@massu/core 1.4.0 → 1.5.1

package/src/detect/package-detector.ts

@@ -47,7 +47,9 @@ export type SupportedLanguage =
   | 'swift'
   | 'go'
   | 'java'
-  | 'ruby';
+  | 'ruby'
+  | 'elixir'
+  | 'csharp';
 
 export interface PackageManifest {
   /** Absolute path to the manifest file. */
@@ -81,7 +83,9 @@ export interface PackageManifest {
     | 'go.mod'
     | 'pom.xml'
     | 'build.gradle'
-    | 'Gemfile';
+    | 'Gemfile'
+    | 'mix.exs'
+    | '*.csproj';
 }
 
 export interface DetectionWarning {
@@ -118,19 +122,10 @@ const IGNORED_DIRS = new Set([
   'Pods',
 ]);
 
-const MANIFEST_FILES = [
-  'package.json',
-  'pyproject.toml',
-  'requirements.txt',
-  'Pipfile',
-  'Cargo.toml',
-  'Package.swift',
-  'go.mod',
-  'pom.xml',
-  'build.gradle',
-  'build.gradle.kts',
-  'Gemfile',
-];
+// MANIFEST_FILES removed Plan 1.5.1. The canonical list lives at
+// `manifest-registry.ts:getManifestPatterns()`. `detectManifestsInDir`
+// (below) iterates the registry directly so adding a new manifest type
+// requires only a single registry entry — no second list to keep in sync.
 
 function safeRead(path: string): string | null {
   try {
@@ -153,7 +148,7 @@ function normalizeRelative(root: string, path: string): string {
   return rel.split(/[/\\]/).join('/');
 }
 
-function parsePackageJson(
+export function parsePackageJson(
   path: string,
   directory: string,
   root: string,
@@ -204,7 +199,7 @@ function parsePackageJson(
   };
 }
 
-function parsePyproject(
+export function parsePyproject(
   path: string,
   directory: string,
   root: string,
@@ -323,7 +318,7 @@ function normalizePyDep(spec: string): string {
   return name.trim();
 }
 
-function parseRequirementsTxt(
+export function parseRequirementsTxt(
   path: string,
   directory: string,
   root: string,
@@ -355,7 +350,7 @@ function parseRequirementsTxt(
   };
 }
 
-function parsePipfile(
+export function parsePipfile(
   path: string,
   directory: string,
   root: string,
@@ -392,7 +387,7 @@ function parsePipfile(
   };
 }
 
-function parseCargoToml(
+export function parseCargoToml(
   path: string,
   directory: string,
   root: string,
@@ -430,7 +425,7 @@ function parseCargoToml(
   };
 }
 
-function parsePackageSwift(
+export function parsePackageSwift(
   path: string,
   directory: string,
   root: string,
@@ -472,7 +467,7 @@ function parsePackageSwift(
   };
 }
 
-function parseGoMod(
+export function parseGoMod(
   path: string,
   directory: string,
   root: string,
@@ -523,7 +518,7 @@ function parseGoMod(
   };
 }
 
-function parsePomXml(
+export function parsePomXml(
   path: string,
   directory: string,
   root: string,
@@ -554,7 +549,7 @@ function parsePomXml(
   };
 }
 
-function parseBuildGradle(
+export function parseBuildGradle(
   path: string,
   directory: string,
   root: string,
@@ -591,7 +586,7 @@ function parseBuildGradle(
   };
 }
 
-function parseGemfile(
+export function parseGemfile(
   path: string,
   directory: string,
   root: string,
@@ -628,54 +623,159 @@ function parseGemfile(
   };
 }
 
