@lamentis/naome 1.4.2 → 1.4.4

package/Cargo.lock

@@ -76,7 +76,7 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "naome-cli"
-version = "1.4.2"
+version = "1.4.4"
 dependencies = [
  "naome-core",
  "serde_json",
@@ -84,7 +84,7 @@ dependencies = [
 
 [[package]]
 name = "naome-core"
-version = "1.4.2"
+version = "1.4.4"
 dependencies = [
  "serde",
  "serde_json",

package/crates/naome-cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-cli"
-version = "1.4.2"
+version = "1.4.4"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-cli/src/main.rs

@@ -39,6 +39,11 @@ const HELP: &str = r#"Usage:
   naome seed-verification
   naome task status [--json] [--exit-code] [--agent-session <id>]
   naome task proof-plan [--json] [--exit-code] [--agent-session <id>]
+  naome task agent-snapshot --json [--exit-code] [--agent-session <id>]
+  naome task preflight (--path <path>...|--from-changed) --json [--agent-session <id>]
+  naome task commit-preflight --json [--exit-code] [--agent-session <id>]
+  naome task compact-proof [--dry-run] --json [--agent-session <id>]
+  naome task scope-suggestions --from-changed --json [--agent-session <id>]
   naome task can-edit --path <path> --json [--agent-session <id>]
   naome task run-check --check <check-id> [--record-proof] --json [--agent-session <id>]
   naome task loop [--execute-safe] --json [--agent-session <id>]

