@deftai/directive-content 0.55.2 → 0.56.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.githooks/pre-commit +143 -0
- package/.githooks/pre-push +121 -0
- package/QUICK-START.md +2 -2
- package/Taskfile.yml +934 -0
- package/UPGRADING.md +47 -1
- package/events/README.md +3 -3
- package/package.json +5 -4
- package/scripts/_agents_md.py +494 -0
- package/scripts/_cache_fetch.py +635 -0
- package/scripts/_cache_quota.py +529 -0
- package/scripts/_cache_refresh.py +163 -0
- package/scripts/_cache_validate.py +209 -0
- package/scripts/_content_root.py +42 -0
- package/scripts/_doctor_state.py +277 -0
- package/scripts/_event_detect.py +305 -0
- package/scripts/_events.py +514 -0
- package/scripts/_lifecycle_hygiene.py +568 -0
- package/scripts/_pathspec.py +91 -0
- package/scripts/_policy_show_cli.py +266 -0
- package/scripts/_precutover.py +92 -0
- package/scripts/_project_context.py +224 -0
- package/scripts/_project_definition_io.py +164 -0
- package/scripts/_relocate_snapshot.py +209 -0
- package/scripts/_relocate_states.py +343 -0
- package/scripts/_resolve_preflight_path.py +152 -0
- package/scripts/_safe_subprocess.py +167 -0
- package/scripts/_session_start_hook.py +205 -0
- package/scripts/_sor_gate_diff.py +365 -0
- package/scripts/_stdio_utf8.py +59 -0
- package/scripts/_triage_bootstrap_gitignore.py +904 -0
- package/scripts/_triage_classify_cli.py +122 -0
- package/scripts/_triage_queue_cli.py +625 -0
- package/scripts/_triage_scope_cli.py +343 -0
- package/scripts/_triage_scope_drift_cli.py +121 -0
- package/scripts/_triage_scope_ignores.py +286 -0
- package/scripts/_triage_scope_milestone.py +432 -0
- package/scripts/_triage_scope_mutations.py +337 -0
- package/scripts/_triage_scope_renderers.py +207 -0
- package/scripts/_triage_smoketest_stages.py +674 -0
- package/scripts/_triage_subscribe_cli.py +140 -0
- package/scripts/_triage_welcome_cli.py +421 -0
- package/scripts/_vbrief_build.py +239 -0
- package/scripts/_vbrief_fidelity.py +479 -0
- package/scripts/_vbrief_legacy.py +589 -0
- package/scripts/_vbrief_reconciliation.py +883 -0
- package/scripts/_vbrief_routing.py +277 -0
- package/scripts/_vbrief_safety.py +778 -0
- package/scripts/_vbrief_sources.py +312 -0
- package/scripts/_vbrief_speckit.py +262 -0
- package/scripts/_vbrief_story_quality.py +353 -0
- package/scripts/_vbrief_validation.py +299 -0
- package/scripts/build_dist.py +412 -0
- package/scripts/cache.py +1078 -0
- package/scripts/cache_scanner.py +745 -0
- package/scripts/candidates_log.py +432 -0
- package/scripts/capacity_backfill.py +680 -0
- package/scripts/capacity_show.py +653 -0
- package/scripts/ci_local.py +689 -0
- package/scripts/code_structure_validate.py +765 -0
- package/scripts/codebase_default_extractor.py +495 -0
- package/scripts/codebase_map.py +304 -0
- package/scripts/codebase_map_fresh.py +104 -0
- package/scripts/codebase_projection_registry.py +94 -0
- package/scripts/codebase_provider.py +582 -0
- package/scripts/doctor.py +2257 -0
- package/scripts/framework_commands.py +505 -0
- package/scripts/gh_rest.py +882 -0
- package/scripts/github_auth_modes.py +437 -0
- package/scripts/github_body.py +292 -0
- package/scripts/ip_risk.py +531 -0
- package/scripts/issue_emit.py +670 -0
- package/scripts/issue_ingest.py +1064 -0
- package/scripts/migrate_preflight.py +418 -0
- package/scripts/migrate_vbrief.py +2677 -0
- package/scripts/monitor_pr.py +401 -0
- package/scripts/pack_migrate_lessons.py +336 -0
- package/scripts/pack_migrate_patterns.py +254 -0
- package/scripts/pack_migrate_rules.py +350 -0
- package/scripts/pack_migrate_skills.py +423 -0
- package/scripts/pack_migrate_strategies.py +311 -0
- package/scripts/pack_migrate_swarm_spec.py +250 -0
- package/scripts/pack_render.py +434 -0
- package/scripts/packs_slice.py +712 -0
- package/scripts/platform_capabilities.py +336 -0
- package/scripts/policy.py +2826 -0
- package/scripts/policy_set.py +324 -0
- package/scripts/pr_check_closing_keywords.py +524 -0
- package/scripts/pr_check_protected_issues.py +267 -0
- package/scripts/pr_merge_readiness.py +1004 -0
- package/scripts/pr_wait_mergeable.py +669 -0
- package/scripts/prd_render.py +159 -0
- package/scripts/preflight_architecture_sor.py +974 -0
- package/scripts/preflight_branch.py +289 -0
- package/scripts/preflight_cache.py +974 -0
- package/scripts/preflight_gh.py +721 -0
- package/scripts/preflight_implementation.py +272 -0
- package/scripts/preflight_story_start.py +838 -0
- package/scripts/preflight_wip_cap.py +149 -0
- package/scripts/probe_session.py +545 -0
- package/scripts/project_render.py +293 -0
- package/scripts/quarantine_ext.py +237 -0
- package/scripts/reconcile_issues.py +1442 -0
- package/scripts/refresh-path.ps1 +107 -0
- package/scripts/release.py +2030 -0
- package/scripts/release_e2e.py +1011 -0
