@lamentis/naome 1.1.2 → 1.2.0

package/crates/naome-core/src/task_state/completed_refresh.rs

@@ -0,0 +1,89 @@
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+use super::api::validate_task_state;
+use super::git_io::read_git_changed_paths;
+use super::repair::is_safe_harness_refresh_path;
+use super::types::{
+    CompletedTaskHarnessRefreshDiff, TaskStateMode, TaskStateOptions, CONTROL_STATE_PATH,
+};
+use super::util::{matches_any_pattern, read_json, string_array};
+pub(super) fn add_completed_task_diff_notice(
+    root: &Path,
+    notices: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let changed_paths = read_git_changed_paths(root)?;
+    if changed_paths.is_empty() {
+        return Ok(());
+    }
+
+    notices.push(format!("Task is complete and verified. Changed paths: {}. NAOME intent can baseline it automatically before the next distinct task; only surface human choices when intent blocks or the user explicitly asks to review, revise, cancel, or commit.", changed_paths.join(", ")));
+    Ok(())
+}
+
+pub fn completed_task_harness_refresh_diff(
+    root: &Path,
+) -> Result<Option<CompletedTaskHarnessRefreshDiff>, NaomeError> {
+    let mut read_errors = Vec::new();
+    let Some(task_state) = read_json(root, ".naome/task-state.json", &mut read_errors)? else {
+        return Ok(None);
+    };
+    if !read_errors.is_empty() {
+        return Ok(None);
+    }
+    if task_state.get("status").and_then(Value::as_str) != Some("complete") {
+        return Ok(None);
+    }
+    let Some(active_task) = task_state.get("activeTask") else {
+        return Ok(None);
+    };
+
+    let allowed_paths = string_array(active_task.get("allowedPaths")).unwrap_or_default();
+    let mut harness_paths = Vec::new();
+    let mut task_paths = Vec::new();
+    let mut other_paths = Vec::new();
+
+    for path in read_git_changed_paths(root)? {
+        if path == CONTROL_STATE_PATH {
+            continue;
+        }
+        if matches_any_pattern(&path, &allowed_paths) {
+            task_paths.push(path);
+        } else if is_safe_harness_refresh_path(&path) {
+            harness_paths.push(path);
+        } else {
+            other_paths.push(path);
+        }
+    }
+
+    if task_paths.is_empty() || harness_paths.is_empty() || !other_paths.is_empty() {
+        return Ok(None);
+    }
+
+    let report = validate_task_state(
+        root,
+        TaskStateOptions {
+            mode: TaskStateMode::State,
+            harness_health: None,
+        },
+    )?;
+    let allowed_scope_error = format!(
+        "Changed files outside allowedPaths: {}. Human options: request_scope_change, move_changes_to_new_task, revert_out_of_scope_changes.",
+        harness_paths.join(", ")
+    );
+    if report
+        .errors
+        .iter()
+        .all(|error| error == &allowed_scope_error)
+    {
+        Ok(Some(CompletedTaskHarnessRefreshDiff {
+            harness_paths,
+            task_paths,
+        }))
+    } else {
+        Ok(None)
+    }
+}

package/crates/naome-core/src/task_state/completion.rs

@@ -0,0 +1,72 @@
+use std::collections::HashSet;
+use std::path::Path;
+
+use serde_json::Value;
+
+pub(super) use super::admission::validate_admission;
+pub(super) use super::commit_gate::validate_commit_gate;
+use super::diff::validate_changed_entries;
+use super::git_io::read_git_changed_entries;
+use super::process_guard::{validate_no_active_processes, ProcessGate};
+pub(super) use super::progress::validate_progress;
+use super::proof::{validate_proof_evidence_covers_changed_entries, validate_proof_results};
+use super::reconcile::add_completed_task_diff_notice;
+use super::shape::{read_verification_check_ids, validate_required_check_ids};
+use super::types::ChangedEntry;
+use crate::models::NaomeError;
+pub(super) fn validate_complete_task(
+    active_task: Option<&Value>,
+    blocker: Option<&Value>,
+    root: &Path,
+    errors: &mut Vec<String>,
+    notices: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let error_start = errors.len();
+
+    if !blocker.is_some_and(Value::is_null) {
+        errors.push("complete task state must have blocker set to null.".to_string());
+    }
+
+    let Some(active_task) = active_task else {
+        return Ok(());
+    };
+
+    if active_task
+        .get("humanReview")
+        .and_then(|review| review.get("required"))
+        .and_then(Value::as_bool)
+        == Some(true)
+        && active_task
+            .get("humanReview")
+            .and_then(|review| review.get("approved"))
+            .and_then(Value::as_bool)
+            != Some(true)
+    {
+        errors.push("complete task requires human review approval before completion.".to_string());
+    }
+
+    let check_ids = read_verification_check_ids(root, errors)?;
+    validate_required_check_ids(active_task, &check_ids, errors);
+    validate_no_active_processes(root, errors, ProcessGate::Completion)?;
+    let entries = read_git_changed_entries(root)?;
+    validate_complete_task_against_entries(active_task, root, &check_ids, &entries, errors)?;
+
+    if errors.len() == error_start {
+        add_completed_task_diff_notice(root, notices)?;
+    }
+
+    Ok(())
+}
+
+pub(super) fn validate_complete_task_against_entries(
+    active_task: &Value,
+    root: &Path,
+    check_ids: &HashSet<String>,
+    entries: &[ChangedEntry],
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    validate_proof_results(active_task, check_ids, root, errors)?;
+    validate_changed_entries(active_task, entries, errors)?;
+    validate_proof_evidence_covers_changed_entries(active_task, root, entries, errors)?;
+    Ok(())
+}