+/**
+ * Parse a `mix.exs` (Elixir / Mix) file. Plan 1.5.1 — closes CR-39
+ * gap where Phoenix projects failed `npx massu init` with "no languages
+ * detected" because the package-detector layer didn't recognize the
+ * manifest. The AST adapter at `detect/adapters/phoenix.ts` was already
+ * shipped in 1.5.0 and works correctly when given a SourceFile[] directly.
+ *
+ * mix.exs is Elixir source (not a declarative format), but for detection
+ * purposes we extract `{:dep, "~> X.Y"}` style declarations via a regex
+ * scan. False-positive risk is low (any `{:atom, ...}` pattern that's
+ * NOT a dep is rare in mix.exs files outside the deps function).
+ */
+export function parseMixExs(
+  path: string,
+  directory: string,
+  root: string,
+  _warnings: DetectionWarning[],
+): PackageManifest | null {
+  const raw = safeRead(path);
+  if (raw === null) return null;
+  const deps: string[] = [];
+  // Match `{:dep_name, ...}` — atom name as first tuple element.
+  const depPattern = /\{\s*:([a-z][a-z0-9_]*)\s*,/g;
+  let m: RegExpExecArray | null;
+  while ((m = depPattern.exec(raw)) !== null) {
+    if (!deps.includes(m[1])) deps.push(m[1]);
+  }
+  // Best-effort `app: :name` extraction (the `def project` block usually
+  // declares this).
+  const appMatch = /\bapp\s*:\s*:([a-z][a-z0-9_]*)/.exec(raw);
+  const name = appMatch ? appMatch[1] : null;
+  return {
+    path,
+    relativePath: normalizeRelative(root, path),
+    directory,
+    language: 'elixir',
+    runtime: 'beam',
+    name,
+    version: null,
+    dependencies: deps,
+    devDependencies: [],
+    scripts: [],
+    manifestType: 'mix.exs',
+  };
+}
+
+/**
+ * Parse a `*.csproj` (C# / .NET project) file. Plan 1.5.1 — closes CR-39
+ * gap where ASP.NET projects failed `npx massu init`. The AST adapter at
+ * `detect/adapters/aspnet.ts` was already shipped in 1.5.0 and works
+ * correctly.
+ *
+ * .csproj is XML; we use a lightweight regex scan rather than pulling
+ * an XML parser because the only fields we need are `<PackageReference
+ * Include="X" />` (deps) and the `Sdk="..."` attribute (framework hint).
+ * Full XML parsing would be over-engineered for this surface and risks
+ * adding a dependency for marginal gain.
+ */
+export function parseCsproj(
+  path: string,
+  directory: string,
+  root: string,
+  _warnings: DetectionWarning[],
+): PackageManifest | null {
+  const raw = safeRead(path);
+  if (raw === null) return null;
+  const deps: string[] = [];
+  // Match `<PackageReference Include="Foo.Bar" ... />` (Include attribute
+  // value is the package id; the Version attribute is captured but we
+  // discard it since runtime/build distinction isn't expressed via
+  // this schema).
+  const pkgRefPattern = /<PackageReference\s+[^>]*Include\s*=\s*"([^"]+)"/gi;
+  let m: RegExpExecArray | null;
+  while ((m = pkgRefPattern.exec(raw)) !== null) {
+    if (!deps.includes(m[1])) deps.push(m[1]);
+  }
+  // The `<Project Sdk="Microsoft.NET.Sdk.Web">` attribute is a strong
+  // ASP.NET Core indicator that doesn't appear as a PackageReference.
+  // Surface it as a dep so framework-detector rules (which match against
+  // the deps set) can fire on it. Same downstream consumer; no new
+  // signal channel needed.
+  const sdkMatch = /<Project\s+[^>]*Sdk\s*=\s*"([^"]+)"/i.exec(raw);
+  if (sdkMatch && !deps.includes(sdkMatch[1])) {