- package/scripts/release_publish.py +486 -0
- package/scripts/release_rollback.py +980 -0
- package/scripts/relocate.py +1034 -0
- package/scripts/resolve_changelog_unreleased.py +667 -0
- package/scripts/resolve_version.py +490 -0
- package/scripts/resume_conditions.py +706 -0
- package/scripts/ritual_sentinel.py +609 -0
- package/scripts/roadmap_render.py +635 -0
- package/scripts/rule_ownership_lint.py +325 -0
- package/scripts/scm.py +591 -0
- package/scripts/scope_audit_log.py +387 -0
- package/scripts/scope_decompose.py +654 -0
- package/scripts/scope_demote.py +509 -0
- package/scripts/scope_lifecycle.py +1126 -0
- package/scripts/scope_undo.py +772 -0
- package/scripts/session_start.py +406 -0
- package/scripts/setup_ghx.py +339 -0
- package/scripts/setup_windows.ps1 +220 -0
- package/scripts/slice_audit.py +585 -0
- package/scripts/slice_record.py +530 -0
- package/scripts/slice_record_existing.py +692 -0
- package/scripts/slug_normalize.py +178 -0
- package/scripts/spec_render.py +477 -0
- package/scripts/spec_validate.py +238 -0
- package/scripts/subagent_monitor.py +658 -0
- package/scripts/swarm_complete_cohort.py +644 -0
- package/scripts/swarm_launch.py +1206 -0
- package/scripts/swarm_readiness.py +554 -0
- package/scripts/swarm_verify_review_clean.py +438 -0
- package/scripts/swarm_worktrees.py +497 -0
- package/scripts/toolchain-check.py +52 -0
- package/scripts/triage_actions.py +871 -0
- package/scripts/triage_bootstrap.py +1153 -0
- package/scripts/triage_bulk.py +630 -0
- package/scripts/triage_classify.py +932 -0
- package/scripts/triage_help.py +1685 -0
- package/scripts/triage_queue.py +1944 -0
- package/scripts/triage_reconcile.py +581 -0
- package/scripts/triage_refresh.py +643 -0
- package/scripts/triage_scope.py +999 -0
- package/scripts/triage_scope_drift.py +575 -0
- package/scripts/triage_smoketest.py +396 -0
- package/scripts/triage_subscribe.py +399 -0
- package/scripts/triage_summary.py +1011 -0
- package/scripts/triage_welcome.py +1178 -0
- package/scripts/ts_check_lane.py +86 -0
- package/scripts/validate-links.py +64 -0
- package/scripts/validate_strategy_output.py +212 -0
- package/scripts/vbrief_activate.py +228 -0
- package/scripts/vbrief_migrate_conformance.py +368 -0
- package/scripts/vbrief_reconcile_graph.py +306 -0
- package/scripts/vbrief_reconcile_labels.py +460 -0
- package/scripts/vbrief_reconcile_umbrellas.py +741 -0
- package/scripts/vbrief_validate.py +1195 -0
- package/scripts/verify-stubs.py +61 -0
- package/scripts/verify_capacity.py +160 -0
- package/scripts/verify_encoding.py +699 -0
- package/scripts/verify_hooks_installed.py +206 -0
- package/scripts/verify_investigation.py +360 -0
- package/scripts/verify_judgment_gates.py +827 -0
- package/scripts/verify_no_task_runtime.py +171 -0
- package/scripts/verify_scm_boundary.py +509 -0
- package/scripts/verify_session_ritual.py +389 -0
- package/scripts/verify_tools.py +426 -0
- package/scripts/verify_vbrief_conformance.py +478 -0
- package/tasks/architecture.yml +13 -0
- package/tasks/cache.yml +69 -0
- package/tasks/capacity.yml +38 -0
- package/tasks/change.yml +46 -0
- package/tasks/changelog.yml +24 -0
- package/tasks/ci.yml +49 -0
- package/tasks/codebase.yml +47 -0
- package/tasks/commit.yml +30 -0
- package/tasks/core.yml +126 -0
- package/tasks/deployments.yml +54 -0
- package/tasks/framework.yml +74 -0
- package/tasks/install.yml +60 -0
- package/tasks/issue.yml +50 -0
- package/tasks/migrate.yml +73 -0
- package/tasks/packs.yml +92 -0
- package/tasks/policy.yml +75 -0
- package/tasks/pr.yml +89 -0
- package/tasks/prd.yml +39 -0
- package/tasks/project.yml +27 -0
- package/tasks/reconcile.yml +32 -0
- package/tasks/relocate.yml +56 -0
- package/tasks/roadmap.yml +28 -0
- package/tasks/scm.yml +126 -0
- package/tasks/scope-undo.yml +36 -0
- package/tasks/scope.yml +141 -0
- package/tasks/session.yml +19 -0
- package/tasks/setup.yml +37 -0
- package/tasks/slice.yml +69 -0
- package/tasks/spec.yml +41 -0
- package/tasks/swarm.yml +85 -0
- package/tasks/toolchain.yml +13 -0
- package/tasks/triage-actions.yml +94 -0
- package/tasks/triage-bootstrap.yml +43 -0
- package/tasks/triage-bulk.yml +75 -0
- package/tasks/triage-classify.yml +30 -0
- package/tasks/triage-queue.yml +50 -0
- package/tasks/triage-reconcile.yml +29 -0
- package/tasks/triage-scope-drift.yml +29 -0
- package/tasks/triage-scope.yml +31 -0
- package/tasks/triage-smoketest.yml +33 -0
- package/tasks/triage-subscribe.yml +36 -0
- package/tasks/triage-summary.yml +29 -0
- package/tasks/triage-welcome.yml +32 -0
- package/tasks/ts.yml +328 -0
- package/tasks/vbrief.yml +206 -0
- package/tasks/verify.yml +292 -0
- package/templates/agents-entry.md +1 -1
|
@@ -0,0 +1,582 @@
|
|
|
1
|
+
#!/usr/bin/env python3
|
|
2
|
+
"""Provider selection and validation for #1595 codebase-map artifacts."""
