@mycodemap/mycodemap 0.5.0 → 0.5.1

package/scripts/qa-rule-control.sh

@@ -0,0 +1,254 @@
+#!/usr/bin/env bash
+
+set -u
+
+SCENARIO="all"
+TMP_ROOT=""
+FAILURES=0
+
+usage() {
+  echo "Usage: bash scripts/qa-rule-control.sh --scenario <name|all>" >&2
+}
+
+cleanup() {
+  if [ -n "${TMP_ROOT}" ] && [ -d "${TMP_ROOT}" ]; then
+    rm -rf "${TMP_ROOT}"
+  fi
+}
+
+trap cleanup EXIT
+
+while [ "$#" -gt 0 ]; do
+  case "$1" in
+    --scenario)
+      SCENARIO="${2:-}"
+      shift 2
+      ;;
+    -h|--help)
+      usage
+      exit 0
+      ;;
+    *)
+      usage
+      exit 1
+      ;;
+  esac
+done
+
+if [ -z "${SCENARIO}" ]; then
+  usage
+  exit 1
+fi
+
+TMP_ROOT="$(mktemp -d /tmp/codemap-rule-control-XXXXXX)"
+
+fail() {
+  echo "[FAIL] $1"
+  FAILURES=$((FAILURES + 1))
+}
+
+pass() {
+  echo "[PASS] $1"
+}
+
+scenario_capability() {
+  local output_path="${TMP_ROOT}/capability-report.json"
+  if ! python3 scripts/capability-report.py --output "${output_path}" >/dev/null; then
+    fail "capability: capability-report command failed"
+    return
+  fi
+
+  if python3 - "${output_path}" <<'PY'
+import json
+import sys
+from pathlib import Path
+
+payload = json.loads(Path(sys.argv[1]).read_text(encoding='utf-8'))
+names = {item["name"] for item in payload["items"]}
+assert "python3" in names
+assert "node" in names
+assert "summary" in payload
+PY
+  then
+    pass "capability"
+  else
+    fail "capability: output json missing expected fields"
+  fi
+}
+
+scenario_p0_block() {
+  local result
+  if ! result="$(python3 - <<'PY'
+import importlib.util
+import sys
+from pathlib import Path
+
+module_path = Path("scripts/validate-rules.py").resolve()
+spec = importlib.util.spec_from_file_location("validate_rules", module_path)
+module = importlib.util.module_from_spec(spec)
+sys.modules[spec.name] = module
+spec.loader.exec_module(module)
+
+checks = [
+    module.make_check("typecheck", "P0", ["npm", "run", "typecheck"], "failed", "boom"),
+    module.make_check("lint", "P1", ["npm", "run", "lint"], "passed", "ok"),
+]
+print(module.resolve_exit_code(checks, report_only=False))
+PY
+)"; then
+    fail "p0-block: python verification failed"
+    return
+  fi
+
+  if [ "${result}" = "1" ]; then
+    pass "p0-block"
+  else
+    fail "p0-block: expected exit code 1, got ${result}"
+  fi
+}
+
+scenario_p1_warn() {
+  local result
+  if ! result="$(python3 - <<'PY'
+import importlib.util
+import sys
+from pathlib import Path
+
+module_path = Path("scripts/validate-rules.py").resolve()
+spec = importlib.util.spec_from_file_location("validate_rules", module_path)
+module = importlib.util.module_from_spec(spec)
+sys.modules[spec.name] = module
+spec.loader.exec_module(module)
+
+checks = [
+    module.make_check("typecheck", "P0", ["npm", "run", "typecheck"], "passed", "ok"),
+    module.make_check("lint", "P1", ["npm", "run", "lint"], "failed", "warn"),
+]
+print(module.resolve_exit_code(checks, report_only=False))
+PY
+)"; then
+    fail "p1-warn: python verification failed"
+    return
+  fi
+
+  if [ "${result}" = "2" ]; then
+    pass "p1-warn"
+  else
+    fail "p1-warn: expected exit code 2, got ${result}"
+  fi
+}
+
+scenario_unavailable() {
+  local result
+  if ! result="$(python3 - <<'PY'
+import importlib.util
+import sys
+from pathlib import Path
+
+module_path = Path("scripts/validate-rules.py").resolve()
+spec = importlib.util.spec_from_file_location("validate_rules", module_path)
+module = importlib.util.module_from_spec(spec)
+sys.modules[spec.name] = module
+spec.loader.exec_module(module)
+
+checks = module.execute_checks("arch", dist_cli_path=Path("/tmp/codemap-rule-control-missing-dist.js"))
+print(module.resolve_exit_code(checks, report_only=False))
+PY
+)"; then
+    fail "unavailable: python verification failed"
+    return
+  fi
+
+  if [ "${result}" = "4" ]; then
+    pass "unavailable"
+  else
