@lamentis/naome 1.1.2 → 1.2.0

package/crates/naome-core/src/task_state/repair.rs

@@ -0,0 +1,168 @@
+use std::collections::HashSet;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::install_plan::MACHINE_OWNED_PATHS;
+use crate::models::NaomeError;
+
+use super::types::CONTROL_STATE_PATH;
+use super::util::{
+    is_non_empty_string, matches_any_pattern, normalize_path, read_json, string_array,
+};
+pub(super) fn is_harness_repair_diff(
+    root: &Path,
+    changed_paths: &[String],
+) -> Result<bool, NaomeError> {
+    let machine_owned_paths = read_machine_owned_paths(root)?;
+    if machine_owned_paths.is_empty() {
+        return Ok(false);
+    }
+
+    let has_repair_signal = changed_paths
+        .iter()
+        .any(|path| machine_owned_paths.contains(path) || is_repair_archive_path(path));
+    if !has_repair_signal {
+        return Ok(false);
+    }
+
+    Ok(changed_paths
+        .iter()
+        .all(|path| machine_owned_paths.contains(path) || is_repair_support_path(path)))
+}
+
+pub(super) fn is_repair_support_path(path: &str) -> bool {
+    path == ".naome/manifest.json"
+        || path == ".naome/upgrade-state.json"
+        || is_repair_archive_path(path)
+}
+
+pub(super) fn is_packaged_machine_owned_path(path: &str) -> bool {
+    MACHINE_OWNED_PATHS.iter().any(|owned| *owned == path)
+}
+
+pub(super) fn is_safe_harness_refresh_path(path: &str) -> bool {
+    is_packaged_machine_owned_path(path) || is_repair_support_path(path)
+}
+
+pub(super) fn is_deterministic_harness_refresh_diff(changed_paths: &[String]) -> bool {
+    !changed_paths.is_empty()
+        && changed_paths
+            .iter()
+            .any(|path| is_packaged_machine_owned_path(path) || is_repair_archive_path(path))
+        && changed_paths
+            .iter()
+            .all(|path| is_safe_harness_refresh_path(path))
+}
+
+pub(super) fn is_repair_archive_path(path: &str) -> bool {
+    path.starts_with(".naome/archive/repair-")
+}
+
+pub(super) fn is_completed_task_diff(task_state: &Value, changed_paths: &[String]) -> bool {
+    if task_state.get("status").and_then(Value::as_str) != Some("complete") {
+        return false;
+    }
+    let Some(active_task) = task_state.get("activeTask") else {
+        return false;
+    };
+    let allowed_paths = string_array(active_task.get("allowedPaths")).unwrap_or_default();
+    let task_paths: Vec<&String> = changed_paths
+        .iter()
+        .filter(|path| path.as_str() != CONTROL_STATE_PATH)
+        .collect();
+    !task_paths.is_empty()
+        && task_paths
+            .iter()
+            .all(|path| matches_any_pattern(path, &allowed_paths))
+}
+
+pub(super) fn is_naome_baseline_diff(changed_paths: &[String]) -> bool {
+    changed_paths.iter().all(|path| {
+        path == "AGENTS.md"
+            || path == ".gitignore"
+            || path == ".naomeignore"
+            || path.starts_with(".naome/")
+            || path.starts_with("docs/naome/")
+    })
+}
+
+pub(super) fn is_install_or_upgrade_baseline_diff(
+    root: &Path,
+    changed_paths: &[String],
+) -> Result<bool, NaomeError> {
+    if !is_naome_baseline_diff(changed_paths) {
+        return Ok(false);
+    }
+
+    let has_setup_signal = changed_paths.iter().any(|path| {
+        matches!(
+            path.as_str(),
+            "AGENTS.md"
+                | ".gitignore"
+                | ".naomeignore"
