npm - @lamentis/naome - Versions diffs - 1.3.12 → 1.3.14 - Mend

@lamentis/naome 1.3.12 → 1.3.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

package/crates/naome-core/tests/architecture_manifests.rs ADDED Viewed

@@ -0,0 +1,289 @@
+use naome_core::{scan_architecture, ArchitectureEdgeKind, ArchitectureScanOptions};
+mod architecture_support;
+use architecture_support::FixtureRepo;
+#[test]
+fn manifest_extractors_add_package_dependency_graph_nodes() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "package.json",
+        r#"{
+  "name": "@acme/web",
+  "dependencies": { "react": "^18.0.0" },
+  "devDependencies": { "vite": "^5.0.0" }
+}
+"#,
+    );
+    repo.write(
+        "crates/app/Cargo.toml",
+        "[package]\nname = \"app\"\nversion = \"0.1.0\"\n[dependencies]\nserde = \"1\"\n",
+    );
+    repo.write(
+        "pyproject.toml",
+        "[project]\nname = \"acme-python\"\ndependencies = [\"requests>=2\", \"fastapi\"]\n",
+    );
+    repo.write(
+        "go.mod",
+        "module github.com/acme/app\nrequire github.com/gin-gonic/gin v1.9.0\n",
+    );
+    repo.write(
+        "pom.xml",
+        "<project><groupId>com.acme</groupId><artifactId>service</artifactId><dependencies><dependency><groupId>org.slf4j</groupId><artifactId>slf4j-api</artifactId></dependency></dependencies></project>",
+    );
+    repo.write(
+        "build.gradle",
+        "plugins { id 'java' }\ndependencies { implementation 'com.google.guava:guava:33.0.0-jre' }\n",
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    for node_id in [
+        "package:npm:package.json",
+        "package:cargo:crates/app/Cargo.toml",
+        "package:python:pyproject.toml",
+        "package:go:go.mod",
+        "package:maven:pom.xml",
+        "package:gradle:build.gradle",
+        "external:react",
+        "external:vite",
+        "external:serde",
+        "external:requests",
+        "external:fastapi",
+        "external:github.com/gin-gonic/gin",
+        "external:org.slf4j:slf4j-api",
+        "external:com.google.guava:guava",
+    ] {
+        assert!(
+            scan.graph.nodes.iter().any(|node| node.id == node_id),
+            "missing {node_id}"
+        );
+    }
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:npm:package.json"
+            && edge.to == "external:react"
+            && edge.metadata.extractor == "manifest:package.json"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:go:go.mod"
+            && edge.to == "external:github.com/gin-gonic/gin"
+    }));
+    assert!(scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| { node.id == "package:npm:package.json" && node.label == "@acme/web" }));
+}
+#[test]
+fn manifest_package_ids_are_namespaced_and_parse_common_multiline_forms() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "package.json",
+        r#"{
+  "name": "core",
+  "dependencies": { "react": "^18.0.0" }
+}
+"#,
+    );
+    repo.write(
+        "crates/core/Cargo.toml",
+        "[package]\nname = \"core\"\nversion = \"0.1.0\"\n[dependencies.serde]\nversion = \"1\"\n",
+    );
+    repo.write(
+        "pyproject.toml",
+        "[project]\nname = \"core\"\ndependencies = [\n  \"requests>=2\",\n  \"fastapi\",\n]\n",
+    );
+    repo.write(
+        "build.gradle.kts",
+        "dependencies {\n  // implementation(\"com.acme:old-lib:1.0\")\n  implementation(\"com.google.guava:guava:33.0.0-jre\")\n  implementation group: 'com.squareup.okio', name: 'okio', version: '3.9.0'\n}\n",
+    );
+    repo.write(
+        "child/pom.xml",
+        r#"<project>
+  <parent>
+    <groupId>com.acme.parent</groupId>
+    <artifactId>parent</artifactId>
+  </parent>
+  <groupId>com.acme.child</groupId>
+  <artifactId>service</artifactId>
+  <dependencyManagement>
+    <dependencies>
+      <dependency>
+        <groupId>com.acme</groupId>
+        <artifactId>managed-only</artifactId>
+      </dependency>
+    </dependencies>
+  </dependencyManagement>
+  <dependencies>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+  </dependencies>
+  <build>
+    <plugins>
+      <plugin>
+        <dependencies>
+          <dependency>
+            <groupId>com.acme</groupId>
+            <artifactId>plugin-only</artifactId>
+          </dependency>
