chore(deps-dev): Bump @types/node from 20.19.35 to 25.3.3#20
Closed
dependabot[bot] wants to merge 38 commits intomainfrom
Closed
chore(deps-dev): Bump @types/node from 20.19.35 to 25.3.3#20dependabot[bot] wants to merge 38 commits intomainfrom
dependabot[bot] wants to merge 38 commits intomainfrom
Conversation
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- vault.py rewrite: status file (SET/UNSET) vs encrypted blob separation - vault_[name].enth = human-readable SET/UNSET status, gitignored, no values - ~/.enthropic/[name].secrets = Fernet encrypted JSON blob (AES-128-CBC + HMAC-SHA256) - ~/.enthropic/[name].key = encryption key, chmod 600, never in repo - set_secret / delete_secret / list_keys / export_env API - parser.py: SECRETS block parsing, EnthSpec.secrets field - state.py: CHECKS section derived from LANG + DEPS in spec - cli.py: validate auto-regenerates vault from SECRETS on every run vault commands pass secret_names for status refresh after mutations Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
'PROJECT myname' sets NAME as default if not overridden by NAME sub-key. Backward compatible — bare 'PROJECT' still works. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Single binary, zero runtime dependencies. - parser.rs: .enth DSL parser → EnthSpec struct - validator.rs: 13 validation rules - state.rs: state file generation with CHECKS section - vault.rs: ChaCha20-Poly1305 encryption (~/.enthropic/) - context.rs: AI context block generation - main.rs: clap CLI (validate, context, state, vault commands) Python package (enthropic/) and pyproject.toml removed. Release binary: 1.2MB, no install prerequisites. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- tui.rs: 🧠 pink ASCII header (slant font) on every command pink accent color256(218), consistent print_success/error/info helpers - global_config.rs: BYOK API key storage encrypted in ~/.enthropic/global.keys supports anthropic, openai, openrouter providers - setup.rs: guided API key wizard (dialoguer select + hidden password input) - new_wizard.rs: interactive .enth creation (name, lang, arch, entities, layers, secrets) auto-validates and creates state/vault/.gitignore on completion - build_cmd.rs: AI chat REPL — loads spec+state as system context, interactive loop supports anthropic/openai/openrouter, maintains conversation history Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- enthropic.enth: spec for enthropic-tools itself (dogfooding) LAYERS: CLI / CORE / STORAGE / AI FLOWS: setup, new_project, build_session contracts on vault_entry (never plaintext), ai_session (requires valid spec) - tui.rs: color256(219) — soft pink/rose Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- fetch models from Anthropic/OpenAI/OpenRouter APIs after key entry - OpenRouter models are public (no key needed to list) - fallback to manual input if fetch fails - removed all hardcoded model names Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- setup: after saving config, ask 'Create a new project now?' - build: if no .enth found, offer to create one instead of exiting Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- build is now an AI-driven spec creation session, not a coding REPL - AI asks questions, flags missing pieces, outputs complete .enth - type 'save' to validate and write spec to disk with state/vault files - if existing spec found, offers to refine or start fresh - spec is the output, not the input Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- enthropic (no args) shows styled help screen instead of clap error - build: exit requires confirmation to prevent accidental quit - build: dot divider between exchanges, cleaner session header - build: API errors show message and stay in loop (don't crash) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- .github/workflows/ci.yml: cargo fmt, clippy, build, test, cargo-audit - .github/workflows/codeql.yml: weekly + on-push Rust analysis - LICENSE: MIT - SECURITY.md: security model table, disclosure process - CONTRIBUTING.md: contribution guidelines grounded in spec - Cargo.toml: license, description, repository metadata - tui.rs: tagline updated to 'true spec-driven development' - README: badges (CI, CodeQL, license, Rust), updated build description Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- src/mcp.rs: MCP 2024-11-05 stdio server - tools: read_spec, get_context, validate_spec, spec_summary - JSON-RPC over stdin/stdout, newline-delimited - main.rs: 'enthropic serve' command + help screen entry - Dockerfile: multi-stage alpine build, ENTRYPOINT = serve - README: MCP setup for Claude Desktop + Docker, tool table Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- add cargo-deny check (license, advisories, bans, sources) with deny.toml - add MSRV job (Rust 1.75) to CI - add OpenSSF Scorecard workflow (publishes to GitHub Security tab) - add SLSA level 3 provenance workflow (triggered on release) - add Trivy security scan (filesystem + Docker image → SARIF) - add cargo-geiger unsafe code audit - set rust-version = "1.75" in Cargo.toml - update README badges: Scorecard, SLSA, Security Scan, Rust 1.75+ Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Weekly PRs on Monday — max 5 open at a time. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- rustfmt: formatting check (separate job) - clippy: errors on correctness/suspicious/complexity/perf, warns on pedantic/nursery (visibility without blocking) - docs: cargo doc --no-deps with -D warnings (rustdoc clean) - Lint badge added to README Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- scorecard: add repo_token (fixes 'invalid repo path' error) - security-scan: pin trivy to 0.28.0 (drop unstable @master) - security-scan: remove cargo-geiger (compile time too slow for CI) - README: license + rust-version badges moved to bottom Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…date trivy action - reqwest: switch to rustls-tls + default-features=false (no OpenSSL dep) fixes Docker build on alpine/musl - lint.yml: remove -D warnings so pedantic/nursery stay as warnings not errors (127 clippy errors were all uninlined_format_args from pedantic) - security-scan: bump trivy-action 0.28.0 → 0.30.0 Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- let_else: rewrite if-let-else-return as let-else in build_cmd.rs
