@ps-neko/nekowork 0.1.0-alpha.0

package/hooks/scripts/persistent-mode.mjs

@@ -0,0 +1,27 @@
+#!/usr/bin/env node
+// Stop persistent-mode.
+// If .harness/state/sessions/<id>/active exists, drop wakeup.json for
+// `harness wait start` to process.
+
+import fs from 'node:fs';
+import path from 'node:path';
+
+if (process.env.HARNESS_HOOK_PERSISTENT_MODE === '0') process.exit(0);
+
+const sessionId = process.env.HARNESS_SESSION_ID || 'default';
+const sessionDir = path.join('.harness', 'state', 'sessions', sessionId);
+const activeFlag = path.join(sessionDir, 'active');
+
+if (!fs.existsSync(activeFlag)) process.exit(0);
+
+const wakeup = path.join(sessionDir, 'wakeup.json');
+const payload = {
+  session_id: sessionId,
+  scheduled_at: new Date().toISOString(),
+  reason: 'Stop hook detected active flag',
+};
+fs.writeFileSync(wakeup, JSON.stringify(payload, null, 2));
+process.stderr.write(`[persistent-mode] wakeup signal: ${wakeup}\n`);
+process.stderr.write('[persistent-mode] wait daemon can resume supported active sessions\n');
+
+process.exit(0);

package/hooks/scripts/pre-bash-dispatcher.js

@@ -0,0 +1,63 @@
+#!/usr/bin/env node
+// PreToolUse(Bash) 디스패처. ECC pre-bash-dispatcher.js 패턴.
+// 단일 진입점 → 매처 분기 → 모듈. ENV 토글로 개별 on/off.
+// stdin JSON 으로 Claude Code hook 입력을 받고, 위험 패턴 발견 시 차단 메시지 출력.
+
+import fs from 'node:fs';
+
+if (process.env.HARNESS_HOOK_PRE_BASH === '0') process.exit(0);
+
+let input = '';
+try {
+  input = fs.readFileSync(0, 'utf8');
+} catch { /* TTY 호출도 허용 */ }
+
+let payload;
+try { payload = JSON.parse(input); } catch { payload = { tool_input: { command: '' } }; }
+
+const cmd = String(payload?.tool_input?.command ?? '');
+
+const RULES = [
+  { re: /\bgit\s+push\s+(-f|--force)/i,         msg: '금지: git push --force. 사용자 확인 필요.' },
+  { re: /\bgit\s+reset\s+--hard\b/i,            msg: '금지: git reset --hard 자동 실행. 사용자 확인 필요.' },
+  { re: /\brm\s+-rf\b/,                         msg: '금지: rm -rf 자동 실행.' },
+  { re: /--no-verify\b/,                        msg: '금지: --no-verify (hook 우회).' },
+  { re: /\bicacls\b.*Everyone:F/i,              msg: '금지: 전체 권한 부여.' },
+  { re: /\b(curl|wget)\b.*\|\s*(bash|sh)\b/,    msg: '금지: curl|bash 패턴 (공급망 위험).' },
+  { re: /\b(npm|pip)\s+(install|publish)\b/i,   msg: '확인 필요: 패키지 설치/배포 (사용자 룰).' },
+  { re: /\bshutdown\b|\breboot\b|\bformat\b/i,  msg: '금지: 시스템 명령.' },
+];
+
+const blocks = [];
+for (const r of RULES) if (r.re.test(cmd)) blocks.push(r.msg);
+
+// auth.policy.block_subscription_override 가드.
+// agent.yaml: providers.<name>.disallow_env_keys 와 동기. 자세한 배경은 docs/AUTH-MIGRATION.md.
+// LLM CLI 호출 직전 환경 변수에 long-lived API key 가 있으면 구독 OAuth 가 무시되어
+// 종량제 과금으로 빠지는 사고를 막는다. HARNESS_AUTH_ALLOW_ENV_OVERRIDE=1 로 명시 옵트아웃.
+const SUBSCRIPTION_GUARDS = [
+  { cli: /\bclaude\b/,             keys: ['ANTHROPIC_API_KEY'],                provider: 'Claude (Anthropic)' },
+  { cli: /\bcodex\b/,               keys: ['OPENAI_API_KEY'],                   provider: 'Codex (OpenAI)' },
+  { cli: /\bgemini\b|\bgcloud\b/,   keys: ['GEMINI_API_KEY', 'GOOGLE_API_KEY'], provider: 'Gemini (Google)' },
+];
+
+if (process.env.HARNESS_AUTH_ALLOW_ENV_OVERRIDE !== '1') {
+  for (const g of SUBSCRIPTION_GUARDS) {
+    if (!g.cli.test(cmd)) continue;
+    const set = g.keys.filter((k) => process.env[k]);
+    if (!set.length) continue;
+    blocks.push(
+      `구독 보호: ${g.provider} CLI 호출 직전 ${set.join(', ')} 가 환경에 설정되어 있습니다. ` +
+      `구독 OAuth 세션이 무시되어 종량제 과금으로 빠질 수 있습니다. ` +
+      `\`unset ${set.join(' ')}\` 또는 HARNESS_AUTH_ALLOW_ENV_OVERRIDE=1 로 명시 옵트아웃.`
+    );
+  }
+}
+
+if (blocks.length) {
+  process.stderr.write('[pre-bash-dispatcher] 차단:\n');
+  for (const b of blocks) process.stderr.write('  - ' + b + '\n');
+  process.exit(2);
+}
+
+process.exit(0);

