@nimiplatform/nimi-coding 0.1.0

package/cli/lib/audit-sweep-runtime/ledger.mjs

@@ -0,0 +1,315 @@
+import { mkdir, writeFile } from "node:fs/promises";
+import path from "node:path";
+
+import YAML from "yaml";
+
+import {
+  ACTIVE_CHUNK_STATES,
+  appendRunEvent,
+  artifactPath,
+  artifactRef,
+  chunkRef,
+  ensureIsoTimestamp,
+  findingsRef,
+  inputError,
+  loadJsonFile,
+  ledgerRef,
+  loadChunk,
+  loadFindings,
+  loadPlan,
+  remediationMapRef,
+  reportRef,
+  runLedgerRef,
+  safeSweepId,
+  writeYamlRef,
+} from "./common.mjs";
+import { buildAuditValidityForEvidence, combineAuditValidity } from "./audit-validity.mjs";
+import { buildCoverageQuality } from "./coverage-quality.mjs";
+import { deriveLedgerSnapshotId } from "./validators.mjs";
+import { ensureClusterStore } from "./risk-budget.mjs";
+
+function countBy(values, keyFn) {
+  const counts = {};
+  for (const value of values) {
+    const key = keyFn(value);
+    counts[key] = (counts[key] ?? 0) + 1;
+  }
+  return counts;
+}
+
+async function loadChunks(projectRoot, sweepId, plan) {
+  const chunks = [];
+  for (const chunk of plan.chunks) {
+    const loaded = await loadChunk(projectRoot, sweepId, chunk.chunk_id);
+    if (!loaded.ok) {
+      return loaded;
+    }
+    chunks.push(loaded.chunk);
+  }
+  return { ok: true, chunks };
+}
+
+function buildFindingPosture(findings) {
+  return {
+    open: findings.filter((finding) => finding.disposition === "open").length,
+    remediated: findings.filter((finding) => finding.disposition === "remediated").length,
+    accepted_risk: findings.filter((finding) => finding.disposition === "accepted-risk").length,
+    false_positive: findings.filter((finding) => finding.disposition === "false-positive").length,
+    deferred_backlog: findings.filter((finding) => finding.disposition === "deferred-backlog").length,
+  };
+}
+
+function buildLedgerCoverage(plan, chunks) {
+  const frozenChunks = chunks.filter((chunk) => chunk.state === "frozen");
+  const base = {
+    frozen_chunks: frozenChunks.length,
+    failed_chunks: chunks.filter((chunk) => chunk.state === "failed").length,
+    skipped_chunks: chunks.filter((chunk) => chunk.state === "skipped").length,
+    active_chunks: chunks.filter((chunk) => ACTIVE_CHUNK_STATES.has(chunk.state)).length,
+  };
+  if (plan.planning_basis?.mode !== "spec_authority") {
+    const auditedFiles = new Set(frozenChunks.flatMap((chunk) => chunk.files));
+    return {
+      total_files: plan.coverage.total_files,
+      included_files: plan.coverage.included_files,
+      audited_files: auditedFiles.size,
+      ...base,
+    };
+  }
+
+  const auditedAuthorityFiles = new Set(frozenChunks.flatMap((chunk) => chunk.files));
+  const auditedEvidenceFiles = new Set(frozenChunks.flatMap((chunk) => chunk.evidence_inventory ?? []));
+  const authorityTotal = plan.coverage?.authority_files ?? plan.coverage?.included_files ?? 0;
+  const evidenceTotal = plan.coverage?.evidence_files ?? plan.evidence_inventory?.length ?? 0;
+  const unmappedEvidenceFiles = plan.coverage?.unmapped_evidence_files ?? plan.unmapped_evidence_files?.length ?? 0;
+  const emptyEvidenceChunks = plan.coverage?.authority_chunks_without_evidence_inventory
+    ?? chunks.filter((chunk) => (chunk.evidence_inventory ?? []).length === 0).length;
+  return {
+    total_files: authorityTotal + evidenceTotal,
+    included_files: authorityTotal + evidenceTotal,
+    audited_files: auditedAuthorityFiles.size + auditedEvidenceFiles.size,
+    authority_coverage: {
+      total_files: authorityTotal,
+      audited_files: auditedAuthorityFiles.size,
+      chunks_without_evidence_inventory: emptyEvidenceChunks,
+    },
+    evidence_coverage: {
+      total_files: evidenceTotal,
+      audited_files: auditedEvidenceFiles.size,
+      unmapped_files: unmappedEvidenceFiles,
+    },
+    ...base,
+  };
+}
+
+async function buildLedgerAuditValidity(projectRoot, chunks) {
+  const entries = [];
+  for (const chunk of chunks) {
+    if (!chunk.evidence_ref) {
+      continue;
+    }
+    const evidence = await loadJsonFile(artifactPath(projectRoot, chunk.evidence_ref));
+    if (evidence.ok) {
+      entries.push(buildAuditValidityForEvidence(chunk, evidence.value));
