@massu/core 0.9.2 → 1.1.0

package/dist/hooks/user-prompt.js

@@ -21,7 +21,8 @@ var DomainConfigSchema = z.object({
 });
 var PatternRuleConfigSchema = z.object({
   pattern: z.string().default("**"),
-  rules: z.array(z.string()).default([])
+  rules: z.array(z.string()).default([]),
+  language: z.string().optional()
 });
 var CostModelSchema = z.object({
   input_per_million: z.number(),
@@ -233,17 +234,59 @@ var PathsConfigSchema = z.object({
   components: z.string().optional(),
   hooks: z.string().optional()
 });
+var LanguageFrameworkEntrySchema = z.object({
+  framework: z.string().optional(),
+  test_framework: z.string().optional(),
+  test: z.string().optional(),
+  runtime: z.string().optional(),
+  orm: z.string().optional(),
+  router: z.string().optional(),
+  ui: z.string().optional()
+}).passthrough();
+var FrameworkConfigSchema = z.object({
+  type: z.string().default("typescript"),
+  primary: z.string().optional(),
+  router: z.string().default("none"),
+  orm: z.string().default("none"),
+  ui: z.string().default("none"),
+  languages: z.record(z.string(), LanguageFrameworkEntrySchema).optional()
+}).passthrough();
+var VerificationEntrySchema = z.object({
+  type: z.string().optional(),
+  test: z.string().optional(),
+  syntax: z.string().optional(),
+  lint: z.string().optional(),
+  build: z.string().optional()
+}).passthrough();
+var VerificationConfigSchema = z.record(z.string(), VerificationEntrySchema).optional();
+var CanonicalPathsSchema = z.record(z.string(), z.string()).optional();
+var VerificationTypesSchema = z.record(z.string(), z.string()).optional();
+var DetectionRuleEntrySchema = z.object({
+  signals: z.array(z.string()).default([]),
+  priority: z.number().optional()
+}).passthrough();
+var DetectionConfigSchema = z.object({
+  rules: z.record(
+    z.string(),
+    // language
+    z.record(z.string(), DetectionRuleEntrySchema)
+    // framework -> rule entry
+  ).optional(),
+  signal_weights: z.record(z.string(), z.number()).optional(),
+  disable_builtin: z.boolean().optional()
+}).passthrough().optional();
 var RawConfigSchema = z.object({
+  schema_version: z.union([z.literal(1), z.literal(2)]).default(1),
   project: z.object({
     name: z.string().default("my-project"),
     root: z.string().default("auto")
   }).default({ name: "my-project", root: "auto" }),
-  framework: z.object({
-    type: z.string().default("typescript"),
-    router: z.string().default("none"),
-    orm: z.string().default("none"),
-    ui: z.string().default("none")
-  }).default({ type: "typescript", router: "none", orm: "none", ui: "none" }),
+  framework: FrameworkConfigSchema.default({
+    type: "typescript",
+    router: "none",
+    orm: "none",
+    ui: "none"
+  }),
   paths: PathsConfigSchema.default({ source: "src", aliases: { "@": "src" } }),
   toolPrefix: z.string().default("massu"),
   dbAccessPattern: z.string().optional(),
@@ -258,8 +301,13 @@ var RawConfigSchema = z.object({
