@lamentis/naome 1.3.8 → 1.3.10

package/crates/naome-core/src/architecture/scan/graph_builder.rs

@@ -0,0 +1,134 @@
+use std::collections::{BTreeMap, BTreeSet};
+use std::path::Path;
+
+use serde_json::json;
+
+use super::FileFact;
+use crate::architecture::config::ArchitectureConfig;
+use crate::architecture::model::{ArchitectureEdgeKind, ArchitectureGraph, ArchitectureNodeKind};
+
+mod emit;
+mod facts;
+
+pub(super) fn build_path_graph(
+    root: &Path,
+    files: Vec<String>,
+    config: &ArchitectureConfig,
+) -> (ArchitectureGraph, BTreeMap<String, FileFact>) {
+    let mut graph = ArchitectureGraph::default();
+    let mut file_facts = BTreeMap::new();
+
+    push_repository_and_policy_nodes(&mut graph, config);
+    push_directories(&mut graph, &files);
+
+    for path in files {
+        let fact = facts::file_fact(root, &path, config);
+        push_file(&mut graph, &fact);
+        file_facts.insert(path, fact);
+    }
+
+    (graph, file_facts)
+}
+
+fn push_repository_and_policy_nodes(graph: &mut ArchitectureGraph, config: &ArchitectureConfig) {
+    emit::push_node(
+        graph,
+        "repository:.",
+        ArchitectureNodeKind::Repository,
+        "repository",
+        None,
+        None,
+        json!({ "root": "." }),
+    );
+    for layer in config.layers.keys() {
+        emit::push_node(
+            graph,
+            &format!("layer:{layer}"),
+            ArchitectureNodeKind::Layer,
+            layer,
+            None,
+            None,
+            json!({ "layer": layer }),
+        );
+    }
+    for context in config.contexts.keys() {
+        emit::push_node(
+            graph,
+            &format!("context:{context}"),
+            ArchitectureNodeKind::BoundedContext,
+            context,
+            None,
+            None,
+            json!({ "context": context }),
+        );
+    }
+}
+
+fn push_directories(graph: &mut ArchitectureGraph, files: &[String]) {
+    let mut directories = BTreeSet::new();
+    for path in files {
+        facts::collect_directories(path, &mut directories);
+    }
+    for directory in directories {
+        emit::push_node(
+            graph,
+            &format!("directory:{directory}"),
+            ArchitectureNodeKind::Directory,
+            &directory,
+            Some(directory.clone()),
+            None,
+            json!({ "path": directory }),
+        );
+        emit::push_edge(
+            graph,
+            "repository:.",
+            &format!("directory:{directory}"),
+            ArchitectureEdgeKind::Contains,
+            "contains",
+            Some(directory),
+        );
+    }
+}
+
+fn push_file(graph: &mut ArchitectureGraph, fact: &FileFact) {
+    let path = &fact.path;
+    emit::push_node(
+        graph,
+        &format!("file:{path}"),
+        ArchitectureNodeKind::File,
+        path,
+        Some(path.clone()),
+        fact.language.clone(),
+        json!({ "path": path, "extractor": "path" }),
+    );
+    emit::push_edge(
+        graph,
+        facts::parent_node_id(path)
+            .as_deref()
+            .unwrap_or("repository:."),
+        &format!("file:{path}"),
+        ArchitectureEdgeKind::Contains,
+        "contains",
+        Some(path.clone()),
+    );
+    push_membership_edges(graph, path, "layer", &fact.layers);
+    push_membership_edges(graph, path, "context", &fact.contexts);
+}
+
+fn push_membership_edges(
+    graph: &mut ArchitectureGraph,
+    path: &str,
+    prefix: &str,
+    names: &[String],
+) {
+    for name in names {
+        emit::push_edge(
+            graph,
+            &format!("{prefix}:{name}"),
+            &format!("file:{path}"),
+            ArchitectureEdgeKind::Contains,
+            "contains",
+            Some(path.to_string()),
+        );
+    }
+}

