@ps-neko/nekowork 0.1.0-alpha.0

package/examples/trading-dashboard-mock/index.html

@@ -0,0 +1,76 @@
+<!doctype html>
+<html lang="en">
+  <head>
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
+    <title>NEKOWORK Trading Dashboard Mock</title>
+    <link rel="stylesheet" href="src/styles.css">
+  </head>
+  <body>
+    <main class="shell">
+      <header class="topbar">
+        <div>
+          <p class="eyebrow">Mock-only workspace</p>
+          <h1>Trading Dashboard</h1>
+        </div>
+        <div class="status" aria-label="Connection status">
+          <span class="status-dot"></span>
+          No broker connected
+        </div>
+      </header>
+
+      <section class="notice" aria-label="Safety notice">
+        Demo data only. Buy, sell, payment, broker, and account actions are disabled in this mock project.
+      </section>
+
+      <section class="grid">
+        <article class="panel market-panel">
+          <div class="panel-header">
+            <div>
+              <p class="eyebrow">Portfolio</p>
+              <h2>$124,820.44</h2>
+            </div>
+            <span class="gain">+2.8%</span>
+          </div>
+          <canvas id="portfolioChart" width="720" height="320" aria-label="Portfolio performance chart"></canvas>
+        </article>
+
+        <article class="panel">
+          <div class="panel-header compact">
+            <div>
+              <p class="eyebrow">Watchlist</p>
+              <h2>Mock Symbols</h2>
+            </div>
+          </div>
+          <div id="watchlist" class="watchlist"></div>
+        </article>
+
+        <article class="panel">
+          <div class="panel-header compact">
+            <div>
+              <p class="eyebrow">Order Ticket</p>
+              <h2>Disabled</h2>
+            </div>
+          </div>
+          <form class="ticket" aria-label="Disabled mock order ticket">
+            <label>
+              Symbol
+              <input value="NKO" disabled>
+            </label>
+            <label>
+              Quantity
+              <input value="25" disabled>
+            </label>
+            <div class="segmented" aria-label="Disabled side selector">
+              <button type="button" disabled>Buy</button>
+              <button type="button" disabled>Sell</button>
+            </div>
+            <button class="primary" type="button" disabled>Mock only</button>
+          </form>
+        </article>
+      </section>
+    </main>
+
+    <script type="module" src="src/app.js"></script>
+  </body>
+</html>

package/examples/trading-dashboard-mock/package.json

@@ -0,0 +1,9 @@
+{
+  "name": "nekowork-trading-dashboard-mock",
+  "version": "0.0.0",
+  "private": true,
+  "type": "module",
+  "scripts": {
+    "test": "node scripts/check.mjs"
+  }
+}

package/examples/trading-dashboard-mock/scripts/check.mjs

@@ -0,0 +1,54 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { fileURLToPath } from 'node:url';
+
+const root = path.resolve(path.dirname(fileURLToPath(import.meta.url)), '..');
+const files = [
+  'index.html',
+  'src/app.js',
+  'src/styles.css',
+  'fixtures/market.json',
+];
+
+for (const file of files) {
+  const full = path.join(root, file);
+  if (!fs.existsSync(full)) throw new Error(`missing required file: ${file}`);
+}
+
+const combined = files
+  .map(file => fs.readFileSync(path.join(root, file), 'utf8'))
+  .join('\n')
+  .toLowerCase();
+
+const forbidden = [
+  'fetch(',
+  'xmlhttprequest',
+  'websocket',
+  'broker-sdk',
+  'stripe',
+  'paypal',
+  'alpaca',
+  'interactivebrokers',
+  'binance',
+  'coinbase',
+];
+
+for (const token of forbidden) {
+  if (combined.includes(token)) {
+    throw new Error(`mock project must not include outbound or real-money wiring: ${token}`);
+  }
+}
+
+const html = fs.readFileSync(path.join(root, 'index.html'), 'utf8');
+if (!/disabled/.test(html)) throw new Error('order ticket must keep controls disabled');
+if (!/Demo data only/.test(html)) throw new Error('safety notice must be visible');
+
+const fixture = JSON.parse(fs.readFileSync(path.join(root, 'fixtures/market.json'), 'utf8'));
+if (!Array.isArray(fixture.portfolio) || fixture.portfolio.length < 6) {
+  throw new Error('portfolio fixture must include chart data');
+}
+if (!Array.isArray(fixture.symbols) || fixture.symbols.length < 3) {
+  throw new Error('symbol fixture must include watchlist data');
+}
+
+console.log('trading-dashboard-mock checks passed');

