@lamentis/naome 1.0.0

package/crates/naome-core/src/verification.rs

@@ -0,0 +1,217 @@
+use std::collections::HashSet;
+use std::fs;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+pub fn seed_builtin_verification_checks(root: &Path) -> Result<bool, NaomeError> {
+    let verification_path = root.join(".naome").join("verification.json");
+    let original_content = fs::read_to_string(&verification_path)?;
+    let mut verification: Value = serde_json::from_str(&original_content)?;
+
+    let Some(verification_object) = verification.as_object_mut() else {
+        return Err(NaomeError::new(
+            ".naome/verification.json must be a JSON object.",
+        ));
+    };
+
+    if !verification_object
+        .get("checks")
+        .is_some_and(serde_json::Value::is_array)
+    {
+        verification_object.insert("checks".to_string(), Value::Array(Vec::new()));
+    }
+
+    let mut existing_ids = verification_object
+        .get("checks")
+        .and_then(serde_json::Value::as_array)
+        .expect("checks must be an array after insertion")
+        .iter()
+        .filter_map(|check| check.get("id").and_then(serde_json::Value::as_str))
+        .map(ToString::to_string)
+        .collect::<HashSet<_>>();
+
+    let mut missing_checks = Vec::new();
+    for check in builtin_checks() {
+        if !existing_ids.contains(check.id) {
+            existing_ids.insert(check.id.to_string());
+            missing_checks.push(check);
+        }
+    }
+
+    if missing_checks.is_empty() {
+        return Ok(false);
+    }
+
+    let next_content = match append_checks_preserving_layout(&original_content, &missing_checks) {
+        Some(content) => content,
+        None => {
+            let checks = verification_object
+                .get_mut("checks")
+                .and_then(serde_json::Value::as_array_mut)
+                .expect("checks must be an array after insertion");
+            for check in &missing_checks {
+                checks.push(check.value());
+            }
+            serde_json::to_string_pretty(&verification).unwrap_or_else(|_| original_content.clone())
+        }
+    };
+
+    fs::write(verification_path, format!("{next_content}\n"))?;
+    Ok(true)
+}
+
+struct BuiltinCheck {
+    id: &'static str,
+    content: &'static str,
+}
+
+impl BuiltinCheck {
+    fn value(&self) -> Value {
+        serde_json::from_str(self.content).expect("built-in verification check must be valid JSON")
+    }
+}
+
+fn builtin_checks() -> Vec<BuiltinCheck> {
+    vec![
+        BuiltinCheck {
+            id: "diff-check",
+            content: r#"{
+  "id": "diff-check",
+  "command": "git diff --check",
+  "cwd": ".",
+  "purpose": "Reject whitespace errors in the current diff.",
+  "cost": "fast",
+  "source": "NAOME built-in",
+  "evidence": [],
+  "lastVerified": null
+}"#,
+        },
+        BuiltinCheck {
+            id: "naome-harness-health",
+            content: r#"{
+  "id": "naome-harness-health",
+  "command": "node .naome/bin/check-harness-health.js",
+  "cwd": ".",
+  "purpose": "Validate the installed NAOME harness before feature work or task completion.",
+  "cost": "fast",
+  "source": "NAOME built-in",
+  "evidence": [
+    ".naome/bin/check-harness-health.js"
+  ],
+  "lastVerified": null
+}"#,
+        },
+        BuiltinCheck {
+            id: "naome-task-state",
+            content: r#"{
+  "id": "naome-task-state",
+  "command": "node .naome/bin/check-task-state.js",
+  "cwd": ".",
+  "purpose": "Validate the NAOME task-state contract for the current repository.",
+  "cost": "fast",
+  "source": "NAOME built-in",
+  "evidence": [
+    ".naome/bin/check-task-state.js",
+    ".naome/task-contract.schema.json"
+  ],
+  "lastVerified": null
+}"#,
+        },
+    ]
+}
+
+fn append_checks_preserving_layout(
+    content: &str,
