@lamentis/naome 1.3.15 → 1.3.17

package/crates/naome-core/tests/architecture_unresolved.rs

@@ -0,0 +1,36 @@
+use naome_core::{validate_architecture, ArchitectureScanOptions};
+
+mod architecture_support;
+
+use architecture_support::FixtureRepo;
+
+#[test]
+fn missing_rust_local_imports_remain_unresolved() {
+    let repo = FixtureRepo::new();
+    repo.write("src/lib.rs", "pub mod domain;\n");
+    repo.write(
+        "src/domain/mod.rs",
+        "use crate::missing::Thing;\nuse self::missing::Local;\npub mod service;\n",
+    );
+    repo.write("src/domain/service.rs", "use super::missing::Parent;\n");
+
+    let report = validate_architecture(repo.path(), ArchitectureScanOptions::default()).unwrap();
+    let unresolved = report
+        .config_findings
+        .iter()
+        .filter(|finding| finding.id == "arch.import.unresolved")
+        .map(|finding| finding.message.as_str())
+        .collect::<Vec<_>>();
+
+    for specifier in [
+        "crate::missing::Thing",
+        "self::missing::Local",
+        "super::missing::Parent",
+    ] {
+        assert!(
+            unresolved.iter().any(|message| message.contains(specifier)),
+            "{specifier}: {:?}",
+            unresolved
+        );
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lamentis/naome",
-  "version": "1.3.15",
+  "version": "1.3.17",
   "description": "Native-first CLI for the NAOME agent harness.",
   "license": "Apache-2.0",
   "type": "module",

package/templates/naome-root/.naome/bin/check-harness-health.js

@@ -17,6 +17,7 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
   "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
+  "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
   "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/.naome/bin/check-task-state.js

@@ -17,6 +17,7 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
   "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
+  "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
   "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/.naome/manifest.json

@@ -9,7 +9,7 @@
     ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
     "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
     "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-    "docs/naome/architecture-fitness.md": "sha256:88aa979f61f82c2802c416af2c374ba041c94157189d59048d6889b07034d394",
+    "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
     "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
     "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
     "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/.naome/verification.json

@@ -107,5 +107,10 @@
     }
   ],
   "changeTypes": [],
-  "releaseGates": []
+  "releaseGates": [
+    {
+      "checkId": "architecture-fitness-check",
+      "requiredWhen": "Before release or any source, manifest, alias, config, or structure change that can affect architecture."
+    }
+  ]
 }

package/templates/naome-root/docs/naome/architecture-fitness.md

@@ -7,7 +7,7 @@ facts instead of prompt text.
 
 ## Commands
 
-- `naome arch init` writes a starter `naome.arch.yaml`.
+- `naome arch init` writes a repository-aware starter `naome.arch.yaml`.
 - `naome arch explain` prints inferred layers, contexts, rules, and extractors.
 - `naome arch scan --json` emits the normalized graph.
 - `naome arch scan --write` writes `.naome/architecture-graph.json`.
@@ -34,70 +34,40 @@ extractor name, raw origin data, stable ID, and a human-readable label.
 Ignored paths require a reason so agents cannot silently suppress architecture
 ownership.
 
-```yaml
-layers:
-  domain:
-    paths:
-      - "src/domain/**"
-  infrastructure:
-    paths:
-      - "src/infrastructure/**"
-
-contexts:
-  billing:
-    paths:
-      - "src/billing/**"
-    public_api:
-      - "src/billing/index.ts"
+`naome arch init` starts from the files already present in the repository. It
+recognizes common `src/**` layers, Swift/iOS `Sources/**` layouts, feature
+directories under `src/`, and public API entrypoints such as `index.*` or
+`Public/**`. Repositories without recognizable source roots still receive the
+safe generic starter.
+
+Core configuration sections are `layers`, `contexts`, `rules`,
+`allowed_dependencies`, `external_dependencies`, and `ignore`. Typical rules are
+enabled as:
 
+```yaml
 rules:
   no_forbidden_layer_dependencies:
     enabled: true
     severity: error
-  no_cross_context_internal_imports:
-    enabled: true
-    severity: error
   public_api_boundary:
     enabled: true
     severity: error
   no_cycles:
     enabled: true
     severity: error
-  no_transitive_forbidden_layer_dependencies:
-    enabled: true
-    severity: error
   max_imports_per_file:
     enabled: true
     value: 20
     severity: warning
-  max_fan_out:
-    enabled: true
-    value: 20
-    severity: warning
-  external_dependency_policy:
-    enabled: true
-    severity: error
   max_file_lines:
     enabled: true
     value: 400
     severity: warning
-  generated_manual_boundary:
-    enabled: true
-    severity: error
-
-allowed_dependencies:
-  domain:
-  infrastructure:
-    - domain
+```
 
-external_dependencies:
-  domain:
-    allow: []
-  infrastructure:
-    allow:
-      - "stripe"
-      - "@supabase/*"
+Use explicit ignore reasons, for example:
 
+```yaml
 ignore:
   - path: "generated/**"
     reason: "Generated code is not architecture-owned."
@@ -132,6 +102,24 @@ repair loops. It also reports `changedOnlyMode` and
 `changedOnlyDegradationReason`, so agents can distinguish an incremental cache
 run from a deliberate full-scan fallback.
 