+    }
+  }
+  return combineAuditValidity(entries);
+}
+
+function deriveLedgerStatus(plan, coverage, chunks) {
+  const includedFiles = coverage.included_files ?? 0;
+  const frozenChunks = chunks.filter((chunk) => chunk.state === "frozen").length;
+
+  if (includedFiles === 0) {
+    return "blocked";
+  }
+  if (coverage.active_chunks > 0) {
+    return "partial";
+  }
+  if (coverage.failed_chunks > 0 || coverage.skipped_chunks > 0) {
+    return "partial";
+  }
+  if (plan.planning_basis?.mode === "spec_authority") {
+    const authorityFull = coverage.authority_coverage?.total_files > 0
+      && coverage.authority_coverage.audited_files === coverage.authority_coverage.total_files;
+    const evidenceFull = coverage.evidence_coverage?.audited_files === coverage.evidence_coverage?.total_files
+      && coverage.evidence_coverage?.unmapped_files === 0;
+    if (frozenChunks === chunks.length && authorityFull && evidenceFull) {
+      return "candidate_ready";
+    }
+    if (authorityFull && !evidenceFull) {
+      return "blocked_evidence_incomplete";
+    }
+    return "partial_authority_only";
+  }
+  return frozenChunks === chunks.length ? "candidate_ready" : "partial";
+}
+
+function formatReport({ sweepId, ledger, findings }) {
+  const lines = [
+    `# Audit Sweep ${sweepId}`,
+    "",
+    `- Snapshot: ${ledger.snapshot_id}`,
+    `- Status: ${ledger.status}`,
+    `- Included files: ${ledger.coverage.included_files}`,
+    `- Audited files: ${ledger.coverage.audited_files}`,
+    ...(ledger.coverage_quality ? [
+      `- Coverage quality: ${ledger.coverage_quality.posture}`,
+      `- Coverage quality warnings: ${ledger.coverage_quality.warnings.length}`,
+      `- Coverage quality blockers: ${ledger.coverage_quality.blockers.length}`,
+    ] : []),
+    ...(ledger.audit_validity ? [
+      `- Audit validity: ${ledger.audit_validity.posture}`,
+      `- Audit validity warnings: ${ledger.audit_validity.warnings.length}`,
+      `- Audit validity blockers: ${ledger.audit_validity.blockers.length}`,
+      `- No-finding posture: ${ledger.audit_validity.no_finding_posture}`,
+    ] : []),
+    ...(ledger.coverage.authority_coverage ? [
+      `- Authority coverage: ${ledger.coverage.authority_coverage.audited_files}/${ledger.coverage.authority_coverage.total_files}`,
+      `- Evidence coverage: ${ledger.coverage.evidence_coverage.audited_files}/${ledger.coverage.evidence_coverage.total_files}`,
+      `- Unmapped evidence files: ${ledger.coverage.evidence_coverage.unmapped_files}`,
+    ] : []),
+    `- Frozen chunks: ${ledger.coverage.frozen_chunks}`,
+    `- Findings: ${ledger.finding_count}`,
+    `- Finding clusters: ${ledger.finding_cluster_count ?? 0}`,
+    `- Clustered duplicate symptoms: ${ledger.clustered_symptom_count ?? 0}`,
+    `- Open findings: ${ledger.finding_posture.open}`,
+    "",
+    "## Severity Counts",
+    "",
+    ...Object.entries(ledger.severity_counts).map(([severity, count]) => `- ${severity}: ${count}`),
+    "",
+    "## Findings",
+    "",
+  ];
+
+  if (findings.length === 0) {
+    lines.push("No findings recorded.");
+  } else {
+    for (const finding of findings) {
+      lines.push(`### ${finding.id}: ${finding.title}`);
+      lines.push("");
+      lines.push(`- Severity: ${finding.severity}`);
+      lines.push(`- Disposition: ${finding.disposition}`);
+      lines.push(`- Actionability: ${finding.actionability}`);
+      lines.push(`- Location: ${finding.location.file}${finding.location.line ? `:${finding.location.line}` : ""}`);
+      lines.push(`- Fingerprint: ${finding.fingerprint}`);
+      lines.push("");
+      lines.push(finding.description);
+      lines.push("");
+    }
+  }
+
+  return `${lines.join("\n")}\n`;
+}
+
+export async function buildAuditSweepLedger(projectRoot, options) {
+  const sweepId = safeSweepId(options.sweepId);
+  if (!sweepId) {
+    return inputError("nimicoding audit-sweep refused: --sweep-id is required.\n");
+  }
+
+  const timestampError = options.verifiedAt ? ensureIsoTimestamp(options.verifiedAt) : null;
+  if (timestampError) {
+    return timestampError;
+  }
+  const verifiedAt = options.verifiedAt ?? new Date().toISOString();