|
|
3
|
+
|
|
4
|
+
from __future__ import annotations
|
|
5
|
+
|
|
6
|
+
import argparse
|
|
7
|
+
import copy
|
|
8
|
+
import hashlib
|
|
9
|
+
import json
|
|
10
|
+
import re
|
|
11
|
+
import shlex
|
|
12
|
+
import sys
|
|
13
|
+
from dataclasses import dataclass
|
|
14
|
+
from functools import lru_cache
|
|
15
|
+
from pathlib import Path, PurePosixPath
|
|
16
|
+
from typing import Any
|
|
17
|
+
|
|
18
|
+
import code_structure_validate
|
|
19
|
+
from _content_root import content_root
|
|
20
|
+
from _safe_subprocess import run_text
|
|
21
|
+
from codebase_default_extractor import (
|
|
22
|
+
build_codebase_map,
|
|
23
|
+
config_error_to_dict,
|
|
24
|
+
default_code_structure_path,
|
|
25
|
+
file_sha256,
|
|
26
|
+
)
|
|
27
|
+
from codebase_projection_registry import CODEBASE_MAP_KIND
|
|
28
|
+
|
|
29
|
+
CODEBASE_MAP_SCHEMA_PATH = Path("vbrief/schemas/codebase-map.schema.json")
|
|
30
|
+
_REPO_ROOT = Path(__file__).resolve().parents[1]
|
|
31
|
+
_SCHEMA_ANNOTATION_KEYS = frozenset({"$schema", "$id", "title", "description"})
|
|
32
|
+
_SUPPORTED_SCHEMA_KEYS = _SCHEMA_ANNOTATION_KEYS | frozenset(
|
|
33
|
+
{
|
|
34
|
+
"additionalProperties",
|
|
35
|
+
"const",
|
|
36
|
+
"items",
|
|
37
|
+
"minItems",
|
|
38
|
+
"minimum",
|
|
39
|
+
"minLength",
|
|
40
|
+
"properties",
|
|
41
|
+
"required",
|
|
42
|
+
"type",
|
|
43
|
+
}
|
|
44
|
+
)
|
|
45
|
+
|
|
46
|
+
|
|
47
|
+
@dataclass
|
|
48
|
+
class ProviderSelection:
|
|
49
|
+
"""Result of selecting either an external provider or the default extractor."""
|
|
50
|
+
|
|
51
|
+
artifact: dict[str, Any]
|
|
52
|
+
used_external_provider: bool
|
|
53
|
+
fallback_reason: str | None = None
|
|
54
|
+
|
|
55
|
+
|
|
56
|
+
@dataclass(frozen=True)
|
|
57
|
+
class ProviderArtifactPolicy:
|
|
58
|
+
"""Durable artifact-at-a-path policy for one projection kind."""
|
|
59
|
+
|
|
60
|
+
artifact_path: Path | None = None
|
|
61
|
+
expect_provider: str | None = None
|
|
62
|
+
expect_version: str | None = None
|
|
63
|
+
invalid_reason: str | None = None
|
|
64
|
+
|
|
65
|
+
|
|
66
|
+
@lru_cache(maxsize=1)
|
|
67
|
+
def _load_codebase_map_schema() -> dict[str, Any]:
|
|
68
|
+
schema_path = content_root(_REPO_ROOT) / CODEBASE_MAP_SCHEMA_PATH
|
|
69
|
+
schema = json.loads(schema_path.read_text(encoding="utf-8"))
|
|
70
|
+
if not isinstance(schema, dict):
|
|
71
|
+
raise ValueError(f"{CODEBASE_MAP_SCHEMA_PATH} must contain a JSON object")
|
|
72
|
+
return schema
|
|
73
|
+
|
|
74
|
+
|
|
75
|
+
def _schema_for_expected_kind(expected_kind: str) -> dict[str, Any]:
|
|
76
|
+
schema = _load_codebase_map_schema()
|
|
77
|
+
if expected_kind == CODEBASE_MAP_KIND:
|
|
78
|
+
return schema
|
|
79
|
+
schema = copy.deepcopy(schema)
|
|
80
|
+
schema["properties"]["kind"]["const"] = expected_kind
|
|
81
|
+
return schema
|
|
82
|
+
|
|
83
|
+
|
|
84
|
+
def _schema_path(path: str, field: str) -> str:
|
|
85
|
+
return f"{path}.{field}" if path else field
|
|
86
|
+
|
|
87
|
+
|
|
88
|
+
def _schema_error_path(path: str) -> str:
|
|
89
|
+
return path or "<root>"
|
|
90
|
+
|
|
91
|
+
|
|
92
|
+
def _type_names(schema_type: object) -> tuple[str, ...]:
|
|
93
|
+
if isinstance(schema_type, str):
|
|
94
|
+
return (schema_type,)
|
|
95
|
+
if isinstance(schema_type, list) and all(isinstance(item, str) for item in schema_type):
|
|
96
|
+
return tuple(schema_type)
|
|
97
|
+
return ()
|
|
98
|
+
|
|
99
|
+
|
|
100
|
+
def _matches_json_type(value: object, schema_type: str) -> bool:
|
|
101
|
+
if schema_type == "array":
|
|
102
|
+
return isinstance(value, list)
|
|
103
|
+
if schema_type == "boolean":
|
|
104
|
+
return isinstance(value, bool)
|
|
105
|
+
if schema_type == "integer":
|
|
106
|
+
return isinstance(value, int) and not isinstance(value, bool)
|
|
107
|
+