+    deps.push(sdkMatch[1]);
+  }
+  // Best-effort name from filename (Foo.csproj → "Foo").
+  const fname = path.split(/[/\\]/).pop() ?? '';
+  const name = fname.endsWith('.csproj') ? fname.slice(0, -'.csproj'.length) : null;
+  return {
+    path,
+    relativePath: normalizeRelative(root, path),
+    directory,
+    language: 'csharp',
+    runtime: 'dotnet',
+    name,
+    version: null,
+    dependencies: deps,
+    devDependencies: [],
+    scripts: [],
+    manifestType: '*.csproj',
+  };
+}
+
 function detectManifestsInDir(
   dir: string,
   root: string,
   warnings: DetectionWarning[]
 ): PackageManifest[] {
+  // Plan 1.5.1: dispatch via the canonical MANIFEST_REGISTRY (single
+  // source-of-truth). The previous hand-rolled MANIFEST_FILES list +
+  // switch statement led to drift with runner.ts:buildDetectionSignals
+  // (Phoenix + ASP.NET were unreachable). Closed by registry.
+  // Lazy import to avoid ESM cycle; getManifestRegistry() is itself
+  // lazy-initialized.
+  const { getManifestRegistry, matchManifestPattern } = registryModule;
   const out: PackageManifest[] = [];
-  for (const fname of MANIFEST_FILES) {
-    const path = join(dir, fname);
-    if (!existsSync(path)) continue;
-    let m: PackageManifest | null = null;
-    switch (fname) {
-      case 'package.json':
-        m = parsePackageJson(path, dir, root, warnings);
-        break;
-      case 'pyproject.toml':
-        m = parsePyproject(path, dir, root, warnings);
-        break;
-      case 'requirements.txt':
-        m = parseRequirementsTxt(path, dir, root, warnings);
-        break;
-      case 'Pipfile':
-        m = parsePipfile(path, dir, root, warnings);
-        break;
-      case 'Cargo.toml':
-        m = parseCargoToml(path, dir, root, warnings);
-        break;
-      case 'Package.swift':
-        m = parsePackageSwift(path, dir, root, warnings);
-        break;
-      case 'go.mod':
-        m = parseGoMod(path, dir, root, warnings);
-        break;
-      case 'pom.xml':
-        m = parsePomXml(path, dir, root, warnings);
-        break;
-      case 'build.gradle':
-      case 'build.gradle.kts':
-        m = parseBuildGradle(path, dir, root, warnings);
-        break;
-      case 'Gemfile':
-        m = parseGemfile(path, dir, root, warnings);
-        break;
+  let dirEntries: string[] | null = null;
+  for (const entry of getManifestRegistry()) {
+    if (!entry.pattern.startsWith('*')) {
+      // Exact-filename pattern: O(1) existence check.
+      const path = join(dir, entry.pattern);
+      if (!existsSync(path)) continue;
+      const m = entry.parse(path, dir, root, warnings);
+      if (m !== null) out.push(m);
+    } else {
+      // Extension-glob pattern: scan dir for matches. Lazy-readdir so
+      // we pay the cost only when at least one glob entry exists.
+      if (dirEntries === null) {
+        try {
+          dirEntries = readdirSync(dir);
+        } catch {
+          dirEntries = [];
+        }
+      }
+      for (const fname of dirEntries) {
+        if (!matchManifestPattern(fname, entry.pattern)) continue;
+        const path = join(dir, fname);
+        if (!existsSync(path)) continue;
+        const m = entry.parse(path, dir, root, warnings);
+        if (m !== null) out.push(m);
+      }
     }
-    if (m !== null) out.push(m);
   }
   return out;
 }
 
