@lamentis/naome 1.4.4 → 1.4.6

package/Cargo.lock

@@ -76,7 +76,7 @@ checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
 
 [[package]]
 name = "naome-cli"
-version = "1.4.4"
+version = "1.4.6"
 dependencies = [
  "naome-core",
  "serde_json",
@@ -84,7 +84,7 @@ dependencies = [
 
 [[package]]
 name = "naome-core"
-version = "1.4.4"
+version = "1.4.6"
 dependencies = [
  "serde",
  "serde_json",

package/crates/naome-cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "naome-cli"
-version = "1.4.4"
+version = "1.4.6"
 edition.workspace = true
 license.workspace = true
 repository.workspace = true

package/crates/naome-cli/src/main.rs

@@ -197,6 +197,7 @@ fn find_harness_root(start: &Path) -> Option<PathBuf> {
         &[
             &[".naome", "task-state.json"],
             &[".naome", "tasks", "active.json"],
+            &[".naome", "manifest.json"],
         ],
     )
 }

package/crates/naome-cli/src/task_commands/agent_snapshot.rs

@@ -8,6 +8,8 @@ use serde_json::{json, Value};
 
 use super::common::{agent_session, print_json_with_session};
 use super::planner;
+pub(super) use super::single_pass_action::single_pass_next_action;
+use super::single_pass_action_fields::{collect_csv, collect_string_array};
 
 pub(super) fn agent_snapshot(
     root: &Path,
@@ -27,6 +29,21 @@ pub(super) fn agent_snapshot(
     );
     let (safe_to_run, deferred) = planner::split_safe_commands(&planned);
     let can_commit = transition.allowed && status.agent_loop.can_commit;
+    let can_record_proof = super::record::can_record_receipts(
+        root,
+        &proof_plan.proof_recording.checks_to_record,
+        &proof_plan.proof_recording.paths,
+    )?;
+    let next_action = single_pass_next_action(
+        &status,
+        &proof_plan,
+        &transition,
+        &planned,
+        &safe_to_run,
+        &deferred,
+        can_commit,
+        can_record_proof,
+    );
     let value = json!({
         "schema": "naome.task.agent-snapshot.v1",
         "state": snapshot_state(&status),
@@ -63,7 +80,7 @@ pub(super) fn agent_snapshot(
             "canComplete": transition.allowed,
             "blockingFindings": transition.blocking_findings
         },
-        "nextAction": snapshot_next_action(&status, &proof_plan, can_commit),
+        "nextAction": next_action,
         "agentLoop": status.agent_loop,
         "repairPlan": status.repair_plan,
         "findings": status.findings,
@@ -77,7 +94,7 @@ pub(super) fn agent_snapshot(
     Ok(())
 }
 
-fn merge_commands(left: Value, right: Vec<Value>) -> Vec<Value> {
+pub(super) fn merge_commands(left: Value, right: Vec<Value>) -> Vec<Value> {
     let commands = left
         .as_array()
         .cloned()
@@ -125,17 +142,6 @@ fn merge_csv_field(existing: &mut Value, incoming: &Value, field: &str) {
     existing[field] = json!(values.into_iter().collect::<Vec<_>>().join(","));
 }
 
-fn collect_csv(value: Option<&Value>, values: &mut BTreeSet<String>) {
-    if let Some(raw) = value.and_then(Value::as_str) {
-        values.extend(
-            raw.split(',')
-                .map(str::trim)
-                .filter(|part| !part.is_empty())
-                .map(ToString::to_string),
-        );
-    }
-}
-
 fn merge_string_array_field(existing: &mut Value, incoming: &Value, field: &str) {
     let mut values = BTreeSet::new();
     collect_string_array(existing.get(field), &mut values);
@@ -143,17 +149,6 @@ fn merge_string_array_field(existing: &mut Value, incoming: &Value, field: &str)
     existing[field] = json!(values.into_iter().collect::<Vec<_>>());
 }
 