- items_after_statements: move use/struct before statements in build_cmd.rs, mcp.rs, new_wizard.rs
- needless_pass_by_value: id: Value → id: &Value in all mcp.rs handlers
- or_fun_call: unwrap_or → unwrap_or_else in main.rs and mcp.rs
- format_collect: push_str+format! → writeln! in new_wizard.rs
- option_if_let_else: map_or/map_or_else in parser.rs, mcp.rs, main.rs
- too_many_lines: #[allow] on legitimately large build/wizard/validator fns
- unnecessary_wraps: generate_vault_file returns String instead of Result<String>
- literal_string_with_formatting_args: change {version} placeholder in context.rs
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- colored 2 → 3 (MSRV 1.80, removes lazy_static) - rand 0.8 → 0.10 (thread_rng() → rand::fill(), remove unused import) - indicatif 0.17 → 0.18 - console 0.15 → 0.16 - MSRV bumped 1.75 → 1.80 in Cargo.toml and CI - dependabot.yml: ignore MSRV rust-toolchain pin - tui: const fn for dimmed() and bold_white() Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Labels: ci, dependencies, parser, spec, mcp, security, docker, documentation Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Bump MSRV 1.80 → 1.85: cpufeatures 0.3.0 requires edition2024 (stabilized in Rust 1.85); update both Cargo.toml and CI job - deny.toml: add MPL-2.0 (webpki-roots 1.0.x) and Unicode-3.0 to license allowlist; cargo-deny licenses was FAILED without these - security-scan.yml: replace aquasecurity/trivy-action@0.30.0 (broken install.sh) with direct GitHub release download; pin to trivy 0.61.0, install via curl into /usr/local/bin, run manually Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
webpki-roots 1.0.6 uses CDLA-Permissive-2.0 for the Mozilla certificate store data (not MPL-2.0 as expected). Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The GitHub release download via curl pipe was truncating (gzip: unexpected end of file). Use the official Aqua Security apt repository instead - more reliable in GitHub Actions runners. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
The Scorecard API is case-sensitive. Org is stored as 'Enthropic-spec' (capital E) — lowercase 'enthropic-spec' returns 404. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
- Pin all GitHub Actions to full commit SHA (supply chain security) Resolves 37 Scorecard Pinned-Dependencies alerts - Add permissions: read-all at top level of all workflows; move elevated permissions to job level where needed Resolves 4 Scorecard Token-Permissions alerts - Bump ossf/scorecard-action 2.4.0 → 2.4.3 (closes PR #12) - Bump dialoguer 0.11 → 0.12 (closes PR #11) - CodeQL cleartext-logging alerts dismissed as false positive: #62 (key name only, not value) and #63 (vault export is intentionally designed to print secrets to stdout) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Resolves Scorecard Pinned-Dependencies alerts #36 and #61. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
CI, Lint, CodeQL, Security Scan only trigger on code/config changes. Docs-only commits skip all heavy workflows. Concurrency groups cancel outdated runs on rapid pushes. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Complete rewrite of enthropic-tools from Rust to TypeScript (Node.js ESM). Identical CLI UX, same vault encryption wire format (ChaCha20Poly1305), same MCP stdio protocol and tools. - Runtime: Rust binary → Node.js 20+ / TypeScript 5 - Package: Cargo.toml → package.json + tsconfig.json - Deps: commander, chalk, @inquirer/prompts, ora, @noble/ciphers - Removed: Cargo.toml, Cargo.lock, deny.toml, src/*.rs - parser: support multiline ENTITY block (indented one-per-line) - build: AI responds in the user's language - new wizard: ask AI-guided vs manual at start; manual shows SPEC.md link - navigation: home menu after each command instead of abrupt exit - ci.yml: Node.js build/typecheck/lint/audit - lint.yml: ESLint + tsc --noEmit - codeql.yml: language javascript, correct init→build→analyze order - slsa.yml: bundle via ncc, same SLSA Level 3 provenance - security-scan.yml / scorecard.yml: unchanged logic, SHA comments fixed - dependabot.yml: cargo → npm ecosystem - labeler.yml: glob patterns updated to .ts / package.json Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
… badge) - Add concurrency groups + cancel-in-progress to all 5 workflows - Add detailed roadmap (v0.1-v0.5+) to README - Replace Rust 1.85+ badge with Node.js 20+ badge Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Bumps [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) from 20.19.35 to 25.3.3. - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases) - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node) --- updated-dependencies: - dependency-name: "@types/node" dependency-version: 25.3.3 dependency-type: direct:development update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
|
OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting If you change your mind, just re-open this PR and I'll resolve any conflicts on it. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps @types/node from 20.19.35 to 25.3.3.
Commits
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)