if schema_type == "null":
|
|
108
|
+
return value is None
|
|
109
|
+
if schema_type == "object":
|
|
110
|
+
return isinstance(value, dict)
|
|
111
|
+
if schema_type == "string":
|
|
112
|
+
return isinstance(value, str)
|
|
113
|
+
return False
|
|
114
|
+
|
|
115
|
+
|
|
116
|
+
def _type_label(schema_type: str) -> str:
|
|
117
|
+
if schema_type == "array":
|
|
118
|
+
return "an array"
|
|
119
|
+
if schema_type == "integer":
|
|
120
|
+
return "an integer"
|
|
121
|
+
if schema_type == "object":
|
|
122
|
+
return "an object"
|
|
123
|
+
return f"a {schema_type}"
|
|
124
|
+
|
|
125
|
+
|
|
126
|
+
def _schema_type_error(path: str, schema_types: tuple[str, ...]) -> str:
|
|
127
|
+
if len(schema_types) == 1:
|
|
128
|
+
return f"{_schema_error_path(path)} must be {_type_label(schema_types[0])}"
|
|
129
|
+
return f"{_schema_error_path(path)} must be one of: {', '.join(schema_types)}"
|
|
130
|
+
|
|
131
|
+
|
|
132
|
+
def _validate_schema_shape(schema: object, path: str) -> list[str]:
|
|
133
|
+
if not isinstance(schema, dict):
|
|
134
|
+
return [f"schema at {_schema_error_path(path)} must be an object"]
|
|
135
|
+
|
|
136
|
+
errors: list[str] = []
|
|
137
|
+
unknown = sorted(set(schema) - _SUPPORTED_SCHEMA_KEYS)
|
|
138
|
+
for keyword in unknown:
|
|
139
|
+
errors.append(
|
|
140
|
+
f"schema at {_schema_error_path(path)} uses unsupported keyword {keyword!r}"
|
|
141
|
+
)
|
|
142
|
+
|
|
143
|
+
schema_types = _type_names(schema.get("type"))
|
|
144
|
+
if "type" in schema and not schema_types:
|
|
145
|
+
errors.append(f"schema at {_schema_error_path(path)} has unsupported type")
|
|
146
|
+
|
|
147
|
+
required = schema.get("required")
|
|
148
|
+
if required is not None and (
|
|
149
|
+
not isinstance(required, list) or any(not isinstance(item, str) for item in required)
|
|
150
|
+
):
|
|
151
|
+
errors.append(f"schema at {_schema_error_path(path)} has invalid required[]")
|
|
152
|
+
|
|
153
|
+
properties = schema.get("properties")
|
|
154
|
+
if properties is not None:
|
|
155
|
+
if not isinstance(properties, dict):
|
|
156
|
+
errors.append(f"schema at {_schema_error_path(path)} has invalid properties")
|
|
157
|
+
else:
|
|
158
|
+
for field, child_schema in properties.items():
|
|
159
|
+
errors.extend(_validate_schema_shape(child_schema, _schema_path(path, field)))
|
|
160
|
+
|
|
161
|
+
if "items" in schema:
|
|
162
|
+
errors.extend(_validate_schema_shape(schema["items"], f"{path}[]"))
|
|
163
|
+
|
|
164
|
+
additional = schema.get("additionalProperties")
|
|
165
|
+
if additional is not None and not isinstance(additional, bool):
|
|
166
|
+
errors.append(
|
|
167
|
+
f"schema at {_schema_error_path(path)} has unsupported additionalProperties"
|
|
168
|
+
)
|
|
169
|
+
|
|
170
|
+
return errors
|
|
171
|
+
|
|
172
|
+
|
|
173
|
+
def _validate_json_schema_subset(
|
|
174
|
+
value: object, schema: dict[str, Any], path: str = ""
|
|
175
|
+
) -> list[str]:
|
|
176
|
+
schema_errors = _validate_schema_shape(schema, path)
|
|
177
|
+
if schema_errors:
|
|
178
|
+
return schema_errors
|
|
179
|
+
|
|
180
|
+
errors: list[str] = []
|
|
181
|
+
schema_types = _type_names(schema.get("type"))
|
|
182
|
+
if schema_types and not any(
|
|
183
|
+
_matches_json_type(value, schema_type) for schema_type in schema_types
|
|
184
|
+
):
|
|
185
|
+
return [_schema_type_error(path, schema_types)]
|
|
186
|
+
|
|
187
|
+
if "const" in schema and value != schema["const"]:
|
|
188
|
+
errors.append(f"{_schema_error_path(path)} must be {schema['const']!r}")
|
|
189
|
+
|
|
190
|
+
if isinstance(value, dict):
|
|
191
|
+
required = schema.get("required", [])
|
|
192
|
+
for field in required:
|
|
193
|
+
if field not in value:
|
|
194
|
+
errors.append(f"{_schema_path(path, field)} must be present")
|
|
195
|
+
|