-fn collect_string_array(value: Option<&Value>, values: &mut BTreeSet<String>) {
-    values.extend(
-        value
-            .and_then(Value::as_array)
-            .into_iter()
-            .flatten()
-            .filter_map(Value::as_str)
-            .map(ToString::to_string),
-    );
-}
-
 fn snapshot_state(status: &naome_core::TaskStatusReportV1) -> &'static str {
     if status
         .findings
@@ -183,49 +178,3 @@ fn editable_paths(status: &naome_core::TaskStatusReportV1) -> Vec<String> {
     }
     status.scope.allowed_paths.clone()
 }
-
-fn snapshot_next_action(
-    status: &naome_core::TaskStatusReportV1,
-    proof_plan: &naome_core::TaskProofPlanReport,
-    can_commit: bool,
-) -> Value {
-    let action_type = if !status.scope.out_of_scope_changed_paths.is_empty() {
-        "repair_scope"
-    } else if status
-        .findings
-        .iter()
-        .any(|finding| finding.id.starts_with("task.git."))
-    {
-        "recover_git"
-    } else if !status.proof.missing_checks.is_empty() || !status.proof.stale_checks.is_empty() {
-        "run_checks"
-    } else if !proof_plan.proof_recording.checks_to_record.is_empty() {
-        "record_proof"
-    } else if can_commit {
-        "commit_ready"
-    } else if status.state == "implementing" && status.agent_loop.can_continue_editing {
-        "edit"
-    } else {
-        "none"
-    };
-    if can_commit && action_type == "commit_ready" {
-        return json!({
-            "type": "commit_ready",
-            "reason": "Task is complete enough to commit; do not continue editing before commit.",
-            "commands": [],
-            "paths": status.scope.in_scope_changed_paths,
-            "checkIds": [],
-            "safeToExecute": false,
-            "requiresUserApproval": true
-        });
-    }
-    json!({
-        "type": action_type,
-        "reason": status.next_action_v2.reason,
-        "commands": status.next_action_v2.commands,
-        "paths": status.next_action_v2.paths,
-        "checkIds": status.next_action_v2.check_ids,
-        "safeToExecute": status.next_action_v2.safe_to_execute,
-        "requiresUserApproval": status.next_action_v2.requires_user_approval
-    })
-}

package/crates/naome-cli/src/task_commands/commit_preflight.rs

@@ -1,10 +1,12 @@
 use std::path::Path;
 
-use naome_core::{task_status_exit_code, task_status_report, task_transition_readiness};
-use naome_core::{TaskStatusFinding, TaskStatusReportV1};
-use serde_json::{json, Value};
+use naome_core::{
+    task_status_exit_code, task_status_report, task_transition_readiness, TaskStatusReportV1,
+};
+use serde_json::json;
 
 use super::common::{agent_session, print_json_with_session};
+use super::{agent_snapshot, planner};
 
