npm - @lamentis/naome - Versions diffs - 1.3.17 → 1.4.1 - Mend

@lamentis/naome 1.3.17 → 1.4.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (55) hide show

package/crates/naome-core/tests/task_status_git.rs ADDED Viewed

@@ -0,0 +1,141 @@
+#![allow(dead_code, unused_imports)]
+use std::fs;
+use naome_core::{task_status_exit_code, task_status_report};
+use serde_json::json;
+mod task_state_support;
+use task_state_support::{active_task, task_state_with_status, TaskFixture};
+#[test]
+fn task_status_reports_git_recovery_findings() {
+    let repo = TaskFixture::new(task_state_with_status(
+        "implementing",
+        active_task(json!({
+            "allowedPaths": ["**"],
+            "requiredCheckIds": [],
+            "proofResults": []
+        })),
+    ));
+    repo.init_git();
+    repo.set_admission_head("aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa");
+    let status = task_status_report(repo.path()).unwrap();
+    assert_eq!(status.git.admission_head_reachable, false);
+    assert!(status
+        .findings
+        .iter()
+        .any(|finding| finding.id == "task.git.admission_head_missing"));
+}
+#[test]
+fn task_status_reports_unreachable_existing_admission_head() {
+    let repo = TaskFixture::new(task_state_with_status(
+        "implementing",
+        active_task(json!({})),
+    ));
+    repo.init_git();
+    let admission_head = repo.git(["rev-parse", "HEAD"]).trim().to_string();
+    repo.git(["checkout", "--orphan", "other"]);
+    repo.write("OTHER.md", "other\n");
+    repo.git(["add", "."]);
+    repo.git(["commit", "-m", "other"]);
+    repo.set_admission_head(&admission_head);
+    let status = task_status_report(repo.path()).unwrap();
+    assert!(status.findings.iter().any(|finding| {
+        finding.id == "task.git.admission_head_not_reachable"
+            && finding.suggested_fix.contains("Rebase")
+    }));
+}
+#[test]
+fn task_status_reports_operation_in_progress_and_conflict_markers() {
+    let repo = TaskFixture::new(task_state_with_status(
+        "implementing",
+        active_task(json!({})),
+    ));
+    repo.init_git();
+    let merge_head = repo.git(["rev-parse", "--git-path", "MERGE_HEAD"]);
+    fs::write(repo.path().join(merge_head.trim()), "deadbeef\n").unwrap();
+    let status = task_status_report(repo.path()).unwrap();
+    assert!(status
+        .findings
+        .iter()
+        .any(|finding| finding.id == "task.git.operation_in_progress"));
+    fs::write(
+        repo.path().join(".naome/task-state.json"),
+        "<<<<<<< HEAD\n{}\n=======\n{}\n>>>>>>> branch\n",
+    )
+    .unwrap();
+    let status = task_status_report(repo.path()).unwrap();
+    assert!(status
+        .findings
+        .iter()
+        .any(|finding| finding.id == "task.state.conflict_markers"));
+}
+#[test]
+fn task_status_reports_branch_divergence_when_upstream_split() {
+    let repo = TaskFixture::new(task_state_with_status(
+        "implementing",
+        active_task(json!({
+            "allowedPaths": ["**"],
+            "requiredCheckIds": [],
+            "proofResults": []
+        })),
+    ));
+    repo.init_git();
+    let remote = repo.path().join("remote.git");
+    let branch = repo.git(["rev-parse", "--abbrev-ref", "HEAD"]);
+    let branch = branch.trim();
+    repo.git(["init", "--bare", remote.to_str().unwrap()]);
+    repo.git(["remote", "add", "origin", remote.to_str().unwrap()]);
+    repo.git(["push", "-u", "origin", branch]);
+    repo.write("LOCAL.md", "local\n");
+    repo.git(["add", "."]);
+    repo.git(["commit", "-m", "local"]);
+    let clone = std::env::temp_dir().join(format!(
+        "naome-task-status-remote-work-{}",
+        std::process::id()
+    ));
+    let _ = fs::remove_dir_all(&clone);
+    repo.git(["clone", remote.to_str().unwrap(), clone.to_str().unwrap()]);
+    git_in(&clone, ["config", "user.email", "naome@example.com"]);
+    git_in(&clone, ["config", "user.name", "NAOME Test"]);
+    fs::write(clone.join("REMOTE.md"), "remote\n").unwrap();
+    git_in(&clone, ["add", "."]);
+    git_in(&clone, ["commit", "-m", "remote"]);
+    git_in(&clone, ["push"]);
+    repo.git(["fetch", "origin"]);
+    let status = task_status_report(repo.path()).unwrap();
+    assert_eq!(status.git.ahead, 1);
+    assert_eq!(status.git.behind, 1);
+    assert!(status
+        .findings
+        .iter()
+        .any(|finding| finding.id == "task.git.branch_diverged"));
+    assert_eq!(task_status_exit_code(&status.findings, &status.proof), 0);
+}
+fn git_in<const N: usize>(root: &std::path::Path, args: [&str; N]) {
+    let output = std::process::Command::new("git")
+        .args(args)
+        .current_dir(root)
+        .output()
+        .unwrap();
+    assert!(
+        output.status.success(),
+        "{}",
+        String::from_utf8_lossy(&output.stderr)
+    );
+}

