npm - @hone-ai/cli - Versions diffs - 1.7.1 → 1.8.1 - Mend

@hone-ai/cli 1.7.1 → 1.8.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/hone-cli.js CHANGED Viewed

@@ -4235,6 +4235,410 @@ program
     process.exit(results.failed + results.errors > 0 ? 1 : 0);
   });
+// ── HC-041: Run Story (Orchestrator) ─────────────────────────────────────────
+program
+  .command('run-story <storyId>')
+  .description('Run the SDLC pipeline for a story via the orchestrator')
+  .option('--mode <mode>', 'Execution mode: interactive or batch', 'interactive')
+  .option('--repo <name>', 'Repository name override (default: directory name)')
+  .option('--branch <name>', 'Git branch (default: current)')
+  .option('--status', 'Show status of the latest workflow run for this story')
+  .option('--kill', 'Kill the latest workflow run for this story')
+  .option('--approve <step>', 'Approve a paused gate (e.g., --approve step_0)')
+  .option('--format <fmt>', 'Output format: pretty or json', 'pretty')
+  .option('--poll-interval <s>', 'Poll interval in seconds', '5')
+  .action(async (storyIdOrRunId, opts) => {
+    const config = getConfig();
+    const client = api(config);
+    // Resolve: if it looks like a UUID, use as runId directly.
+    // Otherwise treat as storyId — will be used for POST /orchestrate body.
+    const isUuid = /^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$/i.test(storyIdOrRunId);
+    const storyId = isUuid ? null : storyIdOrRunId;
+    const runId = isUuid ? storyIdOrRunId : null;
+    // Status mode
+    if (opts.status) {
+      const statusId = runId || storyIdOrRunId;
+      try {
+        const { data } = await client.get(`/orchestrate/${statusId}`);
+        if (opts.format === 'json') { console.log(JSON.stringify(data, null, 2)); return; }
+        console.log('');
+        console.log(`Workflow: ${data.runId}`);
+        console.log(`Story:    ${data.storyId}`);
+        console.log(`Status:   ${data.status}`);
+        console.log(`Mode:     ${data.mode}`);
+        console.log(`Tokens:   ${(data.totalTokens || 0).toLocaleString()}`);
+        if (data.errorMessage) console.log(`Error:    ${data.errorMessage}`);
+        console.log('');
+        console.log('Steps:');
+        for (const s of (data.steps || [])) {
+          const icon = s.status === 'completed' ? '✓' : s.status === 'running' ? '⏳' : s.status === 'failed' ? '✗' : '⬜';
+          const gate = s.gateResult ? ` (${s.gateResult})` : '';
+          console.log(`  ${icon} ${s.stepKey}  (${s.agent})  ${s.status}${gate}`);
+        }
+        if (data.awaitingApproval) {
+          console.log('');
+          console.log(`Awaiting approval at ${data.currentStep}.`);
+          console.log(`Approve: hone run-story ${data.runId} --approve ${data.currentStep}`);
+        }
+        console.log('');
+      } catch (e) {
+        console.error(`Failed: ${e.response?.data?.error || e.message}`);
+        process.exit(1);
+      }
+      return;
+    }
+    // Kill mode
+    if (opts.kill) {
+      const killId = runId || storyIdOrRunId;
+      try {
+        const { data } = await client.post(`/orchestrate/${killId}/kill`, { reason: 'CLI kill' });
+        console.log(`Workflow ${data.runId} killed.`);
+      } catch (e) {
+        console.error(`Failed: ${e.response?.data?.error || e.message}`);
+        process.exit(1);
+      }
+      return;
+    }
+    // Approve mode
+    if (opts.approve) {
+      const approveId = runId || storyIdOrRunId;
+      try {
+        const { data } = await client.post(`/orchestrate/${approveId}/approve`, { stepKey: opts.approve });
+        console.log(`Gate ${opts.approve} approved. Workflow resuming.`);
+        console.log(`Poll: hone run-story ${approveId} --status`);
