@bolloon/bolloon-agent 0.1.34 → 0.1.35

package/scripts/auto-evolve-snapshot.sh

@@ -0,0 +1,136 @@
+#!/bin/bash
+# auto-evolve-snapshot.sh — 阶段 C 护栏 2 + 3
+#
+# 用法 (LLM 改源码前必调):
+#   bash scripts/auto-evolve-snapshot.sh          # 打 baseline tag + 记当前 HEAD
+#   bash scripts/auto-evolve-snapshot.sh apply <patch-id>   # 人类批准后合并 staging → main
+#   bash scripts/auto-evolve-snapshot.sh list      # 列所有 baseline
+#   bash scripts/auto-evolve-snapshot.sh rollback <tag>     # 回滚到指定 baseline
+#
+# 流程:
+#   1. LLM 改之前调 snapshot: 当前 HEAD 打 auto-evolve-baseline-<ts> tag
+#   2. LLM 改 staging/auto-evolve/<patch-id>/  (不进 src/)
+#   3. 护栏 1 (lefthook) 跑 vitest + tsc, 坏就 abort
+#   4. 护栏 4 (reviewer hook) 审 diff, 通过才准 apply
+#   5. 人类调 apply: git apply staging/auto-evolve/<patch-id>/*.patch → src/
+#   6. 出问题: 调 rollback → git reset --hard <tag>
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+
+STAGING_DIR="staging/auto-evolve"
+TAG_PREFIX="auto-evolve-baseline-"
+
+cmd="${1:-snapshot}"
+patch_id="${2:-}"
+
+case "$cmd" in
+  snapshot)
+    # 护栏 2: 打 baseline tag
+    if ! git diff --quiet HEAD 2>/dev/null; then
+      echo "❌ 有未提交改动. 先 git commit 或 git stash"
+      exit 1
+    fi
+    ts="$(date -u +%Y%m%dT%H%M%SZ)"
+    tag="${TAG_PREFIX}${ts}"
+    git tag -a "$tag" -m "auto-evolve baseline @ ${ts}" HEAD
+    echo "✅ baseline tag: $tag"
+    echo "$tag" > .last-auto-evolve-baseline
+    echo "   回滚命令: bash $0 rollback $tag"
+    ;;
+
+  prepare)
+    # LLM 改之前调: 创建 staging 目录
+    if [ -z "$patch_id" ]; then
+      echo "用法: $0 prepare <patch-id>"
+      exit 1
+    fi
+    mkdir -p "$STAGING_DIR/$patch_id"
+    echo "$patch_id" > "$STAGING_DIR/$patch_id/.patch-id"
+    echo "✅ staging 创建: $STAGING_DIR/$patch_id/"
+    echo "   LLM 改完后把 patch 放这里: $STAGING_DIR/$patch_id/*.patch"
+    ;;
+
+  apply)
+    # 人类批准: 把 staging 的 patch 合并到 src/
+    if [ -z "$patch_id" ]; then
+      echo "用法: $0 apply <patch-id>"
+      exit 1
+    fi
+    patch_dir="$STAGING_DIR/$patch_id"
+    if [ ! -d "$patch_dir" ]; then
+      echo "❌ staging 不存在: $patch_dir"
+      exit 1
+    fi
+    # 必须先 snapshot
+    if [ ! -f .last-auto-evolve-baseline ]; then
+      echo "❌ 没有 baseline. 先跑: $0 snapshot"
+      exit 1
+    fi
+    baseline="$(cat .last-auto-evolve-baseline)"
+
+    # 应用所有 patch
+    applied=0
+    for p in "$patch_dir"/*.patch; do
+      [ -e "$p" ] || continue
+      echo "  applying: $p"
+      if ! git apply --check "$p"; then
+        echo "❌ patch 不可用: $p (可能已应用过)"
+        exit 1
+      fi
+      git apply "$p"
+      applied=$((applied + 1))
+    done
+
+    if [ $applied -eq 0 ]; then
+      echo "❌ staging 里没有 .patch 文件"
+      exit 1
+    fi
+
+    echo "✅ 应用 $applied 个 patch"
+    echo "   建议现在跑: npm test  +  git commit -m 'auto-evolve: $patch_id'"
+    echo "   出问题回滚: $0 rollback $baseline"
+    ;;
+
+  rollback)
+    # 回滚到指定 baseline
+    if [ -z "$patch_id" ]; then
+      echo "用法: $0 rollback <tag>"
+      echo "可用的 baseline:"
+      git tag -l "${TAG_PREFIX}*" | sort -r | head -10
+      exit 1
+    fi
+    if ! git tag -l | grep -qx "$patch_id"; then
+      echo "❌ tag 不存在: $patch_id"
+      exit 1
+    fi
+    echo "⚠️  将回滚到 $patch_id (hard reset, 丢弃之后所有改动)"
+    read -p "确认? [y/N] " -n 1 -r
+    echo
+    if [[ $REPLY =~ ^[Yy]$ ]]; then
+      git reset --hard "$patch_id"
+      echo "✅ 回滚到 $patch_id"
+    else
+      echo "取消"
+    fi
+    ;;
+
+  list)
+    echo "auto-evolve baselines (最近 10):"
+    git tag -l "${TAG_PREFIX}*" | sort -r | head -10 | while read tag; do
+      msg="$(git tag -l --format='%(contents)' "$tag" | head -1)"
+      echo "  $tag — $msg"
+    done
+    if [ -f .last-auto-evolve-baseline ]; then
+      echo ""
+      echo "当前 baseline: $(cat .last-auto-evolve-baseline)"
+    fi
+    ;;
+
+  *)
+    echo "用法: $0 {snapshot|prepare <id>|apply <id>|rollback <tag>|list}"
+    exit 1
+    ;;
+esac

