From 9792d4b93d73cff12dd3ea90f8f96acd59a992bc Mon Sep 17 00:00:00 2001 From: Ben Vinegar Date: Thu, 19 Mar 2026 14:19:40 -0400 Subject: [PATCH 1/2] docs: tighten oss onboarding and trim legacy cli alias --- AGENTS.md | 4 +- CONTRIBUTING.md | 68 ++++++++++ README.md | 266 +++++++++++++++++++-------------------- SECURITY.md | 22 ++++ src/core/cli.ts | 34 ----- test/cli.test.ts | 19 +-- test/help-output.test.ts | 1 + 7 files changed, 224 insertions(+), 190 deletions(-) create mode 100644 CONTRIBUTING.md create mode 100644 SECURITY.md diff --git a/AGENTS.md b/AGENTS.md index d42fa166..270723a4 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -46,10 +46,10 @@ CLI input - `[` and `]` navigate hunks across the full review stream. Do not reintroduce `j`/`k` hunk navigation unless the user asks. - Agent context belongs beside the code, not hidden in a separate mode or workflow. - Agent notes are hunk-specific: show notes for the selected hunk, render them in the diff flow near the annotated row, and keep a clear spatial relationship to the code they explain. -- When making code changes in this repo, also refresh `.hunk/latest.json` so the next review can load agent rationale with `hunk git --agent-context .hunk/latest.json`. +- When making code changes in this repo, also refresh `.hunk/latest.json` so the next review can load agent rationale with `hunk diff --agent-context .hunk/latest.json`. - Keep `.hunk/latest.json` concise and review-oriented: one changeset summary, file summaries in narrative order, and a few hunk-level annotations with real rationale. - File order in `.hunk/latest.json` is intentional, but the visible note UI should stay hunk-note driven rather than showing generic file or changeset explainer cards. -- If newly created files should appear in `hunk git` before commit, use `git add -N ` so they show up in the review stream without staging content. +- If newly created files should appear in `hunk diff` before commit, use `git add -N ` so they show up in the review stream without staging content. ## commands diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..d84e43e7 --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,68 @@ +# Contributing + +Thanks for contributing to Hunk. + +## Before you open a PR + +- open an issue or discussion first for large behavior or UX changes +- keep PRs focused +- include tests for parser, CLI, or rendering changes where practical +- update `README.md` when the public workflow changes +- refresh `.hunk/latest.json` for local review context when you change code + +## Development setup + +```bash +git clone https://github.com/modem-dev/hunk.git +cd hunk +bun install +``` + +Run from source: + +```bash +bun run src/main.tsx -- diff +``` + +## Validation + +For most changes, run: + +```bash +bun run typecheck +bun test +``` + +For rendering or terminal interaction changes, also run: + +```bash +bun run test:tty-smoke +``` + +If you touch packaging or release-related files, also run: + +```bash +bun run build:npm +bun run check:pack +``` + +## Pull request checklist + +- [ ] scope is focused +- [ ] tests or rationale added for behavior changes +- [ ] `bun run typecheck` passes +- [ ] `bun test` passes +- [ ] `README.md` updated if the CLI or install flow changed + +## Design notes + +Hunk is review-first: + +- the main pane is a single multi-file review stream +- the sidebar is navigation, not a single-file mode switcher +- split and stack views come from the same normalized diff model +- agent notes should stay attached to the code they explain + +## Code of conduct + +Be respectful, assume good intent, and focus review on the code and user impact. diff --git a/README.md b/README.md index bd032d02..a0278424 100644 --- a/README.md +++ b/README.md @@ -1,58 +1,111 @@ # hunk -Hunk is a desktop-inspired terminal diff viewer for understanding AI-authored changesets in Bun + TypeScript with OpenTUI. +Hunk is a terminal diff viewer for reviewing agent-authored changesets with a desktop-style UI. + +It is built for code review, not patch dumping: + +- full-screen multi-file review stream +- split, stacked, and responsive auto layouts +- keyboard and mouse navigation +- optional agent rationale shown next to annotated hunks +- Git pager and difftool integration ## Requirements -- Bun -- Zig +- [Bun](https://bun.sh) 1.3.10+ +- Git for `hunk diff`, `hunk show`, `hunk stash show`, and `hunk pager` + +> `npm i -g hunkdiff` installs the package, but the `hunk` executable still runs with Bun via its shebang. Install Bun first. ## Install +### Global install from npm + ```bash -bun install +npm i -g hunkdiff ``` -## Run +Then run: ```bash -bun run src/main.tsx -- diff +hunk diff ``` -## Standalone binary +### Global install with Bun -Build a local executable: +```bash +bun install -g hunkdiff +``` + +### Run from source + +```bash +git clone https://github.com/modem-dev/hunk.git +cd hunk +bun install +bun run src/main.tsx -- diff +``` + +### Build a standalone binary locally ```bash bun run build:bin ./dist/hunk diff ``` -Install it into `~/.local/bin`: +To install that binary into `~/.local/bin`: ```bash bun run install:bin -hunk +``` + +Set `HUNK_INSTALL_DIR` first if you want a different install location. + +## Quick start + +Review your current working tree: + +```bash hunk diff ``` -If you want a different install location, set `HUNK_INSTALL_DIR` before running the install script. +Review staged changes: -## Workflows +```bash +hunk diff --staged +``` + +Review a commit: -- `hunk` — print standard CLI help with the most common commands -- `hunk diff` — review local working tree changes in the full Hunk UI -- `hunk diff --staged` / `hunk diff --cached` — review staged changes in the full Hunk UI +```bash +hunk show HEAD~1 +``` + +Compare two files directly: + +```bash +hunk diff before.ts after.ts +``` + +Open a patch from stdin: + +```bash +git diff --no-color | hunk patch - +``` + +## Common workflows + +- `hunk` — print CLI help +- `hunk diff` — review working tree changes +- `hunk diff --staged` / `hunk diff --cached` — review staged changes - `hunk diff ` — review changes versus a branch, tag, or commit-ish -- `hunk diff ..` / `hunk diff ...` — review common Git ranges -- `hunk diff -- ` — review only selected paths -- `hunk show [ref]` — review the last commit or a given ref in the full Hunk UI -- `hunk stash show [ref]` — review a stash entry in the full Hunk UI -- `hunk diff ` — compare two concrete files directly -- `hunk patch [file|-]` — review a patch file or stdin, including pager mode -- `hunk pager` — act as a general Git pager wrapper, opening Hunk for diff-like stdin and falling back to normal text paging otherwise +- `hunk diff ..` / `hunk diff ...` — review Git ranges +- `hunk diff -- ` — limit review to selected paths +- `hunk show [ref]` — review the last commit or a specific ref +- `hunk stash show [ref]` — review a stash entry +- `hunk patch [file|-]` — review a patch file or stdin +- `hunk pager` — act as a Git pager wrapper, opening Hunk for diff-like stdin and falling back to plain text paging otherwise - `hunk difftool [path]` — integrate with Git difftool -- `hunk git [range]` — legacy alias for the original Git-style diff entrypoint ## Interaction @@ -70,6 +123,38 @@ If you want a different install location, set `HUNK_INSTALL_DIR` before running - `tab` cycle focus regions - `q` or `Esc` quit +## Git integration + +Use Hunk directly for full-screen review: + +```bash +hunk diff +hunk