@deftai/directive-content 0.58.0 → 0.60.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.githooks/pre-push +10 -9
- package/Taskfile.yml +57 -67
- package/UPGRADING.md +1 -1
- package/docs/assets/directive-lifecycle-diagram.png +0 -0
- package/docs/directive-lifecycle.md +73 -0
- package/docs/getting-started.md +5 -1
- package/package.json +3 -3
- package/packs/rules/rules-pack-0.1.json +3 -3
- package/packs/skills/skills-pack-0.1.json +22 -22
- package/scm/github.md +20 -2
- package/tasks/change.yml +16 -31
- package/tasks/ci.yml +8 -0
- package/tasks/commit.yml +12 -19
- package/tasks/core.yml +10 -0
- package/tasks/engine.yml +42 -0
- package/tasks/framework.yml +3 -0
- package/tasks/install.yml +20 -19
- package/tasks/migrate.yml +26 -15
- package/tasks/project.yml +16 -0
- package/tasks/relocate.yml +18 -48
- package/tasks/toolchain.yml +15 -5
- package/tasks/vbrief.yml +4 -3
- package/tasks/verify.yml +12 -14
- package/templates/agents-entry.md +1 -2
- package/scripts/_agents_md.py +0 -494
- package/scripts/_cache_fetch.py +0 -635
- package/scripts/_cache_quota.py +0 -529
- package/scripts/_cache_refresh.py +0 -163
- package/scripts/_cache_validate.py +0 -209
- package/scripts/_content_root.py +0 -42
- package/scripts/_doctor_state.py +0 -277
- package/scripts/_event_detect.py +0 -305
- package/scripts/_events.py +0 -514
- package/scripts/_lifecycle_hygiene.py +0 -568
- package/scripts/_pathspec.py +0 -91
- package/scripts/_policy_show_cli.py +0 -266
- package/scripts/_precutover.py +0 -92
- package/scripts/_project_context.py +0 -224
- package/scripts/_project_definition_io.py +0 -164
- package/scripts/_relocate_snapshot.py +0 -209
- package/scripts/_relocate_states.py +0 -343
- package/scripts/_resolve_preflight_path.py +0 -152
- package/scripts/_safe_subprocess.py +0 -167
- package/scripts/_session_start_hook.py +0 -205
- package/scripts/_sor_gate_diff.py +0 -365
- package/scripts/_stdio_utf8.py +0 -59
- package/scripts/_triage_bootstrap_gitignore.py +0 -904
- package/scripts/_triage_classify_cli.py +0 -122
- package/scripts/_triage_queue_cli.py +0 -625
- package/scripts/_triage_scope_cli.py +0 -343
- package/scripts/_triage_scope_drift_cli.py +0 -121
- package/scripts/_triage_scope_ignores.py +0 -286
- package/scripts/_triage_scope_milestone.py +0 -432
- package/scripts/_triage_scope_mutations.py +0 -337
- package/scripts/_triage_scope_renderers.py +0 -207
- package/scripts/_triage_smoketest_stages.py +0 -674
- package/scripts/_triage_subscribe_cli.py +0 -140
- package/scripts/_triage_welcome_cli.py +0 -421
- package/scripts/_vbrief_build.py +0 -239
- package/scripts/_vbrief_fidelity.py +0 -479
- package/scripts/_vbrief_legacy.py +0 -589
- package/scripts/_vbrief_reconciliation.py +0 -883
- package/scripts/_vbrief_routing.py +0 -277
- package/scripts/_vbrief_safety.py +0 -778
- package/scripts/_vbrief_sources.py +0 -312
- package/scripts/_vbrief_speckit.py +0 -262
- package/scripts/_vbrief_story_quality.py +0 -353
- package/scripts/_vbrief_validation.py +0 -299
- package/scripts/build_dist.py +0 -412
- package/scripts/cache.py +0 -1078
- package/scripts/cache_scanner.py +0 -745
- package/scripts/candidates_log.py +0 -432
