@codexa/cli 9.0.30 → 9.0.32

package/gates/validator.test.ts

@@ -588,12 +588,10 @@ class User:
 // ═══════════════════════════════════════════════════════════════
 
 describe("enforceGate", () => {
-  it("should throw GateError when gate fails", () => {
-    // "task-done" with no taskId makes "task-is-running" fail immediately
-    // without needing DB access
+  it("should throw GateError when gate fails", async () => {
     try {
-      enforceGate("task-done", {});
-      expect(true).toBe(false); // Should not reach here
+      await enforceGate("task-done", {});
+      expect(true).toBe(false);
     } catch (e) {
       expect(e instanceof GateError).toBe(true);
       const ge = e as GateError;
@@ -603,13 +601,12 @@ describe("enforceGate", () => {
     }
   });
 
-  it("should not throw for unknown command (no gates defined)", () => {
-    // Unknown commands have no gate checks, so they pass
-    expect(() => enforceGate("nonexistent-command")).not.toThrow();
+  it("should not throw for unknown command (no gates defined)", async () => {
+    await enforceGate("nonexistent-command");
   });
 
-  it("should return a GateResult from validateGate", () => {
-    const result = validateGate("task-done", {});
+  it("should return a GateResult from validateGate", async () => {
+    const result = await validateGate("task-done", {});
     expect(result.passed).toBe(false);
     expect(result.reason).toBeDefined();
     expect(result.resolution).toBeDefined();
@@ -621,25 +618,19 @@ describe("enforceGate", () => {
 // ═══════════════════════════════════════════════════════════════
 
 describe("Recovery Strategies (P3.3)", () => {
-  it("GateError should carry recovery suggestion", () => {
+  it("GateError should carry recovery suggestion", async () => {
     try {
-      // "task-done" with no taskId fails on "task-is-running"
-      // task-is-running has no recovery strategy, so recovery should be undefined
-      enforceGate("task-done", {});
+      await enforceGate("task-done", {});
       expect(true).toBe(false);
     } catch (e) {
       const ge = e as GateError;
       expect(ge instanceof GateError).toBe(true);
-      // task-is-running has no recovery strategy
       expect(ge.recovery).toBeUndefined();
     }
   });
 
-  it("validateGate should return recovery for checkpoint-filled failure", () => {
-    // Simulate a task-done call where task-is-running passes but checkpoint fails
-    // We pass taskId to skip task-is-running (it needs DB), so we test checkpoint directly
-    const result = validateGate("task-done", { taskId: null });
-    // Without taskId, task-is-running fails first (no recovery for it)
+  it("validateGate should return recovery for checkpoint-filled failure", async () => {
+    const result = await validateGate("task-done", { taskId: null });
     expect(result.passed).toBe(false);
   });
 
@@ -667,8 +658,8 @@ describe("Recovery Strategies (P3.3)", () => {
     expect(err.recovery).toBeUndefined();
   });
 
-  it("validateGate for unknown command should pass with no recovery", () => {
-    const result = validateGate("nonexistent", {});
+  it("validateGate for unknown command should pass with no recovery", async () => {
+    const result = await validateGate("nonexistent", {});
     expect(result.passed).toBe(true);
     expect(result.recovery).toBeUndefined();
   });

package/gates/validator.ts

@@ -1,4 +1,4 @@
-import { getDb } from "../db/connection";
+import { dbGet, dbAll, dbRun } from "../db/connection";
 import { existsSync, readFileSync, statSync } from "fs";
 import { extname } from "path";
 import { validateAgainstStandards, printValidationResult } from "./standards-validator";
@@ -194,47 +194,47 @@ const RECOVERY_STRATEGIES: Record<string, (details?: string) => RecoverySuggesti
   }),
 };
 
-function getActiveSpec(specId?: string): any {
-  return resolveSpecOrNull(specId);
+async function getActiveSpec(specId?: string): Promise<any> {
+  return await resolveSpecOrNull(specId);
 }
 
