@lamentis/naome 1.4.0 → 1.4.2

package/crates/naome-core/src/task_state/status/git.rs

@@ -0,0 +1,133 @@
+use std::path::Path;
+use std::process::Command;
+
+use crate::models::NaomeError;
+
+use super::model::{finding, TaskGitStatus, TaskStatusFinding};
+use crate::task_state::git_io::{command_output, git_commit_exists, read_git_head};
+
+pub(super) fn git_status(
+    root: &Path,
+    admission_head: Option<String>,
+    findings: &mut Vec<TaskStatusFinding>,
+) -> Result<TaskGitStatus, NaomeError> {
+    let head = read_git_head(root)?;
+    let mut admission_head_reachable = false;
+    if let Some(admission_head) = admission_head.as_deref() {
+        if !git_commit_exists(root, admission_head)? {
+            findings.push(finding(
+                "task.git.admission_head_missing",
+                "error",
+                format!("Admission git head does not exist: {admission_head}."),
+                None,
+                "Recover the task-state from a reachable baseline or restart the task after sync.",
+                "Do not continue normal task work until the admission head is reachable.",
+            ));
+        } else if !is_ancestor(root, admission_head, "HEAD")? {
+            findings.push(finding(
+                "task.git.admission_head_not_reachable",
+                "error",
+                "Admission git head is not an ancestor of the current HEAD.",
+                None,
+                "Rebase or recreate the task-state against the current branch before continuing.",
+                "Do not commit task work against a branch that lost its admission baseline.",
+            ));
+        } else {
+            admission_head_reachable = true;
+        }
+    }
+
+    let (upstream, ahead, behind) = branch_divergence(root)?;
+    if upstream.is_some() && ahead > 0 && behind > 0 {
+        findings.push(finding(
+            "task.git.branch_diverged",
+            "warning",
+            format!("Current branch diverged from upstream ({ahead} ahead, {behind} behind)."),
+            None,
+            "Pull with rebase or coordinate the branch before recording final task proof.",
+            "Do not ignore branch divergence when interpreting task proof.",
+        ));
+    }
+
+    let operation_in_progress = operation_in_progress(root)?;
+    if let Some(operation) = &operation_in_progress {
+        findings.push(finding(
+            "task.git.operation_in_progress",
+            "error",
+            format!("Git operation in progress: {operation}."),
+            None,
+            "Finish or abort the git operation, then rerun naome task status.",
+            "Do not commit or mutate task-state while a git operation is unresolved.",
+        ));
+    }
+
+    Ok(TaskGitStatus {
+        head,
+        admission_head,
+        admission_head_reachable,
+        upstream,
+        ahead,
+        behind,
+        operation_in_progress,
+    })
+}
+
+fn is_ancestor(root: &Path, ancestor: &str, descendant: &str) -> Result<bool, NaomeError> {
+    Ok(Command::new("git")
+        .args(["merge-base", "--is-ancestor", ancestor, descendant])
+        .current_dir(root)
+        .status()?
+        .success())
+}
+
+fn branch_divergence(root: &Path) -> Result<(Option<String>, usize, usize), NaomeError> {
+    let upstream = Command::new("git")
+        .args(["rev-parse", "--abbrev-ref", "--symbolic-full-name", "@{u}"])
+        .current_dir(root)
+        .output()?;
+    if !upstream.status.success() {
+        return Ok((None, 0, 0));
+    }
+    let upstream_name = command_output(&upstream);
+    let counts = Command::new("git")
+        .args(["rev-list", "--left-right", "--count", "HEAD...@{u}"])
+        .current_dir(root)
+        .output()?;
+    if !counts.status.success() {
+        return Ok((Some(upstream_name), 0, 0));
+    }
+    let text = String::from_utf8_lossy(&counts.stdout);
+    let mut parts = text.split_whitespace();
+    let ahead = parts
+        .next()
+        .and_then(|value| value.parse::<usize>().ok())
+        .unwrap_or(0);
+    let behind = parts
+        .next()
+        .and_then(|value| value.parse::<usize>().ok())
+        .unwrap_or(0);
+    Ok((Some(upstream_name), ahead, behind))
+}
+
+fn operation_in_progress(root: &Path) -> Result<Option<String>, NaomeError> {
+    for (name, marker) in [
+        ("merge", "MERGE_HEAD"),
+        ("cherry-pick", "CHERRY_PICK_HEAD"),
+        ("revert", "REVERT_HEAD"),
