@nimiplatform/nimi-coding 0.1.0 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +19 -20
- package/adapters/oh-my-codex/README.md +8 -9
- package/cli/commands/audit-sweep.mjs +10 -10
- package/cli/commands/classify-spec-tree.mjs +5 -0
- package/cli/commands/closeout.mjs +3 -0
- package/cli/commands/generate-spec-derived-docs.mjs +20 -0
- package/cli/commands/generate-spec-migration-plan.mjs +30 -0
- package/cli/commands/start.mjs +5 -1
- package/cli/commands/surface-validator-command.mjs +49 -0
- package/cli/commands/sweep-design.mjs +295 -0
- package/cli/commands/sweep.mjs +22 -0
- package/cli/commands/sync.mjs +132 -0
- package/cli/commands/topic-formatters.mjs +8 -8
- package/cli/commands/validate-ai-governance.mjs +167 -46
- package/cli/commands/validate-domain-admission.mjs +5 -0
- package/cli/commands/validate-guidance-bodies.mjs +5 -0
- package/cli/commands/validate-placement.mjs +5 -0
- package/cli/commands/validate-projection-edges.mjs +5 -0
- package/cli/commands/validate-spec-audit.mjs +5 -1
- package/cli/commands/validate-table-family.mjs +5 -0
- package/cli/commands/validate-tracked-output-admission.mjs +5 -0
- package/cli/constants.mjs +5 -49
- package/cli/help.mjs +33 -11
- package/cli/index.mjs +20 -2
- package/cli/lib/audit-sweep-runtime/admissions.mjs +38 -29
- package/cli/lib/audit-sweep-runtime/audit-validity.mjs +8 -0
- package/cli/lib/audit-sweep-runtime/chunks.mjs +11 -11
- package/cli/lib/audit-sweep-runtime/closeout.mjs +8 -8
- package/cli/lib/audit-sweep-runtime/codex-auditor-evidence.mjs +3 -3
- package/cli/lib/audit-sweep-runtime/codex-auditor.mjs +10 -10
- package/cli/lib/audit-sweep-runtime/common.mjs +7 -7
- package/cli/lib/audit-sweep-runtime/format.mjs +3 -3
- package/cli/lib/audit-sweep-runtime/ingest.mjs +8 -8
- package/cli/lib/audit-sweep-runtime/inventory-spec-chunks.mjs +24 -27
- package/cli/lib/audit-sweep-runtime/inventory.mjs +58 -18
- package/cli/lib/audit-sweep-runtime/ledger.mjs +1 -1
- package/cli/lib/audit-sweep-runtime/p0p1-profile.mjs +2 -2
- package/cli/lib/audit-sweep-runtime/remediation.mjs +6 -6
- package/cli/lib/audit-sweep-runtime/rerun.mjs +6 -6
- package/cli/lib/audit-sweep-runtime/status.mjs +1 -1
- package/cli/lib/audit-sweep-runtime/validators.mjs +2 -2
- package/cli/lib/authority-convergence.mjs +397 -2
- package/cli/lib/blueprint-audit.mjs +5 -5
- package/cli/lib/closeout.mjs +126 -3
- package/cli/lib/contracts.mjs +21 -17
- package/cli/lib/handoff.mjs +29 -11
- package/cli/lib/high-risk-admission.mjs +60 -11
- package/cli/lib/high-risk-decision.mjs +31 -2
- package/cli/lib/high-risk-ingest.mjs +5 -1
- package/cli/lib/high-risk-review.mjs +5 -1
- package/cli/lib/internal/contracts-parse.mjs +195 -24
- package/cli/lib/internal/contracts-validators.mjs +3 -2
- package/cli/lib/internal/doctor-bootstrap-surface.mjs +82 -35
- package/cli/lib/internal/doctor-delegated-surface.mjs +1 -1
- package/cli/lib/internal/doctor-finalize.mjs +12 -8
- package/cli/lib/internal/doctor-inspectors.mjs +34 -1
- package/cli/lib/internal/governance/ai/ai-context-budget-core.mjs +74 -12
- package/cli/lib/internal/governance/ai/ai-structure-budget-core.mjs +24 -6
- package/cli/lib/internal/governance/ai/check-agents-freshness.mjs +18 -23
- package/cli/lib/internal/surface-taxonomy-validators.mjs +931 -0
- package/cli/lib/internal/validators-spec.mjs +229 -20
- package/cli/lib/sweep-design-runtime/common.mjs +246 -0
- package/cli/lib/sweep-design-runtime/engine.mjs +733 -0
- package/cli/lib/sweep-design-runtime/fix-topic.mjs +414 -0
- package/cli/lib/sweep-design-runtime/lifecycle.mjs +54 -0
- package/cli/lib/sweep-design-runtime/results.mjs +324 -0
- package/cli/lib/sweep-design.mjs +8 -0
- package/cli/lib/sync.mjs +143 -0
- package/cli/lib/topic-artifacts.mjs +186 -0
- package/cli/lib/topic-authority-coverage.mjs +73 -0
- package/cli/lib/topic-closeout.mjs +560 -0
- package/cli/lib/topic-common.mjs +404 -0
- package/cli/lib/topic-decisions.mjs +332 -0
- package/cli/lib/topic-draft-packets.mjs +126 -7
- package/cli/lib/topic-execution.mjs +515 -0
- package/cli/lib/topic-goal.mjs +112 -33
- package/cli/lib/topic-ledger.mjs +281 -0
- package/cli/lib/topic-lifecycle-artifacts.mjs +173 -0
- package/cli/lib/topic-root-validation.mjs +288 -0
- package/cli/lib/topic-runner-commands.mjs +174 -0
- package/cli/lib/topic-runner-deferral.mjs +532 -0
- package/cli/lib/topic-runner-stale-gates.mjs +114 -0
- package/cli/lib/topic-runner-validation.mjs +138 -0
- package/cli/lib/topic-runner.mjs +109 -154
- package/cli/lib/topic-scaffold.mjs +252 -0
- package/cli/lib/topic-waves.mjs +403 -0
- package/cli/lib/topic.mjs +81 -93
- package/cli/lib/value-helpers.mjs +6 -1
- package/cli/seeds/bootstrap.mjs +96 -20
- package/cli/seeds/seed-policy.yaml +67 -0
- package/config/bootstrap.yaml +1 -1
- package/config/skill-manifest.yaml +4 -2
- package/config/spec-generation-inputs.yaml +41 -19
- package/contracts/audit-remediation-map.schema.yaml +1 -0
- package/contracts/audit-sweep-result.yaml +4 -0
- package/contracts/domain-admission.schema.yaml +56 -0
- package/contracts/migration-inventory.schema.yaml +80 -0
- package/contracts/negative-fixtures.yaml +91 -0
- package/contracts/placement-contract.schema.yaml +163 -0
- package/contracts/projection-edge.schema.yaml +130 -0
- package/contracts/shared-enums.yaml +68 -0
- package/contracts/spec-generation-audit.schema.yaml +19 -4
- package/contracts/spec-generation-inputs.schema.yaml +130 -29
- package/contracts/spec-reconstruction-result.yaml +9 -5
- package/contracts/surface-taxonomy.schema.yaml +201 -0
- package/contracts/sweep-design-result.yaml +349 -0
- package/contracts/table-family.schema.yaml +114 -0
- package/contracts/topic-goal.schema.yaml +10 -1
