@lamentis/naome 1.4.2 → 1.4.3

package/crates/naome-cli/src/task_commands/planner/checks.rs

@@ -0,0 +1,166 @@
+use std::collections::{BTreeMap, BTreeSet};
+use std::fs;
+use std::path::Path;
+
+use naome_core::TaskProofStatus;
+use serde_json::{json, Value};
+
+use crate::task_commands::check_run;
+
+use super::impact::impact_kind;
+
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(super) struct VerificationCheck {
+    id: String,
+    command: String,
+    cwd: String,
+}
+
+pub(in crate::task_commands) fn changed_paths(root: &Path) -> Vec<String> {
+    check_run::changed_paths(root).unwrap_or_default()
+}
+
+fn read_verification_checks(root: &Path) -> Vec<VerificationCheck> {
+    let Ok(content) = fs::read_to_string(root.join(".naome/verification.json")) else {
+        return Vec::new();
+    };
+    let Ok(value) = serde_json::from_str::<Value>(&content) else {
+        return Vec::new();
+    };
+    let mut checks = value
+        .get("checks")
+        .and_then(Value::as_array)
+        .into_iter()
+        .flatten()
+        .filter_map(|check| {
+            Some(VerificationCheck {
+                id: check.get("id")?.as_str()?.to_string(),
+                command: check.get("command")?.as_str()?.to_string(),
+                cwd: check.get("cwd")?.as_str()?.to_string(),
+            })
+        })
+        .collect::<Vec<_>>();
+    checks.sort_by(|left, right| left.id.cmp(&right.id));
+    checks
+}
+
+pub(in crate::task_commands) fn planned_commands(
+    root: &Path,
+    paths: &[String],
+    proof: Option<&TaskProofStatus>,
+) -> Vec<Value> {
+    let mut selected = BTreeMap::<String, (VerificationCheck, BTreeSet<String>, String)>::new();
+    for check in read_verification_checks(root) {
+        let reasons = check_reasons(&check, paths, proof);
+        if reasons.is_empty() {
+            continue;
+        }
+        let proof_reason = proof_reason(&reasons).to_string();
+        selected.insert(check.id.clone(), (check, reasons, proof_reason));
+    }
+    selected
+        .into_values()
+        .map(|(check, reasons, proof_reason)| command_value(check, reasons, proof_reason, paths))
+        .collect()
+}
+
+fn check_reasons(
+    check: &VerificationCheck,
+    paths: &[String],
+    proof: Option<&TaskProofStatus>,
+) -> BTreeSet<String> {
+    let mut reasons = BTreeSet::new();
+    if let Some(proof) = proof {
+        if proof.missing_checks.contains(&check.id) {
+            reasons.insert("missing-proof".to_string());
+        }
+        if proof.stale_checks.contains(&check.id) {
+            reasons.insert("stale-proof".to_string());
+        }
+    }
+    for path in paths {
+        if check_is_impacted(check, path) {
+            reasons.insert(impact_kind(path).to_string());
+        }
+    }
+    reasons
+}
+
+fn command_value(
+    check: VerificationCheck,
+    reasons: BTreeSet<String>,
+    proof_reason: String,
+    paths: &[String],
+) -> Value {
+    let selection_reason = reasons.into_iter().collect::<Vec<_>>().join(",");
+    json!({
+        "checkId": check.id,
+        "command": check.command,
+        "cwd": check.cwd,
+        "reason": selection_reason,
+        "selectionReason": selection_reason,
+        "impactedPaths": paths,
+        "proofReason": proof_reason,
+        "safeToExecute": safe_to_execute(&check, paths)
+    })
+}
+
+fn proof_reason(reasons: &BTreeSet<String>) -> &'static str {
+    if reasons.contains("missing-proof") {
+        "missing"
+    } else if reasons.contains("stale-proof") {
+        "stale"
+    } else if reasons.contains("final_only") || reasons.contains("release_only") {
+        "final"
+    } else {
+        "impacted"
+    }
+}
+
+fn check_is_impacted(check: &VerificationCheck, path: &str) -> bool {
+    let command = check.command.as_str();
+    match impact_kind(path) {
+        "changed_task_state" => {
+            command.contains("check-task-state") || command.contains("test:task-state")
+        }
+        "changed_architecture_config" => command.contains("arch validate"),
+        "changed_package_metadata" => {
+            command.contains("pack:dry-run") || command.contains("test:decision-engine")
+        }
+        "changed_native_binary" | "changed_templates" => {
+            command.contains("check-harness-health") || command.contains("pack:dry-run")
+        }
+        "changed_docs" => command.contains("quality check") || command.contains("semantic check"),
+        "changed_tests" => {
+            command.contains("quality check")
+                || command.contains("semantic check")
+                || command.contains("test:")
+        }
+        _ => {
+            command == "git diff --check"
+                || command.contains("quality check")
+                || command.contains("semantic check")
+                || command.contains("arch validate")
+        }
+    }
+}
+
+fn safe_to_execute(check: &VerificationCheck, paths: &[String]) -> bool {
+    if check.cwd != "." {
+        return false;
+    }
+    match check.command.as_str() {
+        "git diff --check"
+        | "node .naome/bin/check-harness-health.js"
+        | "node .naome/bin/check-task-state.js"
+        | "node .naome/bin/naome.js quality check --changed"
+        | "node .naome/bin/naome.js semantic check --changed"
+        | "node .naome/bin/naome.js arch validate --changed-only" => true,
+        "npm run check:task-state" | "npm run test:task-state" | "npm run test:decision-engine" => {
+            !paths
+                .iter()
+                .any(|path| path == "package.json" || path == "packages/naome/package.json")
+        }
+        _ => false,
+    }
+}