+// Imported lazily-via-namespace to break the ESM cycle (manifest-registry
+// imports parsers from THIS module). The namespace import is hoisted to
+// the top of the module by ESM, but the named members are resolved on
+// access — by the time `detectManifestsInDir` runs, the registry module's
+// top-level evaluation has completed.
+import * as registryModule from './manifest-registry.ts';
+
 function listSubdirs(dir: string): string[] {
   try {
     return readdirSync(dir, { withFileTypes: true })

package/src/detect/source-dir-detector.ts

@@ -90,6 +90,9 @@ const EXTENSIONS: Record<SupportedLanguage, string[]> = {
   go: ['go'],
   java: ['java', 'kt'],
   ruby: ['rb'],
+  // Plan 1.5.1 — closing CR-39 init gap for Phoenix + ASP.NET projects.
+  elixir: ['ex', 'exs'],
+  csharp: ['cs'],
 };
 
 const TEST_FILE_PATTERNS: Record<SupportedLanguage, RegExp[]> = {
@@ -101,6 +104,10 @@ const TEST_FILE_PATTERNS: Record<SupportedLanguage, RegExp[]> = {
   go: [/_test\.go$/],
   java: [/Test[^/]*\.(java|kt)$/, /[^/]*Test\.(java|kt)$/],
   ruby: [/_spec\.rb$/, /_test\.rb$/],
+  // Phoenix/ExUnit canonical: `test/**_test.exs`. ASP.NET / xUnit
+  // canonical: `*Tests.cs` or `*.Tests/...`.
+  elixir: [/_test\.exs$/, /\/test\//],
+  csharp: [/Tests?\.cs$/, /\.Tests?\//],
 };
 
 const TEST_DIR_KEYWORDS = ['tests', 'test', '__tests__', 'spec', 'specs'];

package/src/hooks/post-tool-use.ts

@@ -245,6 +245,7 @@ function readConventions(cwd?: string): {
     const configPath = join(projectRoot, 'massu.config.yaml');
     if (!existsSync(configPath)) return defaults;
     const content = readFileSync(configPath, 'utf-8');
+    // pattern-scanner-allow: yaml-parse — reason: compiled standalone hook (esbuild bundle). Per P2-023a, hooks cannot import getConfig() — they run in the Claude Code subprocess context with no module resolution path back to packages/core. Direct YAML parse is the only available access pattern.
     const parsed = parseYaml(content) as Record<string, unknown> | null;
     if (!parsed || typeof parsed !== 'object') return defaults;
     const conventions = parsed.conventions as Record<string, unknown> | undefined;

package/src/hooks/session-start.ts

@@ -279,6 +279,7 @@ async function buildDriftBanner(): Promise<string> {
     const configPath = resolve(process.cwd(), 'massu.config.yaml');
     if (!existsSync(configPath)) return '';
     const content = readFileSync(configPath, 'utf-8');
+    // pattern-scanner-allow: yaml-parse — reason: compiled standalone hook (esbuild bundle). Per P2-023a, hooks cannot import getConfig() — they run in the Claude Code subprocess context with no module resolution path back to packages/core. Direct YAML parse is the only available access pattern.
     const parsed = parseYaml(content) as Record<string, unknown> | null;
     if (!parsed || typeof parsed !== 'object') return '';
     const det = parsed.detection as Record<string, unknown> | undefined;

