@lamentis/naome 1.3.7 → 1.3.9

package/Cargo.lock

@@ -76,7 +76,7 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "naome-cli"
-version = "1.3.7"
+version = "1.3.9"
 dependencies = [
  "naome-core",
  "serde_json",
@@ -84,7 +84,7 @@ dependencies = [
 
 [[package]]
 name = "naome-core"
-version = "1.3.7"
+version = "1.3.9"
 dependencies = [
  "serde",
  "serde_json",

package/README.md

@@ -41,6 +41,11 @@ For agent-driven work, route the user's request through the harness:
 naome route --prompt-file /path/to/prompt.txt --execute --json
 ```
 
+Prompt files should start with a fenced `naome-prompt-envelope-v1` JSON
+envelope that normalizes the raw user text into canonical routing fields. A raw
+natural-language prompt routes to a non-mutating normalization decision instead
+of becoming a task by keyword inference.
+
 ## Why NAOME?
 
 - Keeps agents inside explicit task scope.

package/crates/naome-cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-cli"
-version = "1.3.7"
+version = "1.3.9"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-cli/src/install_bridge.rs

@@ -10,8 +10,7 @@ pub fn run_install_bridge(
     let package_root = option_value(args, "--package-root")
         .map(PathBuf::from)
         .or_else(|| std::env::var("NAOME_PACKAGE_ROOT").ok().map(PathBuf::from))
-        .or_else(resolve_package_root_from_exe)
-        .or_else(resolve_package_root_from_cwd);
+        .or_else(resolve_package_root_from_exe);
     let installer_js = option_value(args, "--installer-js")
         .map(PathBuf::from)
         .or_else(|| std::env::var("NAOME_INSTALLER_JS").ok().map(PathBuf::from))
@@ -72,12 +71,61 @@ fn resolve_package_root_from_exe() -> Option<PathBuf> {
     None
 }
 
-fn resolve_package_root_from_cwd() -> Option<PathBuf> {
-    let current = std::env::current_dir().ok()?;
-    for candidate in [current.join("packages").join("naome"), current] {
-        if candidate.join("bin").join("naome-node.js").is_file() {
-            return Some(candidate);
+#[cfg(test)]
+mod tests {
+    use std::fs;
+    use std::sync::{Mutex, OnceLock};
+    use std::time::{SystemTime, UNIX_EPOCH};
+
+    use super::run_install_bridge;
+
+    fn env_lock() -> &'static Mutex<()> {
+        static LOCK: OnceLock<Mutex<()>> = OnceLock::new();
+        LOCK.get_or_init(|| Mutex::new(()))
+    }
+
+    #[test]
+    fn install_bridge_does_not_discover_installer_from_cwd() {
+        let _guard = env_lock().lock().unwrap();
+        let original_dir = std::env::current_dir().unwrap();
+        let original_package_root = std::env::var_os("NAOME_PACKAGE_ROOT");
+        let original_installer_js = std::env::var_os("NAOME_INSTALLER_JS");
+        let temp_root = std::env::temp_dir().join(format!(
+            "naome-cwd-installer-test-{}",
+            SystemTime::now()
+                .duration_since(UNIX_EPOCH)
+                .unwrap()
+                .as_nanos()
+        ));
+        let installer_path = temp_root
+            .join("packages")
+            .join("naome")
+            .join("bin")
+            .join("naome-node.js");
+        fs::create_dir_all(installer_path.parent().unwrap()).unwrap();
+        fs::write(&installer_path, "console.log('untrusted cwd installer');\n").unwrap();
+
+        std::env::remove_var("NAOME_PACKAGE_ROOT");
+        std::env::remove_var("NAOME_INSTALLER_JS");
+        std::env::set_current_dir(&temp_root).unwrap();
+
+        let args = vec!["install".to_string()];
+        let error = run_install_bridge("install", &args)
+            .expect_err("cwd-local installer must not be treated as trusted");
+        assert!(
+            error.to_string().contains("needs naome-node.js"),
+            "unexpected error: {error}"
+        );
+
+        std::env::set_current_dir(original_dir).unwrap();
+        match original_package_root {
+            Some(value) => std::env::set_var("NAOME_PACKAGE_ROOT", value),
+            None => std::env::remove_var("NAOME_PACKAGE_ROOT"),
         }
+        match original_installer_js {
+            Some(value) => std::env::set_var("NAOME_INSTALLER_JS", value),
+            None => std::env::remove_var("NAOME_INSTALLER_JS"),
+        }
+        let _ = fs::remove_dir_all(temp_root);
     }
-    None
 }

package/crates/naome-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-core"
-version = "1.3.7"
+version = "1.3.9"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-core/src/context/select.rs

@@ -1,5 +1,8 @@