- package/scripts/capacity_backfill.py +0 -680
- package/scripts/capacity_show.py +0 -653
- package/scripts/ci_local.py +0 -689
- package/scripts/code_structure_validate.py +0 -765
- package/scripts/codebase_default_extractor.py +0 -495
- package/scripts/codebase_map.py +0 -304
- package/scripts/codebase_map_fresh.py +0 -104
- package/scripts/codebase_projection_registry.py +0 -94
- package/scripts/codebase_provider.py +0 -582
- package/scripts/doctor.py +0 -2551
- package/scripts/framework_commands.py +0 -505
- package/scripts/gh_rest.py +0 -882
- package/scripts/github_auth_modes.py +0 -437
- package/scripts/github_body.py +0 -292
- package/scripts/ip_risk.py +0 -531
- package/scripts/issue_emit.py +0 -670
- package/scripts/issue_ingest.py +0 -1064
- package/scripts/migrate_preflight.py +0 -418
- package/scripts/migrate_vbrief.py +0 -2677
- package/scripts/monitor_pr.py +0 -401
- package/scripts/pack_migrate_lessons.py +0 -336
- package/scripts/pack_migrate_patterns.py +0 -254
- package/scripts/pack_migrate_rules.py +0 -350
- package/scripts/pack_migrate_skills.py +0 -423
- package/scripts/pack_migrate_strategies.py +0 -311
- package/scripts/pack_migrate_swarm_spec.py +0 -250
- package/scripts/pack_render.py +0 -434
- package/scripts/packs_slice.py +0 -712
- package/scripts/platform_capabilities.py +0 -336
- package/scripts/policy.py +0 -2826
- package/scripts/policy_set.py +0 -324
- package/scripts/pr_check_closing_keywords.py +0 -524
- package/scripts/pr_check_protected_issues.py +0 -267
- package/scripts/pr_merge_readiness.py +0 -1004
- package/scripts/pr_wait_mergeable.py +0 -669
- package/scripts/prd_render.py +0 -159
- package/scripts/preflight_architecture_sor.py +0 -974
- package/scripts/preflight_branch.py +0 -289
- package/scripts/preflight_cache.py +0 -974
- package/scripts/preflight_gh.py +0 -721
- package/scripts/preflight_implementation.py +0 -272
- package/scripts/preflight_story_start.py +0 -838
- package/scripts/preflight_wip_cap.py +0 -149
- package/scripts/probe_session.py +0 -545
- package/scripts/project_render.py +0 -293
- package/scripts/quarantine_ext.py +0 -237
- package/scripts/reconcile_issues.py +0 -1442
- package/scripts/refresh-path.ps1 +0 -107
- package/scripts/release.py +0 -2030
- package/scripts/release_e2e.py +0 -1011
- package/scripts/release_publish.py +0 -486
- package/scripts/release_rollback.py +0 -980
- package/scripts/relocate.py +0 -1034
- package/scripts/resolve_changelog_unreleased.py +0 -667
- package/scripts/resolve_version.py +0 -490
- package/scripts/resume_conditions.py +0 -706
- package/scripts/ritual_sentinel.py +0 -609
- package/scripts/roadmap_render.py +0 -635
- package/scripts/rule_ownership_lint.py +0 -325
- package/scripts/scm.py +0 -591
- package/scripts/scope_audit_log.py +0 -387
- package/scripts/scope_decompose.py +0 -654
- package/scripts/scope_demote.py +0 -509
- package/scripts/scope_lifecycle.py +0 -1126
- package/scripts/scope_undo.py +0 -772
- package/scripts/session_start.py +0 -406
- package/scripts/setup_ghx.py +0 -339
- package/scripts/setup_windows.ps1 +0 -220
- package/scripts/slice_audit.py +0 -585
- package/scripts/slice_record.py +0 -530
- package/scripts/slice_record_existing.py +0 -692
