@delegance/claude-autopilot 2.4.0 → 5.0.0-alpha.1

package/src/cli/hook.ts

@@ -1,9 +1,23 @@
 import * as fs from 'node:fs';
 import * as path from 'node:path';
 
-const HOOK_CONTENT = `#!/bin/sh
-# autopilot pre-push hook — runs impact-selected snapshots before push
-npx tsx scripts/autoregress.ts run
+export const GUARDRAIL_MARKER = '# guardrail-managed';
+
+const PRE_COMMIT_TEMPLATE = `#!/bin/sh
+${GUARDRAIL_MARKER}
+# guardrail pre-commit hook — runs static rules only (<1s, no LLM)
+# --files accepts comma-separated paths; quoting prevents shell word-splitting
+STAGED=$(git diff --cached --name-only --diff-filter=ACM | tr '\\n' ',')
+STAGED=\${STAGED%,}
+if [ -z "$STAGED" ]; then exit 0; fi
+npx guardrail run --static-only --files "$STAGED"
+`;
+
+const PRE_PUSH_TEMPLATE = `#!/bin/sh
+${GUARDRAIL_MARKER}
+# guardrail pre-push hook — full LLM review against upstream
+BASE=$(git rev-parse --abbrev-ref --symbolic-full-name @{u} 2>/dev/null || echo "HEAD~1")
+npx guardrail run --base "$BASE"
 `;
 
 function findGitDir(cwd: string): string | null {
@@ -26,9 +40,39 @@ function findGitDir(cwd: string): string | null {
   return null;
 }
 
+function isGuardrailHook(hookPath: string): boolean {
+  try {
+    return fs.readFileSync(hookPath, 'utf8').includes(GUARDRAIL_MARKER);
+  } catch {
+    return false;
+  }
+}
+
+function writeHook(hookPath: string, content: string, force: boolean): boolean {
+  if (fs.existsSync(hookPath) && !force && !isGuardrailHook(hookPath)) {
+    console.error(`[hook] hook already exists at ${hookPath} (not guardrail-managed)`);
+    console.error('       Use --force to overwrite.');
+    return false;
+  }
+  fs.mkdirSync(path.dirname(hookPath), { recursive: true });
+  fs.writeFileSync(hookPath, content, 'utf8');
+  fs.chmodSync(hookPath, 0o755);
+  return true;
+}
+
+function removeHook(hookPath: string): void {
+  if (!fs.existsSync(hookPath)) return;
+  if (isGuardrailHook(hookPath)) {
+    fs.rmSync(hookPath);
+    console.log(`[hook] removed ${hookPath}`);
+  } else {
+    console.log(`[hook] skipping ${hookPath} — not guardrail-managed`);
+  }
+}
+
 export async function runHook(
   sub: string,
-  options: { cwd?: string; force?: boolean; silent?: boolean } = {},
+  options: { cwd?: string; force?: boolean; silent?: boolean; preCommitOnly?: boolean; prePushOnly?: boolean } = {},
 ): Promise<number> {
   const cwd = options.cwd ?? process.cwd();
   const gitDir = findGitDir(cwd);
@@ -38,42 +82,43 @@ export async function runHook(
     return 1;
   }
 
-  const hookPath = path.join(gitDir, 'hooks', 'pre-push');
+  const hooksDir = path.join(gitDir, 'hooks');
+  const preCommitPath = path.join(hooksDir, 'pre-commit');
+  const prePushPath = path.join(hooksDir, 'pre-push');
+  const force = options.force ?? false;
 
   switch (sub) {
     case 'install': {
-      if (fs.existsSync(hookPath) && !options.force) {
-        console.error(`[hook] pre-push hook already exists at ${hookPath}`);
-        console.error('       Use --force to overwrite.');
-        return 1;
+      const installPreCommit = !options.prePushOnly;
+      const installPrePush = !options.preCommitOnly;
+      let ok = true;
+      if (installPreCommit) {
+        const written = writeHook(preCommitPath, PRE_COMMIT_TEMPLATE, force);
+        if (written) console.log(`[hook] installed pre-commit hook at ${preCommitPath}`);
+        else ok = false;
       }
-      fs.mkdirSync(path.dirname(hookPath), { recursive: true });
-      fs.writeFileSync(hookPath, HOOK_CONTENT, 'utf8');
-      fs.chmodSync(hookPath, 0o755);
-      console.log(`[hook] installed pre-push hook at ${hookPath}`);
-      return 0;
+      if (installPrePush) {
+        const written = writeHook(prePushPath, PRE_PUSH_TEMPLATE, force);
+        if (written) console.log(`[hook] installed pre-push hook at ${prePushPath}`);
+        else ok = false;
+      }
+      return ok ? 0 : 1;
     }
     case 'uninstall': {
-      if (!fs.existsSync(hookPath)) {
-        console.log('[hook] no pre-push hook installed');
-        return 0;
-      }
-      fs.rmSync(hookPath);
-      console.log(`[hook] removed ${hookPath}`);
+      removeHook(preCommitPath);
+      removeHook(prePushPath);
       return 0;
     }
     case 'status': {
-      if (fs.existsSync(hookPath)) {
-        console.log(`[hook] installed at ${hookPath}`);
-        console.log(fs.readFileSync(hookPath, 'utf8'));
-      } else {
-        console.log('[hook] not installed');
-      }
+      const pcInstalled = fs.existsSync(preCommitPath) && isGuardrailHook(preCommitPath);
+      const ppInstalled = fs.existsSync(prePushPath) && isGuardrailHook(prePushPath);
+      console.log(`[hook] pre-commit: ${pcInstalled ? 'installed (guardrail-managed)' : 'not installed'}`);
+      console.log(`[hook] pre-push:   ${ppInstalled ? 'installed (guardrail-managed)' : 'not installed'}`);
       return 0;
     }
     default:
       console.error(`[hook] unknown subcommand: ${sub}`);
-      console.error('Usage: autopilot hook <install|uninstall|status> [--force]');
+      console.error('Usage: guardrail hook <install|uninstall|status> [--force] [--pre-commit-only] [--pre-push-only]');
       return 1;
   }
 }