diff --staged +hunk diff main...feature +hunk show +hunk stash show +``` + +Use Hunk as a pager for `git diff` and `git show`: + +```bash +git config --global core.pager 'hunk patch -' +``` + +Or scope it just to diff/show: + +```bash +git config --global pager.diff 'hunk patch -' +git config --global pager.show 'hunk patch -' +``` + +Use Hunk as a Git difftool: + +```bash +git config --global diff.tool hunk +git config --global difftool.hunk.cmd 'hunk difftool "$LOCAL" "$REMOTE" "$MERGED"' +``` + ## Configuration Hunk reads layered TOML config with this precedence: @@ -77,12 +162,10 @@ Hunk reads layered TOML config with this precedence: 1. built-in defaults 2. global config: `$XDG_CONFIG_HOME/hunk/config.toml` or `~/.config/hunk/config.toml` 3. repo-local config: `.hunk/config.toml` -4. command-specific sections like `[git]`, `[diff]`, `[show]`, `[stash-show]`, `[patch]`, `[difftool]` +4. command-specific sections like `[diff]`, `[show]`, `[stash-show]`, `[patch]`, `[difftool]` 5. `[pager]` when Hunk is running in pager mode 6. explicit CLI flags -When you change persistent view settings inside Hunk, it writes them back to `.hunk/config.toml` in the current repo when possible, or to the global config file outside a repo. - Example: ```toml @@ -101,16 +184,7 @@ line_numbers = false mode = "split" ``` -CLI overrides are available when you want one-off or pager-specific behavior: - -```bash -hunk diff --mode split --line-numbers -hunk show HEAD~1 --theme paper -hunk patch - --mode stack --no-line-numbers -hunk diff before.ts after.ts --theme paper --wrap -``` - -Supported persistent CLI overrides: +Supported one-off CLI overrides: - `--mode ` - `--theme ` @@ -119,11 +193,11 @@ Supported persistent CLI overrides: - `--hunk-headers` / `--no-hunk-headers` - `--agent-notes` / `--no-agent-notes` -## Agent sidecar format +## Agent context sidecar Use `--agent-context ` to load a JSON sidecar and show agent rationale next to the diff. -The order of `files` in the sidecar is significant. Hunk uses that order for the sidebar and main review stream so an agent can tell a story instead of relying on raw patch order. +The order of `files` in the sidecar is significant. Hunk uses that order for the sidebar and the main review stream so an agent can present a review narrative instead of raw patch order. ```json { @@ -142,130 +216,48 @@ The order of `files` in the sidecar is significant. Hunk uses that order for the "confidence": "high" } ] - }, - { - "path": "src/ui/App.tsx", - "summary": "Presents the new workflow after the loader changes.", - "annotations": [ - { - "newRange": [90, 136], - "summary": "Uses the normalized model in the review shell.", - "rationale": "The reader should inspect this after understanding the loader changes.", - "tags": ["ui"], - "confidence": "medium" - } - ] } ] } ``` -Files omitted from the sidecar keep their original diff order and appear after the explicitly ordered files. - -## Codex workflow - -For Codex-driven changes, keep a transient sidecar at `.hunk/latest.json` and load it during review: +For local agent-driven review, keep a transient sidecar at `.hunk/latest.json` and load it with: ```bash hunk diff --agent-context .hunk/latest.json ``` -Suggested pattern: - -- Codex makes code changes. -- Codex refreshes `.hunk/latest.json` with a concise changeset summary, file summaries, and hunk-level rationale. -- You open `hunk diff`, `hunk diff --staged`, or `hunk show ` with that sidecar. - -Keep the sidecar concise. It should explain why a hunk exists, what risk to review, and how the files fit together. It should not narrate obvious syntax edits line by line. - -## Comparison - -### Feature comparison - -| Capability | hunk | difftastic | delta | diff | -| --- | --- | --- | --- | --- | -| Dedicated interactive review UI | ✅ | ❌ | ❌ | ❌ | -| Multi-file review stream with navigation sidebar | ✅ | ❌ | ❌ | ❌ | -| Agent / AI rationale sidecar | ✅ | ❌ | ❌ | ❌ | -| Split diffs | ✅ | ✅ | ✅ | ✅ | -| Stacked diffs | ✅ | ✅ | ✅ | ✅ | -| Auto responsive layouts | ✅ | ❌ | ❌ | ❌ | -| Themes | ✅ | ❌ | ✅ | ❌ | -| Syntax highlighting | ✅ | ✅ | ✅ | ❌ | -| Syntax-aware / structural diffing | ❌ | ✅ | ❌ | ❌ | -| Mouse support inside the diff viewer | ✅ | ❌ | ❌ | ❌ | -| Runtime toggles for wrapping / line numbers / hunk metadata | ✅ | ❌ | ❌ | ❌ | -| Pager-compatible mode | ✅ | ✅ | ✅ | ✅ | - -### Local timing snapshot - -These numbers are **not a universal benchmark**. They are a quick local comparison from one Linux machine using tmux panes, measuring **time until a changed marker first became visible** on the same 120-line TypeScript file pair. +## Development -Commands used: - -- `hunk diff before.ts after.ts` -- `difft --display side-by-side before.ts after.ts` -- `delta --paging=never before.ts after.ts` -- `diff -u before.ts after.ts` - -| Tool | Avg first-visible changed output | -| --- | ---: | -| `diff` | ~37 ms | -| `delta --paging=never` | ~35 ms | -| `hunk diff` | ~219 ms | -| `difft --display side-by-side` | ~266 ms | - -Interpretation: - -- `diff` and `delta` are fastest here because they emit plain diff text and exit. -- `hunk` pays extra startup cost for an interactive terminal UI, syntax highlighting, navigation state, and optional agent context. -- `difftastic` pays extra cost for syntax-aware / structural diffing. -- For larger review sessions, Hunk is optimized for **navigating and understanding** a changeset, not just dumping the quickest possible patch text. - -## Git integration - -For full-screen review, you can invoke Hunk directly with Git-shaped commands: +Install dependencies: ```bash -hunk diff -hunk diff --staged -hunk diff main...feature -hunk show -hunk show HEAD~1 -hunk stash show +bun install ``` -Use Hunk as the default Git pager when you want it to behave like a normal pager under `git diff` / `git show`: +Run the source entrypoint: ```bash -git config --global core.pager 'hunk patch -' +bun run src/main.tsx -- diff ``` -Or scope it just to `git diff` and `git show`: +Validate a change: ```bash -git config --global pager.diff 'hunk patch -' -git config --global pager.show 'hunk patch -' +bun run typecheck +bun test +bun run test:tty-smoke ``` -When Hunk reads a patch from stdin, it automatically switches to pager-style chrome, strips Git's color escape sequences before parsing, and binds keyboard input to the controlling terminal so it works correctly as a Git pager. - -Then: +Build the npm runtime bundle used for publishing: ```bash -git diff -git show HEAD +bun run build:npm +bun run check:pack ``` -If you want Git to launch Hunk as a difftool for file-to-file comparisons: - -```bash -git config --global diff.tool hunk -git config --global difftool.hunk.cmd 'hunk difftool "$LOCAL" "$REMOTE" "$MERGED"' -``` -e comparisons: +## Open source project docs -```bash -git config --global diff.tool hunk -git config --global difftool.hunk.cmd 'hunk difftool "$LOCAL" "$REMOTE" "$MERGED"' -``` +- Contributing: [CONTRIBUTING.md](CONTRIBUTING.md) +- Security: [SECURITY.md](SECURITY.md) +- License: [MIT](LICENSE) diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 00000000..849a9221 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,22 @@ +# Security policy + +If you find a security issue in Hunk, please report it privately. + +## Reporting + +Open a private security advisory on GitHub or contact the maintainers through the repository security channel if one is available. + +Please include: + +- affected version or commit +- impact summary +- reproduction steps or proof of concept +- any suggested mitigation + +## What to expect + +- we will acknowledge receipt as soon as practical +- we will validate the report and assess impact +- we will coordinate a fix and disclosure timeline when needed + +Please do not post undisclosed vulnerabilities in public issues. diff --git a/src/core/cli.ts b/src/core/cli.ts index 9aefa419..8c445de5 100644 --- a/src/core/cli.ts +++ b/src/core/cli.ts @@ -84,7 +84,6 @@ function renderCliHelp() { " hunk patch [file] review a patch file or stdin", " hunk pager general Git pager wrapper with diff detection", " hunk difftool [path] review Git difftool file pairs", - " hunk git [range] legacy alias for git diff-style review", "", "Options:", " -h, --help show help", @@ -227,37 +226,6 @@ async function parseShowCommand(tokens: string[], argv: string[]): Promise { - const { commandTokens, pathspecs } = splitPathspecArgs(tokens); - const command = createCommand("git", "legacy alias for Git diff-style review") - .option("--staged", "show staged changes instead of the working tree") - .option("--cached", "alias for --staged") - .argument("[range]"); - - let parsedRange: string | undefined; - let parsedOptions: Record = {}; - - command.action((range: string | undefined, options: Record) => { - parsedRange = range; - parsedOptions = options; - }); - - if (commandTokens.includes("--help") || commandTokens.includes("-h")) { - return { kind: "help", text: `${command.helpInformation().trimEnd()}\n` }; - } - - await parseStandaloneCommand(command, commandTokens); - - return { - kind: "git", - range: parsedRange, - staged: Boolean(parsedOptions.staged) || Boolean(parsedOptions.cached), - pathspecs: pathspecs.length > 0 ? pathspecs : undefined, - options: buildCommonOptions(parsedOptions, argv), - }; -} - /** Parse the patch-file / stdin patch entrypoint. */ async function parsePatchCommand(tokens: string[], argv: string[]): Promise { const command = createCommand("patch", "review a patch file, or read a patch from stdin").argument("[file]"); @@ -397,8 +365,6 @@ export async function parseCli(argv: string[]): Promise { return parseDiffCommand(rest, argv); case "show": return parseShowCommand(rest, argv); - case "git": - return parseGitCommand(rest, argv); case "patch": return parsePatchCommand(rest, argv); case "pager": diff --git a/test/cli.test.ts b/test/cli.test.ts index ed4f4227..36ad1fcb 100644 --- a/test/cli.test.ts +++ b/test/cli.test.ts @@ -144,23 +144,8 @@ describe("parseCli", () => { }); }); - test("parses legacy git mode with range and staged flag", async () => { - const parsed = await parseCli(["bun", "hunk", "git", "HEAD~1..HEAD", "--staged", "--theme", "ember"]); - - expect(parsed).toMatchObject({ - kind: "git", - range: "HEAD~1..HEAD", - staged: true, - options: { - theme: "ember", - }, - }); - if (parsed.kind !== "git") { - throw new Error("Expected legacy git command input."); - } - - expect(parsed.options.mode).toBeUndefined(); - expect(parsed.options.pager).toBeUndefined(); + test("rejects removed legacy git alias", async () => { + await expect(parseCli(["bun", "hunk", "git"])).rejects.toThrow("Unknown command: git"); }); test("parses patch mode from a file", async () => { diff --git a/test/help-output.test.ts b/test/help-output.test.ts index 3260743c..17d46822 100644 --- a/test/help-output.test.ts +++ b/test/help-output.test.ts @@ -18,6 +18,7 @@ describe("CLI help output", () => { expect(stdout).toContain("hunk diff"); expect(stdout).toContain("hunk show"); expect(stdout).toContain("hunk pager"); + expect(stdout).not.toContain("hunk git"); expect(stdout).not.toContain("\u001b[?1049h"); }); From bf704831f25fe31afd88a3e4aea0f5d3ede84799 Mon Sep 17 00:00:00 2001 From: Ben