@nimiplatform/nimi-coding 0.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (186) hide show
  1. package/LICENSE +21 -0
  2. package/README.md +348 -0
  3. package/adapters/README.md +25 -0
  4. package/adapters/claude/README.md +89 -0
  5. package/adapters/claude/profile.yaml +70 -0
  6. package/adapters/codex/README.md +53 -0
  7. package/adapters/codex/profile.yaml +78 -0
  8. package/adapters/oh-my-codex/README.md +185 -0
  9. package/adapters/oh-my-codex/profile.yaml +46 -0
  10. package/bin/nimicoding.mjs +6 -0
  11. package/cli/commands/admit-high-risk-decision.mjs +108 -0
  12. package/cli/commands/audit-sweep.mjs +341 -0
  13. package/cli/commands/blueprint-audit.mjs +91 -0
  14. package/cli/commands/clear.mjs +168 -0
  15. package/cli/commands/closeout.mjs +183 -0
  16. package/cli/commands/decide-high-risk-execution.mjs +124 -0
  17. package/cli/commands/doctor.mjs +53 -0
  18. package/cli/commands/generate-spec-derived-docs.mjs +131 -0
  19. package/cli/commands/handoff.mjs +123 -0
  20. package/cli/commands/ingest-high-risk-execution.mjs +95 -0
  21. package/cli/commands/review-high-risk-execution.mjs +95 -0
  22. package/cli/commands/start.mjs +717 -0
  23. package/cli/commands/topic-formatters.mjs +382 -0
  24. package/cli/commands/topic-goal.mjs +33 -0
  25. package/cli/commands/topic-options-shared.mjs +27 -0
  26. package/cli/commands/topic-options-workflow.mjs +767 -0
  27. package/cli/commands/topic-options.mjs +626 -0
  28. package/cli/commands/topic-runner.mjs +169 -0
  29. package/cli/commands/topic.mjs +795 -0
  30. package/cli/commands/validate-acceptance.mjs +5 -0
  31. package/cli/commands/validate-ai-governance.mjs +214 -0
  32. package/cli/commands/validate-execution-packet.mjs +5 -0
  33. package/cli/commands/validate-orchestration-state.mjs +5 -0
  34. package/cli/commands/validate-prompt.mjs +5 -0
  35. package/cli/commands/validate-spec-audit.mjs +27 -0
  36. package/cli/commands/validate-spec-governance.mjs +124 -0
  37. package/cli/commands/validate-spec-tree.mjs +27 -0
  38. package/cli/commands/validate-worker-output.mjs +5 -0
  39. package/cli/constants.mjs +489 -0
  40. package/cli/help.mjs +134 -0
  41. package/cli/index.mjs +103 -0
  42. package/cli/lib/adapter-profiles.mjs +403 -0
  43. package/cli/lib/audit-execution.mjs +52 -0
  44. package/cli/lib/audit-sweep-runtime/admissions.mjs +381 -0
  45. package/cli/lib/audit-sweep-runtime/audit-validity.mjs +333 -0
  46. package/cli/lib/audit-sweep-runtime/chunks.mjs +697 -0
  47. package/cli/lib/audit-sweep-runtime/closeout.mjs +144 -0
  48. package/cli/lib/audit-sweep-runtime/codex-auditor-evidence.mjs +639 -0
  49. package/cli/lib/audit-sweep-runtime/codex-auditor.mjs +515 -0
  50. package/cli/lib/audit-sweep-runtime/common.mjs +329 -0
  51. package/cli/lib/audit-sweep-runtime/coverage-quality.mjs +172 -0
  52. package/cli/lib/audit-sweep-runtime/evidence-assignment.mjs +152 -0
  53. package/cli/lib/audit-sweep-runtime/format.mjs +57 -0
  54. package/cli/lib/audit-sweep-runtime/ingest.mjs +486 -0
  55. package/cli/lib/audit-sweep-runtime/inventory-spec-chunks.mjs +198 -0
  56. package/cli/lib/audit-sweep-runtime/inventory.mjs +728 -0
  57. package/cli/lib/audit-sweep-runtime/ledger.mjs +315 -0
  58. package/cli/lib/audit-sweep-runtime/p0p1-profile.mjs +101 -0
  59. package/cli/lib/audit-sweep-runtime/remediation.mjs +349 -0
  60. package/cli/lib/audit-sweep-runtime/rerun.mjs +129 -0
  61. package/cli/lib/audit-sweep-runtime/risk-budget.mjs +300 -0
  62. package/cli/lib/audit-sweep-runtime/status.mjs +62 -0