package/crates/naome-cli/src/task_commands/agent_snapshot.rs

@@ -0,0 +1,231 @@
+use std::collections::{BTreeMap, BTreeSet};
+use std::path::Path;
+
+use naome_core::{
+    task_proof_plan, task_status_exit_code, task_status_report, task_transition_readiness,
+};
+use serde_json::{json, Value};
+
+use super::common::{agent_session, print_json_with_session};
+use super::planner;
+
+pub(super) fn agent_snapshot(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let session = agent_session(args)?;
+    let status = task_status_report(root)?;
+    let proof_plan = task_proof_plan(root)?;
+    let transition = task_transition_readiness(root, "complete")?;
+    let planned = merge_commands(
+        serde_json::to_value(&proof_plan.recommended_commands)?,
+        planner::planned_commands(
+            root,
+            &status.scope.in_scope_changed_paths,
+            Some(&status.proof),
+        ),
+    );
+    let (safe_to_run, deferred) = planner::split_safe_commands(&planned);
+    let can_commit = transition.allowed && status.agent_loop.can_commit;
+    let value = json!({
+        "schema": "naome.task.agent-snapshot.v1",
+        "state": snapshot_state(&status),
+        "task": {
+            "state": status.state,
+            "taskId": status.task_id,
+            "request": status.request
+        },
+        "git": {
+            "head": status.git.head,
+            "admissionHead": status.git.admission_head,
+            "admissionHeadReachable": status.git.admission_head_reachable,
+            "operationInProgress": status.git.operation_in_progress,
+            "branchDiverged": status.git.ahead > 0 || status.git.behind > 0
+        },
+        "scope": {
+            "allowedPaths": status.scope.allowed_paths,
+            "changedPaths": status.scope.changed_paths,
+            "editablePaths": editable_paths(&status),
+            "mustNotEditPaths": status.scope.out_of_scope_changed_paths,
+            "outOfScopeChangedPaths": status.scope.out_of_scope_changed_paths
+        },
+        "proof": status.proof,
+        "checks": {
+            "recommended": planned,
+            "safeToRun": safe_to_run,
+            "deferred": deferred
+        },
+        "commit": {
+            "canCommit": can_commit,
+            "blockingFindings": if can_commit { json!([]) } else { serde_json::to_value(&transition.blocking_findings)? }
+        },
+        "transition": {
+            "canComplete": transition.allowed,
+            "blockingFindings": transition.blocking_findings
+        },
+        "nextAction": snapshot_next_action(&status, &proof_plan, can_commit),
+        "agentLoop": status.agent_loop,
+        "repairPlan": status.repair_plan,
+        "findings": status.findings,
+        "agentInstruction": if can_commit { "Task is commit-ready; do not edit further before committing." } else { "Follow nextAction and only execute commands listed as safeToRun." }
+    });
+    let code = task_status_exit_code(&status.findings, &status.proof);
+    print_json_with_session(value, session.as_deref())?;
+    if args.iter().any(|arg| arg == "--exit-code") {
+        std::process::exit(code);
+    }
+    Ok(())
+}
+
+fn merge_commands(left: Value, right: Vec<Value>) -> Vec<Value> {
+    let commands = left
+        .as_array()
+        .cloned()
+        .unwrap_or_default()
+        .into_iter()
+        .chain(right)
+        .collect::<Vec<_>>();
+    let mut merged = BTreeMap::<String, Value>::new();
+    for command in commands {
+        let Some(check_id) = command
+            .get("checkId")
+            .and_then(Value::as_str)
+            .map(ToString::to_string)
+        else {
+            continue;
+        };
+        if let Some(existing) = merged.get_mut(&check_id) {
+            merge_command(existing, &command);
+        } else {
+            merged.insert(check_id, command);
+        }
+    }
+    merged.into_values().collect()
+}
+
+fn merge_command(existing: &mut Value, incoming: &Value) {
+    merge_csv_field(existing, incoming, "reason");
+    existing["selectionReason"] = existing["reason"].clone();
+    merge_string_array_field(existing, incoming, "impactedPaths");
+    let safe = existing
+        .get("safeToExecute")
+        .and_then(Value::as_bool)
+        .unwrap_or(false)
+        && incoming
+            .get("safeToExecute")
+            .and_then(Value::as_bool)
+            .unwrap_or(false);
+    existing["safeToExecute"] = json!(safe);
+}
+
+fn merge_csv_field(existing: &mut Value, incoming: &Value, field: &str) {
+    let mut values = BTreeSet::new();
+    collect_csv(existing.get(field), &mut values);
+    collect_csv(incoming.get(field), &mut values);
+    existing[field] = json!(values.into_iter().collect::<Vec<_>>().join(","));
+}
+
+fn collect_csv(value: Option<&Value>, values: &mut BTreeSet<String>) {
+    if let Some(raw) = value.and_then(Value::as_str) {
+        values.extend(
+            raw.split(',')
+                .map(str::trim)
+                .filter(|part| !part.is_empty())
+                .map(ToString::to_string),
+        );
+    }
+}
+
+fn merge_string_array_field(existing: &mut Value, incoming: &Value, field: &str) {
+    let mut values = BTreeSet::new();
+    collect_string_array(existing.get(field), &mut values);
+    collect_string_array(incoming.get(field), &mut values);
+    existing[field] = json!(values.into_iter().collect::<Vec<_>>());
+}
+
+fn collect_string_array(value: Option<&Value>, values: &mut BTreeSet<String>) {
+    values.extend(
+        value
+            .and_then(Value::as_array)
+            .into_iter()
+            .flatten()
+            .filter_map(Value::as_str)
+            .map(ToString::to_string),
+    );
+}
+
+fn snapshot_state(status: &naome_core::TaskStatusReportV1) -> &'static str {
+    if status
+        .findings
+        .iter()
+        .any(|finding| finding.id.starts_with("task.git."))
+    {
+        "blocked_by_git_state"
+    } else if !status.scope.out_of_scope_changed_paths.is_empty() {
+        "blocked_by_scope_drift"
+    } else if !status.proof.missing_checks.is_empty() {
+        "blocked_by_missing_proof"
+    } else if !status.proof.stale_checks.is_empty() {
+        "blocked_by_stale_proof"
+    } else if status.agent_loop.can_commit {
+        "ready_to_commit"
+    } else {
+        "healthy"
+    }
+}
+
+fn editable_paths(status: &naome_core::TaskStatusReportV1) -> Vec<String> {
+    if matches!(
+        status.state.as_str(),
+        "idle" | "missing" | "complete" | "blocked" | "needs_human_review"
+    ) {
+        return Vec::new();
+    }
+    status.scope.allowed_paths.clone()
+}
+
+fn snapshot_next_action(
+    status: &naome_core::TaskStatusReportV1,
+    proof_plan: &naome_core::TaskProofPlanReport,
+    can_commit: bool,
+) -> Value {
+    let action_type = if !status.scope.out_of_scope_changed_paths.is_empty() {
+        "repair_scope"
+    } else if status
+        .findings
+        .iter()
+        .any(|finding| finding.id.starts_with("task.git."))
+    {
+        "recover_git"
+    } else if !status.proof.missing_checks.is_empty() || !status.proof.stale_checks.is_empty() {
+        "run_checks"
+    } else if !proof_plan.proof_recording.checks_to_record.is_empty() {
+        "record_proof"
+    } else if can_commit {
+        "commit_ready"
+    } else if status.state == "implementing" && status.agent_loop.can_continue_editing {
+        "edit"
+    } else {
+        "none"
+    };
+    if can_commit && action_type == "commit_ready" {
+        return json!({
+            "type": "commit_ready",
+            "reason": "Task is complete enough to commit; do not continue editing before commit.",
+            "commands": [],
+            "paths": status.scope.in_scope_changed_paths,
+            "checkIds": [],
+            "safeToExecute": false,
+            "requiresUserApproval": true
+        });
+    }
+    json!({
+        "type": action_type,
+        "reason": status.next_action_v2.reason,
+        "commands": status.next_action_v2.commands,
+        "paths": status.next_action_v2.paths,
+        "checkIds": status.next_action_v2.check_ids,
+        "safeToExecute": status.next_action_v2.safe_to_execute,
+        "requiresUserApproval": status.next_action_v2.requires_user_approval
+    })
+}