Vinegar Date: Fri, 20 Mar 2026 11:20:27 -0400 Subject: [PATCH 2/2] docs: tighten npm-first onboarding --- CONTRIBUTING.md | 68 ------------------------------- README.md | 95 +++++++++++++++++-------------------------- SECURITY.md | 22 ---------- package.json | 4 +- scripts/check-pack.ts | 9 ---- 5 files changed, 39 insertions(+), 159 deletions(-) delete mode 100644 CONTRIBUTING.md delete mode 100644 SECURITY.md diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md deleted file mode 100644 index d84e43e7..00000000 --- a/CONTRIBUTING.md +++ /dev/null @@ -1,68 +0,0 @@ -# Contributing - -Thanks for contributing to Hunk. - -## Before you open a PR - -- open an issue or discussion first for large behavior or UX changes -- keep PRs focused -- include tests for parser, CLI, or rendering changes where practical -- update `README.md` when the public workflow changes -- refresh `.hunk/latest.json` for local review context when you change code - -## Development setup - -```bash -git clone https://github.com/modem-dev/hunk.git -cd hunk -bun install -``` - -Run from source: - -```bash -bun run src/main.tsx -- diff -``` - -## Validation - -For most changes, run: - -```bash -bun run typecheck -bun test -``` - -For rendering or terminal interaction changes, also run: - -```bash -bun run test:tty-smoke -``` - -If you touch packaging or release-related files, also run: - -```bash -bun run build:npm -bun run check:pack -``` - -## Pull request checklist - -- [ ] scope is focused -- [ ] tests or rationale added for behavior changes -- [ ] `bun run typecheck` passes -- [ ] `bun test` passes -- [ ] `README.md` updated if the CLI or install flow changed - -## Design notes - -Hunk is review-first: - -- the main pane is a single multi-file review stream -- the sidebar is navigation, not a single-file mode switcher -- split and stack views come from the same normalized diff model -- agent notes should stay attached to the code they explain - -## Code of conduct - -Be respectful, assume good intent, and focus review on the code and user impact. diff --git a/README.md b/README.md index a0278424..541870d5 100644 --- a/README.md +++ b/README.md @@ -2,64 +2,19 @@ Hunk is a terminal diff viewer for reviewing agent-authored changesets with a desktop-style UI. -It is built for code review, not patch dumping: - - full-screen multi-file review stream - split, stacked, and responsive auto layouts - keyboard and mouse navigation -- optional agent rationale shown next to annotated hunks +- optional agent rationale beside annotated hunks - Git pager and difftool integration -## Requirements - -- [Bun](https://bun.sh) 1.3.10+ -- Git for `hunk diff`, `hunk show`, `hunk stash show`, and `hunk pager` - -> `npm i -g hunkdiff` installs the package, but the `hunk` executable still runs with Bun via its shebang. Install Bun first. - ## Install -### Global install from npm - ```bash npm i -g hunkdiff ``` -Then run: - -```bash -hunk diff -``` - -### Global install with Bun - -```bash -bun install -g hunkdiff -``` - -### Run from source - -```bash -git clone https://github.com/modem-dev/hunk.git -cd hunk -bun install -bun run src/main.tsx -- diff -``` - -### Build a standalone binary locally - -```bash -bun run build:bin -./dist/hunk diff -``` - -To install that binary into `~/.local/bin`: - -```bash -bun run install:bin -``` - -Set `HUNK_INSTALL_DIR` first if you want a different install location. +For now, the published `hunk` executable still expects [Bun](https://bun.sh) 1.3.10+ to be available on your `PATH` at runtime. ## Quick start @@ -93,6 +48,40 @@ Open a patch from stdin: git diff --no-color | hunk patch - ``` +## Feature comparison + +| Capability | hunk | difftastic | delta | diff | +| --- | --- | --- | --- | --- | +| Dedicated