package/examples/trading-dashboard-mock/src/app.js

@@ -0,0 +1,83 @@
+const market = {
+  portfolio: [118.2, 119.4, 121.1, 120.3, 122.6, 124.0, 123.2, 125.7, 127.4, 126.9, 129.1, 131.3],
+  symbols: [
+    { symbol: 'NKO', name: 'Neko Systems', price: 142.35, change: 2.41 },
+    { symbol: 'VRFY', name: 'Verify Labs', price: 88.12, change: 1.26 },
+    { symbol: 'GATE', name: 'Gatehold Inc.', price: 54.67, change: 0.74 },
+    { symbol: 'MOCK', name: 'Mock Market ETF', price: 203.19, change: 3.08 },
+  ],
+};
+
+const chart = document.querySelector('#portfolioChart');
+const watchlist = document.querySelector('#watchlist');
+
+renderWatchlist(market.symbols);
+drawChart(chart, market.portfolio);
+
+function renderWatchlist(symbols) {
+  watchlist.replaceChildren(...symbols.map((item) => {
+    const row = document.createElement('div');
+    row.className = 'symbol';
+    row.innerHTML = `
+      <strong>${item.symbol}</strong>
+      <span class="price">$${item.price.toFixed(2)}</span>
+      <span>${item.name}</span>
+      <span class="delta">+${item.change.toFixed(2)}%</span>
+    `;
+    return row;
+  }));
+}
+
+function drawChart(canvas, values) {
+  const ctx = canvas.getContext('2d');
+  const width = canvas.width;
+  const height = canvas.height;
+  const pad = 34;
+  const min = Math.min(...values);
+  const max = Math.max(...values);
+  const xStep = (width - pad * 2) / (values.length - 1);
+  const yScale = (height - pad * 2) / (max - min);
+
+  ctx.clearRect(0, 0, width, height);
+  ctx.strokeStyle = '#d9e0ea';
+  ctx.lineWidth = 1;
+  for (let i = 0; i < 5; i += 1) {
+    const y = pad + ((height - pad * 2) / 4) * i;
+    ctx.beginPath();
+    ctx.moveTo(pad, y);
+    ctx.lineTo(width - pad, y);
+    ctx.stroke();
+  }
+
+  const points = values.map((value, index) => ({
+    x: pad + xStep * index,
+    y: height - pad - (value - min) * yScale,
+  }));
+
+  const gradient = ctx.createLinearGradient(0, pad, 0, height - pad);
+  gradient.addColorStop(0, 'rgba(21, 127, 116, 0.28)');
+  gradient.addColorStop(1, 'rgba(21, 127, 116, 0.02)');
+
+  ctx.beginPath();
+  ctx.moveTo(points[0].x, height - pad);
+  for (const point of points) ctx.lineTo(point.x, point.y);
+  ctx.lineTo(points.at(-1).x, height - pad);
+  ctx.closePath();
+  ctx.fillStyle = gradient;
+  ctx.fill();
+
+  ctx.beginPath();
+  points.forEach((point, index) => {
+    if (index === 0) ctx.moveTo(point.x, point.y);
+    else ctx.lineTo(point.x, point.y);
+  });
+  ctx.strokeStyle = '#157f74';
+  ctx.lineWidth = 4;
+  ctx.lineJoin = 'round';
+  ctx.lineCap = 'round';
+  ctx.stroke();
+
+  ctx.fillStyle = '#17202a';
+  ctx.font = '700 18px system-ui';
+  ctx.fillText('Mock portfolio trend', pad, pad - 10);
+}