package/crates/naome-cli/src/task_commands/planner/impact.rs

@@ -0,0 +1,35 @@
+pub(in crate::task_commands) fn impact_kind(path: &str) -> &'static str {
+    if path == ".naome/task-state.json" {
+        "changed_task_state"
+    } else if path == "naome.arch.yaml" || path.ends_with("/naome.arch.yaml") {
+        "changed_architecture_config"
+    } else if path == "package.json"
+        || path.ends_with("/package.json")
+        || path.ends_with("Cargo.toml")
+        || path.ends_with("Cargo.lock")
+    {
+        "changed_package_metadata"
+    } else if path.contains("/native/") || path.ends_with(".node") || path.ends_with(".so") {
+        "changed_native_binary"
+    } else if path.contains("/templates/") || path.starts_with("templates/") {
+        "changed_templates"
+    } else if path.ends_with(".md") || path.starts_with("docs/") {
+        "changed_docs"
+    } else if path.contains("test") || path.contains("spec") {
+        "changed_tests"
+    } else {
+        "changed_source"
+    }
+}
+
+pub(in crate::task_commands) fn path_risk(path: &str) -> &'static str {
+    match impact_kind(path) {
+        "changed_package_metadata"
+        | "changed_native_binary"
+        | "changed_templates"
+        | "changed_task_state"
+        | "changed_architecture_config" => "high",
+        "changed_source" | "changed_tests" => "medium",
+        _ => "low",
+    }
+}

package/crates/naome-cli/src/task_commands/planner/mod.rs

@@ -0,0 +1,24 @@
+use serde_json::Value;
+
+mod checks;
+mod impact;
+
+pub(super) use checks::{changed_paths, planned_commands};
+pub(super) use impact::path_risk;
+
+pub(super) fn split_safe_commands(commands: &[Value]) -> (Vec<Value>, Vec<Value>) {
+    let mut safe = Vec::new();
+    let mut deferred = Vec::new();
+    for command in commands {
+        if command
+            .get("safeToExecute")
+            .and_then(Value::as_bool)
+            .unwrap_or(false)
+        {
+            safe.push(command.clone());
+        } else {
+            deferred.push(command.clone());
+        }
+    }
+    (safe, deferred)
+}