package/hooks/scripts/quality-gate.js

@@ -0,0 +1,106 @@
+#!/usr/bin/env node
+// PostToolUse(Edit|Write) quality-gate.
+// 변경 파일의 확장자에 따라 빠른 검증:
+//   - .ts/.tsx: tsc --noEmit (해당 파일 + transitive). 가능하면 isolated.
+//   - .js/.mjs/.cjs: node --check 구문만.
+//   - .py: ruff check (있으면) + py_compile 폴백.
+// 실패 시 exit 2 → Claude Code 가 다음 도구 호출 차단.
+
+import fs from 'node:fs';
+import path from 'node:path';
+import { spawnSync } from 'node:child_process';
+
+if (process.env.HARNESS_HOOK_QUALITY_GATE === '0') process.exit(0);
+
+let input = '';
+try { input = fs.readFileSync(0, 'utf8'); } catch { /* TTY */ }
+let payload;
+try { payload = JSON.parse(input); } catch { payload = {}; }
+
+const targetPath = String(payload?.tool_input?.file_path ?? payload?.tool_input?.path ?? '').trim();
+if (!targetPath || !fs.existsSync(targetPath)) process.exit(0);
+
+const ext = path.extname(targetPath);
+const checks = [];
+
+if (['.ts', '.tsx'].includes(ext)) {
+  const tscBin = which('tsc');
+  if (tscBin) {
+    // Windows .cmd / .bat 호환: shell: true 사용. 인자에 공백 있는 경로는 따옴표.
+    const isWin = process.platform === 'win32';
+    const q = isWin ? `"${targetPath}"` : targetPath;
+    checks.push({
+      name: 'tsc',
+      cmd: tscBin,
+      args: ['--noEmit', '--allowJs', '--skipLibCheck', q],
+      shell: isWin,
+    });
+  } else {
+    checks.push({ name: 'node-syntax', cmd: process.execPath, args: ['--check', targetPath], allowFail: true });
+  }
+} else if (['.js', '.mjs', '.cjs'].includes(ext)) {
+  // ESM 은 --check 가 import 해석을 하지 않아 OK. 빠르고 false-negative 적음.
+  checks.push({ name: 'node-syntax', cmd: process.execPath, args: ['--check', targetPath] });
+} else if (ext === '.py') {
+  const ruff = which('ruff');
+  if (ruff) {
+    checks.push({ name: 'ruff', cmd: ruff, args: ['check', targetPath] });
+  }
+  checks.push({ name: 'py-compile', cmd: pythonCmd(), args: ['-m', 'py_compile', targetPath] });
+} else {
+  process.exit(0);
+}
+
+let failed = false;
+for (const c of checks) {
+  const r = spawnSync(c.cmd, c.args, { encoding: 'utf8', shell: c.shell || false });
+  if (r.status === 0) {
+    process.stderr.write(`[quality-gate] ${c.name}: OK ${targetPath}\n`);
+  } else if (c.allowFail) {
+    process.stderr.write(`[quality-gate] ${c.name}: WARN (allowed) ${targetPath}\n`);
+  } else {
+    failed = true;
+    process.stderr.write(`[quality-gate] ${c.name}: FAIL ${targetPath}\n`);
+    if (r.stdout) process.stderr.write(r.stdout);
+    if (r.stderr) process.stderr.write(r.stderr);
+  }
+}
+
+if (failed) {
+  process.stderr.write('[quality-gate] 다음 도구 호출 차단됨. 위 오류 수정 후 다시 진행.\n');
+  process.exit(2);
+}
+process.exit(0);
+
+// ----------------
+
+function which(bin) {
+  const sep = process.platform === 'win32' ? ';' : ':';
+  const exts = process.platform === 'win32'
+    ? (process.env.PATHEXT || '.EXE;.CMD;.BAT').split(';').map(e => e.toLowerCase())
+    : [''];
+
+  // 로컬 node_modules/.bin 을 우선 탐색 (cwd 부터 부모 디렉터리로 올라감).
+  const dirs = [];
+  let cur = process.cwd();
+  for (let i = 0; i < 6; i++) {
+    dirs.push(path.join(cur, 'node_modules', '.bin'));
+    const parent = path.dirname(cur);
+    if (parent === cur) break;
+    cur = parent;
+  }
+  // 그 다음 PATH
+  for (const d of (process.env.PATH || '').split(sep)) if (d) dirs.push(d);
+
+  for (const dir of dirs) {
+    for (const x of exts) {
+      const full = path.join(dir, bin + x);
+      if (fs.existsSync(full)) return full;
+    }
+  }
+  return null;
+}
+
+function pythonCmd() {
+  return which('python3') || which('python') || 'python';
+}