package/examples/trading-dashboard-mock/src/styles.css

@@ -0,0 +1,227 @@
+:root {
+  color-scheme: light;
+  --bg: #f6f8fb;
+  --text: #17202a;
+  --muted: #657386;
+  --panel: #ffffff;
+  --line: #d9e0ea;
+  --accent: #157f74;
+  --accent-2: #3867d6;
+  --warn: #a85f00;
+  --shadow: 0 16px 40px rgba(27, 39, 51, 0.08);
+}
+
+* {
+  box-sizing: border-box;
+}
+
+body {
+  margin: 0;
+  min-height: 100vh;
+  background: var(--bg);
+  color: var(--text);
+  font-family: Inter, ui-sans-serif, system-ui, -apple-system, BlinkMacSystemFont, "Segoe UI", sans-serif;
+}
+
+.shell {
+  width: min(1180px, calc(100% - 32px));
+  margin: 0 auto;
+  padding: 28px 0;
+}
+
+.topbar {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 18px;
+  margin-bottom: 18px;
+}
+
+.eyebrow {
+  margin: 0 0 6px;
+  color: var(--muted);
+  font-size: 0.78rem;
+  font-weight: 700;
+  text-transform: uppercase;
+}
+
+h1,
+h2 {
+  margin: 0;
+  letter-spacing: 0;
+}
+
+h1 {
+  font-size: clamp(2rem, 4vw, 3.4rem);
+}
+
+h2 {
+  font-size: 1.25rem;
+}
+
+.status,
+.notice,
+.gain {
+  border: 1px solid var(--line);
+  border-radius: 8px;
+  background: var(--panel);
+}
+
+.status {
+  display: inline-flex;
+  align-items: center;
+  gap: 9px;
+  padding: 10px 12px;
+  color: var(--muted);
+  font-weight: 700;
+  white-space: nowrap;
+}
+
+.status-dot {
+  width: 10px;
+  height: 10px;
+  border-radius: 999px;
+  background: var(--warn);
+}
+
+.notice {
+  margin-bottom: 18px;
+  padding: 13px 15px;
+  color: #5d3a00;
+  background: #fff8ea;
+}
+
+.grid {
+  display: grid;
+  grid-template-columns: minmax(0, 1.6fr) minmax(260px, 0.8fr);
+  gap: 16px;
+}
+
+.panel {
+  border: 1px solid var(--line);
+  border-radius: 8px;
+  padding: 18px;
+  background: var(--panel);
+  box-shadow: var(--shadow);
+}
+
+.market-panel {
+  grid-row: span 2;
+}
+
+.panel-header {
+  display: flex;
+  align-items: start;
+  justify-content: space-between;
+  gap: 14px;
+  margin-bottom: 18px;
+}
+
+.panel-header.compact {
+  margin-bottom: 14px;
+}
+
+.gain {
+  padding: 8px 10px;
+  color: var(--accent);
+  font-weight: 800;
+  background: #ebfaf5;
+}
+
+canvas {
+  display: block;
+  width: 100%;
+  height: auto;
+  aspect-ratio: 16 / 7;
+  border-radius: 8px;
+  background: #f9fbfe;
+}
+
+.watchlist {
+  display: grid;
+  gap: 10px;
+}
+
+.symbol {
+  display: grid;
+  grid-template-columns: 1fr auto;
+  gap: 4px 10px;
+  padding: 12px;
+  border: 1px solid var(--line);
+  border-radius: 8px;
+}
+
+.symbol strong,
+.price {
+  font-size: 0.95rem;
+}
+
+.symbol span {
+  color: var(--muted);
+  font-size: 0.82rem;
+}
+
+.delta {
+  color: var(--accent);
+  font-weight: 800;
+}
+
+.ticket {
+  display: grid;
+  gap: 12px;
+}
+
+label {
+  display: grid;
+  gap: 6px;
+  color: var(--muted);
+  font-weight: 700;
+}
+
+input,
+button {
+  min-height: 42px;
+  border: 1px solid var(--line);
+  border-radius: 8px;
+  font: inherit;
+}
+
+input {
+  padding: 0 12px;
+  color: var(--muted);
+  background: #f4f6f9;
+}
+
+.segmented {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 8px;
+}
+
+button {
+  color: var(--muted);
+  background: #eef2f7;
+  font-weight: 800;
+}
+
+.primary {
+  color: #ffffff;
+  background: var(--accent-2);
+  opacity: 0.55;
+}
+
+@media (max-width: 780px) {
+  .topbar,
+  .panel-header {
+    align-items: stretch;
+    flex-direction: column;
+  }
+
+  .grid {
+    grid-template-columns: 1fr;
+  }
+
+  .market-panel {
+    grid-row: auto;
+  }
+}

