@harness-engineering/graph 0.2.1 → 0.2.3

package/dist/index.js

@@ -36,6 +36,8 @@ __export(index_exports, {
   CodeIngestor: () => CodeIngestor,
   ConfluenceConnector: () => ConfluenceConnector,
   ContextQL: () => ContextQL,
+  DesignConstraintAdapter: () => DesignConstraintAdapter,
+  DesignIngestor: () => DesignIngestor,
   EDGE_TYPES: () => EDGE_TYPES,
   FusionLayer: () => FusionLayer,
   GitIngestor: () => GitIngestor,
@@ -96,7 +98,11 @@ var NODE_TYPES = [
   "layer",
   "pattern",
   "constraint",
-  "violation"
+  "violation",
+  // Design
+  "design_token",
+  "aesthetic_intent",
+  "design_constraint"
 ];
 var EDGE_TYPES = [
   // Code relationships
@@ -120,7 +126,12 @@ var EDGE_TYPES = [
   "failed_in",
   // Execution relationships (future)
   "executed_by",
-  "measured_by"
+  "measured_by",
+  // Design relationships
+  "uses_token",
+  "declares_intent",
+  "violates_design",
+  "platform_binding"
 ];
 var OBSERVABILITY_TYPES = /* @__PURE__ */ new Set(["span", "metric", "log"]);
 var CURRENT_SCHEMA_VERSION = 1;
@@ -189,6 +200,14 @@ async function loadGraph(dirPath) {
 }
 
 // src/store/GraphStore.ts
+var POISONED_KEYS = /* @__PURE__ */ new Set(["__proto__", "constructor", "prototype"]);
+function safeMerge(target, source) {
+  for (const key of Object.keys(source)) {
+    if (!POISONED_KEYS.has(key)) {
+      target[key] = source[key];
+    }
+  }
+}
 var GraphStore = class {
   db;
   nodes;
@@ -207,7 +226,7 @@ var GraphStore = class {
   addNode(node) {
     const existing = this.nodes.by("id", node.id);
     if (existing) {
-      Object.assign(existing, node);
+      safeMerge(existing, node);
       this.nodes.update(existing);
     } else {
       this.nodes.insert({ ...node });
@@ -251,7 +270,7 @@ var GraphStore = class {
     });
     if (existing) {
       if (edge.metadata) {
-        Object.assign(existing, edge);
+        safeMerge(existing, edge);
         this.edges.update(existing);
       }
       return;
@@ -531,7 +550,7 @@ var CodeIngestor = class {
     const fileContents = /* @__PURE__ */ new Map();
     for (const filePath of files) {
       try {
-        const relativePath = path.relative(rootDir, filePath);
+        const relativePath = path.relative(rootDir, filePath).replace(/\\/g, "/");
         const content = await fs.readFile(filePath, "utf-8");
         const stat2 = await fs.stat(filePath);
         const fileId = `file:${relativePath}`;
@@ -821,7 +840,7 @@ var CodeIngestor = class {
   }
   async resolveImportPath(fromFile, importPath, rootDir) {
     const fromDir = path.dirname(fromFile);
-    const resolved = path.normalize(path.join(fromDir, importPath));
+    const resolved = path.normalize(path.join(fromDir, importPath)).replace(/\\/g, "/");
     const extensions = [".ts", ".tsx", ".js", ".jsx"];
     for (const ext of extensions) {
       const candidate = resolved.replace(/\.js$/, "") + ext;
@@ -833,7 +852,7 @@ var CodeIngestor = class {
       }
     }
     for (const ext of extensions) {
-      const candidate = path.join(resolved, `index${ext}`);
+      const candidate = path.join(resolved, `index${ext}`).replace(/\\/g, "/");
       const fullPath = path.join(rootDir, candidate);
       try {
         await fs.access(fullPath);
@@ -1149,10 +1168,11 @@ var TopologicalLinker = class {
 // src/ingest/KnowledgeIngestor.ts
 var fs2 = __toESM(require("fs/promises"));
 var path3 = __toESM(require("path"));
+
+// src/ingest/ingestUtils.ts
 var crypto = __toESM(require("crypto"));
-var CODE_NODE_TYPES = ["file", "function", "class", "method", "interface", "variable"];
 function hash(text) {
-  return crypto.createHash("md5").update(text).digest("hex").slice(0, 8);
+  return crypto.createHash("sha256").update(text).digest("hex").slice(0, 8);
 }
 function mergeResults(...results) {
   return {
@@ -1167,6 +1187,9 @@ function mergeResults(...results) {
 function emptyResult(durationMs = 0) {
   return { nodesAdded: 0, nodesUpdated: 0, edgesAdded: 0, edgesUpdated: 0, errors: [], durationMs };
 }
+
+// src/ingest/KnowledgeIngestor.ts
+var CODE_NODE_TYPES = ["file", "function", "class", "method", "interface", "variable"];
 var KnowledgeIngestor = class {
   constructor(store) {
     this.store = store;