package/crates/naome-core/src/task_state/deleted_paths.rs

@@ -0,0 +1,47 @@
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+use super::git_io::{git_commit_exists, parse_name_status_output, read_git_head, run_git};
+
+pub(super) fn read_historical_deleted_paths(
+    active_task: &Value,
+    root: &Path,
+) -> Result<Vec<String>, NaomeError> {
+    let Some(admission_head) = active_task
+        .get("admission")
+        .and_then(|admission| admission.get("gitHead"))
+        .and_then(Value::as_str)
+        .filter(|head| !head.trim().is_empty())
+    else {
+        return Ok(Vec::new());
+    };
+
+    if !git_commit_exists(root, admission_head)? {
+        return Ok(Vec::new());
+    }
+
+    let Some(current_head) = read_git_head(root)? else {
+        return Ok(Vec::new());
+    };
+
+    if current_head == admission_head {
+        return Ok(Vec::new());
+    }
+
+    let output = run_git(
+        root,
+        ["diff", "--name-status", "-z", admission_head, &current_head],
+    )?;
+    if !output.status.success() {
+        return Ok(Vec::new());
+    }
+
+    Ok(parse_name_status_output(&output.stdout)
+        .into_iter()
+        .filter(|entry| entry.status == "deleted")
+        .map(|entry| entry.path)
+        .collect())
+}

package/crates/naome-core/src/task_state/diff.rs

@@ -0,0 +1,95 @@
+use std::collections::HashSet;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+use super::git_io::read_git_changed_entries;
+use super::types::{ChangedEntry, TaskDiff, CONTROL_STATE_PATH};
+use super::util::{matches_any_pattern, normalize_path, string_array};
+pub(super) fn validate_changed_paths(
+    active_task: &Value,
+    root: &Path,
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let entries = read_git_changed_entries(root)?;
+    validate_changed_entries(active_task, &entries, errors)
+}
+
+pub(super) fn validate_changed_entries(
+    active_task: &Value,
+    entries: &[ChangedEntry],
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let diff = task_diff_from_entries(active_task, entries);
+    if !diff.outside_paths.is_empty() {
+        errors.push(format!(
+            "Changed files outside allowedPaths: {}. Human options: request_scope_change, move_changes_to_new_task, revert_out_of_scope_changes.",
+            diff.outside_paths.join(", ")
+        ));
+    }
+    Ok(())
+}
+
+pub(super) fn validate_human_review_blocker_paths(
+    active_task: Option<&Value>,
+    blocker: Option<&Value>,
+    root: &Path,
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let (Some(active_task), Some(blocker)) = (active_task, blocker) else {
+        return Ok(());
+    };
+    let diff = read_task_diff(active_task, root)?;
+    if diff.outside_paths.is_empty() {
+        return Ok(());
+    }
+
+    let blocker_paths: HashSet<String> = blocker
+        .get("paths")
+        .and_then(Value::as_array)
+        .into_iter()
+        .flatten()
+        .filter_map(Value::as_str)
+        .map(normalize_path)
+        .collect();
+    let missing_paths: Vec<String> = diff
+        .outside_paths
+        .into_iter()
+        .filter(|path| !blocker_paths.contains(path))
+        .collect();
+
+    if !missing_paths.is_empty() {
+        errors.push(format!(
+            "blocker.paths missing actual scope violations: {}",
+            missing_paths.join(", ")
+        ));
+    }
+
+    Ok(())
+}
+
+pub(super) fn read_task_diff(active_task: &Value, root: &Path) -> Result<TaskDiff, NaomeError> {
+    let entries = read_git_changed_entries(root)?;
+    Ok(task_diff_from_entries(active_task, &entries))
+}
+
+pub(super) fn task_diff_from_entries(active_task: &Value, entries: &[ChangedEntry]) -> TaskDiff {
+    let allowed_paths = string_array(active_task.get("allowedPaths")).unwrap_or_default();
+    let diff_paths: Vec<String> = entries
+        .iter()
+        .map(|entry| entry.path.clone())
+        .filter(|path| path != CONTROL_STATE_PATH)
+        .collect();
+    let outside_paths = diff_paths
+        .iter()
+        .filter(|path| !matches_any_pattern(path, &allowed_paths))
+        .cloned()
+        .collect();
+
+    TaskDiff {
+        diff_paths,
+        outside_paths,
+    }
+}