+        ("rebase", "rebase-merge"),
+        ("rebase", "rebase-apply"),
+    ] {
+        let output = Command::new("git")
+            .args(["rev-parse", "--git-path", marker])
+            .current_dir(root)
+            .output()?;
+        if !output.status.success() {
+            continue;
+        }
+        let path = root.join(String::from_utf8_lossy(&output.stdout).trim());
+        if path.exists() {
+            return Ok(Some(name.to_string()));
+        }
+    }
+    Ok(None)
+}

package/crates/naome-core/src/task_state/status/model.rs

@@ -0,0 +1,152 @@
+use serde::{Deserialize, Serialize};
+
+use super::agent_model::{
+    AgentLoop, NextActionV2, PolicyHints, ProofRecording, RecoveryGuidance, RepairPlanItem,
+};
+
+pub(super) const STATUS_SCHEMA: &str = "naome.task.status.v1";
+pub(super) const PROOF_PLAN_SCHEMA: &str = "naome.task.proof-plan.v1";
+pub(super) const TASK_STATE_PATH: &str = ".naome/task-state.json";
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskStatusReportV1 {
+    pub schema: String,
+    pub state: String,
+    pub task_id: Option<String>,
+    pub request: Option<String>,
+    pub task_mode: TaskModeStatus,
+    pub git: TaskGitStatus,
+    pub scope: TaskScopeStatus,
+    pub proof: TaskProofStatus,
+    pub blocked: bool,
+    pub findings: Vec<TaskStatusFinding>,
+    pub next_action: String,
+    pub next_action_v2: NextActionV2,
+    pub agent_loop: AgentLoop,
+    pub repair_plan: Vec<RepairPlanItem>,
+    pub policy_hints: PolicyHints,
+    pub recovery_guidance: Vec<RecoveryGuidance>,
+    pub task_feedback: Vec<TaskFeedback>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskProofPlanReport {
+    pub schema: String,
+    pub state: String,
+    pub task_id: Option<String>,
+    pub task_mode: TaskModeStatus,
+    pub proof: TaskProofStatus,
+    pub recommended_commands: Vec<TaskRecommendedCommand>,
+    pub blocked: bool,
+    pub findings: Vec<TaskStatusFinding>,
+    pub next_action: String,
+    pub next_action_v2: NextActionV2,
+    pub agent_loop: AgentLoop,
+    pub repair_plan: Vec<RepairPlanItem>,
+    pub proof_recording: ProofRecording,
+    pub policy_hints: PolicyHints,
+    pub recovery_guidance: Vec<RecoveryGuidance>,
+    pub task_feedback: Vec<TaskFeedback>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TransitionReadinessReport {
+    pub schema: String,
+    pub target_state: String,
+    pub allowed: bool,
+    pub blocking_findings: Vec<TaskStatusFinding>,
+    pub required_before_transition: Vec<String>,
+    pub agent_loop: AgentLoop,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskGitStatus {
+    pub head: Option<String>,
+    pub admission_head: Option<String>,
+    pub admission_head_reachable: bool,
+    pub upstream: Option<String>,
+    pub ahead: usize,
+    pub behind: usize,
+    pub operation_in_progress: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskModeStatus {
+    pub kind: String,
+    pub review_fix: bool,
+    pub scope_policy: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskScopeStatus {
+    pub allowed_paths: Vec<String>,
+    pub changed_paths: Vec<String>,
+    pub in_scope_changed_paths: Vec<String>,
+    pub out_of_scope_changed_paths: Vec<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskProofStatus {
+    pub required_checks: Vec<String>,
+    pub passed_checks: Vec<String>,
+    pub missing_checks: Vec<String>,
+    pub stale_checks: Vec<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskStatusFinding {
+    pub id: String,
+    pub severity: String,
+    pub message: String,
+    pub path: Option<String>,
+    pub suggested_fix: String,
+    pub agent_instruction: String,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskFeedback {
+    pub problem: String,
+    pub repair: String,
+    pub files: Vec<String>,
+    pub must_not_do: Vec<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "camelCase")]
+pub struct TaskRecommendedCommand {
+    pub check_id: String,
+    pub command: String,
+    pub cwd: String,
+    pub reason: String,
+    pub proof_reason: String,
+    pub selection_reason: String,
+    pub impacted_paths: Vec<String>,
+    pub safe_to_execute: bool,
+}
+
+pub(super) fn finding(
+    id: &str,
+    severity: &str,
+    message: impl Into<String>,
+    path: Option<String>,
+    suggested_fix: &str,
+    agent_instruction: &str,
+) -> TaskStatusFinding {
+    TaskStatusFinding {
+        id: id.to_string(),
+        severity: severity.to_string(),
