@lamentis/naome 1.1.2 → 1.2.0

package/crates/naome-cli/src/quality_commands.rs

@@ -0,0 +1,141 @@
+use std::path::Path;
+
+use naome_core::{
+    check_repository_quality, init_repository_quality, plan_quality_cleanup, route_quality_cleanup,
+    QualityMode,
+};
+
+use crate::cli_args::option_value;
+
+pub fn run_quality_command(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let Some(subcommand) = args.get(1).map(String::as_str) else {
+        return Err("naome quality requires init, check, or report.".into());
+    };
+    let json = args.iter().any(|arg| arg == "--json");
+
+    match subcommand {
+        "init" => {
+            let result = init_repository_quality(root)?;
+            if json {
+                println!("{}", serde_json::to_string_pretty(&result)?);
+            } else {
+                println!("NAOME repository quality initialized.");
+                println!("Baseline violations: {}", result.baseline_violations);
+            }
+        }
+        "check" => run_quality_check(root, args, json)?,
+        "report" => run_quality_report(root, json)?,
+        _ => return Err(format!("unknown naome quality command: {subcommand}").into()),
+    }
+    Ok(())
+}
+
+pub fn run_cleanup_command(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let Some(subcommand) = args.get(1).map(String::as_str) else {
+        return Err("naome cleanup requires plan or route.".into());
+    };
+    let json = args.iter().any(|arg| arg == "--json");
+
+    match subcommand {
+        "plan" => run_cleanup_plan(root, json)?,
+        "route" => run_cleanup_route(root, args, json)?,
+        _ => return Err(format!("unknown naome cleanup command: {subcommand}").into()),
+    }
+    Ok(())
+}
+
+fn run_quality_check(
+    root: &Path,
+    args: &[String],
+    json: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+    if !args.iter().any(|arg| arg == "--changed") {
+        return Err("naome quality check requires --changed.".into());
+    }
+    let report = check_repository_quality(root, QualityMode::Changed)?;
+    if json {
+        println!("{}", serde_json::to_string_pretty(&report)?);
+    } else if report.ok {
+        println!("NAOME repository quality OK.");
+    } else {
+        eprintln!(
+            "NAOME repository quality failed with {} violation(s).",
+            report.violations.len()
+        );
+        for violation in report.violations.iter().take(20) {
+            print_quality_violation(violation);
+        }
+    }
+    if !report.ok {
+        std::process::exit(1);
+    }
+    Ok(())
+}
+
+fn run_quality_report(root: &Path, json: bool) -> Result<(), Box<dyn std::error::Error>> {
+    let report = check_repository_quality(root, QualityMode::Report)?;
+    if json {
+        println!("{}", serde_json::to_string_pretty(&report)?);
+    } else if report.violations.is_empty() {
+        println!("NAOME repository quality report: no debt found.");
+    } else {
+        println!(
+            "NAOME repository quality report: {} violation(s) across {} scanned file(s).",
+            report.violations.len(),
+            report.summary.scanned_files
+        );
+        for violation in report.violations.iter().take(20) {
+            print_quality_violation(violation);
+        }
+    }
+    Ok(())
+}
+
+fn run_cleanup_plan(root: &Path, json: bool) -> Result<(), Box<dyn std::error::Error>> {
+    let plan = plan_quality_cleanup(root)?;
+    if json {
+        println!("{}", serde_json::to_string_pretty(&plan)?);
+    } else if plan.tasks.is_empty() {
+        println!("NAOME cleanup plan: no repository-quality debt found.");
+    } else {
+        println!("NAOME cleanup plan:");
+        for task in plan.tasks.iter().take(20) {
+            println!(
+                "- {}: {} violation(s) [{}]",
+                task.path,
+                task.violation_count,
+                task.check_ids.join(", ")
+            );
+        }
+    }
+    Ok(())
+}
+
+fn run_cleanup_route(
+    root: &Path,
+    args: &[String],
+    json: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let Some(path) = option_value(args, "--path") else {
+        return Err("naome cleanup route requires --path <path>.".into());
+    };
+    let route = route_quality_cleanup(root, path)?;
+    if json {
+        println!("{}", serde_json::to_string_pretty(&route)?);
+    } else {
+        println!("NAOME cleanup route for {}", route.path);
+        println!("{}", route.agent_instructions);
+        if !route.related_paths.is_empty() {
+            println!("Related paths: {}", route.related_paths.join(", "));
+        }
+    }
+    Ok(())
+}
+
+fn print_quality_violation(violation: &naome_core::QualityViolation) {
+    let location = violation
+        .line
+        .map(|line| format!("{}:{line}", violation.path))
+        .unwrap_or_else(|| violation.path.clone());
+    eprintln!("- {location} {}: {}", violation.check_id, violation.message);
+}

