@hongmaple0820/scale-engine 0.23.0 → 0.24.0

package/dist/api/cli.js

@@ -9,10 +9,12 @@ import { registerAllFSMs, INITIAL_STATES } from '../artifact/fsmDefinitions.js';
 import { Gateway } from '../guardrails/Gateway.js';
 import { BruteRetryDetector, PrematureDoneDetector, BlameShiftDetector } from '../guardrails/detectors.js';
 import { DangerousCommandDetector, SecretLeakDetector, RoleGateDetector, ScopeCreepDetector, BUILT_IN_ROLES } from '../guardrails/advancedDetectors.js';
+import { auditDependencies } from '../guardrails/DependencyAuditor.js';
 import { SQLiteKnowledgeBase } from '../knowledge/SQLiteKnowledgeBase.js';
 import { ContextBuilder } from '../context/ContextBuilder.js';
 import { ProjectAnatomy } from '../context/ProjectAnatomy.js';
 import { buildContextPack, doctorContextBudget, scanContextBudget, writeContextBudgetReport, } from '../context/ContextBudget.js';
+import { resolvePromptCachePolicy } from '../routing/PromptCachePolicy.js';
 import { CerebrumManager } from '../knowledge/CerebrumManager.js';
 import { buildCodeGraphContext, createCodeGraphRoiReport, impactCodeGraph, inspectCodeIntelligence, queryCodeGraph, writeCodeIntelligenceConfig, } from '../codegraph/CodeIntelligence.js';
 import { WorkflowEvalStore, compareWorkflowEvalRuns, renderWorkflowEvalReport, runWorkflowEvalSuite, } from '../eval/WorkflowEval.js';
@@ -47,6 +49,7 @@ import { baselineEngineeringStandards, doctorEngineeringStandards, scanEngineeri
 import { doctorResourceAssets, scanResourceAssets, settleResourceAssets } from '../workflow/ResourceGovernance.js';
 import { analyzeContextGovernance, renderContextGrillPrompt, writeContextGovernanceTemplates, } from '../workflow/ContextGovernance.js';
 import { createDiagnosticLoop, renderDiagnosticLoopMarkdown, validateDiagnosticLoop, } from '../workflow/DiagnosticLoop.js';
+import { BackgroundHunter, HuntFindingStore } from '../workflow/autonomous/BackgroundHunter.js';
 import { createTddSlice, evaluateTddSlice, renderTddSliceMarkdown, } from '../workflow/TddLoop.js';
 import { nextWorkflowOpenTask, removeWorkflowOpenTask, toolEvidenceRunCompletesOpenTask } from '../workflow/WorkflowOpenTasks.js';
 import { TaskMetricsStore } from '../workflow/TaskMetricsStore.js';
@@ -1012,6 +1015,7 @@ const contextBudget = defineCommand({
         dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
         'max-always': { type: 'string', description: 'Maximum Always-loaded estimated tokens' },
         'max-task': { type: 'string', description: 'Maximum task context estimated tokens' },
+        provider: { type: 'string', default: 'generic', description: 'Model provider for prompt cache policy: anthropic, openai, or generic' },
         write: { type: 'boolean', default: false, description: 'Write .scale/context-budget.json' },
         json: { type: 'boolean', default: false },
     },
@@ -1024,9 +1028,13 @@ const contextBudget = defineCommand({
             maxAlwaysTokens: parsePositiveIntArg(args['max-always'], '--max-always'),
             maxTaskTokens: parsePositiveIntArg(args['max-task'], '--max-task'),
         });
+        const promptCache = resolvePromptCachePolicy({
+            provider: String(args.provider ?? 'generic'),
+            entries: report.entries,
+        });
         const path = isTruthyFlag(args.write) ? writeContextBudgetReport(report) : undefined;
         if (args.json) {
-            console.log(JSON.stringify({ ...report, path }, null, 2));
+            console.log(JSON.stringify({ ...report, promptCache, path }, null, 2));
             return;
         }
         console.log('SCALE Context Budget');
@@ -1036,6 +1044,9 @@ const contextBudget = defineCommand({
         for (const [category, summary] of Object.entries(report.summary.byCategory)) {
             console.log(`  ${category}: ${summary.tokens} tokens in ${summary.files} files`);
         }
+        console.log(`  Prompt cache provider: ${promptCache.provider}`);
+        console.log(`  Prompt cache strategy: ${promptCache.strategy}${promptCache.supported ? '' : ' (usage ledger only)'}`);
+        console.log(`  Cache eligible: ${promptCache.cacheEligibleTokens} tokens across ${promptCache.cacheEligiblePaths.length} paths`);
         for (const recommendation of report.recommendations)
             console.log(`  recommendation: ${recommendation}`);
         if (path)
@@ -1661,6 +1672,184 @@ const diagnose = defineCommand({