- package/contracts/tracked-output-admission.schema.yaml +70 -0
- package/contracts/workflow-consumer.schema.yaml +112 -0
- package/methodology/audit-sweep-p0p1-recall.yaml +1 -1
- package/methodology/spec-reconstruction.yaml +53 -30
- package/package.json +5 -4
- package/spec/_meta/command-gating-matrix.yaml +33 -0
- package/spec/_meta/generate-drift-migration-checklist.yaml +44 -62
- package/spec/_meta/governance-routing-cutover-checklist.yaml +3 -3
- package/spec/_meta/phase2-impacted-surface-matrix.yaml +14 -14
- package/spec/_meta/spec-authority-cutover-readiness.yaml +3 -5
- package/spec/_meta/spec-tree-model.yaml +104 -36
- package/spec/bootstrap-state.yaml +36 -36
- package/spec/product-scope.yaml +13 -10
package/cli/help.mjs
CHANGED
|
@@ -18,6 +18,7 @@ export function helpText() {
|
|
|
18
18
|
` ${styleCommand("nimicoding start --host <generic|codex|claude|oh-my-codex>")}`,
|
|
19
19
|
` ${styleCommand("nimicoding clear")}`,
|
|
20
20
|
` ${styleCommand("nimicoding clear --yes")}`,
|
|
21
|
+
` ${styleCommand("nimicoding sync [--apply|--check|--dry-run] [--json]")}`,
|
|
21
22
|
` ${styleCommand("nimicoding topic create <slug> --justification <text> [--title <text>] [--json]")}`,
|
|
22
23
|
` ${styleCommand("nimicoding topic status [<topic-id>|<topic-path>] [--json]")}`,
|
|
23
24
|
` ${styleCommand("nimicoding topic run-next-step <topic-id> [--json]")}`,
|
|
@@ -49,17 +50,26 @@ export function helpText() {
|
|
|
49
50
|
` ${styleCommand("nimicoding handoff --skill <skill-id>")}`,
|
|
50
51
|
` ${styleCommand("nimicoding handoff --skill <skill-id> --json")}`,
|
|
51
52
|
` ${styleCommand("nimicoding handoff --skill <skill-id> --prompt")}`,
|
|
52
|
-
` ${styleCommand("nimicoding
|
|
53
|
-
` ${styleCommand("nimicoding
|
|
54
|
-
` ${styleCommand("nimicoding
|
|
55
|
-
` ${styleCommand("nimicoding
|
|
56
|
-
` ${styleCommand("nimicoding
|
|
57
|
-
` ${styleCommand("nimicoding
|
|
58
|
-
` ${styleCommand("nimicoding
|
|
59
|
-
` ${styleCommand("nimicoding
|
|
60
|
-
` ${styleCommand("nimicoding
|
|
61
|
-
` ${styleCommand("nimicoding
|
|
62
|
-
` ${styleCommand("nimicoding
|
|
53
|
+
` ${styleCommand("nimicoding sweep audit plan --root <dir> [--criteria <csv>] [--exclude <csv>] [--max-files <n>] [--sweep-id <id>] [--json]")}`,
|
|
54
|
+
` ${styleCommand("nimicoding sweep audit chunk dispatch --sweep-id <id> --chunk-id <chunk-id> --dispatched-at <iso8601> [--auditor <id>] [--json]")}`,
|
|
55
|
+
` ${styleCommand("nimicoding sweep audit chunk audit-codex --sweep-id <id> --chunk-id <chunk-id> --dispatched-at <iso8601> --verified-at <iso8601> --reviewed-at <iso8601> [--from-raw-output <ref>] [--timeout-ms <ms>] [--json]")}`,
|
|
56
|
+
` ${styleCommand("nimicoding sweep audit chunk ingest --sweep-id <id> --chunk-id <chunk-id> --from <json> --verified-at <iso8601> [--json]")}`,
|
|
57
|
+
` ${styleCommand("nimicoding sweep audit chunk review --sweep-id <id> --chunk-id <chunk-id> --verdict <pass|fail> --reviewed-at <iso8601> [--summary <text>] [--json]")}`,
|
|
58
|
+
` ${styleCommand("nimicoding sweep audit chunk skip --sweep-id <id> --chunk-id <chunk-id> --reason <text> --skipped-at <iso8601> [--json]")}`,
|
|
59
|
+
` ${styleCommand("nimicoding sweep audit ledger build --sweep-id <id> [--verified-at <iso8601>] [--json]")}`,
|
|
60
|
+
` ${styleCommand("nimicoding sweep audit remediation-map build --sweep-id <id> [--max-findings <n>] [--verified-at <iso8601>] [--json]")}`,
|
|
61
|
+
` ${styleCommand("nimicoding sweep audit finding resolve --sweep-id <id> --finding-id <id> --disposition <remediated|accepted-risk|false-positive|deferred-backlog> --from <json> --verified-at <iso8601> [--json]")}`,
|
|
62
|
+
` ${styleCommand("nimicoding sweep audit closeout summary --sweep-id <id> --verified-at <iso8601> [--json]")}`,
|
|
63
|
+
` ${styleCommand("nimicoding sweep audit status --sweep-id <id> [--json]")}`,
|
|
64
|
+
` ${styleCommand("nimicoding sweep design intake --sweep-id <id> [--run-id <id>] [--json]")}`,
|
|
65
|
+
` ${styleCommand("nimicoding sweep design packet-build --run-id <id> --packet-id <id> (--finding-id <id>|--finding-ids <csv>) [--explicit-question <text>] [--prior-design-state-refs <csv>] [--prior-design-state-marker <state>] [--current-cluster-refs <csv>] [--current-wave-refs <csv>] [--authority-only] [--json]")}`,
|
|
66
|
+
` ${styleCommand("nimicoding sweep design packet-build-batch --run-id <id> --batch-size <n> [--finding-ids <csv>] [--packet-prefix <id>] [--manifest-id <id>] [--explicit-question <text>] [--json]")}`,
|
|
67
|
+
` ${styleCommand("nimicoding sweep design auditor-prompt --run-id <id> --packet-id <id> [--json]")}`,
|
|
68
|
+
` ${styleCommand("nimicoding sweep design result-ingest --run-id <id> --from <yaml> [--mode <focused|all>] [--json]")}`,
|
|
69
|
+
` ${styleCommand("nimicoding sweep design ledger-validate --run-id <id> [--json]")}`,
|
|
70
|
+
` ${styleCommand("nimicoding sweep design finalize --run-id <id> [--json]")}`,
|
|
71
|
+
` ${styleCommand("nimicoding sweep design wave-plan --run-id <id> --topic-id <id> [--json]")}`,
|
|
72
|
+
` ${styleCommand("nimicoding sweep design fix-topic --run-id <id> [--slug <slug>] [--title <title>] [--admit-first-wave|--admit-wave-id <id>] [--json]")}`,
|
|
63
73
|
` ${styleCommand("nimicoding admit-high-risk-decision --from <json> --admitted-at <iso8601> [--json] [--write-spec]")}`,
|
|
64
74
|
` ${styleCommand("nimicoding closeout --skill <skill-id> --outcome <completed|blocked|failed> --verified-at <iso8601>")}`,
|
|
65
75
|
` ${styleCommand("nimicoding closeout --skill <skill-id> --outcome <completed|blocked|failed> --verified-at <iso8601> --json")}`,
|
|
@@ -73,6 +83,14 @@ export function helpText() {
|
|
|
73
83
|
` ${styleCommand("nimicoding validate-spec-governance --profile <profile-id> --scope <all|host-defined-scope>")}`,
