@oscharko-dev/keiko-server 0.2.0

package/dist/editor/assuredGateRunner.d.ts

@@ -0,0 +1,36 @@
+import type { AssuredGateRunner } from "./assuredPreFilter.js";
+export interface SandboxedCommand {
+    readonly command: string;
+    readonly args: readonly string[];
+}
+export interface SandboxedRunResult {
+    readonly exitCode: number | null;
+    readonly networkEnforced: boolean;
+    readonly filesystemEnforced: boolean;
+}
+export type SandboxedRun = (cmd: SandboxedCommand) => Promise<SandboxedRunResult>;
+export type ReportReader = (relativePath: string) => unknown;
+export declare function coveredDelta(baseline: unknown, patched: unknown, targetKeys: readonly string[]): {
+    readonly lineDelta: number;
+    readonly branchDelta: number;
+};
+export declare function strykerKilled(report: unknown): {
+    readonly killed: number;
+    readonly total: number;
+};
+export interface SandboxedGateRunnerSpec {
+    readonly enforced: boolean;
+    readonly run: SandboxedRun;
+    readonly readReport: ReportReader;
+    readonly buildCommand: SandboxedCommand;
+    readonly testCommand: SandboxedCommand;
+    readonly coverageCommand: SandboxedCommand;
+    readonly mutationCommand: SandboxedCommand;
+    readonly baselineCoverageReportPath: string;
+    readonly patchedCoverageReportPath: string;
+    readonly mutationReportPath: string;
+    readonly targetCoverageKeys: readonly string[];
+    readonly minMutantsKilled: number;
+}
+export declare function createSandboxedGateRunner(spec: SandboxedGateRunnerSpec): AssuredGateRunner;
+//# sourceMappingURL=assuredGateRunner.d.ts.map

package/dist/editor/assuredGateRunner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assuredGateRunner.d.ts","sourceRoot":"","sources":["../../src/editor/assuredGateRunner.ts"],"names":[],"mappings":"AAQA,OAAO,KAAK,EACV,iBAAiB,EAIlB,MAAM,uBAAuB,CAAC;AAE/B,MAAM,WAAW,gBAAgB;IAC/B,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAC;IACzB,QAAQ,CAAC,IAAI,EAAE,SAAS,MAAM,EAAE,CAAC;CAClC;AAED,MAAM,WAAW,kBAAkB;IACjC,QAAQ,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAAC;IACjC,QAAQ,CAAC,eAAe,EAAE,OAAO,CAAC;IAClC,QAAQ,CAAC,kBAAkB,EAAE,OAAO,CAAC;CACtC;AAGD,MAAM,MAAM,YAAY,GAAG,CAAC,GAAG,EAAE,gBAAgB,KAAK,OAAO,CAAC,kBAAkB,CAAC,CAAC;AAGlF,MAAM,MAAM,YAAY,GAAG,CAAC,YAAY,EAAE,MAAM,KAAK,OAAO,CAAC;AAqC7D,wBAAgB,YAAY,CAC1B,QAAQ,EAAE,OAAO,EACjB,OAAO,EAAE,OAAO,EAChB,UAAU,EAAE,SAAS,MAAM,EAAE,GAC5B;IAAE,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAM9D;AAwBD,wBAAgB,aAAa,CAAC,MAAM,EAAE,OAAO,GAAG;IAC9C,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB,CAYA;AAID,MAAM,WAAW,uBAAuB;IAEtC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,GAAG,EAAE,YAAY,CAAC;IAC3B,QAAQ,CAAC,UAAU,EAAE,YAAY,CAAC;IAClC,QAAQ,CAAC,YAAY,EAAE,gBAAgB,CAAC;IACxC,QAAQ,CAAC,WAAW,EAAE,gBAAgB,CAAC;IACvC,QAAQ,CAAC,eAAe,EAAE,gBAAgB,CAAC;IAC3C,QAAQ,CAAC,eAAe,EAAE,gBAAgB,CAAC;IAG3C,QAAQ,CAAC,0BAA0B,EAAE,MAAM,CAAC;IAC5C,QAAQ,CAAC,yBAAyB,EAAE,MAAM,CAAC;IAC3C,QAAQ,CAAC,kBAAkB,EAAE,MAAM,CAAC;IAEpC,QAAQ,CAAC,kBAAkB,EAAE,SAAS,MAAM,EAAE,CAAC;IAC/C,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC;AAMD,wBAAgB,yBAAyB,CAAC,IAAI,EAAE,uBAAuB,GAAG,iBAAiB,CA0B1F"}