|
196
|
+
properties = schema.get("properties", {})
|
|
197
|
+
if isinstance(properties, dict):
|
|
198
|
+
for field, child_schema in properties.items():
|
|
199
|
+
if field in value:
|
|
200
|
+
errors.extend(
|
|
201
|
+
_validate_json_schema_subset(
|
|
202
|
+
value[field],
|
|
203
|
+
child_schema,
|
|
204
|
+
_schema_path(path, field),
|
|
205
|
+
)
|
|
206
|
+
)
|
|
207
|
+
|
|
208
|
+
if schema.get("additionalProperties") is False and isinstance(properties, dict):
|
|
209
|
+
for field in sorted(set(value) - set(properties)):
|
|
210
|
+
errors.append(f"{_schema_path(path, field)} is not allowed")
|
|
211
|
+
|
|
212
|
+
if isinstance(value, list):
|
|
213
|
+
min_items = schema.get("minItems")
|
|
214
|
+
if isinstance(min_items, int) and len(value) < min_items:
|
|
215
|
+
if min_items == 1:
|
|
216
|
+
errors.append(f"{_schema_error_path(path)} must be a non-empty array")
|
|
217
|
+
else:
|
|
218
|
+
errors.append(f"{_schema_error_path(path)} must contain at least {min_items} items")
|
|
219
|
+
if "items" in schema:
|
|
220
|
+
for index, item in enumerate(value):
|
|
221
|
+
errors.extend(
|
|
222
|
+
_validate_json_schema_subset(item, schema["items"], f"{path}[{index}]")
|
|
223
|
+
)
|
|
224
|
+
|
|
225
|
+
if isinstance(value, str):
|
|
226
|
+
min_length = schema.get("minLength")
|
|
227
|
+
if isinstance(min_length, int) and len(value) < min_length:
|
|
228
|
+
if min_length == 1:
|
|
229
|
+
errors.append(f"{_schema_error_path(path)} must be a non-empty string")
|
|
230
|
+
else:
|
|
231
|
+
errors.append(
|
|
232
|
+
f"{_schema_error_path(path)} must contain at least {min_length} characters"
|
|
233
|
+
)
|
|
234
|
+
|
|
235
|
+
if isinstance(value, int) and not isinstance(value, bool):
|
|
236
|
+
minimum = schema.get("minimum")
|
|
237
|
+
if isinstance(minimum, (int, float)) and value < minimum:
|
|
238
|
+
errors.append(f"{_schema_error_path(path)} must be >= {minimum}")
|
|
239
|
+
|
|
240
|
+
return errors
|
|
241
|
+
|
|
242
|
+
|
|
243
|
+
def validate_provider_artifact(
|
|
244
|
+
artifact: object, *, expected_kind: str = CODEBASE_MAP_KIND
|
|
245
|
+
) -> list[str]:
|
|
246
|
+
"""Return deterministic JSON Schema contract errors for a provider artifact."""
|
|
247
|
+
if not isinstance(artifact, dict):
|
|
248
|
+
return ["artifact must be a JSON object"]
|
|
249
|
+
|
|
250
|
+
return _validate_json_schema_subset(artifact, _schema_for_expected_kind(expected_kind))
|
|
251
|
+
|
|
252
|
+
|
|
253
|
+
def _is_safe_relative_path(value: object) -> bool:
|
|
254
|
+
if not isinstance(value, str):
|
|
255
|
+
return False
|
|
256
|
+
text = value.strip()
|
|
257
|
+
if not text or "\\" in text or text.startswith(("~", "$")):
|
|
258
|
+
return False
|
|
259
|
+
path = PurePosixPath(text)
|
|
260
|
+
if path.is_absolute() or re.match(r"^[A-Za-z]:", text):
|
|
261
|
+
return False
|
|
262
|
+
return ".." not in path.parts
|
|
263
|
+
|
|
264
|
+
|
|
265
|
+
def _project_definition_path(project_root: Path) -> Path:
|
|
266
|
+
return project_root / "vbrief" / "PROJECT-DEFINITION.vbrief.json"
|
|
267
|
+
|
|
268
|
+
|
|
269
|
+
def _expect_value(expect: object, *keys: str) -> str | None:
|
|
270
|
+
if not isinstance(expect, dict):
|
|
271
|
+
return None
|
|
272
|
+
cursor: object = expect
|
|
273
|
+
for key in keys:
|
|
274
|
+
if not isinstance(cursor, dict):
|
|
275
|
+
return None
|
|
276
|
+
cursor = cursor.get(key)
|
|
277
|
+
if isinstance(cursor, str) and cursor.strip():
|
|
278
|
+
return cursor.strip()
|
|
279
|
+
return None
|
|
280
|
+
|
|
281
|
+
|
|
282
|
+
def load_provider_artifact_policy(
|
|
283
|
+
project_root: Path, *, kind: str = CODEBASE_MAP_KIND
|
|
284
|
+
) -> ProviderArtifactPolicy:
|
|
285
|
+
"""Read ``plan.policy.projectionProviders[kind]`` without invoking providers."""