  63. package/cli/lib/audit-sweep-runtime/validators-ledger.mjs +215 -0
  64. package/cli/lib/audit-sweep-runtime/validators.mjs +758 -0
  65. package/cli/lib/audit-sweep.mjs +18 -0
  66. package/cli/lib/authority-convergence.mjs +309 -0
  67. package/cli/lib/blueprint-audit.mjs +370 -0
  68. package/cli/lib/bootstrap.mjs +228 -0
  69. package/cli/lib/closeout.mjs +623 -0
  70. package/cli/lib/codex-sdk-runner.mjs +76 -0
  71. package/cli/lib/contracts.mjs +180 -0
  72. package/cli/lib/doctor.mjs +18 -0
  73. package/cli/lib/entrypoints.mjs +274 -0
  74. package/cli/lib/external-execution.mjs +101 -0
  75. package/cli/lib/fs-helpers.mjs +33 -0
  76. package/cli/lib/handoff.mjs +785 -0
  77. package/cli/lib/high-risk-admission.mjs +442 -0
  78. package/cli/lib/high-risk-decision.mjs +324 -0
  79. package/cli/lib/high-risk-ingest.mjs +317 -0
  80. package/cli/lib/high-risk-review.mjs +263 -0
  81. package/cli/lib/internal/contracts-loaders.mjs +132 -0
  82. package/cli/lib/internal/contracts-parse-high-risk.mjs +131 -0
  83. package/cli/lib/internal/contracts-parse.mjs +457 -0
  84. package/cli/lib/internal/contracts-validators.mjs +398 -0
  85. package/cli/lib/internal/doctor-bootstrap-surface.mjs +359 -0
  86. package/cli/lib/internal/doctor-delegated-surface.mjs +256 -0
  87. package/cli/lib/internal/doctor-finalize.mjs +385 -0
  88. package/cli/lib/internal/doctor-format.mjs +286 -0
  89. package/cli/lib/internal/doctor-inspectors.mjs +294 -0
  90. package/cli/lib/internal/doctor-state.mjs +205 -0
  91. package/cli/lib/internal/governance/ai/ai-context-budget-core.mjs +315 -0
  92. package/cli/lib/internal/governance/ai/ai-structure-budget-core.mjs +358 -0
  93. package/cli/lib/internal/governance/ai/check-agents-freshness.mjs +155 -0
  94. package/cli/lib/internal/governance/ai/check-high-risk-doc-metadata-core.mjs +173 -0
  95. package/cli/lib/internal/governance/config.mjs +150 -0
  96. package/cli/lib/internal/governance/runner.mjs +35 -0
  97. package/cli/lib/internal/governance/shared/read-yaml-with-fragments.mjs +49 -0
  98. package/cli/lib/internal/validators-artifacts.mjs +515 -0
  99. package/cli/lib/internal/validators-shared.mjs +28 -0
  100. package/cli/lib/internal/validators-spec-helpers.mjs +186 -0
  101. package/cli/lib/internal/validators-spec.mjs +410 -0
  102. package/cli/lib/shared.mjs +83 -0
  103. package/cli/lib/topic-draft-packets.mjs +48 -0
  104. package/cli/lib/topic-goal.mjs +361 -0
  105. package/cli/lib/topic-runner.mjs +772 -0
  106. package/cli/lib/topic.mjs +93 -0
  107. package/cli/lib/ui.mjs +178 -0
  108. package/cli/lib/validators.mjs +78 -0
  109. package/cli/lib/value-helpers.mjs +24 -0
  110. package/cli/lib/yaml-helpers.mjs +133 -0
  111. package/cli/nimicoding.mjs +1 -0
  112. package/cli/seeds/bootstrap.mjs +47 -0
  113. package/config/audit-execution-artifacts.yaml +20 -0
  114. package/config/bootstrap.yaml +6 -0
  115. package/config/external-execution-artifacts.yaml +16 -0
  116. package/config/host-adapter.yaml +30 -0
  117. package/config/host-profile.yaml +29 -0
  118. package/config/installer-evidence.yaml +31 -0
  119. package/config/skill-installer.yaml +23 -0
  120. package/config/skill-manifest.yaml +46 -0
  121. package/config/skills.yaml +30 -0
  122. package/config/spec-generation-inputs.yaml +25 -0
  123. package/contracts/acceptance.schema.yaml +16 -0
  124. package/contracts/admission-checklist.schema.yaml +15 -0
  125. package/contracts/audit-chunk.schema.yaml +110 -0
  126. package/contracts/audit-closeout.schema.yaml +51 -0