+
+  const planResult = await loadPlan(projectRoot, sweepId);
+  if (!planResult.ok) {
+    return inputError(planResult.error);
+  }
+  const chunksResult = await loadChunks(projectRoot, sweepId, planResult.plan);
+  if (!chunksResult.ok) {
+    return inputError(chunksResult.error);
+  }
+  const { findingsRef: aggregateFindingsRef, store } = await loadFindings(projectRoot, sweepId);
+  ensureClusterStore(store);
+  await writeYamlRef(projectRoot, aggregateFindingsRef, store);
+  const chunks = chunksResult.chunks;
+  const coverage = buildLedgerCoverage(planResult.plan, chunks);
+  const status = deriveLedgerStatus(planResult.plan, coverage, chunks);
+  const coverageQuality = buildCoverageQuality(planResult.plan, chunks, coverage);
+  const auditValidity = await buildLedgerAuditValidity(projectRoot, chunks);
+  const evidenceRefs = [
+    aggregateFindingsRef,
+    ...chunks.map((chunk) => chunk.evidence_ref).filter(Boolean),
+    ...store.findings.map((finding) => finding.resolution?.evidence_ref).filter(Boolean),
+  ];
+  const findingPosture = buildFindingPosture(store.findings);
+  const snapshotId = deriveLedgerSnapshotId(sweepId, planResult.plan, chunks, store.findings, store.clusters);
+  const currentLedgerRef = ledgerRef(sweepId, snapshotId);
+  const currentReportRef = reportRef(sweepId, snapshotId);
+  const latestPointerRef = artifactRef("ledger_ref", sweepId, "latest.yaml");
+  const ledger = {
+    version: 1,
+    kind: "audit-ledger",
+    sweep_id: sweepId,
+    snapshot_id: snapshotId,
+    immutable: true,
+    plan_ref: planResult.planRef,
+    chunk_refs: chunks.map((chunk) => chunkRef(sweepId, chunk.chunk_id)),
+    findings_ref: aggregateFindingsRef,
+    evidence_refs: evidenceRefs,
+    run_ledger_ref: runLedgerRef(sweepId),
+    report_ref: currentReportRef,
+    remediation_map_ref: remediationMapRef(sweepId, snapshotId),
+    status,
+    coverage,
+    ...(coverageQuality ? { coverage_quality: coverageQuality } : {}),
+    audit_validity: auditValidity,
+    finding_count: store.findings.length,
+    finding_cluster_count: store.clusters.length,
+    clustered_symptom_count: store.clustered_symptom_count ?? 0,
+    remediation_obligation_count: store.remediation_obligation_count ?? store.findings.length,
+    unresolved_finding_count: findingPosture.open,
+    finding_posture: findingPosture,
+    severity_counts: countBy(store.findings, (finding) => finding.severity),
+    actionability_counts: countBy(store.findings, (finding) => finding.actionability),
+    created_at: verifiedAt,
+  };
+
+  await writeYamlRef(projectRoot, currentLedgerRef, ledger);
+  await writeYamlRef(projectRoot, latestPointerRef, {
+    version: 1,
+    kind: "audit-ledger-pointer",
+    sweep_id: sweepId,
+    ledger_ref: currentLedgerRef,
+    snapshot_id: snapshotId,
+    updated_at: verifiedAt,
+  });
+  await mkdir(path.dirname(artifactPath(projectRoot, currentReportRef)), { recursive: true });
+  await writeFile(artifactPath(projectRoot, currentReportRef), formatReport({ sweepId, ledger, findings: store.findings }), "utf8");
+  const runRef = await appendRunEvent(projectRoot, sweepId, {
+    event_type: "ledger_snapshot_created",
+    ledger_ref: currentLedgerRef,
+    snapshot_id: snapshotId,
+    status,
+  });
+
+  return {
+    ok: true,
+    exitCode: 0,
+    sweepId,
+    status,
+    snapshotId,
+    planRef: planResult.planRef,
+    chunkRefs: ledger.chunk_refs,
+    ledgerRef: currentLedgerRef,
+    latestLedgerRef: latestPointerRef,
+    reportRef: currentReportRef,
+    remediationMapRef: ledger.remediation_map_ref,
+    runLedgerRef: runRef,
+    evidenceRefs,
+    findingCount: store.findings.length,
+    findingClusterCount: store.clusters.length,
+    clusteredSymptomCount: store.clustered_symptom_count ?? 0,
+    remediationObligationCount: store.remediation_obligation_count ?? store.findings.length,
+    unresolvedFindingCount: findingPosture.open,
+    coverage: ledger.coverage,
+    coverageQuality: ledger.coverage_quality ?? null,
+    auditValidity: ledger.audit_validity,
+  };
+}
+
+export { formatReport as formatAuditSweepReport };

package/cli/lib/audit-sweep-runtime/p0p1-profile.mjs

