → 5.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "speclock",
-  "version": "5.5.1",
+  "version": "5.5.2",
   "description": "Stop AI from breaking code you told it not to touch. Enforces .cursorrules, CLAUDE.md, and AGENTS.md — not just suggests. Zero-config: npx speclock protect reads your existing AI rule files, extracts constraints, installs pre-commit hooks, and makes your rules unbreakable. 51 MCP tools, Universal Rules Sync, AI Patch Firewall, Spec Compiler, Code Graph, Typed Constraints, Drift Score, HMAC audit chain, SOC 2/HIPAA compliance. Developed by Sandeep Roy.",

package/src/cli/index.js CHANGED Viewed

@@ -123,7 +123,7 @@ function refreshContext(root) {
 function printHelp() {
   console.log(`
-SpecLock v5.5.1 — Your AI has rules. SpecLock makes them unbreakable.
+SpecLock v5.5.2 — Your AI has rules. SpecLock makes them unbreakable.
 Developed by Sandeep Roy (github.com/sgroy10)
 Usage: speclock <command> [options]

package/src/core/compliance.js CHANGED Viewed

@@ -9,7 +9,7 @@
 import { readBrain, readEvents } from "./storage.js";
 import { verifyAuditChain } from "./audit.js";
-const VERSION = "5.5.1";
+const VERSION = "5.5.2";
 // PHI-related keywords for HIPAA filtering
 const PHI_KEYWORDS = [

package/src/core/semantics.js CHANGED Viewed

@@ -2153,6 +2153,50 @@ export function scoreConflict({ actionText, lockText }) {
     }
   }
+  // Check 0b: MUST-mandate inversion
+  // "MUST validate all user input" + "skip input validation" → conflict
+  // When a lock says MUST/ALWAYS + <verb>, and the action uses a negation verb
+  // (skip, remove, disable, bypass, omit, drop, eliminate, stop) targeting the same concept,
+  // that's a violation of the mandate.
+  {
+    const mandateMatch = lockText.match(/^\s*(?:must|always)\s+(\w+(?:\s+\w+){0,3})/i);
+    if (mandateMatch && !prohibitedVerb) {
+      const mandatedPhrase = mandateMatch[1].toLowerCase();
+      const mandatedWords = mandatedPhrase.split(/\s+/).filter(w => !STOPWORDS.has(w) && w.length > 2);
+      const actionLower = actionText.toLowerCase();
+      const NEGATION_VERBS = /\b(skip|skipping|remove|removing|disable|disabling|bypass|bypassing|omit|omitting|drop|dropping|eliminate|eliminating|stop|stopping|avoid|avoiding|delete|deleting|no|without)\b/;
+      if (NEGATION_VERBS.test(actionLower)) {
+        // Check if the action targets the same concept as the mandated verb
+        // Stem matching: "validate" ↔ "validation" share root "validat" (5+ chars)
+        const actionWords = actionLower.split(/\s+/).map(w => w.replace(/[^a-z]/g, "")).filter(w => w.length > 2);
+        let conceptOverlap = 0;
+        for (const mw of mandatedWords) {
+          for (const aw of actionWords) {
+            if (aw === mw) { conceptOverlap++; break; }
+            // Share a common root of 5+ chars: validate↔validation (validat)
+            const minLen = Math.min(aw.length, mw.length);
+            if (minLen >= 5) {
+              const root = Math.min(minLen, Math.max(5, minLen - 2));
+              if (aw.substring(0, root) === mw.substring(0, root)) {
+                conceptOverlap++;
+                break;
+              }
+            }
+          }
+        }
+        if (conceptOverlap >= 1) {
+          const bonus = conceptOverlap >= 2 ? 45 : 25;
+          score += bonus;
+          actionPerformsProhibitedOp = true;
+          reasons.push(
+            `mandate violation: action negates MUST-requirement ` +
+            `"${mandatedPhrase}" (${conceptOverlap} concept overlap)`);
+        }
+      }
+    }
+  }
   // Check 1: Direct opposite verbs (e.g., "enable" vs "disable")
   if (lockIsProhibitive && prohibitedVerb && actionPrimaryVerb) {
     if (checkOpposites(actionPrimaryVerb, prohibitedVerb)) {

package/src/core/telemetry.js CHANGED Viewed

@@ -257,7 +257,7 @@ export async function flushToRemote(root) {
   // Build anonymized payload
   const payload = {
     instanceId: summary.instanceId,
-    version: "5.5.1",
+    version: "5.5.2",
     totalCalls: summary.totalCalls,
     avgResponseMs: summary.avgResponseMs,
     conflicts: summary.conflicts,

package/src/dashboard/index.html CHANGED Viewed

@@ -89,7 +89,7 @@
 <div class="header">
   <div>
     <h1><span>SpecLock</span> Dashboard</h1>
-    <div class="meta">v5.5.1 &mdash; Your AI has rules. SpecLock makes them unbreakable.</div>
+    <div class="meta">v5.5.2 &mdash; Your AI has rules. SpecLock makes them unbreakable.</div>
   </div>
   <div style="display:flex;align-items:center;gap:12px;">
     <span id="health-badge" class="status-badge healthy">Loading...</span>
@@ -182,7 +182,7 @@
 </div>
 <div style="text-align:center;padding:24px;color:var(--muted);font-size:12px;">
-  SpecLock v5.5.1 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
+  SpecLock v5.5.2 &mdash; Developed by Sandeep Roy &mdash; <a href="https://github.com/sgroy10/speclock" style="color:var(--accent)">GitHub</a>
 </div>
 <script>

package/src/mcp/http-server.js CHANGED Viewed

@@ -113,7 +113,7 @@ import { fileURLToPath } from "url";
 import _path from "path";
 const PROJECT_ROOT = process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
-const VERSION = "5.5.1";
+const VERSION = "5.5.2";
 const AUTHOR = "Sandeep Roy";
 const START_TIME = Date.now();

package/src/mcp/server.js CHANGED Viewed

@@ -126,7 +126,7 @@ const PROJECT_ROOT =
   args.project || process.env.SPECLOCK_PROJECT_ROOT || process.cwd();
 // --- MCP Server ---
-const VERSION = "5.5.1";
+const VERSION = "5.5.2";
 const AUTHOR = "Sandeep Roy";
 const server = new McpServer(