-use std::path::Path;
+use std::path::{Component, Path};
 
+use serde::Deserialize;
+
+use crate::intent::prompt_envelope_json;
 use crate::{git, models::NaomeError};
 
 use super::helpers::{capsule_for_paths, context_item, is_source_path, normalize_paths};
@@ -7,6 +10,13 @@ use super::types::{ContextBudgetLedger, ContextItem, ContextSelection};
 
 const MAX_CONTEXT_FILES: usize = 12;
 
+#[derive(Debug, Deserialize)]
+#[serde(rename_all = "camelCase")]
+struct PromptEnvelopeContext {
+    schema: Option<String>,
+    referenced_paths: Option<Vec<String>>,
+}
+
 pub fn select_context_for_changed_paths(root: &Path) -> Result<ContextSelection, NaomeError> {
     let paths = git::changed_paths(root)?;
     Ok(selection_for_paths(root, "changed", paths))
@@ -19,7 +29,9 @@ pub fn select_context_for_prompt(
     Ok(selection_for_paths(
         root,
         "prompt",
-        mentioned_paths(prompt.as_ref()),
+        envelope_referenced_paths(prompt.as_ref())
+            .filter(|paths| !paths.is_empty())
+            .unwrap_or_else(|| mentioned_paths(root, prompt.as_ref())),
     ))
 }
 
@@ -119,7 +131,7 @@ fn forbidden_context() -> Vec<String> {
     .collect()
 }
 
-fn mentioned_paths(prompt: &str) -> Vec<String> {
+fn mentioned_paths(root: &Path, prompt: &str) -> Vec<String> {
     prompt
         .split_whitespace()
         .map(|token| {
@@ -127,8 +139,50 @@ fn mentioned_paths(prompt: &str) -> Vec<String> {
                 matches!(ch, '"' | '\'' | '`' | ',' | ';' | ':' | ')' | '(')
             })
         })
-        .filter(|token| token.contains('/') || is_source_path(token) || token.ends_with(".md"))
         .filter(|token| !token.starts_with('-') && !token.starts_with("http"))
         .map(|token| token.trim_start_matches("./").replace('\\', "/"))
+        .filter(|path| path_looks_contextual(path))
+        .filter(|path| path_exists_or_has_repo_parent(root, path))
         .collect()
 }
+
+fn envelope_referenced_paths(prompt: &str) -> Option<Vec<String>> {
+    let input =
+        serde_json::from_str::<PromptEnvelopeContext>(prompt_envelope_json(prompt)?).ok()?;
+    if input.schema.as_deref() != Some("naome.prompt-envelope.v1") {
+        return None;
+    }
+    Some(
+        input
+            .referenced_paths
+            .unwrap_or_default()
+            .into_iter()
+            .map(|path| path.trim_start_matches("./").replace('\\', "/"))
+            .filter(|path| is_repo_relative_path(path))
+            .filter(|path| path_looks_contextual(path))
+            .collect(),
+    )
+}
+
+fn is_repo_relative_path(path: &str) -> bool {
+    let candidate = Path::new(path);
+    !path.contains(':')
+        && !candidate.is_absolute()
+        && !candidate
+            .components()
+            .any(|component| matches!(component, Component::ParentDir))
+}
+
+fn path_looks_contextual(path: &str) -> bool {
+    path.contains('/') || is_source_path(path) || path.ends_with(".md")
+}
+
+fn path_exists_or_has_repo_parent(root: &Path, path: &str) -> bool {
+    let candidate = root.join(path);
+    if candidate.exists() {
+        return true;
+    }
+    candidate
+        .parent()
+        .is_some_and(|parent| parent != root && parent.exists())
+}

package/crates/naome-core/src/harness_health/integrity.rs

@@ -29,12 +29,10 @@ pub(crate) fn is_integrity_hash(value: &str) -> bool {
 }
 
 pub(crate) fn native_integrity_from_naome_command(content: &str) -> Option<String> {
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let start = content.find(prefix)? + prefix.len();
-    let rest = &content[start..];
-    let end = rest.find("\";")?;
-    let value = &rest[..end];
-    is_integrity_hash(value).then(|| value.to_string())
+    content
+        .lines()
+        .find_map(native_integrity_assignment_value)
+        .map(ToString::to_string)
 }
 
 fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
@@ -43,17 +41,22 @@ fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
 }
 
 fn normalize_machine_owned_content(relative_path: &str, content: &[u8]) -> Vec<u8> {
+    let mut normalized = content.to_vec();
+
     if relative_path == HEALTH_CHECKER_RELATIVE_PATH
         || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
     {
-        return replace_expected_integrity_block(content);
+        normalized = replace_expected_integrity_block(&normalized);
     }
 
-    if relative_path == NAOME_COMMAND_RELATIVE_PATH {
-        return replace_native_integrity_line(content);