package/manifests/install-components.json

@@ -0,0 +1,195 @@
+{
+  "$schema": "../schemas/install-components.schema.json",
+  "version": "0.0.1",
+  "components": {
+    "rules:soul": {
+      "type": "rule",
+      "source": "SOUL.md",
+      "target": { "claude": "SOUL.md", "codex": "SOUL.md" }
+    },
+    "rules:rules": {
+      "type": "rule",
+      "source": "RULES.md",
+      "target": { "claude": "RULES.md", "codex": "RULES.md" }
+    },
+    "rules:claude": {
+      "type": "rule",
+      "source": "CLAUDE.md",
+      "target": { "claude": "CLAUDE.md" },
+      "marker_managed": true
+    },
+    "rules:agents": {
+      "type": "rule",
+      "source": "AGENTS.md",
+      "target": { "claude": "AGENTS.md", "codex": "AGENTS.md", "cursor": "AGENTS.md" },
+      "marker_managed": true
+    },
+    "rules:working-context": {
+      "type": "rule",
+      "source": "WORKING-CONTEXT.md",
+      "target": { "claude": "WORKING-CONTEXT.md" }
+    },
+    "rules:review": {
+      "type": "rule",
+      "source": "REVIEW.md",
+      "target": { "claude": "REVIEW.md", "codex": "REVIEW.md" }
+    },
+    "rules:common": {
+      "type": "rule_set",
+      "source": "rules/common/",
+      "target": { "claude": "rules/common/" }
+    },
+    "rules:typescript": {
+      "type": "rule_set",
+      "source": "rules/typescript/",
+      "target": { "claude": "rules/typescript/" }
+    },
+    "rules:python": {
+      "type": "rule_set",
+      "source": "rules/python/",
+      "target": { "claude": "rules/python/" }
+    },
+
+    "agent:architect": {
+      "type": "agent",
+      "source": "agents/architect.md",
+      "target": { "claude": ".claude/agents/architect.md" }
+    },
+    "agent:planner": {
+      "type": "agent",
+      "source": "agents/planner.md",
+      "target": { "claude": ".claude/agents/planner.md" }
+    },
+    "agent:executor": {
+      "type": "agent",
+      "source": "agents/executor.md",
+      "target": { "claude": ".claude/agents/executor.md" }
+    },
+    "agent:code-reviewer": {
+      "type": "agent",
+      "source": "agents/code-reviewer.md",
+      "target": { "claude": ".claude/agents/code-reviewer.md" }
+    },
+    "agent:codex-reviewer": {
+      "type": "agent",
+      "source": "agents/codex-reviewer.md",
+      "target": { "codex": ".codex/agents/codex-reviewer.toml" }
+    },
+    "agent:codex-challenger": {
+      "type": "agent",
+      "source": "agents/codex-challenger.md",
+      "target": { "codex": ".codex/agents/codex-challenger.toml" }
+    },
+    "agent:security-reviewer": {
+      "type": "agent",
+      "source": "agents/security-reviewer.md",
+      "target": { "claude": ".claude/agents/security-reviewer.md" }
+    },
+    "agent:debugger": {
+      "type": "agent",
+      "source": "agents/debugger.md",
+      "target": { "claude": ".claude/agents/debugger.md" }
+    },
+    "agent:test-engineer": {
+      "type": "agent",
+      "source": "agents/test-engineer.md",
+      "target": { "claude": ".claude/agents/test-engineer.md" }
+    },
+    "agent:research": {
+      "type": "agent",
