@massu/core 0.6.3 → 0.8.0

package/src/hooks/rule-enforcement-pipeline.ts

@@ -0,0 +1,159 @@
+#!/usr/bin/env node
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+// ============================================================
+// PostToolUse Hook: Rule-to-Enforcement Pipeline
+// When a new prevention rule (feedback_*.md) is written,
+// automatically triggers the final step: enforcement placement.
+//
+// Part of the Auto-Learning Pipeline:
+//   Fix Detected → Incident Report → Rule Derived → [ENFORCEMENT]
+//
+// Triggers on: Write to memory/feedback_*.md (configurable)
+// Must complete in <500ms.
+// ============================================================
+
+import { existsSync, readFileSync, readdirSync } from 'fs';
+import { basename, resolve } from 'path';
+import { getProjectRoot, getConfig } from '../config.ts';
+
+interface HookInput {
+  session_id: string;
+  tool_name: string;
+  tool_input: { file_path?: string; content?: string };
+}
+
+async function main(): Promise<void> {
+  try {
+    const input = await readStdin();
+    const hookInput = JSON.parse(input) as HookInput;
+    const filePath = hookInput.tool_input?.file_path;
+
+    if (!filePath) {
+      process.exit(0);
+      return;
+    }
+
+    const config = getConfig();
+    if (config.autoLearning?.enabled === false) {
+      process.exit(0);
+      return;
+    }
+
+    const root = getProjectRoot();
+    const memoryDir = config.autoLearning?.memoryDir ?? 'memory';
+    const enforcementDir = config.autoLearning?.enforcementHooksDir ?? 'scripts/hooks';
+    // Only trigger on feedback rule files
+    const relPath = filePath.startsWith(root + '/') ? filePath.slice(root.length + 1) : filePath;
+    const fileName = basename(filePath);
+
+    // Match feedback_*.md in either relative or absolute memory paths
+    if (!fileName.startsWith('feedback_') || !fileName.endsWith('.md')) {
+      process.exit(0);
+      return;
+    }
+
+    // Must be in a memory-like directory
+    const claudeDir = config.conventions?.claudeDirName ?? '.claude';
+    if (!relPath.includes(memoryDir) && !relPath.includes('memory/') && !relPath.includes(claudeDir + '/')) {
+      process.exit(0);
+      return;
+    }
+
+    if (!existsSync(filePath)) {
+      process.exit(0);
+      return;
+    }
+
+    if (config.autoLearning?.pipeline?.requireEnforcement === false) {
+      process.exit(0);
+      return;
+    }
+
+    // Extract rule details from the file
+    const content = readFileSync(filePath, 'utf-8');
+    const nameMatch = content.match(/^name:\s*(.+)/m);
+    const descMatch = content.match(/^description:\s*(.+)/m);
+    const ruleName = nameMatch?.[1]?.trim() ?? fileName;
+    const ruleDesc = descMatch?.[1]?.trim() ?? '';
+
+    // Check if this rule already has enforcement in any hook file
+    const enforcementDirAbs = resolve(root, enforcementDir);
+    let hasEnforcement = false;
+    if (existsSync(enforcementDirAbs)) {
+      const hookFiles = readdirSync(enforcementDirAbs).filter(f => f.endsWith('.sh') || f.endsWith('.ts') || f.endsWith('.js'));
+      for (const hookFile of hookFiles) {
+        try {
+          const hookContent = readFileSync(resolve(enforcementDirAbs, hookFile), 'utf-8');
+          if (hookContent.includes(fileName)) {
+            hasEnforcement = true;
+            break;
+          }
+        } catch { /* ignore read errors */ }
+      }
+    }
+
+    if (hasEnforcement) {
+      // Already has enforcement — no action needed
+      process.exit(0);
+      return;
+    }
+
+    // Output enforcement placement instructions
+    const lines: string[] = [];
+    lines.push('');
+    lines.push('============================================================================');
+    lines.push(' AUTO-LEARNING: New Rule Created — Enforcement Placement Required');
+    lines.push('============================================================================');
+    lines.push('');
+    lines.push(`  Rule: ${ruleName}`);
+    lines.push(`  File: ${filePath}`);
+    if (ruleDesc) {
+      lines.push(`  Description: ${ruleDesc}`);
+    }
+    lines.push('');
+    lines.push('  This rule has NO automated enforcement yet. Add it now.');
+    lines.push('');
+    lines.push('  ANALYZE the rule and determine enforcement layer(s):');
+    lines.push('');
+    lines.push('  1. STATICALLY DETECTABLE? (grep/regex can find violations in code)');
+    lines.push(`     → Add check to: ${enforcementDir}/pattern-feedback hook`);
+    lines.push(`     → Also add to pre-commit hook if critical`);
+    lines.push('');
+    lines.push('  2. ABOUT EDITING CERTAIN FILES? (auth, infra, routers, etc.)');
+    lines.push(`     → Add warning to: ${enforcementDir}/blast-radius hook`);
+    lines.push('');
+    lines.push('  3. ABOUT DANGEROUS COMMANDS? (kill, rm, destructive ops)');
+    lines.push(`     → Add block to: ${enforcementDir}/dangerous-command hook`);
+    lines.push('');
+    lines.push('  4. NEEDS RUNTIME MONITORING? (can only be detected at runtime)');
+    lines.push('     → Create a monitoring/audit producer');
+    lines.push('');
+    lines.push('  5. AI-GUIDANCE ONLY? (philosophy, process, judgment calls)');
+    lines.push('     → Memory rule is sufficient (already created)');
+    lines.push('');
+    lines.push('  AFTER adding enforcement, test the hook to verify it detects violations.');
+    lines.push('');
+    lines.push('  This step is MANDATORY per the auto-learning pipeline.');
+    lines.push('============================================================================');
+    lines.push('');
+
+    console.log(lines.join('\n'));
+  } catch {
+    // Best-effort: never block Claude Code
+  }
+  process.exit(0);
+}
+
+function readStdin(): Promise<string> {
+  return new Promise((resolve) => {
+    let data = '';
+    process.stdin.setEncoding('utf-8');
+    process.stdin.on('data', (chunk: string) => { data += chunk; });
+    process.stdin.on('end', () => resolve(data));
+    setTimeout(() => resolve(data), 3000);
+  });
+}
+
+main();