interactive review UI | ✅ | ❌ | ❌ | ❌ | +| Multi-file review stream with navigation sidebar | ✅ | ❌ | ❌ | ❌ | +| Agent / AI rationale sidecar | ✅ | ❌ | ❌ | ❌ | +| Split diffs | ✅ | ✅ | ✅ | ✅ | +| Stacked diffs | ✅ | ✅ | ✅ | ✅ | +| Auto responsive layouts | ✅ | ❌ | ❌ | ❌ | +| Themes | ✅ | ❌ | ✅ | ❌ | +| Syntax highlighting | ✅ | ✅ | ✅ | ❌ | +| Syntax-aware / structural diffing | ❌ | ✅ | ❌ | ❌ | +| Mouse support inside the diff viewer | ✅ | ❌ | ❌ | ❌ | +| Runtime toggles for wrapping / line numbers / hunk metadata | ✅ | ❌ | ❌ | ❌ | +| Pager-compatible mode | ✅ | ✅ | ✅ | ✅ | + +## Benchmarks + +Quick local timing snapshot from one Linux machine on the same 120-line TypeScript file pair. Metric: time until a changed marker first became visible. + +| Tool | Avg first-visible changed output | +| --- | ---: | +| `diff` | ~37 ms | +| `delta --paging=never` | ~35 ms | +| `hunk diff` | ~219 ms | +| `difft --display side-by-side` | ~266 ms | + +Takeaway: + +- `diff` and `delta` are fastest here because they print plain diff text and exit. +- `hunk` spends more startup time on an interactive UI, syntax highlighting, navigation state, and optional agent context. +- `difftastic` spends more startup time on structural diffing. + ## Common workflows - `hunk` — print CLI help @@ -235,12 +224,6 @@ Install dependencies: bun install ``` -Run the source entrypoint: - -```bash -bun run src/main.tsx -- diff -``` - Validate a change: ```bash @@ -256,8 +239,6 @@ bun run build:npm bun run check:pack ``` -## Open source project docs +## License -- Contributing: [CONTRIBUTING.md](CONTRIBUTING.md) -- Security: [SECURITY.md](SECURITY.md) -- License: [MIT](LICENSE) +[MIT](LICENSE) diff --git a/SECURITY.md b/SECURITY.md deleted file mode 100644 index 849a9221..00000000 --- a/SECURITY.md +++ /dev/null @@ -1,22 +0,0 @@ -# Security policy - -If you find a security issue in Hunk, please report it privately. - -## Reporting - -Open a private security advisory on GitHub or contact the maintainers through the repository security channel if one is available. - -Please include: - -- affected version or commit -- impact summary -- reproduction steps or proof of concept -- any suggested mitigation - -## What to expect - -- we will acknowledge receipt as soon as practical -- we will validate the report and assess impact -- we will coordinate a fix and disclosure timeline when needed - -Please do not post undisclosed vulnerabilities in public issues. diff --git a/package.json b/package.json index 4131a53e..f108430b 100644 --- a/package.json +++ b/package.json @@ -10,9 +10,7 @@ "files": [ "dist/npm", "README.md", - "LICENSE", - "CONTRIBUTING.md", - "SECURITY.md" + "LICENSE" ], "scripts": { "start": "bun run src/main.tsx", diff --git a/scripts/check-pack.ts b/scripts/check-pack.ts index 4e0ea292..8317091d 100644 --- a/scripts/check-pack.ts +++ b/scripts/check-pack.ts @@ -1,7 +1,5 @@ #!/usr/bin/env bun -import { existsSync } from "node:fs"; - interface PackedFile { path: string; size: number; @@ -46,7 +44,6 @@ if (!pack) { const publishedPaths = new Set(pack.files.map((file) => file.path)); const requiredPaths = ["dist/npm/main.js", "README.md", "LICENSE", "package.json"]; -const optionalPaths = ["CONTRIBUTING.md", "SECURITY.md"]; for (const path of requiredPaths) { if (!publishedPaths.has(path)) { @@ -54,12 +51,6 @@ for (const path of requiredPaths) { } } -for (const path of optionalPaths) { - if (existsSync(path) && !publishedPaths.has(path)) { - throw new Error(`Expected npm package to include ${path} when it exists in the repo.`); - } -} - const forbiddenPrefixes = [".github/", "src/", "test/", "scripts/", "tmp/"]; const forbiddenPaths = ["AGENTS.md", "autoresearch.checks.sh", "autoresearch.sh", "bun.lock"];