@hongmaple0820/scale-engine 0.40.2 → 0.43.0

package/dist/workflow/gates/EnhancedGates.js

@@ -0,0 +1,653 @@
+// SCALE Engine — Enhanced Gates (G16-G22)
+// Commit Discipline, Doc Hygiene, Runtime Evidence, Code Review, Supply Chain, Context Budget, Session Health
+import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
+import { join } from 'node:path';
+import { execSync } from 'node:child_process';
+function createEvidence(input) {
+    return {
+        id: `EVID-${Date.now()}-${Math.random().toString(36).slice(2, 8)}`,
+        ...input,
+    };
+}
+function textEvidence(items) {
+    return items.map(item => `${item.label}: ${item.detail}`).join('\n');
+}
+function gitCommand(cmd, cwd) {
+    try {
+        return execSync(`git ${cmd}`, { encoding: 'utf-8', stdio: 'pipe', cwd: cwd ?? process.cwd() }).trim();
+    }
+    catch {
+        return '';
+    }
+}
+// ============================================================================
+// G16: Commit Discipline — 提交纪律门禁
+// ============================================================================
+export class CommitDisciplineGate {
+    constructor(options = {}) {
+        this.stage = 'G16';
+        this.name = 'Commit Discipline';
+        this.description = 'Uncommitted changes must be within thresholds; no large files staged';
+        this.requiredLevel = 'M';
+        this.warnThreshold = options.warnThreshold ?? 10;
+        this.blockThreshold = options.blockThreshold ?? 25;
+        this.staleWarnMinutes = options.staleWarnMinutes ?? 60;
+        this.staleBlockMinutes = options.staleBlockMinutes ?? 180;
+        this.maxStagedFileBytes = options.maxStagedFileBytes ?? 1_000_000;
+    }
+    async execute() {
+        const blockers = [];
+        const evidenceItems = [];
+        const cwd = process.cwd();
+        // Check 1: Uncommitted file count
+        const statusOutput = gitCommand('status --porcelain', cwd);
+        const uncommittedFiles = statusOutput ? statusOutput.split('\n').filter(l => l.trim()) : [];
+        const uncommittedCount = uncommittedFiles.length;
+        const countPassed = uncommittedCount < this.blockThreshold;
+        if (uncommittedCount >= this.blockThreshold) {
+            blockers.push(`Uncommitted files (${uncommittedCount}) >= block threshold (${this.blockThreshold})`);
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'Uncommitted file count',
+            passed: countPassed,
+            detail: `${uncommittedFiles.length} uncommitted file(s) (warn=${this.warnThreshold}, block=${this.blockThreshold})`,
+        }));
+        // Check 2: Time since last commit
+        const lastCommitTime = gitCommand('log -1 --format=%ct', cwd);
+        if (lastCommitTime) {
+            const elapsed = (Date.now() / 1000) - parseInt(lastCommitTime, 10);
+            const elapsedMinutes = Math.floor(elapsed / 60);
+            const stalePassed = elapsedMinutes < this.staleBlockMinutes;
+            if (elapsedMinutes >= this.staleBlockMinutes) {
+                blockers.push(`Last commit was ${elapsedMinutes}min ago >= block threshold (${this.staleBlockMinutes}min)`);
+            }
+            evidenceItems.push(createEvidence({
+                kind: 'command',
+                label: 'Time since last commit',
+                passed: stalePassed,
+                detail: `${elapsedMinutes} minutes since last commit (warn=${this.staleWarnMinutes}, block=${this.staleBlockMinutes})`,
+            }));
+        }
+        // Check 3: Large staged files
+        const stagedOutput = gitCommand('diff --cached --name-only', cwd);
+        const stagedFiles = stagedOutput ? stagedOutput.split('\n').filter(Boolean) : [];
+        const largeFiles = [];
+        for (const file of stagedFiles) {
+            try {
+                const fullPath = join(cwd, file);
+                if (existsSync(fullPath)) {
+                    const stat = statSync(fullPath);
+                    if (stat.size > this.maxStagedFileBytes) {
+                        largeFiles.push(`${file} (${(stat.size / 1024).toFixed(0)}KB)`);
+                    }
+                }
+            }
+            catch {
+                // Skip files that can't be stat'd
+            }
+        }
+        const largePassed = largeFiles.length === 0;
+        if (!largePassed) {
+            blockers.push(`Large staged files detected: ${largeFiles.join(', ')}`);
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'Large staged files',
+            passed: largePassed,
+            detail: largePassed ? 'No large staged files' : `Large files: ${largeFiles.join(', ')}`,
+        }));
+        // Check 4: git diff --check (whitespace errors)
+        const diffCheck = gitCommand('diff --check', cwd);
+        const diffCheckPassed = !diffCheck;
+        if (!diffCheckPassed) {
+            blockers.push('git diff --check found whitespace errors');
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'Whitespace check',
+            passed: diffCheckPassed,
+            detail: diffCheckPassed ? 'No whitespace errors' : `Whitespace errors: ${diffCheck.slice(0, 200)}`,