package/dist/editor/assuredGateRunner.js

@@ -0,0 +1,100 @@
+// Effect adapter for the assured pre-filter (Issue #1202 wave-2; ADR-0043).
+//
+// Composes an injected sandboxed-command runner (in production: keiko-tools `runCommand` with
+// `network: "none"`, rooted at a disposable execution copy) and an injected report reader into the
+// AssuredGateRunner the pure orchestrator drives. The vitest-coverage-delta and Stryker-mutation
+// parsers are pure and unit-tested; the command execution + report reads are the injected effects, so
+// every gate runs inside the enforced egress boundary and the user's workspace is never written.
+// ─── Pure parsers ──────────────────────────────────────────────────────────────────────────────────
+function isRecord(value) {
+    return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function coveredCount(fileCoverage, metric) {
+    if (!isRecord(fileCoverage)) {
+        return 0;
+    }
+    const dimension = fileCoverage[metric];
+    if (!isRecord(dimension)) {
+        return 0;
+    }
+    const covered = dimension.covered;
+    return typeof covered === "number" && Number.isFinite(covered) ? covered : 0;
+}
+function sumCovered(summary, targetKeys, metric) {
+    if (!isRecord(summary)) {
+        return 0;
+    }
+    let total = 0;
+    for (const key of targetKeys) {
+        total += coveredCount(summary[key], metric);
+    }
+    return total;
+}
+// The strict increase in covered lines/branches for the target files between the pre-patch baseline
+// and the patched run. A vitest json-summary maps a file path to `{ lines: { covered }, branches: { covered } }`.
+export function coveredDelta(baseline, patched, targetKeys) {
+    return {
+        lineDelta: sumCovered(patched, targetKeys, "lines") - sumCovered(baseline, targetKeys, "lines"),
+        branchDelta: sumCovered(patched, targetKeys, "branches") - sumCovered(baseline, targetKeys, "branches"),
+    };
+}
+// Killed vs total injected mutants from a Stryker JSON report. A mutant is "detected" when Killed or
+// Timeout; Ignored/NoCoverage mutants are excluded from the total so a non-covered region does not
+// dilute the oracle-strength ratio.
+function countFileMutants(file) {
+    if (!isRecord(file) || !Array.isArray(file.mutants)) {
+        return { killed: 0, total: 0 };
+    }
+    let killed = 0;
+    let total = 0;
+    for (const mutant of file.mutants) {
+        const status = isRecord(mutant) ? mutant.status : undefined;
+        if (status === "Ignored" || status === "NoCoverage") {
+            continue;
+        }
+        total += 1;
+        if (status === "Killed" || status === "Timeout") {
+            killed += 1;
+        }
+    }
+    return { killed, total };
+}
+export function strykerKilled(report) {
+    if (!isRecord(report) || !isRecord(report.files)) {
+        return { killed: 0, total: 0 };
+    }
+    let killed = 0;
+    let total = 0;
+    for (const file of Object.values(report.files)) {
+        const counts = countFileMutants(file);
+        killed += counts.killed;
+        total += counts.total;
+    }
+    return { killed, total };
+}
+function ok(result) {
+    return result.exitCode === 0 && result.networkEnforced && result.filesystemEnforced;
+}
+export function createSandboxedGateRunner(spec) {
+    return {
+        enforced: spec.enforced,
+        build: async () => ({ ok: ok(await spec.run(spec.buildCommand)) }),
+        runTests: async () => ({ ok: ok(await spec.run(spec.testCommand)) }),
+        coverage: async () => {
+            const run = await spec.run(spec.coverageCommand);
+            if (!ok(run)) {
+                return { ok: false, lineDelta: 0, branchDelta: 0 };
+            }
+            const delta = coveredDelta(spec.readReport(spec.baselineCoverageReportPath), spec.readReport(spec.patchedCoverageReportPath), spec.targetCoverageKeys);
+            return { ok: delta.lineDelta > 0 || delta.branchDelta > 0, ...delta };
+        },
+        mutation: async () => {
+            const run = await spec.run(spec.mutationCommand);
+            if (!ok(run)) {
+                return { ok: false, killed: 0, total: 0 };
+            }
+            const counts = strykerKilled(spec.readReport(spec.mutationReportPath));
+            return { ok: counts.killed >= spec.minMutantsKilled, ...counts };
+        },
+    };
+}

package/dist/editor/assuredPreFilter.d.ts

@@ -0,0 +1,34 @@
+import { type EditorTestGenerationAssurance, type EditorTestGenerationFunnel } from "@oscharko-dev/keiko-contracts";
+export interface GateOutcome {
+    readonly ok: boolean;
+}
+export interface CoverageOutcome {
+    readonly ok: boolean;
+    readonly lineDelta: number;
+    readonly branchDelta: number;
+}
+export interface MutationOutcome {
+    readonly ok: boolean;
+    readonly killed: number;
+    readonly total: number;
+}
+export interface AssuredGateRunner {
+    readonly enforced: boolean;
+    readonly build: () => Promise<GateOutcome>;
+    readonly runTests: () => Promise<GateOutcome>;
+    readonly coverage: () => Promise<CoverageOutcome>;
+    readonly mutation: () => Promise<MutationOutcome>;
+}
+export interface AssuredPreFilterConfig {
+    readonly stabilityRuns: number;
+    readonly minMutantsKilled: number;
+}
+export declare const DEFAULT_ASSURED_PRE_FILTER_CONFIG: AssuredPreFilterConfig;
+export interface AssuredPreFilterOutcome {
+    readonly funnel: EditorTestGenerationFunnel;
+    readonly assurance: EditorTestGenerationAssurance;
+    readonly surfaced: boolean;
+    readonly rejectionReason?: string | undefined;
+}
+export declare function runAssuredPreFilter(runner: AssuredGateRunner, config?: AssuredPreFilterConfig): Promise<AssuredPreFilterOutcome>;
+//# sourceMappingURL=assuredPreFilter.d.ts.map