package/hooks/hooks.json

@@ -0,0 +1,44 @@
+{
+  "$schema": "../schemas/hooks.schema.json",
+  "version": "0.0.1",
+  "PreToolUse": [
+    {
+      "matcher": "Bash",
+      "hook": "scripts/pre-bash-dispatcher.js",
+      "timeout_ms": 5000,
+      "env_toggle": "HARNESS_HOOK_PRE_BASH",
+      "comment": "block-no-verify, dev-server-block, commit-quality, push-reminder"
+    },
+    {
+      "matcher": "Edit|Write",
+      "hook": "scripts/gateguard-fact-force.js",
+      "timeout_ms": 8000,
+      "env_toggle": "HARNESS_HOOK_GATEGUARD",
+      "comment": "Edit/Write 직전 importer/API/schema 사실 조사 강제"
+    },
+    {
+      "matcher": "Edit|Write",
+      "hook": "scripts/config-protection.js",
+      "timeout_ms": 1000,
+      "env_toggle": "HARNESS_HOOK_CONFIG_PROTECTION",
+      "comment": ".env / *.pem / secret 파일 접근 차단"
+    }
+  ],
+  "PostToolUse": [
+    {
+      "matcher": "Edit|Write",
+      "hook": "scripts/quality-gate.js",
+      "timeout_ms": 30000,
+      "env_toggle": "HARNESS_HOOK_QUALITY_GATE",
+      "comment": "포맷·린트·타입체크. 실패 시 다음 도구 호출 차단"
+    }
+  ],
+  "Stop": [
+    {
+      "hook": "scripts/persistent-mode.mjs",
+      "timeout_ms": 5000,
+      "env_toggle": "HARNESS_HOOK_PERSISTENT_MODE",
+      "comment": "active 모드 검사, 영속 재개 신호 drop"
+    }
+  ]
+}

package/hooks/scripts/config-protection.js

@@ -0,0 +1,34 @@
+#!/usr/bin/env node
+// PreToolUse(Edit|Write) config-protection.
+// .env / *.pem / *.key / credentials 등 시크릿 파일 직접 편집 차단.
+
+import fs from 'node:fs';
+
+if (process.env.HARNESS_HOOK_CONFIG_PROTECTION === '0') process.exit(0);
+
+let input = '';
+try { input = fs.readFileSync(0, 'utf8'); } catch { /* TTY */ }
+let payload;
+try { payload = JSON.parse(input); } catch { payload = {}; }
+
+const targetPath = String(payload?.tool_input?.file_path ?? payload?.tool_input?.path ?? '');
+if (!targetPath) process.exit(0);
+
+const PROTECTED = [
+  /(^|[\\\/])\.env(\..+)?$/,
+  /\.(pem|key|crt|p12|pfx)$/i,
+  /(^|[\\\/])credentials([._-]|$)/i,
+  /id_rsa(\.pub)?$/,
+  /\.aws[\\\/]credentials/i,
+  /\.kube[\\\/]config/i,
+];
+
+for (const re of PROTECTED) {
+  if (re.test(targetPath)) {
+    process.stderr.write(`[config-protection] 차단: ${targetPath}\n`);
+    process.stderr.write('  사용자 룰 위반: 시크릿 / 인증 파일 직접 편집 금지.\n');
+    process.exit(2);
+  }
+}
+
+process.exit(0);