+    missing_checks: &[BuiltinCheck],
+) -> Option<String> {
+    let (array_start, array_end) = find_checks_array_bounds(content)?;
+    let closing_indent = line_indent_before(content, array_end);
+    let item_indent = format!("{closing_indent}  ");
+    let existing_body = content.get(array_start + 1..array_end)?.trim();
+    let mut insertion = String::new();
+
+    if existing_body.is_empty() {
+        insertion.push('\n');
+    } else {
+        insertion.push_str(",\n");
+    }
+
+    for (index, check) in missing_checks.iter().enumerate() {
+        if index > 0 {
+            insertion.push_str(",\n");
+        }
+        insertion.push_str(&indent_block(check.content, &item_indent));
+    }
+
+    insertion.push('\n');
+    insertion.push_str(&closing_indent);
+
+    let mut next = String::with_capacity(content.len() + insertion.len());
+    next.push_str(&content[..array_end]);
+    next.push_str(&insertion);
+    next.push_str(content[array_end..].trim_end_matches('\n'));
+    Some(next)
+}
+
+fn find_checks_array_bounds(content: &str) -> Option<(usize, usize)> {
+    let key_start = content.find("\"checks\"")?;
+    let colon = content[key_start..].find(':')? + key_start;
+    let array_start = content[colon..].find('[')? + colon;
+    let array_end = find_matching_array_end(content, array_start)?;
+    Some((array_start, array_end))
+}
+
+fn find_matching_array_end(content: &str, array_start: usize) -> Option<usize> {
+    let mut depth = 0usize;
+    let mut in_string = false;
+    let mut escaped = false;
+
+    for (offset, character) in content[array_start..].char_indices() {
+        if in_string {
+            if escaped {
+                escaped = false;
+            } else if character == '\\' {
+                escaped = true;
+            } else if character == '"' {
+                in_string = false;
+            }
+            continue;
+        }
+
+        match character {
+            '"' => in_string = true,
+            '[' => depth += 1,
+            ']' => {
+                depth = depth.checked_sub(1)?;
+                if depth == 0 {
+                    return Some(array_start + offset);
+                }
+            }
+            _ => {}
+        }
+    }
+
+    None
+}
+
+fn line_indent_before(content: &str, index: usize) -> String {
+    let line_start = content[..index]
+        .rfind('\n')
+        .map(|position| position + 1)
+        .unwrap_or(0);
+    content[line_start..index]
+        .chars()
+        .take_while(|character| *character == ' ' || *character == '\t')
+        .collect()
+}
+
+fn indent_block(content: &str, indent: &str) -> String {
+    content
+        .lines()
+        .map(|line| format!("{indent}{line}"))
+        .collect::<Vec<_>>()
+        .join("\n")
+}

package/crates/naome-core/src/verification_contract.rs

@@ -0,0 +1,406 @@
+use std::collections::HashSet;
+use std::fs;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+const REQUIRED_TESTING_HEADINGS: &[&str] = &[
+    "# Testing And Verification",
+    "## Verification Map",
+    "## Known Checks",
+    "## Change Type Rules",
+    "## Release Gates",
+    "## Evidence",
+];
+const ALLOWED_STATUS: &[&str] = &["uninitialized", "partial", "ready"];
+const ALLOWED_COST: &[&str] = &["fast", "medium", "slow", "expensive", "ci-only", "unknown"];
+const ALLOWED_TOP_LEVEL_KEYS: &[&str] = &[
+    "schema",
+    "version",
+    "status",
+    "lastUpdated",
+    "checks",
+    "changeTypes",
+    "releaseGates",
+];
+const MAX_CHECKS: usize = 20;
+const MAX_CHANGE_TYPES: usize = 12;
+const MAX_RELEASE_GATES: usize = 10;
+
+pub fn validate_verification_contract(root: &Path) -> Result<Vec<String>, NaomeError> {
+    let mut errors = Vec::new();
+    validate_testing_markdown(root, &mut errors);
+
+    let verification_path = root.join(".naome").join("verification.json");