 pub(super) fn commit_preflight(
     root: &Path,
@@ -12,8 +14,18 @@ pub(super) fn commit_preflight(
 ) -> Result<(), Box<dyn std::error::Error>> {
     let session = agent_session(args)?;
     let status = task_status_report(root)?;
+    let proof_plan = naome_core::task_proof_plan(root)?;
     let transition = task_transition_readiness(root, "complete")?;
     let would_pass = transition.allowed && status.agent_loop.can_commit;
+    let planned = agent_snapshot::merge_commands(
+        serde_json::to_value(&proof_plan.recommended_commands)?,
+        planner::planned_commands(
+            root,
+            &status.scope.in_scope_changed_paths,
+            Some(&status.proof),
+        ),
+    );
+    let (safe_to_run, deferred) = planner::split_safe_commands(&planned);
     let blocking = if would_pass {
         Vec::new()
     } else if !transition.blocking_findings.is_empty() {
@@ -28,7 +40,20 @@ pub(super) fn commit_preflight(
             "wouldPass": would_pass,
             "commitPaths": status.scope.in_scope_changed_paths,
             "blockingFindings": blocking,
-            "nextAction": commit_preflight_next_action(would_pass, &blocking, &status)?,
+            "nextAction": agent_snapshot::single_pass_next_action(
+                &status,
+                &proof_plan,
+                &transition,
+                &planned,
+                &safe_to_run,
+                &deferred,
+                would_pass,
+                super::record::can_record_receipts(
+                    root,
+                    &proof_plan.proof_recording.checks_to_record,
+                    &proof_plan.proof_recording.paths
+                )?
+            ),
             "agentInstruction": if would_pass { "Commit gate preflight is clean; use the normal NAOME commit path." } else { "Resolve blocking findings before committing." }
         }),
         session.as_deref(),
@@ -50,40 +75,3 @@ fn commit_preflight_exit_code(would_pass: bool, status: &TaskStatusReportV1) ->
         code
     }
 }
-
-fn commit_preflight_next_action(
-    would_pass: bool,
-    blocking: &[TaskStatusFinding],
-    status: &TaskStatusReportV1,
-) -> Result<Value, Box<dyn std::error::Error>> {
-    if would_pass {
-        return Ok(json!({
-            "type": "commit_ready",
-            "reason": "Task state, scope, proof, and transition checks are commit-ready.",
-            "commands": [],
-            "paths": status.scope.in_scope_changed_paths,
-            "checkIds": [],
-            "safeToExecute": false,
-            "requiresUserApproval": true
-        }));
-    }
-    if has_status_blocker(status) {
-        return Ok(serde_json::to_value(&status.next_action_v2)?);
-    }
-    if let Some(primary) = blocking.first() {
-        return Ok(json!({
-            "type": "blocked",
-            "reason": primary.message,
-            "commands": [],
-            "paths": primary.path.as_ref().map(|path| vec![path.clone()]).unwrap_or_default(),
-            "checkIds": [],
-            "safeToExecute": false,
-            "requiresUserApproval": true
-        }));
-    }
-    Ok(serde_json::to_value(&status.next_action_v2)?)
-}
-
-fn has_status_blocker(status: &TaskStatusReportV1) -> bool {
-    task_status_exit_code(&status.findings, &status.proof) != 0
-}

package/crates/naome-cli/src/task_commands/common.rs

@@ -1,12 +1,12 @@
 use std::fs;
 use std::path::Path;
 
+use naome_core::read_task_state_projection;
 use serde_json::{json, Value};
 
 pub(super) fn read_task_state(root: &Path) -> Result<Value, Box<dyn std::error::Error>> {
-    Ok(serde_json::from_str(&fs::read_to_string(
-        root.join(".naome/task-state.json"),
-    )?)?)
+    read_task_state_projection(root)?
+        .ok_or_else(|| "NAOME task-state projection is unavailable.".into())
 }
 
 pub(super) fn write_task_state(

package/crates/naome-cli/src/task_commands/loop_control.rs

@@ -4,6 +4,7 @@ use naome_core::{task_proof_plan, task_status_report, task_transition_readiness}
 use serde_json::json;
 
 use super::common::{agent_session, print_json_with_session, read_task_state, write_task_state};
+use super::{agent_snapshot, planner};
 
 pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std::error::Error>> {
     let session = agent_session(args)?;
@@ -11,13 +12,19 @@ pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
     let mut executed_steps = Vec::new();
 