package/hooks/scripts/gateguard-fact-force.js

@@ -0,0 +1,146 @@
+#!/usr/bin/env node
+// PreToolUse(Edit|Write) gateguard-fact-force.
+// "Are you sure?" 자기평가는 무력. importer / public API / schema 사실을 강제로 디스크에 남긴다.
+//
+// 동작:
+//   1. tool_input.file_path 가 코드 파일인가? 아니면 통과.
+//   2. 사실 노트 파일 .harness/state/sessions/<id>/facts/<encoded>.md 존재?
+//      - 존재 + 답변 영역 비어있지 않음 → 통과 (이 세션에서 이미 조사함).
+//      - 존재 + 답변 영역 비어있음 → 차단 (질문에 답한 후 다시 시도).
+//      - 미존재 → 사실 노트 새로 생성 + 차단 (답한 후 재시도).
+//   3. importer / public API 후보를 정적으로 추출해 노트에 미리 박는다 (TS/JS 만).
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+if (process.env.HARNESS_HOOK_GATEGUARD === '0') process.exit(0);
+
+let input = '';
+try { input = fs.readFileSync(0, 'utf8'); } catch { /* TTY */ }
+let payload;
+try { payload = JSON.parse(input); } catch { payload = {}; }
+
+const targetPath = String(payload?.tool_input?.file_path ?? payload?.tool_input?.path ?? '').trim();
+if (!targetPath) process.exit(0);
+
+const ext = path.extname(targetPath);
+const isCode = ['.ts', '.tsx', '.js', '.mjs', '.cjs', '.py', '.go', '.rs', '.java', '.kt'].includes(ext);
+if (!isCode) process.exit(0);
+
+const sessionId = process.env.HARNESS_SESSION_ID || 'default';
+const root = process.env.HARNESS_ROOT || process.cwd();
+const factsDir = path.join(root, '.harness', 'state', 'sessions', sessionId, 'facts');
+fs.mkdirSync(factsDir, { recursive: true });
+
+const safeFileName = targetPath.replace(/[\\\/:*?"<>|]/g, '_');
+const factFile = path.join(factsDir, safeFileName + '.md');
+
+// 이미 답변된 사실 노트가 있는가?
+if (fs.existsSync(factFile)) {
+  const existing = fs.readFileSync(factFile, 'utf8');
+  const answered = /## 답변\s*\n[^\n#]*\S/.test(existing);
+  if (answered) process.exit(0);
+  process.stderr.write(`[gateguard] 차단: 사실 노트가 비어있음. ${factFile}\n`);
+  process.stderr.write(`[gateguard] '## 답변' 섹션을 채운 후 다시 시도.\n`);
+  process.exit(2);
+}
+
+// importer / API / schema 후보 추출 (TS/JS 만, 정적 패턴 매칭)
+const facts = inspectFile(targetPath, root);
+
+const note = `# Facts: ${targetPath}
+
+> gateguard-fact-force 가 자동 생성. self-evaluation ("are you sure?") 은 무력하다. 다음 3개 질문에 답한 후 Edit / Write 를 진행하라.
+
+## 1. Importers (이 파일을 참조하는 다른 파일)
+
+추출된 후보 (정적 검색):
+${facts.importers.length ? facts.importers.map(i => `- ${i}`).join('\n') : '- (없음)'}
+
+## 2. Public API (export 시그니처)
+
+추출된 후보:
+${facts.exports.length ? facts.exports.map(e => `- \`${e}\``).join('\n') : '- (없음)'}
+
+## 3. Schema / 데이터 (DB / API / config 영향)
+
+추출된 후보:
+${facts.schemas.length ? facts.schemas.map(s => `- ${s}`).join('\n') : '- (자동 추출 항목 없음 — 직접 확인 필요)'}
+
+## 답변
+
+(이 섹션을 비워두면 다음 Edit / Write 호출이 차단된다. 위 사실을 검토한 후 변경 의도와 영향을 한 단락으로 적는다.)
+
+
+`;
+
+fs.writeFileSync(factFile, note);