@@ -1358,6 +1381,22 @@ var KnowledgeIngestor = class {
 
 // src/ingest/connectors/ConnectorUtils.ts
 var CODE_NODE_TYPES2 = ["file", "function", "class", "method", "interface", "variable"];
+function sanitizeExternalText(text, maxLength = 2e3) {
+  let sanitized = text.replace(
+    /<\/?(?:system|instruction|prompt|role|context|tool_call|function_call|assistant|human|user)[^>]*>/gi,
+    ""
+  ).replace(/^#{1,3}\s*(?:system|instruction|prompt)\s*[:：]\s*/gim, "").replace(
+    /(?:ignore|disregard|forget)\s+(?:all\s+)?(?:previous|prior|above)\s+(?:instructions?|prompts?|context)/gi,
+    "[filtered]"
+  ).replace(
+    /you\s+are\s+now\s+(?:a\s+)?(?:helpful\s+)?(?:an?\s+)?(?:assistant|system|ai|bot|agent|tool)\b/gi,
+    "[filtered]"
+  );
+  if (sanitized.length > maxLength) {
+    sanitized = sanitized.slice(0, maxLength) + "\u2026";
+  }
+  return sanitized;
+}
 function linkToCode(store, content, sourceNodeId, edgeType, options) {
   let edgesCreated = 0;
   for (const type of CODE_NODE_TYPES2) {
@@ -1525,7 +1564,7 @@ var JiraConnector = class {
           store.addNode({
             id: nodeId,
             type: "issue",
-            name: issue.fields.summary,
+            name: sanitizeExternalText(issue.fields.summary, 500),
             metadata: {
               key: issue.key,
               status: issue.fields.status?.name,
@@ -1535,7 +1574,9 @@ var JiraConnector = class {
             }
           });
           nodesAdded++;
-          const searchText = [issue.fields.summary, issue.fields.description ?? ""].join(" ");
+          const searchText = sanitizeExternalText(
+            [issue.fields.summary, issue.fields.description ?? ""].join(" ")
+          );
           edgesAdded += linkToCode(store, searchText, nodeId, "applies_to");
         }
         startAt += maxResults;
@@ -1611,7 +1652,8 @@ var SlackConnector = class {
         }
         for (const message of data.messages) {
           const nodeId = `conversation:slack:${channel}:${message.ts}`;
-          const snippet = message.text.length > 100 ? message.text.slice(0, 100) : message.text;
+          const sanitizedText = sanitizeExternalText(message.text);
+          const snippet = sanitizedText.length > 100 ? sanitizedText.slice(0, 100) : sanitizedText;
           store.addNode({
             id: nodeId,
             type: "conversation",
@@ -1623,7 +1665,9 @@ var SlackConnector = class {
             }
           });
           nodesAdded++;
-          edgesAdded += linkToCode(store, message.text, nodeId, "references", { checkPaths: true });
+          edgesAdded += linkToCode(store, sanitizedText, nodeId, "references", {
+            checkPaths: true
+          });
         }
       } catch (err) {
         errors.push(
@@ -1686,7 +1730,7 @@ var ConfluenceConnector = class {
           store.addNode({
             id: nodeId,
             type: "document",
-            name: page.title,
+            name: sanitizeExternalText(page.title, 500),
             metadata: {
               source: "confluence",
               spaceKey,
@@ -1696,7 +1740,7 @@ var ConfluenceConnector = class {
             }
           });
           nodesAdded++;
-          const text = `${page.title} ${page.body?.storage?.value ?? ""}`;
+          const text = sanitizeExternalText(`${page.title} ${page.body?.storage?.value ?? ""}`);
           edgesAdded += linkToCode(store, text, nodeId, "documents");
         }
         nextUrl = data._links?.next ? `${baseUrl}${data._links.next}` : null;
@@ -1761,10 +1805,11 @@ var CIConnector = class {
       const data = await response.json();
       for (const run of data.workflow_runs) {
         const buildId = `build:${run.id}`;
+        const safeName = sanitizeExternalText(run.name, 200);
         store.addNode({
           id: buildId,
           type: "build",
-          name: `${run.name} #${run.id}`,
+          name: `${safeName} #${run.id}`,
           metadata: {
             source: "github-actions",
             status: run.status,
@@ -1786,7 +1831,7 @@ var CIConnector = class {
           store.addNode({
             id: testResultId,
             type: "test_result",
-            name: `Failed: ${run.name} #${run.id}`,