package/crates/naome-cli/src/task_commands/preflight.rs

@@ -0,0 +1,208 @@
+use std::path::Path;
+
+use naome_core::{path_matches_any, task_status_report, TaskStatusReportV1};
+use serde_json::{json, Value};
+
+use super::common::{agent_session, print_json_with_session, repeated_values};
+use super::path_policy::{is_control_path, is_ignored, normalize_requested_path};
+use super::planner;
+
+pub(super) fn preflight(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
+    let session = agent_session(args)?;
+    let paths = requested_paths(root, args);
+    let status = task_status_report(root)?;
+    let mut findings = target_findings(selector_supplied(args));
+    let mut must_not_edit = Vec::new();
+    let mut normalized_paths = Vec::new();
+    let path_reports = path_reports(
+        root,
+        &paths,
+        &status,
+        &mut findings,
+        &mut must_not_edit,
+        &mut normalized_paths,
+    );
+    normalized_paths.sort();
+    normalized_paths.dedup();
+    must_not_edit.sort();
+    must_not_edit.dedup();
+    let recommended = planner::planned_commands(root, &normalized_paths, Some(&status.proof));
+    let (safe, _deferred) = planner::split_safe_commands(&recommended);
+    let blocked = !findings.is_empty() || !must_not_edit.is_empty();
+    print_json_with_session(
+        json!({
+            "schema": "naome.task.preflight.v1",
+            "paths": path_reports,
+            "recommendedCommands": recommended,
+            "safeCommands": safe,
+            "mustNotEdit": must_not_edit,
+            "expectedProofPathSet": normalized_paths,
+            "findings": findings,
+            "nextAction": {
+                "type": if blocked { "blocked" } else { "edit" },
+                "reason": if blocked { "Preflight is blocked until every requested path is explicit and editable." } else { "All requested paths are editable." },
+                "paths": must_not_edit,
+                "commands": [],
+                "checkIds": [],
+                "safeToExecute": !blocked,
+                "requiresUserApproval": blocked
+            }
+        }),
+        session.as_deref(),
+    )
+}
+
+fn requested_paths(root: &Path, args: &[String]) -> Vec<String> {
+    let mut paths = if args.iter().any(|arg| arg == "--from-changed") {
+        planner::changed_paths(root)
+    } else {
+        repeated_values(args, "--path")
+    };
+    paths.sort();
+    paths.dedup();
+    paths
+}
+
+fn selector_supplied(args: &[String]) -> bool {
+    args.iter()
+        .any(|arg| arg == "--from-changed" || arg == "--path")
+}
+
+fn target_findings(selector_supplied: bool) -> Vec<Value> {
+    if !selector_supplied {
+        vec![finding(
+            "task.preflight.missing_target_paths",
+            "Preflight requires --from-changed or at least one --path.",
+            "",
+        )]
+    } else {
+        Vec::new()
+    }
+}
+
+fn path_reports(
+    root: &Path,
+    paths: &[String],
+    status: &TaskStatusReportV1,
+    findings: &mut Vec<Value>,
+    must_not_edit: &mut Vec<String>,
+    normalized_paths: &mut Vec<String>,
+) -> Vec<Value> {
+    paths
+        .iter()
+        .map(|raw_path| {
+            path_report(
+                root,
+                raw_path,
+                status,
+                findings,
+                must_not_edit,
+                normalized_paths,
+            )
+        })
+        .collect()
+}
+
+fn path_report(
+    root: &Path,
+    raw_path: &str,