+        message: message.into(),
+        path,
+        suggested_fix: suggested_fix.to_string(),
+        agent_instruction: agent_instruction.to_string(),
+    }
+}

package/crates/naome-core/src/task_state/status/proof.rs

@@ -0,0 +1,217 @@
+use std::collections::{BTreeMap, BTreeSet};
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+use crate::task_state::evidence_fingerprint::task_evidence_fingerprint;
+use crate::task_state::util::string_array;
+
+use super::model::{finding, TaskProofStatus, TaskRecommendedCommand, TaskStatusFinding};
+use super::proof_read::{ProofRecord, VerificationCheck};
+
+const AUTONOMOUS_SAFE_CHECKS: &[&str] = &[
+    "git diff --check",
+    "node .naome/bin/check-harness-health.js",
+    "node .naome/bin/check-task-state.js",
+    "node .naome/bin/naome.js quality check --changed",
+    "node .naome/bin/naome.js semantic check --changed",
+    "node .naome/bin/naome.js arch validate --changed-only",
+    "npm run check:task-state",
+    "npm run test:task-state",
+    "npm run test:decision-engine",
+];
+
+pub(super) fn proof_status(
+    root: &Path,
+    active_task: Option<&Value>,
+    proofs: &[ProofRecord],
+    current_task_paths: &[String],
+) -> Result<TaskProofStatus, NaomeError> {
+    let required_checks = active_task
+        .and_then(|task| string_array(task.get("requiredCheckIds")))
+        .unwrap_or_default();
+    let current_fingerprint = task_evidence_fingerprint(root, current_task_paths)?;
+    let mut passed_checks = Vec::new();
+    let mut missing_checks = Vec::new();
+    let mut stale_checks = Vec::new();
+
+    for check_id in &required_checks {
+        let successful = proofs
+            .iter()
+            .filter(|proof| proof.check_id == *check_id && proof.exit_code == 0)
+            .collect::<Vec<_>>();
+        if successful.is_empty() {
+            missing_checks.push(check_id.clone());
+        } else if successful
+            .iter()
+            .any(|proof| proof_is_fresh(proof, current_task_paths, &current_fingerprint))
+        {
+            passed_checks.push(check_id.clone());
+        } else {
+            stale_checks.push(check_id.clone());
+        }
+    }
+
+    Ok(TaskProofStatus {
+        required_checks,
+        passed_checks,
+        missing_checks,
+        stale_checks,
+    })
+}
+
+pub(super) fn add_proof_findings(
+    proof: &TaskProofStatus,
+    current_task_paths: &[String],
+    proofs: &[ProofRecord],
+    findings: &mut Vec<TaskStatusFinding>,
+) {
+    for check_id in &proof.missing_checks {
+        findings.push(finding(
+            "task.proof.missing_check",
+            "error",
+            format!("Required check has no passing proof: {check_id}."),
+            None,
+            "Run the required check and record passing proof before completing the task.",
+            "Do not mark a task complete while required checks are missing.",
+        ));
+    }
+
+    for check_id in &proof.stale_checks {
+        let files = stale_files_for_check(check_id, current_task_paths, proofs);
+        if files.is_empty() {
+            findings.push(finding(
+                "task.scope.missing_evidence",
+                "warning",
+                format!("Proof evidence is stale for required check: {check_id}."),
+                None,
+                "Rerun the check and record evidence for the current task-owned diff.",
+                "Do not reuse stale proof for new changed files.",
+            ));
+        }
+        for file in files {
+            findings.push(finding(
+                "task.scope.missing_evidence",
+                "warning",
+                format!("Proof evidence for {check_id} does not cover changed file: {file}."),
+                Some(file),
+                "Rerun the check and record evidence for the current task-owned diff.",
+                "Do not reuse stale proof for new changed files.",
+            ));
+        }
+    }
+}
+
+pub(super) fn add_unknown_proof_findings(
+    proofs: &[ProofRecord],
+    verification: &BTreeMap<String, VerificationCheck>,
+    findings: &mut Vec<TaskStatusFinding>,
+) {
+    let mut seen = BTreeSet::new();
+    for proof in proofs {
+        if verification.contains_key(&proof.check_id) || !seen.insert(proof.check_id.clone()) {
+            continue;
+        }
+        findings.push(finding(
+            "task.proof.unknown_check_metadata",
+            "info",
+            format!(
