@rigour-labs/core 2.0.0 → 2.2.0

package/src/discovery.ts

@@ -78,15 +78,20 @@ export class DiscoveryService {
     }
 
     private async findSourceFiles(cwd: string): Promise<string[]> {
-        // Find a few files to sample
         const extensions = ['.ts', '.js', '.py', '.go', '.java', '.tf', 'package.json'];
         const samples: string[] = [];
+        const commonDirs = ['.', 'src', 'app', 'lib', 'api', 'pkg'];
 
-        const files = await fs.readdir(cwd);
-        for (const file of files) {
-            if (extensions.some(ext => file.endsWith(ext))) {
-                samples.push(path.join(cwd, file));
-                if (samples.length >= 5) break;
+        for (const dir of commonDirs) {
+            const fullDir = path.join(cwd, dir);
+            if (!(await fs.pathExists(fullDir))) continue;
+
+            const files = await fs.readdir(fullDir);
+            for (const file of files) {
+                if (extensions.some(ext => file.endsWith(ext))) {
+                    samples.push(path.join(fullDir, file));
+                    if (samples.length >= 5) return samples;
+                }
             }
         }
         return samples;

package/src/environment.test.ts

@@ -0,0 +1,115 @@
+import { describe, it, expect, beforeEach, afterEach } from 'vitest';
+import { GateRunner } from './gates/runner.js';
+import { Config, RawConfig, ConfigSchema } from './types/index.js';
+import fs from 'fs-extra';
+import path from 'path';
+
+describe('Environment Alignment Gate', () => {
+    const testDir = path.join(process.cwd(), 'temp-test-env');
+
+    beforeEach(async () => {
+        await fs.ensureDir(testDir);
+    });
+
+    afterEach(async () => {
+        await fs.remove(testDir);
+    });
+
+    it('should detect tool version mismatch (Explicit)', async () => {
+        const rawConfig: RawConfig = {
+            version: 1,
+            gates: {
+                environment: {
+                    enabled: true,
+                    enforce_contracts: false,
+                    tools: {
+                        node: ">=99.0.0" // Guaranteed to fail
+                    }
+                }
+            }
+        };
+
+        const config = ConfigSchema.parse(rawConfig);
+        const runner = new GateRunner(config);
+        const report = await runner.run(testDir);
+
+        expect(report.status).toBe('FAIL');
+        const envFailure = report.failures.find(f => f.id === 'environment-alignment');
+        expect(envFailure).toBeDefined();
+        expect(envFailure?.details).toContain('node');
+        expect(envFailure?.details).toContain('version mismatch');
+    });
+
+    it('should detect missing environment variables', async () => {
+        const rawConfig: RawConfig = {
+            version: 1,
+            gates: {
+                environment: {
+                    enabled: true,
+                    required_env: ["RIGOUR_TEST_VAR_MISSING"]
+                }
+            }
+        };
+
+        const config = ConfigSchema.parse(rawConfig);
+        const runner = new GateRunner(config);
+        const report = await runner.run(testDir);
+
+        expect(report.status).toBe('FAIL');
+        expect(report.failures[0].details).toContain('RIGOUR_TEST_VAR_MISSING');
+    });
+
+    it('should discover contracts from pyproject.toml', async () => {
+        // Create mock pyproject.toml with a version that will surely fail
+        await fs.writeFile(path.join(testDir, 'pyproject.toml'), `
+[tool.ruff]
+ruff = ">=99.14.0"
+`);
+
+        const rawConfig: RawConfig = {
+            version: 1,
+            gates: {
+                environment: {
+                    enabled: true,
+                    enforce_contracts: true,
+                    tools: {} // Should discover ruff from file
+                }
+            }
+        };
+
+        const config = ConfigSchema.parse(rawConfig);
+        const runner = new GateRunner(config);
+        const report = await runner.run(testDir);
+
+        // This might pass or fail depending on the local ruff version, 
+        // but we want to check if the gate attempted to check ruff.
+        // If ruff is missing, it will fail with "is missing".
+        const ruffFailure = report.failures.find(f => f.details.includes('ruff'));
+        expect(ruffFailure).toBeDefined();
+    });
+
+    it('should prioritize environment gate and run it first', async () => {
+        const rawConfig: RawConfig = {
+            version: 1,
+            gates: {
+                max_file_lines: 1,
+                environment: {
+                    enabled: true,
+                    required_env: ["MANDATORY_SECRET_MISSING"]
+                }
+            }
+        };
+
+        const config = ConfigSchema.parse(rawConfig);
+
+        // Create a file that would fail max_file_lines
+        await fs.writeFile(path.join(testDir, 'large.js'), 'line1\nline2\nline3');
+
+        const runner = new GateRunner(config);
+        const report = await runner.run(testDir);
+
+        // In a real priority system, we might want to stop after environment failure.
+        // Currently GateRunner runs all, but environment-alignment has been unshifted.
+        expect(Object.keys(report.summary)[0]).toBe('environment-alignment');
+    });
+});