package/src/lib/fileLock.ts

@@ -0,0 +1,203 @@
+// Copyright (c) 2026 Massu. All rights reserved.
+// Licensed under BSL 1.1 - see LICENSE file for details.
+
+/**
+ * Generic synchronous file-lock primitive built on `proper-lockfile`.
+ *
+ * Plan 3c gap-59 deliverable. Single source of truth for "acquire-lock,
+ * run fn, release on every exit path" across the codebase. Both
+ * `lib/installLock.ts:withInstallLock` (Plan 3a installAll serialization)
+ * AND `security/manifest-cache.ts:refreshManifest` (Plan 3c manifest
+ * cache writes) MUST delegate to `withFileLockSync` here — there is NO
+ * parallel lock implementation in the codebase per CR-46 / Rule 0
+ * (single-source-of-truth for lock semantics).
+ *
+ * What this primitive provides:
+ * 1. mkdirSync the lock parent dir if absent (fresh-repo / fresh-home case).
+ * 2. proper-lockfile.lockSync acquires the lock; we wrap the manual retry
+ *    loop because lockSync rejects retries>0 (`Cannot use retries with
+ *    the sync api` per node_modules/proper-lockfile/lib/adapter.js).
+ * 3. Surface ELOCKED (POSIX) and EBUSY (Windows) as the same FileLockBusyError.
+ * 4. Persist the lock-holder PID alongside the lock as `<lockPath>.pid` so
+ *    the next contender can include it in a user-friendly error message.
+ * 5. Default 30s block-then-bail per Plan 3a §190; configurable per-callsite.
+ * 6. `errorFactory` opt lets callers customize the busy-error class so
+ *    domain-specific helpers (`InstallLockBusyError`, future Phase 5
+ *    `ManifestCacheBusyError`) can extend the base type without each
+ *    re-implementing the lock logic.
+ *
+ * NOT provided by this primitive:
+ * - Async variant (`withFileLockAsync`). The current Phase 5 cache-write
+ *   path resolves the async fetch BEFORE acquiring the lock, so the lock
+ *   is held only during the brief sync atomicWrite. Async-while-holding-
+ *   the-lock would deadlock under contention; the design is "fetch first,
+ *   then lock-for-write only".
+ * - Reentrancy. `proper-lockfile.lockSync` is non-reentrant; calling
+ *   withFileLockSync recursively from inside its own `fn` will fail with
+ *   ELOCKED. Plan 3a observed and documented this in
+ *   __tests__/watch/config-refresh-autoyes.test.ts:129.
+ */
+
+import { mkdirSync, readFileSync, rmSync, writeFileSync } from 'fs';
+import { dirname } from 'path';
+import * as lockfile from 'proper-lockfile';
+
+export interface FileLockOpts {
+  /** Default 30s — proper-lockfile considers a lock stale after this elapses. */
+  staleMs?: number;
+  /**
+   * How long the manual retry loop should block waiting for the holder to
+   * release before bailing with the busy error. Default 30s.
+   * Pass `0` to bail immediately (used in tests).
+   */
+  blockMs?: number;
+  /** Sleep granularity inside the retry loop. Default 100ms. */
+  pollIntervalMs?: number;
+  /**
+   * Backwards-compat: legacy callers pass `retries: 0` to mean "do not
+   * block". When set to a positive integer, used by tests that want to
+   * exercise a specific retry count instead of the default time-based loop.
+   */
+  retries?: number;
+  /** Override clock (test seam). */
+  now?: () => number;
+  /** Override sleep (test seam). Defaults to a busy-wait spinloop. */
+  sleep?: (ms: number) => void;
+  /**
+   * Optional custom busy-error factory. When provided, the default
+   * FileLockBusyError throw is replaced with whatever this factory returns.
+   * Domain-specific callers (installLock, manifest-cache) use this to
+   * keep their own user-facing error types and messages.
+   */
+  errorFactory?: (
+    lockPath: string,
+    holderPid: number | null,
+    retryAfterSeconds: number,
+    causeCode: string | undefined,
+  ) => Error;
+}
+
+export class FileLockBusyError extends Error {
+  constructor(
+    public lockPath: string,
+    public holderPid: number | null,
+    public retryAfterSeconds: number,
+    public causeCode?: string,
+  ) {
+    const pidPart = holderPid != null ? `(PID=${holderPid})` : '(PID=unknown)';