+                | ".naome/init-state.json"
+                | ".naome/manifest.json"
+                | ".naome/package.json"
+                | ".naome/task-contract.schema.json"
+                | ".naome/upgrade-state.json"
+        )
+    });
+    if !has_setup_signal {
+        return Ok(false);
+    }
+
+    if read_init_incomplete(root)? || read_upgrade_baseline_signal(root)? {
+        return Ok(true);
+    }
+
+    Ok(changed_paths.iter().any(|path| {
+        matches!(
+            path.as_str(),
+            ".naome/init-state.json" | ".naome/manifest.json" | ".naome/upgrade-state.json"
+        )
+    }))
+}
+
+pub(super) fn read_init_incomplete(root: &Path) -> Result<bool, NaomeError> {
+    let Some(init_state) = read_json(root, ".naome/init-state.json", &mut Vec::new())? else {
+        return Ok(false);
+    };
+
+    Ok(
+        init_state.get("initialized").and_then(Value::as_bool) != Some(true)
+            || init_state.get("intakeStatus").and_then(Value::as_str) != Some("complete"),
+    )
+}
+
+pub(super) fn read_upgrade_baseline_signal(root: &Path) -> Result<bool, NaomeError> {
+    let Some(upgrade_state) = read_json(root, ".naome/upgrade-state.json", &mut Vec::new())? else {
+        return Ok(false);
+    };
+
+    Ok(upgrade_state.get("fromVersion").is_some()
+        || upgrade_state
+            .get("pending")
+            .and_then(Value::as_array)
+            .is_some_and(|pending| !pending.is_empty())
+        || upgrade_state
+            .get("completed")
+            .and_then(Value::as_array)
+            .is_some_and(|completed| !completed.is_empty()))
+}
+
+pub(super) fn read_machine_owned_paths(root: &Path) -> Result<HashSet<String>, NaomeError> {
+    let Some(manifest) = read_json(root, ".naome/manifest.json", &mut Vec::new())? else {
+        return Ok(HashSet::new());
+    };
+
+    Ok(manifest
+        .get("machineOwned")
+        .and_then(Value::as_array)
+        .into_iter()
+        .flatten()
+        .filter_map(Value::as_str)
+        .filter(|value| is_non_empty_string(value))
+        .map(normalize_path)
+        .collect())
+}

package/crates/naome-core/src/task_state/shape.rs

@@ -0,0 +1,117 @@
+use serde_json::Value;
+
+use super::proof::validate_control_state_patterns;
+pub(super) use super::task_records::{
+    format_blocker, validate_blocker, validate_human_review, validate_prompt_record,
+    validate_revisions,
+};
+pub(super) use super::task_references::{
+    read_verification_check_ids, validate_active_task_references, validate_pending_upgrade,
+    validate_required_check_ids,
+};
+use super::types::ALLOWED_STATUS;
+use super::util::{
+    is_id, is_iso_datetime, require_string, require_string_array, require_string_array_allow_empty,
+};
+pub(super) fn validate_task_state_shape(task_state: &Value, errors: &mut Vec<String>) {
+    let Some(object) = task_state.as_object() else {
+        errors.push(".naome/task-state.json must be a JSON object.".to_string());
+        return;
+    };
+
+    match (
+        object.get("schema").and_then(Value::as_str),
+        object.get("version").and_then(Value::as_i64),
+    ) {
+        (Some("naome.task-state.v1"), Some(1)) | (Some("naome.task-state.v2"), Some(2)) => {}
+        _ => errors.push(
+            ".naome/task-state.json schema/version must be naome.task-state.v1/1 or naome.task-state.v2/2."
