@aperant/framework 0.8.1 → 0.8.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +443 -1
- package/agents/apt-planner.md +39 -7
- package/dist/cli/commands/adr.mjs +1 -1
- package/dist/cli/commands/audit-branch-current.d.mts +25 -0
- package/dist/cli/commands/audit-branch-current.d.mts.map +1 -0
- package/dist/cli/commands/audit-branch-current.mjs +252 -0
- package/dist/cli/commands/audit-branch-current.mjs.map +1 -0
- package/dist/cli/commands/audit.d.mts.map +1 -1
- package/dist/cli/commands/audit.mjs +13 -2
- package/dist/cli/commands/audit.mjs.map +1 -1
- package/dist/cli/commands/check-version.d.mts.map +1 -1
- package/dist/cli/commands/check-version.mjs +19 -1
- package/dist/cli/commands/check-version.mjs.map +1 -1
- package/dist/cli/commands/context.mjs +3 -3
- package/dist/cli/commands/context.mjs.map +1 -1
- package/dist/cli/commands/coverage-check.d.mts.map +1 -1
- package/dist/cli/commands/coverage-check.mjs +74 -7
- package/dist/cli/commands/coverage-check.mjs.map +1 -1
- package/dist/cli/commands/detect-runtime.d.mts +6 -0
- package/dist/cli/commands/detect-runtime.d.mts.map +1 -0
- package/dist/cli/commands/detect-runtime.mjs +142 -0
- package/dist/cli/commands/detect-runtime.mjs.map +1 -0
- package/dist/cli/commands/driver-doctor.d.mts +29 -0
- package/dist/cli/commands/driver-doctor.d.mts.map +1 -0
- package/dist/cli/commands/driver-doctor.mjs +291 -0
- package/dist/cli/commands/driver-doctor.mjs.map +1 -0
- package/dist/cli/commands/gate.mjs +14 -0
- package/dist/cli/commands/gate.mjs.map +1 -1
- package/dist/cli/commands/init.d.mts.map +1 -1
- package/dist/cli/commands/init.mjs +9 -6
- package/dist/cli/commands/init.mjs.map +1 -1
- package/dist/cli/commands/install-from-source.d.mts +2 -0
- package/dist/cli/commands/install-from-source.d.mts.map +1 -0
- package/dist/cli/commands/install-from-source.mjs +2 -0
- package/dist/cli/commands/install-from-source.mjs.map +1 -0
- package/dist/cli/commands/modes.mjs +1 -1
- package/dist/cli/commands/route.d.mts.map +1 -1
- package/dist/cli/commands/route.mjs +38 -1
- package/dist/cli/commands/route.mjs.map +1 -1
- package/dist/cli/commands/triage.mjs +1 -1
- package/dist/cli/config/load.d.mts.map +1 -1
- package/dist/cli/config/load.mjs +9 -3
- package/dist/cli/config/load.mjs.map +1 -1
- package/dist/cli/coordination/auto-emit-artifact-ready.mjs +1 -1
- package/dist/cli/coordination/event-schema.d.mts.map +1 -1
- package/dist/cli/coordination/event-schema.mjs +18 -0
- package/dist/cli/coordination/event-schema.mjs.map +1 -1
- package/dist/cli/coverage-check/user-outcomes.d.mts +84 -0
- package/dist/cli/coverage-check/user-outcomes.d.mts.map +1 -0
- package/dist/cli/coverage-check/user-outcomes.mjs +265 -0
- package/dist/cli/coverage-check/user-outcomes.mjs.map +1 -0
- package/dist/cli/dispatch.d.mts.map +1 -1
- package/dist/cli/dispatch.mjs +18 -1
- package/dist/cli/dispatch.mjs.map +1 -1
- package/dist/cli/gate/context.d.mts +1 -0
- package/dist/cli/gate/context.d.mts.map +1 -1
- package/dist/cli/gate/context.mjs +14 -1
- package/dist/cli/gate/context.mjs.map +1 -1
- package/dist/cli/gate/gates/consistency-check.d.mts +1 -0
- package/dist/cli/gate/gates/consistency-check.d.mts.map +1 -1
- package/dist/cli/gate/gates/consistency-check.mjs +1 -0
- package/dist/cli/gate/gates/consistency-check.mjs.map +1 -1
- package/dist/cli/gate/gates/review-clean.d.mts +1 -0
- package/dist/cli/gate/gates/review-clean.d.mts.map +1 -1
- package/dist/cli/gate/gates/review-clean.mjs +1 -0
- package/dist/cli/gate/gates/review-clean.mjs.map +1 -1
- package/dist/cli/gate/gates/verify-approved.d.mts +1 -0
- package/dist/cli/gate/gates/verify-approved.d.mts.map +1 -1
- package/dist/cli/gate/gates/verify-approved.mjs +1 -0
- package/dist/cli/gate/gates/verify-approved.mjs.map +1 -1
- package/dist/cli/gate/registry.d.mts.map +1 -1
- package/dist/cli/gate/registry.mjs +9 -1
- package/dist/cli/gate/registry.mjs.map +1 -1
- package/dist/cli/host/detect.mjs +1 -1
- package/dist/cli/host/detect.mjs.map +1 -1
- package/dist/cli/install/find-workspace-framework-version.d.mts +16 -0
- package/dist/cli/install/find-workspace-framework-version.d.mts.map +1 -0
- package/dist/cli/install/find-workspace-framework-version.mjs +85 -0
- package/dist/cli/install/find-workspace-framework-version.mjs.map +1 -0
- package/dist/cli/install/install-from-source.d.mts +10 -0
- package/dist/cli/install/install-from-source.d.mts.map +1 -0
- package/dist/cli/install/install-from-source.mjs +271 -0
- package/dist/cli/install/install-from-source.mjs.map +1 -0
- package/dist/cli/install/install-kernel.d.mts.map +1 -1
- package/dist/cli/install/install-kernel.mjs +24 -0
- package/dist/cli/install/install-kernel.mjs.map +1 -1
- package/dist/cli/install/legacy-paths.d.mts +33 -11
- package/dist/cli/install/legacy-paths.d.mts.map +1 -1
- package/dist/cli/install/legacy-paths.mjs +163 -39
- package/dist/cli/install/legacy-paths.mjs.map +1 -1
- package/dist/cli/install/runtime-detect.mjs +1 -1
- package/dist/cli/install/runtime-detect.mjs.map +1 -1
- package/dist/cli/install/runtime-migrate.d.mts +34 -14
- package/dist/cli/install/runtime-migrate.d.mts.map +1 -1
- package/dist/cli/install/runtime-migrate.mjs +63 -30
- package/dist/cli/install/runtime-migrate.mjs.map +1 -1
- package/dist/cli/install/transforms/codex.d.mts.map +1 -1
- package/dist/cli/install/transforms/codex.mjs +28 -17
- package/dist/cli/install/transforms/codex.mjs.map +1 -1
- package/dist/cli/skill-author/contract.mjs +2 -2
- package/dist/cli/skill-author/contract.mjs.map +1 -1
- package/dist/cli/verify-proof/audit.d.mts +34 -0
- package/dist/cli/verify-proof/audit.d.mts.map +1 -0
- package/dist/cli/verify-proof/audit.mjs +53 -0
- package/dist/cli/verify-proof/audit.mjs.map +1 -0
- package/dist/cli/verify-proof/exec.d.mts +20 -0
- package/dist/cli/verify-proof/exec.d.mts.map +1 -0
- package/dist/cli/verify-proof/exec.mjs +74 -0
- package/dist/cli/verify-proof/exec.mjs.map +1 -0
- package/dist/cli/verify-proof/idl/index.d.mts +2 -0
- package/dist/cli/verify-proof/idl/index.d.mts.map +1 -0
- package/dist/cli/verify-proof/idl/index.mjs +13 -0
- package/dist/cli/verify-proof/idl/index.mjs.map +1 -0
- package/dist/cli/verify-proof/idl/types.d.ts +10 -0
- package/dist/cli/verify-proof/idl/types.d.ts.map +1 -0
- package/dist/cli/verify-proof/idl/types.js +10 -0
- package/dist/cli/verify-proof/idl/types.js.map +1 -0
- package/dist/cli/verify-proof/manifest-validator.d.mts +19 -0
- package/dist/cli/verify-proof/manifest-validator.d.mts.map +1 -0
- package/dist/cli/verify-proof/manifest-validator.mjs +182 -0
- package/dist/cli/verify-proof/manifest-validator.mjs.map +1 -0
- package/dist/cli/verify-proof/resolver.d.mts +105 -0
- package/dist/cli/verify-proof/resolver.d.mts.map +1 -0