     if execute_safe {
-        let plan = task_proof_plan(root)?;
-        for item in plan
-            .repair_plan
-            .iter()
-            .filter(|item| item.kind == "rerun_check" && item.safe_to_execute)
-        {
-            if let Some(check_id) = item.check_ids.first() {
+        let status = task_status_report(root)?;
+        let proof_plan = task_proof_plan(root)?;
+        let planned = agent_snapshot::merge_commands(
+            serde_json::to_value(&proof_plan.recommended_commands)?,
+            planner::planned_commands(
+                root,
+                &status.scope.in_scope_changed_paths,
+                Some(&status.proof),
+            ),
+        );
+        let (safe_to_run, _deferred) = planner::split_safe_commands(&planned);
+        for command in safe_to_run {
+            if let Some(check_id) = command.get("checkId").and_then(serde_json::Value::as_str) {
                 let step =
                     super::check_run::run_check_by_id(root, check_id, true, session.as_deref())?;
                 let failed = step
@@ -49,9 +56,33 @@ pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
     let status = task_status_report(root)?;
     let proof_plan = task_proof_plan(root)?;
     let transition = task_transition_readiness(root, "complete")?;
+    let planned = agent_snapshot::merge_commands(
+        serde_json::to_value(&proof_plan.recommended_commands)?,
+        planner::planned_commands(
+            root,
+            &status.scope.in_scope_changed_paths,
+            Some(&status.proof),
+        ),
+    );
+    let (safe_to_run, deferred) = planner::split_safe_commands(&planned);
+    let commit_ready = transition.allowed && status.agent_loop.can_commit;
+    let next_action = agent_snapshot::single_pass_next_action(
+        &status,
+        &proof_plan,
+        &transition,
+        &planned,
+        &safe_to_run,
+        &deferred,
+        commit_ready,
+        super::record::can_record_receipts(
+            root,
+            &proof_plan.proof_recording.checks_to_record,
+            &proof_plan.proof_recording.paths,
+        )?,
+    );
     let can_commit = json!({
         "schema": "naome.task.commit-readiness.v1",
-        "allowed": transition.allowed && status.agent_loop.can_commit,
+        "allowed": commit_ready,
         "commitPaths": status.scope.in_scope_changed_paths,
         "blockingFindings": transition.blocking_findings,
         "agentLoop": status.agent_loop
@@ -65,7 +96,7 @@ pub(super) fn task_loop(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
             "canTransition": transition,
             "canCommit": can_commit,
             "executedSteps": executed_steps,
-            "nextAction": status.next_action_v2,
+            "nextAction": next_action,
             "agentInstruction": if execute_safe { "Executed only safe check/proof steps; no edits, git recovery, commit, push, or PR actions were performed." } else { "Read-only loop report; execute only safe plans explicitly marked safe." }
         }),
         session.as_deref(),

package/crates/naome-cli/src/task_commands/planner/checks.rs

@@ -119,6 +119,9 @@ fn proof_reason(reasons: &BTreeSet<String>) -> &'static str {
 
 fn check_is_impacted(check: &VerificationCheck, path: &str) -> bool {
     let command = check.command.as_str();
+    if command == "git diff --check" {
+        return true;
+    }
     match impact_kind(path) {
         "changed_task_state" => {
             command.contains("check-task-state") || command.contains("test:task-state")
@@ -137,8 +140,7 @@ fn check_is_impacted(check: &VerificationCheck, path: &str) -> bool {
                 || command.contains("test:")
         }
         _ => {
-            command == "git diff --check"
-                || command.contains("quality check")
+            command.contains("quality check")
                 || command.contains("semantic check")
                 || command.contains("arch validate")
         }