+process.stderr.write(`[gateguard] 사실 노트 생성: ${factFile}\n`);
+process.stderr.write(`[gateguard] 차단: '## 답변' 섹션을 채운 후 다시 시도.\n`);
+process.exit(2);
+
+// ============================================================
+
+function inspectFile(target, root) {
+  const result = { importers: [], exports: [], schemas: [] };
+
+  // public exports 추출 (TS/JS)
+  if (fs.existsSync(target)) {
+    const code = fs.readFileSync(target, 'utf8');
+    if (/\.(ts|tsx|js|mjs|cjs)$/.test(target)) {
+      const exportRe = /^\s*export\s+(?:default\s+)?(?:async\s+)?(?:function|class|const|let|var|interface|type|enum)\s+([A-Za-z_$][\w$]*)/gm;
+      let m;
+      while ((m = exportRe.exec(code))) result.exports.push(m[1]);
+      // export { a, b } 형식
+      const reexport = /^\s*export\s*\{\s*([^}]+)\}/gm;
+      while ((m = reexport.exec(code))) {
+        for (const id of m[1].split(',')) result.exports.push(id.trim().split(/\s+as\s+/)[0]);
+      }
+    }
+    if (/\.py$/.test(target)) {
+      const py = /^(?:def|class)\s+([A-Za-z_]\w*)/gm;
+      let m;
+      while ((m = py.exec(code))) result.exports.push(m[1]);
+    }
+    if (/schema|model|migration|sql/i.test(target)) {
+      result.schemas.push('파일 이름이 schema/model/migration 을 시사 — DB 영향 가능');
+    }
+  }
+
+  // importers 추출 — 같은 패키지의 src/, scripts/, agents/, hooks/, bridge/ 안에서 grep.
+  const baseName = path.basename(target).replace(/\.[^.]+$/, '');
+  const searchDirs = ['scripts', 'bridge', 'hooks', 'agents', 'skills'];
+  const seen = new Set();
+  for (const dir of searchDirs) {
+    const full = path.join(root, dir);
+    if (!fs.existsSync(full)) continue;
+    walk(full, (f) => {
+      if (seen.has(f) || f === target) return;
+      if (!/\.(ts|tsx|js|mjs|cjs|py)$/.test(f)) return;
+      const c = fs.readFileSync(f, 'utf8');
+      // import / require / from 형식 + 파일 베이스 이름 매칭
+      const re = new RegExp(`(?:import\\s+[^;]+from\\s+|require\\(\\s*|from\\s+)['"][^'"]*${escape(baseName)}[^'"]*['"]`);
+      if (re.test(c)) {
+        result.importers.push(path.relative(root, f).replace(/\\/g, '/'));
+        seen.add(f);
+      }
+    });
+  }
+
+  // 너무 많으면 자르기
+  if (result.importers.length > 20) result.importers = result.importers.slice(0, 20).concat(['... (+more)']);
+  if (result.exports.length > 30) result.exports = result.exports.slice(0, 30).concat(['... (+more)']);
+
+  return result;
+}
+
+function escape(s) { return s.replace(/[.*+?^${}()|[\]\\]/g, '\\$&'); }
+
+function walk(dir, fn) {
+  for (const e of fs.readdirSync(dir, { withFileTypes: true })) {
+    if (e.name === 'node_modules' || e.name === '.git' || e.name.startsWith('.')) continue;
+    const p = path.join(dir, e.name);
+    if (e.isDirectory()) walk(p, fn);
+    else fn(p);
+  }
+}