@hegemonart/get-design-done 1.21.0 → 1.23.0

package/scripts/cli/gdd-events.mjs

@@ -0,0 +1,283 @@
+#!/usr/bin/env -S node --experimental-strip-types
+// scripts/cli/gdd-events.mjs — CLI transport for the event stream
+// (Plan 22-06).
+//
+// Subcommands:
+//   gdd-events tail [--follow] [--path=<p>]
+//     - dump events.jsonl to stdout, line-by-line
+//     - --follow re-polls every 250ms appending new content (no native
+//       inotify dep; portable across platforms)
+//
+//   gdd-events grep <filter> [--path=<p>]
+//     - filter language (space-separated terms, all AND'd):
+//         type=<exact-string>           — match `type` field
+//         payload.<dotted.path>=<value> — drill into payload by '.'-path
+//         !type=<exact-string>          — negate
+//         !payload.<path>=<value>       — negate
+//     - prints matching events to stdout as JSONL (compact)
+//
+//   gdd-events cat [--path=<p>]
+//     - alias for tail without --follow, but pretty-prints with a
+//       leading timestamp+type prefix per line
+//
+//   gdd-events list-types
+//     - prints the runtime KNOWN_EVENT_TYPES list (from Plan 22-01)
+//
+//   gdd-events serve [--port=<n>] [--token=<t>] [--tail=<file>]
+//     - WebSocket transport (Plan 22-07). Loaded lazily via
+//       probe-optional; helpful error if `ws` is not installed.
+//
+// Default --path is `.design/telemetry/events.jsonl` (relative to cwd).
+
+import { existsSync, statSync, openSync, readSync, closeSync } from 'node:fs';
+import { resolve, isAbsolute } from 'node:path';
+import { pathToFileURL } from 'node:url';
+import { argv, exit, stdout, stderr } from 'node:process';
+import { createRequire } from 'node:module';
+
+const require = createRequire(import.meta.url);
+
+const DEFAULT_PATH = '.design/telemetry/events.jsonl';
+
+function usage() {
+  stderr.write(
+    [
+      'gdd-events — Phase 22 event-stream CLI',
+      '',
+      'Usage:',
+      '  gdd-events tail [--follow] [--path=<p>]',
+      '  gdd-events grep <filter…> [--path=<p>]',
+      '  gdd-events cat [--path=<p>]',
+      '  gdd-events list-types',
+      '  gdd-events serve [--port=<n>] [--token=<t>] [--tail=<file>]',
+      '',
+      'Filter language (grep): type=<s>  payload.<dotted.path>=<s>  !type=<s>',
+      '',
+    ].join('\n'),
+  );
+}
+
+function parseArgs(args) {
+  const out = { _: [], flags: {} };
+  for (const a of args) {
+    if (a.startsWith('--')) {
+      const eq = a.indexOf('=');
+      if (eq === -1) {
+        out.flags[a.slice(2)] = true;
+      } else {
+        out.flags[a.slice(2, eq)] = a.slice(eq + 1);
+      }
+    } else {
+      out._.push(a);
+    }
+  }
+  return out;
+}
+
+function resolvePath(flagPath) {
+  const raw = flagPath || DEFAULT_PATH;
+  return isAbsolute(raw) ? raw : resolve(process.cwd(), raw);
+}
+
+/** Compile filter terms like "type=foo", "!payload.x=1" into a predicate. */
+export function compileFilter(terms) {
+  /** @type {Array<(ev: any) => boolean>} */
+  const checks = [];
+  for (const term of terms) {
+    let negate = false;
+    let body = term;
+    if (body.startsWith('!')) {
+      negate = true;
+      body = body.slice(1);
+    }
+    const eq = body.indexOf('=');
+    if (eq === -1) {
+      throw new Error(`gdd-events: bad filter term: ${term}`);
+    }
+    const key = body.slice(0, eq);
+    const want = body.slice(eq + 1);
+    /** @type {(ev: any) => boolean} */
+    let test;
+    if (key === 'type') {
+      test = (ev) => ev?.type === want;
+    } else if (key.startsWith('payload.')) {
+      const path = key.slice('payload.'.length).split('.');
+      test = (ev) => {
+        let cur = ev?.payload;
+        for (const part of path) {
+          if (cur == null || typeof cur !== 'object') return false;
+          cur = cur[part];
+        }
+        return String(cur) === want;
+      };
+    } else if (key === 'stage') {
+      test = (ev) => ev?.stage === want;
+    } else if (key === 'cycle') {
+      test = (ev) => ev?.cycle === want;
+    } else if (key === 'sessionId') {
+      test = (ev) => ev?.sessionId === want;
+    } else {
+      throw new Error(`gdd-events: unsupported filter key: ${key}`);
+    }
+    checks.push(negate ? (ev) => !test(ev) : test);
+  }
+  return (ev) => checks.every((c) => c(ev));
+}
+
+async function cmdTail(parsed) {
+  const path = resolvePath(parsed.flags.path);
+  const { readEvents } = await import('../lib/event-stream/reader.ts');
+  if (!parsed.flags.follow) {
+    for await (const ev of readEvents({ path })) {
+      stdout.write(JSON.stringify(ev) + '\n');
+    }
+    return 0;
+  }
+  // Follow mode: stream existing content, then poll for appends.