package/scripts/detect-schema-changes.sh

@@ -0,0 +1,48 @@
+#!/bin/bash
+# detect-schema-changes.sh — 阶段 C 护栏 6
+#
+# 检查 LLM 改的文件里有没有动 schema (interface / type / enum 声明)
+# 有则强制要求 reviewer 双签 (在 .auto-evolve-review-required 文件)
+#
+# 用法 (在 staging 准备好 patch 后, apply 前):
+#   bash scripts/detect-schema-changes.sh <patch-id>
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+
+patch_id="${1:-}"
+if [ -z "$patch_id" ]; then
+  echo "用法: $0 <patch-id>"
+  exit 1
+fi
+
+staging_dir="staging/auto-evolve/$patch_id"
+if [ ! -d "$staging_dir" ]; then
+  echo "❌ staging 不存在: $staging_dir"
+  exit 1
+fi
+
+flag="$staging_dir/.schema-changed"
+rm -f "$flag"
+
+found=0
+for patch in "$staging_dir"/*.patch; do
+  [ -e "$patch" ] || continue
+  # 检查 patch 里有没有新增/修改 interface、type、enum 声明
+  if grep -E '^\+.*(interface |type [A-Z][a-zA-Z0-9_]* =|enum [A-Z][a-zA-Z0-9_]*)' "$patch" > /dev/null 2>&1; then
+    found=1
+    echo "⚠️  schema 改动检测到: $patch"
+    grep -E '^\+.*(interface |type [A-Z][a-zA-Z0-9_]* =|enum [A-Z][a-zA-Z0-9_]*)' "$patch" | head -3
+  fi
+done
+
+if [ $found -eq 1 ]; then
+  touch "$flag"
+  echo ""
+  echo "🚨 schema 改动标记: $flag"
+  echo "   护栏 6 触发: apply 时会强制要求双签 reviewer"
+else
+  echo "✅ 无 schema 改动, 走单签"
+fi