- package/dist/cli/verify-proof/resolver.mjs +320 -0
- package/dist/cli/verify-proof/resolver.mjs.map +1 -0
- package/dist/cli/verify-proof/runtime-detect.d.mts +30 -0
- package/dist/cli/verify-proof/runtime-detect.d.mts.map +1 -0
- package/dist/cli/verify-proof/runtime-detect.mjs +209 -0
- package/dist/cli/verify-proof/runtime-detect.mjs.map +1 -0
- package/dist/cli/verify-proof/trust.d.mts +70 -0
- package/dist/cli/verify-proof/trust.d.mts.map +1 -0
- package/dist/cli/verify-proof/trust.mjs +174 -0
- package/dist/cli/verify-proof/trust.mjs.map +1 -0
- package/dist/driver-sdk/conformance.d.ts +41 -0
- package/dist/driver-sdk/conformance.d.ts.map +1 -0
- package/dist/driver-sdk/conformance.js +123 -0
- package/dist/driver-sdk/conformance.js.map +1 -0
- package/dist/driver-sdk/errors.d.ts +75 -0
- package/dist/driver-sdk/errors.d.ts.map +1 -0
- package/dist/driver-sdk/errors.js +80 -0
- package/dist/driver-sdk/errors.js.map +1 -0
- package/dist/driver-sdk/idl.d.ts +221 -0
- package/dist/driver-sdk/idl.d.ts.map +1 -0
- package/dist/driver-sdk/idl.js +140 -0
- package/dist/driver-sdk/idl.js.map +1 -0
- package/dist/driver-sdk/index.d.ts +28 -0
- package/dist/driver-sdk/index.d.ts.map +1 -0
- package/dist/driver-sdk/index.js +28 -0
- package/dist/driver-sdk/index.js.map +1 -0
- package/dist/driver-sdk/manifest.d.ts +93 -0
- package/dist/driver-sdk/manifest.d.ts.map +1 -0
- package/dist/driver-sdk/manifest.js +12 -0
- package/dist/driver-sdk/manifest.js.map +1 -0
- package/dist/driver-sdk/retry.d.ts +33 -0
- package/dist/driver-sdk/retry.d.ts.map +1 -0
- package/dist/driver-sdk/retry.js +50 -0
- package/dist/driver-sdk/retry.js.map +1 -0
- package/dist/plugin/.claude-plugin/plugin.json +4 -1
- package/dist/plugin/agents/apt-planner.md +39 -7
- package/dist/plugin/skills/apt/SKILL.md +75 -6
- package/dist/plugin/skills/apt-caveman/SKILL.md +64 -0
- package/dist/plugin/skills/apt-debug/SKILL.md +36 -4
- package/dist/plugin/skills/apt-debug/appendices/diagnose-discipline.md +2 -11
- package/dist/plugin/skills/apt-discuss/SKILL.md +4 -4
- package/dist/plugin/skills/apt-discuss/appendices/grill-discipline.md +2 -11
- package/dist/plugin/skills/apt-discuss/appendices/zoom-out-helper.md +0 -8
- package/dist/plugin/skills/apt-execute/SKILL.md +27 -4
- package/dist/plugin/skills/apt-execute/appendices/tdd-mode.md +2 -10
- package/dist/plugin/skills/apt-fan-out/SKILL.md +36 -1
- package/dist/plugin/skills/apt-handoff/SKILL.md +228 -0
- package/dist/plugin/skills/apt-improve/DEEPENING.md +0 -8
- package/dist/plugin/skills/apt-improve/INTERFACE-DESIGN.md +0 -8
- package/dist/plugin/skills/apt-improve/LANGUAGE.md +0 -8
- package/dist/plugin/skills/apt-improve/SKILL.md +4 -4
- package/dist/plugin/skills/apt-plan/SKILL.md +73 -5
- package/dist/plugin/skills/apt-plan/adapters/conductor.md +1 -1
- package/dist/plugin/skills/apt-pr-review/SKILL.md +1 -1
- package/dist/plugin/skills/apt-prototype/LOGIC.md +0 -8
- package/dist/plugin/skills/apt-prototype/SKILL.md +4 -4
- package/dist/plugin/skills/apt-prototype/UI.md +0 -8
- package/dist/plugin/skills/apt-quick/SKILL.md +31 -1
- package/dist/plugin/skills/apt-research/SKILL.md +526 -0
- package/dist/plugin/skills/apt-research/appendices/budget-loop.md +397 -0
- package/dist/plugin/skills/apt-research/appendices/claim-graph-schema.md +206 -0
- package/dist/plugin/skills/apt-research/appendices/domain-tools.md +236 -0
- package/dist/plugin/skills/apt-resume/SKILL.md +54 -31
- package/dist/plugin/skills/apt-run/SKILL.md +114 -16
- package/dist/plugin/skills/apt-setup/SKILL.md +97 -8
- package/dist/plugin/skills/apt-ship/SKILL.md +165 -9
- package/dist/plugin/skills/apt-spar/SKILL.md +84 -23
- package/dist/plugin/skills/apt-triage/AGENT-BRIEF.md +0 -8
- package/dist/plugin/skills/apt-triage/OUT-OF-SCOPE.md +0 -7
- package/dist/plugin/skills/apt-triage/SKILL.md +2 -2
- package/dist/plugin/skills/apt-update/SKILL.md +74 -17
- package/dist/plugin/skills/apt-verify-proof/SKILL.md +87 -1
- package/dist/plugin/skills/apt-zoom-out/SKILL.md +3 -3
- package/dist/schemas/quick-task.d.ts +17 -17
- package/dist/schemas/quick-task.d.ts.map +1 -1
- package/dist/schemas/quick-task.js +2 -2
- package/dist/schemas/quick-task.js.map +1 -1
- package/dist/types/config.d.ts +33 -0
- package/dist/types/config.d.ts.map +1 -1
- package/dist/types/state.d.ts +1 -1
- package/dist/types/state.d.ts.map +1 -1
- package/dist/types/task-record.d.ts +1 -1
- package/dist/types/task-record.d.ts.map +1 -1
- package/drivers/.gitkeep +0 -0
- package/drivers/api/README.md +40 -0
- package/drivers/api/driver.mjs +59 -0
- package/drivers/api/manifest.json +26 -0
- package/drivers/browser/README.md +105 -0
- package/drivers/browser/driver.mjs +134 -0
- package/drivers/browser/manifest.json +35 -0
- package/drivers/cli/README.md +44 -0
- package/drivers/cli/driver.mjs +62 -0
- package/drivers/cli/manifest.json +28 -0
- package/drivers/electron/README.md +64 -0
- package/drivers/electron/driver.mjs +87 -0
- package/drivers/electron/manifest.json +37 -0
- package/package.json +138 -133
- package/prompts/planner.md +1 -1
- package/prompts/spec_writer.md +1 -1
- package/skills/apt/SKILL.md +75 -6
- package/skills/apt-caveman/SKILL.md +64 -0
- package/skills/apt-debug/SKILL.md +36 -4
- package/skills/apt-debug/appendices/diagnose-discipline.md +2 -11
- package/skills/apt-discuss/SKILL.md +4 -4
- package/skills/apt-discuss/appendices/grill-discipline.md +2 -11
- package/skills/apt-discuss/appendices/zoom-out-helper.md +0 -8
- package/skills/apt-execute/SKILL.md +27 -4
- package/skills/apt-execute/appendices/tdd-mode.md +2 -10
- package/skills/apt-fan-out/SKILL.md +36 -1
- package/skills/apt-handoff/SKILL.md +228 -0
- package/skills/apt-improve/DEEPENING.md +0 -8
- package/skills/apt-improve/INTERFACE-DESIGN.md +0 -8
- package/skills/apt-improve/LANGUAGE.md +0 -8
- package/skills/apt-improve/SKILL.md +4 -4
- package/skills/apt-plan/SKILL.md +73 -5
- package/skills/apt-plan/adapters/conductor.md +1 -1
- package/skills/apt-planner.md +17 -1
- package/skills/apt-pr-review/SKILL.md +1 -1
- package/skills/apt-prototype/LOGIC.md +0 -8
- package/skills/apt-prototype/SKILL.md +4 -4
- package/skills/apt-prototype/UI.md +0 -8
- package/skills/apt-quick/SKILL.md +31 -1
- package/skills/apt-research/SKILL.md +526 -0
- package/skills/apt-research/appendices/budget-loop.md +397 -0
- package/skills/apt-research/appendices/claim-graph-schema.md +206 -0
- package/skills/apt-research/appendices/domain-tools.md +236 -0
- package/skills/apt-resume/SKILL.md +54 -31
- package/skills/apt-run/SKILL.md +114 -16
- package/skills/apt-setup/SKILL.md +97 -8
- package/skills/apt-ship/SKILL.md +165 -9
- package/skills/apt-spar/SKILL.md +84 -23
- package/skills/apt-triage/AGENT-BRIEF.md +0 -8