+    status: &TaskStatusReportV1,
+    findings: &mut Vec<Value>,
+    must_not_edit: &mut Vec<String>,
+    normalized_paths: &mut Vec<String>,
+) -> Value {
+    let (path, path_error) = normalize_requested_path(raw_path);
+    let ignored = path_error.is_none() && is_ignored(root, &path);
+    let control = path_error.is_none() && is_control_path(&path);
+    let in_scope = path_error.is_none() && path_matches_any(&path, &status.scope.allowed_paths);
+    let editable = path_editable(status, path_error.is_none(), ignored, control, in_scope);
+    track_path_report(&path, editable, must_not_edit, normalized_paths);
+    add_path_finding(&path, path_error, ignored, control, in_scope, findings);
+    let commands =
+        planner::planned_commands(root, std::slice::from_ref(&path), Some(&status.proof));
+    json!({
+        "path": path,
+        "editable": editable,
+        "reason": if editable { "Path is editable for the active task." } else { "Path is not editable without scope or state repair." },
+        "ignored": ignored,
+        "controlPath": control,
+        "inScope": in_scope,
+        "impactedChecks": commands.iter().filter_map(|command| command.get("checkId").and_then(Value::as_str).map(ToString::to_string)).collect::<Vec<_>>(),
+        "requiredBeforeCommit": commands,
+        "risk": planner::path_risk(raw_path),
+        "agentInstruction": if editable { "Agent may edit this path, then rerun task agent-snapshot or task loop." } else { "Do not edit this path in the current task." }
+    })
+}
+
+fn path_editable(
+    status: &TaskStatusReportV1,
+    valid_path: bool,
+    ignored: bool,
+    control: bool,
+    in_scope: bool,
+) -> bool {
+    valid_path
+        && !ignored
+        && !control
+        && in_scope
+        && status.task_id.is_some()
+        && !matches!(
+            status.state.as_str(),
+            "idle" | "missing" | "complete" | "blocked" | "needs_human_review"
+        )
+}
+
+fn track_path_report(
+    path: &str,
+    editable: bool,
+    must_not_edit: &mut Vec<String>,
+    normalized_paths: &mut Vec<String>,
+) {
+    if editable {
+        normalized_paths.push(path.to_string());
+    } else {
+        must_not_edit.push(path.to_string());
+    }
+}
+
+fn add_path_finding(
+    path: &str,
+    path_error: Option<String>,
+    ignored: bool,
+    control: bool,
+    in_scope: bool,
+    findings: &mut Vec<Value>,
+) {
+    if let Some(message) = path_error {
+        findings.push(finding("task.preflight.unsafe_path", &message, path));
+    } else if ignored {
+        findings.push(finding(
+            "task.preflight.ignored_path",
+            "Path is ignored by .naomeignore.",
+            path,
+        ));
+    } else if control {
+        findings.push(finding(
+            "task.preflight.control_path",
+            "Path is a NAOME control path.",
+            path,
+        ));
+    } else if !in_scope {
+        findings.push(finding(
+            "task.preflight.out_of_scope",
+            "Path is outside active task scope.",
+            path,
+        ));
+    }
+}
+
+fn finding(id: &str, message: &str, path: &str) -> Value {
+    json!({
+        "id": id,
+        "severity": "error",
+        "message": message,
+        "path": path,
+        "suggestedFix": "Use an in-scope non-control path or request explicit scope revision.",
+        "agentInstruction": "Do not edit this path unless a human-approved task scope revision allows it."
+    })
+}