     subCommands: { plan: diagnosePlanCommand },
 });
 // ============================================================================
+// hunt command - readonly proactive governance scan
+// ============================================================================
+function createBackgroundHunter(args) {
+    return new BackgroundHunter({ projectDir: args.dir ? String(args.dir) : PROJECT_DIR });
+}
+const huntScanCommand = defineCommand({
+    meta: { name: 'scan', description: 'Run a readonly proactive governance scan' },
+    args: {
+        dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
+        changed: { type: 'boolean', default: false, description: 'Scan changed Git files only' },
+        'changed-files': { type: 'string', description: 'Comma or newline separated file list to scan' },
+        json: { type: 'boolean', default: false },
+    },
+    run({ args }) {
+        const report = createBackgroundHunter(args).scan({
+            changedFiles: resolveChangedFilesArg(args),
+        });
+        if (args.json) {
+            console.log(JSON.stringify(report, null, 2));
+            return;
+        }
+        printHuntReport(report);
+    },
+});
+const huntReportCommand = defineCommand({
+    meta: { name: 'report', description: 'Print open and ignored hunt findings' },
+    args: {
+        dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
+        changed: { type: 'boolean', default: false, description: 'Scan changed Git files only' },
+        'changed-files': { type: 'string', description: 'Comma or newline separated file list to scan' },
+        json: { type: 'boolean', default: false },
+    },
+    run({ args }) {
+        const report = createBackgroundHunter(args).scan({
+            changedFiles: resolveChangedFilesArg(args),
+        });
+        if (args.json) {
+            console.log(JSON.stringify(report, null, 2));
+            return;
+        }
+        printHuntReport(report);
+    },
+});
+const huntDiagnoseCommand = defineCommand({
+    meta: { name: 'diagnose', description: 'Create a diagnostic loop from a hunt finding' },
+    args: {
+        id: { type: 'positional', required: true, description: 'Hunt finding id' },
+        dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
+        changed: { type: 'boolean', default: false, description: 'Scan changed Git files only' },
+        'changed-files': { type: 'string', description: 'Comma or newline separated file list to scan' },
+        json: { type: 'boolean', default: false },
+    },
+    run({ args }) {
+        const report = createBackgroundHunter(args).scan({
+            changedFiles: resolveChangedFilesArg(args),
+        });
+        const finding = report.findings.find(item => item.id === String(args.id));
+        if (!finding) {
+            console.error(`Hunt finding not found: ${String(args.id)}`);
+            process.exitCode = 1;
+            return;
+        }
+        const loop = createDiagnosticLoop(finding.diagnosticInput);
+        const validation = validateDiagnosticLoop(loop);
+        if (args.json) {
+            console.log(JSON.stringify({ finding, loop, validation }, null, 2));
+            return;
+        }
+        console.log(renderDiagnosticLoopMarkdown(loop));
+        if (!validation.ready) {
+            console.log('\nBlockers:');
+            for (const blocker of validation.blockers)
+                console.log(`  - ${blocker}`);
+        }
+    },
+});
+const huntIgnoreCommand = defineCommand({
+    meta: { name: 'ignore', description: 'Ignore a stable hunt finding fingerprint' },
+    args: {
+        id: { type: 'positional', required: true, description: 'Hunt finding id' },
+        reason: { type: 'string', description: 'Why this finding is accepted or deferred' },
+        dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
+        changed: { type: 'boolean', default: false, description: 'Scan changed Git files only' },
+        'changed-files': { type: 'string', description: 'Comma or newline separated file list to scan' },
+        json: { type: 'boolean', default: false },
+    },
+    run({ args }) {
+        const projectDir = args.dir ? String(args.dir) : PROJECT_DIR;
+        const report = new BackgroundHunter({ projectDir }).scan({
+            changedFiles: resolveChangedFilesArg(args),
+        });
+        const finding = report.findings.find(item => item.id === String(args.id));
+        if (!finding) {