+                .to_string(),
+        ),
+    }
+
+    let status = object.get("status").and_then(Value::as_str);
+    if !status.is_some_and(|value| ALLOWED_STATUS.contains(&value)) {
+        errors.push(format!(
+            ".naome/task-state.json status must be one of: {}.",
+            ALLOWED_STATUS.join(", ")
+        ));
+    }
+
+    if let Some(updated_at) = object.get("updatedAt") {
+        if !updated_at.is_null() && !updated_at.as_str().is_some_and(is_iso_datetime) {
+            errors.push(
+                ".naome/task-state.json updatedAt must be an ISO timestamp or null.".to_string(),
+            );
+        }
+    }
+}
+
+pub(super) fn validate_idle_state(task_state: &Value, errors: &mut Vec<String>) {
+    if !task_state.get("activeTask").is_some_and(Value::is_null) {
+        errors.push("idle task state must have activeTask set to null.".to_string());
+    }
+
+    if !task_state.get("blocker").is_some_and(Value::is_null) {
+        errors.push("idle task state must have blocker set to null.".to_string());
+    }
+}
+
+pub(super) fn validate_active_task(active_task: Option<&Value>, errors: &mut Vec<String>) {
+    let Some(active_task) = active_task.and_then(Value::as_object) else {
+        errors.push("activeTask must be an object for active task states.".to_string());
+        return;
+    };
+
+    if !active_task
+        .get("id")
+        .and_then(Value::as_str)
+        .is_some_and(is_id)
+    {
+        errors.push("activeTask.id must be kebab-case lowercase.".to_string());
+    }
+
+    require_string(active_task.get("request"), "activeTask.request", errors);
+    validate_prompt_record(
+        active_task.get("userPrompt"),
+        "activeTask.userPrompt",
+        errors,
+    );
+    require_string_array(
+        active_task.get("allowedPaths"),
+        "activeTask.allowedPaths",
+        errors,
+    );
+    require_string_array(
+        active_task.get("declaredChangeTypes"),
+        "activeTask.declaredChangeTypes",
+        errors,
+    );
+    require_string_array_allow_empty(
+        active_task.get("requiredCheckIds"),
+        "activeTask.requiredCheckIds",
+        errors,
+    );
+    validate_control_state_patterns(
+        active_task.get("allowedPaths"),
+        "activeTask.allowedPaths",
+        errors,
+    );
+
+    let proof_results = active_task.get("proofResults");
+    let proof_batches = active_task.get("proofBatches");
+    if proof_results.is_some_and(|value| !value.is_array()) {
+        errors.push("activeTask.proofResults must be an array when present.".to_string());
+    }
+    if proof_batches.is_some_and(|value| !value.is_array()) {
+        errors.push("activeTask.proofBatches must be an array when present.".to_string());
+    }
+    if proof_results.is_none() && proof_batches.is_none() {
+        errors.push(
+            "activeTask.proofResults or activeTask.proofBatches must be present.".to_string(),
+        );
+    }
+
+    validate_revisions(active_task.get("revisions"), errors);
+    validate_human_review(active_task.get("humanReview"), errors);
+}

package/crates/naome-core/src/task_state/task_diff_api.rs

@@ -0,0 +1,170 @@
+use std::collections::HashSet;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::harness_health::validate_harness_health;
+use crate::models::NaomeError;
+
+use super::completion::validate_complete_task_against_entries;
+use super::git_io::{read_git_changed_entries, read_git_changed_paths};
+use super::reconcile::{
+    is_packaged_machine_owned_path, is_repair_archive_path, is_safe_harness_refresh_path,
+};
+use super::shape::{
+    read_verification_check_ids, validate_active_task, validate_active_task_references,
+    validate_pending_upgrade, validate_required_check_ids, validate_task_state_shape,
+};
+use super::types::{
+    CompletedTaskCommitDiff, HarnessRefreshDiff, HarnessRefreshWithUnrelatedDiff, TaskStateOptions,
+    CONTROL_STATE_PATH,
+};
+use super::util::{matches_any_pattern, read_json, string_array};
+
+pub fn completed_task_commit_paths(root: &Path) -> Result<Vec<String>, NaomeError> {
+    Ok(completed_task_commit_diff(root)?
