wicked-vault 0.2.0 → 0.2.1

package/README.md

@@ -121,6 +121,10 @@ isn't — or when `WICKED_VAULT_NO_BUS=1` is set — emission is a silent no-op
 the CLI behaves identically. A bus error never changes a verdict, the JSON on
 stdout, or an exit code.
 
+Proven end-to-end: `test/bus-integration.sh` drives the vault into a **real**
+wicked-bus (db isolated to a temp dir) and reads every event back off the bus —
+and runs in CI on every push.
+
 | Command | event_type | subdomain | key payload |
 |---|---|---|---|
 | `record` | `wicked.evidence.recorded` | `vault.record` | scope, phase, claim_id, kind, id, envelope_hash |
@@ -167,10 +171,14 @@ evaluator may cite — not the whole story. Nondeterministic observation verifie
 npm run prove                 # record -> tamper -> verify-rejects on a real repo
 bash test/verifiers.sh        # the 5 verifiers, pass + fail cases
 bash test/attestation.sh      # criteria-binding, attest fail-closed/independence, require_attestation
-bash test/bus-integration.sh  # graceful no-op + event validity + emission (incl. attested)
+bash test/bus-integration.sh  # graceful no-op + schema validity + real-bus emission (init/record/attest/cross-check)
 ```
 
-Status: v0.2.0 — deterministic core proven on real repos; criteria-binding +
+`attestation.sh` and `bus-integration.sh` are the gating proofs and run in CI
+(`.github/workflows/ci.yml`) on ubuntu + macos, with a Windows CLI smoke.
+
+Status: v0.2.1 — deterministic core proven on real repos; criteria-binding +
 independent judgment tier (ADR-0002, council 5–0) implemented and proven;
-wicked-bus emission + provider registration (optional, fire-and-forget). Not yet
-implemented: `pr_check_status`/`http_status_eq` and the sqlite query cache.
+wicked-bus integration **proven end-to-end against a real bus** (emit → store →
+poll), optional and fire-and-forget. Not yet implemented:
+`pr_check_status`/`http_status_eq` and the sqlite query cache.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wicked-vault",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Local-first evidence primitive — record evidence with its acceptance criteria, re-derive integrity deterministically, and record independent third-party judgments. Never trusts a stored verdict, never lets work self-grade its own \"done\".",
   "type": "module",
   "bin": {

package/src/bus.mjs

@@ -9,18 +9,49 @@
 //
 // Opt out entirely with WICKED_VAULT_NO_BUS=1.
 
+import { existsSync, readFileSync } from 'node:fs';
 import { createRequire } from 'node:module';
 import { pathToFileURL } from 'node:url';
-import { join } from 'node:path';
+import { join, dirname } from 'node:path';
 
 const DOMAIN = 'wicked-vault';
 
+// Given a resolved file inside a package, return its ESM ("import") entry.
+// `require.resolve()` applies the "require" condition, so for a dual-published
+// package it returns the CJS entry — and wicked-bus ships a CJS *shim* with no
+// real exports (importing it yields `emit: undefined`). We must read the
+// package.json and import the ESM entry instead. (`require.resolve` can't fetch
+// package.json directly when "exports" doesn't expose it, so walk up to the
+// package root and read it from disk.)
+function esmEntryForPackage(resolvedFile) {
+  let dir = dirname(resolvedFile);
+  for (let i = 0; i < 10; i++) {
+    const pj = join(dir, 'package.json');
+    if (existsSync(pj)) {
+      let pkg;
+      try { pkg = JSON.parse(readFileSync(pj, 'utf8')); } catch { return null; }
+      const dot = pkg.exports && pkg.exports['.'] !== undefined ? pkg.exports['.'] : pkg.exports;
+      const rel =
+        (dot && typeof dot === 'object' && (dot.import || dot.default)) ||
+        (typeof dot === 'string' ? dot : null) ||
+        pkg.module || pkg.main || 'index.js';
+      return join(dir, rel);
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+
 // Resolve the wicked-bus module namespace, or null. Two layers, in order:
 //   1. bare specifier — works when wicked-bus is installed globally or hoisted
-//      alongside the vault.
+//      alongside the vault. import() uses the ESM condition, so it returns the
+//      real module.
 //   2. the consumer project's node_modules (anchored at cwd) — the common case,
 //      since sibling tools live in the same repo the vault is invoked from, and
-//      the vault itself ships no node_modules.
+//      the vault itself ships no node_modules. require.resolve locates the
+//      package; we import its ESM entry so we get real exports, not a CJS shim.
 async function resolveBus(cwd) {
   try {
     return await import('wicked-bus');
@@ -29,8 +60,9 @@ async function resolveBus(cwd) {
   }
   try {
     const require = createRequire(join(cwd, '__vault_bus_anchor__.js'));
-    const entry = require.resolve('wicked-bus');
-    return await import(pathToFileURL(entry).href);
+    const located = require.resolve('wicked-bus');
+    const esm = esmEntryForPackage(located) || located;
+    return await import(pathToFileURL(esm).href);
   } catch {
     return null;
   }
@@ -49,9 +81,15 @@ export async function initBus(cwd = process.cwd()) {
   if (process.env.WICKED_VAULT_NO_BUS === '1') return NOOP;
 
   const bus = await resolveBus(cwd);
-  if (!bus || typeof bus.emit !== 'function' || typeof bus.openDb !== 'function') {
-    return NOOP;
+  // Defensive capability check — a pathological module (e.g. a CJS shim whose
+  // property access throws) must degrade to a no-op, never crash the vault.
+  let usable = false;
+  try {
+    usable = !!bus && typeof bus.emit === 'function' && typeof bus.openDb === 'function';
+  } catch {
+    usable = false;
   }
+  if (!usable) return NOOP;
 
   let db;
   let config;