package/src/hooks/session-start.ts

@@ -52,7 +52,7 @@ async function main(): Promise<void> {
         process.stdout.write(
           '=== MASSU AI: Active ===\n' +
           'Session memory, code intelligence, and governance are now active.\n' +
-          `11 hooks monitoring this session. Type "${getConfig().toolPrefix ?? 'massu'}_sync" to index your codebase.\n` +
+          `15 hooks monitoring this session. Type "${getConfig().toolPrefix ?? 'massu'}_sync" to index your codebase.\n` +
           '=== END MASSU ===\n\n'
         );
       }

package/src/hooks/user-prompt.ts

@@ -8,7 +8,9 @@
 // ============================================================
 
 import { getMemoryDb, createSession, addUserPrompt, linkSessionToTask, autoDetectTaskId, addObservation } from '../memory-db.ts';
-import { existsSync } from 'fs';
+import { existsSync, writeFileSync } from 'fs';
+import { tmpdir } from 'os';
+import { join } from 'path';
 import { getResolvedPaths } from '../config.ts';
 
 interface HookInput {
@@ -107,6 +109,24 @@ async function main(): Promise<void> {
       } catch (_memoryNagErr) {
         // Best-effort: never block prompt capture
       }
+
+      // 7. Failure context markers: write detected failure keywords to temp file
+      //    so classify-failure.ts can use them for scoring
+      try {
+        const failureKeywords = [
+          'bug', 'broken', 'crash', 'error', 'fail', 'fix', 'wrong', 'missing',
+          'undefined', 'null', 'exception', 'stack trace', 'regression', 'revert',
+          'doesn\'t work', 'not working', 'stopped working', 'broke',
+        ];
+        const promptLower = prompt.toLowerCase();
+        const matched = failureKeywords.filter(kw => promptLower.includes(kw));
+        if (matched.length > 0) {
+          const contextFile = join(tmpdir(), `massu-failure-context-${session_id.slice(0, 8)}-${Date.now()}`);
+          writeFileSync(contextFile, matched.join(' '), 'utf-8');
+        }
+      } catch {
+        // Best-effort: never block prompt capture
+      }
     } finally {
       db.close();
     }