- package/scripts/slug_normalize.py +0 -178
- package/scripts/spec_render.py +0 -477
- package/scripts/spec_validate.py +0 -238
- package/scripts/subagent_monitor.py +0 -658
- package/scripts/swarm_complete_cohort.py +0 -644
- package/scripts/swarm_launch.py +0 -1206
- package/scripts/swarm_readiness.py +0 -554
- package/scripts/swarm_verify_review_clean.py +0 -438
- package/scripts/swarm_worktrees.py +0 -497
- package/scripts/toolchain-check.py +0 -52
- package/scripts/triage_actions.py +0 -871
- package/scripts/triage_bootstrap.py +0 -1153
- package/scripts/triage_bulk.py +0 -630
- package/scripts/triage_classify.py +0 -932
- package/scripts/triage_help.py +0 -1685
- package/scripts/triage_queue.py +0 -1944
- package/scripts/triage_reconcile.py +0 -581
- package/scripts/triage_refresh.py +0 -643
- package/scripts/triage_scope.py +0 -999
- package/scripts/triage_scope_drift.py +0 -575
- package/scripts/triage_smoketest.py +0 -396
- package/scripts/triage_subscribe.py +0 -399
- package/scripts/triage_summary.py +0 -1011
- package/scripts/triage_welcome.py +0 -1178
- package/scripts/ts_check_lane.py +0 -86
- package/scripts/validate-links.py +0 -64
- package/scripts/validate_strategy_output.py +0 -212
- package/scripts/vbrief_activate.py +0 -228
- package/scripts/vbrief_migrate_conformance.py +0 -368
- package/scripts/vbrief_reconcile_graph.py +0 -306
- package/scripts/vbrief_reconcile_labels.py +0 -460
- package/scripts/vbrief_reconcile_umbrellas.py +0 -741
- package/scripts/vbrief_validate.py +0 -1144
- package/scripts/verify-stubs.py +0 -61
- package/scripts/verify_capacity.py +0 -160
- package/scripts/verify_encoding.py +0 -699
- package/scripts/verify_hooks_installed.py +0 -206
- package/scripts/verify_investigation.py +0 -360
- package/scripts/verify_judgment_gates.py +0 -827
- package/scripts/verify_no_task_runtime.py +0 -171
- package/scripts/verify_scm_boundary.py +0 -509
- package/scripts/verify_session_ritual.py +0 -389
- package/scripts/verify_tools.py +0 -426
- package/scripts/verify_vbrief_conformance.py +0 -478
|
@@ -1,389 +0,0 @@
|
|
|
1
|
-
#!/usr/bin/env python3
|
|
2
|
-
"""Fail-closed session ritual verifier (#1348)."""
|
|
3
|
-
|
|
4
|
-
from __future__ import annotations
|
|
5
|
-
|
|
6
|
-
import argparse
|
|
7
|
-
import contextlib
|
|
8
|
-
import io
|
|
9
|
-
import json
|
|
10
|
-
import os
|
|
11
|
-
import subprocess
|
|
12
|
-
import sys
|
|
13
|
-
import threading
|
|
14
|
-
from collections.abc import Callable
|
|
15
|
-
from dataclasses import dataclass
|
|
16
|
-
from datetime import UTC, datetime, timedelta
|
|
17
|
-
from pathlib import Path
|
|
18
|
-
from typing import Any
|
|
19
|
-
|
|
20
|
-
sys.path.insert(0, str(Path(__file__).resolve().parent))
|
|
21
|
-
|
|
22
|
-
from framework_commands import format_framework_command # noqa: E402
|
|
23
|
-
from policy import resolve_session_ritual_staleness_hours # noqa: E402
|
|
24
|
-
from ritual_sentinel import ( # noqa: E402
|
|
25
|
-
RitualState,
|
|
26
|
-
read_ritual_state,
|
|
27
|
-
ritual_state_path,
|
|
28
|
-
ritual_step,
|
|
29
|
-
write_ritual_state,
|
|
30
|
-
)
|
|
31
|
-
|
|
32
|
-
ENV_SKIP = "DEFT_SESSION_RITUAL_SKIP"