+            console.error(`Hunt finding not found: ${String(args.id)}`);
+            process.exitCode = 1;
+            return;
+        }
+        const ignored = new HuntFindingStore({ projectDir }).ignore({
+            id: finding.id,
+            fingerprint: finding.fingerprint,
+            reason: args.reason ? String(args.reason) : undefined,
+            ignoredAt: new Date().toISOString(),
+        });
+        if (args.json) {
+            console.log(JSON.stringify({ ignored }, null, 2));
+            return;
+        }
+        console.log(`Ignored hunt finding: ${ignored.id}`);
+        if (ignored.reason)
+            console.log(`  Reason: ${ignored.reason}`);
+    },
+});
+const hunt = defineCommand({
+    meta: { name: 'hunt', description: 'Readonly proactive governance scans' },
+    subCommands: {
+        scan: huntScanCommand,
+        report: huntReportCommand,
+        diagnose: huntDiagnoseCommand,
+        ignore: huntIgnoreCommand,
+    },
+});
+function printHuntReport(report) {
+    console.log('SCALE Hunt Report');
+    console.log(`  Project: ${report.projectDir}`);
+    console.log(`  Open findings: ${report.summary.open}`);
+    console.log(`  Ignored findings: ${report.summary.ignored}`);
+    console.log(`  Blocking findings: ${report.summary.blocking}`);
+    for (const finding of report.findings.slice(0, 20)) {
+        const line = finding.line ? `:${finding.line}` : '';
+        const status = finding.status === 'ignored' ? 'IGNORED' : finding.severity.toUpperCase();
+        console.log(`  [${status}] ${finding.id} ${finding.ruleId} ${finding.path ?? 'project'}${line}: ${finding.message}`);
+    }
+    if (report.findings.length > 20)
+        console.log(`  ... ${report.findings.length - 20} more finding(s)`);
+}
+// ============================================================================
+// dependency command - supply-chain security audit
+// ============================================================================
+const dependencyAuditCommand = defineCommand({
+    meta: { name: 'audit', description: 'Audit lockfile-scoped dependency supply-chain risk' },
+    args: {
+        dir: { type: 'string', default: PROJECT_DIR, description: 'Project directory' },
+        mode: { type: 'string', description: 'Audit mode: compatibility, strict, or offline' },
+        'changed-packages': { type: 'string', description: 'Comma-separated package names to audit instead of direct dependencies' },
+        json: { type: 'boolean', default: false },
+    },
+    run({ args }) {
+        const mode = args.mode === 'compatibility' || args.mode === 'strict' || args.mode === 'offline'
+            ? args.mode
+            : undefined;
+        const report = auditDependencies({
+            projectDir: args.dir ? String(args.dir) : PROJECT_DIR,
+            mode,
+            changedPackages: parseCommaList(args['changed-packages']),
+        });
+        if (args.json) {
+            console.log(JSON.stringify(report, null, 2));
+        }
+        else {
+            console.log(`SCALE Dependency Audit: ${report.ok ? 'OK' : 'FAILED'}`);
+            console.log(`  Packages audited: ${report.summary.packagesAudited}`);
+            console.log(`  Findings: ${report.summary.totalFindings}`);
+            console.log(`  Mode: ${report.mode}`);
+            for (const finding of report.findings.slice(0, 20)) {
+                console.log(`  [${finding.severity}] ${finding.ruleId} ${finding.packageName}${finding.version ? `@${finding.version}` : ''}: ${finding.message}`);
+            }
+            if (report.findings.length > 20)
+                console.log(`  ... ${report.findings.length - 20} more finding(s)`);
+        }
+        if (!report.ok)
+            process.exitCode = 1;
+    },
+});
+const dependency = defineCommand({
+    meta: { name: 'dependency', description: 'Supply-chain dependency governance' },
+    subCommands: { audit: dependencyAuditCommand },
+});
+// ============================================================================
 // tdd command - vertical slice RED/GREEN/REFACTOR loop
 // ============================================================================
 const tddSliceCommand = defineCommand({
@@ -5084,6 +5273,8 @@ const main = defineCommand({
         runtime,
         memory,
         diagnose,
+        hunt,
+        dependency,
         tdd,
         tool,
         tools: tool,