- package/skills/apt-triage/OUT-OF-SCOPE.md +0 -7
- package/skills/apt-triage/SKILL.md +2 -2
- package/skills/apt-update/SKILL.md +74 -17
- package/skills/apt-verify-proof/SKILL.md +87 -1
- package/skills/apt-zoom-out/SKILL.md +3 -3
- package/src/cli/commands/adr.mjs +1 -1
- package/src/cli/commands/audit-branch-current.mjs +250 -0
- package/src/cli/commands/audit.mjs +13 -2
- package/src/cli/commands/check-version.mjs +20 -1
- package/src/cli/commands/context.mjs +3 -3
- package/src/cli/commands/coverage-check.mjs +126 -44
- package/src/cli/commands/detect-runtime.mjs +143 -0
- package/src/cli/commands/driver-doctor.mjs +294 -0
- package/src/cli/commands/gate.mjs +15 -0
- package/src/cli/commands/init.mjs +9 -6
- package/src/cli/commands/install-from-source.mjs +1 -0
- package/src/cli/commands/modes.mjs +1 -1
- package/src/cli/commands/route.mjs +42 -1
- package/src/cli/commands/triage.mjs +1 -1
- package/src/cli/config/load.mjs +9 -3
- package/src/cli/coordination/auto-emit-artifact-ready.mjs +1 -1
- package/src/cli/coordination/event-schema.mjs +19 -0
- package/src/cli/coverage-check/user-outcomes.mjs +273 -0
- package/src/cli/dispatch.mjs +17 -1
- package/src/cli/gate/context.mjs +20 -1
- package/src/cli/gate/gates/consistency-check.mjs +1 -0
- package/src/cli/gate/gates/review-clean.mjs +1 -0
- package/src/cli/gate/gates/verify-approved.mjs +1 -0
- package/src/cli/gate/registry.mjs +11 -1
- package/src/cli/host/detect.mjs +1 -1
- package/src/cli/install/find-workspace-framework-version.mjs +88 -0
- package/src/cli/install/install-from-source.mjs +276 -0
- package/src/cli/install/install-kernel.mjs +24 -0
- package/src/cli/install/legacy-paths.mjs +164 -39
- package/src/cli/install/runtime-detect.mjs +1 -1
- package/src/cli/install/runtime-migrate.mjs +63 -30
- package/src/cli/install/transforms/codex.mjs +26 -17
- package/src/cli/skill-author/contract.mjs +2 -2
- package/src/cli/verify-proof/.gitkeep +0 -0
- package/src/cli/verify-proof/audit.mjs +55 -0
- package/src/cli/verify-proof/exec.mjs +74 -0
- package/src/cli/verify-proof/idl/index.mjs +23 -0
- package/src/cli/verify-proof/idl/types.ts +42 -0
- package/src/cli/verify-proof/manifest-schema.json +212 -0
- package/src/cli/verify-proof/manifest-validator.mjs +184 -0
- package/src/cli/verify-proof/resolver.mjs +330 -0
- package/src/cli/verify-proof/runtime-detect.mjs +211 -0
- package/src/cli/verify-proof/trust.mjs +187 -0
- package/templates/adr-format.md +0 -8
- package/templates/aperant-claude-md-appendix.md +1 -1
- package/templates/context-format.md +1 -9
- package/templates/proof-verification.md +51 -8
- package/workflows/verify-proof.md +130 -19
|
@@ -31,8 +31,8 @@ This skill moves a task through a 5-state machine. The state machine
|
|
|
31
31
|
runs identically regardless of backend (local-only / github-issues /
|
|
32
32
|
app-inbox); only the mirror destination changes.
|
|
33
33
|
|
|
34
|
-
**
|
|
35
|
-
OUT-OF-SCOPE.md sub-files ported from
|
|
34
|
+
**Aperant adoption attribution.** State machine + AGENT-BRIEF.md +
|
|
35
|
+
OUT-OF-SCOPE.md sub-files ported from
|
|
36
36
|
`triage` skill. Aperant-specific extensions:
|
|
37
37
|
|
|
38
38
|
- Backend abstraction (configured at `apt:setup` Batch 8 — task_tracking.backend)
|
|
@@ -49,13 +49,14 @@ The cache file is at `~/.cache/aperant/apt-update-check.json`. It contains `runt
|
|
|
49
49
|
node .aperant/deps/node_modules/@aperant/framework/bin/apt-tools.mjs check-version . --json
|
|
50
50
|
```
|
|
51
51
|
|
|
52
|
-
Parse the JSON. From 0.6.7 the envelope merges the SessionStart worker's cache (when fresh — written within the last hour to `~/.cache/aperant/apt-update-check.json`). Capture:
|
|
52
|
+
Parse the JSON. From 0.6.7 the envelope merges the SessionStart worker's cache (when fresh — written within the last hour to `~/.cache/aperant/apt-update-check.json`). From 0.8.3 it also carries the workspace-aware `framework.workspace_version` field (Bundle A). Capture:
|
|
53
53
|
|
|
54
54
|
- `framework.installed_version` — what's currently on disk
|
|
55
55
|
- `framework.latest_version` — what npm reports as the latest published version (MAY BE `null` when the worker cache is stale / missing / wrong schema)
|
|
56
|
+
- `framework.workspace_version` — set when a workspace `packages/framework/package.json` (with `name === "@aperant/framework"`) is found above the project root; null otherwise. When non-null AND ahead of `installed_version`, the workspace is the source of truth for self-host contributors (auto-detect, no `--from-source` required).
|
|
56
57
|
- `runtimes[]` — list of installed runtime ids + per-runtime `stale_files` count
|
|
57
58
|
- `stale_files_total` — drift tally across runtimes
|
|
58
|
-
- `update_available` — true when worker cache is fresh AND `installed_version < latest_version`
|
|
59
|
+
- `update_available` — true when worker cache is fresh AND `installed_version < latest_version`, OR when `workspace_version > installed_version` (Bundle A — fires regardless of npm cache state)
|
|
59
60
|
- `dev_install_ahead` — true when local kernel is ahead of published (typical local dev)
|
|
60
61
|
- `not_published` — true when npm returned 404 (package not yet on registry)
|
|
61
62
|
- `lookup_error` — non-null when npm view failed for any non-404 reason (timeout, ENETDOWN, etc.)
|
|
@@ -64,11 +65,20 @@ The envelope is **single-shape** — every field above is always present. When t
|
|
|
64
65
|
|
|
65
66
|
If `runtimes[]` is empty, tell the user they haven't installed Aperant into any runtime yet and suggest `apt-tools init . --claude` (or their preferred runtime). Stop.
|
|
66
67
|
|
|
67
|
-
## 1.5.
|
|
68
|
+
## 1.5. Workspace-aware bump — auto-detect dev-host self-host (Bundle A)
|
|
68
69
|
|
|
69
|
-
The Aperant kernel lives at `.aperant/deps/node_modules/@aperant/framework/`. `apt-tools init` re-installs runtime files at THE LOCAL KERNEL'S VERSION — so a stale kernel means `/apt:update` re-stamps manifests at the OLD version
|
|
70
|
+
The Aperant kernel lives at `.aperant/deps/node_modules/@aperant/framework/`. `apt-tools init` re-installs runtime files at THE LOCAL KERNEL'S VERSION — so a stale kernel means `/apt:update` re-stamps manifests at the OLD version. Bump the kernel BEFORE invoking init.
|
|
70
71
|
|
|
71
|
-
|
|
72
|
+
**FIRST**, branch on `framework.workspace_version` from step 1's envelope (Bundle A — automatic on every `/apt:update` run, no flag required):
|
|
73
|
+
|
|
74
|
+
- When `workspace_version` is non-null AND ahead of `installed_version` — the user is an Aperant contributor self-hosting the framework, and a same-PR change bumped `packages/framework/package.json:version`. The workspace is the source of truth (NOT npm). Proceed to §1.7's workspace-pack mechanism. Skip §1.6 (npm view).