|
|
74
84
|
` ${styleCommand("nimicoding validate-spec-audit [.nimi/spec/_meta/spec-generation-audit.yaml]")}`,
|
|
75
85
|
` ${styleCommand("nimicoding validate-spec-tree [.nimi/spec]")}`,
|
|
86
|
+
` ${styleCommand("nimicoding classify-spec-tree --profile <profile-id> --root .nimi/spec [--emit <path>] [--json]")}`,
|
|
87
|
+
` ${styleCommand("nimicoding generate-spec-migration-plan --profile <profile-id> --root .nimi/spec --emit .nimi/local/state/spec-surface/migration-plan.json [--json]")}`,
|
|
88
|
+
` ${styleCommand("nimicoding validate-placement --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
89
|
+
` ${styleCommand("nimicoding validate-table-family --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
90
|
+
` ${styleCommand("nimicoding validate-projection-edges --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
91
|
+
` ${styleCommand("nimicoding validate-guidance-bodies --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
92
|
+
` ${styleCommand("nimicoding validate-domain-admission --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
93
|
+
` ${styleCommand("nimicoding validate-tracked-output-admission --profile <profile-id> --root .nimi/spec [--json]")}`,
|
|
76
94
|
` ${styleCommand("nimicoding generate-spec-derived-docs --profile <profile-id> --scope <all|host-defined-scope> [--check]")}`,
|
|
77
95
|
` ${styleCommand("nimicoding validate-ai-governance --profile <profile-id> --scope <all|agents-freshness|context-budget|structure-budget|high-risk-doc-metadata>")}`,
|
|
78
96
|
` ${styleCommand("nimicoding validate-prompt <path>")}`,
|
|
@@ -108,6 +126,10 @@ export function helpText() {
|
|
|
108
126
|
" - `nimicoding clear` does not remove .nimi/spec, .nimi/local, or .nimi/cache for you",
|
|
109
127
|
" - `nimicoding clear` 不会替你移除 .nimi/spec、.nimi/local 或 .nimi/cache",
|
|
110
128
|
)),
|
|
129
|
+
styleMuted(localize(
|
|
130
|
+
" - `nimicoding sync` is the package-owned seed projection contract: --apply rewrites drifted package_canonical files and seeds missing entries; --check exits non-zero on package_canonical drift or any missing seed; host-owned seed entries are seeded once and never overwritten",
|
|
131
|
+
" - `nimicoding sync` 是 package 拥有的 seed 投影契约:--apply 会刷新 drifted package_canonical 文件并补齐缺失 seed;--check 在 package_canonical drift 或 seed 缺失时退出非零;host-owned seed 条目仅初始化一次,之后永不覆盖",
|
|
132
|
+
)),
|
|
111
133
|
styleMuted(localize(
|
|
112
134
|
" - `nimicoding doctor` shows the user-facing summary; add `--verbose` for internal contract detail",
|
|
113
135
|
" - `nimicoding doctor` 默认显示用户视图;加 `--verbose` 可查看内部契约细节",
|
package/cli/index.mjs
CHANGED
|
@@ -2,23 +2,32 @@ import { runBlueprintAudit } from "./commands/blueprint-audit.mjs";
|
|
|
2
2
|
import { runClear } from "./commands/clear.mjs";
|
|
3
3
|
import { runCloseout } from "./commands/closeout.mjs";
|
|
4
4
|
import { runAdmitHighRiskDecision } from "./commands/admit-high-risk-decision.mjs";
|
|
5
|
-
import {
|
|
5
|
+
import { runSweep } from "./commands/sweep.mjs";
|
|
6
6
|
import { runDecideHighRiskExecution } from "./commands/decide-high-risk-execution.mjs";
|
|
7
7
|
import { runDoctor } from "./commands/doctor.mjs";
|
|
8
8
|
import { runHandoff } from "./commands/handoff.mjs";
|
|
9
9
|
import { runIngestHighRiskExecution } from "./commands/ingest-high-risk-execution.mjs";
|
|
10
10
|
import { runReviewHighRiskExecution } from "./commands/review-high-risk-execution.mjs";
|
|
11
11
|
import { runStart } from "./commands/start.mjs";
|
|
12
|
+
import { runSync } from "./commands/sync.mjs";
|
|
12
13
|
import { runTopic } from "./commands/topic.mjs";
|
|
13
14
|
import { runTopicRunnerCommand } from "./commands/topic-runner.mjs";
|
|
14
15
|
import { runValidateAcceptance } from "./commands/validate-acceptance.mjs";
|
|
15
16
|
import { runGenerateSpecDerivedDocs } from "./commands/generate-spec-derived-docs.mjs";
|
|
17
|
+
import { runGenerateSpecMigrationPlan } from "./commands/generate-spec-migration-plan.mjs";
|
|
18
|
+
import { runClassifySpecTree } from "./commands/classify-spec-tree.mjs";
|
|
16
19
|
import { runValidateAiGovernance } from "./commands/validate-ai-governance.mjs";
|
|
20
|
+
import { runValidateDomainAdmission } from "./commands/validate-domain-admission.mjs";
|
|
17
21
|
import { runValidateExecutionPacket } from "./commands/validate-execution-packet.mjs";
|
|
22
|
+
import { runValidateGuidanceBodies } from "./commands/validate-guidance-bodies.mjs";
|
|
18
23
|
import { runValidateOrchestrationState } from "./commands/validate-orchestration-state.mjs";
|
|
24
|
+
import { runValidatePlacement } from "./commands/validate-placement.mjs";
|
|
25
|
+
import { runValidateProjectionEdges } from "./commands/validate-projection-edges.mjs";
|
|
19
26
|
import { runValidateSpecGovernance } from "./commands/validate-spec-governance.mjs";
|
|
20
27
|
import { runValidateSpecAudit } from "./commands/validate-spec-audit.mjs";
|
|
21
28
|
import { runValidateSpecTree } from "./commands/validate-spec-tree.mjs";
|
|
29
|
+
import { runValidateTableFamily } from "./commands/validate-table-family.mjs";
|
|
30
|
+
import { runValidateTrackedOutputAdmission } from "./commands/validate-tracked-output-admission.mjs";
|
|
22
31
|
import { runValidatePrompt } from "./commands/validate-prompt.mjs";
|
|
23
32
|
import { runValidateWorkerOutput } from "./commands/validate-worker-output.mjs";
|
|
24
33
|
import { helpText } from "./help.mjs";
|
|
@@ -27,6 +36,7 @@ import { VERSION } from "./constants.mjs";
|
|
|
27
36
|
|
|
28
37
|
const COMMANDS = {
|
|
29
38
|
start: runStart,
|
|
39
|
+
sync: runSync,
|
|
30
40
|
topic: runTopic,
|
|
31
41
|
"topic-runner": runTopicRunnerCommand,
|
|