+        }));
+        const passed = blockers.length === 0;
+        return {
+            gate: this.stage,
+            status: passed ? 'PASSED' : 'FAILED',
+            passed,
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers,
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G17: Documentation Hygiene — 文档卫生门禁
+// ============================================================================
+export class DocumentationHygieneGate {
+    constructor() {
+        this.stage = 'G17';
+        this.name = 'Documentation Hygiene';
+        this.description = 'Changed docs must have valid internal links and up-to-date references';
+        this.requiredLevel = 'M';
+    }
+    async execute() {
+        const blockers = [];
+        const evidenceItems = [];
+        const cwd = process.cwd();
+        // Check 1: Find changed markdown files
+        const changedMd = gitCommand('diff --name-only HEAD -- "*.md"', cwd);
+        const mdFiles = changedMd ? changedMd.split('\n').filter(f => f.endsWith('.md')) : [];
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'Changed markdown files',
+            passed: true,
+            detail: mdFiles.length > 0 ? `${mdFiles.length} markdown file(s) changed` : 'No markdown files changed',
+        }));
+        if (mdFiles.length === 0) {
+            return {
+                gate: this.stage,
+                status: 'PASSED',
+                passed: true,
+                evidence: textEvidence(evidenceItems),
+                evidenceItems,
+                blockers: [],
+                durationMs: 0,
+            };
+        }
+        // Check 2: Internal link validation for changed files
+        const brokenLinks = [];
+        for (const file of mdFiles) {
+            const fullPath = join(cwd, file);
+            if (!existsSync(fullPath))
+                continue;
+            try {
+                const content = readFileSync(fullPath, 'utf-8');
+                const linkPattern = /\[([^\]]*)\]\(([^)]+)\)/g;
+                let match;
+                while ((match = linkPattern.exec(content)) !== null) {
+                    const linkTarget = match[2];
+                    if (linkTarget.startsWith('http') || linkTarget.startsWith('#') || linkTarget.startsWith('mailto:'))
+                        continue;
+                    const [linkPath] = linkTarget.split('#');
+                    if (!linkPath)
+                        continue;
+                    const resolvedTarget = join(cwd, require('path').dirname(file), linkPath);
+                    if (!existsSync(resolvedTarget)) {
+                        brokenLinks.push(`${file}: [${match[1]}](${linkTarget})`);
+                    }
+                }
+            }
+            catch {
+                // Skip unreadable files
+            }
+        }
+        const linksPassed = brokenLinks.length === 0;
+        if (!linksPassed) {
+            // Broken links are warnings, not blockers for M level
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Internal link check',
+                passed: false,
+                detail: `Broken links: ${brokenLinks.slice(0, 5).join('; ')}${brokenLinks.length > 5 ? ` (+${brokenLinks.length - 5} more)` : ''}`,
+            }));
+        }
+        else {
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Internal link check',
+                passed: true,
+                detail: 'All internal links valid',
+            }));
+        }
+        // Check 3: Version reference freshness
+        const versionRefs = [];
+        for (const file of mdFiles) {
+            const fullPath = join(cwd, file);
+            if (!existsSync(fullPath))
+                continue;
+            try {
+                const content = readFileSync(fullPath, 'utf-8');
+                const outdatedVersionPattern = /v0\.(3[0-5])\.\d+/g;
+                let match;
+                while ((match = outdatedVersionPattern.exec(content)) !== null) {
+                    versionRefs.push(`${file}: references ${match[0]}`);
+                }
+            }
+            catch {
+                // Skip
+            }
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Version references',
+            passed: versionRefs.length === 0,
+            detail: versionRefs.length === 0 ? 'No outdated version references' : `Outdated: ${versionRefs.slice(0, 3).join('; ')}`,
+        }));
+        const passed = blockers.length === 0;
+        return {
+            gate: this.stage,
+            status: passed ? 'PASSED' : 'FAILED',
+            passed,
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers,
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G18: Runtime Evidence — 运行时证据门禁
+// ============================================================================
+export class RuntimeEvidenceGate {
+    constructor(scaleDir = '.scale') {
+        this.scaleDir = scaleDir;
+        this.stage = 'G18';
+        this.name = 'Runtime Evidence';