|
|
75
|
+
- When `workspace_version` is null OR equal to `installed_version` — no workspace package, OR workspace + kernel already match. Fall through to §1.6 (npm bump path).
|
|
76
|
+
|
|
77
|
+
This auto-detection replaces the previous "user must remember `--from-source`" footgun. The `--from-source` flag is still honored as an explicit override (§1.7) for: (a) testing pre-publish bumps even when auto-detect didn't fire, (b) forcing the workspace path when a stale `latest_version > workspace_version`.
|
|
78
|
+
|
|
79
|
+
## 1.6. Bump the local kernel from npm when newer is available
|
|
80
|
+
|
|
81
|
+
When §1.5 fell through (no workspace-ahead signal), resolve `latest_version` from npm. First, resolve `latest_version` when the envelope had `null` (stale cache).
|
|
72
82
|
|
|
73
83
|
**Timeout enforcement (ID-04):** The `npm view` call must complete within 10 s — never block the user longer than the SessionStart worker would. Use npm's `--fetch-timeout` flag as the primary mechanism (universally portable across all npm versions); it sets the HTTP fetch timeout in milliseconds:
|
|
74
84
|
|
|
@@ -90,17 +100,47 @@ npm install --prefix .aperant/deps @aperant/framework@<latest_version> --no-save
|
|
|
90
100
|
|
|
91
101
|
On `npm 404` (`E404` in stderr) treat it as `not_published` and skip the kernel bump (proceed to step 3). On any other npm failure, surface the npm stderr verbatim and STOP — do NOT proceed to init with a half-installed kernel.
|
|
92
102
|
|
|
93
|
-
## 1.
|
|
103
|
+
## 1.7. Self-host case — bump from local workspace (FRAMEWORK-BUG-017)
|
|
104
|
+
|
|
105
|
+
Fires when EITHER §1.5's workspace-ahead auto-detect signaled it, OR the user invoked `/apt:update --from-source` as an explicit override, OR the route envelope's `update_check.reason` mentions `workspace source ahead of installed kernel`. The source of truth is the local `packages/framework/` workspace — NOT npm. This is the Aperant-contributor self-host case: a same-PR framework fix bumps the workspace `packages/framework/package.json:version` but the kernel under `.aperant/deps/node_modules/@aperant/framework/` still reflects the previous version. §1.6's `npm view` would fetch the published version (still the OLD one), so we skip it.
|
|
106
|
+
|
|
107
|
+
The reliable bump mechanism is the `apt-tools install-from-source` subcommand (Bundle D), which packs the framework AND every `workspace:*` dep (transitively) into a single `npm install --prefix` invocation. Handles the same-PR unpublished-pair case (e.g. `framework@0.8.3` + `driver-sdk@0.2.0` both at `workspace:*`, both unpublished) without `EUNSUPPORTEDPROTOCOL`.
|
|
108
|
+
|
|
109
|
+
```bash
|
|
110
|
+
node .aperant/deps/node_modules/@aperant/framework/bin/apt-tools.mjs install-from-source . --json
|
|
111
|
+
```
|
|
112
|
+
|
|
113
|
+
Parse the returned envelope:
|
|
114
|
+
|
|
115
|
+
```json
|
|
116
|
+
{
|
|
117
|
+
"status": "ok",
|
|
118
|
+
"command": "install-from-source",
|
|
119
|
+
"tarballs": ["/tmp/aperant-driver-sdk-0.2.0.tgz", "/tmp/aperant-framework-0.8.3.tgz"],
|
|
120
|
+
"kernel_path": "/path/to/project/.aperant/deps/node_modules/@aperant/framework/bin/apt-tools.mjs"
|
|
121
|
+
}
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
Capture `tarballs[]` count and `kernel_path` for the Scenario A summary line (the kernel-version slot reads from `kernel_path`'s parent `package.json` rather than a static `{latest_version}` format string when this branch fired).
|
|
125
|
+
|
|
126
|
+
On `status: 'error'`, the envelope carries an `error` field with the underlying failure (e.g. `pnpm pack ... exited with N`, `no @aperant/framework workspace found`, etc.). Surface it verbatim and STOP — do NOT proceed to init with a half-installed kernel.
|
|
127
|
+
|
|
128
|
+
If `--from-source` was passed but `install-from-source` returns `no @aperant/framework workspace found`, surface a one-line error (`⚠ --from-source: no workspace package.json found — falling back to npm`) and proceed with the standard §1.6 npm path.
|
|
129
|
+
|
|
130
|
+
Then proceed to step 3 to re-install the runtime files at the new kernel version. Skip step 4 (cache clear) — the cache is keyed on `latest_version` from npm, and a `--from-source` bump never wrote to it, so there's nothing to invalidate.
|
|
94
131
|
|
|
95
|
-
|
|
132
|
+
### What `install-from-source` does under the hood
|
|
96
133
|
|
|
97
|
-
The
|
|
134
|
+
The `apt-tools install-from-source` helper materializes the workspace chain end-to-end. This is the equivalent manual recipe — useful for debugging or for users who want to understand the mechanism. **Prefer the one-line invocation above** unless you have a reason to do it by hand:
|
|
98
135
|
|
|
99
|
-
|
|
136
|
+
⚠ Do NOT substitute `npm pack` — it leaves `workspace:*` literal in the tarball's package.json and breaks `npm install --prefix` with `EUNSUPPORTEDPROTOCOL`. Only `pnpm pack` resolves workspace protocols.
|
|
100
137
|
|
|
101
138
|
```bash
|
|
102
|
-
#
|
|
139
|
+
# 0. Ensure the dep closure is materialized — the `...` suffix installs transitive workspace deps.
|
|
103
140
|
cd <workspace-root>
|
|
141
|
+
pnpm install --filter @aperant/framework... --frozen-lockfile=false
|
|
142
|
+
|
|
143
|
+
# 1. Pack the workspace source into a versioned tarball.
|
|
104
144
|
pnpm --filter @aperant/framework pack --pack-destination /tmp
|
|
105
145
|
|
|
106
146
|
# 2. Install the tarball into the project's kernel root.
|
|
@@ -108,19 +148,16 @@ cd <project-root>
|
|
|
108
148
|
npm install --prefix .aperant/deps /tmp/aperant-framework-<version>.tgz --no-save --no-package-lock --no-audit --no-fund
|
|
109
149
|
```
|
|
110
150
|
|
|
111
|
-
|
|
112
|
-
|
|
113
|
-
If `--from-source` was passed but no `packages/framework/package.json` is found anywhere above the project root, surface a one-line error (`⚠ --from-source: no workspace package.json found — falling back to npm`) and proceed with the standard step 1.5 npm path.
|
|
114
|
-
|
|
115
|
-
Then proceed to step 3 to re-install the runtime files at the new kernel version. Skip step 4 (cache clear) — the cache is keyed on `latest_version` from npm, and a `--from-source` bump never wrote to it, so there's nothing to invalidate.
|
|
151
|
+
The manual recipe DOES NOT handle workspace:* deps transitively — for a same-PR pair (framework + driver-sdk both at `workspace:*`), you would need to pnpm-pack each dep separately and pass every tarball to the single `npm install --prefix` call. The `apt-tools install-from-source` subcommand walks `dependencies` + `peerDependencies` automatically.
|
|
116
152
|
|
|
117
153
|
## 2. Classify the update scenario
|
|
118
154
|
|
|
119
155
|
Pick ONE of three scenarios based on what you parsed in step 1:
|
|
120
156
|
|
|
121
|
-
- **A. Version bump available** — `installed_version !== latest_version` (regardless of drift). Users see this most often. Step 1.5 bumped the kernel; step 3 re-stamps manifests at the new version.
|
|
122
|
-
- **B. Drift only** — `installed_version === latest_version` but `stale_files_total > 0`. User hand-edited an installed file or something was partially overwritten.
|
|
157
|
+
- **A. Version bump available** — `latest_version != null && installed_version !== latest_version` (regardless of drift). Users see this most often. Step 1.5 (workspace) or 1.6 (npm) bumped the kernel; step 3 re-stamps manifests at the new version. **Important:** the `latest_version != null` guard prevents this scenario from firing when npm-latest is unknown (cache stale, package not published, network down — see Scenario E for that case).