package/crates/naome-cli/src/task_commands/can_edit.rs

@@ -1,9 +1,10 @@
 use std::path::Path;
 
-use naome_core::{naomeignore_patterns, path_matches_any, task_status_report};
+use naome_core::{path_matches_any, task_status_report};
 use serde_json::json;
 
 use super::common::{agent_session, print_json_with_session, value_after};
+use super::path_policy::{edit_finding, is_control_path, is_ignored, normalize_requested_path};
 
 pub(super) fn can_edit(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
     let session = agent_session(args)?;
@@ -13,15 +14,15 @@ pub(super) fn can_edit(root: &Path, args: &[String]) -> Result<(), Box<dyn std::
     let (path, path_error) = normalize_requested_path(raw_path);
     let mut findings = Vec::new();
     if let Some(message) = path_error {
-        findings.push(finding("task.edit.unsafe_path", &message, raw_path));
+        findings.push(edit_finding("task.edit.unsafe_path", &message, raw_path));
     } else if is_ignored(root, &path) {
-        findings.push(finding(
+        findings.push(edit_finding(
             "task.edit.ignored_path",
             "Path is ignored by .naomeignore and is outside the active harness context.",
             &path,
         ));
     } else if is_control_path(&path) {
-        findings.push(finding(
+        findings.push(edit_finding(
             "task.edit.control_path",
             "NAOME control files cannot be edited through the autonomous can-edit path.",
             &path,
@@ -34,13 +35,13 @@ pub(super) fn can_edit(root: &Path, args: &[String]) -> Result<(), Box<dyn std::
                 "idle" | "missing" | "complete" | "blocked" | "needs_human_review"
             )
         {
-            findings.push(finding(
+            findings.push(edit_finding(
                 "task.edit.no_active_task",
                 "No editable active task is available for this path.",
                 &path,
             ));
         } else if !path_matches_any(&path, &status.scope.allowed_paths) {
-            findings.push(finding(
+            findings.push(edit_finding(
                 "task.edit.out_of_scope",
                 "Path is outside activeTask.allowedPaths.",
                 &path,
@@ -61,56 +62,3 @@ pub(super) fn can_edit(root: &Path, args: &[String]) -> Result<(), Box<dyn std::
         session.as_deref(),
     )
 }
-
-fn normalize_requested_path(raw_path: &str) -> (String, Option<String>) {
-    if raw_path.contains('\\') {
-        return (
-            raw_path.to_string(),
-            Some("Backslash path separators are not allowed.".to_string()),
-        );
-    }
-    let path = Path::new(raw_path);
-    if path.is_absolute() {
-        return (
-            raw_path.to_string(),
-            Some("Absolute paths are not allowed.".to_string()),
-        );
-    }
-    if raw_path.split('/').any(|part| part == "..") {
-        return (
-            raw_path.to_string(),
-            Some("Parent traversal is not allowed.".to_string()),
-        );
-    }
-    let normalized = raw_path
-        .split('/')
-        .filter(|part| !part.is_empty() && *part != ".")
-        .collect::<Vec<_>>()
-        .join("/");
-    if normalized.is_empty() {
-        return (
-            raw_path.to_string(),
-            Some("Path must not be empty.".to_string()),
-        );
-    }
-    (normalized, None)
-}
-
-fn is_control_path(path: &str) -> bool {
-    path == ".naome" || path.starts_with(".naome/") || path == ".naomeignore"
-}
-
-fn is_ignored(root: &Path, path: &str) -> bool {
-    path_matches_any(path, &naomeignore_patterns(root))
-}
-
-fn finding(id: &str, message: &str, path: &str) -> serde_json::Value {
-    json!({
-        "id": id,
-        "severity": "error",
-        "message": message,
-        "path": path,
-        "suggestedFix": "Use task request-scope for legitimate scope changes or choose an allowed path.",
-        "agentInstruction": "Do not edit this path in the current task."
-    })
-}