package/dist/editor/assuredPreFilter.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assuredPreFilter.d.ts","sourceRoot":"","sources":["../../src/editor/assuredPreFilter.ts"],"names":[],"mappings":"AAcA,OAAO,EAEL,KAAK,6BAA6B,EAClC,KAAK,0BAA0B,EAEhC,MAAM,+BAA+B,CAAC;AAEvC,MAAM,WAAW,WAAW;IAC1B,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;CACtB;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,SAAS,EAAE,MAAM,CAAC;IAC3B,QAAQ,CAAC,WAAW,EAAE,MAAM,CAAC;CAC9B;AAED,MAAM,WAAW,eAAe;IAC9B,QAAQ,CAAC,EAAE,EAAE,OAAO,CAAC;IACrB,QAAQ,CAAC,MAAM,EAAE,MAAM,CAAC;IACxB,QAAQ,CAAC,KAAK,EAAE,MAAM,CAAC;CACxB;AAGD,MAAM,WAAW,iBAAiB;IAEhC,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,KAAK,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IAC3C,QAAQ,CAAC,QAAQ,EAAE,MAAM,OAAO,CAAC,WAAW,CAAC,CAAC;IAC9C,QAAQ,CAAC,QAAQ,EAAE,MAAM,OAAO,CAAC,eAAe,CAAC,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,MAAM,OAAO,CAAC,eAAe,CAAC,CAAC;CACnD;AAED,MAAM,WAAW,sBAAsB;IACrC,QAAQ,CAAC,aAAa,EAAE,MAAM,CAAC;IAC/B,QAAQ,CAAC,gBAAgB,EAAE,MAAM,CAAC;CACnC;AAED,eAAO,MAAM,iCAAiC,EAAE,sBAG/C,CAAC;AAEF,MAAM,WAAW,uBAAuB;IACtC,QAAQ,CAAC,MAAM,EAAE,0BAA0B,CAAC;IAC5C,QAAQ,CAAC,SAAS,EAAE,6BAA6B,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,OAAO,CAAC;IAC3B,QAAQ,CAAC,eAAe,CAAC,EAAE,MAAM,GAAG,SAAS,CAAC;CAC/C;AAiKD,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,iBAAiB,EACzB,MAAM,GAAE,sBAA0D,GACjE,OAAO,CAAC,uBAAuB,CAAC,CAoBlC"}