+        .map(|diff| diff.task_paths)
+        .unwrap_or_default())
+}
+
+pub fn completed_task_commit_diff(
+    root: &Path,
+) -> Result<Option<CompletedTaskCommitDiff>, NaomeError> {
+    let mut read_errors = Vec::new();
+    let Some(task_state) = read_json(root, ".naome/task-state.json", &mut read_errors)? else {
+        return Ok(None);
+    };
+    if !read_errors.is_empty()
+        || task_state.get("status").and_then(Value::as_str) != Some("complete")
+    {
+        return Ok(None);
+    }
+    let Some(active_task) = task_state.get("activeTask") else {
+        return Ok(None);
+    };
+
+    let allowed_paths = string_array(active_task.get("allowedPaths")).unwrap_or_default();
+    let mut task_entries = Vec::new();
+    let mut unrelated_paths = Vec::new();
+    for entry in read_git_changed_entries(root)? {
+        if entry.path == CONTROL_STATE_PATH || matches_any_pattern(&entry.path, &allowed_paths) {
+            task_entries.push(entry);
+        } else {
+            unrelated_paths.push(entry.path);
+        }
+    }
+
+    if task_entries.is_empty() {
+        return Ok(None);
+    }
+
+    let mut errors = Vec::new();
+    validate_task_state_shape(&task_state, &mut errors);
+    validate_active_task(Some(active_task), &mut errors);
+    validate_pending_upgrade(&task_state, root, &mut errors)?;
+    validate_active_task_references(Some(active_task), root, &mut errors, Some("complete"))?;
+    if !task_state.get("blocker").is_some_and(Value::is_null) {
+        errors.push("complete task state must have blocker set to null.".to_string());
+    }
+    let check_ids = read_verification_check_ids(root, &mut errors)?;
+    validate_required_check_ids(active_task, &check_ids, &mut errors);
+    validate_complete_task_against_entries(
+        active_task,
+        root,
+        &check_ids,
+        &task_entries,
+        &mut errors,
+    )?;
+    if !errors.is_empty() {
+        return Ok(None);
+    }
+
+    let mut task_paths: Vec<String> = task_entries
+        .into_iter()
+        .map(|entry| entry.path)
+        .collect::<HashSet<_>>()
+        .into_iter()
+        .collect();
+    task_paths.sort();
+    unrelated_paths.sort();
+
+    Ok(Some(CompletedTaskCommitDiff {
+        task_paths,
+        unrelated_paths,
+    }))
+}
+
+pub fn harness_refresh_diff(root: &Path) -> Result<Option<HarnessRefreshDiff>, NaomeError> {
+    let changed_paths = read_git_changed_paths(root)?;
+    let has_repair_signal = changed_paths
+        .iter()
+        .any(|path| is_packaged_machine_owned_path(path) || is_repair_archive_path(path));
+    if !has_repair_signal {
+        return Ok(None);
+    }
+
+    let mut harness_paths = Vec::new();
+    let mut unrelated_paths = Vec::new();
+
+    for path in changed_paths {
+        if is_safe_harness_refresh_path(&path) {
+            harness_paths.push(path);
+        } else {
+            unrelated_paths.push(path);
+        }
+    }
+
+    if harness_paths.is_empty() {
+        return Ok(None);
+    }
+
+    harness_paths.sort();
+    unrelated_paths.sort();
+
+    Ok(Some(HarnessRefreshDiff {
+        harness_paths,
+        unrelated_paths,
+    }))
+}
+
+pub fn harness_refresh_with_unrelated_diff(
+    root: &Path,
+) -> Result<Option<HarnessRefreshWithUnrelatedDiff>, NaomeError> {
+    let Some(diff) = harness_refresh_diff(root)? else {
+        return Ok(None);
+    };
+    if diff.unrelated_paths.is_empty() {
+        return Ok(None);
+    }
+
+    Ok(Some(HarnessRefreshWithUnrelatedDiff {
+        harness_paths: diff.harness_paths,
+        unrelated_paths: diff.unrelated_paths,
+    }))
+}
+
+pub(super) fn validate_harness_health_gate(
+    root: &Path,
+    options: &TaskStateOptions,
+    errors: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    let Some(health_options) = options.harness_health.clone() else {
+        return Ok(());
+    };
+
+    let health_errors = validate_harness_health(root, health_options)?;
+    if health_errors.is_empty() {
+        return Ok(());
+    }
+
+    errors.push(
+        "Harness health failed; normal NAOME task work is repair-only until machine-owned harness files are healthy. Human options: repair_harness, review_harness_health."