+        </dependencies>
+      </plugin>
+    </plugins>
+  </build>
+</project>"#,
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    for (node_id, label) in [
+        ("package:npm:package.json", "core"),
+        ("package:cargo:crates/core/Cargo.toml", "core"),
+        ("package:python:pyproject.toml", "core"),
+        ("package:gradle:build.gradle.kts", "gradle:build.gradle.kts"),
+        ("package:maven:child/pom.xml", "com.acme.child:service"),
+    ] {
+        assert!(
+            scan.graph
+                .nodes
+                .iter()
+                .any(|node| node.id == node_id && node.label == label),
+            "missing {node_id} with label {label}"
+        );
+    }
+    for (package_id, dependency_id) in [
+        ("package:npm:package.json", "external:react"),
+        ("package:cargo:crates/core/Cargo.toml", "external:serde"),
+        ("package:python:pyproject.toml", "external:requests"),
+        ("package:python:pyproject.toml", "external:fastapi"),
+        (
+            "package:gradle:build.gradle.kts",
+            "external:com.google.guava:guava",
+        ),
+        (
+            "package:gradle:build.gradle.kts",
+            "external:com.squareup.okio:okio",
+        ),
+        (
+            "package:maven:child/pom.xml",
+            "external:org.slf4j:slf4j-api",
+        ),
+    ] {
+        assert!(
+            scan.graph.edges.iter().any(|edge| {
+                edge.kind == ArchitectureEdgeKind::DependsOn
+                    && edge.from == package_id
+                    && edge.to == dependency_id
+            }),
+            "missing edge {package_id} -> {dependency_id}"
+        );
+    }
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:old-lib"));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:managed-only"));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:com.acme:plugin-only"));
+}
+#[test]
+fn swift_manifests_emit_package_and_dependency_nodes() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Package.swift",
+        r#"// swift-tools-version: 5.9
+import PackageDescription
+let package = Package(
+  name: "Tickets",
+  dependencies: [
+    .package(url: "https://github.com/Alamofire/Alamofire.git", from: "5.9.0"),
+    .package(url: "https://github.com/pointfreeco/swift-composable-architecture", exact: "1.8.0")
+  ]
+)
+"#,
+    );
+    repo.write(
+        "Tickets.xcodeproj/project.pbxproj",
+        r#"
+/* Begin XCRemoteSwiftPackageReference section */
+  repositoryURL = "https://github.com/onevcat/Kingfisher.git";
+/* End XCRemoteSwiftPackageReference section */
+"#,
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    for node_id in [
+        "package:swift:Package.swift",
+        "package:xcode:Tickets.xcodeproj/project.pbxproj",
+        "external:Alamofire",
+        "external:swift-composable-architecture",
+        "external:Kingfisher",
+    ] {
+        assert!(
+            scan.graph.nodes.iter().any(|node| node.id == node_id),
+            "missing {node_id}"
+        );
+    }
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:swift:Package.swift"
+            && edge.to == "external:Alamofire"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:xcode:Tickets.xcodeproj/project.pbxproj"
+            && edge.to == "external:Kingfisher"
+    }));
+}
+#[test]
+fn swift_manifests_ignore_commented_package_declarations() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Package.swift",
+        r#"// swift-tools-version: 5.9
+import PackageDescription
+let package = Package(
+  name: "CoreSwift",
+  dependencies: [
+    // .package(url: "https://github.com/Old/Old.git", from: "1.0.0"),
+    .package(url: "https://github.com/Alamofire/Alamofire.git", from: "5.9.0")
+  ]
+)
+"#,
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    assert!(scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "package:swift:Package.swift" && node.label == "CoreSwift"));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.kind == ArchitectureEdgeKind::DependsOn
+            && edge.from == "package:swift:Package.swift"
+            && edge.to == "external:Alamofire"
+    }));
+    assert!(!scan
+        .graph
+        .nodes
+        .iter()
+        .any(|node| node.id == "external:Old"));
+}