+  let offset = 0;
+  if (existsSync(path)) {
+    for await (const ev of readEvents({ path })) {
+      stdout.write(JSON.stringify(ev) + '\n');
+    }
+    offset = statSync(path).size;
+  }
+  // Poll loop. Reads new bytes since last offset, splits on \n, writes each.
+  let buf = '';
+  // eslint-disable-next-line no-constant-condition
+  while (true) {
+    await new Promise((r) => setTimeout(r, 250));
+    if (!existsSync(path)) continue;
+    const size = statSync(path).size;
+    if (size <= offset) continue;
+    const fd = openSync(path, 'r');
+    try {
+      const need = size - offset;
+      const chunk = Buffer.allocUnsafe(need);
+      const n = readSync(fd, chunk, 0, need, offset);
+      offset += n;
+      buf += chunk.subarray(0, n).toString('utf8');
+      const lines = buf.split('\n');
+      buf = lines.pop() || '';
+      for (const line of lines) {
+        if (line.trim() === '') continue;
+        stdout.write(line + '\n');
+      }
+    } finally {
+      closeSync(fd);
+    }
+  }
+}
+
+async function cmdGrep(parsed) {
+  const path = resolvePath(parsed.flags.path);
+  const terms = parsed._;
+  if (terms.length === 0) {
+    stderr.write('gdd-events grep: at least one filter term required\n');
+    return 2;
+  }
+  const predicate = compileFilter(terms);
+  const { readEvents } = await import('../lib/event-stream/reader.ts');
+  for await (const ev of readEvents({ path, predicate })) {
+    stdout.write(JSON.stringify(ev) + '\n');
+  }
+  return 0;
+}
+
+async function cmdCat(parsed) {
+  const path = resolvePath(parsed.flags.path);
+  const { readEvents } = await import('../lib/event-stream/reader.ts');
+  for await (const ev of readEvents({ path })) {
+    const ts = ev.timestamp ?? '?';
+    const tp = ev.type ?? '?';
+    stdout.write(`${ts}  ${tp.padEnd(28)}  ${JSON.stringify(ev.payload ?? {})}\n`);
+  }
+  return 0;
+}
+
+async function cmdListTypes() {
+  const { KNOWN_EVENT_TYPES } = await import('../lib/event-stream/types.ts');
+  for (const t of KNOWN_EVENT_TYPES) stdout.write(t + '\n');
+  return 0;
+}
+
+async function cmdServe(parsed) {
+  let mod;
+  try {
+    mod = require('../lib/transports/ws.cjs');
+  } catch (err) {
+    stderr.write(
+      'gdd-events serve: WebSocket transport requires the optional `ws` package.\n' +
+        '  install: npm i -D ws\n' +
+        `  ${err && err.message ? err.message : String(err)}\n`,
+    );
+    return 1;
+  }
+  const port = Number(parsed.flags.port) || 9595;
+  const token = parsed.flags.token || process.env.GDD_EVENTS_TOKEN;
+  if (!token) {
+    stderr.write('gdd-events serve: --token=<t> or GDD_EVENTS_TOKEN env required\n');
+    return 2;
+  }
+  const tailFrom = parsed.flags.tail
+    ? resolvePath(parsed.flags.tail)
+    : resolvePath(undefined);
+  // Bridge live bus → ws transport. The transport is CommonJS and cannot
+  // require .ts directly, so we import the bus here and pass subscribeAll
+  // as a callback factory.
+  const { subscribeAll } = await import('../lib/event-stream/index.ts');
+  const subscribe = (handler) => subscribeAll(handler);
+  const handle = await mod.startServer({ port, token, tailFrom, subscribe });
+  stderr.write(`gdd-events: WebSocket listening on :${port} (auth required)\n`);
+  // Keep the process alive until SIGINT/SIGTERM.