|
|
158
|
+
- **B. Drift only** — `installed_version === latest_version` but `stale_files_total > 0`. User hand-edited an installed file or something was partially overwritten. Steps 1.5 / 1.6 were no-ops; step 3 still needs `--force-runtimes` to re-stamp.
|
|
123
159
|
- **C. Nothing to do** — `installed_version === latest_version` AND `stale_files_total === 0`. Still re-run init with `--force-runtimes` to refresh manifests + cache, but tell the user plainly that no version change happened.
|
|
160
|
+
- **E. No version info available** — `latest_version === null` (cache stale OR package not published OR network down) AND `stale_files_total === 0`. Step 1.5 was a no-op (no workspace-ahead signal), step 1.6 found no usable npm version. Step 3 still re-stamps runtime files for safety, but the skill does NOT claim a version bump happened.
|
|
124
161
|
|
|
125
162
|
## 3. Re-install the currently-installed runtimes
|
|
126
163
|
|
|
@@ -169,6 +206,7 @@ Use the format in `<output_format>` below, tailored to the scenario from step 2.
|
|
|
169
206
|
{install_root_basename} {file_count} files refreshed
|
|
170
207
|
{install_root_basename} {file_count} files refreshed
|
|
171
208
|
.aperant/deps/ kernel v{latest_version}
|
|
209
|
+
Migrated: legacy .codex/agents/* swept ({removed_count} files removed)
|
|
172
210
|
|
|
173
211
|
Next: restart Claude Code / Codex to activate the refreshed skills.
|
|
174
212
|
```
|
|
@@ -194,6 +232,7 @@ Example:
|
|
|
194
232
|
|
|
195
233
|
{install_root_basename} {file_count} files ({stale_count} refreshed)
|
|
196
234
|
{install_root_basename} {file_count} files
|
|
235
|
+
Migrated: legacy .codex/agents/* swept ({removed_count} files removed)
|
|
197
236
|
|
|
198
237
|
Statusline chip cleared.
|
|
199
238
|
```
|
|
@@ -205,10 +244,28 @@ Example:
|
|
|
205
244
|
|
|
206
245
|
{install_root_basename} {file_count} files
|
|
207
246
|
{install_root_basename} {file_count} files
|
|
247
|
+
Migrated: legacy .codex/agents/* swept ({removed_count} files removed)
|
|
208
248
|
|
|
209
249
|
No changes applied. Statusline cache cleared.
|
|
210
250
|
```
|
|
211
251
|
|
|
252
|
+
## Scenario E — no version info available
|
|
253
|
+
|
|
254
|
+
```
|
|
255
|
+
⚠ Aperant version info unavailable — refreshed runtime files only
|
|
256
|
+
|
|
257
|
+
Reason: {lookup_error || 'cache stale / not published'}
|
|
258
|
+
{install_root_basename} {file_count} files
|
|
259
|
+
{install_root_basename} {file_count} files
|
|
260
|
+
Migrated: legacy .codex/agents/* swept ({removed_count} files removed)
|
|
261
|
+
|
|
262
|
+
Run /apt:update again later to bump the kernel when npm view becomes reachable.
|
|
263
|
+
```
|
|
264
|
+
|
|
265
|
+
Scenario E fires when `latest_version === null` AND `stale_files_total === 0`. Step 1.5 (workspace-aware) was a no-op (no workspace-ahead signal); step 1.6 (npm view) returned null (cache stale, not published, or network down). The runtime refresh in step 3 still happens — the skill just does NOT claim a bump occurred.
|
|
266
|
+
|
|
267
|
+
**`Migrated:` slot — conditional render.** The `Migrated:` line in Scenarios A / B / C / E fires ONLY when `init.legacy_cleanup?.ran === true && init.legacy_cleanup.rmdirs.some(p => p.includes('.codex'))`. When no migration happened, OMIT the line entirely (do NOT render an empty placeholder). The label reports the legacy Codex topology sweep (v0.7/v0.8 `.codex/agents/` + `.codex/commands/` misdirect → v0.8.2+ canonical `.agents/skills/<folder>/SKILL.md`) so users understand what changed under `.codex/` on disk.
|
|
268
|
+
|
|
212
269
|
## Scenario D — kernel install failed
|
|
213
270
|
|
|
214
271
|
If init's `kernel.status !== "installed"`, append a warning ABOVE the summary:
|
|
@@ -40,9 +40,95 @@ an action, evidence, and a verdict. No hallucinated passes.
|
|
|
40
40
|
- For code review — use `/apt:review`
|
|
41
41
|
- If no UI/visual changes were made — `/apt:verify` is faster
|
|
42
42
|
|
|
43
|
+
## Driver Architecture
|
|
44
|
+
|
|
45
|
+
`/apt:verify-proof` is **runtime-agnostic** — the workflow refers to IDL
|
|
46
|
+
verbs (`driver.click`, `driver.screenshot`, `driver.navigate`, ...) and
|
|
47
|
+
NEVER to concrete MCP tool names (per ID-01). The driver layer at
|
|
48
|
+
`packages/framework/drivers/<id>/` maps verbs to transports.
|
|
49
|
+
|
|
50
|
+
### Auto-detect
|
|
51
|
+
|
|
52
|
+
The resolver auto-selects the highest-scoring driver per ID-02
|
|
53
|
+
(capability_coverage > compatibility > stability > priority > locality).
|
|
54
|
+
Preview the selection before running verify-proof:
|
|
55
|
+
|
|
56
|
+
```bash
|
|
57
|
+
apt-tools detect-runtime .
|
|
58
|
+
# → { runtime: {is_electron, is_nextjs, ...}, selected_driver_id: "..." }
|
|
59
|
+
```
|
|
60
|
+
|
|
61
|
+
v0.8.6 — the runtime detector now walks `apps/*/package.json` by
|
|
62
|
+
default and OR-merges each child's capabilities into the root. The
|
|
63
|
+
canonical Aperant monorepo (Electron at `apps/desktop`, Next.js at
|
|
64
|
+
`apps/web`) now reports `is_electron: true` AND `is_nextjs: true`
|
|
65
|
+
without any config override.
|
|
66
|
+
|
|
67
|
+
### Per-outcome dispatch (v0.8.6+)
|
|
68
|
+
|
|
69
|
+
When the spec ships `## User Outcomes` (the verify-proof input
|
|
70
|
+
contract — see CLAUDE.md), the workflow runner imports
|
|
71
|
+
`resolveDriversForOutcomes()` from the resolver module and picks a
|
|
72
|
+
driver PER OUTCOME SURFACE instead of a single per-run driver pick.
|
|
73
|
+
|
|
74
|
+
```js
|
|
75
|
+
import { resolveDriversForOutcomes } from '.aperant/deps/node_modules/@aperant/framework/src/cli/verify-proof/resolver.mjs'
|
|
76
|
+
|
|
77
|
+
const entries = resolveDriversForOutcomes({
|
|
78
|
+
drivers, runtime,
|
|
79
|
+
outcomes: parsed.outcomes, // from parseUserOutcomes(spec)
|
|
80
|
+
})
|
|
81
|
+
// → [{outcome_id: "O1", surface: "electron", driver: {...}}, ...]
|
|
82
|
+
// For [electron+web] outcomes, two entries share the same outcome_id.
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
The legacy `apt-tools detect-runtime` still answers the per-run
|
|
86
|
+
"which driver would be picked?" question for the override preview.
|
|
87
|
+
For the per-outcome dispatch (the new contract), import
|
|
88
|
+
`resolveDriversForOutcomes` directly.
|
|
89
|
+
|
|
90
|
+
### Override
|
|
91
|
+
|
|
92
|
+
Force a specific driver chain in `.aperant/config.json`:
|
|
93
|
+
|
|
94
|
+
```json
|
|
95
|
+
{ "verification": { "runtimes": ["electron", "cli"] } }
|
|
96
|
+
```
|
|
97
|
+
|
|
98
|
+
v0.8.6 — `verification.monorepo_globs` is the new opt-out for the
|
|
99
|
+
monorepo walk. The walk now runs by default — adopters whose
|
|
100
|
+
monorepo lives at a non-canonical prefix
|
|
101
|
+
(`packages/apps/*`, `services/*`) override via
|
|
102
|
+
`verification.monorepo_globs: ["packages/apps/*"]`; set to `[]` to
|
|
103
|
+
disable the walk entirely (root-only behaviour, backwards compat).
|
|
104
|
+
The `verification.runtimes[]` override stays the final escape hatch
|
|
105
|
+
and is now usually unnecessary because the walk runs by default.