  127. package/contracts/audit-finding.schema.yaml +61 -0
  128. package/contracts/audit-ledger.schema.yaml +138 -0
  129. package/contracts/audit-plan.schema.yaml +123 -0
  130. package/contracts/audit-remediation-map.schema.yaml +51 -0
  131. package/contracts/audit-rerun.schema.yaml +31 -0
  132. package/contracts/audit-sweep-result.yaml +49 -0
  133. package/contracts/authority-convergence-audit.schema.yaml +19 -0
  134. package/contracts/closeout.schema.yaml +25 -0
  135. package/contracts/decision-review.schema.yaml +16 -0
  136. package/contracts/doc-spec-audit-result.yaml +19 -0
  137. package/contracts/execution-packet.schema.yaml +49 -0
  138. package/contracts/external-host-compatibility.yaml +22 -0
  139. package/contracts/forbidden-shortcuts.catalog.yaml +23 -0
  140. package/contracts/high-risk-admission.schema.yaml +23 -0
  141. package/contracts/high-risk-execution-result.yaml +20 -0
  142. package/contracts/orchestration-state.schema.yaml +41 -0
  143. package/contracts/overflow-continuation.schema.yaml +12 -0
  144. package/contracts/packet.schema.yaml +30 -0
  145. package/contracts/pending-note.schema.yaml +17 -0
  146. package/contracts/prompt.schema.yaml +12 -0
  147. package/contracts/remediation.schema.yaml +16 -0
  148. package/contracts/result.schema.yaml +24 -0
  149. package/contracts/spec-generation-audit.schema.yaml +31 -0
  150. package/contracts/spec-generation-inputs.schema.yaml +39 -0
  151. package/contracts/spec-reconstruction-result.yaml +37 -0
  152. package/contracts/topic-goal.schema.yaml +78 -0
  153. package/contracts/topic-run-ledger.schema.yaml +72 -0
  154. package/contracts/topic-step-decision.schema.yaml +45 -0
  155. package/contracts/topic.schema.yaml +65 -0
  156. package/contracts/true-close.schema.yaml +15 -0
  157. package/contracts/wave.schema.yaml +29 -0
  158. package/contracts/worker-output.schema.yaml +15 -0
  159. package/methodology/audit-sweep-p0p1-recall.yaml +45 -0
  160. package/methodology/authority-convergence-policy.yaml +42 -0
  161. package/methodology/core.yaml +25 -0
  162. package/methodology/four-closure-policy.yaml +28 -0
  163. package/methodology/overflow-continuation-policy.yaml +14 -0
  164. package/methodology/role-separation-policy.yaml +28 -0
  165. package/methodology/skill-exchange-projection.yaml +114 -0
  166. package/methodology/skill-handoff.yaml +34 -0
  167. package/methodology/skill-installer-result.yaml +27 -0
  168. package/methodology/skill-installer-summary-projection.yaml +181 -0
  169. package/methodology/skill-runtime.yaml +23 -0
  170. package/methodology/spec-reconstruction.yaml +63 -0
  171. package/methodology/spec-target-truth-profile.yaml +53 -0
  172. package/methodology/topic-lifecycle-report.yaml +144 -0
  173. package/methodology/topic-lifecycle.yaml +37 -0
  174. package/methodology/topic-naming-ontology.yaml +21 -0
  175. package/methodology/topic-ontology.yaml +38 -0
  176. package/methodology/topic-validation-policy.yaml +9 -0
  177. package/methodology/wave-dag-policy.yaml +14 -0
  178. package/package.json +50 -0
  179. package/spec/_meta/command-gating-matrix.yaml +110 -0
  180. package/spec/_meta/generate-drift-migration-checklist.yaml +155 -0
  181. package/spec/_meta/governance-routing-cutover-checklist.yaml +35 -0
  182. package/spec/_meta/phase2-impacted-surface-matrix.yaml +44 -0
  183. package/spec/_meta/spec-authority-cutover-readiness.yaml +104 -0
  184. package/spec/_meta/spec-tree-model.yaml +72 -0
  185. package/spec/bootstrap-state.yaml +99 -0
  186. package/spec/product-scope.yaml +56 -0