+        this.description = 'Task must have recorded runtime evidence with matching exit codes';
+        this.requiredLevel = 'M';
+    }
+    async execute() {
+        const blockers = [];
+        const evidenceItems = [];
+        // Check 1: Evidence directory exists
+        const evidenceDir = join(this.scaleDir, 'evidence');
+        if (!existsSync(evidenceDir)) {
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Evidence directory',
+                passed: false,
+                detail: 'No .scale/evidence/ directory found',
+            }));
+            blockers.push('No runtime evidence directory');
+            return {
+                gate: this.stage,
+                status: 'BLOCKED',
+                passed: false,
+                evidence: textEvidence(evidenceItems),
+                evidenceItems,
+                blockers,
+                durationMs: 0,
+            };
+        }
+        // Check 2: Recent evidence files exist
+        const evidenceFiles = readdirSync(evidenceDir).filter(f => f.endsWith('.json')).sort().reverse();
+        const recentEvidence = evidenceFiles.slice(0, 10);
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Evidence files',
+            passed: recentEvidence.length > 0,
+            detail: `${evidenceFiles.length} evidence file(s), ${recentEvidence.length} recent`,
+        }));
+        // Check 3: Evidence freshness (within 24h)
+        let freshEvidence = false;
+        if (recentEvidence.length > 0) {
+            try {
+                const latestPath = join(evidenceDir, recentEvidence[0]);
+                const latest = JSON.parse(readFileSync(latestPath, 'utf-8'));
+                const evidenceTime = new Date(latest.timestamp || latest.createdAt || 0).getTime();
+                const hoursSince = (Date.now() - evidenceTime) / (1000 * 60 * 60);
+                freshEvidence = hoursSince < 24;
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Evidence freshness',
+                    passed: freshEvidence,
+                    detail: freshEvidence
+                        ? `Latest evidence ${hoursSince.toFixed(1)}h ago (< 24h)`
+                        : `Latest evidence ${hoursSince.toFixed(1)}h ago (>= 24h, stale)`,
+                }));
+            }
+            catch {
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Evidence freshness',
+                    passed: false,
+                    detail: 'Could not parse latest evidence file',
+                }));
+            }
+        }
+        // Check 4: Passed evidence exists
+        let hasPassedEvidence = false;
+        for (const file of recentEvidence) {
+            try {
+                const content = JSON.parse(readFileSync(join(evidenceDir, file), 'utf-8'));
+                if (content.status === 'passed' || content.exitCode === 0) {
+                    hasPassedEvidence = true;
+                    break;
+                }
+            }
+            catch {
+                continue;
+            }
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Passed evidence',
+            passed: hasPassedEvidence,
+            detail: hasPassedEvidence ? 'At least one passed evidence record found' : 'No passed evidence records found',
+        }));
+        if (!hasPassedEvidence)
+            blockers.push('No passed runtime evidence found');
+        const passed = blockers.length === 0;
+        return {
+            gate: this.stage,
+            status: passed ? 'PASSED' : 'BLOCKED',
+            passed,
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers,
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G19: Code Review — 代码评审门禁
+// ============================================================================
+export class CodeReviewGate {
+    constructor(scaleDir = '.scale') {
+        this.scaleDir = scaleDir;
+        this.stage = 'G19';
+        this.name = 'Code Review';
+        this.description = 'L/CRITICAL tasks require reviewed changes with resolved findings';
+        this.requiredLevel = 'L';
+    }
+    async execute() {
+        const blockers = [];
+        const evidenceItems = [];
+        // Check 1: Review artifacts exist
+        const reviewDir = join(this.scaleDir, 'state');
+        let hasReview = false;
+        let reviewCount = 0;
+        let unresolvedFindings = 0;
+        if (existsSync(reviewDir)) {
+            const stateFiles = readdirSync(reviewDir).filter(f => f.startsWith('review-') && f.endsWith('.json'));
+            reviewCount = stateFiles.length;
+            hasReview = reviewCount > 0;
+            for (const file of stateFiles) {
+                try {
+                    const content = JSON.parse(readFileSync(join(reviewDir, file), 'utf-8'));
+                    const findings = content.findings ?? [];
+                    unresolvedFindings += findings.filter((f) => !f.resolved).length;
+                }
+                catch {
+                    continue;
+                }
+            }
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Review artifacts',
+            passed: hasReview,