+            name: `Failed: ${safeName} #${run.id}`,
             metadata: {
               source: "github-actions",
               buildId: String(run.id),
@@ -2534,6 +2579,250 @@ var GraphConstraintAdapter = class {
   }
 };
 
+// src/ingest/DesignIngestor.ts
+var fs4 = __toESM(require("fs/promises"));
+var path5 = __toESM(require("path"));
+function isDTCGToken(obj) {
+  return typeof obj === "object" && obj !== null && "$value" in obj && "$type" in obj;
+}
+async function readFileOrNull(filePath) {
+  try {
+    return await fs4.readFile(filePath, "utf-8");
+  } catch {
+    return null;
+  }
+}
+function parseJsonOrError(content, filePath) {
+  try {
+    return { data: JSON.parse(content) };
+  } catch (err) {
+    return {
+      error: `Failed to parse ${filePath}: ${err instanceof Error ? err.message : String(err)}`
+    };
+  }
+}
+function walkDTCGTokens(store, obj, groupPath, topGroup, tokensPath) {
+  let count = 0;
+  for (const [key, value] of Object.entries(obj)) {
+    if (key.startsWith("$")) continue;
+    if (isDTCGToken(value)) {
+      const tokenPath = [...groupPath, key].join(".");
+      store.addNode({
+        id: `design_token:${tokenPath}`,
+        type: "design_token",
+        name: tokenPath,
+        path: tokensPath,
+        metadata: {
+          tokenType: value.$type,
+          value: value.$value,
+          group: topGroup || groupPath[0] || key,
+          ...value.$description ? { description: value.$description } : {}
+        }
+      });
+      count++;
+    } else if (typeof value === "object" && value !== null) {
+      count += walkDTCGTokens(
+        store,
+        value,
+        [...groupPath, key],
+        topGroup || key,
+        tokensPath
+      );
+    }
+  }
+  return count;
+}
+function parseAestheticDirection(content) {
+  const extract = (pattern) => {
+    const m = content.match(pattern);
+    return m ? m[1].trim() : void 0;
+  };
+  const result = {};
+  const style = extract(/\*\*Style:\*\*\s*(.+)/);
+  if (style !== void 0) result.style = style;
+  const tone = extract(/\*\*Tone:\*\*\s*(.+)/);
+  if (tone !== void 0) result.tone = tone;
+  const differentiator = extract(/\*\*Differentiator:\*\*\s*(.+)/);
+  if (differentiator !== void 0) result.differentiator = differentiator;
+  const strictness = extract(/^level:\s*(strict|standard|permissive)\s*$/m);
+  if (strictness !== void 0) result.strictness = strictness;
+  return result;
+}
+function parseAntiPatterns(content) {
+  const lines = content.split("\n");
+  const patterns = [];
+  let inSection = false;
+  for (const line of lines) {
+    if (/^##\s+Anti-Patterns/i.test(line)) {
+      inSection = true;
+      continue;
+    }
+    if (inSection && /^##\s+/.test(line)) {
+      break;
+    }
+    if (inSection) {
+      const bulletMatch = line.match(/^-\s+(.+)/);
+      if (bulletMatch) {
+        patterns.push(bulletMatch[1].trim());
+      }
+    }
+  }
+  return patterns;
+}
+var DesignIngestor = class {
+  constructor(store) {
+    this.store = store;
+  }
+  async ingestTokens(tokensPath) {
+    const start = Date.now();
+    const content = await readFileOrNull(tokensPath);
+    if (content === null) return emptyResult(Date.now() - start);
+    const parsed = parseJsonOrError(content, tokensPath);
+    if ("error" in parsed) {
+      return { ...emptyResult(Date.now() - start), errors: [parsed.error] };
+    }
+    const nodesAdded = walkDTCGTokens(this.store, parsed.data, [], "", tokensPath);
+    return {
+      nodesAdded,
+      nodesUpdated: 0,
+      edgesAdded: 0,
+      edgesUpdated: 0,
+      errors: [],
+      durationMs: Date.now() - start
+    };
+  }
+  async ingestDesignIntent(designPath) {
+    const start = Date.now();
+    const content = await readFileOrNull(designPath);
+    if (content === null) return emptyResult(Date.now() - start);
+    let nodesAdded = 0;
+    const direction = parseAestheticDirection(content);
+    const metadata = {};
+    if (direction.style) metadata.style = direction.style;
+    if (direction.tone) metadata.tone = direction.tone;
+    if (direction.differentiator) metadata.differentiator = direction.differentiator;
+    if (direction.strictness) metadata.strictness = direction.strictness;