|
|
33
|
-
# The legacy subprocess runner capped each gated check via subprocess timeout=300.
|
|
34
|
-
# In-process calls (#1659) must preserve that bound so a hung entrypoint cannot turn
|
|
35
|
-
# the fail-closed step-0 gate into a permanent block (#1655 review).
|
|
36
|
-
ENTRYPOINT_TIMEOUT_SECONDS = 300.0
|
|
37
|
-
ENTRYPOINT_TIMEOUT_EXIT_CODE = 124
|
|
38
|
-
QUICK_STEPS: tuple[str, ...] = ("alignment", "branch_policy", "triage_welcome")
|
|
39
|
-
GATED_STEPS: tuple[str, ...] = ("doctor", "cache_fresh")
|
|
40
|
-
GATED_ENTRYPOINT_COMMANDS: dict[str, tuple[str, ...]] = {
|
|
41
|
-
"doctor": ("doctor",),
|
|
42
|
-
"cache_fresh": ("verify:cache-fresh",),
|
|
43
|
-
}
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
@dataclass(frozen=True)
|
|
47
|
-
class VerifyResult:
|
|
48
|
-
code: int
|
|
49
|
-
message: str
|
|
50
|
-
tier: str
|
|
51
|
-
state_path: Path
|
|
52
|
-
bypassed: bool = False
|
|
53
|
-
would_fail_code: int | None = None
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
Runner = Callable[[list[str], Path], tuple[int, str, str]]
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
def _utc_now() -> datetime:
|
|
60
|
-
return datetime.now(UTC)
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
def _truthy(raw: str | None) -> bool:
|
|
64
|
-
return (raw or "").strip().lower() in {"1", "true", "yes", "on"}
|
|
65
|
-
|
|
66
|
-
|
|
67
|
-
def _run_git(project_root: Path, args: list[str]) -> tuple[int, str, str]:
|
|
68
|
-
try:
|
|
69
|
-
proc = subprocess.run(
|
|
70
|
-
["git", *args],
|
|
71
|
-
cwd=str(project_root),
|
|
72
|
-
capture_output=True,
|
|
73
|
-
text=True,
|
|
74
|
-
encoding="utf-8",
|
|
75
|
-
errors="replace",
|
|
76
|
-
check=False,
|
|
77
|
-
)
|
|
78
|
-
except FileNotFoundError:
|
|
79
|
-
return 127, "", "git executable not found on PATH"
|
|
80
|
-
return proc.returncode, proc.stdout.strip(), proc.stderr.strip()
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
def _git_head(project_root: Path) -> tuple[str | None, str | None]:
|
|
84
|
-
code, out, err = _run_git(project_root, ["rev-parse", "--verify", "HEAD"])
|
|
85
|
-
if code != 0 or not out:
|
|
86
|
-
return None, err or "could not resolve git HEAD"
|
|
87
|
-
return out, None
|
|
88
|
-
|
|
89
|
-
|
|
90
|
-
def _worktree_path(project_root: Path) -> str:
|
|
91
|
-
code, out, _err = _run_git(project_root, ["rev-parse", "--show-toplevel"])
|
|
92
|
-
if code == 0 and out:
|
|
93
|
-
return str(Path(out).resolve())
|
|
94
|
-
return str(project_root.resolve())
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
def _call_main(
|
|
98
|
-
main_func: Callable[[list[str]], int],
|
|
99
|
-
argv: list[str],
|
|
100
|
-
*,
|
|
101
|
-
timeout: float | None = None,
|
|
102
|
-
) -> tuple[int, str, str]:
|
|
103
|
-
"""Run an in-process entrypoint, bounding it with a timeout.
|
|
104
|
-
|
|
105
|
-
The legacy subprocess runner passed ``timeout=300`` so a hung check could not
|
|
106
|
-
block the step-0 gate indefinitely. In-process calls drop that protection, so
|
|
107
|
-
the entrypoint runs in a daemon worker thread joined with the same bound; a
|
|
108
|
-
hang returns a fail-closed timeout result instead of blocking dispatch (#1655).