package/cli/lib/audit-sweep-runtime/closeout.mjs ADDED
@@ -0,0 +1,144 @@
1
+ import {
2
+ appendRunEvent,
3
+ auditCloseoutRef,
4
+ ensureIsoTimestamp,
5
+ inputError,
6
+ loadFindings,
7
+ loadLatestLedger,
8
+ loadYamlRef,
9
+ remediationMapRef,
10
+ safeSweepId,
11
+ writeYamlRef,
12
+ } from "./common.mjs";
13
+ import {
14
+ COVERAGE_SCOPE_LABEL,
15
+ FILE_INVENTORY_SCOPE_LABEL,
16
+ deriveCoverageCloseoutPosture,
17
+ deriveCoverageStatus,
18
+ withFullScopeWarning,
19
+ } from "./coverage-quality.mjs";
20
+ import { validateAuditSweepArtifacts } from "./validators.mjs";
21
+
22
+ export async function buildAuditSweepCloseoutImport(projectRoot, options) {
23
+ const sweepId = safeSweepId(options.sweepId);
24
+ if (!sweepId) {
25
+ return inputError("nimicoding audit-sweep refused: --sweep-id is required.\n");
26
+ }
27
+ const timestampError = ensureIsoTimestamp(options.verifiedAt);
28
+ if (timestampError) {
29
+ return timestampError;
30
+ }
31
+
32
+ const ledgerResult = await loadLatestLedger(projectRoot, sweepId);
33
+ if (!ledgerResult.ok) {
34
+ return inputError(ledgerResult.error);
35
+ }
36
+ const ledger = ledgerResult.ledger;
37
+ const preflightValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "remediation" });
38
+ if (!preflightValidation.ok) {
39
+ const failed = preflightValidation.checks.find((entry) => !entry.ok);
40
+ return inputError(`nimicoding audit-sweep refused: audit-sweep closeout preflight failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
41
+ }
42
+ if (ledger.status === "blocked") {
43
+ return inputError("nimicoding audit-sweep refused: blocked ledger cannot produce completed closeout summary.\n");
44
+ }
45
+ if (ledger.status === "blocked_evidence_incomplete" || ledger.status === "partial_authority_only") {
46
+ return inputError("nimicoding audit-sweep refused: incomplete spec authority/evidence coverage cannot produce completed closeout summary.\n");
47
+ }
48
+ if (ledger.coverage.active_chunks > 0) {
49
+ return inputError("nimicoding audit-sweep refused: closeout summary requires no active chunks.\n");
50
+ }
51
+
52
+ const mapRef = remediationMapRef(sweepId, ledger.snapshot_id);
53
+ const remediationMap = await loadYamlRef(projectRoot, mapRef);
54
+ const { store } = await loadFindings(projectRoot, sweepId);
55
+ const openFindingIds = store.findings.filter((finding) => finding.disposition === "open").map((finding) => finding.id);
56
+ const mappedFindingIds = new Set(Array.isArray(remediationMap?.waves)
57
+ ? remediationMap.waves.flatMap((wave) => Array.isArray(wave.finding_ids) ? wave.finding_ids : [])
58
+ : []);
59
+ const unmappedOpenFindings = openFindingIds.filter((findingId) => !mappedFindingIds.has(findingId));
60
+ if (openFindingIds.length > 0 && (!remediationMap || unmappedOpenFindings.length > 0)) {
61
+ return inputError("nimicoding audit-sweep refused: open findings require remediation map coverage before closeout summary.\n");
62
+ }
63
+ const closedWithoutResolutionEvidence = store.findings
64
+ .filter((finding) => finding.disposition !== "open")
65
+ .filter((finding) => !finding.resolution?.evidence_ref || !finding.resolution?.rerun);
66
+ if (closedWithoutResolutionEvidence.length > 0) {
67
+ return inputError("nimicoding audit-sweep refused: closed findings require resolution and rerun evidence before closeout summary.\n");
68
+ }
69
+
70
+ const coverageStatus = deriveCoverageStatus(ledger.status);
71
+ const coverageQuality = coverageStatus === "full"
72
+ ? withFullScopeWarning(ledger.coverage_quality)