package/src/gates/ast-handlers/python.ts

@@ -15,8 +15,21 @@ export class PythonHandler extends ASTHandler {
         const failures: Failure[] = [];
         const scriptPath = path.join(__dirname, 'python_parser.py');
 
+        // Dynamic command detection for cross-platform support (Mac/Linux usually python3, Windows usually python)
+        let pythonCmd = 'python3';
         try {
-            const { stdout } = await execa('python3', [scriptPath], {
+            await execa('python3', ['--version']);
+        } catch (e) {
+            try {
+                await execa('python', ['--version']);
+                pythonCmd = 'python';
+            } catch (e2) {
+                // Both missing - handled by main catch
+            }
+        }
+
+        try {
+            const { stdout } = await execa(pythonCmd, [scriptPath], {
                 input: context.content,
                 cwd: context.cwd
             });

package/src/gates/ast.ts

@@ -21,10 +21,14 @@ export class ASTGate extends Gate {
     async run(context: GateContext): Promise<Failure[]> {
         const failures: Failure[] = [];
 
+        const patterns = (context.patterns || ['**/*.{ts,js,tsx,jsx,py,go,rs,cs,java,rb,c,cpp,php,swift,kt}']).map(p => p.replace(/\\/g, '/'));
+        const ignore = (context.ignore || ['node_modules/**', 'dist/**', 'build/**', '**/*.test.*', '**/*.spec.*', '**/__pycache__/**']).map(p => p.replace(/\\/g, '/'));
+        const normalizedCwd = context.cwd.replace(/\\/g, '/');
+
         // Find all supported files
-        const files = await globby(['**/*.{ts,js,tsx,jsx,py,go,rs,cs,java,rb,c,cpp,php,swift,kt}'], {
-            cwd: context.cwd,
-            ignore: ['node_modules/**', 'dist/**', 'build/**', '**/*.test.*', '**/*.spec.*', '**/__pycache__/**'],
+        const files = await globby(patterns, {
+            cwd: normalizedCwd,
+            ignore: ignore,
         });
 
         for (const file of files) {

package/src/gates/base.ts

@@ -1,7 +1,11 @@
+import { GoldenRecord } from '../services/context-engine.js';
 import { Failure } from '../types/index.js';
 
 export interface GateContext {
     cwd: string;
+    record?: GoldenRecord;
+    ignore?: string[];
+    patterns?: string[];
 }
 
 export abstract class Gate {
@@ -9,10 +13,10 @@ export abstract class Gate {
 
     abstract run(context: GateContext): Promise<Failure[]>;
 
-    protected createFailure(details: string, files?: string[], hint?: string): Failure {
+    protected createFailure(details: string, files?: string[], hint?: string, title?: string): Failure {
         return {
             id: this.id,
-            title: this.title,
+            title: title || this.title,
             details,
             files,
             hint,

package/src/gates/content.ts

@@ -19,7 +19,11 @@ export class ContentGate extends Gate {
 
         if (patterns.length === 0) return [];
 