@@ -0,0 +1,101 @@
+const P0P1_CRITERIA = new Set([
+  "p0p1",
+  "p0-p1",
+  "p0",
+  "p1",
+  "critical-high",
+  "critical_high",
+]);
+
+const HIGH_RISK_OWNER_DOMAINS = new Set([
+  "runtime",
+  "sdk",
+  "platform",
+  "security",
+  "provider",
+  "desktop",
+  "web",
+  "nimi-coding",
+  "nimi-coding/audit-sweep",
+]);
+
+export function criteriaEnableP0P1Recall(criteria) {
+  return Array.isArray(criteria)
+    && criteria.some((entry) => P0P1_CRITERIA.has(String(entry).trim().toLowerCase()));
+}
+
+export function buildP0P1RecallProfile({ chunk, plan }) {
+  const ownerDomain = chunk.owner_domain ?? "unknown";
+  const highRiskOwnerDomain = HIGH_RISK_OWNER_DOMAINS.has(ownerDomain);
+  const calibrationExpectedDefects = Array.isArray(chunk.calibration_expected_defects)
+    ? chunk.calibration_expected_defects.length
+    : 0;
+
+  return {
+    profile_id: "p0_p1_recall",
+    objective: "Prioritize critical/high recall. Missing a P0/P1 issue is worse than a low-confidence false positive.",
+    severity_mapping: {
+      p0: "critical",
+      p1: "high",
+    },
+    priority_defect_classes: [
+      {
+        id: "fail_open_or_pseudo_success",
+        question: "Can an error, missing dependency, skipped work, or invalid evidence still produce a success posture?",
+      },
+      {
+        id: "authority_boundary_or_private_import_bypass",
+        question: "Can runtime/sdk/app/spec boundaries be bypassed or treated as advisory?",
+      },
+      {
+        id: "app_local_shadow_truth",
+        question: "Can an unadmitted file, host-local artifact, or generated projection become semantic truth?",
+      },
+      {
+        id: "partial_coverage_misrepresented_as_complete",
+        question: "Can partial, skipped, sampled, or authority-only coverage be reported as complete?",
+      },
+      {
+        id: "permission_or_capability_bypass",
+        question: "Can user, provider, filesystem, network, or app permissions be bypassed?",
+      },
+      {
+        id: "ungated_destructive_action",
+        question: "Can destructive mutation, deletion, overwrite, or publication happen without the required gate?",
+      },
+      {
+        id: "provider_or_model_hardcoding",
+        question: "Can provider or model selection be hardcoded instead of flowing through admitted authority and configuration?",
+      },
+    ],
+    triage_flow: [
+      "classify whether the chunk contains P0/P1-relevant authority or implementation evidence",
+      "scan authority_refs and evidence_inventory for every priority_defect_class",
+      "record candidate P0/P1 signals before spending time on low-severity cleanup",
+      "deep-audit only the files and flows tied to a candidate P0/P1 signal or trigger",
+      "cluster duplicate symptoms under one canonical root-cause finding",
+    ],
+    deep_audit_triggers: [
+      "p0_p1_signal_found_in_triage",
+      highRiskOwnerDomain ? "high_risk_owner_domain" : null,
+      calibrationExpectedDefects > 0 ? "calibration_expected_defects_present" : null,
+    ].filter(Boolean),
+    token_budget_policy: {
+      triage_first: true,
+      deep_audit_only_on_trigger: true,
+      cluster_duplicate_symptoms: true,
+      prefer_canonical_root_cause_findings: true,
+      pause_when_risk_budget_blocks_more_discovery: true,
+      max_sweep_high_risk_findings_before_pause: plan.risk_budget_policy?.max_sweep_high_risk_findings ?? null,
+      max_domain_high_risk_findings_before_pause: plan.risk_budget_policy?.max_domain_high_risk_findings ?? null,
+    },
+    no_p0p1_finding_requirement: {
+      required: true,
+      reasoning_field: "coverage.p0p1_negative_reasoning",
+      evidence_refs_field: "coverage.p0p1_evidence_refs",
+      implementation_not_applicable_reason_field: "coverage.p0p1_implementation_not_applicable_reason",
+      summary: "If no critical/high finding is emitted, explain why each applicable priority defect class did not produce a P0/P1 issue and cite implementation evidence; for empty implementation inventory, explicitly justify why implementation evidence is not applicable.",
+      evidence_refs_must_include_implementation: true,
+    },
+  };
+}