+      } catch (e) {
+        console.error(`Failed: ${e.response?.data?.error || e.message}`);
+        process.exit(1);
+      }
+      return;
+    }
+    // Start workflow (storyId required, runId not accepted for starting)
+    if (isUuid) {
+      console.error('Cannot start workflow with a runId. Use a story ID like HC-042.');
+      console.error('To check status: hone run-story <runId> --status');
+      process.exit(1);
+    }
+    const repoName = opts.repo || path.basename(process.cwd());
+    let branch = opts.branch;
+    if (!branch) {
+      try { branch = execSync('git symbolic-ref --short HEAD', { encoding: 'utf8' }).trim(); } catch { branch = null; }
+    }
+    try {
+      const { data } = await client.post('/orchestrate', {
+        storyId: storyIdOrRunId, repoName, branch, mode: opts.mode, config: {},
+      });
+      console.log('');
+      console.log(`Workflow started: ${data.runId}`);
+      console.log(`Mode: ${data.mode} | Story: ${data.storyId}`);
+      console.log(`Poll: ${data.pollUrl}`);
+      console.log('');
+      // Poll loop
+      const interval = parseInt(opts.pollInterval, 10) * 1000;
+      while (true) {
+        await new Promise(r => setTimeout(r, interval));
+        let status;
+        try {
+          const { data: pollData } = await client.get(`/orchestrate/${data.runId}`);
+          status = pollData;
+        } catch (e) {
+          console.error(`Poll error: ${e.message}`);
+          continue;
+        }
+        if (status.status === 'completed') {
+          console.log(`✓ Workflow completed! Total tokens: ${(status.totalTokens || 0).toLocaleString()}`);
+          process.exit(0);
+        }
+        if (status.status === 'failed' || status.status === 'killed') {
+          console.error(`✗ Workflow ${status.status}: ${status.errorMessage || 'unknown'}`);
+          process.exit(1);
+        }
+        if (status.status === 'paused' && status.awaitingApproval) {
+          const step = status.steps.find(s => s.stepKey === status.currentStep);
+          console.log(`⏳ Step ${status.currentStep} (${step?.agent || 'unknown'}) — awaiting approval`);
+          // Interactive prompt
+          if (process.stdin.isTTY) {
+            const readline = require('readline');
+            const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+            const answer = await new Promise(resolve => {
+              rl.question('  Approve? [y/n/kill] ', resolve);
+            });
+            rl.close();
+            if (answer.toLowerCase() === 'y' || answer.toLowerCase() === 'yes') {
+              try {
+                await client.post(`/orchestrate/${data.runId}/approve`, { stepKey: status.currentStep });
+                console.log('  Approved — workflow resuming...');
+              } catch (e) {
+                console.error(`  Approve failed: ${e.response?.data?.error || e.message}`);
+              }
+            } else if (answer.toLowerCase() === 'kill') {
+              try {
+                await client.post(`/orchestrate/${data.runId}/kill`, { reason: 'CLI kill' });
+                console.log('  Workflow killed.');
+                process.exit(0);
+              } catch (e) {
+                console.error(`  Kill failed: ${e.message}`);
+              }
+            } else {
+              console.log(`  Skipped. Resume later: hone run-story ${data.runId} --status`);
+              process.exit(0);
+            }
+          } else {
+            // Non-interactive (CI): exit with code 2 (paused, needs approval)
+            console.log(`  Non-interactive mode. Approve with: hone run-story ${data.runId} --approve ${status.currentStep}`);
+            process.exit(2);
+          }
+          continue;