   regression: RegressionConfigSchema,
   cloud: CloudConfigSchema,
   conventions: ConventionsConfigSchema,
+  autoLearning: AutoLearningConfigSchema,
   python: PythonConfigSchema,
-  autoLearning: AutoLearningConfigSchema
+  // P2-004 / P2-005 / P2-006 / P2-008: v2 extensions (all optional)
+  verification: VerificationConfigSchema,
+  canonical_paths: CanonicalPathsSchema,
+  verification_types: VerificationTypesSchema,
+  detection: DetectionConfigSchema
 }).passthrough();
 var _config = null;
 var _projectRoot = null;
@@ -303,14 +351,47 @@ function getConfig() {
     const content = readFileSync(configPath, "utf-8");
     rawYaml = parseYaml(content) ?? {};
   }
-  const parsed = RawConfigSchema.parse(rawYaml);
+  const result = RawConfigSchema.safeParse(rawYaml);
+  if (!result.success) {
+    const issues = result.error.issues.map((i) => {
+      const path = i.path.length > 0 ? i.path.join(".") : "(root)";
+      const received = "received" in i && i.received !== void 0 ? ` (received ${JSON.stringify(i.received)})` : "";
+      return `  - ${path}: ${i.message}${received}`;
+    }).join("\n");
+    throw new Error(
+      `Invalid massu.config.yaml at ${configPath}:
+${issues}
+Hint: run \`massu config refresh\` to regenerate a valid config or fix the listed fields manually.`
+    );
+  }
+  const parsed = result.data;
   const projectRoot = parsed.project.root === "auto" || !parsed.project.root ? root : resolve(root, parsed.project.root);
+  const fw = parsed.framework;
+  let router = fw.router;
+  let orm = fw.orm;
+  let ui = fw.ui;
+  if (fw.type === "multi" && fw.primary && fw.languages) {
+    const primaryEntry = fw.languages[fw.primary];
+    if (primaryEntry) {
+      if (router === "none" && primaryEntry.router) router = primaryEntry.router;
+      if (orm === "none" && primaryEntry.orm) orm = primaryEntry.orm;
+      if (ui === "none" && primaryEntry.ui) ui = primaryEntry.ui;
+    }
+  }
   _config = {
+    schema_version: parsed.schema_version,
     project: {
       name: parsed.project.name,
       root: projectRoot
     },
-    framework: parsed.framework,
+    framework: {
+      type: fw.type,
+      router,
+      orm,
+      ui,
+      primary: fw.primary,
+      languages: fw.languages
+    },
     paths: parsed.paths,
     toolPrefix: parsed.toolPrefix,
     dbAccessPattern: parsed.dbAccessPattern,
@@ -325,7 +406,12 @@ function getConfig() {
     regression: parsed.regression,
     cloud: parsed.cloud,
     conventions: parsed.conventions,
-    python: parsed.python
+    autoLearning: parsed.autoLearning,
+    python: parsed.python,
+    verification: parsed.verification,
+    canonical_paths: parsed.canonical_paths,
+    verification_types: parsed.verification_types,
+    detection: parsed.detection
   };
   if (!_config.cloud?.apiKey && process.env.MASSU_API_KEY) {
     _config.cloud = {
@@ -952,9 +1038,7 @@ function linkSessionToTask(db, sessionId, taskId) {
 }
 