-function executeCheck(check: string, context: any): { passed: boolean; details?: string } {
-  const db = getDb();
-
+async function executeCheck(check: string, context: any): Promise<{ passed: boolean; details?: string }> {
   switch (check) {
     case "plan-exists": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       return { passed: spec !== null };
     }
 
     case "has-tasks": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       if (!spec) return { passed: false };
-      const count = db.query("SELECT COUNT(*) as c FROM tasks WHERE spec_id = ?").get(spec.id) as any;
-      return { passed: count.c > 0 };
+      const count = await dbGet<any>("SELECT COUNT(*) as c FROM tasks WHERE spec_id = ?", [spec.id]);
+      return { passed: count?.c > 0 };
     }
 
     case "phase-is-checking": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       return { passed: spec?.phase === "checking" };
     }
 
     case "spec-approved": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       return { passed: spec?.approved_at !== null };
     }
 
     case "dependencies-done": {
       if (!context.taskId) return { passed: true };
-      const task = db.query("SELECT * FROM tasks WHERE id = ?").get(context.taskId) as any;
+      const task = await dbGet<any>("SELECT * FROM tasks WHERE id = ?", [context.taskId]);
       if (!task || !task.depends_on) return { passed: true };
 
       const deps = JSON.parse(task.depends_on) as number[];
-      const pending = deps.filter((depNum) => {
-        // Buscar por number (não id) - depends_on armazena números de tasks
-        const depTask = db.query("SELECT status FROM tasks WHERE spec_id = ? AND number = ?").get(task.spec_id, depNum) as any;
-        return depTask?.status !== "done";
-      });
+      const pending: number[] = [];
+      for (const depNum of deps) {
+        const depTask = await dbGet<any>("SELECT status FROM tasks WHERE spec_id = ? AND number = ?", [task.spec_id, depNum]);
+        if (depTask?.status !== "done") {
+          pending.push(depNum);
+        }
+      }
 
       return {
         passed: pending.length === 0,
@@ -244,7 +244,7 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
 
     case "task-is-running": {
       if (!context.taskId) return { passed: false };
-      const task = db.query("SELECT status FROM tasks WHERE id = ?").get(context.taskId) as any;
+      const task = await dbGet<any>("SELECT status FROM tasks WHERE id = ?", [context.taskId]);
       return { passed: task?.status === "running" };
     }
 
@@ -257,11 +257,12 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "all-tasks-done": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       if (!spec) return { passed: false };
-      const pending = db.query(
-        "SELECT number FROM tasks WHERE spec_id = ? AND status != 'done'"
-      ).all(spec.id) as any[];
+      const pending = await dbAll<any>(
+        "SELECT number FROM tasks WHERE spec_id = ? AND status != 'done'",
+        [spec.id]
+      );
       return {
         passed: pending.length === 0,
         details: pending.map((t) => `#${t.number}`).join(", "),
@@ -269,33 +270,27 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "review-exists": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       if (!spec) return { passed: false };
-      const review = db.query("SELECT * FROM review WHERE spec_id = ?").get(spec.id);
+      const review = await dbGet("SELECT * FROM review WHERE spec_id = ?", [spec.id]);
       return { passed: review !== null };
     }
 
     case "files-exist": {
       if (!context.files || context.files.length === 0) return { passed: true };
 
-      // v8.0: Validar não apenas existência, mas conteúdo mínimo
-      // v9.2: Validar que arquivo foi modificado DURANTE a task
-      // v9.3: Tolerancia de 5s para clock skew em sandbox
-      // v9.6: Confiar no protocolo quando subagent reporta arquivos (sandbox)
       const MTIME_TOLERANCE_MS = 5000;
       const issues: string[] = [];
 
-      // Construir set de arquivos reportados pelo subagent (podem estar em sandbox)
       const subagentReportedFiles = new Set<string>();
       if (context.subagentData) {
         for (const f of context.subagentData.files_created || []) subagentReportedFiles.add(f);
         for (const f of context.subagentData.files_modified || []) subagentReportedFiles.add(f);
       }
 
-      // Buscar started_at da task para comparacao temporal
       let taskStartTime: number | null = null;
       if (context.taskId) {
-        const taskRow = db.query("SELECT started_at FROM tasks WHERE id = ?").get(context.taskId) as any;
+        const taskRow = await dbGet<any>("SELECT started_at FROM tasks WHERE id = ?", [context.taskId]);
         if (taskRow?.started_at) {
           taskStartTime = new Date(taskRow.started_at).getTime();
         }
@@ -303,10 +298,7 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
 