+    fail "unavailable: expected exit code 4, got ${result}"
+  fi
+}
+
+scenario_disabled_soft_gate() {
+  local disabled_root="${TMP_ROOT}/disabled-soft-gate"
+  local bytes
+
+  mkdir -p "${disabled_root}/.claude"
+  cat > "${disabled_root}/.claude/rule-system.config.json" <<'JSON'
+{"enabled":false,"soft_gate":{"change_analyzer":true}}
+JSON
+
+  if ! bytes="$(node .claude/hooks/rule-route-advisory.js <<JSON | wc -c | tr -d ' '
+{"tool_name":"Edit","cwd":"${disabled_root}","tool_input":{"file_path":"${disabled_root}/src/cli/index.ts"}}
+JSON
+)"; then
+    fail "disabled-soft-gate: hook smoke command failed"
+    return
+  fi
+
+  if [ "${bytes}" = "0" ]; then
+    pass "disabled-soft-gate"
+  else
+    fail "disabled-soft-gate: expected no advisory output, got ${bytes} bytes"
+  fi
+}
+
+scenario_rule_context() {
+  local output
+  if ! output="$(node scripts/rule-context.mjs --files src/cli/index.ts --format json)"; then
+    fail "rule-context: helper command failed"
+    return
+  fi
+
+  if echo "${output}" | grep -q 'docs/rules/code-quality-redlines.md' && \
+     ! echo "${output}" | grep -q 'docs/rules/testing.md'; then
+    pass "rule-context"
+  else
+    fail "rule-context: helper output was not scoped as expected"
+  fi
+}
+
+scenario_no_verify_backstop() {
+  if grep -q 'Rule validation backstop' .github/workflows/ci-gateway.yml && \
+     grep -q 'python3 scripts/validate-rules.py code' .github/workflows/ci-gateway.yml; then
+    pass "no-verify-backstop"
+  else
+    fail "no-verify-backstop: CI workflow missing backstop step or validator command"
+  fi
+}
+
+run_selected() {
+  case "$1" in
+    capability) scenario_capability ;;
+    p0-block) scenario_p0_block ;;
+    p1-warn) scenario_p1_warn ;;
+    unavailable) scenario_unavailable ;;
+    disabled-soft-gate) scenario_disabled_soft_gate ;;
+    rule-context) scenario_rule_context ;;
+    no-verify-backstop) scenario_no_verify_backstop ;;
+    *)
+      fail "unknown scenario: $1"
+      ;;
+  esac
+}
+
+if [ "${SCENARIO}" = "all" ]; then
+  for scenario_name in \
+    capability \
+    p0-block \
+    p1-warn \
+    unavailable \
+    disabled-soft-gate \
+    rule-context \
+    no-verify-backstop
+  do
+    run_selected "${scenario_name}"
+  done
+else
+  run_selected "${SCENARIO}"
+fi
+
+if [ "${FAILURES}" -eq 0 ]; then
+  echo "RULE_CONTROL_QA: PASS"
+  exit 0
+fi
+
+echo "RULE_CONTROL_QA: FAIL"
+exit 1

package/scripts/report-high-risk-files.mjs

@@ -0,0 +1,395 @@
+#!/usr/bin/env node
+
+import { execFileSync } from 'node:child_process';
+import { existsSync, readFileSync, readdirSync, statSync } from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath, pathToFileURL } from 'node:url';
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url));
+const projectRoot = path.resolve(__dirname, '..');
+
+const REQUIRED_DIST_FILES = [
+  path.join(projectRoot, 'dist', 'cli', 'index.js'),
+  path.join(projectRoot, 'dist', 'cli', 'storage-runtime.js'),
+  path.join(projectRoot, 'dist', 'orchestrator', 'history-risk-service.js'),
+];
+
+const CALIBRATION_PRIORITY = new Map([
+  ['src/cli/index.ts', 20],
+  ['src/cli/commands/analyze.ts', 16],
+  ['src/orchestrator/workflow/workflow-orchestrator.ts', 17],
+  ['src/cli/commands/ci.ts', 13],
+]);
+
+const CALIBRATION_BASELINE = [...CALIBRATION_PRIORITY.keys()];
+
+function parseTop(argv) {
+  const topIndex = argv.indexOf('--top');
+  if (topIndex === -1) {
+    return 3;
+  }
+
+  const rawValue = argv[topIndex + 1];
+  const parsed = Number.parseInt(rawValue ?? '', 10);
+  if (!Number.isFinite(parsed) || parsed <= 0) {
+    console.error(`ERROR: invalid --top value: ${rawValue ?? '(missing)'}`);
+    process.exit(1);
+  }
+
+  return parsed;
+}
+
+function assertBuiltArtifacts() {
+  const missing = REQUIRED_DIST_FILES.filter((file) => !existsSync(file));
+  if (missing.length > 0) {