+    if relative_path == HEALTH_CHECKER_RELATIVE_PATH
+        || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
+        || relative_path == NAOME_COMMAND_RELATIVE_PATH
+    {
+        normalized = replace_native_integrity_line(&normalized);
     }
 
-    content.to_vec()
+    normalized
 }
 
 fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
@@ -79,18 +82,33 @@ fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
 
 fn replace_native_integrity_line(content: &[u8]) -> Vec<u8> {
     let text = String::from_utf8_lossy(content);
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let Some(start) = text.find(prefix) else {
-        return content.to_vec();
-    };
-    let Some(relative_end) = text[start..].find(";\n") else {
-        return content.to_vec();
-    };
-    let end = start + relative_end + ";\n".len();
-
+    let mut changed = false;
     let mut next = String::with_capacity(text.len());
-    next.push_str(&text[..start]);
-    next.push_str("const expectedNativeBinaryIntegrity = \"sha256:generated\";\n");
-    next.push_str(&text[end..]);
-    next.into_bytes()
+
+    for segment in text.split_inclusive('\n') {
+        let (line, ending) = segment
+            .strip_suffix('\n')
+            .map(|line| (line, "\n"))
+            .unwrap_or((segment, ""));
+        if native_integrity_assignment_value(line).is_some() {
+            next.push_str("const expectedNativeBinaryIntegrity = \"sha256:generated\";");
+            next.push_str(ending);
+            changed = true;
+        } else {
+            next.push_str(segment);
+        }
+    }
+
+    if changed {
+        next.into_bytes()
+    } else {
+        content.to_vec()
+    }
+}
+
+fn native_integrity_assignment_value(line: &str) -> Option<&str> {
+    let value = line
+        .strip_prefix("const expectedNativeBinaryIntegrity = \"")?
+        .strip_suffix("\";")?;
+    is_integrity_hash(value).then_some(value)
 }

package/crates/naome-core/src/harness_health/manifest.rs

@@ -0,0 +1,97 @@
+use std::collections::HashSet;
+
+use serde_json::Value;
+
+use crate::install_plan::{MACHINE_OWNED_PATHS, PROJECT_OWNED_PATHS};
+
+pub(super) fn validate_manifest_shape(manifest: &Value, errors: &mut Vec<String>) {
+    let Some(object) = manifest.as_object() else {
+        errors.push(".naome/manifest.json must be a JSON object.".to_string());
+        return;
+    };
+
+    if object.get("name").and_then(Value::as_str) != Some("naome") {
+        errors.push(".naome/manifest.json name must be naome.".to_string());
+    }
+
+    if !object
+        .get("harnessVersion")
+        .and_then(Value::as_str)
+        .is_some_and(is_version)
+    {
+        errors.push(".naome/manifest.json harnessVersion must be semver.".to_string());
+    }
+
+    if !string_array(object.get("machineOwned")).is_some() {
+        errors.push(".naome/manifest.json machineOwned must be a string array.".to_string());
+    }
+
+    if !string_array(object.get("projectOwned")).is_some() {
+        errors.push(".naome/manifest.json projectOwned must be a string array.".to_string());
+    }
+
+    if !object.get("integrity").is_some_and(Value::is_object) {
+        errors.push(".naome/manifest.json integrity must be an object.".to_string());
+    }
+}
+
+pub(super) fn validate_manifest_ownership(manifest: &Value, errors: &mut Vec<String>) {
+    let Some(object) = manifest.as_object() else {
+        return;
+    };
+    let Some(machine_owned) = string_array(object.get("machineOwned")) else {
+        return;
+    };
+    let Some(project_owned) = string_array(object.get("projectOwned")) else {
+        return;
+    };
+
+    validate_contains_all(
+        &machine_owned,
+        MACHINE_OWNED_PATHS,
+        ".naome/manifest.json machineOwned",
+        errors,
+    );
+    validate_contains_all(
+        &project_owned,
+        PROJECT_OWNED_PATHS,
+        ".naome/manifest.json projectOwned",
+        errors,
+    );
+}
+
+pub(super) fn string_array(value: Option<&Value>) -> Option<Vec<String>> {
+    value.and_then(Value::as_array).and_then(|entries| {
+        entries
+            .iter()
+            .map(|entry| {
+                entry
+                    .as_str()
+                    .filter(|text| !text.trim().is_empty())
+                    .map(ToString::to_string)
+            })
+            .collect()
+    })
+}
+
+fn validate_contains_all(
+    actual_values: &[String],
+    expected_values: &[&str],