 // src/hooks/user-prompt.ts
-import { existsSync as existsSync3, writeFileSync } from "fs";
-import { tmpdir } from "os";
-import { join } from "path";
+import { existsSync as existsSync3 } from "fs";
 async function main() {
   try {
     const input = await readStdin();
@@ -1027,35 +1111,6 @@ async function main() {
         }
       } catch (_memoryNagErr) {
       }
-      try {
-        const failureKeywords = [
-          "bug",
-          "broken",
-          "crash",
-          "error",
-          "fail",
-          "fix",
-          "wrong",
-          "missing",
-          "undefined",
-          "null",
-          "exception",
-          "stack trace",
-          "regression",
-          "revert",
-          "doesn't work",
-          "not working",
-          "stopped working",
-          "broke"
-        ];
-        const promptLower = prompt.toLowerCase();
-        const matched = failureKeywords.filter((kw) => promptLower.includes(kw));
-        if (matched.length > 0) {
-          const contextFile = join(tmpdir(), `massu-failure-context-${session_id.slice(0, 8)}-${Date.now()}`);
-          writeFileSync(contextFile, matched.join(" "), "utf-8");
-        }
-      } catch {
-      }
     } finally {
       db.close();
     }

package/package.json

@@ -1,8 +1,8 @@
 {
   "name": "@massu/core",
-  "version": "0.9.2",
+  "version": "1.1.0",
   "type": "module",
-  "description": "AI Engineering Governance MCP Server - Session memory, knowledge system, feature registry, code intelligence, rule enforcement, auto-learning pipeline, tiered tooling (12 free / 72 total), 55+ workflow commands, 15 agents, 20+ patterns",
+  "description": "AI Engineering Governance MCP Server - Session memory, knowledge system, feature registry, code intelligence, rule enforcement, tiered tooling (12 free / 72 total), 55+ workflow commands, 11 agents, 20+ patterns",
   "main": "src/server.ts",
   "bin": {
     "massu": "./dist/cli.js"
@@ -16,7 +16,10 @@
     "prepublishOnly": "bash ../../scripts/prepublish-check.sh && npm run build"
   },
   "dependencies": {
+    "@clack/prompts": "^0.9.1",
     "better-sqlite3": "^12.6.2",
+    "fast-glob": "^3.3.0",
+    "smol-toml": "^1.3.0",
     "yaml": "^2.4.0",
     "zod": "^3.23.0"
   },
@@ -29,13 +32,20 @@
   },
   "files": [
     "src/**/*",
-    "!src/__tests__/**",
+    "!src/**/__tests__/**",
+    "!src/**/*.test.ts",
+    "!src/**/*.spec.ts",
+    "!**/.build/**",
+    "!**/.swiftpm/**",
+    "!**/node_modules/**",
+    "!**/__pycache__/**",
     "dist/**/*",
     "commands/**/*",
     "agents/**/*",
     "patterns/**/*",
     "protocols/**/*",
     "reference/**/*",
+    "templates/**/*",
     "LICENSE"
   ],
   "keywords": [

package/reference/hook-execution-order.md

@@ -52,9 +52,9 @@ Security blocking -> advisory warnings -> matcher-specific -> observability.
 
 ---
 
-## PostToolUse (14 hooks)
+## PostToolUse (11 hooks)
 
-Security scan -> immediate feedback -> context tracking -> fix detection -> incident capture -> pipeline triggers -> memory sync -> observability.
+Security scan -> immediate feedback -> context tracking -> incident capture -> memory sync -> observability.
 
 | position: 1 | CI monitor | standard | Bash(git push) -- immediate push feedback |
 |---|---|---|---|
@@ -62,23 +62,17 @@ Security scan -> immediate feedback -> context tracking -> fix detection -> inci
 | position: 3 | `pattern-feedback.sh` | standard | Edit\|Write -- immediate pattern violation feedback |
 | position: 4 | `post-edit-context.js` | strict | Edit\|Write -- detailed semantic analysis |
 | position: 5 | `post-tool-use.js` | standard | Edit\|Write\|Bash -- structured context tracking |
-| position: 6 | `fix-detector.js` | standard | Edit\|Write -- detect bug fixes via git diff heuristics |
-| position: 7 | `auto-ingest-incident.sh` | strict | Edit\|Write -- auto-capture incident patterns |
-| position: 8 | `incident-pipeline.js` | standard | Write -- trigger rule derivation on incident report writes |
-| position: 9 | `rule-enforcement-pipeline.js` | standard | Write -- trigger enforcement on prevention rule writes |
-| position: 10 | `memory-auto-ingest.sh` | standard | Write -- auto-sync memory files to codegraph SQLite DB |
-| position: 11 | `validate-deliverables.sh` | strict | Bash\|Edit\|Write -- deliverable validation |
-| position: 12 | `pattern-scanner.sh --single-file` | strict | Edit\|Write -- per-file pattern scan |
-| position: 13 | `mcp-usage-tracker.sh` | strict | MCP tools -- append-only MCP audit log |
-| position: 14 | `compaction-advisor.sh` | standard | Bash\|Edit\|Write\|Read\|Grep\|Glob -- context tracking, widest matcher |
+| position: 6 | `auto-ingest-incident.sh` | strict | Edit\|Write -- auto-capture incident patterns |
+| position: 7 | `memory-auto-ingest.sh` | standard | Write -- auto-sync memory files to codegraph SQLite DB |
+| position: 8 | `validate-deliverables.sh` | strict | Bash\|Edit\|Write -- deliverable validation |
+| position: 9 | `pattern-scanner.sh --single-file` | strict | Edit\|Write -- per-file pattern scan |
+| position: 10 | `mcp-usage-tracker.sh` | strict | MCP tools -- append-only MCP audit log |
+| position: 11 | `compaction-advisor.sh` | standard | Bash\|Edit\|Write\|Read\|Grep\|Glob -- context tracking, widest matcher |
 