package/crates/naome-core/tests/architecture_support/mod.rs CHANGED Viewed

@@ -1,3 +1,5 @@
+#![allow(dead_code)]
 use std::fs;
 use std::path::{Path, PathBuf};
 use std::process::Command;

package/crates/naome-core/tests/architecture_swift.rs ADDED Viewed

@@ -0,0 +1,111 @@
+use naome_core::{scan_architecture, validate_architecture, ArchitectureScanOptions};
+mod architecture_support;
+use architecture_support::FixtureRepo;
+#[test]
+fn swift_imports_emit_external_dependency_edges_for_ios_apps() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "Sources/Tickets/AppView.swift",
+        "import SwiftUI\nimport UIKit\n@testable import TicketsCore\n@preconcurrency import Alamofire\n@_implementationOnly import Firebase\n",
+    );
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    let fact = scan
+        .file_facts
+        .get("Sources/Tickets/AppView.swift")
+        .unwrap();
+    assert_eq!(fact.language.as_deref(), Some("swift"));
+    for package in ["SwiftUI", "UIKit", "TicketsCore", "Alamofire", "Firebase"] {
+        assert!(
+            scan.graph
+                .nodes
+                .iter()
+                .any(|node| { node.id == format!("external:{package}") && node.label == package }),
+            "missing external node for {package}"
+        );
+    }
+}
+#[test]
+fn swift_apple_frameworks_do_not_violate_external_dependency_policy() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "naome.arch.yaml",
+        r#"
+layers:
+  domain:
+    paths:
+      - "Sources/Domain/**"
+rules:
+  external_dependency_policy:
+    enabled: true
+    severity: error
+external_dependencies:
+  domain:
+    allow: []
+"#,
+    );
+    repo.write(
+        "Sources/Domain/EventView.swift",
+        "import Foundation\nimport SwiftUI\nimport UIKit\nimport CoreBluetooth\nimport CoreImage\nimport CoreML\nimport Network\nimport Vision\nimport Alamofire\n",
+    );
+    let report = validate_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    assert_eq!(report.summary.errors, 1);
+    assert_eq!(
+        report.violations[0].to.as_deref(),
+        Some("external:Alamofire")
+    );
+}
+#[test]
+fn swiftpm_target_imports_resolve_to_local_target_files() {
+    let repo = FixtureRepo::new();
+    repo.write(
+        "naome.arch.yaml",
+        r#"
+layers:
+  ui:
+    paths:
+      - "Sources/App/**"
+      - "Tests/**"
+rules:
+  external_dependency_policy:
+    enabled: true
+    severity: error
+external_dependencies:
+  ui:
+    allow: []
+"#,
+    );
+    repo.write(
+        "Sources/App/AppView.swift",
+        "import SwiftUI\nimport Core\nimport Alamofire\n",
+    );
+    repo.write("Sources/Core/Model.swift", "public struct Model {}\n");
+    repo.write(
+        "Tests/CoreTests/CoreTests.swift",
+        "import XCTest\n@testable import Core\n",
+    );
+    let report = validate_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    let scan = scan_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.from == "file:Sources/App/AppView.swift" && edge.to == "file:Sources/Core/Model.swift"
+    }));
+    assert!(scan.graph.edges.iter().any(|edge| {
+        edge.from == "file:Tests/CoreTests/CoreTests.swift"
+            && edge.to == "file:Sources/Core/Model.swift"
+    }));
+    assert_eq!(report.summary.errors, 1);
+    assert_eq!(
+        report.violations[0].to.as_deref(),
+        Some("external:Alamofire")
+    );
+}

package/native/darwin-arm64/naome CHANGED Viewed

Binary file

package/native/linux-x64/naome CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lamentis/naome",
-  "version": "1.3.12",
+  "version": "1.3.14",
   "description": "Native-first CLI for the NAOME agent harness.",
   "license": "Apache-2.0",
   "type": "module",

package/templates/naome-root/.naome/manifest.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "harnessVersion": "1.3.11",
+  "harnessVersion": "1.3.13",
   "installedAt": null,
   "integrity": {
     ".naome/bin/check-harness-health.js": "sha256:802d7419774981a6af1826b3882270ff8f41259d516f98c52a02b4ddc184c467",
@@ -9,7 +9,7 @@
     ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
     "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
     "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-    "docs/naome/architecture-fitness.md": "sha256:3963d9a92d6481d4e72815a4dd749549320f23c45100b4821e75b7e6f3ffd00b",
+    "docs/naome/architecture-fitness.md": "sha256:88aa979f61f82c2802c416af2c374ba041c94157189d59048d6889b07034d394",
     "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
     "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
     "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/docs/naome/architecture-fitness.md CHANGED Viewed