package/native/darwin-arm64/naome CHANGED Viewed

Binary file

package/native/linux-x64/naome CHANGED Viewed

Binary file

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@lamentis/naome",
-  "version": "1.3.17",
+  "version": "1.4.1",
   "description": "Native-first CLI for the NAOME agent harness.",
   "license": "Apache-2.0",
   "type": "module",

package/templates/naome-root/.naome/bin/check-harness-health.js CHANGED Viewed

@@ -17,7 +17,7 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
   "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-  "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
+  "docs/naome/architecture-fitness.md": "sha256:be38e0c6dea8b1ebeee3bfd4a2e4e17008829360b1b4649ef45f2ce61e7287bd",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
   "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/.naome/bin/check-task-state.js CHANGED Viewed

@@ -17,7 +17,7 @@ const expectedMachineOwnedIntegrity = Object.freeze({
   ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
   "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
   "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-  "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
+  "docs/naome/architecture-fitness.md": "sha256:be38e0c6dea8b1ebeee3bfd4a2e4e17008829360b1b4649ef45f2ce61e7287bd",
   "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
   "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
   "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/.naome/manifest.json CHANGED Viewed

@@ -1,5 +1,5 @@
 {
-  "harnessVersion": "1.3.13",
+  "harnessVersion": "1.4.0",
   "installedAt": null,
   "integrity": {
     ".naome/bin/check-harness-health.js": "sha256:802d7419774981a6af1826b3882270ff8f41259d516f98c52a02b4ddc184c467",
@@ -9,7 +9,7 @@
     ".naome/task-contract.schema.json": "sha256:1b3b62350328d0d6d660e36d1d1baaa2b88718530db774f9ab2a9e2fcba369c8",
     "AGENTS.md": "sha256:e8b2fc786c1c72b69ba8f2b2ffce4f459e799c7453ce9ff4a9f6448a8f9e6b4f",
     "docs/naome/agent-workflow.md": "sha256:0be1c29adfbcd3fd73c4f904080ffc67237692fe413871a30243538c4db38ac7",
-    "docs/naome/architecture-fitness.md": "sha256:5067f57787f0cac0be4b0d49079f03b595fdab6e4fba4b8bdde4bc3cfc0d1de1",
+    "docs/naome/architecture-fitness.md": "sha256:be38e0c6dea8b1ebeee3bfd4a2e4e17008829360b1b4649ef45f2ce61e7287bd",
     "docs/naome/context-economy.md": "sha256:3ed5075815ecf4ada46a5e65438769310307c35759fcd46b13dc0b96e02bebd9",
     "docs/naome/execution.md": "sha256:bfc5d55838942ec8e3d790b59e3c634ff5bf6a2298265cef3dca9788a097eafb",
     "docs/naome/first-run.md": "sha256:1466ce8c65e19a1514885f917db14e8a772350e3f6d1c03a66326963365919e1",