-        const files = await FileScanner.findFiles({ cwd: context.cwd });
+        const files = await FileScanner.findFiles({
+            cwd: context.cwd,
+            ignore: context.ignore,
+            patterns: context.patterns
+        });
         const contents = await FileScanner.readFiles(context.cwd, files);
 
         const violations: string[] = [];

package/src/gates/context.ts

@@ -0,0 +1,55 @@
+import { Gate, GateContext } from './base.js';
+import { Failure, Gates } from '../types/index.js';
+import { FileScanner } from '../utils/scanner.js';
+import fs from 'fs-extra';
+import path from 'path';
+
+export class ContextGate extends Gate {
+    constructor(private config: Gates) {
+        super('context-drift', 'Context Awareness & Drift Detection');
+    }
+
+    async run(context: GateContext): Promise<Failure[]> {
+        const failures: Failure[] = [];
+        const record = context.record;
+        if (!record || !this.config.context?.enabled) return [];
+
+        const files = await FileScanner.findFiles({ cwd: context.cwd });
+        const envAnchors = record.anchors.filter(a => a.type === 'env' && a.confidence >= 1);
+
+        for (const file of files) {
+            try {
+                const content = await fs.readFile(path.join(context.cwd, file), 'utf-8');
+
+                // 1. Detect Redundant Suffixes (The Golden Example)
+                this.checkEnvDrift(content, file, envAnchors, failures);
+
+            } catch (e) { }
+        }
+
+        return failures;
+    }
+
+    private checkEnvDrift(content: string, file: string, anchors: any[], failures: Failure[]) {
+        // Find all environment variable accesses in the content
+        const matches = content.matchAll(/process\.env(?:\.([A-Z0-9_]+)|\[['"]([A-Z0-9_]+)['"]\])/g);
+
+        for (const match of matches) {
+            const accessedVar = match[1] || match[2];
+
+            for (const anchor of anchors) {
+                // If the accessed variable contains the anchor but is not equal to it, 
+                // it's a potential "invented" redundancy (e.g. CORE_URL vs CORE_URL_PROD)
+                if (accessedVar !== anchor.id && accessedVar.includes(anchor.id)) {
+                    const deviation = accessedVar.replace(anchor.id, '').replace(/^_|_$/, '');
+
+                    failures.push(this.createFailure(
+                        `Context Drift: Redundant variation '${accessedVar}' detected in ${file}.`,
+                        [file],
+                        `The project already uses '${anchor.id}' as a standard anchor. Avoid inventing variations like '${deviation}'. Reuse the existing anchor or align with established project patterns.`
+                    ));
+                }
+            }
+        }
+    }
+}

package/src/gates/coverage.ts

@@ -60,7 +60,11 @@ export class CoverageGate extends Gate {
                 currentFile = line.substring(3);
                 results[currentFile] = { found: 0, hit: 0, isComplex: false };
             } else if (line.startsWith('LF:')) {
-                results[currentFile].found = parseInt(line.substring(3));
+                const found = parseInt(line.substring(3));
+                results[currentFile].found = found;
+                // SME Logic: If a file has > 100 logical lines, it's considered "Complex"
+                // and triggers the higher (80%) coverage requirement.
+                if (found > 100) results[currentFile].isComplex = true;
             } else if (line.startsWith('LH:')) {
                 results[currentFile].hit = parseInt(line.substring(3));
             }

package/src/gates/dependency.ts

@@ -32,13 +32,77 @@ export class DependencyGate extends Gate {
                         failures.push(this.createFailure(
                             `The package '${dep}' is forbidden by project standards.`,
                             ['package.json'],
-                            `Remove '${dep}' from package.json and use approved alternatives.`
+                            `Remove '${dep}' from package.json and use approved alternatives.`,
+                            'Forbidden Dependency'
                         ));
                     }
                 }
             } catch (e) { }
         }
 