package/dist/editor/assuredPreFilter.js

@@ -0,0 +1,134 @@
+// Assured pre-filter for editor-driven test generation (Issue #1202 wave-2; ADR-0042 D7, ADR-0043).
+//
+// Models Meta's "Automated Unit Test Improvement" assurance funnel: a generated candidate is surfaced
+// as apply-ready ONLY if, in order, it builds → passes → is stable across N>=5 executions → strictly
+// increases coverage for the target → kills enough injected mutants (oracle strength, which supersedes
+// the qualitative anti-tautology rule for the first TS/JS stack). Every gate executes UNTRUSTED,
+// model-generated code, so it runs through an enforced deny-by-default egress boundary (keiko-sandbox,
+// ADR-0043). When the boundary is not enforced the pre-filter refuses to execute and reports the
+// candidate as untrusted evidence only — never `assured` (owner decision on #1202).
+//
+// This module is the PURE sequencing + funnel/assurance decision over an injected AssuredGateRunner;
+// the runner (which materialises a disposable execution root and runs build/vitest/Stryker through the
+// sandboxed command boundary) is the effect, assembled in assuredGateRunner.ts.
+import { EDITOR_TEST_GENERATION_STABILITY_RUNS, } from "@oscharko-dev/keiko-contracts";
+export const DEFAULT_ASSURED_PRE_FILTER_CONFIG = {
+    stabilityRuns: EDITOR_TEST_GENERATION_STABILITY_RUNS,
+    minMutantsKilled: 1,
+};
+const NOT_ENFORCED_REASON = "The deny-by-default network-egress boundary required to execute the candidate is not enforced on " +
+    "this host; the candidate is shown as untrusted evidence only and is not assured.";
+function allNotRun() {
+    return {
+        build: "not-run",
+        pass: "not-run",
+        stability: "not-run",
+        coverage: "not-run",
+        mutation: "not-run",
+        antiTautology: "not-run",
+    };
+}
+function toFunnel(states, surfaced, config, evidence) {
+    return {
+        executionEnabled: true,
+        candidatesGenerated: 1,
+        candidatesSurfaced: surfaced ? 1 : 0,
+        stabilityRunsRequired: config.stabilityRuns,
+        build: states.build,
+        pass: states.pass,
+        stability: states.stability,
+        coverage: states.coverage,
+        mutation: states.mutation,
+        antiTautology: states.antiTautology,
+        ...(evidence.coverageLineDelta === undefined
+            ? {}
+            : { coverageLineDelta: evidence.coverageLineDelta }),
+        ...(evidence.coverageBranchDelta === undefined
+            ? {}
+            : { coverageBranchDelta: evidence.coverageBranchDelta }),
+        ...(evidence.mutantsKilled === undefined ? {} : { mutantsKilled: evidence.mutantsKilled }),
+        ...(evidence.mutantsTotal === undefined ? {} : { mutantsTotal: evidence.mutantsTotal }),
+    };
+}
+function reject(states, config, reason, evidence = {}) {
+    return {
+        funnel: toFunnel(states, false, config, evidence),
+        assurance: "unverified",
+        surfaced: false,
+        rejectionReason: reason,
+    };
+}
+// Runs the candidate test `stabilityRuns` times. The first run is the `pass` gate; all runs together
+// are the `stability` gate (no flakiness across N executions).
+async function runStability(runner, runs) {
+    let firstOk = false;
+    let allOk = true;
+    for (let i = 0; i < runs; i += 1) {
+        const outcome = await runner.runTests();
+        if (i === 0) {
+            firstOk = outcome.ok;
+        }
+        if (!outcome.ok) {
+            allOk = false;
+        }
+    }
+    return { firstOk, allOk };
+}
+// Each gate mutates `states`/`evidence` and returns a rejection outcome to stop the funnel, or
+// undefined to continue. Splitting per gate keeps the orchestrator short and within complexity limits.
+async function buildGate(runner, states, config) {
+    const build = await runner.build();
+    states.build = build.ok ? "passed" : "failed";
+    return build.ok ? undefined : reject(states, config, "The generated candidate does not build.");
+}
+async function stabilityGate(runner, states, config) {
+    const stability = await runStability(runner, config.stabilityRuns);
+    states.pass = stability.firstOk ? "passed" : "failed";
+    if (!stability.firstOk) {
+        return reject(states, config, "The generated candidate test does not pass.");
+    }
+    states.stability = stability.allOk ? "passed" : "failed";
+    return stability.allOk
+        ? undefined
+        : reject(states, config, "The generated candidate test is flaky across stability runs.");
+}
+async function coverageGate(runner, states, config, evidence) {
+    const cov = await runner.coverage();
+    states.coverage = cov.ok ? "passed" : "failed";
+    evidence.coverageLineDelta = cov.lineDelta;
+    evidence.coverageBranchDelta = cov.branchDelta;
+    return cov.ok
+        ? undefined
+        : reject(states, config, "The generated candidate does not increase coverage.", evidence);
+}
+async function mutationGate(runner, states, config, evidence) {
+    const mut = await runner.mutation();
+    evidence.mutantsKilled = mut.killed;
+    evidence.mutantsTotal = mut.total;
+    states.mutation = mut.ok ? "passed" : "failed";
+    // Mutation (oracle strength) supersedes the qualitative anti-tautology rule for the first stack.
+    states.antiTautology = mut.ok ? "passed" : "failed";
+    return mut.ok
+        ? undefined
+        : reject(states, config, "The generated candidate does not kill enough injected mutants (weak oracle).", evidence);
+}
+export async function runAssuredPreFilter(runner, config = DEFAULT_ASSURED_PRE_FILTER_CONFIG) {
+    if (!runner.enforced) {
+        return {
+            funnel: toFunnel(allNotRun(), false, config, {}),
+            assurance: "unverified",
+            surfaced: false,
+            rejectionReason: NOT_ENFORCED_REASON,
+        };
+    }
+    const states = allNotRun();
+    const evidence = {};
+    const rejected = (await buildGate(runner, states, config)) ??
+        (await stabilityGate(runner, states, config)) ??
+        (await coverageGate(runner, states, config, evidence)) ??
+        (await mutationGate(runner, states, config, evidence));
+    if (rejected !== undefined) {
+        return rejected;
+    }
+    return { funnel: toFunnel(states, true, config, evidence), assurance: "assured", surfaced: true };
+}