package/crates/naome-cli/src/task_commands/check_run/receipts.rs

@@ -9,6 +9,7 @@ const RECEIPTS_PATH: &str = "naome-task-check-runs.json";
 
 #[derive(Debug, Clone)]
 pub(in crate::task_commands) struct CheckRunReceipt {
+    pub(in crate::task_commands) task_id: Option<String>,
     pub(in crate::task_commands) check_id: String,
     pub(in crate::task_commands) command: String,
     pub(in crate::task_commands) cwd: String,
@@ -63,9 +64,11 @@ pub(super) fn append_receipt(
     Ok(())
 }
 
-pub(super) fn changed_paths(root: &Path) -> Result<Vec<String>, Box<dyn std::error::Error>> {
+pub(in crate::task_commands) fn changed_paths(
+    root: &Path,
+) -> Result<Vec<String>, Box<dyn std::error::Error>> {
     let output = Command::new("git")
-        .args(["status", "--porcelain=v1"])
+        .args(["status", "--porcelain=v1", "--untracked-files=all"])
         .current_dir(root)
         .output()?;
     if !output.status.success() {
@@ -96,6 +99,7 @@ fn receipt_path(root: &Path) -> Result<PathBuf, Box<dyn std::error::Error>> {
 
 fn receipt_to_value(receipt: &CheckRunReceipt) -> Value {
     json!({
+        "taskId": receipt.task_id,
         "checkId": receipt.check_id,
         "command": receipt.command,
         "cwd": receipt.cwd,
@@ -112,6 +116,10 @@ fn receipt_to_value(receipt: &CheckRunReceipt) -> Value {
 
 fn receipt_from_value(value: &Value) -> Option<CheckRunReceipt> {
     Some(CheckRunReceipt {
+        task_id: value
+            .get("taskId")
+            .and_then(Value::as_str)
+            .map(ToString::to_string),
         check_id: value.get("checkId")?.as_str()?.to_string(),
         command: value.get("command")?.as_str()?.to_string(),
         cwd: value.get("cwd")?.as_str()?.to_string(),

package/crates/naome-cli/src/task_commands/check_run.rs

@@ -9,12 +9,14 @@ mod output;
 mod receipts;
 mod verification;
 