 **Dependencies**:
 - `output-secret-filter.sh` MUST run before any feedback hooks -- security first
 - `pattern-feedback.sh` before `post-tool-use.js` -- immediate feedback before tracking
-- `fix-detector.js` after `post-tool-use.js` -- needs structured tracking context
-- `incident-pipeline.js` after `auto-ingest-incident.sh` -- incident must be captured first
-- `rule-enforcement-pipeline.js` after `incident-pipeline.js` -- rule derivation before enforcement
-- `memory-auto-ingest.sh` runs after pipeline hooks -- memory sync is data-writing, before validation
+- `memory-auto-ingest.sh` runs after incident capture -- memory sync is data-writing, before validation
 - `compaction-advisor.sh` MUST be last -- widest matcher, just counts tool calls
 
 ---
@@ -111,23 +105,21 @@ Quick state capture -> full DB snapshot.
 
 ---
 
-## Stop (8 hooks)
+## Stop (7 hooks)
 
-Session summary -> auto-learning check -> warnings -> memory extraction -> review -> validation.
+Session summary -> warnings -> memory extraction -> review -> validation.
 
 | position: 1 | `session-end.js` | standard | Write session summary to memory DB |
 |---|---|---|---|
-| position: 2 | `auto-learning-pipeline.js` | standard | Enforce fix→incident→rule→enforcement pipeline completion |
-| position: 3 | Uncommitted changes warning | standard (inline) | Alert user about unstaged work |
-| position: 4 | `memory-auto-extract.sh` | standard | Auto-extract memories from DB observations |
-| position: 5 | `auto-review-on-stop.sh` | strict | Automated code review of session changes |
-| position: 6 | `surface-review-findings.sh` | strict | Display review findings to user |
-| position: 7 | `validate-deliverables.sh` | strict | Final deliverable validation |
-| position: 8 | `pattern-extractor.sh` | advisory | Extract new patterns from session |
+| position: 2 | Uncommitted changes warning | standard (inline) | Alert user about unstaged work |
+| position: 3 | `memory-auto-extract.sh` | standard | Auto-extract memories from DB observations |
+| position: 4 | `auto-review-on-stop.sh` | strict | Automated code review of session changes |
+| position: 5 | `surface-review-findings.sh` | strict | Display review findings to user |
+| position: 6 | `validate-deliverables.sh` | strict | Final deliverable validation |
+| position: 7 | `pattern-extractor.sh` | advisory | Extract new patterns from session |
 
 **Dependencies**:
 - `session-end.js` MUST be position 1 -- writes DB data that `memory-auto-extract.sh` reads
-- `auto-learning-pipeline.js` MUST run early -- needs to output mandatory instructions before session ends
 - `memory-auto-extract.sh` MUST come after `session-end.js` -- depends on DB observations
 - `surface-review-findings.sh` MUST come after `auto-review-on-stop.sh` -- displays its output
 - `pattern-extractor.sh` runs last -- advisory tier (skipped in minimal/standard profiles)

package/src/cli.ts

@@ -52,6 +52,10 @@ async function main(): Promise<void> {
       await runValidateConfig();
       break;
     }
+    case 'config': {
+      await handleConfigSubcommand(args.slice(1));
+      break;
+    }
     case '--help':
     case '-h': {
       printHelp();
@@ -70,6 +74,56 @@ async function main(): Promise<void> {
   }
 }
 