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let actual: HashSet<&str> = actual_values.iter().map(String::as_str).collect();
+    for expected in expected_values {
+        if !actual.contains(expected) {
+            errors.push(format!("{field_name} must include {expected}."));
+        }
+    }
+}
+
+fn is_version(value: &str) -> bool {
+    let parts: Vec<&str> = value.split('.').collect();
+    parts.len() == 3
+        && parts
+            .iter()
+            .all(|part| !part.is_empty() && part.chars().all(|ch| ch.is_ascii_digit()))
+}

package/crates/naome-core/src/harness_health.rs

@@ -1,6 +1,7 @@
 mod integrity;
+mod manifest;
 
-use std::collections::{HashMap, HashSet};
+use std::collections::HashMap;
 use std::fs;
 use std::path::{Component, Path};
 
@@ -11,6 +12,7 @@ use self::integrity::{
     is_integrity_hash, native_integrity_from_naome_command, sha256_bytes,
     NAOME_COMMAND_RELATIVE_PATH, NATIVE_BINARY_RELATIVE_PATH,
 };
+use self::manifest::{string_array, validate_manifest_ownership, validate_manifest_shape};
 use crate::install_plan::{MACHINE_OWNED_PATHS, PROJECT_OWNED_PATHS};
 use crate::models::NaomeError;
 
@@ -56,62 +58,6 @@ pub fn validate_harness_health(
     Ok(errors)
 }
 
-fn validate_manifest_shape(manifest: &Value, errors: &mut Vec<String>) {
-    let Some(object) = manifest.as_object() else {
-        errors.push(".naome/manifest.json must be a JSON object.".to_string());
-        return;
-    };
-
-    if object.get("name").and_then(Value::as_str) != Some("naome") {
-        errors.push(".naome/manifest.json name must be naome.".to_string());
-    }
-
-    if !object
-        .get("harnessVersion")
-        .and_then(Value::as_str)
-        .is_some_and(is_version)
-    {
-        errors.push(".naome/manifest.json harnessVersion must be semver.".to_string());
-    }
-
-    if !string_array(object.get("machineOwned")).is_some() {
-        errors.push(".naome/manifest.json machineOwned must be a string array.".to_string());
-    }
-
-    if !string_array(object.get("projectOwned")).is_some() {
-        errors.push(".naome/manifest.json projectOwned must be a string array.".to_string());
-    }
-
-    if !object.get("integrity").is_some_and(Value::is_object) {
-        errors.push(".naome/manifest.json integrity must be an object.".to_string());
-    }
-}
-
-fn validate_manifest_ownership(manifest: &Value, errors: &mut Vec<String>) {
-    let Some(object) = manifest.as_object() else {
-        return;
-    };
-    let Some(machine_owned) = string_array(object.get("machineOwned")) else {
-        return;
-    };
-    let Some(project_owned) = string_array(object.get("projectOwned")) else {
-        return;
-    };
-
-    validate_contains_all(
-        &machine_owned,
-        MACHINE_OWNED_PATHS,
-        ".naome/manifest.json machineOwned",
-        errors,
-    );
-    validate_contains_all(
-        &project_owned,
-        PROJECT_OWNED_PATHS,
-        ".naome/manifest.json projectOwned",
-        errors,
-    );
-}
-
 fn validate_manifest_integrity(
     root: &Path,
     manifest: &Value,
@@ -186,13 +132,41 @@ fn validate_native_decision_binary(
         return Ok(());
     };
 
-    if !machine_owned
+    let wrapper_paths = [
+        NAOME_COMMAND_RELATIVE_PATH,
+        ".naome/bin/check-harness-health.js",
+        ".naome/bin/check-task-state.js",
+    ];
+    let wrapper_integrity = wrapper_paths
+        .iter()
+        .map(|relative_path| {
+            native_integrity_from_regular_file(root, relative_path)
+                .map(|expected| (*relative_path, expected))
+        })
+        .collect::<Result<Vec<_>, _>>()?;
+    let native_is_declared = machine_owned
+        .iter()
+        .any(|entry| entry == NATIVE_BINARY_RELATIVE_PATH);
+    let native_has_integrity = integrity.contains_key(NATIVE_BINARY_RELATIVE_PATH);
+    let native_path_present = fs::symlink_metadata(root.join(NATIVE_BINARY_RELATIVE_PATH)).is_ok();
+    let wrapper_requires_native = wrapper_integrity
         .iter()
-        .any(|entry| entry == NATIVE_BINARY_RELATIVE_PATH)
+        .any(|(_, expected)| expected.is_some());
+
+    if !native_is_declared
+        && !native_has_integrity
+        && !wrapper_requires_native
+        && !native_path_present
     {
         return Ok(());
     }
 
+    if !native_is_declared {
+        errors.push(format!(
+            ".naome/manifest.json machineOwned must include {NATIVE_BINARY_RELATIVE_PATH}."