package/crates/naome-cli/src/task_commands/preflight.rs

@@ -29,6 +29,11 @@ pub(super) fn preflight(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
     let recommended = planner::planned_commands(root, &normalized_paths, Some(&status.proof));
     let (safe, _deferred) = planner::split_safe_commands(&recommended);
     let blocked = !findings.is_empty() || !must_not_edit.is_empty();
+    let next_action_paths = if blocked {
+        must_not_edit.clone()
+    } else {
+        normalized_paths.clone()
+    };
     print_json_with_session(
         json!({
             "schema": "naome.task.preflight.v1",
@@ -40,8 +45,9 @@ pub(super) fn preflight(root: &Path, args: &[String]) -> Result<(), Box<dyn std:
             "findings": findings,
             "nextAction": {
                 "type": if blocked { "blocked" } else { "edit" },
-                "reason": if blocked { "Preflight is blocked until every requested path is explicit and editable." } else { "All requested paths are editable." },
-                "paths": must_not_edit,
+                "actionId": if blocked { "preflight.blocked" } else { "preflight.edit_allowed" },
+                "reasonCodes": if blocked { vec!["preflight-blocked"] } else { vec!["preflight-clean"] },
+                "paths": next_action_paths,
                 "commands": [],
                 "checkIds": [],
                 "safeToExecute": !blocked,

package/crates/naome-cli/src/task_commands/record.rs

@@ -98,6 +98,15 @@ pub(super) fn record_receipts_for_checks(
     Ok(true)
 }
 
+pub(super) fn can_record_receipts(
+    root: &Path,
+    check_ids: &[String],
+    paths: &[String],
+) -> Result<bool, Box<dyn std::error::Error>> {
+    let (can_record, _findings, receipts) = recordable_receipts(root, check_ids, paths)?;
+    Ok(can_record && !receipts.is_empty())
+}
+
 fn write_proof_batch(
     root: &Path,
     path_set_base: &str,