+    let verification: Value = match fs::read_to_string(&verification_path) {
+        Ok(content) => match serde_json::from_str(&content) {
+            Ok(value) => value,
+            Err(error) => {
+                errors.push(format!(
+                    ".naome/verification.json is not valid JSON: {error}"
+                ));
+                return Ok(errors);
+            }
+        },
+        Err(_) => {
+            errors.push(".naome/verification.json is missing.".to_string());
+            return Ok(errors);
+        }
+    };
+
+    validate_contract_shape(&verification, &mut errors);
+    Ok(errors)
+}
+
+fn validate_testing_markdown(root: &Path, errors: &mut Vec<String>) {
+    let testing_path = root.join("docs").join("naome").join("testing.md");
+    let Ok(content) = fs::read_to_string(testing_path) else {
+        errors.push("docs/naome/testing.md is missing.".to_string());
+        return;
+    };
+
+    for heading in REQUIRED_TESTING_HEADINGS {
+        if !content.lines().any(|line| line.trim() == *heading) {
+            errors.push(format!("docs/naome/testing.md missing heading: {heading}"));
+        }
+    }
+}
+
+fn validate_contract_shape(contract: &Value, errors: &mut Vec<String>) {
+    let Some(object) = contract.as_object() else {
+        errors.push(".naome/verification.json must be a JSON object.".to_string());
+        return;
+    };
+
+    for key in object.keys() {
+        if !ALLOWED_TOP_LEVEL_KEYS.contains(&key.as_str()) {
+            errors.push(format!(
+                ".naome/verification.json unknown top-level key: {key}"
+            ));
+        }
+    }
+
+    if object.get("schema").and_then(Value::as_str) != Some("naome.verification.v1") {
+        errors.push(".naome/verification.json schema must be naome.verification.v1.".to_string());
+    }
+
+    if object.get("version").and_then(Value::as_i64) != Some(1) {
+        errors.push(".naome/verification.json version must be 1.".to_string());
+    }
+
+    let status = object.get("status").and_then(Value::as_str);
+    if !status.is_some_and(|value| ALLOWED_STATUS.contains(&value)) {
+        errors.push(format!(
+            ".naome/verification.json status must be one of: {}.",
+            ALLOWED_STATUS.join(", ")
+        ));
+    }
+
+    if let Some(last_updated) = object.get("lastUpdated") {
+        if !last_updated.is_null()
+            && !last_updated
+                .as_str()
+                .is_some_and(|value| is_iso_date(value))
+        {
+            errors.push(
+                ".naome/verification.json lastUpdated must be YYYY-MM-DD or null.".to_string(),
+            );
+        }
+    }
+
+    let Some(checks) = validate_array(object, "checks", errors) else {
+        return;
+    };
+    let Some(change_types) = validate_array(object, "changeTypes", errors) else {
+        return;
+    };
+    let Some(release_gates) = validate_array(object, "releaseGates", errors) else {
+        return;
+    };
+
+    validate_array_limit(checks, "checks", MAX_CHECKS, errors);
+    validate_array_limit(change_types, "changeTypes", MAX_CHANGE_TYPES, errors);
+    validate_array_limit(release_gates, "releaseGates", MAX_RELEASE_GATES, errors);
+
+    let check_ids = validate_checks(checks, errors);
+    validate_change_types(change_types, &check_ids, errors);
+    validate_release_gates(release_gates, &check_ids, errors);
+
+    if status == Some("ready") && contains_example_placeholders(contract) {
+        errors.push(
+            ".naome/verification.json must not contain example placeholders when status is ready."
+                .to_string(),
+        );
+    }
+
+    if status == Some("ready") && checks.is_empty() {
+        errors.push(
+            ".naome/verification.json must contain at least one real check when status is ready."