package/crates/naome-core/src/architecture/scan/path_scan.rs

@@ -0,0 +1,92 @@
+use std::fs;
+use std::path::Path;
+
+use crate::models::NaomeError;
+use crate::paths;
+
+use crate::architecture::config::ArchitectureConfig;
+
+pub(super) fn repository_files(
+    root: &Path,
+    config: &ArchitectureConfig,
+) -> Result<Vec<String>, NaomeError> {
+    let ignored_patterns = ignored_patterns(root, config);
+    let mut files = Vec::new();
+    collect_files(root, root, &ignored_patterns, &mut files)?;
+    files.sort();
+    Ok(files)
+}
+
+fn collect_files(
+    root: &Path,
+    dir: &Path,
+    ignored_patterns: &[String],
+    files: &mut Vec<String>,
+) -> Result<(), NaomeError> {
+    for entry in fs::read_dir(dir)? {
+        let entry = entry?;
+        let path = entry.path();
+        let relative = normalize_path(path.strip_prefix(root).unwrap_or(&path));
+        if is_ignored(&relative, ignored_patterns) {
+            continue;
+        }
+        let metadata = fs::symlink_metadata(&path)?;
+        if metadata.is_symlink() {
+            continue;
+        }
+        if metadata.is_dir() {
+            collect_files(root, &path, ignored_patterns, files)?;
+        } else if metadata.is_file() {
+            files.push(relative);
+        }
+    }
+    Ok(())
+}
+
+fn is_ignored(path: &str, ignored_patterns: &[String]) -> bool {
+    path.is_empty() || is_default_ignored_path(path) || paths::matches_any(path, ignored_patterns)
+}
+
+fn ignored_patterns(root: &Path, config: &ArchitectureConfig) -> Vec<String> {
+    let mut patterns = paths::naomeignore_patterns(root);
+    patterns.extend([
+        ".git/**".to_string(),
+        ".naome/archive/**".to_string(),
+        ".naome/cache/**".to_string(),
+        ".naome/local/**".to_string(),
+        ".naome/tasks/**".to_string(),
+        "node_modules/**".to_string(),
+        "target/**".to_string(),
+        "dist/**".to_string(),
+        "build/**".to_string(),
+    ]);
+    patterns.extend(config.ignore.iter().map(|rule| rule.path.clone()));
+    patterns
+}
+
+fn is_default_ignored_path(path: &str) -> bool {
+    path == ".git"
+        || path.starts_with(".git/")
+        || path == ".naome/archive"
+        || path.starts_with(".naome/archive/")
+        || path == ".naome/cache"
+        || path.starts_with(".naome/cache/")
+        || path == ".naome/local"
+        || path.starts_with(".naome/local/")
+        || path == ".naome/tasks"
+        || path.starts_with(".naome/tasks/")
+        || path == ".npm"
+        || path.starts_with(".npm/")
+        || path == "node_modules"
+        || path.contains("/node_modules/")
+        || path == "target"
+        || path.contains("/target/")
+        || path == "dist"
+        || path.contains("/dist/")
+        || path == "build"
+        || path.contains("/build/")
+}
+
+fn normalize_path(path: impl AsRef<Path>) -> String {
+    path.as_ref().to_string_lossy().replace('\\', "/")
+}

package/crates/naome-core/src/architecture/scan.rs

@@ -0,0 +1,75 @@
+use std::collections::BTreeMap;
+use std::path::{Path, PathBuf};
+
+use serde::Serialize;
+
+use crate::git;
+use crate::models::NaomeError;
+
+use super::config::{read_architecture_config, ArchitectureConfig};
+use super::model::ArchitectureGraph;
+
+mod graph_builder;
+mod path_scan;
+
+#[derive(Debug, Clone, Default)]
+pub struct ArchitectureScanOptions {
+    pub config_path: Option<PathBuf>,
+    pub changed_only: bool,
+}
+
+#[derive(Debug, Clone, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct ArchitectureScanReport {
+    pub schema: String,
+    pub graph: ArchitectureGraph,
+    pub files_scanned: usize,
+    pub changed_only_requested: bool,
+    pub changed_only_degraded_to_full_scan: bool,
+    pub changed_paths: Vec<String>,
+    #[serde(skip_serializing)]
+    pub config: ArchitectureConfig,
+    #[serde(skip_serializing)]
+    pub file_facts: BTreeMap<String, FileFact>,
+}
+
+#[derive(Debug, Clone, Serialize)]
+#[serde(rename_all = "camelCase")]
+pub struct FileFact {
+    pub path: String,
+    pub language: Option<String>,
+    pub line_count: usize,
+    pub layers: Vec<String>,
+    pub contexts: Vec<String>,
+    pub ignored: Option<String>,
+}
+
+pub fn scan_architecture(
+    root: &Path,
+    options: ArchitectureScanOptions,
+) -> Result<ArchitectureScanReport, NaomeError> {
+    let config = read_architecture_config(root, options.config_path.as_deref())?;
+    let changed_paths = changed_paths(root, options.changed_only)?;
+    let files = path_scan::repository_files(root, &config)?;
+    let (mut graph, file_facts) = graph_builder::build_path_graph(root, files, &config);
+
+    graph.sort_stable();
+    Ok(ArchitectureScanReport {
+        schema: "naome.arch.scan.v1".to_string(),
+        files_scanned: file_facts.len(),
+        graph,
+        changed_only_requested: options.changed_only,
+        changed_only_degraded_to_full_scan: options.changed_only,
+        changed_paths,
+        config,
+        file_facts,
+    })
+}
+
+fn changed_paths(root: &Path, changed_only: bool) -> Result<Vec<String>, NaomeError> {
+    if changed_only {
+        git::changed_paths(root)
+    } else {
+        Ok(Vec::new())
+    }
+}