package/crates/naome-cli/src/task_commands/single_pass_action.rs

@@ -0,0 +1,215 @@
+use naome_core::{TaskProofPlanReport, TaskStatusReportV1, TransitionReadinessReport};
+use serde_json::{json, Value};
+
+use super::single_pass_action_fields::{
+    action, check_ids, impacted_paths, primary_finding_id, reason_codes,
+};
+
+pub(super) fn single_pass_next_action(
+    status: &TaskStatusReportV1,
+    proof_plan: &TaskProofPlanReport,
+    transition: &TransitionReadinessReport,
+    planned: &[Value],
+    safe_to_run: &[Value],
+    deferred: &[Value],
+    can_commit: bool,
+    can_record_proof: bool,
+) -> Value {
+    human_review_action(transition)
+        .or_else(|| git_recovery_action(status))
+        .or_else(|| scope_drift_action(status))
+        .or_else(|| record_action(proof_plan, can_record_proof))
+        .or_else(|| proof_action(status, safe_to_run, deferred))
+        .or_else(|| transition_blocker_action(transition))
+        .unwrap_or_else(|| {
+            if can_commit {
+                commit_action(status)
+            } else if status.state == "implementing" && status.agent_loop.can_continue_editing {
+                edit_action(status)
+            } else {
+                no_action(status, planned)
+            }
+        })
+}
+
+fn human_review_action(transition: &TransitionReadinessReport) -> Option<Value> {
+    transition
+        .blocking_findings
+        .iter()
+        .find(|finding| finding.id == "task.transition.human_review_required")
+        .map(|finding| {
+            blocking_action(
+                "human_review",
+                "human_review.required",
+                &["human-review-required"],
+                finding.path.iter().cloned().collect(),
+                &finding.id,
+            )
+        })
+}
+
+fn git_recovery_action(status: &TaskStatusReportV1) -> Option<Value> {
+    status
+        .findings
+        .iter()
+        .any(|finding| finding.id.starts_with("task.git."))
+        .then(|| {
+            action(
+                "recover_git_state",
+                "git.recover_state",
+                &["git-recovery-required"],
+                &[],
+                Vec::new(),
+                &[],
+                false,
+                true,
+                primary_finding_id(status, "task.git.").as_deref(),
+            )
+        })
+}
+
+fn scope_drift_action(status: &TaskStatusReportV1) -> Option<Value> {
+    (!status.scope.out_of_scope_changed_paths.is_empty()).then(|| {
+        action(
+            "repair_scope",
+            "scope.repair_drift",
+            &["scope-drift"],
+            &[],
+            status.scope.out_of_scope_changed_paths.clone(),
+            &[],
+            false,
+            true,
+            primary_finding_id(status, "task.scope.out_of_scope_change").as_deref(),
+        )
+    })
+}
+
+fn proof_action(status: &TaskStatusReportV1, safe: &[Value], deferred: &[Value]) -> Option<Value> {
+    (!status.proof.missing_checks.is_empty() || !status.proof.stale_checks.is_empty()).then(|| {
+        let commands = if safe.is_empty() { deferred } else { safe };
+        action(
+            "run_checks",
+            "proof.run_required_checks",
+            &reason_codes(commands, &status.proof),
+            commands,
+            impacted_paths(commands, &status.scope.in_scope_changed_paths),
+            &check_ids(commands, &status.proof),
+            !safe.is_empty(),
+            safe.is_empty(),
+            primary_finding_id(status, "task.proof.")
+                .or_else(|| primary_finding_id(status, "task.scope.missing_evidence"))
+                .as_deref(),
+        )
+    })
+}
+
+fn record_action(proof_plan: &TaskProofPlanReport, can_record_proof: bool) -> Option<Value> {
+    can_record_proof.then(|| {
+        action(
+            "record_proof",
+            "proof.record_from_receipts",
+            &["proof-recording-available"],
+            &[json!({
+                "command": "node .naome/bin/naome.js task record-proof --from-proof-plan --json",
+                "cwd": ".",
+                "safeToExecute": true
+            })],
+            proof_plan.proof_recording.paths.clone(),
+            &proof_plan.proof_recording.checks_to_record,
+            true,
+            false,
+            None,
+        )
+    })
+}
+
+fn transition_blocker_action(transition: &TransitionReadinessReport) -> Option<Value> {
+    transition
+        .blocking_findings
+        .iter()
+        .find(|finding| unhandled_transition_blocker(&finding.id))
+        .map(|finding| {
+            blocking_action(
+                "blocked",
+                "transition.blocked",
+                &["transition-blocked"],
+                finding.path.iter().cloned().collect(),
+                &finding.id,
+            )
+        })
+}
+
+fn blocking_action(
+    action_type: &str,
+    action_id: &str,
+    reason_codes: &[&str],
+    paths: Vec<String>,
+    finding_id: &str,
+) -> Value {
+    action(
+        action_type,
+        action_id,
+        reason_codes,
+        &[],
+        paths,
+        &[],
+        false,
+        true,
+        Some(finding_id),
+    )
+}
+
+fn unhandled_transition_blocker(id: &str) -> bool {
+    !(id == "task.transition.human_review_required"
+        || id.starts_with("task.git.")
+        || id.starts_with("task.proof.")
+        || id == "task.scope.out_of_scope_change"
+        || id == "task.scope.missing_evidence"
+        || id == "task.transition.stale_proof")
+}
+
+fn commit_action(status: &TaskStatusReportV1) -> Value {
+    action(
+        "commit_ready",
+        "commit.ready",
+        &["commit-ready"],
+        &[],
+        status.scope.in_scope_changed_paths.clone(),
+        &[],
+        false,
+        true,
+        None,
+    )
+}
+
+fn edit_action(status: &TaskStatusReportV1) -> Value {
+    action(
+        "edit",
+        "edit.required",
+        &["edit-required"],
+        &[json!({
+            "command": "node .naome/bin/naome.js task preflight --path <path> --json",
+            "cwd": ".",
+            "safeToExecute": false
+        })],
+        status.scope.allowed_paths.clone(),
+        &[],
+        false,
+        true,
+        None,
+    )
+}
+
+fn no_action(status: &TaskStatusReportV1, planned: &[Value]) -> Value {
+    action(
+        "none",
+        "task.no_action",
+        &["no-action"],
+        planned,
+        status.scope.in_scope_changed_paths.clone(),
+        &[],
+        false,
+        false,
+        None,
+    )
+}