package/crates/naome-core/src/task_state/evidence.rs

@@ -0,0 +1,154 @@
+use std::collections::HashSet;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+use super::deleted_paths::read_historical_deleted_paths;
+use super::git_io::read_git_changed_entries;
+use super::types::{ALLOWED_EVIDENCE_STATUS, CONTROL_STATE_PATH};
+use super::util::{
+    is_non_empty_string, matches_any_pattern, normalize_path, require_string, string_array,
+};
+pub(super) fn validate_evidence_array(
+    evidence: Option<&Value>,
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(evidence) = evidence.and_then(Value::as_array) else {
+        errors.push(format!("{field_name} must be an evidence array."));
+        return;
+    };
+
+    for (index, entry) in evidence.iter().enumerate() {
+        let prefix = format!("{field_name}[{index}]");
+        if entry.as_str().is_some_and(is_non_empty_string) {
+            continue;
+        }
+
+        let Some(object) = entry.as_object() else {
+            errors.push(format!(
+                "{prefix} must be a non-empty string path or an evidence object."
+            ));
+            continue;
+        };
+
+        require_string(object.get("path"), &format!("{prefix}.path"), errors);
+
+        if let Some(status) = object.get("status").and_then(Value::as_str) {
+            if !ALLOWED_EVIDENCE_STATUS.contains(&status) {
+                errors.push(format!(
+                    "{prefix}.status must be one of: {}.",
+                    ALLOWED_EVIDENCE_STATUS.join(", ")
+                ));
+            }
+        }
+
+        if object.contains_key("fromPath")
+            && !object
+                .get("fromPath")
+                .and_then(Value::as_str)
+                .is_some_and(is_non_empty_string)
+        {
+            errors.push(format!(
+                "{prefix}.fromPath must be a non-empty string when present."
+            ));
+        }
+    }
+}
+
+pub(super) fn validate_control_state_patterns(
+    patterns: Option<&Value>,
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(patterns) = string_array(patterns) else {
+        return;
+    };
+
+    for pattern in patterns {
+        if matches_any_pattern(CONTROL_STATE_PATH, std::slice::from_ref(&pattern)) {
+            errors.push(format!(
+                "{field_name} cannot include NAOME control state: {pattern}"
+            ));
+        }
+    }
+}
+
+pub(super) fn validate_control_state_paths(
+    paths: Option<&Value>,
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(paths) = paths.and_then(Value::as_array) else {
+        return;
+    };
+
+    for entry in paths {
+        let Some(path) = evidence_entry_path(entry) else {
+            continue;
+        };
+        if normalize_path(&path) == CONTROL_STATE_PATH {
+            errors.push(format!(
+                "{field_name} cannot include NAOME control state: {path}"
+            ));
+        }
+    }
+}
+
+pub(super) fn validate_evidence_paths(
+    evidence: Option<&Value>,
+    field_name: &str,
+    root: &Path,
+    errors: &mut Vec<String>,
+    active_task: &Value,
+) -> Result<(), NaomeError> {
+    let Some(evidence) = evidence.and_then(Value::as_array) else {
+        return Ok(());
+    };
+
+    let mut deleted_paths: HashSet<String> = read_git_changed_entries(root)?
+        .into_iter()
+        .filter(|entry| entry.status == "deleted")
+        .map(|entry| entry.path)
+        .collect();
+    for path in read_historical_deleted_paths(active_task, root)? {
+        deleted_paths.insert(path);
+    }
+
+    for entry in evidence {
+        let Some(evidence_path) = evidence_entry_path(entry) else {
+            continue;
+        };
+        let normalized_path = normalize_path(&evidence_path);
+        if Path::new(&evidence_path).is_absolute()
+            || normalized_path.split('/').any(|part| part == "..")
+        {
+            errors.push(format!("{field_name} unsafe path: {evidence_path}"));
+            continue;
+        }
+
+        if !root.join(&normalized_path).exists() && !deleted_paths.contains(&normalized_path) {
+            errors.push(format!(
+                "{field_name} path does not exist or is not deleted in git diff: {evidence_path}"
+            ));
+        }
+    }
+
+    Ok(())
+}
+
+pub(super) fn evidence_entry_path(entry: &Value) -> Option<String> {
+    entry
+        .as_str()
+        .filter(|value| is_non_empty_string(value))
+        .map(ToString::to_string)
+        .or_else(|| {
+            entry
+                .get("path")
+                .and_then(Value::as_str)
+                .filter(|value| is_non_empty_string(value))
+                .map(ToString::to_string)
+        })
+}