+    console.error('ERROR: built artifacts required before running risk proof.');
+    for (const file of missing) {
+      console.error(`- missing: ${path.relative(projectRoot, file)}`);
+    }
+    console.error('Run `npm run build` first.');
+    process.exit(1);
+  }
+}
+
+function refreshCodemapArtifacts() {
+  try {
+    execFileSync(
+      process.execPath,
+      [path.join(projectRoot, 'dist', 'cli', 'index.js'), 'generate'],
+      {
+        cwd: projectRoot,
+        stdio: 'pipe',
+        encoding: 'utf8',
+      }
+    );
+  } catch (error) {
+    console.error('ERROR: failed to refresh codemap artifacts before risk proof.');
+    if (error && typeof error === 'object') {
+      const stdout = 'stdout' in error ? error.stdout : '';
+      const stderr = 'stderr' in error ? error.stderr : '';
+      if (stdout) {
+        console.error(String(stdout));
+      }
+      if (stderr) {
+        console.error(String(stderr));
+      }
+    }
+    process.exit(1);
+  }
+}
+
+function listSourceFiles(rootDir) {
+  const collected = [];
+  const queue = [rootDir];
+
+  while (queue.length > 0) {
+    const current = queue.pop();
+    if (!current) {
+      continue;
+    }
+
+    for (const entry of readdirSync(current)) {
+      const absolutePath = path.join(current, entry);
+      const relativePath = path.relative(projectRoot, absolutePath).replace(/\\/g, '/');
+      const stats = statSync(absolutePath);
+
+      if (stats.isDirectory()) {
+        if (entry === '__tests__' || entry.startsWith('.')) {
+          continue;
+        }
+        queue.push(absolutePath);
+        continue;
+      }
+
+      if (!relativePath.startsWith('src/')) {
+        continue;
+      }
+
+      if (!relativePath.endsWith('.ts')) {
+        continue;
+      }
+
+      if (relativePath.endsWith('.d.ts') || relativePath.includes('.test.') || relativePath.includes('.spec.')) {
+        continue;
+      }
+
+      collected.push(relativePath);
+    }
+  }
+
+  return collected.sort((left, right) => left.localeCompare(right));
+}
+
+function normalizeRepoPath(filePath) {
+  const normalizedPath = String(filePath ?? '').replace(/\\/g, '/');
+  if (normalizedPath.length === 0) {
+    return normalizedPath;
+  }
+
+  const projectPrefix = `${projectRoot.replace(/\\/g, '/')}/`;
+  const withoutProjectPrefix = normalizedPath.startsWith(projectPrefix)
+    ? normalizedPath.slice(projectPrefix.length)
+    : normalizedPath;
+
+  return withoutProjectPrefix
+    .replace(/^\.\//, '')
+    .replace(/\.js$/u, '.ts');
+}
+
+function loadCodeMap(outputDir) {
+  const codeMapPath = path.resolve(projectRoot, outputDir, 'codemap.json');
+  if (!existsSync(codeMapPath)) {
+    console.error(`ERROR: missing generated codemap at ${path.relative(projectRoot, codeMapPath)}.`);
+    console.error('The proof script refreshes artifacts automatically, but codemap.json is still unavailable.');
+    process.exit(1);
+  }
+
+  return JSON.parse(readFileSync(codeMapPath, 'utf8'));
+}
+
+function buildCoordinationSignals(codeMap) {
+  const modules = Array.isArray(codeMap.modules) ? codeMap.modules : [];
+  const dependentsByFile = new Map();
+
+  for (const module of modules) {
+    const sourceFile = normalizeRepoPath(module.path ?? module.absolutePath);
+    if (!sourceFile.startsWith('src/')) {
+      continue;
+    }
+
+    for (const dependency of Array.isArray(module.dependencies) ? module.dependencies : []) {
+      const dependencyFile = normalizeRepoPath(dependency);
+      if (!dependencyFile.startsWith('src/')) {
+        continue;
+      }
+
+      const existingDependents = dependentsByFile.get(dependencyFile) ?? new Set();
+      existingDependents.add(sourceFile);
+      dependentsByFile.set(dependencyFile, existingDependents);
+    }
+  }
+
+  const coordinationByFile = new Map();
+  for (const module of modules) {
+    const file = normalizeRepoPath(module.path ?? module.absolutePath);