|
|
286
|
+
path = _project_definition_path(project_root)
|
|
287
|
+
if not path.exists():
|
|
288
|
+
return ProviderArtifactPolicy()
|
|
289
|
+
|
|
290
|
+
data = code_structure_validate.load_json_file(path)
|
|
291
|
+
plan = data.get("plan")
|
|
292
|
+
if not isinstance(plan, dict):
|
|
293
|
+
return ProviderArtifactPolicy()
|
|
294
|
+
policy = plan.get("policy")
|
|
295
|
+
if not isinstance(policy, dict):
|
|
296
|
+
return ProviderArtifactPolicy()
|
|
297
|
+
providers = policy.get("projectionProviders")
|
|
298
|
+
if not isinstance(providers, dict):
|
|
299
|
+
return ProviderArtifactPolicy()
|
|
300
|
+
config = providers.get(kind)
|
|
301
|
+
if config is None:
|
|
302
|
+
return ProviderArtifactPolicy()
|
|
303
|
+
if not isinstance(config, dict):
|
|
304
|
+
return ProviderArtifactPolicy(
|
|
305
|
+
invalid_reason=f"plan.policy.projectionProviders[{kind!r}] must be an object"
|
|
306
|
+
)
|
|
307
|
+
|
|
308
|
+
artifact_path = config.get("artifactPath")
|
|
309
|
+
if not _is_safe_relative_path(artifact_path):
|
|
310
|
+
return ProviderArtifactPolicy(
|
|
311
|
+
invalid_reason=(
|
|
312
|
+
f"plan.policy.projectionProviders[{kind!r}].artifactPath "
|
|
313
|
+
"must be repository-relative"
|
|
314
|
+
)
|
|
315
|
+
)
|
|
316
|
+
|
|
317
|
+
expect = config.get("expect")
|
|
318
|
+
expect_provider = (
|
|
319
|
+
_expect_value(expect, "provider")
|
|
320
|
+
or _expect_value(expect, "name")
|
|
321
|
+
or _expect_value(expect, "provider", "name")
|
|
322
|
+
)
|
|
323
|
+
expect_version = (
|
|
324
|
+
_expect_value(expect, "version")
|
|
325
|
+
or _expect_value(expect, "providerVersion")
|
|
326
|
+
or _expect_value(expect, "provider", "version")
|
|
327
|
+
)
|
|
328
|
+
|
|
329
|
+
return ProviderArtifactPolicy(
|
|
330
|
+
artifact_path=Path(str(artifact_path)),
|
|
331
|
+
expect_provider=expect_provider,
|
|
332
|
+
expect_version=expect_version,
|
|
333
|
+
)
|
|
334
|
+
|
|
335
|
+
|
|
336
|
+
def artifact_sha256(artifact: dict[str, Any]) -> str:
|
|
337
|
+
"""Return a stable SHA-256 digest for a provider artifact."""
|
|
338
|
+
payload = json.dumps(artifact, sort_keys=True, separators=(",", ":")).encode("utf-8")
|
|
339
|
+
return hashlib.sha256(payload).hexdigest()
|
|
340
|
+
|
|
341
|
+
|
|
342
|
+
def _provider_expectation_errors(
|
|
343
|
+
artifact: dict[str, Any], policy: ProviderArtifactPolicy
|
|
344
|
+
) -> list[str]:
|
|
345
|
+
provider = artifact.get("provider")
|
|
346
|
+
if not isinstance(provider, dict):
|
|
347
|
+
return ["provider must be an object"]
|
|
348
|
+
errors: list[str] = []
|
|
349
|
+
if policy.expect_provider and provider.get("name") != policy.expect_provider:
|
|
350
|
+
errors.append(
|
|
351
|
+
"provider name mismatch: "
|
|
352
|
+
f"expected {policy.expect_provider!r}, got {provider.get('name')!r}"
|
|
353
|
+
)
|
|
354
|
+
if policy.expect_version and provider.get("version") != policy.expect_version:
|
|
355
|
+
errors.append(
|
|
356
|
+
"provider version mismatch: "
|
|
357
|
+
f"expected {policy.expect_version!r}, got {provider.get('version')!r}"
|
|
358
|
+
)
|
|
359
|
+
return errors
|
|
360
|
+
|
|
361
|
+
|
|
362
|
+
def _freshness_signal(artifact: dict[str, Any]) -> tuple[bool | None, str | None]:
|
|
363
|
+
source = artifact.get("source")
|
|
364
|
+
candidates: list[object] = [artifact.get("freshness")]
|
|
365
|
+
if isinstance(source, dict):
|
|
366
|
+
candidates.append(source.get("freshness"))
|
|
367
|
+
for candidate in candidates:
|
|
368
|
+
if not isinstance(candidate, dict):
|
|
369
|
+
continue
|
|
370
|
+
fresh = candidate.get("fresh")
|
|
371
|
+
if isinstance(fresh, bool):
|
|
372
|
+
if fresh:
|
|
373
|
+
return True, None
|
|
374
|
+
return False, str(candidate.get("reason") or "provider freshness signal is stale")
|
|
375
|
+
status = candidate.get("status")
|
|
376
|
+
if isinstance(status, str):
|
|
377
|
+
normalized = status.strip().lower()
|
|
378
|
+
if normalized in {"fresh", "ok", "current"}:
|
|
379
|
+
return True, None
|
|
380
|
+
if normalized in {"stale", "dirty", "out-of-date", "outdated"}:
|
|
381
|
+
return False, str(
|
|
382
|
+
candidate.get("reason") or f"provider freshness status is {status!r}"
|
|
383
|
+
)
|
|
384
|
+
return None, None
|
|
385
|
+
|
|
386
|
+
|
|
387
|
+
def _content_hash_entries(artifact: dict[str, Any]) -> list[dict[str, str]]:
|
|
388
|
+
source = artifact.get("source")
|
|
389
|
+
if not isinstance(source, dict):
|
|
390
|
+
return []
|
|
391
|
+
content_hashes = source.get("contentHashes")
|
|
392
|
+
if isinstance(content_hashes, dict):
|
|
393
|
+
raw_entries: object = content_hashes.get("files", [])
|
|
394
|
+
else:
|
|
395
|
+
raw_entries = content_hashes
|
|
396
|
+
|
|
397
|
+
entries: list[dict[str, str]] = []
|
|
398
|
+
if isinstance(raw_entries, dict):
|
|
399
|
+
for path, digest in raw_entries.items():
|
|
400
|
+
if isinstance(path, str) and isinstance(digest, str):
|
|
401
|
+
entries.append({"path": path, "sha256": digest})
|
|
402
|
+
elif isinstance(raw_entries, list):
|
|
403
|
+
for item in raw_entries:
|
|
404
|
+
if not isinstance(item, dict):
|
|
405
|
+
continue
|
|
406
|
+
path = item.get("path")
|
|
407
|
+
digest = item.get("sha256") or item.get("value") or item.get("digest")
|
|
408
|
+
algorithm = str(item.get("algorithm") or "sha256").lower()
|
|
409
|
+
if isinstance(path, str) and isinstance(digest, str) and algorithm == "sha256":
|
|
410
|
+
entries.append({"path": path, "sha256": digest})
|
|
411
|
+
return entries
|
|
412
|
+
|
|
413
|
+
|
|
414
|
+
def provider_artifact_freshness_errors(
|
|
415
|
+
artifact: dict[str, Any], project_root: Path
|
|
416
|
+
) -> list[str]:
|
|
417
|
+
"""Return no-network freshness errors for an artifact-at-a-path provider."""