package/crates/naome-core/src/task_state/git_io.rs

@@ -0,0 +1,86 @@
+use std::collections::HashMap;
+use std::path::Path;
+use std::process::Command;
+
+use crate::models::NaomeError;
+
+pub(super) use super::git_parse::{parse_name_status_output, split_nul, upsert_changed_entry};
+pub(super) use super::git_refs::{command_output, git_commit_exists, read_git_head, run_git};
+use super::types::ChangedEntry;
+use super::util::normalize_path;
+pub(super) fn read_git_changed_paths(root: &Path) -> Result<Vec<String>, NaomeError> {
+    Ok(read_git_changed_entries(root)?
+        .into_iter()
+        .map(|entry| entry.path)
+        .collect())
+}
+
+pub(super) fn read_git_staged_changed_entries(
+    root: &Path,
+) -> Result<Vec<ChangedEntry>, NaomeError> {
+    let output = Command::new("git")
+        .args(["diff", "--name-status", "--cached", "-z"])
+        .current_dir(root)
+        .output()?;
+    if !output.status.success() {
+        return Err(NaomeError::new(format!(
+            "git diff --name-status --cached -z failed: {}",
+            command_output(&output)
+        )));
+    }
+
+    Ok(parse_name_status_output(&output.stdout))
+}
+
+pub(super) fn read_git_changed_entries(root: &Path) -> Result<Vec<ChangedEntry>, NaomeError> {
+    let git_check = run_git(root, ["rev-parse", "--is-inside-work-tree"])?;
+    if !git_check.status.success() {
+        return Err(NaomeError::new(
+            "complete task validation requires a git work tree.",
+        ));
+    }
+
+    let mut entries: HashMap<String, ChangedEntry> = HashMap::new();
+    for args in [
+        vec!["diff", "--name-status", "-z"],
+        vec!["diff", "--name-status", "--cached", "-z"],
+    ] {
+        let output = Command::new("git").args(&args).current_dir(root).output()?;
+        if !output.status.success() {
+            return Err(NaomeError::new(format!(
+                "git {} failed: {}",
+                args.join(" "),
+                command_output(&output)
+            )));
+        }
+
+        for entry in parse_name_status_output(&output.stdout) {
+            upsert_changed_entry(&mut entries, entry);
+        }
+    }
+
+    let untracked = run_git(root, ["ls-files", "--others", "--exclude-standard", "-z"])?;
+    if !untracked.status.success() {
+        return Err(NaomeError::new(format!(
+            "git ls-files --others --exclude-standard -z failed: {}",
+            command_output(&untracked)
+        )));
+    }
+
+    for token in split_nul(&untracked.stdout) {
+        let path = normalize_path(token.trim());
+        if !path.is_empty() {
+            upsert_changed_entry(
+                &mut entries,
+                ChangedEntry {
+                    path,
+                    status: "added".to_string(),
+                },
+            );
+        }
+    }
+
+    let mut entries: Vec<ChangedEntry> = entries.into_values().collect();
+    entries.sort_by(|left, right| left.path.cmp(&right.path));
+    Ok(entries)
+}