+        // 2. Scan Python (requirements.txt, pyproject.toml)
+        const reqPath = path.join(cwd, 'requirements.txt');
+        if (await fs.pathExists(reqPath)) {
+            const content = await fs.readFile(reqPath, 'utf-8');
+            for (const dep of forbidden) {
+                if (new RegExp(`^${dep}([=<>! ]|$)`, 'm').test(content)) {
+                    failures.push(this.createFailure(
+                        `The Python package '${dep}' is forbidden.`,
+                        ['requirements.txt'],
+                        `Remove '${dep}' from requirements.txt.`,
+                        'Forbidden Dependency'
+                    ));
+                }
+            }
+        }
+
+        const pyprojPath = path.join(cwd, 'pyproject.toml');
+        if (await fs.pathExists(pyprojPath)) {
+            const content = await fs.readFile(pyprojPath, 'utf-8');
+            for (const dep of forbidden) {
+                if (new RegExp(`^${dep}\\s*=`, 'm').test(content)) {
+                    failures.push(this.createFailure(
+                        `The Python package '${dep}' is forbidden in pyproject.toml.`,
+                        ['pyproject.toml'],
+                        `Remove '${dep}' from pyproject.toml dependencies.`,
+                        'Forbidden Dependency'
+                    ));
+                }
+            }
+        }
+
+        // 3. Scan Go (go.mod)
+        const goModPath = path.join(cwd, 'go.mod');
+        if (await fs.pathExists(goModPath)) {
+            const content = await fs.readFile(goModPath, 'utf-8');
+            for (const dep of forbidden) {
+                if (content.includes(dep)) {
+                    failures.push(this.createFailure(
+                        `The Go module '${dep}' is forbidden.`,
+                        ['go.mod'],
+                        `Remove '${dep}' from go.mod.`,
+                        'Forbidden Dependency'
+                    ));
+                }
+            }
+        }
+
+        // 4. Scan Java (pom.xml)
+        const pomPath = path.join(cwd, 'pom.xml');
+        if (await fs.pathExists(pomPath)) {
+            const content = await fs.readFile(pomPath, 'utf-8');
+            for (const dep of forbidden) {
+                if (content.includes(`<artifactId>${dep}</artifactId>`)) {
+                    failures.push(this.createFailure(
+                        `The Java artifact '${dep}' is forbidden.`,
+                        ['pom.xml'],
+                        `Remove '${dep}' from pom.xml.`,
+                        'Forbidden Dependency'
+                    ));
+                }
+            }
+        }
+
         return failures;
     }
 }

package/src/gates/environment.ts

@@ -0,0 +1,94 @@
+import { Gate, GateContext } from './base.js';
+import { Failure, Gates } from '../types/index.js';
+import { execa } from 'execa';
+import semver from 'semver';
+import fs from 'fs-extra';
+import path from 'path';
+
+export class EnvironmentGate extends Gate {
+    constructor(private config: Gates) {
+        super('environment-alignment', 'Environment & Tooling Alignment');
+    }
+
+    async run(context: GateContext): Promise<Failure[]> {
+        const failures: Failure[] = [];
+        const envConfig = this.config.environment;
+        if (!envConfig || !envConfig.enabled) return [];
+
+        const contracts = envConfig.enforce_contracts ? await this.discoverContracts(context.cwd) : {};
+        const toolsToCheck = { ...contracts, ...(envConfig.tools || {}) };
+
+        // 1. Verify Tool Versions
+        for (const [tool, range] of Object.entries(toolsToCheck)) {
+            // Ensure range is a string
+            const semverRange = String(range);
+            try {
+                const { stdout } = await execa(tool, ['--version'], { shell: true });
+                const versionMatch = stdout.match(/(\d+\.\d+\.\d+)/);
+
+                if (versionMatch) {
+                    const version = versionMatch[1];
+                    if (!semver.satisfies(version, semverRange)) {
+                        failures.push(this.createFailure(
+                            `Environment Alignment: Tool '${tool}' version mismatch.`,
+                            [],
+                            `Project requires '${tool} ${semverRange}' (discovered from contract), but found version '${version}'. Please align your local environment to prevent drift.`
+                        ));
+                    }
+                } else {
+                    failures.push(this.createFailure(
+                        `Environment Alignment: Could not determine version for '${tool}'.`,
+                        [],
+                        `Ensure '${tool} --version' returns a standard SemVer string.`
+                    ));
+                }
+            } catch (e) {
+                failures.push(this.createFailure(
+                    `Environment Alignment: Required tool '${tool}' is missing.`,
+                    [],
+                    `Install '${tool}' and ensure it is in your $PATH.`
+                ));
+            }
+        }
+
+        // 2. Verify Required Env Vars
+        const requiredEnv = envConfig.required_env || [];
+        for (const envVar of requiredEnv) {
+            if (!process.env[envVar]) {
+                failures.push(this.createFailure(
+                    `Environment Alignment: Missing required environment variable '${envVar}'.`,
+                    [],
+                    `Ensure '${envVar}' is defined in your environment or .env file.`
+                ));
+            }
+        }
+
+        return failures;
+    }
+
+    private async discoverContracts(cwd: string): Promise<Record<string, string>> {
+        const contracts: Record<string, string> = {};
+
+        // 1. Scan pyproject.toml (for ruff, mypy)
+        const pyprojectPath = path.join(cwd, 'pyproject.toml');
+        if (await fs.pathExists(pyprojectPath)) {
+            const content = await fs.readFile(pyprojectPath, 'utf-8');
+            // SME Logic: Look for ruff and mypy version constraints
+            // Handle both ruff = "^0.14.0" and ruff = { version = "^0.14.0" }
+            const ruffMatch = content.match(/ruff\s*=\s*(?:['"]([^'"]+)['"]|\{\s*version\s*=\s*['"]([^'"]+)['"]\s*\})/);
+            if (ruffMatch) contracts['ruff'] = ruffMatch[1] || ruffMatch[2];
+
+            const mypyMatch = content.match(/mypy\s*=\s*(?:['"]([^'"]+)['"]|\{\s*version\s*=\s*['"]([^'"]+)['"]\s*\})/);
+            if (mypyMatch) contracts['mypy'] = mypyMatch[1] || mypyMatch[2];
+        }
+
+        // 2. Scan package.json (for node/npm/pnpm)
+        const pkgPath = path.join(cwd, 'package.json');
+        if (await fs.pathExists(pkgPath)) {
+            const pkg = await fs.readJson(pkgPath);
+            if (pkg.engines?.node) contracts['node'] = pkg.engines.node;
+        }
+
+        return contracts;
+    }
+}