|
|
418
|
+
signaled_fresh, reason = _freshness_signal(artifact)
|
|
419
|
+
if signaled_fresh is True:
|
|
420
|
+
return []
|
|
421
|
+
if signaled_fresh is False:
|
|
422
|
+
return [reason or "provider freshness signal is stale"]
|
|
423
|
+
|
|
424
|
+
entries = _content_hash_entries(artifact)
|
|
425
|
+
if not entries:
|
|
426
|
+
return [
|
|
427
|
+
"provider artifact freshness could not be verified: "
|
|
428
|
+
"missing source.freshness or source.contentHashes.files[]"
|
|
429
|
+
]
|
|
430
|
+
|
|
431
|
+
errors: list[str] = []
|
|
432
|
+
for entry in entries:
|
|
433
|
+
rel_path = entry["path"]
|
|
434
|
+
expected = entry["sha256"]
|
|
435
|
+
if not _is_safe_relative_path(rel_path):
|
|
436
|
+
errors.append(
|
|
437
|
+
"provider artifact content hash path is not "
|
|
438
|
+
f"repository-relative: {rel_path!r}"
|
|
439
|
+
)
|
|
440
|
+
continue
|
|
441
|
+
path = project_root / rel_path
|
|
442
|
+
if not path.is_file():
|
|
443
|
+
errors.append(f"provider artifact source file is missing: {rel_path}")
|
|
444
|
+
continue
|
|
445
|
+
actual = file_sha256(path)
|
|
446
|
+
if actual != expected:
|
|
447
|
+
errors.append(
|
|
448
|
+
"provider artifact source hash mismatch: "
|
|
449
|
+
f"{rel_path} expected {expected}, got {actual}"
|
|
450
|
+
)
|
|
451
|
+
return errors
|
|
452
|
+
|
|
453
|
+
|
|
454
|
+
def _fallback(project_root: Path, reason: str) -> ProviderSelection:
|
|
455
|
+
return ProviderSelection(
|
|
456
|
+
artifact=build_codebase_map(project_root, fallback_reason=reason),
|
|
457
|
+
used_external_provider=False,
|
|
458
|
+
fallback_reason=reason,
|
|
459
|
+
)
|
|
460
|
+
|
|
461
|
+
|
|
462
|
+
def _selection_from_artifact_path(
|
|
463
|
+
project_root: Path, artifact_path: Path, policy: ProviderArtifactPolicy
|
|
464
|
+
) -> ProviderSelection:
|
|
465
|
+
path = artifact_path if artifact_path.is_absolute() else project_root / artifact_path
|
|
466
|
+
if not path.exists():
|
|
467
|
+
return _fallback(project_root, f"provider artifact path does not exist: {artifact_path}")
|
|
468
|
+
if not path.is_file():
|
|
469
|
+
return _fallback(project_root, f"provider artifact path is not a file: {artifact_path}")
|
|
470
|
+
try:
|
|
471
|
+
artifact = json.loads(path.read_text(encoding="utf-8"))
|
|
472
|
+
except json.JSONDecodeError as exc:
|
|
473
|
+
return _fallback(project_root, f"provider artifact was not valid JSON: {exc.msg}")
|
|
474
|
+
except OSError as exc:
|
|
475
|
+
return _fallback(project_root, f"provider artifact could not be read: {exc}")
|
|
476
|
+
|
|
477
|
+
errors = validate_provider_artifact(artifact)
|
|
478
|
+
if errors:
|
|
479
|
+
return _fallback(project_root, "provider artifact contract mismatch: " + "; ".join(errors))
|
|
480
|
+
expectation_errors = _provider_expectation_errors(artifact, policy)
|
|
481
|
+
if expectation_errors:
|
|
482
|
+
return _fallback(
|
|
483
|
+
project_root,
|
|
484
|
+
"provider artifact expectation mismatch: " + "; ".join(expectation_errors),
|
|
485
|
+
)
|
|
486
|
+
freshness_errors = provider_artifact_freshness_errors(artifact, project_root)
|
|
487
|
+
if freshness_errors:
|
|
488
|
+
return _fallback(project_root, "provider artifact is stale: " + "; ".join(freshness_errors))
|
|
489
|
+
|
|
490
|
+
return ProviderSelection(artifact=artifact, used_external_provider=True)
|
|
491
|
+
|
|
492
|
+
|
|
493
|
+
def select_codebase_map(
|
|
494
|
+
project_root: Path,
|
|
495
|
+
provider_command: str | list[str] | None = None,
|
|
496
|
+
*,
|
|
497
|
+
artifact_path: Path | str | None = None,
|
|
498
|
+
) -> ProviderSelection:
|
|
499
|
+
"""Return an external provider artifact when valid, else the default artifact."""