package/crates/naome-cli/src/simple_commands.rs

@@ -0,0 +1,53 @@
+use std::path::Path;
+
+use naome_core::{install_plan, seed_builtin_verification_checks};
+
+use crate::cli_args::option_value;
+
+pub fn print_install_plan(args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let harness_version = option_value(args, "--harness-version")
+        .or_else(|| option_value(args, "--version"))
+        .unwrap_or_else(|| env!("CARGO_PKG_VERSION").to_string());
+    println!(
+        "{}",
+        serde_json::to_string_pretty(&install_plan(harness_version))?
+    );
+    Ok(())
+}
+
+pub fn seed_verification(root: &Path) -> Result<(), Box<dyn std::error::Error>> {
+    if seed_builtin_verification_checks(root)? {
+        println!("NAOME verification checks updated.");
+    } else {
+        println!("NAOME verification checks already present.");
+    }
+    Ok(())
+}
+
+pub fn run_journal_task(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let outcome =
+        option_value(args, "--outcome").unwrap_or_else(|| "naome_commit_baseline".to_string());
+    let commit_before = option_value(args, "--commit-before");
+    let commit_after = option_value(args, "--commit-after");
+    let entry = naome_core::append_task_journal(root, &outcome, commit_before, commit_after)?;
+    if args.iter().any(|arg| arg == "--json") {
+        println!("{}", serde_json::to_string_pretty(&entry)?);
+    } else if entry.is_some() {
+        println!("NAOME task journal updated.");
+    } else {
+        println!("NAOME task journal had no active task to record.");
+    }
+    Ok(())
+}
+
+pub fn run_commit_paths(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let paths = naome_core::completed_task_commit_paths(root)?;
+    if args.iter().any(|arg| arg == "--json") {
+        println!("{}", serde_json::to_string_pretty(&paths)?);
+    } else {
+        for path in paths {
+            println!("{path}");
+        }
+    }
+    Ok(())
+}