|
|
109
|
-
``timeout`` resolves to ``ENTRYPOINT_TIMEOUT_SECONDS`` at call time when unset.
|
|
110
|
-
"""
|
|
111
|
-
if timeout is None:
|
|
112
|
-
timeout = ENTRYPOINT_TIMEOUT_SECONDS
|
|
113
|
-
result: dict[str, tuple[int, str, str]] = {}
|
|
114
|
-
real_stdout, real_stderr = sys.stdout, sys.stderr
|
|
115
|
-
|
|
116
|
-
def _worker() -> None:
|
|
117
|
-
stdout = io.StringIO()
|
|
118
|
-
stderr = io.StringIO()
|
|
119
|
-
try:
|
|
120
|
-
with contextlib.redirect_stdout(stdout), contextlib.redirect_stderr(stderr):
|
|
121
|
-
code = main_func(argv)
|
|
122
|
-
except SystemExit as exc:
|
|
123
|
-
raw_code = exc.code
|
|
124
|
-
code = raw_code if isinstance(raw_code, int) else (0 if raw_code is None else 1)
|
|
125
|
-
except Exception as exc: # noqa: BLE001 -- ritual state must record failures
|
|
126
|
-
message = f"{type(exc).__name__}: {exc}"
|
|
127
|
-
captured_stderr = stderr.getvalue()
|
|
128
|
-
stderr_value = f"{captured_stderr}\n{message}" if captured_stderr else message
|
|
129
|
-
result["value"] = (2, stdout.getvalue(), stderr_value)
|
|
130
|
-
return
|
|
131
|
-
result["value"] = (int(code or 0), stdout.getvalue(), stderr.getvalue())
|
|
132
|
-
|
|
133
|
-
worker = threading.Thread(target=_worker, name="deft-ritual-entrypoint", daemon=True)
|
|
134
|
-
worker.start()
|
|
135
|
-
worker.join(timeout)
|
|
136
|
-
if worker.is_alive():
|
|
137
|
-
# A hung worker may still hold the process-global stdout/stderr redirect;
|
|
138
|
-
# restore the real streams so the caller's fail-closed message survives.
|
|
139
|
-
sys.stdout, sys.stderr = real_stdout, real_stderr
|
|
140
|
-
label = getattr(main_func, "__name__", "entrypoint")
|
|
141
|
-
return ENTRYPOINT_TIMEOUT_EXIT_CODE, "", f"{label} timed out after {timeout:g}s"
|
|
142
|
-
return result.get("value", (2, "", "entrypoint produced no result"))
|
|
143
|
-
|
|
144
|
-
|
|
145
|
-
def _default_runner(args: list[str], cwd: Path) -> tuple[int, str, str]:
|
|
146
|
-
command, *argv = args
|
|
147
|
-
if command == "doctor":
|
|
148
|
-
import doctor # noqa: PLC0415
|
|
149
|
-
|
|
150
|
-
return _call_main(doctor.cmd_doctor, ["--project-root", str(cwd), *argv])
|
|
151
|
-
if command == "verify:cache-fresh":
|
|
152
|
-
import preflight_cache # noqa: PLC0415
|
|
153
|
-
|
|
154
|
-
return _call_main(
|
|
155
|
-
preflight_cache.main,
|
|
156
|
-
["--allow-missing-bootstrap", "--project-root", str(cwd), *argv],
|
|
157
|
-
)
|
|
158
|
-
return 2, "", f"unknown session ritual command: {command}"
|
|
159
|
-
|
|
160
|
-
|
|
161
|
-
def _step_passes(step: dict[str, Any] | None) -> bool:
|
|
162
|
-
if not isinstance(step, dict):
|
|
163
|
-
return False
|
|
164
|
-
if step.get("deferred_reason"):
|
|
165
|
-
return True
|
|
166
|
-
return step.get("ok") is True
|
|
167
|
-
|
|
168
|
-
|
|
169
|
-
def _failed_step_message(tier_name: str, step_name: str, step: object) -> str:
|
|
170
|
-
if step is None:
|
|
171
|
-
return (
|
|
172
|
-
f"session ritual {tier_name} step '{step_name}' is missing. "
|
|
173
|
-
f"Run `{format_framework_command(['session:start'])}` before implementation dispatch."