|
|
106
|
+
|
|
107
|
+
### Bundled drivers (4)
|
|
108
|
+
|
|
109
|
+
- **browser** (priority=100, ga) — Next.js / vanilla web frontends.
|
|
110
|
+
- **electron** (priority=90, ga) — Electron desktop apps.
|
|
111
|
+
- **cli** (priority=60, ga) — headless CI, output-shape assertions.
|
|
112
|
+
- **api** (priority=50, ga) — HTTP / JSON-API regression tests.
|
|
113
|
+
|
|
114
|
+
### Driver authors
|
|
115
|
+
|
|
116
|
+
Third-party driver authors should run `apt-tools driver doctor .` before
|
|
117
|
+
publishing to validate manifest schema + IDL conformance:
|
|
118
|
+
|
|
119
|
+
```bash
|
|
120
|
+
apt-tools driver doctor .
|
|
121
|
+
# → { drivers: [{driverId, manifest_valid, idl_conformant, ...}], summary: {...} }
|
|
122
|
+
```
|
|
123
|
+
|
|
124
|
+
IDL types, error taxonomy, and conformance kit live inside the framework
|
|
125
|
+
itself under `packages/framework/src/driver-sdk/` — see that directory's
|
|
126
|
+
public-api-lock test for the surface contract.
|
|
127
|
+
|
|
43
128
|
## Execution
|
|
44
129
|
|
|
45
|
-
Execute the verify-proof workflow end-to-end
|
|
130
|
+
Execute the verify-proof workflow end-to-end using IDL verbs (the driver
|
|
131
|
+
maps verbs to its transport — MCP server, local command, HTTP):
|
|
46
132
|
|
|
47
133
|
<execution_context>
|
|
48
134
|
@packages/framework/workflows/verify-proof.md
|
|
@@ -26,8 +26,8 @@ Tiny skill. High signal. The user named an area; you produce a one-page
|
|
|
26
26
|
orientation so they (or a future agent) can plan or edit without
|
|
27
27
|
re-learning the codebase from scratch.
|
|
28
28
|
|
|
29
|
-
**
|
|
30
|
-
discipline. Aperant's router is dynamic and LLM-driven, so unlike
|
|
29
|
+
**Aperant adoption note.** This skill descends from 's `zoom-out`
|
|
30
|
+
discipline. Aperant's router is dynamic and LLM-driven, so unlike 's
|
|
31
31
|
upstream this skill is **router-invocable** (no `disable-model-invocation:
|
|
32
32
|
true` flag). The work-intent — "give me a broader picture of X" — is
|
|
33
33
|
genuine and the router resolves natural-language triggers without forcing
|
|
@@ -37,7 +37,7 @@ the user to remember the verb name.
|
|
|
37
37
|
|
|
38
38
|
- Dropped into a new module / package / area of the monorepo
|
|
39
39
|
- About to plan a feature that crosses an unfamiliar boundary
|
|
40
|
-
- The codebase has CONTEXT.md (
|
|
40
|
+
- The codebase has CONTEXT.md (Aperant glossary) and you want to load it
|
|
41
41
|
alongside the structural map
|
|
42
42
|
|
|
43
43
|
## When Not to Use
|
package/src/cli/commands/adr.mjs
CHANGED
|
@@ -0,0 +1,250 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* commands/audit-branch-current.mjs — pre-PR rebase gate envelope for apt:ship §0.7.
|
|
3
|
+
*
|
|
4
|
+
* Pure read-only branch-drift audit. Given a base ref (default `main`), reports
|
|
5
|
+
* how many commits HEAD is ahead/behind `origin/<base>`, captures the current
|
|
6
|
+
* `origin/<base>` tip SHA (the lease target for any subsequent
|
|
7
|
+
* `--force-with-lease=refs/heads/<branch>:<sha>` push), and probes whether a
|
|
8
|
+
* trial merge against the remote tip would conflict.
|
|
9
|
+
*
|
|
10
|
+
* Single network call: `git fetch origin <base>`. Fetch failure is recovered
|
|
11
|
+
* as `audit_warning: 'fetch-failed'` — the envelope still returns, just with
|
|
12
|
+
* stale counts. No `git rebase`, no `git push`, no `git reset` — the SKILL.md
|
|
13
|
+
* prose owns history rewrites.
|
|
14
|
+
*
|
|
15
|
+
* Envelope:
|
|
16
|
+
*
|
|
17
|
+
* {
|
|
18
|
+
* status: 'ok',
|
|
19
|
+
* command: 'audit-branch-current',
|
|
20
|
+
* projectDir: string,
|
|
21
|
+
* base: string,
|
|
22
|
+
* ahead: number, // commits HEAD has over origin/<base>
|
|
23
|
+
* behind: number, // commits origin/<base> has over HEAD
|
|
24
|
+
* remote_tip_sha: string | null, // origin/<base> after fetch
|
|
25
|
+
* mergeable: boolean | null, // null when probe unavailable
|
|
26
|
+
* conflicts_preview?: string[], // populated only when mergeable=false
|
|
27
|
+
* audit_warning?: string // 'fetch-failed' | 'git-version-too-old' | ...
|
|
28
|
+
* }
|
|
29
|
+
*
|
|
30
|
+
* Spec cross-ref: .aperant/tasks/apt-ship-pre-pr-rebase-gate-audit-branch_21-05-26/spec.md
|
|
31
|
+
*
|
|
32
|
+
* @internal
|
|
33
|
+
*/
|
|
34
|
+
|
|
35
|
+
import { execFileSync } from 'node:child_process'
|
|
36
|
+
import { resolve } from 'node:path'
|
|
37
|
+
import { err, ok } from '../util/result.mjs'
|
|
38
|
+
|
|
39
|
+
/**
|
|
40
|
+
* Try-execute a git command, returning {ok, stdout, stderr, code}. Never throws.
|
|
41
|
+
*
|
|
42
|
+
* @param {string} cwd
|
|
43
|
+
* @param {string[]} args
|
|
44
|
+
*/
|
|
45
|
+
function gitTry(cwd, args) {
|
|
46
|
+
try {
|
|
47
|
+
const stdout = execFileSync('git', args, {
|
|
48
|
+
cwd,
|
|
49
|
+
encoding: 'utf-8',
|
|
50
|
+
stdio: ['ignore', 'pipe', 'pipe'],
|
|
51
|
+
})
|
|
52
|
+
return { ok: true, stdout, stderr: '', code: 0 }
|
|
53
|
+
} catch (e) {
|
|
54
|
+
// execFileSync throws an error whose `stdout`, `stderr`, and `status`
|
|
55
|
+
// properties carry the captured output and exit code.
|
|
56
|
+
return {
|
|
57
|
+
ok: false,
|
|
58
|
+
stdout: typeof e?.stdout === 'string' ? e.stdout : (e?.stdout?.toString() ?? ''),
|
|
59
|
+
stderr: typeof e?.stderr === 'string' ? e.stderr : (e?.stderr?.toString() ?? ''),
|
|
60
|
+
code: typeof e?.status === 'number' ? e.status : 1,
|
|
61
|
+
}
|
|
62
|
+
}
|
|
63
|
+
}
|
|
64
|
+
|
|
65
|
+
/**
|
|
66
|
+
* Parse `--base <ref>` (or `--base=<ref>`) from extraArgs. Defaults to 'main'.
|
|
67
|
+
*
|
|
68
|
+
* @param {string[]} extraArgs
|
|
69
|
+
* @returns {string}
|
|
70
|
+
*/
|
|
71
|
+
function parseBaseFlag(extraArgs) {
|
|
72
|
+
for (let i = 0; i < extraArgs.length; i++) {
|
|
73
|
+
const a = extraArgs[i]
|
|
74
|
+
if (a === '--base' && i + 1 < extraArgs.length) return extraArgs[i + 1]
|
|
75
|
+
if (a.startsWith('--base=')) return a.slice('--base='.length)
|
|
76
|
+
}
|
|
77
|
+
return 'main'
|
|
78
|
+
}
|
|
79
|
+
|
|
80
|
+
/**
|
|
81
|
+
* Parse `git merge-tree --write-tree --no-messages HEAD origin/<base>` output
|
|
82
|
+
* for conflict file paths. Modern (git ≥ 2.38) merge-tree emits, on conflict:
|
|
83
|
+
*
|
|
84
|
+
* <tree-OID>
|
|
85
|
+
* <conflict report lines, each "<mode> <stage> <oid>\t<path>" for stage > 0>
|
|
86
|
+
* (NUL separator)
|
|
87
|
+
* <textual conflict messages>
|
|
88
|
+
*
|
|
89
|
+
* Older variants emit a `+<<<<<<< ... +======= ... +>>>>>>>` diff per file.