package/src/license.ts

@@ -54,7 +54,7 @@ export function tierLevel(tier: ToolTier): number {
  * Enterprise: audit, security, dependency
  */
 export const TOOL_TIER_MAP: Record<string, ToolTier> = {
-  // --- Free tier (12 tools: core navigation + basic memory + regression + license) ---
+  // --- Free tier (13 tools: core navigation + basic memory + regression + license) ---
   sync: 'free',
   context: 'free',
   impact: 'free',
@@ -64,6 +64,7 @@ export const TOOL_TIER_MAP: Record<string, ToolTier> = {
   coupling_check: 'free',
   memory_search: 'free',
   memory_ingest: 'free',
+  memory_backfill: 'free',
   regression_risk: 'free',
   feature_health: 'free',
   license_status: 'free',

package/src/mcp-bridge-tools.ts

@@ -68,7 +68,7 @@ const ENV_DENY_PATTERNS = [
 function buildSubprocessEnv(): Record<string, string> {
   const env: Record<string, string> = {};
   // Derive safe env prefixes from the project name in massu.config.yaml.
-  // e.g., project name "hedge" -> allow HEDGE_CONFIG_, HEDGE_LOG_ etc.
+  // e.g., project name "myapp" -> allow MYAPP_CONFIG_, MYAPP_LOG_ etc.
   // This makes the bridge work for any Massu user's project without hardcoding.
   const projectName = getConfig().project?.name?.toUpperCase() || '';
   const safePrefixes = projectName

package/src/memory-db.ts

@@ -587,6 +587,29 @@ export function initMemorySchema(db: Database.Database): void {
       features TEXT DEFAULT '[]'
     );
   `);
+
+  // ============================================================
+  // Failure Classification: Taxonomy of known failure patterns
+  // ============================================================
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS failure_classes (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      name TEXT NOT NULL UNIQUE,
+      description TEXT NOT NULL,
+      diff_patterns TEXT NOT NULL DEFAULT '[]',
+      file_patterns TEXT NOT NULL DEFAULT '[]',
+      prompt_keywords TEXT NOT NULL DEFAULT '[]',
+      incidents TEXT NOT NULL DEFAULT '[]',
+      rules TEXT NOT NULL DEFAULT '[]',
+      scanner_checks TEXT NOT NULL DEFAULT '[]',
+      known_message TEXT NOT NULL DEFAULT '',
+      needs_review INTEGER NOT NULL DEFAULT 0,
+      created_at TEXT DEFAULT (datetime('now')),
+      updated_at TEXT DEFAULT (datetime('now'))
+    );
+    CREATE INDEX IF NOT EXISTS idx_fc_name ON failure_classes(name);
+    CREATE INDEX IF NOT EXISTS idx_fc_needs_review ON failure_classes(needs_review);
+  `);
 }
 