package/dist/editor/assuredPreFilterRunner.d.ts

@@ -0,0 +1,31 @@
+import { type CommandRule, type EditorTestGenerationWirePatch, type EditorTestGenerationWireRequest, type EditorTestGenerationWireTarget } from "@oscharko-dev/keiko-contracts";
+import type { AssuredPreFilterOutcome } from "./assuredPreFilter.js";
+import type { SandboxedCommand } from "./assuredGateRunner.js";
+export type AssuredVerificationKind = "vitest" | "playwright";
+export interface AssuredPreFilterArgs {
+    readonly patch: EditorTestGenerationWirePatch;
+    readonly request: EditorTestGenerationWireRequest;
+    readonly realRoot: string;
+    readonly signal: AbortSignal;
+    readonly verification?: AssuredVerificationKind | undefined;
+}
+export type AssuredPreFilterPort = (args: AssuredPreFilterArgs) => Promise<AssuredPreFilterOutcome>;
+export declare const ASSURED_COMMAND_RULES: readonly CommandRule[];
+export declare function targetSourceRelPath(target: EditorTestGenerationWireTarget): string;
+interface GateCommands {
+    readonly build: SandboxedCommand;
+    readonly test: SandboxedCommand;
+    readonly baseline: SandboxedCommand;
+    readonly coverage: SandboxedCommand;
+    readonly mutation: SandboxedCommand;
+}
+export declare function planGateCommands(kind?: AssuredVerificationKind): GateCommands;
+export declare function relativizeCoverageSummary(summary: unknown, root: string): unknown;
+export declare function candidateFileText(edits: readonly {
+    readonly newText: string;
+}[]): string;
+export declare function candidateWritePath(root: string, path: string): string;
+export declare function writeCandidateInto(root: string, patch: EditorTestGenerationWirePatch): void;
+export declare const defaultAssuredPreFilter: AssuredPreFilterPort;
+export {};
+//# sourceMappingURL=assuredPreFilterRunner.d.ts.map

package/dist/editor/assuredPreFilterRunner.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"assuredPreFilterRunner.d.ts","sourceRoot":"","sources":["../../src/editor/assuredPreFilterRunner.ts"],"names":[],"mappings":"AAyBA,OAAO,EAGL,KAAK,WAAW,EAChB,KAAK,6BAA6B,EAClC,KAAK,+BAA+B,EACpC,KAAK,8BAA8B,EACpC,MAAM,+BAA+B,CAAC;AAUvC,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,uBAAuB,CAAC;AACrE,OAAO,KAAK,EAAE,gBAAgB,EAAsB,MAAM,wBAAwB,CAAC;AAYnF,MAAM,MAAM,uBAAuB,GAAG,QAAQ,GAAG,YAAY,CAAC;AAE9D,MAAM,WAAW,oBAAoB;IACnC,QAAQ,CAAC,KAAK,EAAE,6BAA6B,CAAC;IAC9C,QAAQ,CAAC,OAAO,EAAE,+BAA+B,CAAC;IAClD,QAAQ,CAAC,QAAQ,EAAE,MAAM,CAAC;IAC1B,QAAQ,CAAC,MAAM,EAAE,WAAW,CAAC;IAE7B,QAAQ,CAAC,YAAY,CAAC,EAAE,uBAAuB,GAAG,SAAS,CAAC;CAC7D;AAED,MAAM,MAAM,oBAAoB,GAAG,CAAC,IAAI,EAAE,oBAAoB,KAAK,OAAO,CAAC,uBAAuB,CAAC,CAAC;AAwBpG,eAAO,MAAM,qBAAqB,EAAE,SAAS,WAAW,EAOtD,CAAC;AAYH,wBAAgB,mBAAmB,CAAC,MAAM,EAAE,8BAA8B,GAAG,MAAM,CAIlF;AAED,UAAU,YAAY;IACpB,QAAQ,CAAC,KAAK,EAAE,gBAAgB,CAAC;IACjC,QAAQ,CAAC,IAAI,EAAE,gBAAgB,CAAC;IAChC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;IACpC,QAAQ,CAAC,QAAQ,EAAE,gBAAgB,CAAC;CACrC;AA+CD,wBAAgB,gBAAgB,CAAC,IAAI,GAAE,uBAAkC,GAAG,YAAY,CAEvF;AAID,wBAAgB,yBAAyB,CAAC,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,MAAM,GAAG,OAAO,CAUjF;AAID,wBAAgB,iBAAiB,CAAC,KAAK,EAAE,SAAS;IAAE,QAAQ,CAAC,OAAO,EAAE,MAAM,CAAA;CAAE,EAAE,GAAG,MAAM,CAExF;AAyID,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,GAAG,MAAM,CAYrE;AAED,wBAAgB,kBAAkB,CAAC,IAAI,EAAE,MAAM,EAAE,KAAK,EAAE,6BAA6B,GAAG,IAAI,CAS3F;AAqDD,eAAO,MAAM,uBAAuB,EAAE,oBAC0D,CAAC"}