+async function handleConfigSubcommand(configArgs: string[]): Promise<void> {
+  const sub = configArgs[0];
+  const flags = new Set(configArgs.slice(1));
+  switch (sub) {
+    case 'refresh': {
+      const { runConfigRefresh } = await import('./commands/config-refresh.ts');
+      const result = await runConfigRefresh({ dryRun: flags.has('--dry-run') });
+      process.exit(result.exitCode);
+      return;
+    }
+    case 'validate': {
+      const { runValidateConfig } = await import('./commands/doctor.ts');
+      await runValidateConfig();
+      return;
+    }
+    case 'upgrade': {
+      const { runConfigUpgrade } = await import('./commands/config-upgrade.ts');
+      const result = await runConfigUpgrade({
+        rollback: flags.has('--rollback'),
+        ci: flags.has('--ci') || flags.has('--yes'),
+      });
+      process.exit(result.exitCode);
+      return;
+    }
+    case 'doctor': {
+      const { runDoctor } = await import('./commands/doctor.ts');
+      await runDoctor();
+      return;
+    }
+    case 'check-drift': {
+      const { runConfigCheckDrift } = await import('./commands/config-check-drift.ts');
+      const result = await runConfigCheckDrift({ verbose: flags.has('--verbose') });
+      process.exit(result.exitCode);
+      return;
+    }
+    case '--help':
+    case '-h':
+    case undefined: {
+      printConfigHelp();
+      return;
+    }
+    default: {
+      process.stderr.write(`massu: unknown config subcommand: ${sub}\n`);
+      printConfigHelp();
+      process.exit(1);
+      return;
+    }
+  }
+}
+
 function printHelp(): void {
   console.log(`
 Massu AI - Engineering Governance Platform
@@ -82,19 +136,44 @@ Commands:
   doctor            Check installation health
   install-hooks     Install/update Claude Code hooks
   install-commands  Install/update slash commands
-  validate-config   Validate massu.config.yaml
+  validate-config   Validate massu.config.yaml (alias: config validate)
+  config <sub>      Config lifecycle: refresh | validate | upgrade | doctor | check-drift
 
 Options:
   --help, -h        Show this help message
   --version, -v     Show version
 
 Getting started:
-  npx massu init    # Full setup in one command
+  npx massu init              # Full setup in one command
+  npx massu init --help       # Show all init options (--ci, --force, --template)
+  npx massu config --help     # Show config subcommands
 
 Documentation: https://massu.ai/docs
 `);
 }
 
+function printConfigHelp(): void {
+  console.log(`
+massu config <subcommand>
+
+Subcommands:
+  refresh       Re-run detection and apply changes to massu.config.yaml.
+                  --dry-run    Print diff and exit without writing.
+  validate      Validate massu.config.yaml (alias of \`massu validate-config\`).
+  upgrade       Migrate a v1 config to schema_version=2.
+                  --rollback   Restore from .bak file.
+                  --ci, --yes  Non-interactive mode (no prompts).
+  doctor        Run the full health check (alias of \`massu doctor\`).
+  check-drift   CI-safe drift gate; exits 1 on drift.
+                  --verbose    Print detailed changes to stdout.
+
+Examples:
+  npx massu config refresh --dry-run
+  npx massu config upgrade --ci
+  npx massu config check-drift --verbose
+`);
+}
+
 function printVersion(): void {
   try {
     const pkg = JSON.parse(readFileSync(resolve(__dirname, '../package.json'), 'utf-8'));