+    this.store.addNode({
+      id: "aesthetic_intent:project",
+      type: "aesthetic_intent",
+      name: "project",
+      path: designPath,
+      metadata
+    });
+    nodesAdded++;
+    for (const text of parseAntiPatterns(content)) {
+      this.store.addNode({
+        id: `design_constraint:${hash(text)}`,
+        type: "design_constraint",
+        name: text,
+        path: designPath,
+        metadata: { rule: text, severity: "warn", scope: "project" }
+      });
+      nodesAdded++;
+    }
+    return {
+      nodesAdded,
+      nodesUpdated: 0,
+      edgesAdded: 0,
+      edgesUpdated: 0,
+      errors: [],
+      durationMs: Date.now() - start
+    };
+  }
+  async ingestAll(designDir) {
+    const start = Date.now();
+    const [tokensResult, intentResult] = await Promise.all([
+      this.ingestTokens(path5.join(designDir, "tokens.json")),
+      this.ingestDesignIntent(path5.join(designDir, "DESIGN.md"))
+    ]);
+    const merged = mergeResults(tokensResult, intentResult);
+    return { ...merged, durationMs: Date.now() - start };
+  }
+};
+
+// src/constraints/DesignConstraintAdapter.ts
+var DesignConstraintAdapter = class {
+  constructor(store) {
+    this.store = store;
+  }
+  checkForHardcodedColors(source, file, strictness) {
+    const severity = this.mapSeverity(strictness);
+    const tokenNodes = this.store.findNodes({ type: "design_token" });
+    const colorValues = /* @__PURE__ */ new Set();
+    for (const node of tokenNodes) {
+      if (node.metadata.tokenType === "color" && typeof node.metadata.value === "string") {
+        colorValues.add(node.metadata.value.toLowerCase());
+      }
+    }
+    const hexPattern = /#[0-9a-fA-F]{3,8}\b/g;
+    const violations = [];
+    let match;
+    while ((match = hexPattern.exec(source)) !== null) {
+      const hexValue = match[0];
+      if (!colorValues.has(hexValue.toLowerCase())) {
+        violations.push({
+          code: "DESIGN-001",
+          file,
+          message: `Hardcoded color ${hexValue} is not in the design token set`,
+          severity,
+          value: hexValue
+        });
+      }
+    }
+    return violations;
+  }
+  checkForHardcodedFonts(source, file, strictness) {
+    const severity = this.mapSeverity(strictness);
+    const tokenNodes = this.store.findNodes({ type: "design_token" });
+    const fontFamilies = /* @__PURE__ */ new Set();
+    for (const node of tokenNodes) {
+      if (node.metadata.tokenType === "typography") {
+        const value = node.metadata.value;
+        if (typeof value === "object" && value !== null && "fontFamily" in value) {
+          fontFamilies.add(value.fontFamily.toLowerCase());
+        }
+      }
+    }
+    const fontPatterns = [/fontFamily:\s*['"]([^'"]+)['"]/g, /font-family:\s*['"]([^'"]+)['"]/g];
+    const violations = [];
+    const seen = /* @__PURE__ */ new Set();
+    for (const pattern of fontPatterns) {
+      let match;
+      while ((match = pattern.exec(source)) !== null) {
+        const fontName = match[1];
+        if (seen.has(fontName.toLowerCase())) continue;
+        seen.add(fontName.toLowerCase());
+        if (!fontFamilies.has(fontName.toLowerCase())) {
+          violations.push({
+            code: "DESIGN-002",
+            file,
+            message: `Hardcoded font family "${fontName}" is not in the design token set`,
+            severity,
+            value: fontName
+          });
+        }
+      }
+    }
+    return violations;
+  }
+  checkAll(source, file, strictness) {
+    return [
+      ...this.checkForHardcodedColors(source, file, strictness),
+      ...this.checkForHardcodedFonts(source, file, strictness)
+    ];
+  }
+  mapSeverity(strictness = "standard") {
+    switch (strictness) {
+      case "permissive":
+        return "info";
+      case "standard":
+        return "warn";
+      case "strict":
+        return "error";
+    }
+  }
+};
+
 // src/feedback/GraphFeedbackAdapter.ts
 var GraphFeedbackAdapter = class {
   constructor(store) {
@@ -2615,6 +2904,8 @@ var VERSION = "0.2.0";
   CodeIngestor,
   ConfluenceConnector,
   ContextQL,
+  DesignConstraintAdapter,
+  DesignIngestor,
   EDGE_TYPES,
   FusionLayer,
   GitIngestor,