@@ -14,8 +14,9 @@ facts instead of prompt text.
 - `naome arch validate` runs architecture rules with human output.
 - `naome arch validate --json` emits stable machine-readable output.
 - `naome arch validate --agent-feedback` emits compact repair instructions.
-- `naome arch validate --changed-only` uses changed paths when available and
-  safely degrades to a full scan for graph-level soundness.
+- `naome arch validate --changed-only` uses changed paths with the persistent
+  architecture cache when available and safely degrades to a full scan when the
+  cache cannot prove graph-level soundness.
 ## Graph Model
@@ -127,26 +128,56 @@ ignore:
 Agents should run `naome arch validate --changed-only --json` after changing
 source or template files. JSON output includes status, severity counts,
 violations, concrete suggestions, and `agentFeedback` entries optimized for
-repair loops.
+repair loops. It also reports `changedOnlyMode` and
+`changedOnlyDegradationReason`, so agents can distinguish an incremental cache
+run from a deliberate full-scan fallback.
+## Incremental Cache
+NAOME stores architecture file facts in `.naome/cache/architecture/cache.json`.
+Cache entries are keyed by file path and content hash, and the cache is tied to
+the effective architecture config hash plus the repository file-list hash.
+Changed-only validation is sound by construction:
+- the first run without a compatible cache performs a full scan and records
+  `changedOnlyMode: "degraded_full_scan"` with reason `cache_miss`;
+- config changes perform a full scan with reason `config_changed`;
+- added or deleted repository files perform a full scan with reason
+  `file_set_changed`;
+- when config and file set are unchanged, NAOME reuses cached facts for
+  untouched files, rescans changed files, rebuilds the full graph, and runs all
+  graph-level rules against that graph.
 ## CI Integration
 Use `node .naome/bin/naome.js arch validate --changed-only` as a fast gate.
-The first foundation release reports warnings for existing file-size debt and
-fails only on configured error rules.
+The command is deterministic in both cache-backed and fallback modes; CI can
+inspect the JSON fields above when it needs to distinguish performance from
+soundness fallbacks.
 ## Language Support
-The v1.3.12 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
+The v1.3.14 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
 Java, Kotlin, and Swift files by path extension. It extracts import facts for
-TypeScript, JavaScript, Rust, Python, and Go, resolves relative imports and
-simple repository-absolute aliases, and represents unresolved imports
-explicitly as graph nodes instead of dropping them. Architecture rules now
-cover layers, bounded contexts, public APIs, cycles, transitive layer reach,
-import/fan-out budgets, and external dependency policies.
+TypeScript, JavaScript, Rust, Python, Go, and Swift, resolves relative imports
+and simple repository-absolute aliases where the language supports them, and
+represents unresolved imports explicitly as graph nodes instead of dropping
+them. Swift and iOS app repositories get Apple framework imports, SwiftPM
+manifests, and Xcode Swift package references represented in the normalized
+graph; Apple SDK frameworks are treated as platform APIs for external policy.
+It also extracts package and dependency facts from `package.json`,
+`Cargo.toml`, `pyproject.toml`, `go.mod`, lightweight `pom.xml` / Gradle
+manifests, `Package.swift`, and `.xcodeproj/project.pbxproj`, then emits
+manifest-identity package nodes and manifest-owned `DependsOn` edges to
+external dependencies.
+Architecture rules now cover layers, bounded contexts, public APIs, cycles,
+transitive layer reach, import/fan-out budgets, and external dependency
+policies.
 ## Limitations
 This release intentionally keeps validation file-graph based. Manifest
-extractors, SARIF output, persistent scan caching, and deeper symbol-level call
-analysis remain planned follow-up slices before v1.4.0.
+extractors are dependency-owner oriented and do not yet parse every build-tool
+feature. SARIF output and deeper symbol-level call analysis remain planned
+follow-up slices before v1.4.0.