-pub(super) use receipts::{evidence_fingerprint, successful_receipts, CheckRunReceipt};
+pub(super) use receipts::{
+    changed_paths, evidence_fingerprint, successful_receipts, CheckRunReceipt,
+};
 pub(super) use verification::read_verification_check;
 
 use super::common::{agent_session, print_json_with_session, value_after};
 use output::{finding, run_check_response};
-use receipts::{append_receipt, changed_paths};
+use receipts::append_receipt;
 use verification::safe_command;
 
 pub(super) fn run_check_command(
@@ -83,8 +85,10 @@ pub(super) fn run_check_by_id(
     }
     let duration_ms = start.elapsed().as_millis();
     let after = changed_paths(root)?;
-    let evidence_paths = task_status_report(root)?.scope.in_scope_changed_paths;
+    let status = task_status_report(root)?;
+    let evidence_paths = status.scope.in_scope_changed_paths;
     let receipt = CheckRunReceipt {
+        task_id: status.task_id,
         check_id: check.id.clone(),
         command: check.command.clone(),
         cwd: check.cwd.clone(),

package/crates/naome-cli/src/task_commands/commit_preflight.rs

@@ -0,0 +1,89 @@
+use std::path::Path;
+
+use naome_core::{task_status_exit_code, task_status_report, task_transition_readiness};
+use naome_core::{TaskStatusFinding, TaskStatusReportV1};
+use serde_json::{json, Value};
+
+use super::common::{agent_session, print_json_with_session};
+
+pub(super) fn commit_preflight(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let session = agent_session(args)?;
+    let status = task_status_report(root)?;
+    let transition = task_transition_readiness(root, "complete")?;
+    let would_pass = transition.allowed && status.agent_loop.can_commit;
+    let blocking = if would_pass {
+        Vec::new()
+    } else if !transition.blocking_findings.is_empty() {
+        transition.blocking_findings.clone()
+    } else {
+        status.findings.clone()
+    };
+    let exit_code = commit_preflight_exit_code(would_pass, &status);
+    print_json_with_session(
+        json!({
+            "schema": "naome.task.commit-preflight.v1",
+            "wouldPass": would_pass,
+            "commitPaths": status.scope.in_scope_changed_paths,
+            "blockingFindings": blocking,
+            "nextAction": commit_preflight_next_action(would_pass, &blocking, &status)?,
+            "agentInstruction": if would_pass { "Commit gate preflight is clean; use the normal NAOME commit path." } else { "Resolve blocking findings before committing." }
+        }),
+        session.as_deref(),
+    )?;
+    if args.iter().any(|arg| arg == "--exit-code") {
+        std::process::exit(exit_code);
+    }
+    Ok(())
+}
+
+fn commit_preflight_exit_code(would_pass: bool, status: &TaskStatusReportV1) -> i32 {
+    if would_pass {
+        return 0;
+    }
+    let code = task_status_exit_code(&status.findings, &status.proof);
+    if code == 0 {
+        1
+    } else {
+        code
+    }
+}
+
+fn commit_preflight_next_action(
+    would_pass: bool,
+    blocking: &[TaskStatusFinding],
+    status: &TaskStatusReportV1,
+) -> Result<Value, Box<dyn std::error::Error>> {
+    if would_pass {
+        return Ok(json!({
+            "type": "commit_ready",
+            "reason": "Task state, scope, proof, and transition checks are commit-ready.",
+            "commands": [],
+            "paths": status.scope.in_scope_changed_paths,
+            "checkIds": [],
+            "safeToExecute": false,
+            "requiresUserApproval": true
+        }));
+    }
+    if has_status_blocker(status) {
+        return Ok(serde_json::to_value(&status.next_action_v2)?);
+    }
+    if let Some(primary) = blocking.first() {
+        return Ok(json!({
+            "type": "blocked",
+            "reason": primary.message,
+            "commands": [],
+            "paths": primary.path.as_ref().map(|path| vec![path.clone()]).unwrap_or_default(),
+            "checkIds": [],
+            "safeToExecute": false,
+            "requiresUserApproval": true
+        }));
+    }
+    Ok(serde_json::to_value(&status.next_action_v2)?)
+}
+
+fn has_status_blocker(status: &TaskStatusReportV1) -> bool {
+    task_status_exit_code(&status.findings, &status.proof) != 0
+}