 // ============================================================
@@ -1387,3 +1410,181 @@ export function getObservabilityDbSize(db: Database.Database): {
     estimated_size_mb: Math.round((pageCount * pageSize) / (1024 * 1024) * 100) / 100,
   };
 }
+
+// ============================================================
+// Failure Classification: CRUD functions
+// ============================================================
+
+export interface FailureClass {
+  id: number;
+  name: string;
+  description: string;
+  diff_patterns: string[];
+  file_patterns: string[];
+  prompt_keywords: string[];
+  incidents: string[];
+  rules: string[];
+  scanner_checks: string[];
+  known_message: string;
+  needs_review: boolean;
+}
+
+export interface AddFailureClassOpts {
+  name: string;
+  description: string;
+  diffPatterns?: string[];
+  filePatterns?: string[];
+  promptKeywords?: string[];
+  incidents?: string[];
+  rules?: string[];
+  scannerChecks?: string[];
+  knownMessage?: string;
+  needsReview?: boolean;
+}
+
+/**
+ * Add a new failure class to the taxonomy.
+ */
+export function addFailureClass(db: Database.Database, opts: AddFailureClassOpts): number {
+  const result = db.prepare(`
+    INSERT OR IGNORE INTO failure_classes (name, description, diff_patterns, file_patterns, prompt_keywords, incidents, rules, scanner_checks, known_message, needs_review)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    opts.name,
+    opts.description,
+    JSON.stringify(opts.diffPatterns ?? []),
+    JSON.stringify(opts.filePatterns ?? []),
+    JSON.stringify(opts.promptKeywords ?? []),
+    JSON.stringify(opts.incidents ?? []),
+    JSON.stringify(opts.rules ?? []),
+    JSON.stringify(opts.scannerChecks ?? []),
+    opts.knownMessage ?? '',
+    opts.needsReview ? 1 : 0
+  );
+  return Number(result.lastInsertRowid);
+}
+
+/**
+ * Get all failure classes from the taxonomy.
+ */
+export function getFailureClasses(db: Database.Database): FailureClass[] {
+  const rows = db.prepare('SELECT * FROM failure_classes ORDER BY name').all() as Array<Record<string, unknown>>;
+  return rows.map(row => ({
+    id: row.id as number,
+    name: row.name as string,
+    description: row.description as string,
+    diff_patterns: JSON.parse((row.diff_patterns as string) || '[]'),
+    file_patterns: JSON.parse((row.file_patterns as string) || '[]'),
+    prompt_keywords: JSON.parse((row.prompt_keywords as string) || '[]'),
+    incidents: JSON.parse((row.incidents as string) || '[]'),
+    rules: JSON.parse((row.rules as string) || '[]'),
+    scanner_checks: JSON.parse((row.scanner_checks as string) || '[]'),
+    known_message: row.known_message as string,
+    needs_review: !!(row.needs_review as number),
+  }));
+}
+
+/**
+ * Append an incident identifier to an existing failure class.
+ */
+export function appendIncidentToFailureClass(db: Database.Database, className: string, incidentId: string): void {
+  const row = db.prepare('SELECT incidents FROM failure_classes WHERE name = ?').get(className) as { incidents: string } | undefined;
+  if (!row) return;
+  const incidents: string[] = JSON.parse(row.incidents || '[]');
+  if (!incidents.includes(incidentId)) {
+    incidents.push(incidentId);
+    db.prepare('UPDATE failure_classes SET incidents = ?, updated_at = datetime(\'now\') WHERE name = ?')
+      .run(JSON.stringify(incidents), className);
+  }
+}
+
+export interface FailureClassMatch {
+  name: string;
+  score: number;
+  incidentCount: number;
+  rules: string[];
+  knownMessage: string;
+}
+
+/**
+ * Score all failure classes against provided match text, file path, and prompt context.
+ * Returns the best match with its score.
+ *
+ * Scoring:
+ *   +diffPatternWeight (default 3) per diff_pattern match
+ *   +filePatternWeight (default 2) per file_pattern match
+ *   +promptKeywordWeight (default 2) per prompt_keyword match
+ */
+export function scoreFailureClasses(
+  db: Database.Database,
+  matchText: string,
+  filePath: string,
+  promptContext: string,
+  weights?: { diffPatternWeight?: number; filePatternWeight?: number; promptKeywordWeight?: number }
+): FailureClassMatch | null {
+  const classes = getFailureClasses(db);
+  if (classes.length === 0) return null;
+
+  const diffWeight = weights?.diffPatternWeight ?? 3;
+  const fileWeight = weights?.filePatternWeight ?? 2;
+  const promptWeight = weights?.promptKeywordWeight ?? 2;
+
+  let bestMatch: FailureClassMatch | null = null;
+
+  for (const fc of classes) {
+    let score = 0;
+
+    for (const pattern of fc.diff_patterns) {
+      if (!pattern) continue;
+      try {
+        if (new RegExp(pattern, 'i').test(matchText)) {
+          score += diffWeight;
+        }
+      } catch {
+        if (matchText.toLowerCase().includes(pattern.toLowerCase())) {
+          score += diffWeight;
+        }
+      }
+    }
+
+    for (const pattern of fc.file_patterns) {
+      if (!pattern) continue;
+      try {
+        if (new RegExp(pattern).test(filePath)) {
+          score += fileWeight;
+        }
+      } catch {
+        if (filePath.includes(pattern)) {
+          score += fileWeight;
+        }
+      }
+    }
+
+    if (promptContext) {
+      for (const keyword of fc.prompt_keywords) {
+        if (!keyword) continue;
+        try {
+          if (new RegExp(keyword, 'i').test(promptContext)) {
+            score += promptWeight;
+          }
+        } catch {
+          if (promptContext.toLowerCase().includes(keyword.toLowerCase())) {
+            score += promptWeight;
+          }
+        }
+      }
+    }
+
+    if (!bestMatch || score > bestMatch.score) {
+      bestMatch = {
+        name: fc.name,
+        score,
+        incidentCount: fc.incidents.length,
+        rules: fc.rules,
+        knownMessage: fc.known_message,
+      };
+    }
+  }
+
+  return bestMatch;
+}