73
+ : ledger.coverage_quality ?? null;
74
+ const closeoutPosture = deriveCoverageCloseoutPosture({
75
+ coverageStatus,
76
+ openFindingCount: openFindingIds.length,
77
+ });
78
+ const auditValidity = ledger.audit_validity ?? null;
79
+ const finalCloseoutPosture = auditValidity?.posture === "invalid"
80
+ ? "audit_invalid_no_finding_evidence"
81
+ : closeoutPosture;
82
+ const auditCloseoutRefValue = auditCloseoutRef(sweepId, ledger.snapshot_id);
83
+ const auditCloseout = {
84
+ version: 1,
85
+ kind: "audit-closeout",
86
+ sweep_id: sweepId,
87
+ ledger_ref: ledgerResult.ledgerRef,
88
+ remediation_map_ref: mapRef,
89
+ audit_closeout_ref: auditCloseoutRefValue,
90
+ coverage_status: coverageStatus,
91
+ coverage_scope: ledger.coverage.authority_coverage ? COVERAGE_SCOPE_LABEL : FILE_INVENTORY_SCOPE_LABEL,
92
+ ...(coverageQuality ? { coverage_quality: coverageQuality } : {}),
93
+ ...(auditValidity ? { audit_validity: auditValidity } : {}),
94
+ finding_posture: ledger.finding_posture,
95
+ closeout_posture: finalCloseoutPosture,
96
+ verified_at: options.verifiedAt,
97
+ };
98
+ await writeYamlRef(projectRoot, auditCloseoutRefValue, auditCloseout);
99
+ const summary = {
100
+ plan_ref: ledger.plan_ref,
101
+ chunk_refs: ledger.chunk_refs,
102
+ ledger_ref: ledgerResult.ledgerRef,
103
+ report_ref: ledger.report_ref,
104
+ remediation_map_ref: mapRef,
105
+ audit_closeout_ref: auditCloseoutRefValue,
106
+ evidence_refs: ledger.evidence_refs,
107
+ finding_count: ledger.finding_count,
108
+ unresolved_finding_count: ledger.unresolved_finding_count,
109
+ status: ledger.status,
110
+ coverage_scope: ledger.coverage.authority_coverage ? COVERAGE_SCOPE_LABEL : FILE_INVENTORY_SCOPE_LABEL,
111
+ ...(coverageQuality ? { coverage_quality: coverageQuality } : {}),
112
+ ...(auditValidity ? { audit_validity: auditValidity } : {}),
113
+ summary: ledger.coverage.authority_coverage
114
+ ? `Audit sweep ${sweepId} has authority coverage ${ledger.coverage.authority_coverage.audited_files}/${ledger.coverage.authority_coverage.total_files}, evidence coverage ${ledger.coverage.evidence_coverage.audited_files}/${ledger.coverage.evidence_coverage.total_files}, ${ledger.finding_count} findings, and ${ledger.unresolved_finding_count} open findings.`
115
+ : `Audit sweep ${sweepId} has ${ledger.coverage.audited_files}/${ledger.coverage.included_files} included files audited, ${ledger.finding_count} findings, and ${ledger.unresolved_finding_count} open findings.`,
116
+ verified_at: options.verifiedAt,
117
+ };
118
+ const runRef = await appendRunEvent(projectRoot, sweepId, {
119
+ event_type: "closeout_summary_projected",
120
+ ledger_ref: ledgerResult.ledgerRef,
121
+ remediation_map_ref: mapRef,
122
+ audit_closeout_ref: auditCloseoutRefValue,
123
+ closeout_posture: finalCloseoutPosture,
124
+ });
125
+ const closeoutValidation = await validateAuditSweepArtifacts(projectRoot, { sweepId, scope: "closeout" });
126
+ if (!closeoutValidation.ok) {
127
+ const failed = closeoutValidation.checks.find((entry) => !entry.ok);
128
+ return inputError(`nimicoding audit-sweep refused: audit-sweep closeout validation failed: ${failed?.reason ?? "artifact validation failed"}.\n`);
129
+ }
130
+
131
+ return {
132
+ ok: true,
133
+ exitCode: 0,
134
+ projectRoot,
135
+ skill: { id: "audit_sweep" },
136
+ outcome: "completed",
137
+ verifiedAt: options.verifiedAt,
138
+ localOnly: true,
139
+ runLedgerRef: runRef,
140
+ auditCloseoutRef: auditCloseoutRefValue,
141
+ auditCloseout,
142
+ summary,
143
+ };
144
+ }