+        ));
+    }
+
     validate_regular_file(root, NATIVE_BINARY_RELATIVE_PATH, errors)?;
 
     if !root.join(NATIVE_BINARY_RELATIVE_PATH).exists()
@@ -222,22 +196,36 @@ fn validate_native_decision_binary(
         ));
     }
 
-    let command_path = root.join(NAOME_COMMAND_RELATIVE_PATH);
-    if !command_path.exists() || has_symlink_in_path(root, NAOME_COMMAND_RELATIVE_PATH)? {
-        return Ok(());
-    }
-
-    let command_content = fs::read_to_string(command_path)?;
-    let command_expected = native_integrity_from_naome_command(&command_content);
-    if command_expected.as_deref() != Some(manifest_expected) {
-        errors.push(format!(
-            "{NAOME_COMMAND_RELATIVE_PATH} native binary integrity does not match .naome/manifest.json."
-        ));
+    for (relative_path, expected) in wrapper_integrity {
+        if expected.as_deref() != Some(manifest_expected) {
+            errors.push(format!(
+                "{relative_path} native binary integrity does not match .naome/manifest.json."
+            ));
+        }
     }
 
     Ok(())
 }
 
+fn native_integrity_from_regular_file(
+    root: &Path,
+    relative_path: &str,
+) -> Result<Option<String>, NaomeError> {
+    let file_path = root.join(relative_path);
+    if has_symlink_in_path(root, relative_path)? {
+        return Ok(None);
+    }
+    let Ok(metadata) = fs::symlink_metadata(&file_path) else {
+        return Ok(None);
+    };
+    if !metadata.is_file() {
+        return Ok(None);
+    }
+    Ok(native_integrity_from_naome_command(&fs::read_to_string(
+        file_path,
+    )?))
+}
+
 fn validate_naome_ignore(root: &Path, errors: &mut Vec<String>) -> Result<(), NaomeError> {
     let relative_path = ".naomeignore";
     if !root.join(relative_path).exists() || has_symlink_in_path(root, relative_path)? {
@@ -342,20 +330,6 @@ fn read_json(
     }
 }
 
-fn validate_contains_all(
-    actual_values: &[String],
-    expected_values: &[&str],
-    field_name: &str,
-    errors: &mut Vec<String>,
-) {
-    let actual: HashSet<&str> = actual_values.iter().map(String::as_str).collect();
-    for expected in expected_values {
-        if !actual.contains(expected) {
-            errors.push(format!("{field_name} must include {expected}."));
-        }
-    }
-}
-
 fn validate_regular_file(
     root: &Path,
     relative_path: &str,
@@ -423,25 +397,3 @@ fn has_symlink_in_path(root: &Path, relative_path: &str) -> Result<bool, NaomeEr
 
     Ok(false)
 }
-
-fn string_array(value: Option<&Value>) -> Option<Vec<String>> {
-    value.and_then(Value::as_array).and_then(|entries| {
-        entries
-            .iter()
-            .map(|entry| {
-                entry
-                    .as_str()
-                    .filter(|text| !text.trim().is_empty())
-                    .map(ToString::to_string)
-            })
-            .collect()
-    })
-}
-
-fn is_version(value: &str) -> bool {
-    let parts: Vec<&str> = value.split('.').collect();
-    parts.len() == 3
-        && parts
-            .iter()
-            .all(|part| !part.is_empty() && part.chars().all(|ch| ch.is_ascii_digit()))
-}