package/crates/naome-core/src/architecture.rs

@@ -0,0 +1,31 @@
+mod config;
+mod model;
+mod output;
+mod rules;
+mod scan;
+
+use std::path::Path;
+
+use crate::models::NaomeError;
+
+pub use config::{
+    default_architecture_config_text, ArchitectureConfig, ContextConfig, LayerConfig, RuleConfig,
+};
+pub use model::{
+    ArchitectureEdge, ArchitectureEdgeKind, ArchitectureGraph, ArchitectureMetadata,
+    ArchitectureNode, ArchitectureNodeKind, SourceRange,
+};
+pub use output::{
+    format_architecture_explain, format_architecture_scan, format_architecture_validation,
+    ArchitectureAgentFeedback, ArchitectureValidation, ArchitectureViolation, Severity,
+    ViolationSummary,
+};
+pub use scan::{scan_architecture, ArchitectureScanOptions, ArchitectureScanReport};
+
+pub fn validate_architecture(
+    root: &Path,
+    options: ArchitectureScanOptions,
+) -> Result<ArchitectureValidation, NaomeError> {
+    let scan = scan_architecture(root, options)?;
+    Ok(rules::validate_scan(scan))
+}

package/crates/naome-core/src/harness_health/integrity.rs

@@ -29,12 +29,10 @@ pub(crate) fn is_integrity_hash(value: &str) -> bool {
 }
 
 pub(crate) fn native_integrity_from_naome_command(content: &str) -> Option<String> {
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let start = content.find(prefix)? + prefix.len();
-    let rest = &content[start..];
-    let end = rest.find("\";")?;
-    let value = &rest[..end];
-    is_integrity_hash(value).then(|| value.to_string())
+    content
+        .lines()
+        .find_map(native_integrity_assignment_value)
+        .map(ToString::to_string)
 }
 
 fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
@@ -43,17 +41,22 @@ fn machine_sha256(relative_path: &str, content: &[u8]) -> String {
 }
 
 fn normalize_machine_owned_content(relative_path: &str, content: &[u8]) -> Vec<u8> {
+    let mut normalized = content.to_vec();
+
     if relative_path == HEALTH_CHECKER_RELATIVE_PATH
         || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
     {
-        return replace_expected_integrity_block(content);
+        normalized = replace_expected_integrity_block(&normalized);
     }
 
-    if relative_path == NAOME_COMMAND_RELATIVE_PATH {
-        return replace_native_integrity_line(content);
+    if relative_path == HEALTH_CHECKER_RELATIVE_PATH
+        || relative_path == TASK_STATE_CHECKER_RELATIVE_PATH
+        || relative_path == NAOME_COMMAND_RELATIVE_PATH
+    {
+        normalized = replace_native_integrity_line(&normalized);
     }
 