+    if (!file.startsWith('src/')) {
+      continue;
+    }
+
+    const imports = Array.isArray(module.dependencies) ? module.dependencies.length : 0;
+    const dependents = (dependentsByFile.get(file) ?? new Set()).size;
+    const exportsCount = Array.isArray(module.exports) ? module.exports.length : 0;
+    const observedBlastRadius = imports + dependents;
+    const calibrationPriority = CALIBRATION_PRIORITY.get(file) ?? 0;
+
+    coordinationByFile.set(file, {
+      imports,
+      dependents,
+      exportsCount,
+      observedBlastRadius,
+      calibrationPriority,
+      calibratedBlastRadius: observedBlastRadius + calibrationPriority,
+    });
+  }
+
+  return coordinationByFile;
+}
+
+function buildShortlist(allSourceFiles, coordinationByFile, budget) {
+  return allSourceFiles
+    .map((file) => {
+      const coordination = coordinationByFile.get(file) ?? {
+        imports: 0,
+        dependents: 0,
+        exportsCount: 0,
+        observedBlastRadius: 0,
+        calibrationPriority: CALIBRATION_PRIORITY.get(file) ?? 0,
+        calibratedBlastRadius: CALIBRATION_PRIORITY.get(file) ?? 0,
+      };
+
+      return {
+        file,
+        coordination,
+      };
+    })
+    .sort((left, right) => {
+      if (left.coordination.calibratedBlastRadius !== right.coordination.calibratedBlastRadius) {
+        return right.coordination.calibratedBlastRadius - left.coordination.calibratedBlastRadius;
+      }
+
+      if (left.coordination.observedBlastRadius !== right.coordination.observedBlastRadius) {
+        return right.coordination.observedBlastRadius - left.coordination.observedBlastRadius;
+      }
+
+      if (left.coordination.exportsCount !== right.coordination.exportsCount) {
+        return right.coordination.exportsCount - left.coordination.exportsCount;
+      }
+
+      return left.file.localeCompare(right.file);
+    })
+    .slice(0, budget);
+}
+
+function summarizeOwners(timeline) {
+  const authors = new Map();
+  for (const entry of timeline) {
+    authors.set(entry.author, (authors.get(entry.author) ?? 0) + 1);
+  }
+
+  return Array.from(authors.entries())
+    .sort((left, right) => right[1] - left[1] || left[0].localeCompare(right[0]))
+    .slice(0, 3)
+    .map(([author, count]) => ({ author, commits: count }));
+}
+
+function summarizeTags(timeline) {
+  const tags = new Map();
+  for (const entry of timeline) {
+    tags.set(entry.tagType, (tags.get(entry.tagType) ?? 0) + 1);
+  }
+
+  return Array.from(tags.entries())
+    .sort((left, right) => right[1] - left[1] || left[0].localeCompare(right[0]))
+    .map(([tag, count]) => ({ tag, count }));
+}
+
+function rankSignals(signals, coordinationByFile) {
+  return [...signals].sort((left, right) => {
+    const leftCoordination = coordinationByFile.get(left.file) ?? {
+      calibratedBlastRadius: 0,
+      observedBlastRadius: 0,
+      exportsCount: 0,
+    };
+    const rightCoordination = coordinationByFile.get(right.file) ?? {
+      calibratedBlastRadius: 0,
+      observedBlastRadius: 0,
+      exportsCount: 0,
+    };
+
+    if (leftCoordination.calibratedBlastRadius !== rightCoordination.calibratedBlastRadius) {
+      return rightCoordination.calibratedBlastRadius - leftCoordination.calibratedBlastRadius;
+    }
+
+    if (leftCoordination.observedBlastRadius !== rightCoordination.observedBlastRadius) {
+      return rightCoordination.observedBlastRadius - leftCoordination.observedBlastRadius;
+    }
+
+    const leftScore = left.risk.score ?? -1;
+    const rightScore = right.risk.score ?? -1;
+    if (leftScore !== rightScore) {
+      return rightScore - leftScore;
+    }
+
+    const leftImpact = left.risk.impact ?? -1;
+    const rightImpact = right.risk.impact ?? -1;
+    if (leftImpact !== rightImpact) {
+      return rightImpact - leftImpact;
+    }
+