package/src/gates/file.ts

@@ -12,7 +12,11 @@ export class FileGate extends Gate {
     }
 
     async run(context: GateContext): Promise<Failure[]> {
-        const files = await FileScanner.findFiles({ cwd: context.cwd });
+        const files = await FileScanner.findFiles({
+            cwd: context.cwd,
+            ignore: context.ignore,
+            patterns: context.patterns
+        });
         const contents = await FileScanner.readFiles(context.cwd, files);
 
         const violations: string[] = [];

package/src/gates/runner.ts

@@ -7,6 +7,9 @@ import { ASTGate } from './ast.js';
 import { SafetyGate } from './safety.js';
 import { DependencyGate } from './dependency.js';
 import { CoverageGate } from './coverage.js';
+import { ContextGate } from './context.js';
+import { ContextEngine } from '../services/context-engine.js';
+import { EnvironmentGate } from './environment.js'; // [NEW]
 import { execa } from 'execa';
 import { Logger } from '../utils/logger.js';
 
@@ -34,6 +37,15 @@ export class GateRunner {
         this.gates.push(new DependencyGate(this.config));
         this.gates.push(new SafetyGate(this.config.gates));
         this.gates.push(new CoverageGate(this.config.gates));
+
+        if (this.config.gates.context?.enabled) {
+            this.gates.push(new ContextGate(this.config.gates));
+        }
+
+        // Environment Alignment Gate (Should be prioritized)
+        if (this.config.gates.environment?.enabled) {
+            this.gates.unshift(new EnvironmentGate(this.config.gates));
+        }
     }
 
     /**
@@ -43,15 +55,24 @@ export class GateRunner {
         this.gates.push(gate);
     }
 
-    async run(cwd: string): Promise<Report> {
+    async run(cwd: string, patterns?: string[]): Promise<Report> {
         const start = Date.now();
         const failures: Failure[] = [];
         const summary: Record<string, Status> = {};
 