32
42
|
clear: runClear,
|
|
@@ -34,7 +44,7 @@ const COMMANDS = {
|
|
|
34
44
|
"blueprint-audit": runBlueprintAudit,
|
|
35
45
|
handoff: runHandoff,
|
|
36
46
|
closeout: runCloseout,
|
|
37
|
-
|
|
47
|
+
sweep: runSweep,
|
|
38
48
|
"admit-high-risk-decision": runAdmitHighRiskDecision,
|
|
39
49
|
"decide-high-risk-execution": runDecideHighRiskExecution,
|
|
40
50
|
"ingest-high-risk-execution": runIngestHighRiskExecution,
|
|
@@ -44,7 +54,15 @@ const COMMANDS = {
|
|
|
44
54
|
"validate-spec-governance": runValidateSpecGovernance,
|
|
45
55
|
"validate-spec-audit": runValidateSpecAudit,
|
|
46
56
|
"validate-spec-tree": runValidateSpecTree,
|
|
57
|
+
"classify-spec-tree": runClassifySpecTree,
|
|
58
|
+
"validate-placement": runValidatePlacement,
|
|
59
|
+
"validate-table-family": runValidateTableFamily,
|
|
60
|
+
"validate-projection-edges": runValidateProjectionEdges,
|
|
61
|
+
"validate-guidance-bodies": runValidateGuidanceBodies,
|
|
62
|
+
"validate-domain-admission": runValidateDomainAdmission,
|
|
63
|
+
"validate-tracked-output-admission": runValidateTrackedOutputAdmission,
|
|
47
64
|
"generate-spec-derived-docs": runGenerateSpecDerivedDocs,
|
|
65
|
+
"generate-spec-migration-plan": runGenerateSpecMigrationPlan,
|
|
48
66
|
"validate-ai-governance": runValidateAiGovernance,
|
|
49
67
|
"validate-prompt": runValidatePrompt,
|
|
50
68
|
"validate-worker-output": runValidateWorkerOutput,
|
|
@@ -36,7 +36,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
|
|
|
36
36
|
} catch (error) {
|
|
37
37
|
return {
|
|
38
38
|
ok: false,
|
|
39
|
-
error: `nimicoding
|
|
39
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} must contain valid YAML (${error.message}).\n`,
|
|
40
40
|
};
|
|
41
41
|
}
|
|
42
42
|
|
|
@@ -47,25 +47,25 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
|
|
|
47
47
|
if (!Array.isArray(rawExcludePatterns)) {
|
|
48
48
|
return {
|
|
49
49
|
ok: false,
|
|
50
|
-
error: `nimicoding
|
|
50
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns must be an array.\n`,
|
|
51
51
|
};
|
|
52
52
|
}
|
|
53
53
|
if (!Array.isArray(rawIgnorePatterns)) {
|
|
54
54
|
return {
|
|
55
55
|
ok: false,
|
|
56
|
-
error: `nimicoding
|
|
56
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns must be an array.\n`,
|
|
57
57
|
};
|
|
58
58
|
}
|
|
59
59
|
if (!Array.isArray(rawIgnoreOwnerDomains)) {
|
|
60
60
|
return {
|
|
61
61
|
ok: false,
|
|
62
|
-
error: `nimicoding
|
|
62
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains must be an array.\n`,
|
|
63
63
|
};
|
|
64
64
|
}
|
|
65
65
|
if (rawIgnoreReason !== null && (typeof rawIgnoreReason !== "string" || rawIgnoreReason.trim().length === 0)) {
|
|
66
66
|
return {
|
|
67
67
|
ok: false,
|
|
68
|
-
error: `nimicoding
|
|
68
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_reason must be a non-empty string when present.\n`,
|
|
69
69
|
};
|
|
70
70
|
}
|
|
71
71
|
|
|
@@ -74,7 +74,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
|
|
|
74
74
|
if (typeof pattern !== "string" || pattern.trim().length === 0) {
|
|
75
75
|
return {
|
|
76
76
|
ok: false,
|
|
77
|
-
error: `nimicoding
|
|
77
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} exclude_patterns entries must be non-empty strings.\n`,
|
|
78
78
|
};
|
|
79
79
|
}
|
|
80
80
|
excludePatterns.push(pattern.trim());
|
|
@@ -84,7 +84,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
|
|
|
84
84
|
if (typeof pattern !== "string" || pattern.trim().length === 0) {
|
|
85
85
|
return {
|
|
86
86
|
ok: false,
|
|
87
|
-
error: `nimicoding
|
|
87
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_patterns entries must be non-empty strings.\n`,
|
|
88
88
|
};
|
|
89
89
|
}
|
|
90
90
|
ignorePatterns.push(pattern.trim());
|
|
@@ -94,7 +94,7 @@ export async function loadAuditSweepProjectConfig(projectRoot) {
|
|
|
94
94
|
if (typeof ownerDomain !== "string" || ownerDomain.trim().length === 0) {
|
|
95
95
|
return {
|
|
96
96
|
ok: false,
|
|
97
|
-
error: `nimicoding
|
|
97
|
+
error: `nimicoding sweep audit refused: ${AUDIT_SWEEP_PROJECT_CONFIG_REF} ignore_owner_domains entries must be non-empty strings.\n`,
|
|
98
98
|
};
|
|
99
99
|
}
|
|
100
100
|
ignoreOwnerDomains.push(ownerDomain.trim());
|
|
@@ -123,7 +123,7 @@ export async function loadAppSliceAdmissions(projectRoot) {
|
|
|
123
123
|
} catch (error) {
|
|
124
124
|
return {
|
|
125
125
|
ok: false,
|
|
126
|
-
error: `nimicoding
|
|
126
|
+
error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} must contain valid YAML (${error.message}).\n`,
|
|
127
127
|
};
|
|
128
128
|
}
|
|
129
129
|
|
|
@@ -131,7 +131,7 @@ export async function loadAppSliceAdmissions(projectRoot) {
|
|
|
131
131
|
if (!rows) {
|
|
132
132
|
return {
|
|
133
133
|
ok: false,
|
|
134
|
-
error: `nimicoding
|
|
134
|
+
error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} must declare admissions as an array.\n`,
|
|
135
135
|
};
|
|
136
136
|
}
|
|
137
137
|
|
|
@@ -146,20 +146,20 @@ export async function loadAppSliceAdmissions(projectRoot) {
|
|
|
146
146
|
? row.evidence_roots.map((entry) => String(entry ?? "").trim().replace(/\\/g, "/").replace(/\/$/, "")).filter(Boolean)
|
|
147
147
|
: null;
|
|
148
148
|
if (!appId || seenAppIds.has(appId)) {
|
|
149
|
-
return { ok: false, error: `nimicoding
|
|
149
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} has missing or duplicate app_id.\n` };
|
|
150
150
|
}
|
|
151
151
|
seenAppIds.add(appId);
|
|
152
152
|
if (appId === "avatar") {
|
|
153
|
-
return { ok: false, error: `nimicoding
|
|
153
|
+
return { ok: false, error: `nimicoding sweep audit refused: avatar is promoted to .nimi/spec/avatar and must not be admitted through ${APP_SLICE_ADMISSION_REF}.\n` };
|
|
154
154
|
}
|
|
155
155
|