package/templates/naome-root/docs/naome/architecture-fitness.md CHANGED Viewed

@@ -14,6 +14,8 @@ facts instead of prompt text.
 - `naome arch validate` runs architecture rules with human output.
 - `naome arch validate --json` emits stable machine-readable output.
 - `naome arch validate --agent-feedback` emits compact repair instructions.
+- `naome arch validate --sarif [--output architecture.sarif]` emits SARIF 2.1.0
+  for CI code-scanning while preserving failing exit codes.
 - `naome arch validate --changed-only` uses changed paths with the persistent
   architecture cache when available and safely degrades to a full scan when the
   cache cannot prove graph-level soundness.
@@ -110,15 +112,14 @@ edges as clean architecture.
 ## Configuration Findings
-Validation can pass while still reporting configuration findings. These are
-non-blocking warnings about weak architecture policy, such as:
+Validation can pass while still reporting non-blocking configuration findings
+about weak architecture policy, such as:
 - broad catch-all layers or contexts overlapping narrower boundaries;
 - layers or contexts whose path patterns match no files;
 - unresolved imports that could hide real dependency edges.
-Use `naome arch explain --json` or `naome arch validate --json` to inspect
-`configFindings` deterministically in CI or agent loops.
+Use JSON output to inspect `configFindings` deterministically in CI or agents.
 ## Incremental Cache
@@ -148,7 +149,11 @@ The command is deterministic in both cache-backed and fallback modes; CI can
 inspect the JSON fields above when it needs to distinguish performance from
 soundness fallbacks.
-For v1.4 readiness, architecture fitness is a release gate whenever source,
+Use `node .naome/bin/naome.js arch validate --sarif --output architecture.sarif`
+when CI can upload SARIF. It contains blocking violations, configuration
+findings, unresolved imports, and `agentInstruction` properties for repair loops.
+For v1.4.0, architecture fitness is a release gate whenever source,
 manifest, alias, config, or structure changes can alter dependency edges. Treat
 error-level violations as blocking. Warning-level config findings are advisory
 unless the repository chooses stricter policy, but unresolved imports should be
@@ -156,29 +161,24 @@ triaged before claiming a clean architecture result.
 ## Language Support
-The v1.3.17 foundation classifies TypeScript, JavaScript, Rust, Python, Go,
-Java, Kotlin, and Swift files by path extension. It extracts import facts for
-TypeScript, JavaScript, Rust, Python, Go, and Swift. It resolves relative
-imports, repository-absolute aliases, TypeScript/JavaScript `paths` aliases
-from nearby `tsconfig.json` or `jsconfig.json`, Python package imports with
-local `__init__.py` roots, Go module imports, SwiftPM target imports, and Rust
-crate/self/super module paths where possible.
-Unresolved imports are represented explicitly as graph nodes instead of
-dropping them. Swift and iOS app repositories get Apple framework imports, SwiftPM
-manifests, and Xcode Swift package references represented in the normalized
-graph; Apple SDK frameworks are treated as platform APIs for external policy.
-It also extracts package and dependency facts from `package.json`,
-`Cargo.toml`, `pyproject.toml`, `go.mod`, lightweight `pom.xml` / Gradle
-manifests, `Package.swift`, and `.xcodeproj/project.pbxproj`, then emits
-manifest-identity package nodes and manifest-owned `DependsOn` edges to
-external dependencies.
+The v1.4.0 foundation classifies TypeScript, JavaScript, Rust, Python, Go, Java,
+Kotlin, and Swift files by path extension. It extracts imports for TypeScript,
+JavaScript, Rust, Python, Go, and Swift, resolving relative paths,
+repository-absolute aliases, TS/JS `paths`, Python package roots, Go modules,
+SwiftPM targets, and Rust crate/self/super module paths where possible.
+Unresolved imports become explicit graph nodes. Swift/iOS repositories get Apple
+framework imports, SwiftPM manifests, and Xcode Swift package references in the
+normalized graph; Apple SDK frameworks are treated as platform APIs. Manifest
+facts from `package.json`, `Cargo.toml`, `pyproject.toml`, `go.mod`, lightweight
+`pom.xml` / Gradle manifests, `Package.swift`, and `.xcodeproj/project.pbxproj`
+emit manifest-identity package nodes and manifest-owned dependency edges.
 Architecture rules now cover layers, bounded contexts, public APIs, cycles,
 transitive layer reach, import/fan-out budgets, and external dependency
 policies.
 ## Acceptance Coverage
-v1.4 readiness is covered with deterministic fixture repositories for
+v1.4.0 readiness is covered with deterministic fixture repositories for
 TypeScript/JavaScript aliases, Rust crate paths, Python package roots, Go
 modules, Swift/iOS targets, and mixed monorepos. These fixtures assert both
 positive local-edge resolution and negative forbidden-dependency findings.
@@ -187,7 +187,7 @@ positive local-edge resolution and negative forbidden-dependency findings.
 This release intentionally keeps validation file-graph based. Manifest
 extractors are dependency-owner oriented and do not yet parse every build-tool
-feature. Deep symbol-level call analysis and SARIF output remain follow-up work.
+feature. Deep symbol-level call analysis remains follow-up work.
 ## v1.4 Migration Checklist