package/src/commands/config-check-drift.ts

@@ -0,0 +1,132 @@
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+/**
+ * `massu config check-drift` — CI-safe drift gate.
+ *
+ * Reads massu.config.yaml, runs detection, and compares the result with both
+ * the stored fingerprint (if present) and the structural detectDrift() check.
+ *
+ * Flags:
+ *   --verbose   Emit the full changes[] to stdout (field: before -> after).
+ *
+ * Exit codes:
+ *   0  no drift
+ *   1  drift detected
+ *   2  config missing or unparseable
+ */
+
+import { existsSync, readFileSync } from 'fs';
+import { resolve } from 'path';
+import { parse as parseYaml } from 'yaml';
+import { runDetection } from '../detect/index.ts';
+import { computeFingerprint, detectDrift, type DriftChange } from '../detect/drift.ts';
+import type { AnyConfig } from '../detect/migrate.ts';
+
+export interface ConfigCheckDriftOptions {
+  verbose?: boolean;
+  cwd?: string;
+  silent?: boolean;
+}
+
+export interface ConfigCheckDriftResult {
+  exitCode: 0 | 1 | 2;
+  drifted: boolean;
+  changes: DriftChange[];
+  storedFingerprint: string | null;
+  currentFingerprint: string | null;
+  message?: string;
+}
+
+function renderChanges(changes: DriftChange[]): string {
+  if (changes.length === 0) return '(none)\n';
+  return changes
+    .map((c) => `  ${c.field}: ${JSON.stringify(c.before)} -> ${JSON.stringify(c.after)}`)
+    .join('\n') + '\n';
+}
+
+export async function runConfigCheckDrift(
+  opts: ConfigCheckDriftOptions = {}
+): Promise<ConfigCheckDriftResult> {
+  const cwd = opts.cwd ?? process.cwd();
+  const configPath = resolve(cwd, 'massu.config.yaml');
+  const log = opts.silent ? () => {} : (s: string) => process.stdout.write(s);
+  const err = opts.silent ? () => {} : (s: string) => process.stderr.write(s);
+
+  if (!existsSync(configPath)) {
+    const message = 'massu.config.yaml not found. Run: npx massu init';
+    err(message + '\n');
+    return {
+      exitCode: 2,
+      drifted: false,
+      changes: [],
+      storedFingerprint: null,
+      currentFingerprint: null,
+      message,
+    };
+  }
+
+  let config: AnyConfig;
+  try {
+    const content = readFileSync(configPath, 'utf-8');
+    const parsed = parseYaml(content);
+    if (!parsed || typeof parsed !== 'object') {
+      throw new Error('config is not a YAML object');
+    }
+    config = parsed as AnyConfig;
+  } catch (e) {
+    const message = `Failed to parse massu.config.yaml: ${e instanceof Error ? e.message : String(e)}`;
+    err(message + '\n');
+    return {
+      exitCode: 2,
+      drifted: false,
+      changes: [],
+      storedFingerprint: null,
+      currentFingerprint: null,
+      message,
+    };
+  }
+
+  const detection = await runDetection(cwd);
+  const currentFp = computeFingerprint(detection);
+  const storedFp =
+    typeof (config.detection as Record<string, unknown> | undefined)?.fingerprint === 'string'
+      ? ((config.detection as Record<string, unknown>).fingerprint as string)
+      : null;
+
+  const report = detectDrift(config, detection);
+  const fingerprintDrift = storedFp !== null && storedFp !== currentFp;
+  const drifted = report.drifted || fingerprintDrift;
+
+  if (!drifted) {
+    log('No drift detected.\n');
+    if (opts.verbose) {
+      log(`Fingerprint: ${currentFp}\n`);
+    }
+    return {
+      exitCode: 0,
+      drifted: false,
+      changes: report.changes,
+      storedFingerprint: storedFp,
+      currentFingerprint: currentFp,
+    };
+  }
+
+  err('Config drift detected; run `npx massu config refresh` to update.\n');
+  if (opts.verbose) {
+    if (storedFp !== null) {
+      log(`Fingerprint: ${storedFp.slice(0, 16)} -> ${currentFp.slice(0, 16)}\n`);
+    } else {
+      log(`Fingerprint (new): ${currentFp.slice(0, 16)}\n`);
+    }
+    log('Changes:\n');
+    log(renderChanges(report.changes));
+  }
+  return {
+    exitCode: 1,
+    drifted: true,
+    changes: report.changes,
+    storedFingerprint: storedFp,
+    currentFingerprint: currentFp,
+  };
+}