if (status !== "active") {
|
|
156
156
|
continue;
|
|
157
157
|
}
|
|
158
158
|
if (!ownerDomain || !safeProjectRef(authorityRoot) || !authorityRoot.startsWith(`apps/${appId}/spec`)) {
|
|
159
|
-
return { ok: false, error: `nimicoding
|
|
159
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid owner_domain or authority_root.\n` };
|
|
160
160
|
}
|
|
161
161
|
if (!evidenceRoots || evidenceRoots.length === 0 || !evidenceRoots.every((rootRef) => safeProjectRef(rootRef) && refInsideRoot(rootRef, `apps/${appId}`))) {
|
|
162
|
-
return { ok: false, error: `nimicoding
|
|
162
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${APP_SLICE_ADMISSION_REF} ${appId} has invalid evidence_roots.\n` };
|
|
163
163
|
}
|
|
164
164
|
admissions.push({
|
|
165
165
|
app_id: appId,
|
|
@@ -203,12 +203,12 @@ export async function loadAuditEvidenceRootAdmissions(projectRoot, listGitFiles,
|
|
|
203
203
|
} catch (error) {
|
|
204
204
|
return {
|
|
205
205
|
ok: false,
|
|
206
|
-
error: `nimicoding
|
|
206
|
+
error: `nimicoding sweep audit refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
|
|
207
207
|
};
|
|
208
208
|
}
|
|
209
209
|
const rows = Array.isArray(parsed?.roots) ? parsed.roots : null;
|
|
210
210
|
if (!rows) {
|
|
211
|
-
return { ok: false, error: `nimicoding
|
|
211
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} must declare roots as an array.\n` };
|
|
212
212
|
}
|
|
213
213
|
for (const row of rows) {
|
|
214
214
|
const id = String(row?.id ?? "").trim();
|
|
@@ -220,13 +220,13 @@ export async function loadAuditEvidenceRootAdmissions(projectRoot, listGitFiles,
|
|
|
220
220
|
? row.evidence_roots.map((entry) => String(entry ?? "").trim().replace(/\\/g, "/").replace(/\/$/, "")).filter(Boolean)
|
|
221
221
|
: null;
|
|
222
222
|
if (!id || !ownerDomain || !authorityRefs?.length || !evidenceRoots?.length) {
|
|
223
|
-
return { ok: false, error: `nimicoding
|
|
223
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} root rows require id, owner_domain, authority_refs, and evidence_roots.\n` };
|
|
224
224
|
}
|
|
225
225
|
if (!authorityRefs.every((ref) => safeProjectRef(ref) && ref.startsWith(".nimi/spec/"))) {
|
|
226
|
-
return { ok: false, error: `nimicoding
|
|
226
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} authority_refs must stay under .nimi/spec.\n` };
|
|
227
227
|
}
|
|
228
228
|
if (!evidenceRoots.every((ref) => safeProjectRef(ref) && !ref.startsWith(".nimi/spec/"))) {
|
|
229
|
-
return { ok: false, error: `nimicoding
|
|
229
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} evidence_roots must be project evidence roots outside .nimi/spec.\n` };
|
|
230
230
|
}
|
|
231
231
|
admissions.push({
|
|
232
232
|
id,
|
|
@@ -256,12 +256,12 @@ export async function loadPackageAuthorityAdmissions(projectRoot, listGitFiles,
|
|
|
256
256
|
} catch (error) {
|
|
257
257
|
return {
|
|
258
258
|
ok: false,
|
|
259
|
-
error: `nimicoding
|
|
259
|
+
error: `nimicoding sweep audit refused: ${tableRef} must contain valid YAML (${error.message}).\n`,
|
|
260
260
|
};
|
|
261
261
|
}
|
|
262
262
|
const rows = Array.isArray(parsed?.admissions) ? parsed.admissions : null;
|
|
263
263
|
if (!rows) {
|
|
264
|
-
return { ok: false, error: `nimicoding
|
|
264
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} must declare admissions as an array.\n` };
|
|
265
265
|
}
|
|
266
266
|
for (const row of rows) {
|
|
267
267
|
const id = String(row?.id ?? "").trim();
|
|
@@ -279,28 +279,37 @@ export async function loadPackageAuthorityAdmissions(projectRoot, listGitFiles,
|
|
|
279
279
|
: [];
|
|
280
280
|
const admissionKey = `${tableRef}#${id}`;
|
|
281
281
|
if (!id || seenIds.has(admissionKey)) {
|
|
282
|
-
return { ok: false, error: `nimicoding
|
|
282
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} has missing or duplicate package authority id.\n` };
|
|
283
283
|
}
|
|
284
284
|
seenIds.add(admissionKey);
|
|
285
285
|
if (status !== "active") {
|
|
286
286
|
continue;
|
|
287
287
|
}
|
|
288
288
|
if (!ownerDomain || !safeProjectRef(authorityRoot) || authorityRoot.startsWith(".nimi/spec/") || !authorityRoot.endsWith("/spec")) {
|
|
289
|
-
return { ok: false, error: `nimicoding
|
|
289
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} has invalid owner_domain or authority_root.\n` };
|
|
290
290
|
}
|
|
291
291
|
if (!evidenceRoots || evidenceRoots.length === 0 || !evidenceRoots.every((rootRef) => safeProjectRef(rootRef) && !rootRef.startsWith(".nimi/spec/") && refInsideRoot(authorityRoot, rootRef))) {
|
|
292
|
-
return { ok: false, error: `nimicoding
|
|
292
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} has invalid evidence_roots.\n` };
|
|
293
293
|
}
|
|
294
294
|
const seenProjectionHostRefs = new Set();
|
|
295
295
|
for (const projection of hostAuthorityProjectionRefs) {
|
|
296
|
-
|
|
297
|
-
|
|
296
|
+
const hostProjectionAllowed = projection.host_ref.startsWith(".nimi/config/")
|
|
297
|
+
|| projection.host_ref.startsWith(".nimi/contracts/")
|
|
298
|
+
|| projection.host_ref.startsWith(".nimi/methodology/")
|
|
299
|
+
|| projection.host_ref.startsWith(".nimi/spec/");
|
|
300
|
+
if (!safeProjectRef(projection.host_ref) || !hostProjectionAllowed) {
|
|
301
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs host_ref must stay under .nimi config/contracts/methodology/spec projections.\n` };
|
|
298
302
|
}
|
|
299
|
-
|
|
300
|
-
|
|
303
|
+
const packageRoot = authorityRoot.replace(/\/spec$/, "");
|
|
304
|
+
const packageProjectionAllowed = projection.package_ref.startsWith(`${packageRoot}/config/`)
|
|
305
|
+
|| projection.package_ref.startsWith(`${packageRoot}/contracts/`)
|
|
306
|
+
|| projection.package_ref.startsWith(`${packageRoot}/methodology/`)
|
|
307
|
+