+      "source": "agents/research.md",
+      "target": { "claude": ".claude/agents/research.md", "gemini": ".gemini/agents/research.md" }
+    },
+    "agent:doc-writer": {
+      "type": "agent",
+      "source": "agents/doc-writer.md",
+      "target": { "claude": ".claude/agents/doc-writer.md" }
+    },
+
+    "skill:claude-led-codex-review": {
+      "type": "skill",
+      "source": "skills/claude-led-codex-review/",
+      "target": { "claude": ".claude/skills/claude-led-codex-review/" }
+    },
+    "skill:plan-eng-review": {
+      "type": "skill",
+      "source": "skills/plan-eng-review/",
+      "target": { "claude": ".claude/skills/plan-eng-review/" }
+    },
+    "skill:tdd-workflow": {
+      "type": "skill",
+      "source": "skills/tdd-workflow/",
+      "target": { "claude": ".claude/skills/tdd-workflow/" }
+    },
+    "skill:review": {
+      "type": "skill",
+      "source": "skills/review/",
+      "target": { "claude": ".claude/skills/review/" }
+    },
+    "skill:ship": {
+      "type": "skill",
+      "source": "skills/ship/",
+      "target": { "claude": ".claude/skills/ship/" }
+    },
+    "skill:security-hardening": {
+      "type": "skill",
+      "source": "skills/security-hardening/",
+      "target": { "claude": ".claude/skills/security-hardening/" }
+    },
+    "skill:release-readiness": {
+      "type": "skill",
+      "source": "skills/release-readiness/",
+      "target": { "claude": ".claude/skills/release-readiness/" }
+    },
+    "skill:porting": {
+      "type": "skill",
+      "source": "skills/porting/",
+      "target": { "claude": ".claude/skills/porting/" }
+    },
+
+    "command:claude-led-codex-review": {
+      "type": "command",
+      "source": "commands/claude-led-codex-review.md",
+      "target": { "claude": ".claude/commands/claude-led-codex-review.md" }
+    },
+
+    "hook:gateguard-fact-force": {
+      "type": "hook",
+      "source": "hooks/scripts/gateguard-fact-force.js",
+      "target": { "claude": ".claude/hooks/gateguard-fact-force.js" },
+      "event": "PreToolUse",
+      "matcher": "Edit|Write"
+    },
+    "hook:quality-gate": {
+      "type": "hook",
+      "source": "hooks/scripts/quality-gate.js",
+      "target": { "claude": ".claude/hooks/quality-gate.js" },
+      "event": "PostToolUse",
+      "matcher": "Edit|Write"
+    },
+    "hook:pre-bash-dispatcher": {
+      "type": "hook",
+      "source": "hooks/scripts/pre-bash-dispatcher.js",
+      "target": { "claude": ".claude/hooks/pre-bash-dispatcher.js" },
+      "event": "PreToolUse",
+      "matcher": "Bash"
+    },
+    "hook:persistent-mode": {
+      "type": "hook",
+      "source": "hooks/scripts/persistent-mode.mjs",
+      "target": { "claude": ".claude/hooks/persistent-mode.mjs" },
+      "event": "Stop"
+    },
+
+    "platform:claude": {
+      "type": "platform",
+      "builder": "scripts/build-claude.js",
+      "output_dir": ".claude"
+    },
+    "platform:codex": {
+      "type": "platform",
+      "builder": "scripts/build-codex.js",
+      "output_dir": ".codex"
+    }
+  }
+}