+        }
+        // Still running
+        const currentStep = status.steps.find(s => s.status === 'running');
+        if (currentStep) {
+          process.stdout.write(`  Running: ${currentStep.stepKey} (${currentStep.agent})...\r`);
+        }
+      }
+    } catch (e) {
+      if (e.response?.status === 429) {
+        console.error(`Max concurrent workflows reached. ${e.response.data.error}`);
+      } else {
+        console.error(`Failed to start: ${e.response?.data?.error || e.message}`);
+      }
+      process.exit(1);
+    }
+  });
+// SIGINT handler for run-story
+process.on('SIGINT', () => {
+  console.log('\n\nWorkflow continues on the server.');
+  console.log('Resume: hone run-story <storyId> --status');
+  console.log('Kill:   hone run-story <storyId> --kill');
+  process.exit(0);
+});
+// ── Release Review (pre-deployment holistic review) ──────────────────────────
+program
+  .command('release-review')
+  .description('Holistic code review of all changed files before deployment (runs Opus)')
+  .option('--base <branch>', 'Base branch to diff against', 'main')
+  .option('--format <fmt>', 'Output format: pretty or json', 'pretty')
+  .option('--dry-run', 'Show what would be reviewed without calling the LLM', false)
+  .option('--max-files <n>', 'Max source files to include in review', '40')
+  .action(async (opts) => {
+    const { execSync } = require('child_process');
+    const fs = require('fs');
+    const repoRoot = process.cwd();
+    // 1. Get changed files
+    let changedFiles;
+    try {
+      const raw = execSync(`git diff --name-only origin/${opts.base}...HEAD`, { encoding: 'utf8', cwd: repoRoot });
+      changedFiles = raw.trim().split('\n').filter(Boolean);
+    } catch {
+      try {
+        const raw = execSync('git diff --name-only HEAD~10', { encoding: 'utf8', cwd: repoRoot });
+        changedFiles = raw.trim().split('\n').filter(Boolean);
+      } catch {
+        console.error('Could not determine changed files. Run from a git repo.');
+        process.exit(1);
+      }
+    }
+    if (changedFiles.length === 0) {
+      console.log('No changed files found. Nothing to review.');
+      process.exit(0);
+    }
+    // 2. Filter to source files
+    const sourceExts = ['.js', '.ts', '.py', '.go', '.java', '.rb', '.rs', '.sql', '.yml', '.yaml'];
+    const sourceFiles = changedFiles.filter(f =>
+      sourceExts.some(ext => f.endsWith(ext)) &&
+      !f.includes('node_modules') && !f.includes('.test.') && !f.includes('/test/')
+    );
+    const maxFiles = parseInt(opts.maxFiles, 10) || 40;
+    const filesToReview = sourceFiles.slice(0, maxFiles);
+    console.log('');
+    console.log('Hone AI — Production Review');
+    console.log('================================');
+    console.log(`Base: ${opts.base}`);
+    console.log(`Changed files: ${changedFiles.length} total, ${sourceFiles.length} source, ${filesToReview.length} to review`);
+    console.log('');
+    if (opts.dryRun) {
+      console.log('Source files that would be reviewed:');
+      for (const f of filesToReview) console.log(`  ${f}`);
+      if (sourceFiles.length > maxFiles) console.log(`  ... and ${sourceFiles.length - maxFiles} more (increase --max-files)`);
+      process.exit(0);
+    }
+    // 3. Check for API key
+    const apiKey = process.env.ANTHROPIC_API_KEY;
+    if (!apiKey) {
+      console.error('ANTHROPIC_API_KEY not set. Required for production review (Opus model).');
+      console.error('Set it: export ANTHROPIC_API_KEY=sk-ant-...');
+      process.exit(1);
+    }
+    // 4. Build the diff content (truncated per-file to stay within context)
+    let diffContent;
+    try {
+      diffContent = execSync(`git diff origin/${opts.base}...HEAD -- ${filesToReview.map(f => `'${f}'`).join(' ')}`, {