+                .to_string(),
+        );
+    }
+}
+
+fn validate_array<'a>(
+    object: &'a serde_json::Map<String, Value>,
+    name: &str,
+    errors: &mut Vec<String>,
+) -> Option<&'a Vec<Value>> {
+    match object.get(name).and_then(Value::as_array) {
+        Some(values) => Some(values),
+        None => {
+            errors.push(format!("{name} must be an array."));
+            None
+        }
+    }
+}
+
+fn validate_array_limit(values: &[Value], name: &str, max: usize, errors: &mut Vec<String>) {
+    if values.len() > max {
+        errors.push(format!("{name} must contain {max} entries or fewer."));
+    }
+}
+
+fn validate_checks(checks: &[Value], errors: &mut Vec<String>) -> HashSet<String> {
+    let mut check_ids = HashSet::new();
+
+    for (index, check) in checks.iter().enumerate() {
+        let prefix = format!("checks[{index}]");
+        let Some(object) = check.as_object() else {
+            errors.push(format!("{prefix} must be an object."));
+            continue;
+        };
+
+        match object.get("id").and_then(Value::as_str) {
+            Some(id) if is_id(id) && !check_ids.contains(id) => {
+                check_ids.insert(id.to_string());
+            }
+            Some(id) if is_id(id) => {
+                errors.push(format!("{prefix}.id duplicates check id: {id}"));
+            }
+            _ => errors.push(format!("{prefix}.id must be kebab-case lowercase.")),
+        }
+
+        require_string(object, "command", &prefix, errors);
+        require_string(object, "cwd", &prefix, errors);
+        require_string(object, "purpose", &prefix, errors);
+        require_string(object, "source", &prefix, errors);
+        require_string_array_allow_empty(object, "evidence", &prefix, errors);
+
+        if !object
+            .get("cost")
+            .and_then(Value::as_str)
+            .is_some_and(|cost| ALLOWED_COST.contains(&cost))
+        {
+            errors.push(format!(
+                "{prefix}.cost must be one of: {}.",
+                ALLOWED_COST.join(", ")
+            ));
+        }
+
+        match object.get("lastVerified") {
+            Some(last_verified)
+                if last_verified.is_null()
+                    || last_verified
+                        .as_str()
+                        .is_some_and(|value| is_iso_date(value)) => {}
+            _ => errors.push(format!("{prefix}.lastVerified must be YYYY-MM-DD or null.")),
+        }
+    }
+
+    check_ids
+}
+
+fn validate_change_types(
+    change_types: &[Value],
+    check_ids: &HashSet<String>,
+    errors: &mut Vec<String>,
+) {
+    for (index, change_type) in change_types.iter().enumerate() {
+        let prefix = format!("changeTypes[{index}]");
+        let Some(object) = change_type.as_object() else {
+            errors.push(format!("{prefix} must be an object."));
+            continue;
+        };
+
+        if !object.get("id").and_then(Value::as_str).is_some_and(is_id) {
+            errors.push(format!("{prefix}.id must be kebab-case lowercase."));
+        }
+
+        require_string(object, "description", &prefix, errors);
+        require_string_array(object, "paths", &prefix, errors);
+        validate_check_reference_array(object, "requiredChecks", &prefix, check_ids, errors, true);
+        validate_check_reference_array(
+            object,
+            "recommendedChecks",
+            &prefix,
+            check_ids,
+            errors,
+            false,
+        );
+
+        if !object.get("humanReview").is_some_and(Value::is_boolean) {
+            errors.push(format!("{prefix}.humanReview must be boolean."));
+        }
+    }
+}
+
+fn validate_release_gates(
+    release_gates: &[Value],
+    check_ids: &HashSet<String>,
+    errors: &mut Vec<String>,
+) {
+    for (index, release_gate) in release_gates.iter().enumerate() {
+        let prefix = format!("releaseGates[{index}]");
+        let Some(object) = release_gate.as_object() else {
+            errors.push(format!(
+                "{prefix} must be an object with checkId and requiredWhen."