+            .to_string(),
+    );
+    errors.extend(
+        health_errors
+            .into_iter()
+            .map(|error| format!("Harness health: {error}")),
+    );
+    Ok(())
+}

package/crates/naome-core/src/task_state/task_records.rs

@@ -0,0 +1,131 @@
+use serde_json::Value;
+
+use super::util::{
+    is_iso_datetime, is_non_empty_string, require_string, require_string_array,
+    require_string_array_allow_empty, string_array,
+};
+pub(super) fn validate_revisions(revisions: Option<&Value>, errors: &mut Vec<String>) {
+    let Some(revisions) = revisions else {
+        return;
+    };
+    let Some(revisions) = revisions.as_array() else {
+        errors.push("activeTask.revisions must be an array when present.".to_string());
+        return;
+    };
+
+    for (index, revision) in revisions.iter().enumerate() {
+        let prefix = format!("activeTask.revisions[{index}]");
+        let Some(object) = revision.as_object() else {
+            errors.push(format!("{prefix} must be an object."));
+            continue;
+        };
+
+        require_string(object.get("request"), &format!("{prefix}.request"), errors);
+        validate_prompt_record(
+            object.get("userPrompt"),
+            &format!("{prefix}.userPrompt"),
+            errors,
+        );
+
+        if !object
+            .get("requestedAt")
+            .and_then(Value::as_str)
+            .is_some_and(is_iso_datetime)
+        {
+            errors.push(format!("{prefix}.requestedAt must be an ISO timestamp."));
+        }
+
+        if let Some(proof_stale) = object.get("proofStale") {
+            if !proof_stale.is_boolean() {
+                errors.push(format!("{prefix}.proofStale must be boolean when present."));
+            }
+        }
+    }
+}
+
+pub(super) fn validate_prompt_record(
+    prompt_record: Option<&Value>,
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let Some(object) = prompt_record.and_then(Value::as_object) else {
+        errors.push(format!(
+            "{field_name} must be an object with receivedAt and text."
+        ));
+        return;
+    };
+
+    if !object
+        .get("receivedAt")
+        .and_then(Value::as_str)
+        .is_some_and(is_iso_datetime)
+    {
+        errors.push(format!("{field_name}.receivedAt must be an ISO timestamp."));
+    }
+
+    require_string(object.get("text"), &format!("{field_name}.text"), errors);
+}
+
+pub(super) fn validate_human_review(human_review: Option<&Value>, errors: &mut Vec<String>) {
+    let Some(object) = human_review.and_then(Value::as_object) else {
+        errors.push("activeTask.humanReview must be an object.".to_string());
+        return;
+    };
+
+    if !object.get("required").is_some_and(Value::is_boolean) {
+        errors.push("activeTask.humanReview.required must be boolean.".to_string());
+    }
+
+    if !object.get("approved").is_some_and(Value::is_boolean) {
+        errors.push("activeTask.humanReview.approved must be boolean.".to_string());
+    }
+
+    if let Some(reason) = object.get("reason") {
+        if !reason.is_null() && !reason.as_str().is_some_and(is_non_empty_string) {
+            errors.push("activeTask.humanReview.reason must be a string or null.".to_string());
+        }
+    }
+}
+
+pub(super) fn validate_blocker(blocker: Option<&Value>, errors: &mut Vec<String>) {
+    let Some(object) = blocker.and_then(Value::as_object) else {
+        errors.push(
+            "blocker must be an object when task state is blocked or needs human review."
+                .to_string(),
+        );
+        return;
+    };
+
+    require_string(object.get("type"), "blocker.type", errors);
+    require_string(object.get("message"), "blocker.message", errors);
+    require_string_array_allow_empty(object.get("paths"), "blocker.paths", errors);
+    require_string_array(object.get("humanOptions"), "blocker.humanOptions", errors);
+}
+
+pub(super) fn format_blocker(prefix: &str, blocker: Option<&Value>) -> String {
+    let Some(object) = blocker.and_then(Value::as_object) else {
+        return format!("{prefix}.");
+    };
+
+    let mut parts = vec![format!(
+        "{prefix}: {}",
+        object
+            .get("message")
+            .and_then(Value::as_str)
+            .unwrap_or("No message recorded.")
+    )];
+
+    if let Some(paths) = string_array(object.get("paths")) {
+        if !paths.is_empty() {
+            parts.push(format!("Paths: {}", paths.join(", ")));
+        }
+    }
+
+    if let Some(options) = string_array(object.get("humanOptions")) {
+        if !options.is_empty() {
+            parts.push(format!("Human options: {}", options.join(", ")));
+        }
+    }
+
+    parts.join(" ")
+}