       for (const file of context.files) {
         if (!existsSync(file)) {
-          // Arquivo nao existe no disco — verificar se veio de subagent
           if (subagentReportedFiles.has(file)) {
-            // Subagent reportou o arquivo via protocolo → confiar
-            // (arquivo pode estar em sandbox, sera materializado no commit)
             continue;
           }
           issues.push(`${file}: arquivo nao encontrado no disco`);
@@ -318,7 +310,6 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
           issues.push(`${file}: ${validation.reason}`);
           continue;
         }
-        // Verificar que arquivo foi tocado durante a task (com tolerancia)
         if (taskStartTime) {
           try {
             const stat = statSync(file);
@@ -328,7 +319,6 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
               issues.push(`${file}: arquivo nao foi modificado durante esta task (mtime ${diffSec}s anterior ao start)`);
             }
           } catch {
-            // statSync falhou — arquivo pode nao existir (ja reportado acima)
           }
         }
       }
@@ -340,23 +330,18 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "standards-follow": {
-      // Se --force foi passado, registrar bypass e passar
       if (context.force) {
-        logGateBypass(context.taskId, "standards-follow", context.forceReason);
+        await logGateBypass(context.taskId, "standards-follow", context.forceReason);
         return { passed: true };
       }
 
-      // Se nenhum arquivo, passar
       if (!context.files || context.files.length === 0) return { passed: true };
 
-      // Obter agente da task
-      const task = db.query("SELECT * FROM tasks WHERE id = ?").get(context.taskId) as any;
+      const task = await dbGet<any>("SELECT * FROM tasks WHERE id = ?", [context.taskId]);
       const agentDomain = domainToScope(getAgentDomain(task?.agent));
 
-      // Validar arquivos contra standards
-      const result = validateAgainstStandards(context.files, agentDomain);
+      const result = await validateAgainstStandards(context.files, agentDomain);
 
-      // Mostrar resultado se houver violacoes
       if (!result.passed || result.warnings.length > 0) {
         printValidationResult(result);
       }
@@ -370,9 +355,8 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "dry-check": {
-      // v8.5: Verificar se arquivos criados exportam utilities que ja existem
       if (context.force) {
-        logGateBypass(context.taskId, "dry-check", context.forceReason);
+        await logGateBypass(context.taskId, "dry-check", context.forceReason);
         return { passed: true };
       }
 
@@ -384,14 +368,12 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
         if (!existsSync(file)) continue;
 
         const fileScope = inferScopeFromPath(file);
-        // Arquivos de teste nao conflitam com production code
         if (fileScope === "testing") continue;
 
         const utilities = extractUtilitiesFromFile(file);
 
         for (const util of utilities) {
-          const existing = findDuplicateUtilities(util.name, file);
-          // Filtrar: duplicatas em scope "testing" nao contam
+          const existing = await findDuplicateUtilities(util.name, file);
           const realDuplicates = existing.filter(
             (e: any) => inferScopeFromPath(e.file_path) !== "testing"
           );
@@ -404,7 +386,6 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
       }
 
       if (duplicates.length > 0) {
-        // Apenas function/const/class bloqueiam; interface/type so avisam
         const blockingDupes = duplicates.filter(d =>
           d.includes("(function)") || d.includes("(const)") || d.includes("(class)")
         );
@@ -420,7 +401,6 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
             details: blockingDupes.join("\n"),
           };
         } else {
-          // Types/interfaces: aviso nao-bloqueante
           console.warn("\n[DRY] Aviso: nomes de tipo duplicados (nao bloqueante):");
           for (const d of duplicates) {
             console.warn(`  - ${d}`);
@@ -434,14 +414,13 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
 
     case "typecheck-pass": {
       if (context.force) {
-        logGateBypass(context.taskId, "typecheck-pass", context.forceReason);
+        await logGateBypass(context.taskId, "typecheck-pass", context.forceReason);
         return { passed: true };
       }
 
       if (!context.files || context.files.length === 0) return { passed: true };
 
-      // Buscar stack e custom command do projeto
-      const projectRow = db.query("SELECT stack, typecheck_command FROM project WHERE id = 'default'").get() as any;
+      const projectRow = await dbGet<any>("SELECT stack, typecheck_command FROM project WHERE id = 'default'");
       const typecheckResult = runTypecheck(context.files, {
         customCommand: projectRow?.typecheck_command || null,
         stackJson: projectRow?.stack || null,
@@ -458,25 +437,28 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "no-critical-blockers": {
-      const spec = getActiveSpec(context.specId);
+      const spec = await getActiveSpec(context.specId);
       if (!spec) return { passed: true };
 