package/crates/naome-cli/src/workflow_commands.rs

@@ -0,0 +1,153 @@
+use std::path::Path;
+
+use naome_core::{
+    classify_mutations, refresh_integrity, safe_rg_args, tracked_process_report,
+    validate_search_command, verification_phase_plan,
+};
+
+use crate::cli_args::option_value;
+
+pub fn run_refresh_integrity(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let report = refresh_integrity(root)?;
+    if args.iter().any(|arg| arg == "--json") {
+        println!("{}", serde_json::to_string_pretty(&report)?);
+    } else if report.updated {
+        println!(
+            "NAOME integrity refreshed: {}.",
+            report.changed_paths.join(", ")
+        );
+    } else {
+        println!("NAOME integrity already current.");
+    }
+    Ok(())
+}
+
+pub fn run_workflow_command(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let Some(subcommand) = args.get(1).map(String::as_str) else {
+        return Err("naome workflow requires search-profile, check-search, phases, processes, or mutations.".into());
+    };
+    let json = args.iter().any(|arg| arg == "--json");
+
+    match subcommand {
+        "search-profile" => {
+            let args = safe_rg_args(root)?;
+            if json {
+                println!("{}", serde_json::to_string_pretty(&args)?);
+            } else {
+                println!(
+                    "{}",
+                    args.iter()
+                        .map(|arg| shell_quote(arg))
+                        .collect::<Vec<_>>()
+                        .join(" ")
+                );
+            }
+        }
+        "check-search" => run_check_search(root, args, json)?,
+        "phases" => {
+            let plan = verification_phase_plan(root, &[])?;
+            if json {
+                println!("{}", serde_json::to_string_pretty(&plan)?);
+            } else {
+                println!(
+                    "Recommended checks: {}",
+                    empty_label(&plan.recommended_check_ids)
+                );
+                if !plan.withheld_check_ids.is_empty() {
+                    println!("Withheld checks: {}", plan.withheld_check_ids.join(", "));
+                }
+            }
+        }
+        "processes" => {
+            let report = tracked_process_report(root)?;
+            if json {
+                println!("{}", serde_json::to_string_pretty(&report)?);
+            } else if report.active.is_empty() {
+                println!("NAOME tracked processes OK.");
+            } else {
+                println!("Active tracked processes:");
+                for process in report.active {
+                    println!("- {} [{}]", process.command, process.cwd);
+                }
+            }
+        }
+        "mutations" => run_mutations(root, args, json)?,
+        _ => return Err(format!("unknown naome workflow command: {subcommand}").into()),
+    }
+    Ok(())
+}
+
+fn run_check_search(
+    root: &Path,
+    args: &[String],
+    json: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let Some(command) = option_value(args, "--command") else {
+        return Err("naome workflow check-search requires --command <command>.".into());
+    };
+    let findings = validate_search_command(root, &command)?;
+    if !json && findings.is_empty() {
+        println!("NAOME search command OK.");
+    }
+    if json {
+        println!("{}", serde_json::to_string_pretty(&findings)?);
+    } else {
+        for finding in &findings {
+            println!("- {}: {}", finding.check_id, finding.message);
+        }
+    }
+    if !findings.is_empty() {
+        std::process::exit(1);
+    }
+    Ok(())
+}
+
+fn run_mutations(
+    root: &Path,
+    args: &[String],
+    json: bool,
+) -> Result<(), Box<dyn std::error::Error>> {
+    let paths = args
+        .iter()
+        .skip_while(|arg| arg.as_str() != "--path")
+        .skip(1)
+        .filter(|arg| !arg.starts_with("--"))
+        .cloned()
+        .collect::<Vec<_>>();
+    if paths.is_empty() {
+        return Err("naome workflow mutations requires --path <path> [path...]".into());
+    }
+    let classes = classify_mutations(root, &paths)?;
+    if json {
+        println!("{}", serde_json::to_string_pretty(&classes)?);
+    } else {
+        for entry in classes {
+            println!("{}: {}", entry.path, entry.mutation_class);
+        }
+    }
+    Ok(())
+}
+
+fn empty_label(values: &[String]) -> String {
+    if values.is_empty() {
+        "none".to_string()
+    } else {
+        values.join(", ")
+    }
+}
+
+fn shell_quote(value: &str) -> String {
+    if value
+        .chars()
+        .all(|ch| ch.is_ascii_alphanumeric() || matches!(ch, '-' | '_' | '.' | '/' | ':'))
+    {
+        return value.to_string();
+    }
+    format!("'{}'", value.replace('\'', "'\\''"))
+}

package/crates/naome-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-core"
-version = "1.1.2"
+version = "1.2.0"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-core/src/harness_health/integrity.rs