+        encoding: 'utf8', cwd: repoRoot, maxBuffer: 10 * 1024 * 1024,
+      });
+    } catch {
+      try {
+        diffContent = execSync('git diff HEAD~10', { encoding: 'utf8', cwd: repoRoot, maxBuffer: 10 * 1024 * 1024 });
+      } catch (e) {
+        console.error(`Could not generate diff: ${e.message}`);
+        process.exit(1);
+      }
+    }
+    // Truncate if over 100k chars (~25k tokens) to stay within budget
+    const MAX_DIFF_CHARS = 100000;
+    if (diffContent.length > MAX_DIFF_CHARS) {
+      diffContent = diffContent.slice(0, MAX_DIFF_CHARS) + '\n\n[... diff truncated at 100k chars ...]';
+    }
+    // 5. Build the prompt
+    const systemPrompt = [
+      '# Production Reviewer — Pre-Deployment Gate',
+      '',
+      'You are reviewing ALL changed files holistically before deployment.',
+      'Your job is to catch cross-file issues that per-story reviews miss.',
+      '',
+      '## Check each file for:',
+      '1. SQL injection (parameterized queries?)',
+      '2. Tenant isolation (org_id in every query?)',
+      '3. Error handling (unhandled promises?)',
+      '4. Race conditions (concurrent access?)',
+      '5. Resource leaks (connections released?)',
+      '6. Security (secrets exposed? auth correct?)',
+      '7. Logic bugs (null handling? type coercion?)',
+      '8. Dead code (built but never wired?)',
+      '9. Performance (N+1? unbounded? large payloads?)',
+      '',
+      '## Check cross-file interactions:',
+      '- Do modules wire together correctly?',
+      '- Is auth middleware in correct order?',
+      '- Are exported functions imported somewhere?',
+      '- Do CLI messages reference options that exist?',
+      '- Are DB constraints consistent with app validation?',
+      '',
+      '## Rate each finding: CRITICAL / HIGH / MEDIUM / LOW',
+      '- CRITICAL: tenant isolation breach, data leak, security bypass',
+      '- HIGH: race condition, dead safety code, UX broken',
+      '- MEDIUM: performance waste, missing validation, resource leak',
+      '- LOW: dead code, cosmetic',
+      '',
+      '## Output as JSON:',
+      '```json',
+      '{',
+      '  "findings": [{ "severity": "...", "file": "...", "line": N, "issue": "...", "recommendation": "..." }],',
+      '  "crossFileChecks": [{ "check": "...", "status": "ok|issue", "detail": "..." }],',
+      '  "summary": { "critical": N, "high": N, "medium": N, "low": N },',
+      '  "recommendation": "DEPLOY | FIX_FIRST | DO_NOT_DEPLOY"',
+      '}',
+      '```',
+    ].join('\n');
+    const userPrompt = [
+      `## Files changed (${filesToReview.length} source files):`,
+      filesToReview.map(f => `- ${f}`).join('\n'),
+      '',
+      '## Full diff:',
+      '```diff',
+      diffContent,
+      '```',
+      '',
+      'Review ALL files holistically. Return findings as JSON.',
+    ].join('\n');
+    console.log('Calling Anthropic API (claude-opus-4-20250514)...');
+    console.log('');
+    // 6. Call Anthropic Messages API
+    try {
+      const { data } = await axios.post('https://api.anthropic.com/v1/messages', {
+        model: 'claude-opus-4-20250514',
+        max_tokens: 8192,
+        system: systemPrompt,
+        messages: [{ role: 'user', content: userPrompt }],
+      }, {
+        headers: {
+          'x-api-key': apiKey,
+          'anthropic-version': '2023-06-01',
+          'content-type': 'application/json',
+        },
+        timeout: 120000,
+      });
+      const responseText = data.content?.[0]?.text || '';
+      // 7. Parse and display results
+      if (opts.format === 'json') {
+        // Try to extract JSON from response
+        const jsonMatch = responseText.match(/\{[\s\S]*\}/);