|| projection.package_ref.startsWith(`${packageRoot}/spec/`);
|
|
308
|
+
if (!safeProjectRef(projection.package_ref) || !packageProjectionAllowed) {
|
|
309
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs package_ref must stay under admitted package authority roots.\n` };
|
|
301
310
|
}
|
|
302
311
|
if (seenProjectionHostRefs.has(projection.host_ref)) {
|
|
303
|
-
return { ok: false, error: `nimicoding
|
|
312
|
+
return { ok: false, error: `nimicoding sweep audit refused: ${tableRef} ${id} host_authority_projection_refs contains duplicate host_ref.\n` };
|
|
304
313
|
}
|
|
305
314
|
seenProjectionHostRefs.add(projection.host_ref);
|
|
306
315
|
}
|
|
@@ -21,6 +21,7 @@ const REQUIRED_P0P1_RULE_CHECK_IDS = [
|
|
|
21
21
|
"provider_or_model_hardcoding",
|
|
22
22
|
"app_local_shadow_truth",
|
|
23
23
|
];
|
|
24
|
+
const REQUIRED_P0P1_RULE_CHECK_ID_SET = new Set(REQUIRED_P0P1_RULE_CHECK_IDS);
|
|
24
25
|
|
|
25
26
|
function validateP0P1RuleChecks(evidence, implementationRefSet) {
|
|
26
27
|
const ruleChecks = evidence?.coverage?.p0p1_rule_checks;
|
|
@@ -35,10 +36,17 @@ function validateP0P1RuleChecks(evidence, implementationRefSet) {
|
|
|
35
36
|
|
|
36
37
|
const checkedIds = [];
|
|
37
38
|
const invalid = [];
|
|
39
|
+
const seenIds = new Set();
|
|
38
40
|
for (const [index, check] of ruleChecks.entries()) {
|
|
39
41
|
const id = typeof check?.id === "string" ? check.id : "";
|
|
40
42
|
if (id) {
|
|
41
43
|
checkedIds.push(id);
|
|
44
|
+
if (!REQUIRED_P0P1_RULE_CHECK_ID_SET.has(id)) {
|
|
45
|
+
invalid.push({ index, id, reason: "id must exactly match an admitted P0/P1 rule check id" });
|
|
46
|
+
} else if (seenIds.has(id)) {
|
|
47
|
+
invalid.push({ index, id, reason: "duplicate P0/P1 rule check id" });
|
|
48
|
+
}
|
|
49
|
+
seenIds.add(id);
|
|
42
50
|
}
|
|
43
51
|
const status = check?.status;
|
|
44
52
|
if (!["checked", "not_applicable"].includes(status)) {
|
|
@@ -456,7 +456,7 @@ export function buildAuditorPacket(sweepId, chunk, auditor, dispatchedAt, plan,
|
|
|
456
456
|
finding_locations_must_belong_to_chunk_files_or_evidence_inventory: true,
|
|
457
457
|
authority_only_finding_location_policy: "when no implementation surface exists, findings[].location.file must be the in-scope authority_ref that contains the defect",
|
|
458
458
|
finding_contract_ref: ".nimi/contracts/audit-finding.schema.yaml",
|
|
459
|
-
ingest_command: `nimicoding
|
|
459
|
+
ingest_command: `nimicoding sweep audit chunk ingest --sweep-id ${sweepId} --chunk-id ${chunk.chunk_id} --from <audit-output.json> --verified-at <ISO-8601-UTC>`,
|
|
460
460
|
},
|
|
461
461
|
hard_constraints: [
|
|
462
462
|
"do_not_sample_out_files_from_this_chunk",
|
|
@@ -477,7 +477,7 @@ export function buildAuditorPacket(sweepId, chunk, auditor, dispatchedAt, plan,
|
|
|
477
477
|
export async function dispatchAuditSweepChunk(projectRoot, options) {
|
|
478
478
|
const sweepId = safeSweepId(options.sweepId);
|
|
479
479
|
if (!sweepId || typeof options.chunkId !== "string") {
|
|
480
|
-
return inputError("nimicoding
|
|
480
|
+
return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
|
|
481
481
|
}
|
|
482
482
|
|
|
483
483
|
const timestampError = ensureIsoTimestamp(options.dispatchedAt, "--dispatched-at");
|
|
@@ -497,11 +497,11 @@ export async function dispatchAuditSweepChunk(projectRoot, options) {
|
|
|
497
497
|
}
|
|
498
498
|
|
|
499
499
|
if (chunkResult.chunk.state !== "planned") {
|
|
500
|
-
return inputError("nimicoding
|
|
500
|
+
return inputError("nimicoding sweep audit refused: chunk dispatch requires planned state.\n");
|
|
501
501
|
}
|
|
502
502
|
const budgetBlock = budgetBlockForChunk(planResult.plan, chunkResult.chunk);
|
|
503
503
|
if (budgetBlock) {
|
|
504
|
-
return inputError(`nimicoding
|
|
504
|
+
return inputError(`nimicoding sweep audit refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
|
|
505
505
|
}
|
|
506
506
|
|
|
507
507
|
const updatedChunk = {
|
|
@@ -557,7 +557,7 @@ export async function dispatchAuditSweepChunk(projectRoot, options) {
|
|
|
557
557
|
export async function reviewAuditSweepChunk(projectRoot, options) {
|
|
558
558
|
const sweepId = safeSweepId(options.sweepId);
|
|
559
559
|
if (!sweepId || typeof options.chunkId !== "string") {
|
|
560
|
-
return inputError("nimicoding
|
|
560
|
+
return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
|
|
561
561
|
}
|
|
562
562
|
|
|
563
563
|
const timestampError = ensureIsoTimestamp(options.reviewedAt, "--reviewed-at");
|
|
@@ -566,7 +566,7 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
|
|
|
566
566
|
}
|
|
567
567
|
|
|
568
568
|
if (!["pass", "fail"].includes(options.verdict)) {
|
|
569
|
-
return inputError("nimicoding
|
|
569
|
+
return inputError("nimicoding sweep audit refused: --verdict must be pass or fail.\n");
|
|
570
570
|
}
|
|
571
571
|
|
|
572
572
|
return withAuditSweepMutationLock(projectRoot, sweepId, "chunk review", async () => {
|
|
@@ -581,10 +581,10 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
|
|
|
581
581
|
}
|
|
582
582
|
|
|
583
583
|
if (chunkResult.chunk.state !== "ingested") {
|
|
584
|
-
return inputError("nimicoding
|
|
584
|
+
return inputError("nimicoding sweep audit refused: chunk review requires ingested state.\n");
|
|
585
585
|
}
|
|
586
586
|
if (options.verdict === "pass" && chunkResult.chunk.audit_validity?.posture === "invalid") {
|
|
587
|
-
return inputError("nimicoding
|
|
587
|
+
return inputError("nimicoding sweep audit refused: manager review cannot freeze invalid no-finding evidence as pass.\n");
|
|
588
588
|
}
|
|
589
589
|
|
|
590
590
|
const nextState = options.verdict === "pass" ? "frozen" : "failed";
|
|
@@ -636,14 +636,14 @@ export async function reviewAuditSweepChunk(projectRoot, options) {