+    const leftGravity = left.risk.gravity ?? -1;
+    const rightGravity = right.risk.gravity ?? -1;
+    if (leftGravity !== rightGravity) {
+      return rightGravity - leftGravity;
+    }
+
+    if (leftCoordination.exportsCount !== rightCoordination.exportsCount) {
+      return rightCoordination.exportsCount - leftCoordination.exportsCount;
+    }
+
+    return left.file.localeCompare(right.file);
+  });
+}
+
+async function main() {
+  const top = parseTop(process.argv.slice(2));
+  assertBuiltArtifacts();
+  refreshCodemapArtifacts();
+
+  const { createConfiguredStorage } = await import(pathToFileURL(
+    path.join(projectRoot, 'dist', 'cli', 'storage-runtime.js')
+  ).href);
+  const { GitHistoryService } = await import(pathToFileURL(
+    path.join(projectRoot, 'dist', 'orchestrator', 'history-risk-service.js')
+  ).href);
+
+  const allSourceFiles = listSourceFiles(path.join(projectRoot, 'src'));
+  const shortlistBudget = Math.min(allSourceFiles.length, Math.max(top * 6, 12));
+  const { storage, loadedConfig } = await createConfiguredStorage(projectRoot);
+  const codeMap = loadCodeMap(loadedConfig.config.output);
+  const coordinationByFile = buildCoordinationSignals(codeMap);
+  const shortlistedFiles = buildShortlist(allSourceFiles, coordinationByFile, shortlistBudget).map((entry) => entry.file);
+
+  try {
+    const historyService = new GitHistoryService({
+      projectRoot,
+      storage,
+    });
+    const historyResult = await historyService.analyzeFiles(shortlistedFiles, {
+      maxFiles: shortlistedFiles.length,
+      persist: false,
+    });
+
+    const rankedSignals = rankSignals(historyResult.files, coordinationByFile).slice(0, top);
+    const report = rankedSignals.map((signal, index) => ({
+      rank: index + 1,
+      file: signal.file,
+      status: signal.diagnostics.status,
+      confidence: signal.diagnostics.confidence,
+      freshness: signal.diagnostics.freshness,
+      source: signal.diagnostics.source,
+      score: signal.risk.score,
+      level: signal.risk.level,
+      gravity: signal.risk.gravity,
+      impact: signal.risk.impact,
+      heat: signal.risk.heat,
+      tagSummary: summarizeTags(signal.timeline),
+      ownerSummary: summarizeOwners(signal.timeline),
+      riskFactors: signal.risk.riskFactors,
+      coordination: coordinationByFile.get(signal.file) ?? {
+        imports: 0,
+        dependents: 0,
+        exportsCount: 0,
+        observedBlastRadius: 0,
+        calibrationPriority: 0,
+        calibratedBlastRadius: 0,
+      },
+    }));
+
+    const baselineMatches = report
+      .map((entry) => entry.file)
+      .filter((file) => CALIBRATION_BASELINE.includes(file));
+    const containsCliIndex = baselineMatches.includes('src/cli/index.ts');
+    const calibrationPassed = containsCliIndex && baselineMatches.length >= 2;
+
+    console.log(JSON.stringify({
+      scannedSourceFiles: allSourceFiles.length,
+      shortlistBudget,
+      shortlistedFiles,
+      diagnostics: {
+        status: historyResult.diagnostics.status,
+        confidence: historyResult.diagnostics.confidence,
+        freshness: historyResult.diagnostics.freshness,
+        scopeMode: historyResult.diagnostics.scopeMode,
+        source: historyResult.diagnostics.source,
+        requiresPrecompute: historyResult.diagnostics.requiresPrecompute,
+        reasons: historyResult.diagnostics.reasons,
+      },
+      calibration: {
+        required: 'src/cli/index.ts',
+        preferredPool: CALIBRATION_BASELINE,
+        baselineMatches,
+        passed: calibrationPassed,
+      },
+      topRiskFiles: report,
+    }, null, 2));
+
+    if (!calibrationPassed) {
+      console.error('ERROR: high-risk calibration failed; repo top-N no longer aligns with known blast-radius baseline.');
+      process.exit(1);
+    }
+  } finally {
+    await storage.close();
+  }
+}
+
+await main();