|
|
174
|
-
)
|
|
175
|
-
if isinstance(step, dict) and step.get("deferred_reason"):
|
|
176
|
-
return ""
|
|
177
|
-
message = step.get("message") if isinstance(step, dict) else None
|
|
178
|
-
suffix = f": {message}" if isinstance(message, str) and message else ""
|
|
179
|
-
return f"session ritual {tier_name} step '{step_name}' failed{suffix}"
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
def _run_gated_step(
|
|
183
|
-
project_root: Path,
|
|
184
|
-
payload: dict[str, Any],
|
|
185
|
-
step_name: str,
|
|
186
|
-
*,
|
|
187
|
-
runner: Runner,
|
|
188
|
-
now: datetime,
|
|
189
|
-
) -> str | None:
|
|
190
|
-
command = [*GATED_ENTRYPOINT_COMMANDS[step_name]]
|
|
191
|
-
code, stdout, stderr = runner(command, project_root)
|
|
192
|
-
message = stdout.strip() or stderr.strip() or f"{command[0]} exited {code}"
|
|
193
|
-
payload.setdefault("gated_steps", {})[step_name] = ritual_step(
|
|
194
|
-
ok=code == 0,
|
|
195
|
-
ts=now,
|
|
196
|
-
exit_code=code,
|
|
197
|
-
message=message,
|
|
198
|
-
command=command,
|
|
199
|
-
)
|
|
200
|
-
try:
|
|
201
|
-
write_ritual_state(project_root, payload)
|
|
202
|
-
except OSError as exc:
|
|
203
|
-
return f"could not write session ritual state after {step_name}: {exc}"
|
|
204
|
-
return None
|
|
205
|
-
|
|
206
|
-
|
|
207
|
-
def _evaluate_loaded_state(
|
|
208
|
-
project_root: Path,
|
|
209
|
-
state: RitualState,
|
|
210
|
-
*,
|
|
211
|
-
tier: str,
|
|
212
|
-
now: datetime,
|
|
213
|
-
) -> tuple[int, str]:
|
|
214
|
-
current_head, head_error = _git_head(project_root)
|
|
215
|
-
if current_head is None:
|
|
216
|
-
return 2, head_error or "could not resolve git HEAD"
|
|
217
|
-
current_worktree = _worktree_path(project_root)
|
|
218
|
-
if state.worktree_path != current_worktree:
|
|
219
|
-
return (
|
|
220
|
-
1,
|
|
221
|
-
"session ritual state belongs to a different worktree "
|
|
222
|
-
f"({state.worktree_path}); run `{format_framework_command(['session:start'])}` here.",
|
|
223
|
-
)
|
|
224
|
-
if state.git_head != current_head:
|
|
225
|
-
return (
|
|
226
|
-
1,
|
|
227
|
-
"session ritual state is stale because git HEAD changed. "
|
|
228
|
-
f"Run `{format_framework_command(['session:start'])}` again.",
|
|
229
|
-
)
|
|
230
|
-
staleness = resolve_session_ritual_staleness_hours(project_root)
|
|
231
|
-
if staleness.source == "default-on-error":
|
|
232
|
-
return 2, staleness.error or "session ritual staleness policy is invalid"
|
|
233
|
-
max_age = timedelta(hours=staleness.hours)
|
|
234
|
-
if now - state.started_at > max_age:
|
|
235
|
-
start_command = format_framework_command(["session:start"])
|
|
236
|
-
return (
|
|
237
|
-
1,
|
|
238
|
-
"session ritual state is stale "
|
|
239
|
-
f"(older than {staleness.hours}h). Run `{start_command}` again.",
|
|
240
|
-
)
|
|
241
|
-
for step_name in QUICK_STEPS:
|
|
242
|
-
step = state.quick_steps.get(step_name)
|
|
243
|
-
if not _step_passes(step):
|
|
244
|
-
return 1, _failed_step_message("quick", step_name, step)
|
|
245
|
-
if tier == "gated":
|
|
246
|
-
for step_name in GATED_STEPS:
|
|
247
|
-
step = state.gated_steps.get(step_name)
|
|
248
|
-
if not _step_passes(step):
|
|
249
|
-
return 1, _failed_step_message("gated", step_name, step)
|
|
250
|
-
return 0, f"OK session ritual {tier} tier is fresh."