|
|
|
636
636
|
export async function skipAuditSweepChunk(projectRoot, options) {
|
|
637
637
|
const sweepId = safeSweepId(options.sweepId);
|
|
638
638
|
if (!sweepId || typeof options.chunkId !== "string") {
|
|
639
|
-
return inputError("nimicoding
|
|
639
|
+
return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
|
|
640
640
|
}
|
|
641
641
|
const timestampError = ensureIsoTimestamp(options.skippedAt, "--skipped-at");
|
|
642
642
|
if (timestampError) {
|
|
643
643
|
return timestampError;
|
|
644
644
|
}
|
|
645
645
|
if (typeof options.reason !== "string" || !options.reason.trim()) {
|
|
646
|
-
return inputError("nimicoding
|
|
646
|
+
return inputError("nimicoding sweep audit refused: --reason is required when skipping a chunk.\n");
|
|
647
647
|
}
|
|
648
648
|
|
|
649
649
|
return withAuditSweepMutationLock(projectRoot, sweepId, "chunk skip", async () => {
|
|
@@ -656,7 +656,7 @@ export async function skipAuditSweepChunk(projectRoot, options) {
|
|
|
656
656
|
return inputError(chunkResult.error);
|
|
657
657
|
}
|
|
658
658
|
if (chunkResult.chunk.state === "frozen") {
|
|
659
|
-
return inputError("nimicoding
|
|
659
|
+
return inputError("nimicoding sweep audit refused: frozen chunks cannot be skipped.\n");
|
|
660
660
|
}
|
|
661
661
|
|
|
662
662
|
const updatedChunk = {
|
|
@@ -22,7 +22,7 @@ import { validateAuditSweepArtifacts } from "./validators.mjs";
|
|
|
22
22
|
export async function buildAuditSweepCloseoutImport(projectRoot, options) {
|
|
23
23
|
const sweepId = safeSweepId(options.sweepId);
|
|
24
24
|
if (!sweepId) {
|
|
25
|
-
return inputError("nimicoding
|
|
25
|
+
return inputError("nimicoding sweep audit refused: --sweep-id is required.\n");
|
|
26
26
|
}
|
|
27
27
|
const timestampError = ensureIsoTimestamp(options.verifiedAt);
|
|
28
28
|
if (timestampError) {
|
|
@@ -37,16 +37,16 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
|
|
|
37
37
|
const preflightValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "remediation" });
|
|
38
38
|
if (!preflightValidation.ok) {
|
|
39
39
|
const failed = preflightValidation.checks.find((entry) => !entry.ok);
|
|
40
|
-
return inputError(`nimicoding
|
|
40
|
+
return inputError(`nimicoding sweep audit refused: sweep audit closeout preflight failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
|
|
41
41
|
}
|
|
42
42
|
if (ledger.status === "blocked") {
|
|
43
|
-
return inputError("nimicoding
|
|
43
|
+
return inputError("nimicoding sweep audit refused: blocked ledger cannot produce completed closeout summary.\n");
|
|
44
44
|
}
|
|
45
45
|
if (ledger.status === "blocked_evidence_incomplete" || ledger.status === "partial_authority_only") {
|
|
46
|
-
return inputError("nimicoding
|
|
46
|
+
return inputError("nimicoding sweep audit refused: incomplete spec authority/evidence coverage cannot produce completed closeout summary.\n");
|
|
47
47
|
}
|
|
48
48
|
if (ledger.coverage.active_chunks > 0) {
|
|
49
|
-
return inputError("nimicoding
|
|
49
|
+
return inputError("nimicoding sweep audit refused: closeout summary requires no active chunks.\n");
|
|
50
50
|
}
|
|
51
51
|
|
|
52
52
|
const mapRef = remediationMapRef(sweepId, ledger.snapshot_id);
|
|
@@ -58,13 +58,13 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
|
|
|
58
58
|
: []);
|
|
59
59
|
const unmappedOpenFindings = openFindingIds.filter((findingId) => !mappedFindingIds.has(findingId));
|
|
60
60
|
if (openFindingIds.length > 0 && (!remediationMap || unmappedOpenFindings.length > 0)) {
|
|
61
|
-
return inputError("nimicoding
|
|
61
|
+
return inputError("nimicoding sweep audit refused: open findings require remediation map coverage before closeout summary.\n");
|
|
62
62
|
}
|
|
63
63
|
const closedWithoutResolutionEvidence = store.findings
|
|
64
64
|
.filter((finding) => finding.disposition !== "open")
|
|
65
65
|
.filter((finding) => !finding.resolution?.evidence_ref || !finding.resolution?.rerun);
|
|
66
66
|
if (closedWithoutResolutionEvidence.length > 0) {
|
|
67
|
-
return inputError("nimicoding
|
|
67
|
+
return inputError("nimicoding sweep audit refused: closed findings require resolution and rerun evidence before closeout summary.\n");
|
|
68
68
|
}
|
|
69
69
|
|
|
70
70
|
const coverageStatus = deriveCoverageStatus(ledger.status);
|
|
@@ -125,7 +125,7 @@ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
|
|
|
125
125
|
const closeoutValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "closeout" });
|
|
126
126
|
if (!closeoutValidation.ok) {
|
|
127
127
|
const failed = closeoutValidation.checks.find((entry) => !entry.ok);
|
|
128
|
-
return inputError(`nimicoding
|
|
128
|
+
return inputError(`nimicoding sweep audit refused: sweep audit closeout validation failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
|
|
129
129
|
}
|
|
130
130
|
|
|
131
131
|
return {
|
|
@@ -178,8 +178,8 @@ function isNonImplementationContextRef(ref) {
|
|
|
178
178
|
|| normalized.startsWith(".nimi/spec/")
|
|
179
179
|
|| normalized.startsWith(".nimi/contracts/")
|
|
180
180
|
|| normalized.startsWith(".nimi/methodology/")
|
|
181
|
-
|| normalized.startsWith("nimi-coding/methodology/")
|
|
182
|
-
|| normalized.startsWith("nimi-coding/spec/");
|
|
181
|
+
|| normalized.startsWith("package://@nimiplatform/nimi-coding/methodology/")
|
|
182
|
+
|| normalized.startsWith("package://@nimiplatform/nimi-coding/spec/");
|
|
183
183
|
}
|
|
184
184
|
|
|
185
185
|
function stripNonImplementationContextRefs(refs, evidenceInventorySet) {
|
|
@@ -562,7 +562,7 @@ function normalizeCodexSemanticOutput(rawOutput, chunk, options) {
|
|
|
562
562
|
auditor: {
|
|
563
563
|
id: typeof rawOutput.auditor?.id === "string" && rawOutput.auditor.id.trim() ? rawOutput.auditor.id : options.auditorId,