|
|
500
|
+
project_root = project_root.resolve()
|
|
501
|
+
if artifact_path is not None and str(artifact_path) != "":
|
|
502
|
+
policy = ProviderArtifactPolicy(artifact_path=Path(str(artifact_path)))
|
|
503
|
+
return _selection_from_artifact_path(project_root, policy.artifact_path, policy)
|
|
504
|
+
|
|
505
|
+
if provider_command is None or provider_command == "":
|
|
506
|
+
policy = load_provider_artifact_policy(project_root)
|
|
507
|
+
if policy.invalid_reason:
|
|
508
|
+
return _fallback(project_root, policy.invalid_reason)
|
|
509
|
+
if policy.artifact_path is not None:
|
|
510
|
+
return _selection_from_artifact_path(project_root, policy.artifact_path, policy)
|
|
511
|
+
return _fallback(project_root, "no external codebase-map provider configured")
|
|
512
|
+
|
|
513
|
+
try:
|
|
514
|
+
command = (
|
|
515
|
+
shlex.split(provider_command) if isinstance(provider_command, str) else provider_command
|
|
516
|
+
)
|
|
517
|
+
except ValueError as exc:
|
|
518
|
+
return _fallback(project_root, f"provider command could not be parsed: {exc}")
|
|
519
|
+
if not command:
|
|
520
|
+
return _fallback(project_root, "provider command was empty")
|
|
521
|
+
|
|
522
|
+
try:
|
|
523
|
+
completed = run_text(command, cwd=str(project_root), timeout=60)
|
|
524
|
+
except Exception as exc: # noqa: BLE001 -- provider failure is intentionally non-fatal.
|
|
525
|
+
return _fallback(project_root, f"provider command failed before output: {exc}")
|
|
526
|
+
|
|
527
|
+
if completed.returncode != 0:
|
|
528
|
+
detail = completed.stderr.strip() or completed.stdout.strip() or "no provider output"
|
|
529
|
+
return _fallback(
|
|
530
|
+
project_root,
|
|
531
|
+
f"provider command exited {completed.returncode}: {detail}",
|
|
532
|
+
)
|
|
533
|
+
|
|
534
|
+
try:
|
|
535
|
+
artifact = json.loads(completed.stdout)
|
|
536
|
+
except json.JSONDecodeError as exc:
|
|
537
|
+
return _fallback(project_root, f"provider output was not valid JSON: {exc.msg}")
|
|
538
|
+
|
|
539
|
+
errors = validate_provider_artifact(artifact)
|
|
540
|
+
if errors:
|
|
541
|
+
return _fallback(project_root, "provider artifact contract mismatch: " + "; ".join(errors))
|
|
542
|
+
|
|
543
|
+
return ProviderSelection(artifact=artifact, used_external_provider=True)
|
|
544
|
+
|
|
545
|
+
|
|
546
|
+
def main(argv: list[str] | None = None) -> int:
|
|
547
|
+
"""CLI entry point."""
|
|
548
|
+
parser = argparse.ArgumentParser(description="Select a codebase-map provider artifact.")
|
|
549
|
+
parser.add_argument("--project-root", default=".", help="Repository root to inspect.")
|
|
550
|
+
parser.add_argument(
|
|
551
|
+
"--artifact-path",
|
|
552
|
+
help=(
|
|
553
|
+
"Repository-relative provider artifact path. When omitted, "
|
|
554
|
+
'plan.policy.projectionProviders["codebase-map"].artifactPath is used.'
|
|
555
|
+
),
|
|
556
|
+
)
|
|
557
|
+
parser.add_argument("--provider-command", help="External provider argv string.")
|
|
558
|
+
args = parser.parse_args(argv)
|
|
559
|
+
|
|
560
|
+
project_root = Path(args.project_root)
|
|
561
|
+
try:
|
|
562
|
+
selection = select_codebase_map(
|
|
563
|
+
project_root,
|
|
564
|
+
args.provider_command,
|
|
565
|
+
artifact_path=args.artifact_path,
|
|
566
|
+
)
|
|
567
|
+
except code_structure_validate.CodeStructureConfigError as exc:
|
|
568
|
+
print(
|
|
569
|
+
json.dumps(
|
|
570
|
+
config_error_to_dict(default_code_structure_path(project_root, None), exc),
|
|
571
|
+
indent=2,
|
|
572
|
+
sort_keys=True,
|
|
573
|
+
),
|
|
574
|
+
file=sys.stderr,
|
|
575
|
+
)
|
|
576
|
+
return 2
|
|
577
|
+
print(json.dumps(selection.artifact, indent=2, sort_keys=True))
|
|
578
|
+
return 0
|
|
579
|
+
|
|
580
|
+
|
|
581
|
+
if __name__ == "__main__":
|
|
582
|
+
sys.exit(main())
|