package/manifests/install-modules.json

@@ -0,0 +1,101 @@
+{
+  "$schema": "../schemas/install-modules.schema.json",
+  "version": "0.0.1",
+  "modules": {
+    "rules-core": {
+      "description": "거버넌스 4계층 (SOUL/RULES/CLAUDE/AGENTS) + 공통/언어별 룰",
+      "components": [
+        "rules:soul",
+        "rules:rules",
+        "rules:claude",
+        "rules:agents",
+        "rules:working-context",
+        "rules:review",
+        "rules:common",
+        "rules:typescript",
+        "rules:python"
+      ],
+      "level": 3,
+      "required": true
+    },
+    "agents-core": {
+      "description": "11개 핵심 에이전트 카탈로그 (Claude + Codex + Gemini)",
+      "components": [
+        "agent:architect",
+        "agent:planner",
+        "agent:executor",
+        "agent:code-reviewer",
+        "agent:codex-reviewer",
+        "agent:codex-challenger",
+        "agent:security-reviewer",
+        "agent:debugger",
+        "agent:test-engineer",
+        "agent:research",
+        "agent:doc-writer"
+      ],
+      "level": 3,
+      "required": true
+    },
+    "hooks-runtime": {
+      "description": "PreToolUse / PostToolUse / Stop 훅 4종 + 디스패처",
+      "components": [
+        "hook:gateguard-fact-force",
+        "hook:quality-gate",
+        "hook:pre-bash-dispatcher",
+        "hook:persistent-mode"
+      ],
+      "level": 2,
+      "required": true,
+      "env_toggles": {
+        "HARNESS_HOOK_GATEGUARD": "1",
+        "HARNESS_HOOK_QUALITY_GATE": "1",
+        "HARNESS_HOOK_PRE_BASH": "1",
+        "HARNESS_HOOK_PERSISTENT_MODE": "1"
+      }
+    },
+    "platform-configs": {
+      "description": "Claude Code / Codex CLI 등 하네스별 빌드 출력 위치 정의",
+      "components": [
+        "platform:claude",
+        "platform:codex"
+      ],
+      "level": 2,
+      "required": true,
+      "depends_on": ["agents-core", "hooks-runtime"]
+    },
+    "workflow-quality": {
+      "description": "TDD + 품질 게이트 워크플로우 스킬",
+      "components": [
+        "skill:tdd-workflow",
+        "skill:plan-eng-review",
+        "skill:review",
+        "skill:ship"
+      ],
+      "level": 2,
+      "required": false
+    },
+    "codex-loop": {
+      "description": "claude-led-codex-review 7단계 풀사이클 + Codex 검증 루프",
+      "components": [
+        "skill:claude-led-codex-review",
+        "agent:codex-reviewer",
+        "agent:codex-challenger",
+        "command:claude-led-codex-review"
+      ],
+      "level": 3,
+      "required": false,
+      "depends_on": ["agents-core", "workflow-quality"]
+    },
+    "ops-readiness": {
+      "description": "Release, security-hardening, and external project porting operating skills.",
+      "components": [
+        "skill:security-hardening",
+        "skill:release-readiness",
+        "skill:porting"
+      ],
+      "level": 2,
+      "required": false,
+      "depends_on": ["workflow-quality"]
+    }
+  }
+}

