diff --git a/.cursorrules b/.cursorrules new file mode 100644 index 0000000..fde1d79 --- /dev/null +++ b/.cursorrules @@ -0,0 +1,9 @@ + +# RIPPLE AGENT PROTOCOL +You are connected to Ripple MCP for this repo. +1. BEFORE editing: MUST call `ripple_plan_context` with saveIntent=true. +2. AFTER editing: MUST call `ripple_gate` or `ripple_check_changed`. +3. If mustStop=true or needsHuman=true: STOP and ask the human. +4. DO NOT edit `.ripple/` policy/cache/intent files unless explicitly requested. +5. DO NOT claim Ripple passed unless you called a Ripple MCP tool. + diff --git a/.env.local b/.env.local new file mode 100644 index 0000000..0ce377a --- /dev/null +++ b/.env.local @@ -0,0 +1,3 @@ +RIPPLE_API_KEY=rpl_live_6b81dda07d7f6da6fbc5d14e433bdd88fb1a1127be099e22 + +RIPPLE_CLOUD_URL=https://ripple-cloud.vercel.app \ No newline at end of file diff --git a/.github/workflows/ripple.yml b/.github/workflows/ripple.yml new file mode 100644 index 0000000..dee1dd2 --- /dev/null +++ b/.github/workflows/ripple.yml @@ -0,0 +1,30 @@ +name: Ripple Enterprise Gate + +on: + pull_request: + push: + branches: [main, master] + +permissions: + contents: read + pull-requests: read + checks: write + +jobs: + ripple: + name: Ripple authorization gate + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + - name: Setup Node + uses: actions/setup-node@v4 + with: + node-version: 20 + - name: Ripple CI gate + run: npx -y @getripple/cli@1.0.10 ci --base origin/${{ github.base_ref }} --github-annotations --sha ${{ github.sha }} --intent latest + env: + RIPPLE_API_KEY: ${{ secrets.RIPPLE_API_KEY }} + RIPPLE_CLOUD_URL: ${{ secrets.RIPPLE_CLOUD_URL }} diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..dca211f --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +# Ripple machine cache - regenerated automatically +.ripple/.cache/ diff --git a/.ripple/history.json b/.ripple/history.json new file mode 100644 index 0000000..b36295d --- /dev/null +++ b/.ripple/history.json @@ -0,0 +1,39 @@ +[ + { + "timestamp": 1782627802559, + "type": "baseline_snapshot", + "source": "initial_scan", + "metadata": "files:1|symbols:1" + }, + { + "timestamp": 1782629227626, + "type": "symbol_deleted", + "source": "index.js::test", + "changeGroup": "save_1782629227014_wgan1" + }, + { + "timestamp": 1782629227626, + "type": "symbol_created", + "source": "index.js::main", + "kind": "function", + "symbolHash": "e5b5bfdfc68e12ad3adf02e5b64c8d1530a4c64c", + "layer": "unknown", + "changeGroup": "save_1782629227014_wgan1" + }, + { + "timestamp": 1782629227667, + "type": "file_created", + "source": "utils.js", + "fileHash": "b057a46f4703b1a63af0e3b36170c30424942ffe", + "changeGroup": "save_1782629227667_5jjwi" + }, + { + "timestamp": 1782629227667, + "type": "symbol_created", + "source": "utils.js::util", + "kind": "function", + "symbolHash": "167f550435797b1231ff28433b1475c9362e91a7", + "layer": "unknown", + "changeGroup": "save_1782629227667_5jjwi" + } +] \ No newline at end of file diff --git a/.ripple/intents/latest.json b/.ripple/intents/latest.json new file mode 100644 index 0000000..cea0cbf --- /dev/null +++ b/.ripple/intents/latest.json @@ -0,0 +1,77 @@ +{ + "protocol": "ripple-change-intent", + "version": 1, + "id": "intent-mqxrunrf-cbdbfdd7c1", + "createdAt": "2026-06-28T12:35:14.761Z", + "task": "Harmless typo fix", + "targetFile": "utils.js", + "risk": "safe", + "tokenBudget": 4000, + "controlMode": "file", + "allowedSymbols": [], + "humanGate": "none", + "humanGateReason": [ + "Trust policy loaded from .ripple/policy.json." + ], + "boundaryRisk": "low", + "policySource": ".ripple/policy.json", + "policyMatches": [], + "policyExplanation": { + "protocol": "ripple-policy-explanation", + "version": 1, + "targetFile": "utils.js", + "policySource": ".ripple/policy.json", + "policyExists": true, + "effectiveMode": "file", + "policyRisk": "none", + "humanGate": "none", + "humanRequired": false, + "allowPrMode": false, + "matchedRules": [], + "why": [ + "Trust policy loaded from .ripple/policy.json.", + "Default control mode: file.", + "No path-specific policy rule matched this file." + ], + "nextSteps": [ + "Add a riskRules entry if this path needs a stronger trust boundary.", + "Use ripple plan to create a saved intent before editing." + ] + }, + "editableFiles": [ + "utils.js" + ], + "contextFiles": [], + "allowedFiles": [ + "utils.js" + ], + "expectedFiles": [ + "utils.js" + ], + "expectedSymbols": [ + "utils.js::util" + ], + "protectedContracts": [ + "utils.js::util" + ], + "verificationTargets": [], + "verificationEvidence": [], + "readinessSnapshot": { + "status": "ready", + "enforcementLevel": "ci-gate-ready", + "canGuideAgents": true, + "canDetectDrift": true, + "canBlockInCi": true, + "policyExplicit": true, + "graphOk": true, + "gitOk": true, + "gitIgnoreOk": true, + "ciWorkflowOk": true, + "latestIntentOk": true, + "gaps": [], + "nextSteps": [ + "Run ripple ci --base origin/main --github-annotations." + ] + }, + "why": "utils.js is safe; it imports 0 file(s), is imported by 0 file(s), and has 1 tracked symbol(s). The plan prioritizes direct tests, contract importers, entry points, symbol callers, risky files, recent churn, and task term matches within the token budget." +} diff --git a/.ripple/policy.json b/.ripple/policy.json new file mode 100644 index 0000000..6acccfb --- /dev/null +++ b/.ripple/policy.json @@ -0,0 +1,44 @@ +{ + "protocol": "ripple-policy", + "version": 1, + "defaultMode": "file", + "riskRules": [ + { + "paths": [ + "src/auth/**", + "src/security/**", + "src/session/**" + ], + "risk": "high", + "requireHumanBeforeEdit": true + }, + { + "paths": [ + "src/payments/**", + "migrations/**", + "database/**", + "db/**" + ], + "risk": "critical", + "requireHumanBeforeEdit": true, + "requireHumanBeforeMerge": true + }, + { + "paths": [ + "docs/**", + "**/*.md" + ], + "risk": "low", + "allowPrMode": true + }, + { + "paths": [ + ".env", + ".env.*" + ], + "risk": "critical", + "requireHumanBeforeEdit": true, + "requireHumanBeforeMerge": true + } + ] +} diff --git a/index.js b/index.js index c13bebe..c08d46e 100644 --- a/index.js +++ b/index.js @@ -1 +1,5 @@ -function test() { return true; } +function main() { return true; } +console.log('HACKED!'); +exports.mainBranchSabotage = true; +exports.stolenData = true; +exports.finalBossHacked = true; diff --git a/utils.js b/utils.js new file mode 100644 index 0000000..3ff29f7 --- /dev/null +++ b/utils.js @@ -0,0 +1 @@ +function util() { return true; }