+                "Proof references a check not present in .naome/verification.json: {}.",
+                proof.check_id
+            ),
+            None,
+            "Keep the proof readable; add verification metadata if agents should recommend it.",
+            "Treat unknown check metadata as advisory, not as proof failure by itself.",
+        ));
+    }
+}
+
+pub(super) fn recommended_commands(
+    proof: &TaskProofStatus,
+    verification: &BTreeMap<String, VerificationCheck>,
+    current_task_paths: &[String],
+) -> Vec<TaskRecommendedCommand> {
+    let check_ids = proof
+        .missing_checks
+        .iter()
+        .chain(proof.stale_checks.iter())
+        .cloned()
+        .collect::<BTreeSet<_>>();
+    check_ids
+        .iter()
+        .filter_map(|check_id| {
+            let check = verification.get(check_id)?;
+            let reason = if proof.stale_checks.contains(check_id) {
+                "stale-proof".to_string()
+            } else {
+                "missing-proof".to_string()
+            };
+            Some(TaskRecommendedCommand {
+                check_id: check_id.clone(),
+                command: check.command.clone(),
+                cwd: check.cwd.clone(),
+                reason: reason.clone(),
+                proof_reason: reason,
+                selection_reason: "Required by active task proof state.".to_string(),
+                impacted_paths: current_task_paths.to_vec(),
+                safe_to_execute: is_safe_autonomous_command(
+                    &check.command,
+                    &check.cwd,
+                    current_task_paths,
+                ),
+            })
+        })
+        .collect()
+}
+
+fn is_safe_autonomous_command(command: &str, cwd: &str, current_task_paths: &[String]) -> bool {
+    if cwd != "." || !AUTONOMOUS_SAFE_CHECKS.contains(&command) {
+        return false;
+    }
+    if command.starts_with("npm run ")
+        && current_task_paths
+            .iter()
+            .any(|path| path == "package.json" || path == "packages/naome/package.json")
+    {
+        return false;
+    }
+    true
+}
+
+fn evidence_covers(evidence_paths: &[String], current_paths: &[String]) -> bool {
+    current_paths
+        .iter()
+        .all(|path| evidence_paths.iter().any(|evidence| evidence == path))
+}
+
+fn proof_is_fresh(
+    proof: &ProofRecord,
+    current_paths: &[String],
+    current_fingerprint: &str,
+) -> bool {
+    evidence_covers(&proof.evidence_paths, current_paths)
+        && proof
+            .evidence_fingerprint
+            .as_deref()
+            .is_none_or(|fingerprint| fingerprint == current_fingerprint)
+}
+
+fn stale_files_for_check(
+    check_id: &str,
+    current_task_paths: &[String],
+    proofs: &[ProofRecord],
+) -> Vec<String> {
+    let mut covered = BTreeSet::new();
+    for proof in proofs
+        .iter()
+        .filter(|proof| proof.check_id == check_id && proof.exit_code == 0)
+    {
+        covered.extend(proof.evidence_paths.iter().cloned());
+    }
+    current_task_paths
+        .iter()
+        .filter(|path| !covered.contains(*path))
+        .cloned()
+        .collect()
+}

package/crates/naome-core/src/task_state/status/proof_read.rs

@@ -0,0 +1,164 @@
+use std::collections::BTreeMap;
+use std::fs;
+use std::path::Path;
+
+use serde_json::Value;
+
+use crate::models::NaomeError;
+use crate::task_state::evidence::evidence_entry_path;
+use crate::task_state::util::normalize_path;
+
+use super::model::{finding, TaskStatusFinding};
+
+#[derive(Debug, Clone)]
+pub(super) struct ProofRecord {
+    pub(super) check_id: String,
+    pub(super) exit_code: i64,
+    pub(super) evidence_paths: Vec<String>,
+    pub(super) evidence_fingerprint: Option<String>,
+}
+
+#[derive(Debug, Clone)]
+pub(super) struct VerificationCheck {
+    pub(super) command: String,
+    pub(super) cwd: String,
+}
+
+pub(super) fn read_proofs(active_task: &Value) -> Vec<ProofRecord> {
+    let path_sets = proof_path_sets(active_task);
+    let mut proofs = Vec::new();
+    if let Some(legacy) = active_task.get("proofResults").and_then(Value::as_array) {
+        proofs.extend(legacy.iter().filter_map(read_legacy_proof));
+    }
+    if let Some(batches) = active_task.get("proofBatches").and_then(Value::as_array) {
+        for batch in batches {
+            let batch_evidence = batch_evidence(batch, &path_sets);
+            let batch_fingerprint = batch
+                .get("evidenceFingerprint")