+  await new Promise((resolve) => {
+    const close = () => {
+      handle.close();
+      resolve();
+    };
+    process.once('SIGINT', close);
+    process.once('SIGTERM', close);
+  });
+  return 0;
+}
+
+async function main() {
+  const parsed = parseArgs(argv.slice(2));
+  const sub = parsed._.shift();
+  try {
+    switch (sub) {
+      case 'tail':
+        return await cmdTail(parsed);
+      case 'grep':
+        return await cmdGrep(parsed);
+      case 'cat':
+        return await cmdCat(parsed);
+      case 'list-types':
+        return await cmdListTypes();
+      case 'serve':
+        return await cmdServe(parsed);
+      case '-h':
+      case '--help':
+      case 'help':
+        usage();
+        return 0;
+      default:
+        usage();
+        return sub === undefined ? 0 : 2;
+    }
+  } catch (err) {
+    stderr.write(`gdd-events: ${err && err.message ? err.message : String(err)}\n`);
+    return 1;
+  }
+}
+
+// Compare module URL via pathToFileURL — Windows paths use backslashes
+// and need proper file:// URL canonicalisation; the simpler `file://${argv[1]}`
+// form drops to false on Windows and the CLI silently no-ops.
+const isCli = process.argv[1] !== undefined &&
+  import.meta.url === pathToFileURL(process.argv[1]).href;
+if (isCli) {
+  main().then((code) => exit(code), (err) => {
+    stderr.write(`gdd-events fatal: ${err}\n`);
+    exit(1);
+  });
+}

package/scripts/lib/audit-aggregator/index.cjs

@@ -0,0 +1,219 @@
+/**
+ * audit-aggregator/index.cjs — dedup + score + rank findings from N
+ * audit-agents (Plan 23-04).
+ *
+ * Replaces the prompt-only "trust the agent's score" pattern with a
+ * deterministic scoring + dedup function that downstream tooling
+ * (`/gdd:audit`, `/gdd:reflect`) can rely on.
+ *
+ * Dedup key: `${lowercased(normalizePath(file))}::${line ?? 0}::${rule_id}`.
+ * Survivor selection on collision:
+ *   1. higher confidence wins
+ *   2. tie → higher severity (P0 > P1 > P2 > P3)
+ *   3. tie → lexicographically earliest agent
+ *   4. tie → first-seen
+ *
+ * Score = severityWeight(severity) * confidence.
+ *
+ * No external deps. CommonJS to match the rest of scripts/lib/.
+ */
+
+'use strict';
+
+const SEVERITY_RANK = { P0: 4, P1: 3, P2: 2, P3: 1 };
+const DEFAULT_WEIGHTS = Object.freeze({ P0: 8, P1: 4, P2: 2, P3: 1 });
+
+/**
+ * @typedef {Object} Finding
+ * @property {string} file
+ * @property {number} [line]
+ * @property {string} rule_id
+ * @property {'P0'|'P1'|'P2'|'P3'} severity
+ * @property {string} summary
+ * @property {string} [evidence]
+ * @property {string} [agent]
+ * @property {number} [confidence]
+ * @property {string[]} [merged_from]
+ */
+
+/**
+ * @typedef {Object} AggregateResult
+ * @property {Finding[]} findings
+ * @property {Object<string, number>} byRule
+ * @property {Object<string, number>} bySeverity
+ * @property {Object<string, number>} byFile
+ * @property {number} total
+ * @property {number} duplicates
+ */
+
+/**
+ * @typedef {Object} AggregateOptions
+ * @property {number} [topN]
+ * @property {Object<string, number>} [severityWeights]
+ * @property {(a: Finding, b: Finding) => Finding} [merge]
+ */
+
+function normalizePath(p) {
+  return String(p).replace(/\\/g, '/').toLowerCase();
+}
+
+let _confidenceWarningEmitted = false;
+
+function clampConfidence(c) {
+  if (c === undefined || c === null) return 1;
+  if (typeof c !== 'number' || Number.isNaN(c)) return 1;
+  if (c < 0) {
+    if (!_confidenceWarningEmitted) {
+      process.emitWarning('audit-aggregator: confidence < 0 clamped to 0', 'AuditAggregator');
+      _confidenceWarningEmitted = true;
+    }
+    return 0;
+  }
+  if (c > 1) {
+    if (!_confidenceWarningEmitted) {
+      process.emitWarning('audit-aggregator: confidence > 1 clamped to 1', 'AuditAggregator');
+      _confidenceWarningEmitted = true;
+    }
+    return 1;
+  }
+  return c;
+}
+
+/**
+ * Compute score for a finding.