package/src/cli/ignore-helper.ts

@@ -0,0 +1,116 @@
+import * as fs from 'node:fs';
+import * as path from 'node:path';
+import * as readline from 'node:readline';
+import { loadCachedFindings } from '../core/persist/findings-cache.ts';
+import type { Finding } from '../core/findings/types.ts';
+
+const C = {
+  reset: '\x1b[0m', bold: '\x1b[1m', dim: '\x1b[2m',
+  green: '\x1b[32m', yellow: '\x1b[33m', red: '\x1b[31m',
+};
+const fmt = (c: keyof typeof C, t: string) => `${C[c]}${t}${C.reset}`;
+
+const IGNORE_FILE = '.guardrail-ignore';
+
+function readIgnoreFile(cwd: string): string {
+  const p = path.join(cwd, IGNORE_FILE);
+  return fs.existsSync(p) ? fs.readFileSync(p, 'utf8') : '';
+}
+
+function appendIgnoreRule(cwd: string, rule: string): void {
+  const p = path.join(cwd, IGNORE_FILE);
+  const existing = readIgnoreFile(cwd);
+  const separator = existing && !existing.endsWith('\n') ? '\n' : '';
+  fs.appendFileSync(p, `${separator}${rule}\n`, 'utf8');
+}
+
+function isAlreadyIgnored(existing: string, rule: string): boolean {
+  return existing.split('\n').some(l => l.trim() === rule);
+}
+
+function buildRule(finding: Finding, scope: 'path' | 'rule+path' | 'rule'): string {
+  if (scope === 'path') {
+    const dir = path.dirname(finding.file);
+    return dir === '.' ? finding.file : `${dir}/**`;
+  }
+  if (scope === 'rule') return `${finding.id} **`;
+  // rule+path: most specific
+  const dir = path.dirname(finding.file);
+  const glob = dir === '.' ? finding.file : `${dir}/**`;
+  return `${finding.id} ${glob}`;
+}
+
+async function prompt(question: string): Promise<string> {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+  return new Promise(resolve => {
+    rl.question(question, answer => { rl.close(); resolve(answer.trim()); });
+  });
+}
+
+export interface IgnoreCommandOptions {
+  cwd?: string;
+  all?: boolean;       // suppress all findings without prompting
+  dryRun?: boolean;
+}
+
+export async function runIgnore(options: IgnoreCommandOptions = {}): Promise<number> {
+  const cwd = options.cwd ?? process.cwd();
+  const findings = loadCachedFindings(cwd);
+
+  if (findings.length === 0) {
+    console.log(fmt('yellow', '[ignore] No cached findings — run `guardrail run` or `guardrail scan` first.'));
+    return 0;
+  }
+
+  const existing = readIgnoreFile(cwd);
+  let added = 0;
+
+  console.log(`\n${fmt('bold', '[guardrail ignore]')} ${findings.length} finding${findings.length !== 1 ? 's' : ''} to review\n`);
+
+  for (const [i, f] of findings.entries()) {
+    const sev = f.severity === 'critical' ? fmt('red', 'CRITICAL')
+              : f.severity === 'warning'  ? fmt('yellow', 'WARNING ')
+              : fmt('dim',   'NOTE    ');
+    const loc = f.file !== '<unspecified>' ? `${f.file}${f.line ? `:${f.line}` : ''}` : '<pipeline>';
+
+    console.log(`\n${fmt('bold', `${i + 1}/${findings.length}`)}  [${sev}] ${f.message}`);
+    console.log(fmt('dim', `     ${loc}  (rule: ${f.id})`));
+
+    let scope: string;
+    if (options.all) {
+      scope = 'r';  // rule+path
+    } else {
+      console.log(fmt('dim', '     [s] skip  [p] suppress path  [r] suppress rule+path  [R] suppress rule everywhere  [q] quit'));
+      scope = await prompt('     > ');
+    }
+
+    if (scope === 'q') break;
+    if (scope === 's' || scope === '') continue;
+
+    const ruleScope = scope === 'p' ? 'path' : scope === 'R' ? 'rule' : 'rule+path';
+    const rule = buildRule(f, ruleScope);
+
+    if (isAlreadyIgnored(existing, rule)) {
+      console.log(fmt('dim', `     (already in ${IGNORE_FILE}: ${rule})`));
+      continue;
+    }
+
+    if (options.dryRun) {
+      console.log(fmt('dim', `     (dry run) would add: ${rule}`));
+    } else {
+      appendIgnoreRule(cwd, rule);
+      console.log(fmt('green', `     + added: ${rule}`));
+    }
+    added++;
+  }
+
+  console.log('');
+  if (options.dryRun) {
+    console.log(fmt('yellow', `[ignore] Dry run — ${added} rule${added !== 1 ? 's' : ''} would be added to ${IGNORE_FILE}\n`));
+  } else if (added > 0) {
+    console.log(fmt('green', `[ignore] ${added} rule${added !== 1 ? 's' : ''} added to ${IGNORE_FILE}\n`));
+  } else {
+    console.log(fmt('dim', `[ignore] No rules added\n`));
+  }
+  return 0;
+}