|
|
564
564
|
mode: "codex_semantic_audit",
|
|
565
|
-
methodology_ref: "nimi-coding/methodology/audit-sweep-p0p1-recall.yaml",
|
|
565
|
+
methodology_ref: "package://@nimiplatform/nimi-coding/methodology/audit-sweep-p0p1-recall.yaml",
|
|
566
566
|
provenance: {
|
|
567
567
|
kind: "semantic_audit",
|
|
568
568
|
packet_ref: options.packetRef,
|
|
@@ -42,7 +42,7 @@ function projectRefForPath(projectRoot, absolutePath) {
|
|
|
42
42
|
}
|
|
43
43
|
function codexPrompt({ packet, auditorPacketRef, rawRef, sessionRef }) {
|
|
44
44
|
return [
|
|
45
|
-
"You are the Codex semantic auditor for a nimicoding
|
|
45
|
+
"You are the Codex semantic auditor for a nimicoding sweep audit chunk.",
|
|
46
46
|
"Run in read-only, audit-only mode. Do not edit files. Do not implement product fixes.",
|
|
47
47
|
`Read the auditor packet from ${auditorPacketRef} and inspect the chunk authority refs and implementation evidence semantically.`,
|
|
48
48
|
"Do not rely on this prompt as the chunk inventory; the packet file is the source for files, authority_refs, selected_implementation_refs, audit_depth, retrieval_prepass, and the raw semantic output contract.",
|
|
@@ -59,7 +59,7 @@ function codexPrompt({ packet, auditorPacketRef, rawRef, sessionRef }) {
|
|
|
59
59
|
"The JSON object must have exactly these top-level fields: chunk_id, auditor, coverage, findings.",
|
|
60
60
|
`Set auditor.id to ${JSON.stringify(packet.auditor)}.`,
|
|
61
61
|
`Set auditor.mode to "codex_semantic_audit".`,
|
|
62
|
-
`Set auditor.methodology_ref to "nimi-coding/methodology/audit-sweep-p0p1-recall.yaml".`,
|
|
62
|
+
`Set auditor.methodology_ref to "package://@nimiplatform/nimi-coding/methodology/audit-sweep-p0p1-recall.yaml".`,
|
|
63
63
|
"Put P0/P1 rule checks only at coverage.p0p1_rule_checks.",
|
|
64
64
|
`Set auditor.provenance.kind to "semantic_audit".`,
|
|
65
65
|
`Set auditor.provenance.packet_ref to ${JSON.stringify(packetRef(packet.sweep_id, packet.chunk_id))}.`,
|
|
@@ -173,11 +173,11 @@ async function prepareCodexAuditPacket(projectRoot, options) {
|
|
|
173
173
|
return inputError(chunkResult.error);
|
|
174
174
|
}
|
|
175
175
|
if (chunkResult.chunk.state === "skipped") {
|
|
176
|
-
return inputError("nimicoding
|
|
176
|
+
return inputError("nimicoding sweep audit refused: skipped chunks cannot be audited through Codex.\n");
|
|
177
177
|
}
|
|
178
178
|
const budgetBlock = budgetBlockForChunk(planResult.plan, chunkResult.chunk);
|
|
179
179
|
if (budgetBlock && chunkResult.chunk.state !== "frozen") {
|
|
180
|
-
return inputError(`nimicoding
|
|
180
|
+
return inputError(`nimicoding sweep audit refused: ${budgetBlock}; build or admit remediation bundles before continuing discovery.\n`);
|
|
181
181
|
}
|
|
182
182
|
|
|
183
183
|
const dispatch = {
|
|
@@ -311,7 +311,7 @@ async function markCodexAuditFailed(projectRoot, options) {
|
|
|
311
311
|
export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
312
312
|
const sweepId = safeSweepId(options.sweepId);
|
|
313
313
|
if (!sweepId || typeof options.chunkId !== "string") {
|
|
314
|
-
return inputError("nimicoding
|
|
314
|
+
return inputError("nimicoding sweep audit refused: --sweep-id and --chunk-id are required.\n");
|
|
315
315
|
}
|
|
316
316
|
const dispatchedAtError = ensureIsoTimestamp(options.dispatchedAt, "--dispatched-at");
|
|
317
317
|
if (dispatchedAtError) {
|
|
@@ -394,7 +394,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
|
394
394
|
timeout_ms: runResult.timeoutMs,
|
|
395
395
|
stderr_tail: runResult.stderr.slice(-2000),
|
|
396
396
|
});
|
|
397
|
-
return inputError(`nimicoding
|
|
397
|
+
return inputError(`nimicoding sweep audit refused: ${failureReason}\n`);
|
|
398
398
|
}
|
|
399
399
|
}
|
|
400
400
|
|
|
@@ -425,7 +425,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
|
425
425
|
transcript_ref: rawRef,
|
|
426
426
|
reason: extracted.error,
|
|
427
427
|
});
|
|
428
|
-
return inputError(`nimicoding
|
|
428
|
+
return inputError(`nimicoding sweep audit refused: Codex auditor output rejected for ${options.chunkId}: ${extracted.error}.\n`);
|
|
429
429
|
}
|
|
430
430
|
|
|
431
431
|
await appendRunEvent(projectRoot, sweepId, {
|
|
@@ -454,7 +454,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
|
454
454
|
phase: "chunk_ingest",
|
|
455
455
|
reason: `Codex auditor evidence ingest rejected: ${ingest.error ?? "unknown ingest failure"}.`,
|
|
456
456
|
});
|
|
457
|
-
return inputError(`nimicoding
|
|
457
|
+
return inputError(`nimicoding sweep audit refused: Codex auditor evidence ingest rejected for ${options.chunkId}: ${ingest.error ?? "unknown ingest failure"}.\n`);
|
|
458
458
|
}
|
|
459
459
|
|
|
460
460
|
const review = await reviewAuditSweepChunk(projectRoot, {
|
|
@@ -475,7 +475,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
|
475
475
|
phase: "chunk_review",
|
|
476
476
|
reason: `Codex auditor evidence review rejected: ${review.error ?? "unknown review failure"}.`,
|
|
477
477
|
});
|
|
478
|
-
return inputError(`nimicoding
|
|
478
|
+
return inputError(`nimicoding sweep audit refused: Codex auditor evidence review rejected for ${options.chunkId}: ${review.error ?? "unknown review failure"}.\n`);
|
|
479
479
|
}
|
|
480
480
|
|
|
481
481
|
const validation = await validateAuditSweepArtifacts(projectRoot, {
|
|
@@ -492,7 +492,7 @@ export async function runCodexAuditSweepChunk(projectRoot, options) {
|
|
|
492
492
|
phase: "post_chunk_validation",
|
|
493
493
|
reason: "Post-Codex chunk validation failed.",
|
|
494
494
|
});
|
|
495
|
-
return inputError(`nimicoding
|
|
495
|
+
return inputError(`nimicoding sweep audit refused: post-Codex chunk validation failed for ${options.chunkId}.\n`);
|
|
496
496
|
}
|
|
497
497
|
|
|
498
498
|
return {
|