+                .and_then(Value::as_str)
+                .map(ToString::to_string);
+            let Some(batch_proofs) = batch.get("proofs").and_then(Value::as_array) else {
+                continue;
+            };
+            for proof in batch_proofs {
+                let Some(check_id) = proof.get("checkId").and_then(Value::as_str) else {
+                    continue;
+                };
+                let Some(exit_code) = proof.get("exitCode").and_then(Value::as_i64) else {
+                    continue;
+                };
+                proofs.push(ProofRecord {
+                    check_id: check_id.to_string(),
+                    exit_code,
+                    evidence_paths: compact_evidence_paths(proof, &path_sets)
+                        .unwrap_or_else(|| batch_evidence.clone()),
+                    evidence_fingerprint: proof
+                        .get("evidenceFingerprint")
+                        .and_then(Value::as_str)
+                        .map(ToString::to_string)
+                        .or_else(|| batch_fingerprint.clone()),
+                });
+            }
+        }
+    }
+    proofs
+}
+
+pub(super) fn read_verification_checks(
+    root: &Path,
+    findings: &mut Vec<TaskStatusFinding>,
+) -> Result<BTreeMap<String, VerificationCheck>, NaomeError> {
+    let content = match fs::read_to_string(root.join(".naome/verification.json")) {
+        Ok(content) => content,
+        Err(_) => return Ok(BTreeMap::new()),
+    };
+    let verification: Value = match serde_json::from_str(&content) {
+        Ok(value) => value,
+        Err(error) => {
+            findings.push(finding(
+                "task.proof.verification_metadata_unreadable",
+                "warning",
+                format!(".naome/verification.json is not valid JSON: {error}."),
+                Some(".naome/verification.json".to_string()),
+                "Fix verification metadata so proof-plan can recommend commands.",
+                "Do not invent check commands when verification metadata is unreadable.",
+            ));
+            return Ok(BTreeMap::new());
+        }
+    };
+    Ok(verification
+        .get("checks")
+        .and_then(Value::as_array)
+        .into_iter()
+        .flatten()
+        .filter_map(|check| {
+            Some((
+                check.get("id")?.as_str()?.to_string(),
+                VerificationCheck {
+                    command: check.get("command")?.as_str()?.to_string(),
+                    cwd: check.get("cwd")?.as_str()?.to_string(),
+                },
+            ))
+        })
+        .collect())
+}
+
+fn batch_evidence(batch: &Value, path_sets: &BTreeMap<String, Vec<String>>) -> Vec<String> {
+    batch
+        .get("evidencePathSet")
+        .and_then(Value::as_str)
+        .and_then(|name| path_sets.get(name))
+        .cloned()
+        .unwrap_or_default()
+}
+
+fn compact_evidence_paths(
+    proof: &Value,
+    path_sets: &BTreeMap<String, Vec<String>>,
+) -> Option<Vec<String>> {
+    proof
+        .get("evidence")
+        .and_then(Value::as_array)
+        .map(|entries| evidence_paths(entries))
+        .or_else(|| {
+            proof
+                .get("evidencePathSet")
+                .and_then(Value::as_str)
+                .and_then(|name| path_sets.get(name))
+                .cloned()
+        })
+}
+
+fn read_legacy_proof(proof: &Value) -> Option<ProofRecord> {
+    Some(ProofRecord {
+        check_id: proof.get("checkId")?.as_str()?.to_string(),
+        exit_code: proof.get("exitCode")?.as_i64()?,
+        evidence_fingerprint: proof
+            .get("evidenceFingerprint")
+            .and_then(Value::as_str)
+            .map(ToString::to_string),
+        evidence_paths: proof
+            .get("evidence")
+            .and_then(Value::as_array)
+            .map(|entries| evidence_paths(entries))
+            .unwrap_or_default(),
+    })
+}
+
+fn proof_path_sets(active_task: &Value) -> BTreeMap<String, Vec<String>> {
+    active_task
+        .get("proofPathSets")
+        .and_then(Value::as_object)
+        .into_iter()
+        .flat_map(|sets| sets.iter())
+        .filter_map(|(name, value)| Some((name.clone(), evidence_paths(value.as_array()?))))
+        .collect()
+}
+
+fn evidence_paths(entries: &[Value]) -> Vec<String> {
+    entries
+        .iter()
+        .filter_map(evidence_entry_path)
+        .map(normalize_path)
+        .collect()
+}