+        if (jsonMatch) {
+          try {
+            const parsed = JSON.parse(jsonMatch[0]);
+            console.log(JSON.stringify({
+              base: opts.base,
+              totalFiles: changedFiles.length,
+              sourceFiles: sourceFiles.length,
+              reviewedFiles: filesToReview.length,
+              model: 'claude-opus-4-20250514',
+              inputTokens: data.usage?.input_tokens || 0,
+              outputTokens: data.usage?.output_tokens || 0,
+              ...parsed,
+            }, null, 2));
+          } catch {
+            console.log(JSON.stringify({ raw: responseText }, null, 2));
+          }
+        } else {
+          console.log(JSON.stringify({ raw: responseText }, null, 2));
+        }
+      } else {
+        console.log(responseText);
+      }
+      // 8. Exit code based on findings
+      const hasCritical = responseText.includes('"CRITICAL"') || responseText.includes('"critical"');
+      const recommendation = responseText.includes('DO_NOT_DEPLOY');
+      if (hasCritical || recommendation) {
+        console.log('');
+        console.log('CRITICAL issues found. Fix before deploying.');
+        process.exit(1);
+      }
+    } catch (e) {
+      const status = e.response?.status;
+      const msg = e.response?.data?.error?.message || e.message;
+      if (status === 401) {
+        console.error('Invalid ANTHROPIC_API_KEY. Check your key and try again.');
+      } else if (status === 429) {
+        console.error('Rate limited by Anthropic API. Try again shortly.');
+      } else {
+        console.error(`Production review failed: ${msg}`);
+      }
+      process.exit(1);
+    }
+  });
 // ── CLI setup ─────────────────────────────────────────────────────────────────
 program
   .name('hone')

package/lib/eval-contracts.js CHANGED Viewed

@@ -56,6 +56,32 @@ const PIPELINE_CONTRACTS = [
     outputGate: 'step_3',
     metadataField: 'step_3.gate_result',
   },
+  {
+    agent: 'e2e-test-spec-writer',
+    step: '5a',
+    inputArtifact: 'step-4-implementation.md',
+    inputGate: 'step_4.gate_result',
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'Playwright', check: 'playwright', detail: 'generates Playwright specs' },
+      { text: 'data-testid', check: 'data_testid', detail: 'uses data-testid selectors' },
+    ],
+  },
+  {
+    agent: 'e2e-qa-spec-healer',
+    step: 'independent',
+    inputArtifact: null,
+    inputGate: null,
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'DIAGNOSIS', check: 'diagnosis', detail: 'provides diagnosis category' },
+      { text: 'Application bug', check: 'app_bug_handling', detail: 'handles application bugs (skip + file bug)' },
+    ],
+  },
   {
     agent: 'code-builder',
     step: 4,
@@ -106,6 +132,21 @@ const PIPELINE_CONTRACTS = [
       { text: 'test_strategy', check: 'test_strategy', detail: 'includes test_strategy in plan' },
     ],
   },
+  {
+    agent: 'release-reviewer',
+    step: 'independent',
+    inputArtifact: null,
+    inputGate: null,
+    outputArtifact: null,
+    outputGate: null,
+    metadataField: null,
+    extraChecks: [
+      { text: 'CRITICAL', check: 'severity_critical', detail: 'defines CRITICAL severity level' },
+      { text: 'cross-file', check: 'cross_file_review', detail: 'checks cross-file interactions' },
+      { text: 'tenant', check: 'tenant_isolation', detail: 'checks tenant isolation' },
+      { text: 'DEPLOY', check: 'deploy_recommendation', detail: 'provides deploy/no-deploy recommendation' },
+    ],
+  },
 ];
 /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@hone-ai/cli",
-  "version": "1.7.1",
+  "version": "1.8.1",
   "description": "Hone AI — Enterprise SDLC Pipeline CLI",
   "main": "hone-cli.js",
   "bin": {