@@ -0,0 +1,96 @@
+use sha2::{Digest, Sha256};
+
+const HEALTH_CHECKER_RELATIVE_PATH: &str = ".naome/bin/check-harness-health.js";
+const TASK_STATE_CHECKER_RELATIVE_PATH: &str = ".naome/bin/check-task-state.js";
+
+pub(crate) const NAOME_COMMAND_RELATIVE_PATH: &str = ".naome/bin/naome.js";
+
+#[cfg(windows)]
+pub(crate) const NATIVE_BINARY_RELATIVE_PATH: &str = ".naome/bin/naome-rust.exe";
+#[cfg(not(windows))]
+pub(crate) const NATIVE_BINARY_RELATIVE_PATH: &str = ".naome/bin/naome-rust";
+
+pub(crate) fn machine_integrity_hash(relative_path: &str, content: &[u8]) -> String {
+    format!("sha256:{}", machine_sha256(relative_path, content))
+}
+
+pub(crate) fn sha256_bytes(content: &[u8]) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(content);
+    format!("{:x}", hasher.finalize())
+}
+
+pub(crate) fn is_integrity_hash(value: &str) -> bool {
+    value.len() == "sha256:".len() + 64
+        && value.starts_with("sha256:")
+        && value["sha256:".len()..]
+            .chars()
+            .all(|ch| ch.is_ascii_hexdigit() && !ch.is_ascii_uppercase())
+}
+
+pub(crate) fn native_integrity_from_naome_command(content: &str) -> Option<String> {
+    let prefix = "const expectedNativeBinaryIntegrity = \"";
+    let start = content.find(prefix)? + prefix.len();
+    let rest = &content[start..];
+    let end = rest.find("\";")?;
+    let value = &rest[..end];
+    is_integrity_hash(value).then(|| value.to_string())
+}
+
+fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
+    let normalized = normalize_machine_owned_content(relative_path, content);
+    sha256_bytes(&normalized)
+}
+
+fn normalize_machine_owned_content(relative_path: &str, content: &[u8]) -> Vec<u8> {
+    if relative_path == HEALTH_CHECKER_RELATIVE_PATH
+        || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
+    {
+        return replace_expected_integrity_block(content);
+    }
+
+    if relative_path == NAOME_COMMAND_RELATIVE_PATH {
+        return replace_native_integrity_line(content);
+    }
+
+    content.to_vec()
+}
+
+fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
+    let text = String::from_utf8_lossy(content);
+    let start_marker = "const expectedMachineOwnedIntegrity = Object.freeze({\n";
+    let normalized =
+        "const expectedMachineOwnedIntegrity = Object.freeze({\n  __generated__: \"sha256:generated\"\n});\n";
+    let Some(start) = text.find(start_marker) else {
+        return content.to_vec();
+    };
+    let after_start = start + start_marker.len();
+    let Some(relative_end) = text[after_start..].find("\n});\n") else {
+        return content.to_vec();
+    };
+    let end = after_start + relative_end + "\n});\n".len();
+
+    let mut next = String::with_capacity(text.len());
+    next.push_str(&text[..start]);
+    next.push_str(normalized);
+    next.push_str(&text[end..]);
+    next.into_bytes()
+}
+
+fn replace_native_integrity_line(content: &[u8]) -> Vec<u8> {
+    let text = String::from_utf8_lossy(content);
+    let prefix = "const expectedNativeBinaryIntegrity = \"";
+    let Some(start) = text.find(prefix) else {
+        return content.to_vec();
+    };
+    let Some(relative_end) = text[start..].find(";\n") else {
+        return content.to_vec();
+    };
+    let end = start + relative_end + ";\n".len();
+
+    let mut next = String::with_capacity(text.len());
+    next.push_str(&text[..start]);
+    next.push_str("const expectedNativeBinaryIntegrity = \"sha256:generated\";\n");
+    next.push_str(&text[end..]);
+    next.into_bytes()
+}

package/crates/naome-core/src/harness_health.rs

@@ -1,49 +1,19 @@
+mod integrity;
+
 use std::collections::{HashMap, HashSet};
 use std::fs;
 use std::path::{Component, Path};
 
 use serde_json::Value;
-use sha2::{Digest, Sha256};
 
