sarman/tftsr-devops_investigation
1
0
Fork 0
Code Issues 1 Pull Requests Actions 34 Packages Projects 3 Releases 9 Wiki Activity
8839075805
tftsr-devops_investigation/node_modules/spdx-expression-parse/README.md
Shaun Arman 8839075805 feat: initial implementation of TFTSR IT Triage & RCA application 
Implements Phases 1-8 of the TFTSR implementation plan.

Rust backend (Tauri 2.x, src-tauri/):
- Multi-provider AI: OpenAI-compatible, Anthropic, Gemini, Mistral, Ollama
- PII detection engine: 11 regex patterns with overlap resolution
- SQLCipher AES-256 encrypted database with 10 versioned migrations
- 28 Tauri IPC commands for triage, analysis, document, and system ops
- Ollama: hardware probe, model recommendations, pull/delete with events
- RCA and blameless post-mortem Markdown document generators
- PDF export via printpdf
- Audit log: SHA-256 hash of every external data send
- Integration stubs for Confluence, ServiceNow, Azure DevOps (v0.2)

Frontend (React 18 + TypeScript + Vite, src/):
- 9 pages: full triage workflow NewIssue→LogUpload→Triage→Resolution→RCA→Postmortem→History+Settings
- 7 components: ChatWindow, TriageProgress, PiiDiffViewer, DocEditor, HardwareReport, ModelSelector, UI primitives
- 3 Zustand stores: session, settings (persisted), history
- Type-safe tauriCommands.ts matching Rust backend types exactly
- 8 IT domain system prompts (Linux, Windows, Network, K8s, DB, Virt, HW, Obs)

DevOps:
- .woodpecker/test.yml: rustfmt, clippy, cargo test, tsc, vitest on every push
- .woodpecker/release.yml: linux/amd64 + linux/arm64 builds, Gogs release upload

Verified:
- cargo check: zero errors
- tsc --noEmit: zero errors
- vitest run: 13/13 unit tests passing

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-03-14 22:36:25 -05:00

92 lines
3.7 KiB
Markdown
Raw Blame History

This package parses [SPDX license expression](https://spdx.org/spdx-specification-21-web-version#h.jxpfx0ykyb60) strings describing license terms, like [package.json license strings](https://docs.npmjs.com/files/package.json#license), into consistently structured ECMAScript objects. The npm command-line interface depends on this package, as do many automatic license-audit tools.
In a nutshell:
```javascript
var parse = require('spdx-expression-parse')
var assert = require('assert')
assert.deepEqual(
// Licensed under the terms of the Two-Clause BSD License.
parse('BSD-2-Clause'),
{license: 'BSD-2-Clause'}
)
assert.throws(function () {
// An invalid SPDX license expression.
// Should be `Apache-2.0`.
parse('Apache 2')
})
assert.deepEqual(
// Dual licensed under either:
// - LGPL 2.1
// - a combination of Three-Clause BSD and MIT
parse('(LGPL-2.1 OR BSD-3-Clause AND MIT)'),
{
left: {license: 'LGPL-2.1'},
conjunction: 'or',
right: {
left: {license: 'BSD-3-Clause'},
conjunction: 'and',
right: {license: 'MIT'}
}
}
)
```
The syntax comes from the [Software Package Data eXchange (SPDX)](https://spdx.org/), a standard from the [Linux Foundation](https://www.linuxfoundation.org) for shareable data about software package license terms. SPDX aims to make sharing and auditing license data easy, especially for users of open-source software.
The bulk of the SPDX standard describes syntax and semantics of XML metadata files. This package implements two lightweight, plain-text components of that larger standard:
1. The [license list](https://spdx.org/licenses), a mapping from specific string identifiers, like `Apache-2.0`, to standard form license texts and bolt-on license exceptions. The [spdx-license-ids](https://www.npmjs.com/package/spdx-license-ids) and [spdx-exceptions](https://www.npmjs.com/package/spdx-exceptions) packages implement the license list. `spdx-expression-parse` depends on and `require()`s them.
Any license identifier from the license list is a valid license expression:
```javascript
var identifiers = []
.concat(require('spdx-license-ids'))
.concat(require('spdx-license-ids/deprecated'))
identifiers.forEach(function (id) {
assert.deepEqual(parse(id), {license: id})
})
```
So is any license identifier `WITH` a standardized license exception:
```javascript
identifiers.forEach(function (id) {
require('spdx-exceptions').forEach(function (e) {
assert.deepEqual(
parse(id + ' WITH ' + e),
{license: id, exception: e}
)
})
})
```
2. The license expression language, for describing simple and complex license terms, like `MIT` for MIT-licensed and `(GPL-2.0 OR Apache-2.0)` for dual-licensing under GPL 2.0 and Apache 2.0. `spdx-expression-parse` itself implements license expression language, exporting a parser.
```javascript
assert.deepEqual(
// Licensed under a combination of:
// - the MIT License AND
// - a combination of:
// - LGPL 2.1 (or a later version) AND
// - Three-Clause BSD
parse('(MIT AND (LGPL-2.1+ AND BSD-3-Clause))'),
{
left: {license: 'MIT'},
conjunction: 'and',
right: {
left: {license: 'LGPL-2.1', plus: true},
conjunction: 'and',
right: {license: 'BSD-3-Clause'}
}
}
)
```
The Linux Foundation and its contributors license the SPDX standard under the terms of [the Creative Commons Attribution License 3.0 Unported (SPDX: "CC-BY-3.0")](http://spdx.org/licenses/CC-BY-3.0). "SPDX" is a United States federally registered trademark of the Linux Foundation. The authors of this package license their work under the terms of the MIT License.
Reference in New Issue View Git Blame Copy Permalink