-      const allKnowledge = db
-        .query(
-          `SELECT k.*, t.number as task_number, t.name as task_name
-           FROM knowledge k
-           LEFT JOIN tasks t ON k.task_origin = t.id
-           WHERE k.spec_id = ? AND k.severity = 'critical'
-           ORDER BY k.created_at DESC`
-        )
-        .all(spec.id) as any[];
-
-      const unresolved = allKnowledge.filter((k: any) => {
-        const hasAck = db.query(
-          "SELECT 1 FROM knowledge_acknowledgments WHERE knowledge_id = ?"
-        ).get(k.id);
-        return !hasAck;
-      });
+      const allKnowledge = await dbAll<any>(
+        `SELECT k.*, t.number as task_number, t.name as task_name
+         FROM knowledge k
+         LEFT JOIN tasks t ON k.task_origin = t.id
+         WHERE k.spec_id = ? AND k.severity = 'critical'
+         ORDER BY k.created_at DESC`,
+        [spec.id]
+      );
+
+      const unresolved: any[] = [];
+      for (const k of allKnowledge) {
+        const hasAck = await dbGet(
+          "SELECT 1 FROM knowledge_acknowledgments WHERE knowledge_id = ?",
+          [k.id]
+        );
+        if (!hasAck) {
+          unresolved.push(k);
+        }
+      }
 
       if (unresolved.length === 0) return { passed: true };
 
@@ -493,23 +475,21 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
 
     case "decision-conflicts": {
       if (context.force) {
-        logGateBypass(context.taskId, "decision-conflicts", context.forceReason);
+        await logGateBypass(context.taskId, "decision-conflicts", context.forceReason);
         return { passed: true };
       }
 
       if (!context.subagentData?.decisions_made?.length) return { passed: true };
 
-      const dcTask = db.query("SELECT * FROM tasks WHERE id = ?").get(context.taskId) as any;
+      const dcTask = await dbGet<any>("SELECT * FROM tasks WHERE id = ?", [context.taskId]);
       if (!dcTask) return { passed: true };
 
-      const existingDecisions = db
-        .query("SELECT * FROM decisions WHERE spec_id = ? AND status = 'active'")
-        .all(dcTask.spec_id) as any[];
+      const existingDecisions = await dbAll<any>(
+        "SELECT * FROM decisions WHERE spec_id = ? AND status = 'active'",
+        [dcTask.spec_id]
+      );
       if (existingDecisions.length === 0) return { passed: true };
 
-      // v10.1: Filter out decisions from the CURRENT task.
-      // processSubagentReturn() already saved them to DB before this gate runs,
-      // so without filtering, the new decisions would match against themselves.
       const priorDecisions = existingDecisions.filter(
         (d: any) => d.task_ref !== dcTask.number
       );
@@ -534,18 +514,15 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
     }
 
     case "pattern-compliance": {
-      // v10.2: Gate 4.7 — validate code follows project patterns
       if (context.force) {
-        logGateBypass(context.taskId, "pattern-compliance", context.forceReason);
+        await logGateBypass(context.taskId, "pattern-compliance", context.forceReason);
         return { passed: true };
       }
 
       if (!context.files || context.files.length === 0) return { passed: true };
 
-      const patternResult = validatePatternCompliance(context.files);
+      const patternResult = await validatePatternCompliance(context.files);
       if (!patternResult.passed && patternResult.violations.length > 0) {
-        // v10.2: Start in warning mode (don't block, just warn)
-        // Change to `return { passed: false, ... }` after validation in real projects
         console.warn("\n[PATTERN] Divergencias de pattern detectadas (aviso, nao bloqueante):");
         for (const v of patternResult.violations) {
           console.warn(`  - ${v.file}: ${v.reason} (pattern: ${v.pattern})`);
@@ -575,13 +552,12 @@ function executeCheck(check: string, context: any): { passed: boolean; details?:
   }
 }
 
-function logGateBypass(taskId: number, gateName: string, reason?: string): void {
-  const db = getDb();
-  const task = db.query("SELECT * FROM tasks WHERE id = ?").get(taskId) as any;
+async function logGateBypass(taskId: number, gateName: string, reason?: string): Promise<void> {
+  const task = await dbGet<any>("SELECT * FROM tasks WHERE id = ?", [taskId]);
   if (!task) return;
 
   const now = new Date().toISOString();
-  db.run(
+  await dbRun(
     `INSERT INTO gate_bypasses (spec_id, task_id, gate_name, reason, created_at)
      VALUES (?, ?, ?, ?, ?)`,
     [task.spec_id, taskId, gateName, reason || "Nao informado", now]
@@ -592,11 +568,11 @@ function logGateBypass(taskId: number, gateName: string, reason?: string): void
   console.warn(`    Isso sera auditado no review.\n`);
 }
 