+    super(`File lock at ${lockPath} held by another process ${pidPart} — try again in ${retryAfterSeconds}s`);
+    this.name = 'FileLockBusyError';
+  }
+}
+
+/**
+ * Best-effort: read the PID of the current lock holder from the
+ * `<lockPath>.pid` sidecar file. Returns null on any read error.
+ */
+export function readLockHolderPid(lockPath: string): number | null {
+  try {
+    const raw = readFileSync(`${lockPath}.pid`, 'utf-8').trim();
+    const pid = Number.parseInt(raw, 10);
+    if (!Number.isFinite(pid) || pid <= 0) return null;
+    return pid;
+  } catch {
+    return null;
+  }
+}
+
+/**
+ * CR-9 audit L3 fix: REQUIRES SharedArrayBuffer + Atomics for the sync
+ * wait. The prior fallback (a tight `while (Date.now() < end)` spinloop)
+ * burned 100% CPU on environments without Atomics — typically sandboxed
+ * serverless runtimes — making contended manifest refreshes a DoS
+ * surface against the host. With this throw, callers running on
+ * Atomics-less environments fail loudly + early instead of silently
+ * spinning.
+ */
+export function busyWaitSync(ms: number): void {
+  if (typeof SharedArrayBuffer === 'undefined' || typeof Atomics === 'undefined') {
+    throw new Error(
+      `withFileLockSync requires SharedArrayBuffer + Atomics for its retry-loop wait. ` +
+      `This Node runtime does not provide them — refusing to fall back to a CPU spinloop. ` +
+      `If you hit this in a sandboxed serverless env, the fix is to perform the ` +
+      `lock-protected operation in a host runtime that supports Atomics.`,
+    );
+  }
+  const sab = new SharedArrayBuffer(4);
+  const view = new Int32Array(sab);
+  Atomics.wait(view, 0, 0, ms);
+}
+
+/**
+ * Acquire the lock at `lockPath`, run `fn`, release on every exit path.
+ * Synchronous all the way through. See module-level doc for guarantees.
+ *
+ * Throws:
+ * - The result of `opts.errorFactory(...)` if provided AND lock is busy
+ *   beyond `blockMs`. Otherwise throws FileLockBusyError.
+ * - Any non-ELOCKED/EBUSY filesystem error from proper-lockfile is
+ *   re-thrown unchanged.
+ */
+export function withFileLockSync<T>(lockPath: string, fn: () => T, opts: FileLockOpts = {}): T {
+  // Ensure the lock's parent directory exists. Fresh repos / fresh user-home
+  // .massu/ may not have the parent yet.
+  mkdirSync(dirname(lockPath), { recursive: true });
+
+  const staleMs = opts.staleMs ?? 30_000;
+  const blockMs = opts.retries === 0 ? 0 : (opts.blockMs ?? 30_000);
+  const pollIntervalMs = opts.pollIntervalMs ?? 100;
+  const now = opts.now ?? Date.now;
+  const sleep = opts.sleep ?? busyWaitSync;
+  const makeBusyError =
+    opts.errorFactory ??
+    ((path, pid, retrySeconds, code) => new FileLockBusyError(path, pid, retrySeconds, code));
+
+  let release: (() => void) | null = null;
+  const deadline = now() + blockMs;
+
+  for (;;) {
+    try {
+      release = lockfile.lockSync(lockPath, {
+        stale: staleMs,
+        retries: 0,
+        realpath: false,
+      });
+      try {
+        writeFileSync(`${lockPath}.pid`, String(process.pid), 'utf-8');
+      } catch {
+        // best-effort
+      }
+      break;
+    } catch (err) {
+      const e = err as NodeJS.ErrnoException;
+      const code = e.code;
+      if (code !== 'ELOCKED' && code !== 'EBUSY') {
+        throw err;
+      }
+      if (now() >= deadline) {
+        const holderPid = readLockHolderPid(lockPath);
+        const remainingMs = Math.max(0, deadline - now());
+        const retryAfterSeconds = blockMs === 0
+          ? Math.round(staleMs / 1000)
+          : Math.round(remainingMs / 1000);
+        throw makeBusyError(lockPath, holderPid, retryAfterSeconds, code);
+      }
+      sleep(pollIntervalMs);
+    }
+  }
+
+  try {
+    return fn();
+  } finally {
+    try {
+      if (release) release();
+    } catch {
+      // best-effort
+    }
+    try {
+      rmSync(`${lockPath}.pid`, { force: true });
+    } catch {
+      // best-effort
+    }
+  }
+}