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
def verify(
|
|
254
|
-
project_root: Path,
|
|
255
|
-
*,
|
|
256
|
-
tier: str = "quick",
|
|
257
|
-
now: datetime | None = None,
|
|
258
|
-
runner: Runner | None = None,
|
|
259
|
-
bypass: bool | None = None,
|
|
260
|
-
) -> VerifyResult:
|
|
261
|
-
"""Verify the session ritual state and optionally run gated steps."""
|
|
262
|
-
if tier not in {"quick", "gated"}:
|
|
263
|
-
return VerifyResult(
|
|
264
|
-
2,
|
|
265
|
-
f"tier must be 'quick' or 'gated', got {tier!r}",
|
|
266
|
-
tier,
|
|
267
|
-
ritual_state_path(project_root),
|
|
268
|
-
)
|
|
269
|
-
instant = now or _utc_now()
|
|
270
|
-
is_bypassed = _truthy(os.environ.get(ENV_SKIP)) if bypass is None else bypass
|
|
271
|
-
state_path = ritual_state_path(project_root)
|
|
272
|
-
missing_state_file = not state_path.is_file()
|
|
273
|
-
state, err = read_ritual_state(project_root)
|
|
274
|
-
if state is None:
|
|
275
|
-
code = 1 if missing_state_file else 2
|
|
276
|
-
start_command = format_framework_command(["session:start"])
|
|
277
|
-
message = (
|
|
278
|
-
f"{err}. Run `{start_command}` before implementation dispatch."
|
|
279
|
-
if code == 1
|
|
280
|
-
else err or "ritual state invalid"
|
|
281
|
-
)
|
|
282
|
-
if is_bypassed:
|
|
283
|
-
return VerifyResult(0, message, tier, state_path, True, code)
|
|
284
|
-
return VerifyResult(code, message, tier, state_path)
|
|
285
|
-
|
|
286
|
-
if tier == "gated" and not is_bypassed:
|
|
287
|
-
precheck_code, precheck_message = _evaluate_loaded_state(
|
|
288
|
-
project_root,
|
|
289
|
-
state,
|
|
290
|
-
tier="quick",
|
|
291
|
-
now=instant,
|
|
292
|
-
)
|
|
293
|
-
if precheck_code != 0:
|
|
294
|
-
return VerifyResult(precheck_code, precheck_message, tier, state_path)
|
|
295
|
-
|
|
296
|
-
payload = dict(state.raw)
|
|
297
|
-
gated = payload.setdefault("gated_steps", {})
|
|
298
|
-
run_cmd = runner or _default_runner
|
|
299
|
-
for step_name in GATED_STEPS:
|
|
300
|
-
step = gated.get(step_name)
|
|
301
|
-
if isinstance(step, dict) and step.get("deferred_reason"):
|
|
302
|
-
continue
|
|
303
|
-
if _step_passes(step):
|
|
304
|
-
continue
|
|
305
|
-
write_error = _run_gated_step(
|
|
306
|
-
project_root,
|
|
307
|
-
payload,
|
|
308
|
-
step_name,
|
|
309
|
-
runner=run_cmd,
|
|
310
|
-
now=instant,
|
|
311
|
-
)
|
|
312
|
-
if write_error is not None:
|
|
313
|
-
return VerifyResult(2, write_error, tier, state_path)
|
|
314
|
-
state, err = read_ritual_state(project_root)
|
|
315
|
-
if state is None:
|
|
316
|
-
code = 2
|
|
317
|
-
message = err or "ritual state invalid after gated update"
|
|
318
|
-
return VerifyResult(code, message, tier, state_path)