-export function validateGate(command: string, context: any = {}): GateResult {
+export async function validateGate(command: string, context: any = {}): Promise<GateResult> {
   const gates = GATES[command] || [];
 
   for (const gate of gates) {
-    const result = executeCheck(gate.check, context);
+    const result = await executeCheck(gate.check, context);
 
     if (!result.passed) {
       const recoveryFn = RECOVERY_STRATEGIES[gate.check];
@@ -616,8 +592,8 @@ export function validateGate(command: string, context: any = {}): GateResult {
   return { passed: true };
 }
 
-export function enforceGate(command: string, context: any = {}): void {
-  const result = validateGate(command, context);
+export async function enforceGate(command: string, context: any = {}): Promise<void> {
+  const result = await validateGate(command, context);
 
   if (!result.passed) {
     throw new GateError(
@@ -629,35 +605,29 @@ export function enforceGate(command: string, context: any = {}): void {
   }
 }
 
-// v8.0: Validar conteúdo de arquivos criados (não apenas existência)
 export interface FileValidationResult {
   valid: boolean;
   reason?: string;
 }
 
 function validateFileContent(filePath: string): FileValidationResult {
-  // 1. Verificar existência
   if (!existsSync(filePath)) {
     return { valid: false, reason: "arquivo nao encontrado" };
   }
 
   try {
-    // 2. Verificar tamanho (arquivo vazio ou muito pequeno)
     const stats = statSync(filePath);
     if (stats.size === 0) {
       return { valid: false, reason: "arquivo vazio (0 bytes)" };
     }
 
-    // 3. Ler conteúdo e verificar estrutura mínima
     const content = readFileSync(filePath, "utf-8");
     const trimmed = content.trim();
 
-    // Arquivo trivialmente pequeno (< 20 caracteres não é código real)
     if (trimmed.length < 20) {
       return { valid: false, reason: `conteudo trivial (${trimmed.length} chars)` };
     }
 
-    // 4. Validações específicas por extensão
     const ext = extname(filePath).toLowerCase();
     const validation = validateByExtension(ext, content);
     if (!validation.valid) {
@@ -678,11 +648,9 @@ export function validateByExtension(ext: string, content: string): FileValidatio
     case ".tsx":
     case ".js":
     case ".jsx":
-      // Arquivos JS/TS devem ter pelo menos uma declaração
       if (!hasCodeStructure(trimmed, ["export", "import", "function", "const", "let", "var", "class", "interface", "type"])) {
         return { valid: false, reason: "sem declaracoes validas (export, function, class, etc)" };
       }
-      // TSX/JSX devem ter JSX ou export de componente
       if ((ext === ".tsx" || ext === ".jsx") && !trimmed.includes("<") && !trimmed.includes("export")) {
         return { valid: false, reason: "componente sem JSX ou export" };
       }
@@ -691,14 +659,12 @@ export function validateByExtension(ext: string, content: string): FileValidatio
     case ".css":
     case ".scss":
     case ".sass":
-      // CSS deve ter pelo menos um seletor e propriedade
       if (!trimmed.includes("{") || !trimmed.includes(":")) {
         return { valid: false, reason: "CSS sem regras validas" };
       }
       break;
 
     case ".json":
-      // JSON deve ser válido
       try {
         JSON.parse(content);
       } catch {
@@ -707,28 +673,24 @@ export function validateByExtension(ext: string, content: string): FileValidatio
       break;
 
     case ".sql":
-      // SQL deve ter statements
       if (!hasCodeStructure(trimmed.toUpperCase(), ["SELECT", "INSERT", "UPDATE", "DELETE", "CREATE", "ALTER", "DROP"])) {
         return { valid: false, reason: "SQL sem statements validos" };
       }
       break;
 
     case ".py":
-      // Python deve ter definições
       if (!hasCodeStructure(trimmed, ["def ", "class ", "import ", "from "])) {
         return { valid: false, reason: "Python sem definicoes (def, class, import)" };
       }
       break;
 
     case ".go":
-      // Go deve ter package
       if (!trimmed.includes("package ")) {
         return { valid: false, reason: "Go sem declaracao package" };
       }
       break;
 
     case ".md":
-      // Markdown deve ter conteúdo mínimo
       if (trimmed.length < 50) {
         return { valid: false, reason: "Markdown muito curto" };
       }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@codexa/cli",
-  "version": "9.0.30",
+  "version": "9.0.32",
   "description": "Orchestrated workflow system for Claude Code - manages feature development through parallel subagents with structured phases, gates, and quality enforcement.",
   "type": "module",
   "bin": {
@@ -27,6 +27,7 @@
     "bun": ">=1.0.0"
   },
   "dependencies": {
+    "@libsql/client": "^0.17.2",
     "commander": "^12.0.0"
   },
   "devDependencies": {