package/dist/editor/assuredPreFilterRunner.js

@@ -0,0 +1,312 @@
+// Production assembly of the assured pre-filter (Issue #1202 wave-2; ADR-0043).
+//
+// Wires the disposable-execution composition to real effects: a throwaway copy of the target project,
+// a sandboxed command runner (keiko-tools `runCommand` with `network: "none"` — the enforced egress
+// boundary), JSON report reads, and guaranteed cleanup. Enforcement is decided by keiko-sandbox; on a
+// host with no enforcing backend the pre-filter fails closed (the candidate is untrusted evidence
+// only, never `assured`). The TS/JS gate toolchain (tsc + vitest + Stryker) is the first stack the
+// Review Addendum scopes; the project-specific isolated-execution harness it composes is the shared
+// path #1204/#1206 generalise.
+//
+// The command/coverage-key builders are pure and unit-tested; the filesystem copy and sandboxed spawn
+// are thin node effects exercised when the feature is enabled on a host with a sandbox backend.
+import { cpSync, existsSync, mkdirSync, mkdtempSync, readFileSync, realpathSync, rmSync, writeFileSync, } from "node:fs";
+import { tmpdir } from "node:os";
+import { basename, dirname, join, relative, resolve, sep } from "node:path";
+import { DEFAULT_SANDBOX_POLICY, isValidScopePath, } from "@oscharko-dev/keiko-contracts";
+import { runCommand } from "@oscharko-dev/keiko-tools";
+import { nodeSpawnFn } from "@oscharko-dev/keiko-tools/internal/exec";
+import { containedRealPathInfo, isDenied, resolveWithinWorkspace, } from "@oscharko-dev/keiko-workspace";
+import { nodeWorkspaceFs } from "@oscharko-dev/keiko-workspace/internal/fs";
+import { runDisposableAssuredPreFilter, sandboxEnforcesAssuredIsolation, } from "./disposableAssuredExecution.js";
+const ASSURED_DIR = ".keiko-assured";
+const BASELINE_SUMMARY = `${ASSURED_DIR}/baseline/coverage-summary.json`;
+const PATCHED_SUMMARY = `${ASSURED_DIR}/patched/coverage-summary.json`;
+const MUTATION_REPORT = `${ASSURED_DIR}/mutation/mutation.json`;
+const MUTATION_CONFIG = `${ASSURED_DIR}/mutation/stryker.conf.json`;
+const PROOF_SNIPPET = [
+    "const fs = require('fs');",
+    "const path = require('path');",
+    "const [outsideRead, outsideWrite, insideWrite] = process.argv.slice(1);",
+    "let readOutside = false;",
+    "let wroteOutside = false;",
+    "let wroteInside = false;",
+    "try { fs.readFileSync(outsideRead, 'utf8'); readOutside = true; } catch {}",
+    "try { fs.writeFileSync(outsideWrite, 'outside'); wroteOutside = true; } catch {}",
+    "try { fs.mkdirSync(path.dirname(insideWrite), { recursive: true });",
+    "  fs.writeFileSync(insideWrite, 'inside'); wroteInside = true; } catch {}",
+    "process.stdout.write(JSON.stringify({ readOutside, wroteOutside, wroteInside }));",
+].join("");
+// Command rules for the assured toolchain: only the deterministic node test toolchain, no network
+// tools. Policy requires `npx --no-install <tool>` before every allowed tool, so the no-fetch invariant
+// is enforced by the sandbox allowlist in addition to the command builders.
+export const ASSURED_COMMAND_RULES = Object.freeze([
+    {
+        executable: "npx",
+        allowedSubcommands: Object.freeze(["tsc", "vitest", "stryker", "playwright"]),
+        requiredLeadingFlags: Object.freeze(["--no-install"]),
+        denyFlags: Object.freeze(["-c", "--call", "-y", "--yes"]),
+    },
+]);
+const ASSURED_PROOF_RULES = Object.freeze([{ executable: "node" }]);
+let assuredIsolationProof;
+function npx(args) {
+    return { command: "npx", args };
+}
+// ─── Pure builders (unit-tested) ─────────────────────────────────────────────────────────────────
+// The source file under test, relative to the project root, used as the coverage key whose covered
+// lines must strictly increase.
+export function targetSourceRelPath(target) {
+    return target.kind === "changed-file-set"
+        ? (target.documents[0]?.path ?? "")
+        : target.document.path;
+}
+// The vitest gate commands (the #1202 default), all writing JSON reports under ASSURED_DIR so they can
+// be read back deterministically. Baseline coverage runs the existing suite before the candidate is
+// applied; the patched coverage run includes the candidate.
+function vitestGateCommands() {
+    return {
+        build: npx(["--no-install", "tsc", "--noEmit"]),
+        test: npx(["--no-install", "vitest", "run"]),
+        baseline: npx([
+            "--no-install",
+            "vitest",
+            "run",
+            "--coverage",
+            "--coverage.reporter=json-summary",
+            `--coverage.reportsDirectory=${ASSURED_DIR}/baseline`,
+        ]),
+        coverage: npx([
+            "--no-install",
+            "vitest",
+            "run",
+            "--coverage",