package/scripts/diff-reviewer.ts

@@ -0,0 +1,159 @@
+#!/usr/bin/env tsx
+/**
+ * diff-reviewer.ts — 阶段 C 护栏 4
+ *
+ * 2nd LLM call 审第 1 个的 diff:
+ *  - 默认用 Haiku (便宜, ~$0.001/diff)
+ *  - schema 改动升级 Sonnet (护栏 6 双签)
+ *
+ * 输入: patch 文件 (git format-patch 风格)
+ * 输出: .review-verdict 写到 staging/<patch-id>/, 含 PASS/FAIL + 原因
+ *
+ * 用法:
+ *   tsx scripts/diff-reviewer.ts <patch-id> [--model sonnet]
+ */
+
+import * as fs from 'fs/promises';
+import * as path from 'path';
+// Anthropic SDK 在 review() 里 lazy import — 无 API key 或没装 SDK 都不应炸
+
+const STAGING_DIR = 'staging/auto-evolve';
+const ENV_KEY_MODEL = 'AUTO_EVOLVE_REVIEW_MODEL';
+
+const REVIEW_PROMPT = `你是一个严格的代码审查员. 审查以下 git diff (LLM 自动生成的源码改动).
+
+只回答 JSON, 字段:
+{
+  "verdict": "PASS" | "FAIL",
+  "concerns": ["concern 1", "concern 2", ...],
+  "suggestions": ["suggestion 1", ...]
+}
+
+PASS 条件 (全部满足才 PASS):
+  1. 改动能解决它声称要解决的问题
+  2. 没引入明显 bug (空指针, 内存泄漏, 死循环, race condition)
+  3. 没引入安全漏洞 (injection, XSS, 越权)
+  4. 边界条件考虑 (空数组, undefined, 极值, 并发)
+  5. 改动局限在它声称的范围, 不夹带私货
+  6. 跟现有代码风格一致
+
+FAIL 条件 (任一即 FAIL):
+  - 满足上面任一 PASS 条件的反例
+  - 引入了新依赖 (必须在 concerns 里说)
+  - 删除了测试 / 注释掉失败用例
+  - 用了 any / unknown / @ts-ignore 偷懒
+
+DIFF:
+{{DIFF}}
+`;
+
+function degradedGrepReview(patchContent: string): { verdict: string; concerns: string[]; suggestions: string[]; raw: string } {
+  console.warn('[diff-reviewer] ⚠️ 降级 grep 检查 (无 API key 或无 SDK)');
+  const concerns: string[] = [];
+  if (/\+.*\bany\b/.test(patchContent)) concerns.push('使用了 any');
+  if (/\+.*\b@ts-ignore\b/.test(patchContent)) concerns.push('使用了 @ts-ignore');
+  if (/\+.*\bconsole\.log\b/.test(patchContent)) concerns.push('留了 console.log');
+  if (/\-.*test\(/.test(patchContent)) concerns.push('删除了测试');
+  return {
+    verdict: concerns.length > 0 ? 'FAIL' : 'PASS',
+    concerns,
+    suggestions: [],
+    raw: '(degraded grep mode)',
+  };
+}
+
+async function review(patchContent: string, model: string): Promise<{ verdict: string; concerns: string[]; suggestions: string[]; raw: string }> {
+  // 无 API key → 直接降级, 不 import SDK (避免 no-ANTHROPIC 环境下也炸)
+  if (!process.env.ANTHROPIC_API_KEY) {
+    return degradedGrepReview(patchContent);
+  }
+
+  // 有 API key → 尝试 lazy import SDK
+  let Anthropic: any;
+  try {
+    ({ Anthropic } = await import('@anthropic-ai/sdk'));
+  } catch (err) {
+    console.warn('[diff-reviewer] ⚠️ @anthropic-ai/sdk 未装, 降级 grep');
+    return degradedGrepReview(patchContent);
+  }
+
+  const client = new Anthropic();
+  const prompt = REVIEW_PROMPT.replace('{{DIFF}}', patchContent.slice(0, 20000)); // 限长
+  const resp = await client.messages.create({
+    model,
+    max_tokens: 1024,
+    messages: [{ role: 'user', content: prompt }],
+  });
+  const text = resp.content[0].type === 'text' ? resp.content[0].text : '';
+  // 解析 JSON
+  const m = /\{[\s\S]*\}/.exec(text);
+  if (!m) {
+    return { verdict: 'FAIL', concerns: ['LLM 没返回 JSON'], suggestions: [], raw: text };
+  }
+  try {
+    const parsed = JSON.parse(m[0]);
+    return {
+      verdict: parsed.verdict === 'PASS' ? 'PASS' : 'FAIL',
+      concerns: parsed.concerns || [],
+      suggestions: parsed.suggestions || [],
+      raw: text,
+    };
+  } catch {
+    return { verdict: 'FAIL', concerns: ['JSON 解析失败'], suggestions: [], raw: text };
+  }
+}
+
+async function main() {
+  const args = process.argv.slice(2);
+  const patchId = args[0];
+  if (!patchId) {
+    console.error('用法: tsx diff-reviewer.ts <patch-id> [--model sonnet]');
+    process.exit(1);
+  }
+  const forceModel = args.includes('--model') ? args[args.indexOf('--model') + 1] : null;
+
+  const stagingDir = path.join(STAGING_DIR, patchId);
+  const schemaFlag = path.join(stagingDir, '.schema-changed');
+  const isSchemaChange = await fs.access(schemaFlag).then(() => true).catch(() => false);
+
+  const defaultModel = isSchemaChange ? 'claude-sonnet-4-6' : 'claude-haiku-4-5';
+  const model = forceModel || process.env[ENV_KEY_MODEL] || defaultModel;
+
+  console.log(`[diff-reviewer] patch=${patchId} schema=${isSchemaChange} model=${model}`);
+
+  // 合并所有 patch
+  const files = await fs.readdir(stagingDir);
+  const patches = files.filter((f) => f.endsWith('.patch'));
+  if (patches.length === 0) {
+    console.error('❌ staging 里没有 .patch 文件');
+    process.exit(1);
+  }
+
+  let combined = '';
+  for (const p of patches) {
+    combined += `\n=== ${p} ===\n` + (await fs.readFile(path.join(stagingDir, p), 'utf-8'));
+  }
+
+  const r = await review(combined, model);
+
+  const verdict = {
+    patchId,
+    model,
+    schemaChange: isSchemaChange,
+    verdict: r.verdict,
+    concerns: r.concerns,
+    suggestions: r.suggestions,
+    reviewedAt: new Date().toISOString(),
+  };
+  await fs.writeFile(path.join(stagingDir, '.review-verdict'), JSON.stringify(verdict, null, 2));
+
+  console.log(`[diff-reviewer] verdict=${r.verdict} concerns=${r.concerns.length}`);
+  if (r.verdict === 'FAIL') {
+    for (const c of r.concerns) console.log(`  - ${c}`);
+    process.exit(2);
+  } else {
+    for (const s of r.suggestions) console.log(`  💡 ${s}`);
+  }
+}
+
+main().catch((e) => { console.error(e); process.exit(1); });