package/crates/naome-cli/src/task_commands/compact_proof.rs

@@ -0,0 +1,69 @@
+use std::path::Path;
+
+use serde_json::{json, Value};
+
+use super::common::{agent_session, print_json_with_session, read_task_state, write_task_state};
+
+pub(super) fn compact_proof(
+    root: &Path,
+    args: &[String],
+) -> Result<(), Box<dyn std::error::Error>> {
+    let session = agent_session(args)?;
+    let dry_run = args.iter().any(|arg| arg == "--dry-run");
+    let mut state = read_task_state(root)?;
+    let before = serde_json::to_vec_pretty(&state)?.len();
+    let removed = compact_state(&mut state);
+    let after = serde_json::to_vec_pretty(&state)?.len();
+    if !dry_run && removed > 0 {
+        write_task_state(root, &state)?;
+    }
+    print_json_with_session(
+        json!({
+            "schema": "naome.task.compact-proof.v1",
+            "dryRun": dry_run,
+            "compacted": !dry_run && removed > 0,
+            "removedVerboseFields": removed,
+            "beforeBytes": before,
+            "afterBytes": after,
+            "savedBytes": before.saturating_sub(after),
+            "agentInstruction": if dry_run { "Review compaction summary; rerun without --dry-run to compact tracked proof." } else { "Tracked proof is compact while preserving check ids, evidence path sets, and fingerprints." }
+        }),
+        session.as_deref(),
+    )
+}
+
+pub(super) fn compact_state(state: &mut Value) -> usize {
+    let mut removed = 0;
+    let Some(active) = state.get_mut("activeTask") else {
+        return 0;
+    };
+    if let Some(batches) = active.get_mut("proofBatches").and_then(Value::as_array_mut) {
+        for batch in batches {
+            if let Some(proofs) = batch.get_mut("proofs").and_then(Value::as_array_mut) {
+                for proof in proofs {
+                    removed += remove_key(proof, "stdoutSummary");
+                    removed += remove_key(proof, "stderrSummary");
+                    removed += remove_key(proof, "durationMs");
+                }
+            }
+        }
+    }
+    if let Some(results) = active.get_mut("proofResults").and_then(Value::as_array_mut) {
+        for proof in results {
+            removed += remove_key(proof, "stdoutSummary");
+            removed += remove_key(proof, "stderrSummary");
+            removed += remove_key(proof, "durationMs");
+            removed += remove_key(proof, "stdout");
+            removed += remove_key(proof, "stderr");
+        }
+    }
+    removed
+}
+
+fn remove_key(value: &mut Value, key: &str) -> usize {
+    value
+        .as_object_mut()
+        .and_then(|object| object.remove(key))
+        .map(|_| 1)
+        .unwrap_or(0)
+}

package/crates/naome-cli/src/task_commands/loop_control.rs

@@ -3,7 +3,7 @@ use std::path::Path;
 use naome_core::{task_proof_plan, task_status_report, task_transition_readiness};
 use serde_json::json;
 
-use super::common::{agent_session, print_json_with_session};
+use super::common::{agent_session, print_json_with_session, read_task_state, write_task_state};
 
 pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
     let session = agent_session(args)?;
@@ -18,12 +18,30 @@ pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
             .filter(|item| item.kind == "rerun_check" && item.safe_to_execute)
         {
             if let Some(check_id) = item.check_ids.first() {
-                executed_steps.push(super::check_run::run_check_by_id(
-                    root,
-                    check_id,
-                    true,
-                    session.as_deref(),
-                )?);
+                let step =
+                    super::check_run::run_check_by_id(root, check_id, true, session.as_deref())?;
+                let failed = step
+                    .get("exitCode")
+                    .and_then(serde_json::Value::as_i64)
+                    .is_some_and(|code| code != 0);
+                executed_steps.push(step);
+                if failed {
+                    break;
+                }
+            }
+        }
+        if executed_steps
+            .iter()
+            .all(|step| step.get("exitCode").and_then(serde_json::Value::as_i64) == Some(0))
+        {
+            let mut state = read_task_state(root)?;
+            if super::compact_proof::compact_state(&mut state) > 0 {
+                write_task_state(root, &state)?;
+                executed_steps.push(json!({
+                    "schema": "naome.task.compact-proof.v1",
+                    "compacted": true,
+                    "agentInstruction": "Compacted tracked proof after safe check execution."
+                }));
             }
         }
     }