+            "--coverage.reporter=json-summary",
+            `--coverage.reportsDirectory=${ASSURED_DIR}/patched`,
+        ]),
+        mutation: npx(["--no-install", "stryker", "run", MUTATION_CONFIG]),
+    };
+}
+// The Playwright gate commands (Issue #1203 browser-smoke). The candidate is type-checked and executed
+// as a Playwright suite under the same hardened, no-install, no-network sandbox as the vitest toolchain.
+// There is no vitest coverage/mutation oracle for an end-to-end smoke, so the coverage/baseline/mutation
+// slots run the same suite and emit no JSON report — those gates therefore cannot pass and the candidate
+// stays `unverified`, never `assured`.
+function playwrightGateCommands() {
+    const run = npx(["--no-install", "playwright", "test"]);
+    return {
+        build: npx(["--no-install", "tsc", "--noEmit"]),
+        test: run,
+        baseline: run,
+        coverage: run,
+        mutation: run,
+    };
+}
+// Selects the gate commands for the verification toolchain. Defaults to vitest, so callers that do not
+// pass a kind keep the exact #1202 command set.
+export function planGateCommands(kind = "vitest") {
+    return kind === "playwright" ? playwrightGateCommands() : vitestGateCommands();
+}
+// Normalises a vitest coverage summary's absolute file keys to project-relative paths so the covered
+// delta matches the relative target key regardless of where the disposable root lives.
+export function relativizeCoverageSummary(summary, root) {
+    if (typeof summary !== "object" || summary === null) {
+        return summary;
+    }
+    const prefix = root.endsWith("/") ? root : `${root}/`;
+    const out = {};
+    for (const [key, value] of Object.entries(summary)) {
+        out[key.startsWith(prefix) ? key.slice(prefix.length) : key] = value;
+    }
+    return out;
+}
+// Concatenates a candidate file's edit text. The generated candidate is a new (or rewritten) test
+// file, so the edits' newText is its content; deleted files contribute nothing.
+export function candidateFileText(edits) {
+    return edits.map((edit) => edit.newText).join("");
+}
+// ─── Node effects ────────────────────────────────────────────────────────────────────────────────
+function disposableWorkspace(root) {
+    return {
+        root,
+        name: undefined,
+        version: undefined,
+        testFramework: "unknown",
+        sourceDirs: [],
+        testDirs: [],
+        languages: [],
+        ignoreLines: [],
+    };
+}
+// Runs one untrusted command in the disposable root through the enforced sandbox (network:"none").
+async function runSandboxed(root, cmd, signal) {
+    const proof = (assuredIsolationProof ??= proveAssuredIsolation(root, signal));
+    if (!(await proof)) {
+        return { exitCode: 1, networkEnforced: false, filesystemEnforced: false };
+    }
+    const result = await runCommand({ command: cmd.command, args: cmd.args, cwd: undefined, timeoutMs: undefined, signal }, {
+        workspace: disposableWorkspace(root),
+        policy: {
+            ...DEFAULT_SANDBOX_POLICY,
+            network: "none",
+            filesystem: "execution-root",
+        },
+        commandRules: ASSURED_COMMAND_RULES,
+        spawn: nodeSpawnFn,
+        processEnv: process.env,
+        now: () => Date.now(),
+    });
+    return {
+        exitCode: result.exitCode,
+        networkEnforced: result.attestation?.networkEnforced === true,
+        filesystemEnforced: result.attestation?.filesystemEnforced === true,
+    };
+}
+async function proveAssuredIsolation(root, signal) {
+    const outsideDir = join(dirname(root), `${basename(root)}-outside-proof`);
+    const outsideRead = join(outsideDir, "read.txt");
+    const outsideWrite = join(outsideDir, "write.txt");
+    const insideWrite = join(ASSURED_DIR, "proof", "inside.txt");
+    mkdirSync(outsideDir, { recursive: true });
+    writeFileSync(outsideRead, "outside\n", "utf8");
+    try {
+        const result = await runCommand({
+            command: "node",
+            args: ["-e", PROOF_SNIPPET, outsideRead, outsideWrite, insideWrite],
+            cwd: undefined,
+            timeoutMs: undefined,
+            signal,
+        }, {
+            workspace: disposableWorkspace(root),
+            policy: {
+                ...DEFAULT_SANDBOX_POLICY,
+                network: "none",
+                filesystem: "execution-root",
+            },
+            commandRules: ASSURED_PROOF_RULES,
+            spawn: nodeSpawnFn,
+            processEnv: process.env,
+            now: () => Date.now(),
+        });
+        const { attestation } = result;
+        return (result.exitCode === 0 &&
+            attestation !== undefined &&
+            attestation.networkEnforced &&
+            attestation.filesystemEnforced &&