+ *
+ * @param {Finding} f
+ * @param {Object<string, number>} weights
+ * @returns {number}
+ */
+function score(f, weights) {
+  const w = (weights && weights[f.severity]) ?? DEFAULT_WEIGHTS[f.severity] ?? 0;
+  return w * clampConfidence(f.confidence);
+}
+
+function validateFinding(f, idx) {
+  if (!f || typeof f !== 'object') {
+    throw new TypeError(`audit-aggregator: input[${idx}] is not an object`);
+  }
+  if (typeof f.file !== 'string' || f.file.length === 0) {
+    throw new TypeError(`audit-aggregator: input[${idx}].file is required (non-empty string)`);
+  }
+  if (typeof f.rule_id !== 'string' || f.rule_id.length === 0) {
+    throw new TypeError(`audit-aggregator: input[${idx}].rule_id is required (non-empty string)`);
+  }
+  if (!(f.severity in SEVERITY_RANK)) {
+    throw new TypeError(
+      `audit-aggregator: input[${idx}].severity must be P0|P1|P2|P3 (got ${JSON.stringify(f.severity)})`,
+    );
+  }
+}
+
+function dedupKey(f) {
+  return `${normalizePath(f.file)}::${f.line ?? 0}::${f.rule_id}`;
+}
+
+function defaultMerge(a, b) {
+  // Higher confidence wins.
+  const ca = clampConfidence(a.confidence);
+  const cb = clampConfidence(b.confidence);
+  if (ca !== cb) return ca > cb ? a : b;
+  // Higher severity wins.
+  const ra = SEVERITY_RANK[a.severity];
+  const rb = SEVERITY_RANK[b.severity];
+  if (ra !== rb) return ra > rb ? a : b;
+  // Lexicographic agent.
+  const aa = a.agent ?? '';
+  const ab = b.agent ?? '';
+  if (aa !== ab) return aa < ab ? a : b;
+  // First-seen wins (a is by convention the existing entry).
+  return a;
+}
+
+/**
+ * Aggregate findings.
+ *
+ * @param {Finding[]} input
+ * @param {AggregateOptions} [opts]
+ * @returns {AggregateResult}
+ */
+function aggregate(input, opts = {}) {
+  if (!Array.isArray(input)) {
+    throw new TypeError('audit-aggregator: input must be an array');
+  }
+  // Reset the once-per-call warning flag so a second call can warn again.
+  _confidenceWarningEmitted = false;
+  const merge = typeof opts.merge === 'function' ? opts.merge : defaultMerge;
+  const weights = { ...DEFAULT_WEIGHTS, ...(opts.severityWeights || {}) };
+
+  /** @type {Map<string, Finding>} */
+  const byKey = new Map();
+  let duplicates = 0;
+  for (let i = 0; i < input.length; i++) {
+    validateFinding(input[i], i);
+    const f = { ...input[i] };
+    const key = dedupKey(f);
+    if (byKey.has(key)) {
+      duplicates += 1;
+      const existing = byKey.get(key);
+      const winner = merge(existing, f);
+      const loser = winner === existing ? f : existing;
+      const mergedFrom = new Set(winner.merged_from || []);
+      if (existing.agent && existing !== winner) mergedFrom.add(existing.agent);
+      if (loser.agent && loser !== winner) mergedFrom.add(loser.agent);
+      // Combine prior merged_from too.
+      for (const a of (loser.merged_from || [])) mergedFrom.add(a);
+      winner.merged_from = Array.from(mergedFrom);
+      byKey.set(key, winner);
+    } else {
+      byKey.set(key, f);
+    }
+  }
+
+  const findings = Array.from(byKey.values()).map((f) => ({ ...f, _score: score(f, weights) }));
+  findings.sort((a, b) => {
+    if (a._score !== b._score) return b._score - a._score;
+    const ra = SEVERITY_RANK[a.severity];
+    const rb = SEVERITY_RANK[b.severity];
+    if (ra !== rb) return rb - ra;
+    if (a.file !== b.file) return a.file < b.file ? -1 : 1;
+    return (a.line ?? 0) - (b.line ?? 0);
+  });
+  // Strip the internal _score field before returning.
+  for (const f of findings) delete f._score;
+
+  const truncated = typeof opts.topN === 'number' && opts.topN >= 0
+    ? findings.slice(0, opts.topN)
+    : findings;
+
+  /** @type {Record<string, number>} */
+  const byRule = {};
+  /** @type {Record<string, number>} */
+  const bySeverity = { P0: 0, P1: 0, P2: 0, P3: 0 };
+  /** @type {Record<string, number>} */
+  const byFile = {};
+  for (const f of truncated) {
+    byRule[f.rule_id] = (byRule[f.rule_id] ?? 0) + 1;
+    bySeverity[f.severity] += 1;
+    const k = normalizePath(f.file);
+    byFile[k] = (byFile[k] ?? 0) + 1;
+  }
+
+  return {
+    findings: truncated,
+    byRule,
+    bySeverity,
+    byFile,
+    total: truncated.length,
+    duplicates,
+  };
+}
+
+module.exports = {
+  aggregate,
+  score,
+  normalizePath,
+  dedupKey,
+  defaultMerge,
+  DEFAULT_WEIGHTS,
+  SEVERITY_RANK,
+};