package/manifests/install-profiles.json

@@ -0,0 +1,134 @@
+{
+  "$schema": "../schemas/install-profiles.schema.json",
+  "version": "0.0.3",
+  "profiles": {
+    "core": {
+      "description": "Minimal NEKOWORK surface: rules, core agents, runtime hooks, platform configs, and safety gates.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs"
+      ]
+    },
+    "developer": {
+      "description": "Daily development profile with quality workflow, Codex loop, and release readiness helpers.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "codex-loop",
+        "ops-readiness"
+      ]
+    },
+    "security": {
+      "description": "Secure development profile that keeps Codex verification and human gates active for sensitive work.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "codex-loop",
+        "ops-readiness"
+      ],
+      "defaults": {
+        "review_mode": "secure",
+        "human_gate_on_critical": true,
+        "outbound_network": "deny"
+      }
+    },
+    "product": {
+      "description": "Product planning profile for question gates, scope review, acceptance criteria, and handoff-first planning.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality"
+      ],
+      "defaults": {
+        "question_gate": true,
+        "mutation_policy": "single_executor"
+      }
+    },
+    "quality": {
+      "description": "Disciplined development profile for brainstorm, test-first planning, systematic debugging, evidence-based review, and verification before completion.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "codex-loop",
+        "ops-readiness"
+      ],
+      "defaults": {
+        "brainstorm_before_work": true,
+        "test_first_plan": true,
+        "systematic_debugging": true,
+        "evidence_based_review": true,
+        "verification_before_completion": true,
+        "quality_gate_required": true,
+        "require_codex_verification": true,
+        "human_gate_on_critical": true,
+        "mutation_policy": "single_executor"
+      }
+    },
+    "frontend": {
+      "description": "Frontend profile for UI mockups, component review, accessibility checks, and Codex-reviewed implementation.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "codex-loop"
+      ],
+      "defaults": {
+        "question_gate": true,
+        "ui_mock_data_first": true
+      }
+    },
+    "testing": {
+      "description": "Testing profile for test planning, regression review, coverage-oriented handoffs, and quality gates.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "codex-loop"
+      ],
+      "defaults": {
+        "test_plan_required": true,
+        "mutation_policy": "single_executor"
+      }
+    },
+    "research": {
+      "description": "Research profile for read-only investigation handoffs and optional external knowledge surfaces.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "ops-readiness"
+      ],
+      "post_install_note": "External research connectors remain opt-in and cannot weaken core safety gates."
+    },
+    "full": {
+      "description": "All stable modules in the current release, still bounded by NEKOWORK core safety invariants.",
+      "modules": [
+        "rules-core",
+        "agents-core",
+        "hooks-runtime",
+        "platform-configs",
+        "workflow-quality",
+        "codex-loop",
+        "ops-readiness"
+      ]
+    }
+  }
+}