|
|
90
|
+
* For correctness we use the stable form: extract file paths from the conflict
|
|
91
|
+
* report. The report includes the SAME path multiple times (once per non-zero
|
|
92
|
+
* stage), so we de-dupe.
|
|
93
|
+
*
|
|
94
|
+
* @param {string} stdout
|
|
95
|
+
* @returns {string[]}
|
|
96
|
+
*/
|
|
97
|
+
function parseConflictPaths(stdout) {
|
|
98
|
+
const paths = new Set()
|
|
99
|
+
for (const rawLine of stdout.split('\n')) {
|
|
100
|
+
const line = rawLine.replace(/\0/g, '')
|
|
101
|
+
if (!line.trim()) continue
|
|
102
|
+
// Match "<mode> <oid> <stage>\t<path>" — git merge-tree --write-tree
|
|
103
|
+
// emits conflict report lines as "<mode> <oid> <stage>\t<path>".
|
|
104
|
+
// Stage 0 means no conflict, so we only surface stage ≥ 1.
|
|
105
|
+
const m = line.match(/^(\d{6})\s+([0-9a-f]{4,40})\s+(\d)\t(.+)$/)
|
|
106
|
+
if (m) {
|
|
107
|
+
const stage = Number.parseInt(m[3], 10)
|
|
108
|
+
if (stage >= 1) paths.add(m[4])
|
|
109
|
+
continue
|
|
110
|
+
}
|
|
111
|
+
// Fallback (older git): the textual report block prefixes paths with
|
|
112
|
+
// "CONFLICT (content): Merge conflict in <path>".
|
|
113
|
+
const c = line.match(/Merge conflict in (.+)$/)
|
|
114
|
+
if (c) paths.add(c[1].trim())
|
|
115
|
+
}
|
|
116
|
+
return Array.from(paths).sort()
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
/**
|
|
120
|
+
* Detect "git too old" from merge-tree stderr. Pre-2.38 git rejects
|
|
121
|
+
* `--write-tree` outright; older still rejects merge-tree's modern arg
|
|
122
|
+
* shape entirely. We treat any non-zero-with-no-output as "version too old"
|
|
123
|
+
* — callers are expected to fall back gracefully.
|
|
124
|
+
*
|
|
125
|
+
* @param {string} stderr
|
|
126
|
+
* @returns {boolean}
|
|
127
|
+
*/
|
|
128
|
+
function isGitVersionTooOld(stderr) {
|
|
129
|
+
return /unknown option|did you mean|usage: git merge-tree/i.test(stderr)
|
|
130
|
+
}
|
|
131
|
+
|
|
132
|
+
/**
|
|
133
|
+
* @param {string} projectDir
|
|
134
|
+
* @param {string[]} extraArgs
|
|
135
|
+
*/
|
|
136
|
+
export function auditBranchCurrent(projectDir, extraArgs = []) {
|
|
137
|
+
if (!projectDir) {
|
|
138
|
+
return err('Usage: apt-tools audit branch-current <project-dir> [--base <ref>]')
|
|
139
|
+
}
|
|
140
|
+
const targetDir = resolve(projectDir)
|
|
141
|
+
const base = parseBaseFlag(extraArgs)
|
|
142
|
+
|
|
143
|
+
/** @type {string | undefined} */
|
|
144
|
+
let auditWarning
|
|
145
|
+
/** @type {string[]} */
|
|
146
|
+
const warnings = []
|
|
147
|
+
|
|
148
|
+
// 1. Fetch origin <base>. Tolerate failure (offline, no remote, etc.).
|
|
149
|
+
const fetch = gitTry(targetDir, ['fetch', 'origin', base])
|
|
150
|
+
if (!fetch.ok) {
|
|
151
|
+
auditWarning = 'fetch-failed'
|
|
152
|
+
warnings.push(fetch.stderr.trim().split('\n').slice(0, 3).join(' | '))
|
|
153
|
+
}
|
|
154
|
+
|
|
155
|
+
// 2. Resolve origin/<base> tip.
|
|
156
|
+
let remoteTipSha = null
|
|
157
|
+
const tip = gitTry(targetDir, ['rev-parse', `origin/${base}`])
|
|
158
|
+
if (tip.ok) {
|
|
159
|
+
remoteTipSha = tip.stdout.trim()
|
|
160
|
+
} else {
|
|
161
|
+
// No origin/<base> ref at all — emit an envelope with null counts so the
|
|
162
|
+
// caller can recognise the gap. The SKILL.md prose treats null counts as
|
|
163
|
+
// "audit unavailable, STOP with a clear message" rather than proceeding.
|
|
164
|
+
return ok({
|
|
165
|
+
status: 'ok',
|
|
166
|
+
command: 'audit-branch-current',
|
|
167
|
+
projectDir: targetDir,
|
|
168
|
+
base,
|
|
169
|
+
ahead: null,
|
|
170
|
+
behind: null,
|
|
171
|
+
remote_tip_sha: null,
|
|
172
|
+
mergeable: null,
|
|
173
|
+
audit_warning: auditWarning ?? 'no-remote-base-ref',
|
|
174
|
+
warnings,
|
|
175
|
+
})
|
|
176
|
+
}
|
|
177
|
+
|
|
178
|
+
// 3. Counts.
|
|
179
|
+
let ahead = 0
|
|
180
|
+
let behind = 0
|
|
181
|
+
const aheadOut = gitTry(targetDir, ['rev-list', '--count', `origin/${base}..HEAD`])
|
|
182
|
+
const behindOut = gitTry(targetDir, ['rev-list', '--count', `HEAD..origin/${base}`])
|
|
183
|
+
if (aheadOut.ok) ahead = Number.parseInt(aheadOut.stdout.trim(), 10) || 0
|
|
184
|
+
if (behindOut.ok) behind = Number.parseInt(behindOut.stdout.trim(), 10) || 0
|
|
185
|
+
|
|
186
|
+
// 4. Mergeability.
|
|
187
|
+
// - When behind === 0, the branch is current or strictly ahead — no
|
|
188
|
+
// remote changes to integrate, mergeable = true by definition.
|
|
189
|
+
// - When behind > 0 AND ahead === 0, the branch is strictly fast-forward
|
|
190
|
+
// behind — a clean fast-forward rebase is always mergeable.
|
|
191
|
+
// - When diverged (behind > 0 AND ahead > 0), probe via git merge-tree.
|
|
192
|
+
let mergeable
|
|
193
|
+
/** @type {string[] | undefined} */
|
|
194
|
+
let conflictsPreview
|
|
195
|
+
if (behind === 0) {
|
|
196
|
+
mergeable = true
|
|
197
|
+
} else if (behind > 0 && ahead === 0) {
|
|
198
|
+
mergeable = true
|
|
199
|
+
} else {
|
|
200
|
+
// Diverged. Run modern merge-tree trial.
|
|
201
|
+
const probe = gitTry(targetDir, [
|
|
202
|
+
'merge-tree',
|
|
203
|
+
'--write-tree',
|
|
204
|
+
'--no-messages',
|
|
205
|
+
'HEAD',
|
|
206
|
+
`origin/${base}`,
|
|
207
|
+
])
|
|
208
|
+
if (probe.ok) {
|
|
209
|
+
mergeable = true
|
|
210
|
+
} else if (probe.code === 1) {
|
|
211
|
+
// Documented merge-tree exit-code semantics: 0 clean, 1 conflict,
|
|
212
|
+
// other = invocation error.
|
|
213
|
+
mergeable = false
|
|
214
|
+
conflictsPreview = parseConflictPaths(probe.stdout)
|
|
215
|
+
} else if (isGitVersionTooOld(probe.stderr)) {
|
|
216
|
+
mergeable = null
|
|
217
|
+
auditWarning = auditWarning ?? 'git-version-too-old'
|
|
218
|
+
warnings.push(`git merge-tree --write-tree unsupported: ${probe.stderr.trim().slice(0, 200)}`)
|
|
219
|
+
} else {
|
|
220
|
+
// Unknown probe failure — treat as unknown rather than asserting
|
|
221
|
+
// clean.