+pub(crate) use self::integrity::machine_integrity_hash;
+use self::integrity::{
+    is_integrity_hash, native_integrity_from_naome_command, sha256_bytes,
+    NAOME_COMMAND_RELATIVE_PATH, NATIVE_BINARY_RELATIVE_PATH,
+};
+use crate::install_plan::{MACHINE_OWNED_PATHS, PROJECT_OWNED_PATHS};
 use crate::models::NaomeError;
 
-const HEALTH_CHECKER_RELATIVE_PATH: &str = ".naome/bin/check-harness-health.js";
-const TASK_STATE_CHECKER_RELATIVE_PATH: &str = ".naome/bin/check-task-state.js";
-const NAOME_COMMAND_RELATIVE_PATH: &str = ".naome/bin/naome.js";
-
-#[cfg(windows)]
-const NATIVE_BINARY_RELATIVE_PATH: &str = ".naome/bin/naome-rust.exe";
-#[cfg(not(windows))]
-const NATIVE_BINARY_RELATIVE_PATH: &str = ".naome/bin/naome-rust";
-
-const EXPECTED_MACHINE_OWNED_PATHS: &[&str] = &[
-    "AGENTS.md",
-    ".naome/package.json",
-    ".naome/bin/naome.js",
-    ".naome/bin/check-task-state.js",
-    ".naome/bin/check-harness-health.js",
-    ".naome/task-contract.schema.json",
-    "docs/naome/index.md",
-    "docs/naome/first-run.md",
-    "docs/naome/agent-workflow.md",
-    "docs/naome/execution.md",
-    "docs/naome/upgrade.md",
-];
-
-const EXPECTED_PROJECT_OWNED_PATHS: &[&str] = &[
-    ".naomeignore",
-    ".naome/init-state.json",
-    ".naome/manifest.json",
-    ".naome/task-state.json",
-    ".naome/upgrade-state.json",
-    ".naome/verification.json",
-    "docs/naome/architecture.md",
-    "docs/naome/decisions.md",
-    "docs/naome/repo-profile.md",
-    "docs/naome/security.md",
-    "docs/naome/testing.md",
-];
-
 #[derive(Debug, Clone, Default)]
 pub struct HarnessHealthOptions {
     pub expected_integrity: HashMap<String, String>,
@@ -57,11 +27,11 @@ pub fn validate_harness_health(
 ) -> Result<Vec<String>, NaomeError> {
     let mut errors = Vec::new();
 
-    for relative_path in EXPECTED_MACHINE_OWNED_PATHS {
+    for relative_path in MACHINE_OWNED_PATHS {
         validate_regular_file(root, relative_path, &mut errors)?;
     }
 
-    for relative_path in EXPECTED_PROJECT_OWNED_PATHS {
+    for relative_path in PROJECT_OWNED_PATHS {
         validate_regular_file(root, relative_path, &mut errors)?;
     }
 
@@ -130,13 +100,13 @@ fn validate_manifest_ownership(manifest: &Value, errors: &mut Vec<String>) {
 
     validate_contains_all(
         &machine_owned,
-        EXPECTED_MACHINE_OWNED_PATHS,
+        MACHINE_OWNED_PATHS,
         ".naome/manifest.json machineOwned",
         errors,
     );
     validate_contains_all(
         &project_owned,
-        EXPECTED_PROJECT_OWNED_PATHS,
+        PROJECT_OWNED_PATHS,
         ".naome/manifest.json projectOwned",
         errors,
     );
@@ -152,7 +122,7 @@ fn validate_manifest_integrity(
         return Ok(());
     };
 
-    for relative_path in EXPECTED_MACHINE_OWNED_PATHS {
+    for relative_path in MACHINE_OWNED_PATHS {
         let packaged_expected = options.expected_integrity.get(*relative_path);
         let manifest_expected = integrity.get(*relative_path).and_then(Value::as_str);
 