+            ));
+            continue;
+        };
+
+        require_string(object, "checkId", &prefix, errors);
+        require_string(object, "requiredWhen", &prefix, errors);
+
+        if let Some(check_id) = object.get("checkId").and_then(Value::as_str) {
+            if !check_ids.contains(check_id) {
+                errors.push(format!("{prefix}.checkId unknown check id: {check_id}"));
+            }
+        }
+    }
+}
+
+fn validate_check_reference_array(
+    object: &serde_json::Map<String, Value>,
+    field: &str,
+    prefix: &str,
+    check_ids: &HashSet<String>,
+    errors: &mut Vec<String>,
+    require_non_empty: bool,
+) {
+    let Some(values) = object.get(field).and_then(Value::as_array) else {
+        let qualifier = if require_non_empty { "non-empty " } else { "" };
+        errors.push(format!(
+            "{prefix}.{field} must be a {qualifier}string array."
+        ));
+        return;
+    };
+
+    if require_non_empty && values.is_empty() {
+        errors.push(format!(
+            "{prefix}.{field} must be a non-empty string array."
+        ));
+    }
+
+    for value in values {
+        let Some(check_id) = value.as_str().filter(|value| !value.trim().is_empty()) else {
+            errors.push(format!("{prefix}.{field} must be a string array."));
+            continue;
+        };
+
+        if !check_ids.contains(check_id) {
+            errors.push(format!("{prefix}.{field} unknown check id: {check_id}"));
+        }
+    }
+}
+
+fn require_string(
+    object: &serde_json::Map<String, Value>,
+    field: &str,
+    prefix: &str,
+    errors: &mut Vec<String>,
+) {
+    if !object
+        .get(field)
+        .and_then(Value::as_str)
+        .is_some_and(|value| !value.trim().is_empty())
+    {
+        errors.push(format!("{prefix}.{field} must be a non-empty string."));
+    }
+}
+
+fn require_string_array(
+    object: &serde_json::Map<String, Value>,
+    field: &str,
+    prefix: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(values) = object.get(field).and_then(Value::as_array) else {
+        errors.push(format!(
+            "{prefix}.{field} must be a non-empty string array."
+        ));
+        return;
+    };
+
+    if values.is_empty()
+        || values
+            .iter()
+            .any(|value| !value.as_str().is_some_and(|entry| !entry.trim().is_empty()))
+    {
+        errors.push(format!(
+            "{prefix}.{field} must be a non-empty string array."
+        ));
+    }
+}
+
+fn require_string_array_allow_empty(
+    object: &serde_json::Map<String, Value>,
+    field: &str,
+    prefix: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(values) = object.get(field).and_then(Value::as_array) else {
+        errors.push(format!("{prefix}.{field} must be a string array."));
+        return;
+    };
+
+    if values
+        .iter()
+        .any(|value| !value.as_str().is_some_and(|entry| !entry.trim().is_empty()))
+    {
+        errors.push(format!("{prefix}.{field} must be a string array."));
+    }
+}
+
+fn is_id(value: &str) -> bool {
+    let mut chars = value.chars();
+    let Some(first) = chars.next() else {
+        return false;
+    };
+
+    if !first.is_ascii_lowercase() && !first.is_ascii_digit() {
+        return false;
+    }
+
+    value
+        .chars()
+        .all(|ch| ch.is_ascii_lowercase() || ch.is_ascii_digit() || ch == '-')
+}
+
+fn is_iso_date(value: &str) -> bool {
+    let bytes = value.as_bytes();
+    bytes.len() == 10
+        && bytes[4] == b'-'
+        && bytes[7] == b'-'
+        && bytes
+            .iter()
+            .enumerate()
+            .filter(|(index, _)| *index != 4 && *index != 7)
+            .all(|(_, byte)| byte.is_ascii_digit())
+}
+
+fn contains_example_placeholders(value: &Value) -> bool {
+    match value {
+        Value::String(text) => {
+            let normalized = text.to_lowercase();
+            normalized.contains("example-")
+                || normalized.contains("replace with")
+                || normalized.contains("replace/**")
+        }
+        Value::Array(values) => values.iter().any(contains_example_placeholders),
+        Value::Object(values) => values.values().any(contains_example_placeholders),
+        _ => false,
+    }
+}