+Agent feedback is intentionally compact. Dependency repair entries include the
+source file and target file when both are known, plus direct `must_not_do`
+constraints for layer-boundary violations. Configuration findings also surface
+unresolved imports as repairable feedback so agents do not treat missing graph
+edges as clean architecture.
+
+## Configuration Findings
+
+Validation can pass while still reporting configuration findings. These are
+non-blocking warnings about weak architecture policy, such as:
+
+- broad catch-all layers or contexts overlapping narrower boundaries;
+- layers or contexts whose path patterns match no files;
+- unresolved imports that could hide real dependency edges.
+
+Use `naome arch explain --json` or `naome arch validate --json` to inspect
+`configFindings` deterministically in CI or agent loops.
+
 ## Incremental Cache
 
 NAOME stores architecture file facts in `.naome/cache/architecture/cache.json`.
@@ -145,6 +133,10 @@ Changed-only validation is sound by construction:
 - config changes perform a full scan with reason `config_changed`;
 - added or deleted repository files perform a full scan with reason
   `file_set_changed`;
+- manifest and resolver-context changes such as `package.json`,
+  `tsconfig.json`, `jsconfig.json`, `Cargo.toml`, `go.mod`, `Package.swift`,
+  Gradle, Maven, CocoaPods, Carthage, or Xcode project files perform a full
+  scan with reason `resolver_context_changed`;
 - when config and file set are unchanged, NAOME reuses cached facts for
   untouched files, rescans changed files, rebuilds the full graph, and runs all
   graph-level rules against that graph.
@@ -156,14 +148,23 @@ The command is deterministic in both cache-backed and fallback modes; CI can
 inspect the JSON fields above when it needs to distinguish performance from
 soundness fallbacks.
 
+For v1.4 readiness, architecture fitness is a release gate whenever source,
+manifest, alias, config, or structure changes can alter dependency edges. Treat
+error-level violations as blocking. Warning-level config findings are advisory
+unless the repository chooses stricter policy, but unresolved imports should be
+triaged before claiming a clean architecture result.
+
 ## Language Support
 
-The v1.3.14 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
+The v1.3.17 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
 Java, Kotlin, and Swift files by path extension. It extracts import facts for
-TypeScript, JavaScript, Rust, Python, Go, and Swift, resolves relative imports
-and simple repository-absolute aliases where the language supports them, and
-represents unresolved imports explicitly as graph nodes instead of dropping
-them. Swift and iOS app repositories get Apple framework imports, SwiftPM
+TypeScript, JavaScript, Rust, Python, Go, and Swift. It resolves relative
+imports, repository-absolute aliases, TypeScript/JavaScript `paths` aliases
+from nearby `tsconfig.json` or `jsconfig.json`, Python package imports with
+local `__init__.py` roots, Go module imports, SwiftPM target imports, and Rust
+crate/self/super module paths where possible.
+Unresolved imports are represented explicitly as graph nodes instead of
+dropping them. Swift and iOS app repositories get Apple framework imports, SwiftPM
 manifests, and Xcode Swift package references represented in the normalized
 graph; Apple SDK frameworks are treated as platform APIs for external policy.
 It also extracts package and dependency facts from `package.json`,
@@ -175,9 +176,25 @@ Architecture rules now cover layers, bounded contexts, public APIs, cycles,
 transitive layer reach, import/fan-out budgets, and external dependency
 policies.
 
+## Acceptance Coverage
+
+v1.4 readiness is covered with deterministic fixture repositories for
+TypeScript/JavaScript aliases, Rust crate paths, Python package roots, Go
+modules, Swift/iOS targets, and mixed monorepos. These fixtures assert both
+positive local-edge resolution and negative forbidden-dependency findings.
+
 ## Limitations
 
 This release intentionally keeps validation file-graph based. Manifest
 extractors are dependency-owner oriented and do not yet parse every build-tool
-feature. SARIF output and deeper symbol-level call analysis remain planned
-follow-up slices before v1.4.0.
+feature. Deep symbol-level call analysis and SARIF output remain follow-up work.
+
+## v1.4 Migration Checklist
+
+1. Run `naome arch init` and review inferred layers and contexts.
+2. Run `naome arch explain --json` and address ineffective config findings.
+3. Run `naome arch validate --json` and fix error-level violations first.
+4. Treat unresolved imports as incomplete architecture evidence, not as passes.
+5. Add explicit `ignore` entries only with reasons for generated or vendor code.
+6. Enable the CI gate with `naome arch validate --changed-only` once the full
+   repository has no error-level violations.