@@ -190,7 +160,7 @@ fn validate_manifest_integrity(
         }
 
         let content = fs::read(root.join(relative_path))?;
-        let actual = format!("sha256:{}", machine_sha256(relative_path, &content));
+        let actual = machine_integrity_hash(relative_path, &content);
         if actual != *packaged_expected {
             errors.push(format!(
                 "{relative_path} integrity mismatch. Expected {packaged_expected}, got {actual}."
@@ -475,85 +445,3 @@ fn is_version(value: &str) -> bool {
             .iter()
             .all(|part| !part.is_empty() && part.chars().all(|ch| ch.is_ascii_digit()))
 }
-
-fn is_integrity_hash(value: &str) -> bool {
-    value.len() == "sha256:".len() + 64
-        && value.starts_with("sha256:")
-        && value["sha256:".len()..]
-            .chars()
-            .all(|ch| ch.is_ascii_hexdigit() && !ch.is_ascii_uppercase())
-}
-
-fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
-    let normalized = normalize_machine_owned_content(relative_path, content);
-    sha256_bytes(&normalized)
-}
-
-fn sha256_bytes(content: &[u8]) -> String {
-    let mut hasher = Sha256::new();
-    hasher.update(content);
-    format!("{:x}", hasher.finalize())
-}
-
-fn normalize_machine_owned_content(relative_path: &str, content: &[u8]) -> Vec<u8> {
-    if relative_path == HEALTH_CHECKER_RELATIVE_PATH
-        || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
-    {
-        return replace_expected_integrity_block(content);
-    }
-
-    if relative_path == NAOME_COMMAND_RELATIVE_PATH {
-        return replace_native_integrity_line(content);
-    }
-
-    content.to_vec()
-}
-
-fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
-    let text = String::from_utf8_lossy(content);
-    let start_marker = "const expectedMachineOwnedIntegrity = Object.freeze({\n";
-    let normalized =
-        "const expectedMachineOwnedIntegrity = Object.freeze({\n  __generated__: \"sha256:generated\"\n});\n";
-    let Some(start) = text.find(start_marker) else {
-        return content.to_vec();
-    };
-    let after_start = start + start_marker.len();
-    let Some(relative_end) = text[after_start..].find("\n});\n") else {
-        return content.to_vec();
-    };
-    let end = after_start + relative_end + "\n});\n".len();
-
-    let mut next = String::with_capacity(text.len());
-    next.push_str(&text[..start]);
-    next.push_str(normalized);
-    next.push_str(&text[end..]);
-    next.into_bytes()
-}
-
-fn replace_native_integrity_line(content: &[u8]) -> Vec<u8> {
-    let text = String::from_utf8_lossy(content);
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let Some(start) = text.find(prefix) else {
-        return content.to_vec();
-    };
-    let Some(relative_end) = text[start..].find(";\n") else {
-        return content.to_vec();
-    };
-    let end = start + relative_end + ";\n".len();
-    let replacement = "const expectedNativeBinaryIntegrity = \"sha256:generated\";\n";
-
-    let mut next = String::with_capacity(text.len());
-    next.push_str(&text[..start]);
-    next.push_str(replacement);
-    next.push_str(&text[end..]);
-    next.into_bytes()
-}
-
-fn native_integrity_from_naome_command(content: &str) -> Option<String> {
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let start = content.find(prefix)? + prefix.len();
-    let rest = &content[start..];
-    let end = rest.find("\";")?;
-    let value = &rest[..end];
-    is_integrity_hash(value).then(|| value.to_string())
-}

package/crates/naome-core/src/install_plan.rs

@@ -21,9 +21,12 @@ pub const PROJECT_OWNED_PATHS: &[&str] = &[
     ".naome/task-state.json",
     ".naome/upgrade-state.json",
     ".naome/verification.json",
+    ".naome/repository-quality.json",
+    ".naome/repository-quality-baseline.json",
     "docs/naome/architecture.md",
     "docs/naome/decisions.md",
     "docs/naome/repo-profile.md",
+    "docs/naome/repository-quality.md",
     "docs/naome/security.md",
     "docs/naome/testing.md",
 ];