package/crates/naome-cli/src/task_commands/record.rs

@@ -158,9 +158,6 @@ fn proof_batch(
                 "exitCode": receipt.exit_code,
                 "checkedAt": receipt.checked_at,
                 "evidenceFingerprint": receipt.evidence_fingerprint,
-                "stdoutSummary": receipt.stdout_summary,
-                "stderrSummary": receipt.stderr_summary,
-                "durationMs": receipt.duration_ms,
                 "agentSession": receipt.agent_session
             })
         }).collect::<Vec<_>>()
@@ -174,42 +171,82 @@ fn recordable_receipts(
 ) -> Result<(bool, Vec<Value>, Vec<CheckRunReceipt>), Box<dyn std::error::Error>> {
     let receipts = successful_receipts(root)?;
     let current_fingerprint = evidence_fingerprint(root, paths)?;
+    let task_id = read_task_state(root)?
+        .get("activeTask")
+        .and_then(|task| task.get("id"))
+        .and_then(Value::as_str)
+        .map(ToString::to_string);
     let mut selected = Vec::new();
     let mut findings = Vec::new();
     for check_id in check_ids {
         let expected = super::check_run::read_verification_check(root, check_id)?;
-        let receipt = receipts
+        let matching_check = receipts
             .iter()
             .rev()
-            .find(|receipt| {
-                receipt.check_id == *check_id
-                    && expected.as_ref().is_some_and(|check| {
-                        receipt.command == check.command && receipt.cwd == check.cwd
-                    })
-                    && paths.iter().all(|path| {
-                        receipt
-                            .evidence_paths
-                            .iter()
-                            .any(|evidence| evidence == path)
-                    })
-                    && receipt.evidence_fingerprint == current_fingerprint
-            })
-            .cloned();
-        match receipt {
-            Some(receipt) => selected.push(receipt),
-            None => findings.push(json!({
-                "id": "task.proof.no_recent_success",
+            .find(|receipt| receipt.check_id == *check_id);
+        let Some(receipt) = matching_check else {
+            findings.push(no_recent_success(check_id));
+            continue;
+        };
+        if receipt.task_id != task_id {
+            findings.push(json!({
+                "id": "task.proof.receipt_task_mismatch",
+                "severity": "error",
+                "message": format!("Recent receipt for {check_id} was produced for a different task."),
+                "path": null,
+                "suggestedFix": "Rerun the check for the active task before recording proof.",
+                "agentInstruction": "Do not record proof from another task."
+            }));
+            continue;
+        }
+        if !expected
+            .as_ref()
+            .is_some_and(|check| receipt.command == check.command && receipt.cwd == check.cwd)
+        {
+            findings.push(no_recent_success(check_id));
+            continue;
+        }
+        if paths != receipt.evidence_paths {
+            findings.push(json!({
+                "id": "task.proof.receipt_path_mismatch",
                 "severity": "error",
-                "message": format!("No recent successful safe check evidence covers current task paths for {check_id}."),
+                "message": format!("Recent receipt for {check_id} covers a different path set."),
                 "path": null,
-                "suggestedFix": "Run naome task run-check --check <id> --record-proof --json or naome task loop --execute-safe --json.",
-                "agentInstruction": "Do not record proof until NAOME has just executed the check successfully."
-            })),
+                "suggestedFix": "Rerun the check against the current task-owned changed paths.",
+                "agentInstruction": "Do not record proof when receipt paths differ from the current task diff."
+            }));
+            continue;
+        }
+        if receipt.evidence_fingerprint != current_fingerprint {
+            findings.push(json!({
+                "id": "task.proof.stale_receipt_content",
+                "severity": "error",
+                "message": format!("Recent receipt for {check_id} does not match current file contents."),
+                "path": null,
+                "suggestedFix": "Rerun the check after the latest edits.",
+                "agentInstruction": "Do not record proof from stale check output."
+            }));
+            continue;
+        }
+        match matching_check.cloned() {
+            Some(receipt) => selected.push(receipt),
+            None => findings.push(no_recent_success(check_id)),
         }
     }
     Ok((findings.is_empty(), findings, selected))
 }
 