+            result.stdout.includes('"readOutside":false') &&
+            result.stdout.includes('"wroteOutside":false') &&
+            result.stdout.includes('"wroteInside":true'));
+    }
+    catch {
+        return false;
+    }
+    finally {
+        rmSync(outsideDir, { recursive: true, force: true });
+    }
+}
+function readJsonReport(root, relativePath) {
+    try {
+        return JSON.parse(readFileSync(join(root, relativePath), "utf8"));
+    }
+    catch {
+        return undefined;
+    }
+}
+function isExcludedFromCopy(src) {
+    return (src.includes(`${sep}.git${sep}`) || src.endsWith(`${sep}.git`) || src.includes(ASSURED_DIR));
+}
+function isUnsafeRelativePath(path) {
+    return (path.length === 0 ||
+        path.includes("\u0000") ||
+        path.includes("\\") ||
+        path.startsWith("/") ||
+        /^[A-Za-z]:/.test(path) ||
+        !isValidScopePath(path, { mustBeRelative: true }) ||
+        isDenied(path));
+}
+function assertExistingParentContained(root, absolute) {
+    let parent = dirname(absolute);
+    while (!existsSync(parent)) {
+        const next = dirname(parent);
+        if (next === parent) {
+            break;
+        }
+        parent = next;
+    }
+    const rootReal = realpathSync(root);
+    const parentInfo = containedRealPathInfo(nodeWorkspaceFs, rootReal, parent);
+    if (isDenied(parentInfo.realRelative)) {
+        throw new Error("candidate patch parent path is denied");
+    }
+}
+export function candidateWritePath(root, path) {
+    if (isUnsafeRelativePath(path)) {
+        throw new Error("candidate patch path is unsafe");
+    }
+    const rootReal = realpathSync(root);
+    const absolute = resolveWithinWorkspace(rootReal, path);
+    const lexicalRelative = relative(rootReal, resolve(rootReal, path));
+    if (lexicalRelative.startsWith("..") || lexicalRelative === "" || isDenied(lexicalRelative)) {
+        throw new Error("candidate patch path escapes the disposable root");
+    }
+    assertExistingParentContained(rootReal, absolute);
+    return absolute;
+}
+export function writeCandidateInto(root, patch) {
+    for (const file of patch.files) {
+        if (file.changeKind === "deleted") {
+            continue;
+        }
+        const absolute = candidateWritePath(root, file.path);
+        mkdirSync(dirname(absolute), { recursive: true });
+        writeFileSync(absolute, candidateFileText(file.edits), "utf8");
+    }
+}
+function writeMutationConfig(root, target) {
+    const configPath = resolve(root, MUTATION_CONFIG);
+    mkdirSync(dirname(configPath), { recursive: true });
+    const config = {
+        reporters: ["json"],
+        jsonReporter: { fileName: MUTATION_REPORT },
+        testRunner: "vitest",
+        packageManager: "npm",
+        mutate: [targetSourceRelPath(target)],
+    };
+    writeFileSync(configPath, `${JSON.stringify(config, null, 2)}\n`, "utf8");
+}
+function nodePorts(args, enforced) {
+    const cmds = planGateCommands(args.verification);
+    return {
+        enforced,
+        makeRoot: () => {
+            const root = mkdtempSync(join(tmpdir(), "keiko-assured-"));
+            cpSync(args.realRoot, root, { recursive: true, filter: (src) => !isExcludedFromCopy(src) });
+            writeMutationConfig(root, args.request.target);
+            return Promise.resolve(root);
+        },
+        measureBaseline: (root) => runSandboxed(root, cmds.baseline, args.signal).then(() => undefined),
+        applyCandidate: (root) => {
+            writeCandidateInto(root, args.patch);
+            return Promise.resolve();
+        },
+        run: (root, cmd) => runSandboxed(root, cmd, args.signal),
+        readReport: (root, relativePath) => relativePath === BASELINE_SUMMARY || relativePath === PATCHED_SUMMARY
+            ? relativizeCoverageSummary(readJsonReport(root, relativePath), root)
+            : readJsonReport(root, relativePath),
+        dispose: (root) => {
+            rmSync(root, { recursive: true, force: true });
+            return Promise.resolve();
+        },
+        buildCommand: cmds.build,
+        testCommand: cmds.test,
+        coverageCommand: cmds.coverage,
+        mutationCommand: cmds.mutation,
+        baselineCoverageReportPath: BASELINE_SUMMARY,
+        patchedCoverageReportPath: PATCHED_SUMMARY,
+        mutationReportPath: MUTATION_REPORT,
+        targetCoverageKeys: [targetSourceRelPath(args.request.target)],
+    };
+}
+// The route's default pre-filter: decide enforcement, then run the assured funnel against a disposable
+// execution root (or fail closed when egress cannot be enforced on this host).
+export const defaultAssuredPreFilter = (args) => runDisposableAssuredPreFilter(nodePorts(args, sandboxEnforcesAssuredIsolation(args.realRoot)));