|
|
222
|
+
mergeable = null
|
|
223
|
+
auditWarning = auditWarning ?? 'merge-tree-probe-failed'
|
|
224
|
+
warnings.push(
|
|
225
|
+
`git merge-tree probe failed (code ${probe.code}): ${probe.stderr.trim().slice(0, 200)}`,
|
|
226
|
+
)
|
|
227
|
+
}
|
|
228
|
+
}
|
|
229
|
+
|
|
230
|
+
const envelope = {
|
|
231
|
+
status: 'ok',
|
|
232
|
+
command: 'audit-branch-current',
|
|
233
|
+
projectDir: targetDir,
|
|
234
|
+
base,
|
|
235
|
+
ahead,
|
|
236
|
+
behind,
|
|
237
|
+
remote_tip_sha: remoteTipSha,
|
|
238
|
+
mergeable,
|
|
239
|
+
}
|
|
240
|
+
if (conflictsPreview && conflictsPreview.length > 0) {
|
|
241
|
+
envelope.conflicts_preview = conflictsPreview
|
|
242
|
+
}
|
|
243
|
+
if (auditWarning) envelope.audit_warning = auditWarning
|
|
244
|
+
if (warnings.length > 0) envelope.warnings = warnings
|
|
245
|
+
return ok(envelope)
|
|
246
|
+
}
|
|
247
|
+
|
|
248
|
+
// Test-only export for unit-level parser coverage (not part of the public CLI
|
|
249
|
+
// contract).
|
|
250
|
+
export { parseConflictPaths as __parseConflictPathsForTests }
|
|
@@ -28,6 +28,14 @@
|
|
|
28
28
|
* committable bucket is non-empty after staging (CI-friendly gate).
|
|
29
29
|
* Default: report-only, exits 0 regardless.
|
|
30
30
|
*
|
|
31
|
+
* apt-tools audit branch-current <project-dir> [--base <ref>]
|
|
32
|
+
* Pre-PR rebase gate envelope for apt:ship §0.7. Pure read-only:
|
|
33
|
+
* `git fetch origin <base>`, captures origin/<base> tip SHA, counts
|
|
34
|
+
* ahead/behind, and (when diverged) probes mergeability with
|
|
35
|
+
* `git merge-tree --write-tree`. Returns {ahead, behind,
|
|
36
|
+
* remote_tip_sha, mergeable, conflicts_preview?}. Never mutates
|
|
37
|
+
* HEAD, the index, the worktree, or any remote ref.
|
|
38
|
+
*
|
|
31
39
|
* Single source of truth: buildPolicyIgnoreMatcher in share-policy.mjs is
|
|
32
40
|
* the ONLY matcher anywhere in the CLI. If you add a new taxonomy class or
|
|
33
41
|
* toggle, update share-policy and this command follows automatically.
|
|
@@ -46,6 +54,7 @@ import { selfStageCommittableWrites } from '../artifacts/self-stage.mjs'
|
|
|
46
54
|
import { buildPolicyIgnoreMatcher, resolveSharePolicy } from '../config/share-policy.mjs'
|
|
47
55
|
import { detectPublicRemote } from '../git/remote.mjs'
|
|
48
56
|
import { err, exitWith, ok } from '../util/result.mjs'
|
|
57
|
+
import { auditBranchCurrent } from './audit-branch-current.mjs'
|
|
49
58
|
|
|
50
59
|
/**
|
|
51
60
|
* Dispatch an `audit <subcommand>` call.
|
|
@@ -59,7 +68,7 @@ import { err, exitWith, ok } from '../util/result.mjs'
|
|
|
59
68
|
export function cmdAudit(subcommand, projectDir, extraArgs = []) {
|
|
60
69
|
if (!subcommand) {
|
|
61
70
|
return err(
|
|
62
|
-
'Usage: apt-tools audit <privacy|visibility-signals|pending-artifacts> <project-dir> [flags]',
|
|
71
|
+
'Usage: apt-tools audit <privacy|visibility-signals|pending-artifacts|branch-current> <project-dir> [flags]',
|
|
63
72
|
)
|
|
64
73
|
}
|
|
65
74
|
if (!projectDir) {
|
|
@@ -73,9 +82,11 @@ export function cmdAudit(subcommand, projectDir, extraArgs = []) {
|
|
|
73
82
|
return auditVisibilitySignals(targetDir)
|
|
74
83
|
case 'pending-artifacts':
|
|
75
84
|
return auditPendingArtifacts(targetDir, extraArgs)
|
|
85
|
+
case 'branch-current':
|
|
86
|
+
return auditBranchCurrent(targetDir, extraArgs)
|
|
76
87
|
default:
|
|
77
88
|
return err(
|
|
78
|
-
`Unknown audit subcommand: ${subcommand}. Expected 'privacy', 'visibility-signals',
|
|
89
|
+
`Unknown audit subcommand: ${subcommand}. Expected 'privacy', 'visibility-signals', 'pending-artifacts', or 'branch-current'.`,
|
|
79
90
|
)
|
|
80
91
|
}
|
|
81
92
|
}
|
|
@@ -29,7 +29,13 @@
|
|
|
29
29
|
* // `framework_version` field (read from package.json, never from
|
|
30
30
|
* // the cache).
|
|
31
31
|
* framework: {
|
|
32
|
-
* latest_version: '0.6.7' | null
|
|
32
|
+
* latest_version: '0.6.7' | null,
|
|
33
|
+
* // Bundle A (0.8.3) — additive nullable field. Set when a workspace
|
|
34
|
+
* // `packages/framework/package.json` is found above the project root
|
|
35
|
+
* // and its `name === '@aperant/framework'`. When workspace_version
|
|
36
|
+
* // is ahead of the running kernel, `update_available` flips true
|
|
37
|
+
* // regardless of cache state (workspace wins on self-host).
|
|
38
|
+
* workspace_version: '0.8.3' | null
|
|
33
39
|
* },
|
|
34
40
|
* update_available: false,
|
|
35
41
|
* dev_install_ahead: false,
|
|
@@ -48,11 +54,13 @@
|
|
|
48
54
|
import { existsSync, readFileSync } from 'node:fs'
|
|
49
55
|
import { dirname, join, resolve } from 'node:path'
|
|
50
56
|
import { fileURLToPath } from 'node:url'
|
|
57
|
+
import { findWorkspaceFrameworkVersion } from '../install/find-workspace-framework-version.mjs'
|
|
51
58
|
import { readManifest } from '../install/manifest.mjs'
|
|
52
59
|
import { detectInstalledRuntimes } from '../install/runtime-detect.mjs'
|
|
53
60
|
import { readFreshUpdateCache } from '../install/update-chips.mjs'
|
|
54
61
|
import { inspectManifestFiles } from '../install/version-header.mjs'
|
|
55
62
|
import { err, ok } from '../util/result.mjs'
|
|
63
|
+
import { compareVersions } from '../util/semver.mjs'
|
|
56
64
|
|
|
57
65
|
const __filename = fileURLToPath(import.meta.url)
|
|
58
66
|
const __dirname = dirname(__filename)
|
|
@@ -167,6 +175,16 @@ export function cmdCheckVersion(projectDir) {
|
|
|
167
175
|
if (typeof c.lookup_error === 'string') lookupError = c.lookup_error
|
|
168
176
|
}
|
|
169
177
|
|
|
178
|
+
// Bundle A — additive `framework.workspace_version` field. When the
|
|
179
|
+
// workspace package.json is ahead of the running kernel, flip
|
|
180
|
+
// `update_available` true regardless of cache state (the workspace is
|
|
181
|
+
// the source of truth on self-host). schema_version stays at 1 (D-01).
|
|
182
|
+
const workspace = findWorkspaceFrameworkVersion(targetDir)
|
|
183
|
+
const workspaceVersion = workspace?.source_version ?? null
|
|
184
|
+
if (workspaceVersion && compareVersions(workspaceVersion, frameworkVersion) > 0) {
|
|
185
|
+
updateAvailable = true
|
|
186
|
+
}
|
|
187
|
+
|
|
170
188
|
return ok({
|
|
171
189
|
status,
|
|
172
190
|
command: 'check-version',
|
|
@@ -178,6 +196,7 @@ export function cmdCheckVersion(projectDir) {
|
|
|
178
196
|
// file-header schema comment.
|
|
179
197
|
framework: {
|
|
180
198
|
latest_version: latestVersion,
|
|
199
|
+
workspace_version: workspaceVersion,
|
|
181
200
|
},
|
|
182
201
|
update_available: updateAvailable,
|
|
183
202
|
dev_install_ahead: devInstallAhead,
|