|
|
319
|
-
|
|
320
|
-
code, message = _evaluate_loaded_state(project_root, state, tier=tier, now=instant)
|
|
321
|
-
if is_bypassed:
|
|
322
|
-
return VerifyResult(0, message, tier, state_path, True, code if code else None)
|
|
323
|
-
return VerifyResult(code, message, tier, state_path)
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
def _emit_json(result: VerifyResult) -> str:
|
|
327
|
-
return json.dumps(
|
|
328
|
-
{
|
|
329
|
-
"ready": result.code == 0,
|
|
330
|
-
"exit_code": result.code,
|
|
331
|
-
"tier": result.tier,
|
|
332
|
-
"message": result.message,
|
|
333
|
-
"state_path": str(result.state_path),
|
|
334
|
-
"bypassed": result.bypassed,
|
|
335
|
-
"would_fail_code": result.would_fail_code,
|
|
336
|
-
},
|
|
337
|
-
sort_keys=True,
|
|
338
|
-
)
|
|
339
|
-
|
|
340
|
-
|
|
341
|
-
def _emit_bypass_warning(result: VerifyResult) -> None:
|
|
342
|
-
if result.bypassed and result.would_fail_code:
|
|
343
|
-
print(
|
|
344
|
-
f"[deft] WARNING: {ENV_SKIP}=1 bypassed a session ritual "
|
|
345
|
-
f"failure ({result.message})",
|
|
346
|
-
file=sys.stderr,
|
|
347
|
-
)
|
|
348
|
-
|
|
349
|
-
|
|
350
|
-
def _build_parser() -> argparse.ArgumentParser:
|
|
351
|
-
parser = argparse.ArgumentParser(
|
|
352
|
-
prog="verify_session_ritual.py",
|
|
353
|
-
description="Fail-closed session ritual verifier (#1348).",
|
|
354
|
-
)
|
|
355
|
-
parser.add_argument(
|
|
356
|
-
"--project-root",
|
|
357
|
-
default=".",
|
|
358
|
-
help="Project root containing .deft/ritual-state.json (default: cwd).",
|
|
359
|
-
)
|
|
360
|
-
parser.add_argument(
|
|
361
|
-
"--tier",
|
|
362
|
-
choices=("quick", "gated"),
|
|
363
|
-
default="quick",
|
|
364
|
-
help="Ritual tier to verify. Gated lazily runs doctor/cache checks.",
|
|
365
|
-
)
|
|
366
|
-
parser.add_argument("--json", action="store_true", dest="emit_json")
|
|
367
|
-
return parser
|
|
368
|
-
|
|
369
|
-
|
|
370
|
-
def main(argv: list[str] | None = None) -> int:
|
|
371
|
-
parser = _build_parser()
|
|
372
|
-
args = parser.parse_args(argv)
|
|
373
|
-
project_root = Path(args.project_root).resolve()
|
|
374
|
-
result = verify(project_root, tier=args.tier)
|
|
375
|
-
warning_needed = result.bypassed and result.would_fail_code is not None
|
|
376
|
-
if args.emit_json:
|
|
377
|
-
print(_emit_json(result))
|
|
378
|
-
elif result.code == 0:
|
|
379
|
-
if not warning_needed:
|
|
380
|
-
print(result.message)
|
|
381
|
-
else:
|
|
382
|
-
print(result.message, file=sys.stderr)
|
|
383
|
-
if warning_needed:
|
|
384
|
-
_emit_bypass_warning(result)
|
|
385
|
-
return result.code
|
|
386
|
-
|
|
387
|
-
|
|
388
|
-
if __name__ == "__main__":
|
|
389
|
-
sys.exit(main())
|