+            detail: hasReview ? `${reviewCount} review file(s) found` : 'No review artifacts found',
+        }));
+        if (!hasReview) {
+            blockers.push('No code review artifacts found (required for L/CRITICAL)');
+        }
+        // Check 2: Unresolved findings
+        const findingsPassed = unresolvedFindings === 0;
+        if (!findingsPassed) {
+            blockers.push(`${unresolvedFindings} unresolved finding(s) in review`);
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Unresolved findings',
+            passed: findingsPassed,
+            detail: findingsPassed ? 'No unresolved findings' : `${unresolvedFindings} unresolved finding(s)`,
+        }));
+        const passed = blockers.length === 0;
+        return {
+            gate: this.stage,
+            status: passed ? 'PASSED' : 'BLOCKED',
+            passed,
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers,
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G20: Supply Chain — 供应链安全门禁
+// ============================================================================
+export class SupplyChainGate {
+    constructor() {
+        this.stage = 'G20';
+        this.name = 'Supply Chain';
+        this.description = 'No CRITICAL/HIGH vulnerabilities; lock file must be consistent';
+        this.requiredLevel = 'ALWAYS';
+    }
+    async execute() {
+        const blockers = [];
+        const evidenceItems = [];
+        const cwd = process.cwd();
+        // Check 1: npm audit
+        const auditOutput = gitCommand('npm audit --json 2>/dev/null || true', cwd);
+        let criticalCount = 0;
+        let highCount = 0;
+        try {
+            const audit = JSON.parse(auditOutput);
+            const vulnerabilities = audit.vulnerabilities ?? {};
+            for (const [, vuln] of Object.entries(vulnerabilities)) {
+                if (vuln.severity === 'critical')
+                    criticalCount++;
+                if (vuln.severity === 'high')
+                    highCount++;
+            }
+        }
+        catch {
+            // npm audit not available or not JSON
+        }
+        const auditPassed = criticalCount === 0 && highCount === 0;
+        if (!auditPassed) {
+            blockers.push(`npm audit: ${criticalCount} critical, ${highCount} high vulnerabilities`);
+        }
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'npm audit',
+            passed: auditPassed,
+            detail: auditPassed ? 'No CRITICAL/HIGH vulnerabilities' : `${criticalCount} critical, ${highCount} high`,
+        }));
+        // Check 2: Lock file consistency
+        const hasLockFile = existsSync(join(cwd, 'package-lock.json')) || existsSync(join(cwd, 'pnpm-lock.yaml')) || existsSync(join(cwd, 'bun.lock'));
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Lock file',
+            passed: hasLockFile,
+            detail: hasLockFile ? 'Lock file present' : 'No lock file found',
+        }));
+        // Check 3: package.json consistency (no phantom dependencies)
+        try {
+            const pkg = JSON.parse(readFileSync(join(cwd, 'package.json'), 'utf-8'));
+            const allDeps = {
+                ...(pkg.dependencies ?? {}),
+                ...(pkg.devDependencies ?? {}),
+            };
+            const depCount = Object.keys(allDeps).length;
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Dependency count',
+                passed: true,
+                detail: `${depCount} declared dependencies`,
+            }));
+        }
+        catch {
+            // No package.json
+        }
+        const passed = blockers.length === 0;
+        return {
+            gate: this.stage,
+            status: passed ? 'PASSED' : 'FAILED',
+            passed,
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers,
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G21: Context Budget — 上下文预算门禁
+// ============================================================================
+export class ContextBudgetGate {
+    constructor(scaleDir = '.scale') {
+        this.scaleDir = scaleDir;
+        this.stage = 'G21';
+        this.name = 'Context Budget';
+        this.description = 'Task context must be within token budget; no redundant loading';
+        this.requiredLevel = 'M';
+    }
+    async execute() {
+        const evidenceItems = [];
+        // Check 1: Context budget configuration
+        const budgetPath = join(this.scaleDir, 'context-budget.json');
+        const hasBudget = existsSync(budgetPath);
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Context budget config',
+            passed: hasBudget,
+            detail: hasBudget ? 'Context budget configured' : 'No context budget configuration',
+        }));
+        // Check 2: Context budget report
+        const reportPath = join(this.scaleDir, 'context-budget-report.json');
+        if (existsSync(reportPath)) {
+            try {
+                const report = JSON.parse(readFileSync(reportPath, 'utf-8'));
+                const totalTokens = report.summary?.totalTokens ?? 0;