package/crates/naome-core/src/task_state/git_parse.rs

@@ -0,0 +1,86 @@
+use std::collections::HashMap;
+
+use super::types::ChangedEntry;
+use super::util::normalize_path;
+pub(super) fn parse_name_status_output(output: &[u8]) -> Vec<ChangedEntry> {
+    let tokens = split_nul(output);
+    let mut entries = Vec::new();
+    let mut index = 0;
+
+    while index < tokens.len() {
+        let raw_status = &tokens[index];
+        index += 1;
+        let status_code = raw_status.chars().next().unwrap_or('M');
+
+        if status_code == 'R' || status_code == 'C' {
+            let from_path = normalize_path(tokens.get(index).map(String::as_str).unwrap_or(""));
+            index += 1;
+            let to_path = normalize_path(tokens.get(index).map(String::as_str).unwrap_or(""));
+            index += 1;
+            if !from_path.is_empty() {
+                entries.push(ChangedEntry {
+                    path: from_path,
+                    status: "deleted".to_string(),
+                });
+            }
+            if !to_path.is_empty() {
+                entries.push(ChangedEntry {
+                    path: to_path,
+                    status: "renamed".to_string(),
+                });
+            }
+            continue;
+        }
+
+        let path = normalize_path(tokens.get(index).map(String::as_str).unwrap_or(""));
+        index += 1;
+        if path.is_empty() {
+            continue;
+        }
+
+        entries.push(ChangedEntry {
+            path,
+            status: git_status_code_to_evidence_status(status_code).to_string(),
+        });
+    }
+
+    entries
+}
+
+pub(super) fn split_nul(output: &[u8]) -> Vec<String> {
+    output
+        .split(|byte| *byte == 0)
+        .filter(|token| !token.is_empty())
+        .map(|token| String::from_utf8_lossy(token).to_string())
+        .collect()
+}
+
+pub(super) fn git_status_code_to_evidence_status(status_code: char) -> &'static str {
+    match status_code {
+        'A' => "added",
+        'D' => "deleted",
+        _ => "modified",
+    }
+}
+
+pub(super) fn upsert_changed_entry(
+    entries: &mut HashMap<String, ChangedEntry>,
+    entry: ChangedEntry,
+) {
+    let should_replace = entries
+        .get(&entry.path)
+        .map(|existing| status_rank(&entry.status) > status_rank(&existing.status))
+        .unwrap_or(true);
+    if should_replace {
+        entries.insert(entry.path.clone(), entry);
+    }
+}
+
+pub(super) fn status_rank(status: &str) -> u8 {
+    match status {
+        "deleted" => 4,
+        "renamed" => 3,
+        "added" => 2,
+        _ => 1,
+    }
+}

package/crates/naome-core/src/task_state/git_refs.rs

@@ -0,0 +1,37 @@
+use std::path::Path;
+use std::process::Command;
+
+use crate::models::NaomeError;
+
+pub(super) fn read_git_head(root: &Path) -> Result<Option<String>, NaomeError> {
+    let output = run_git(root, ["rev-parse", "HEAD"])?;
+    if !output.status.success() {
+        return Ok(None);
+    }
+    Ok(Some(
+        String::from_utf8_lossy(&output.stdout).trim().to_string(),
+    ))
+}
+
+pub(super) fn git_commit_exists(root: &Path, commit: &str) -> Result<bool, NaomeError> {
+    Ok(
+        run_git(root, ["cat-file", "-e", &format!("{commit}^{{commit}}")])?
+            .status
+            .success(),
+    )
+}
+
+pub(super) fn run_git<const N: usize>(
+    root: &Path,
+    args: [&str; N],
+) -> Result<std::process::Output, NaomeError> {
+    Ok(Command::new("git").args(args).current_dir(root).output()?)
+}
+
+pub(super) fn command_output(output: &std::process::Output) -> String {
+    let stderr = String::from_utf8_lossy(&output.stderr).trim().to_string();
+    if !stderr.is_empty() {
+        return stderr;
+    }
+    String::from_utf8_lossy(&output.stdout).trim().to_string()
+}

package/crates/naome-core/src/task_state/human_review_state.rs

@@ -0,0 +1,31 @@
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+
+use super::diff::validate_human_review_blocker_paths;
+use super::proof::validate_proof_evidence_covers_changed_paths;
+use super::shape::{validate_active_task, validate_active_task_references, validate_blocker};
+
+pub(super) fn validate_human_review_state(
+    task_state: &Value,
+    root: &Path,
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    validate_active_task(task_state.get("activeTask"), errors);
+    validate_active_task_references(
+        task_state.get("activeTask"),
+        root,
+        errors,
+        Some("needs_human_review"),
+    )?;
+    validate_blocker(task_state.get("blocker"), errors);
+    validate_human_review_blocker_paths(
+        task_state.get("activeTask"),
+        task_state.get("blocker"),
+        root,
+        errors,
+    )?;
+    validate_proof_evidence_covers_changed_paths(task_state.get("activeTask"), root, errors)
+}