UNPKG

aiwg

Version:

Deployment tool and support utility for AI context. Copies agents, skills, commands, rules, and behaviors into the paths each AI platform reads (Claude Code, Codex, Copilot, Cursor, Warp, OpenClaw, and 6 more) so one source of truth works across 10 platfo

aiwg.io

jmagly/aiwg

125 lines (109 loc) 4.41 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/usr/bin/env node import { resolve } from 'node:path'; import { parseArgs } from 'node:util'; import { loadAffectedPackagesCsv, parseAffectedPackagesCsv, resolveAffectedPackagesSource, scanAffectedLockfile, scanAffectedManifest, } from './lib/affected-packages.js'; const { values: args } = parseArgs({ options: { 'affected-packages-csv': { type: 'string' }, manifest: { type: 'string', default: 'package.json' }, lockfile: { type: 'string', default: 'package-lock.json' }, quiet: { type: 'boolean', default: false }, help: { type: 'boolean', default: false }, }, }); if (args.help) { console.log(`Usage: node tools/lint/affected-packages.mjs [options] Options: --affected-packages-csv <path|url> Local CSV path or raw URL source --manifest <path> Path to package.json (default: package.json) --lockfile <path> Path to package-lock.json (default: package-lock.json) --quiet Suppress success output (failures still print) --help Show this help Environment: AIWG_AFFECTED_PACKAGES_CSV Alternate source for the CSV feed The scanner accepts the canonical local path /mnt/ops/users/roctinam/Downloads/22-packages.csv and raw gist URLs intended for CI automation. `); process.exit(0); } async function main() { const cwd = process.cwd(); const manifestPath = resolve(cwd, args.manifest); const lockfilePath = resolve(cwd, args.lockfile); const source = resolveAffectedPackagesSource( args['affected-packages-csv'], process.env.AIWG_AFFECTED_PACKAGES_CSV, ); if (!source) { console.error('✗ No affected-package CSV source configured'); console.error(' Set --affected-packages-csv <path|url> or AIWG_AFFECTED_PACKAGES_CSV.'); process.exit(2); } let csvPayload; let feed; try { csvPayload = await loadAffectedPackagesCsv(source); feed = parseAffectedPackagesCsv(csvPayload.text, csvPayload.sourceLabel); } catch (err) { console.error(`✗ ${err.message}`); process.exit(2); } let manifestResult; let lockfileResult; try { manifestResult = scanAffectedManifest(manifestPath, feed); lockfileResult = scanAffectedLockfile(lockfilePath, feed); } catch (err) { console.error(`✗ Scan failed: ${err.message}`); process.exit(2); } const allMatches = [...manifestResult.matches, ...lockfileResult.matches]; if (allMatches.length > 0) { console.error(`✗ Known affected package match: ${allMatches.length} hit${allMatches.length === 1 ? '' : 's'}`); console.error(''); for (const match of allMatches) { console.error(` ${match.location}`); console.error(` package: ${match.name}@${match.version}`); console.error(` feed source: ${csvPayload.sourceLabel}`); console.error(` published: ${renderIsoRange(match.record.firstPublished, match.record.lastPublished)}`); console.error(` detected: ${renderIsoRange(match.record.firstDetected, match.record.lastDetected)}`); console.error(` csv rows: ${match.record.rowNumbers.join(', ')}`); console.error(' fix: remove or upgrade the package, then rotate any secrets exposed where it ran'); console.error(''); } reportSkipped(feed.skippedEcosystems); process.exit(1); } if (!args.quiet) { const lockNote = lockfileResult.present ? `, ${args.lockfile} (${lockfileResult.scanned} locked entries)` : `, ${args.lockfile} (not present, skipped)`; console.log('✓ Known affected package scan: 0 hits'); console.log( ` scanned: ${args.manifest} (${manifestResult.scanned} manifest entries)${lockNote}`, ); console.log( ` feed: ${csvPayload.sourceLabel} (${feed.records.size} deduped npm rows, ${feed.duplicateRows} duplicate row${feed.duplicateRows === 1 ? '' : 's'})`, ); reportSkipped(feed.skippedEcosystems, console.log); } } function renderIsoRange(first, last) { return first === last ? first : `${first} .. ${last}`; } function reportSkipped(skippedEcosystems, writer = console.error) { if (skippedEcosystems.size === 0) return; const summary = Array.from(skippedEcosystems.entries()) .sort(([a], [b]) => a.localeCompare(b)) .map(([ecosystem, count]) => `${ecosystem}=${count}`) .join(', '); writer(` skipped non-npm rows: ${summary}`); } await main();