+                const maxTokens = report.thresholds?.maxAlwaysTokens ?? 10000;
+                const withinBudget = totalTokens <= maxTokens;
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Token budget',
+                    passed: withinBudget,
+                    detail: `${totalTokens} tokens used / ${maxTokens} max`,
+                }));
+            }
+            catch {
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Token budget',
+                    passed: false,
+                    detail: 'Could not parse context budget report',
+                }));
+            }
+        }
+        else {
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Token budget',
+                passed: true,
+                detail: 'No budget report (advisory only)',
+            }));
+        }
+        return {
+            gate: this.stage,
+            status: 'PASSED',
+            passed: true, // Advisory only, never blocks
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers: [],
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// G22: Session Health — 会话健康门禁
+// ============================================================================
+export class SessionHealthGate {
+    constructor() {
+        this.stage = 'G22';
+        this.name = 'Session Health';
+        this.description = 'No leaked worktrees; session state is consistent';
+        this.requiredLevel = 'M';
+    }
+    async execute() {
+        const evidenceItems = [];
+        const cwd = process.cwd();
+        // Check 1: Stale worktrees
+        const worktreeLocations = [
+            join(cwd, '.claude', 'worktrees'),
+            join(cwd, '.scale', 'worktrees'),
+            join(cwd, '.codex', 'worktrees'),
+        ];
+        let staleWorktrees = 0;
+        for (const dir of worktreeLocations) {
+            if (existsSync(dir)) {
+                try {
+                    const entries = readdirSync(dir);
+                    staleWorktrees += entries.length;
+                }
+                catch {
+                    // Skip
+                }
+            }
+        }
+        const worktreePassed = staleWorktrees === 0;
+        evidenceItems.push(createEvidence({
+            kind: 'file',
+            label: 'Stale worktrees',
+            passed: worktreePassed,
+            detail: worktreePassed ? 'No stale worktrees' : `${staleWorktrees} worktree(s) found in .claude/worktrees or .scale/worktrees`,
+        }));
+        // Check 2: Git worktree list
+        const gitWorktrees = gitCommand('worktree list --porcelain', cwd);
+        const worktreeCount = gitWorktrees ? gitWorktrees.split('\n').filter(l => l.startsWith('worktree ')).length : 0;
+        evidenceItems.push(createEvidence({
+            kind: 'command',
+            label: 'Git worktrees',
+            passed: worktreeCount <= 3,
+            detail: `${worktreeCount} git worktree(s)`,
+        }));
+        // Check 3: Session state file
+        const statePath = join(cwd, '.scale', 'state', 'current.json');
+        if (existsSync(statePath)) {
+            try {
+                const state = JSON.parse(readFileSync(statePath, 'utf-8'));
+                const hasOpenTasks = (state.openTasks ?? []).length > 0;
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Session state',
+                    passed: true,
+                    detail: `Task: ${state.taskId ?? 'none'}, Phase: ${state.phase ?? 'none'}, Open tasks: ${state.openTasks?.length ?? 0}`,
+                }));
+            }
+            catch {
+                evidenceItems.push(createEvidence({
+                    kind: 'file',
+                    label: 'Session state',
+                    passed: false,
+                    detail: 'Could not parse session state',
+                }));
+            }
+        }
+        else {
+            evidenceItems.push(createEvidence({
+                kind: 'file',
+                label: 'Session state',
+                passed: true,
+                detail: 'No active session state',
+            }));
+        }
+        return {
+            gate: this.stage,
+            status: 'PASSED',
+            passed: true, // Advisory only, never blocks
+            evidence: textEvidence(evidenceItems),
+            evidenceItems,
+            blockers: [],
+            durationMs: 0,
+        };
+    }
+}
+// ============================================================================
+// 注册所有增强门禁
+// ============================================================================
+export function registerEnhancedGates(gateSystem, scaleDir = '.scale') {
+    gateSystem.registerGate(new CommitDisciplineGate());
+    gateSystem.registerGate(new DocumentationHygieneGate());
+    gateSystem.registerGate(new RuntimeEvidenceGate(scaleDir));
+    gateSystem.registerGate(new CodeReviewGate(scaleDir));
+    gateSystem.registerGate(new SupplyChainGate());
+    gateSystem.registerGate(new ContextBudgetGate(scaleDir));
+    gateSystem.registerGate(new SessionHealthGate());
+}
+//# sourceMappingURL=EnhancedGates.js.map