+        const ignore = this.config.ignore;
+
+        // 0. Run Context Discovery
+        let record;
+        if (this.config.gates.context?.enabled) {
+            const engine = new ContextEngine(this.config);
+            record = await engine.discover(cwd);
+        }
+
         // 1. Run internal gates
         for (const gate of this.gates) {
             try {
-                const gateFailures = await gate.run({ cwd });
+                const gateFailures = await gate.run({ cwd, record, ignore, patterns });
                 if (gateFailures.length > 0) {
                     failures.push(...gateFailures);
                     summary[gate.id] = 'FAIL';

package/src/gates/safety.ts

@@ -19,15 +19,22 @@ export class SafetyGate extends Gate {
             // This is a "Safety Rail" - if an agent touched these, we fail.
             const { stdout } = await execa('git', ['status', '--porcelain'], { cwd: context.cwd });
             const modifiedFiles = stdout.split('\n')
-                .filter(line => line.trim().length > 0)
-                .map(line => line.slice(3));
+                .filter(line => {
+                    const status = line.slice(0, 2);
+                    // M: Modified, A: Added (staged), D: Deleted, R: Renamed
+                    // We ignore ?? (Untracked) to allow rigour init and new doc creation
+                    return /M|A|D|R/.test(status);
+                })
+                .map(line => line.slice(3).trim());
 
             for (const file of modifiedFiles) {
                 if (this.isProtected(file, protectedPaths)) {
+                    const message = `Protected file '${file}' was modified.`;
                     failures.push(this.createFailure(
-                        `Protected file '${file}' was modified.`,
+                        message,
                         [file],
-                        `Agents are forbidden from modifying files in ${protectedPaths.join(', ')}.`
+                        `Agents are forbidden from modifying files in ${protectedPaths.join(', ')}.`,
+                        message
                     ));
                 }
             }

package/src/safety.test.ts

@@ -0,0 +1,53 @@
+import { describe, it, expect, vi } from 'vitest';
+import { SafetyGate } from './gates/safety.js';
+import { Gates } from './types/index.js';
+import { execa } from 'execa';
+
+vi.mock('execa');
+
+describe('SafetyGate', () => {
+    const config: Gates = {
+        safety: {
+            protected_paths: ['docs/'],
+            max_files_changed_per_cycle: 10
+        }
+    } as any;
+
+    it('should flag modified (M) protected files', async () => {
+        const gate = new SafetyGate(config);
+        vi.mocked(execa).mockResolvedValueOnce({ stdout: ' M docs/SPEC.md\n' } as any);
+
+        const failures = await gate.run({ cwd: '/test', record: {} as any });
+        expect(failures).toHaveLength(1);
+        expect(failures[0].title).toContain("Protected file 'docs/SPEC.md' was modified.");
+    });
+
+    it('should flag added (A) protected files', async () => {
+        const gate = new SafetyGate(config);
+        vi.mocked(execa).mockResolvedValueOnce({ stdout: 'A  docs/NEW.md\n' } as any);
+
+        const failures = await gate.run({ cwd: '/test', record: {} as any });
+        expect(failures).toHaveLength(1);
+        expect(failures[0].title).toContain("Protected file 'docs/NEW.md' was modified.");
+    });
+
+    it('should NOT flag untracked (??) protected files', async () => {
+        const gate = new SafetyGate(config);
+        vi.mocked(execa).mockResolvedValueOnce({ stdout: '?? docs/UNTRAKED.md\n' } as any);
+
+        const failures = await gate.run({ cwd: '/test', record: {} as any });
+        expect(failures).toHaveLength(0);
+    });
+
+    it('should correctly handle multiple mixed statuses', async () => {
+        const gate = new SafetyGate(config);
+        vi.mocked(execa).mockResolvedValueOnce({
+            stdout: ' M docs/MODIFIED.md\n?? docs/NEW_UNTRACKED.md\n D docs/DELETED.md\n'
+        } as any);
+
+        const failures = await gate.run({ cwd: '/test', record: {} as any });
+        expect(failures).toHaveLength(2);
+        expect(failures.map(f => f.title)).toContain("Protected file 'docs/MODIFIED.md' was modified.");
+        expect(failures.map(f => f.title)).toContain("Protected file 'docs/DELETED.md' was modified.");
+    });
+});