-    content.to_vec()
+    normalized
 }
 
 fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
@@ -79,18 +82,33 @@ fn replace_expected_integrity_block(content: &[u8]) -> Vec<u8> {
 
 fn replace_native_integrity_line(content: &[u8]) -> Vec<u8> {
     let text = String::from_utf8_lossy(content);
-    let prefix = "const expectedNativeBinaryIntegrity = \"";
-    let Some(start) = text.find(prefix) else {
-        return content.to_vec();
-    };
-    let Some(relative_end) = text[start..].find(";\n") else {
-        return content.to_vec();
-    };
-    let end = start + relative_end + ";\n".len();
-
+    let mut changed = false;
     let mut next = String::with_capacity(text.len());
-    next.push_str(&text[..start]);
-    next.push_str("const expectedNativeBinaryIntegrity = \"sha256:generated\";\n");
-    next.push_str(&text[end..]);
-    next.into_bytes()
+
+    for segment in text.split_inclusive('\n') {
+        let (line, ending) = segment
+            .strip_suffix('\n')
+            .map(|line| (line, "\n"))
+            .unwrap_or((segment, ""));
+        if native_integrity_assignment_value(line).is_some() {
+            next.push_str("const expectedNativeBinaryIntegrity = \"sha256:generated\";");
+            next.push_str(ending);
+            changed = true;
+        } else {
+            next.push_str(segment);
+        }
+    }
+
+    if changed {
+        next.into_bytes()
+    } else {
+        content.to_vec()
+    }
+}
+
+fn native_integrity_assignment_value(line: &str) -> Option<&str> {
+    let value = line
+        .strip_prefix("const expectedNativeBinaryIntegrity = \"")?
+        .strip_suffix("\";")?;
+    is_integrity_hash(value).then_some(value)
 }

package/crates/naome-core/src/harness_health/manifest.rs

@@ -0,0 +1,97 @@
+use std::collections::HashSet;
+
+use serde_json::Value;
+
+use crate::install_plan::{MACHINE_OWNED_PATHS, PROJECT_OWNED_PATHS};
+
+pub(super) fn validate_manifest_shape(manifest: &Value, errors: &mut Vec<String>) {
+    let Some(object) = manifest.as_object() else {
+        errors.push(".naome/manifest.json must be a JSON object.".to_string());
+        return;
+    };
+
+    if object.get("name").and_then(Value::as_str) != Some("naome") {
+        errors.push(".naome/manifest.json name must be naome.".to_string());
+    }
+
+    if !object
+        .get("harnessVersion")
+        .and_then(Value::as_str)
+        .is_some_and(is_version)
+    {
+        errors.push(".naome/manifest.json harnessVersion must be semver.".to_string());
+    }
+
+    if !string_array(object.get("machineOwned")).is_some() {
+        errors.push(".naome/manifest.json machineOwned must be a string array.".to_string());
+    }
+
+    if !string_array(object.get("projectOwned")).is_some() {
+        errors.push(".naome/manifest.json projectOwned must be a string array.".to_string());
+    }
+
+    if !object.get("integrity").is_some_and(Value::is_object) {
+        errors.push(".naome/manifest.json integrity must be an object.".to_string());
+    }
+}
+
+pub(super) fn validate_manifest_ownership(manifest: &Value, errors: &mut Vec<String>) {
+    let Some(object) = manifest.as_object() else {
+        return;
+    };
+    let Some(machine_owned) = string_array(object.get("machineOwned")) else {
+        return;
+    };
+    let Some(project_owned) = string_array(object.get("projectOwned")) else {
+        return;
+    };
+
+    validate_contains_all(
+        &machine_owned,
+        MACHINE_OWNED_PATHS,
+        ".naome/manifest.json machineOwned",
+        errors,
+    );
+    validate_contains_all(
+        &project_owned,
+        PROJECT_OWNED_PATHS,
+        ".naome/manifest.json projectOwned",
+        errors,
+    );
+}
+
+pub(super) fn string_array(value: Option<&Value>) -> Option<Vec<String>> {
+    value.and_then(Value::as_array).and_then(|entries| {
+        entries
+            .iter()
+            .map(|entry| {
+                entry
+                    .as_str()
+                    .filter(|text| !text.trim().is_empty())
+                    .map(ToString::to_string)
+            })
+            .collect()
+    })
+}
+
+fn validate_contains_all(
+    actual_values: &[String],
+    expected_values: &[&str],
+    field_name: &str,
+    errors: &mut Vec<String>,
+) {
+    let actual: HashSet<&str> = actual_values.iter().map(String::as_str).collect();
+    for expected in expected_values {
+        if !actual.contains(expected) {
+            errors.push(format!("{field_name} must include {expected}."));
+        }
+    }
+}
+
+fn is_version(value: &str) -> bool {
+    let parts: Vec<&str> = value.split('.').collect();
+    parts.len() == 3
+        && parts
+            .iter()
+            .all(|part| !part.is_empty() && part.chars().all(|ch| ch.is_ascii_digit()))
+}