+fn no_recent_success(check_id: &str) -> Value {
+    json!({
+        "id": "task.proof.no_recent_success",
+        "severity": "error",
+        "message": format!("No recent successful safe check evidence covers current task paths for {check_id}."),
+        "path": null,
+        "suggestedFix": "Run naome task run-check --check <id> --record-proof --json or naome task loop --execute-safe --json.",
+        "agentInstruction": "Do not record proof until NAOME has just executed the check successfully."
+    })
+}
+
 fn unique_path_set_id(path_sets: &serde_json::Map<String, Value>, base: &str) -> String {
     unique_id(base, |candidate| path_sets.contains_key(candidate))
 }

package/crates/naome-cli/src/task_commands/scope_suggestions.rs

@@ -0,0 +1,109 @@
+use std::path::Path;
+use std::process::Command;
+
+use serde_json::json;
+
+use super::common::{agent_session, print_json_with_session};
+use super::path_policy::is_ignored;
+use super::planner;
+
+pub(super) fn scope_suggestions(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let session = agent_session(args)?;
+    if !args.iter().any(|arg| arg == "--from-changed") {
+        return Err("naome task scope-suggestions requires --from-changed".into());
+    }
+    let mut suggestions = rename_suggestions(root)
+        .into_iter()
+        .chain(loader_suggestions(root))
+        .filter(|suggestion| {
+            !suggestion
+                .get("path")
+                .and_then(serde_json::Value::as_str)
+                .is_some_and(|path| is_ignored(root, path))
+        })
+        .collect::<Vec<_>>();
+    suggestions.sort_by(|left, right| {
+        left.get("path")
+            .and_then(serde_json::Value::as_str)
+            .unwrap_or("")
+            .cmp(
+                right
+                    .get("path")
+                    .and_then(serde_json::Value::as_str)
+                    .unwrap_or(""),
+            )
+    });
+    print_json_with_session(
+        json!({
+            "schema": "naome.task.scope-suggestions.v1",
+            "suggestions": suggestions,
+            "agentInstruction": "Suggestions are read-only hints; task scope mutation still requires explicit approval."
+        }),
+        session.as_deref(),
+    )
+}
+
+fn rename_suggestions(root: &Path) -> Vec<serde_json::Value> {
+    let Ok(output) = Command::new("git")
+        .args(["status", "--porcelain=v1", "-z"])
+        .current_dir(root)
+        .output()
+    else {
+        return Vec::new();
+    };
+    if !output.status.success() {
+        return Vec::new();
+    }
+    let mut suggestions = Vec::new();
+    let entries = output.stdout.split(|byte| *byte == 0).collect::<Vec<_>>();
+    let mut index = 0;
+    while index < entries.len() {
+        let entry = entries[index];
+        index += 1;
+        if entry.len() < 4 {
+            continue;
+        }
+        let status = String::from_utf8_lossy(&entry[..2]);
+        if status.contains('R') && index < entries.len() {
+            let old = String::from_utf8_lossy(entries[index]).replace('\\', "/");
+            index += 1;
+            let new = String::from_utf8_lossy(&entry[3..]).replace('\\', "/");
+            for path in [old, new] {
+                suggestions.push(json!({
+                    "path": path,
+                    "reason": "paired path for renamed file",
+                    "confidence": 0.95,
+                    "requiresUserApproval": true
+                }));
+            }
+        }
+    }
+    suggestions
+}
+
+fn loader_suggestions(root: &Path) -> Vec<serde_json::Value> {
+    planner::changed_paths(root)
+        .into_iter()
+        .filter(|path| path.ends_with(".test.js") || path.ends_with("_test.rs"))
+        .filter_map(|path| {
+            let loader = if path.starts_with("scripts/") {
+                Some("scripts/naome-installer-support.js".to_string())
+            } else if path.contains("/tests/") {
+                path.split("/tests/")
+                    .next()
+                    .map(|prefix| format!("{prefix}/tests/support/mod.rs"))
+            } else {
+                None
+            }?;
+            Some(json!({
+                "path": loader,
+                "reason": "fixture support helper for changed test",
+                "confidence": 0.7,
+                "requiresUserApproval": true
+            }))
+        })
+        .collect()
+}