@vibecheckai/cli 3.8.0 → 3.9.0

package/bin/runners/lib/agent-firewall/intent/store.js

@@ -1,283 +1,283 @@
-/**
- * Intent Store - Persistent Intent Storage
- * 
- * ═══════════════════════════════════════════════════════════════════════════════
- * AGENT FIREWALL™ - INTENT PERSISTENCE
- * ═══════════════════════════════════════════════════════════════════════════════
- * 
- * Stores intent declarations for session and audit purposes.
- * Intent is immutable once stored - updates create new versions.
- * 
- * @module intent/store
- * @version 2.0.0
- */
-
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const { verifyIntentIntegrity, createBlockingIntent } = require("./schema");
-
-/**
- * Intent Store - manages intent persistence
- */
-class IntentStore {
-  constructor(projectRoot) {
-    this.projectRoot = projectRoot;
-    this.intentDir = path.join(projectRoot, ".vibecheck", "intents");
-    this.currentIntentPath = path.join(this.intentDir, "current.json");
-    this.historyDir = path.join(this.intentDir, "history");
-  }
-  
-  /**
-   * Ensure storage directories exist
-   */
-  ensureDirectories() {
-    if (!fs.existsSync(this.intentDir)) {
-      fs.mkdirSync(this.intentDir, { recursive: true });
-    }
-    if (!fs.existsSync(this.historyDir)) {
-      fs.mkdirSync(this.historyDir, { recursive: true });
-    }
-  }
-  
-  /**
-   * Store a new intent (or update)
-   * @param {Object} intent - Intent to store
-   * @returns {Object} Storage result
-   */
-  store(intent) {
-    this.ensureDirectories();
-    
-    // Verify intent integrity
-    const verification = verifyIntentIntegrity(intent);
-    if (!verification.valid) {
-      return {
-        success: false,
-        error: `INTENT_INTEGRITY_FAILED: ${verification.reason}`,
-      };
-    }
-    
-    // Archive current intent if exists
-    const current = this.getCurrent();
-    if (current && current.hash !== intent.hash) {
-      this.archive(current);
-    }
-    
-    // Write new current intent
-    const data = {
-      intent,
-      stored_at: new Date().toISOString(),
-      verified: true,
-    };
-    
-    fs.writeFileSync(this.currentIntentPath, JSON.stringify(data, null, 2));
-    
-    return {
-      success: true,
-      hash: intent.hash,
-      path: this.currentIntentPath,
-    };
-  }
-  
-  /**
-   * Get current intent (returns blocking intent if none exists)
-   * @param {Object} options - Options
-   * @param {boolean} options.allowMissing - Don't return blocking intent if missing
-   * @returns {Object|null} Current intent or blocking intent
-   */
-  getCurrent(options = {}) {
-    if (!fs.existsSync(this.currentIntentPath)) {
-      if (options.allowMissing) {
-        return null;
-      }
-      // Return blocking intent when no intent declared
-      return createBlockingIntent();
-    }
-    
-    try {
-      const data = JSON.parse(fs.readFileSync(this.currentIntentPath, "utf-8"));
-      const intent = data.intent;
-      
-      // Verify integrity on load
-      const verification = verifyIntentIntegrity(intent);
-      if (!verification.valid) {
-        console.error(`[IntentStore] INTEGRITY VIOLATION: ${verification.reason}`);
-        // Return blocking intent on integrity failure
-        return createBlockingIntent();
-      }
-      
-      return intent;
-    } catch (error) {
-      console.error(`[IntentStore] Error loading intent: ${error.message}`);
-      if (options.allowMissing) {
-        return null;
-      }
-      return createBlockingIntent();
-    }
-  }
-  
-  /**
-   * Check if an intent is currently declared
-   * @returns {boolean} True if intent exists
-   */
-  hasIntent() {
-    return fs.existsSync(this.currentIntentPath);
-  }
-  
-  /**
-   * Archive an intent to history
-   * @param {Object} intent - Intent to archive
-   */
-  archive(intent) {
-    this.ensureDirectories();
-    
-    const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
-    const archivePath = path.join(this.historyDir, `${timestamp}_${intent.hash.slice(0, 8)}.json`);
-    
-    const data = {
-      intent,
-      archived_at: new Date().toISOString(),
-    };
-    
-    fs.writeFileSync(archivePath, JSON.stringify(data, null, 2));
-  }
-  
-  /**
-   * Get intent history
-   * @param {number} limit - Maximum number of intents to return
-   * @returns {Object[]} Array of historical intents
-   */
-  getHistory(limit = 10) {
-    if (!fs.existsSync(this.historyDir)) {
-      return [];
-    }
-    
-    const files = fs.readdirSync(this.historyDir)
-      .filter(f => f.endsWith(".json"))
-      .sort()
-      .reverse()
-      .slice(0, limit);
-    
-    return files.map(file => {
-      try {
-        const data = JSON.parse(fs.readFileSync(path.join(this.historyDir, file), "utf-8"));
-        return {
-          ...data.intent,
-          archived_at: data.archived_at,
-        };
-      } catch {
-        return null;
-      }
-    }).filter(Boolean);
-  }
-  
-  /**
-   * Clear current intent
-   * @returns {boolean} Success
-   */
-  clear() {
-    const current = this.getCurrent({ allowMissing: true });
-    if (current) {
-      this.archive(current);
-    }
-    
-    if (fs.existsSync(this.currentIntentPath)) {
-      fs.unlinkSync(this.currentIntentPath);
-    }
-    
-    return true;
-  }
-  
-  /**
-   * Get intent by hash (from history)
-   * @param {string} hash - Intent hash
-   * @returns {Object|null} Intent or null
-   */
-  getByHash(hash) {
-    // Check current
-    const current = this.getCurrent({ allowMissing: true });
-    if (current && current.hash === hash) {
-      return current;
-    }
-    
-    // Check history
-    if (!fs.existsSync(this.historyDir)) {
-      return null;
-    }
-    
-    const files = fs.readdirSync(this.historyDir);
-    for (const file of files) {
-      if (file.includes(hash.slice(0, 8))) {
-        try {
-          const data = JSON.parse(fs.readFileSync(path.join(this.historyDir, file), "utf-8"));
-          if (data.intent.hash === hash) {
-            return data.intent;
-          }
-        } catch {
-          continue;
-        }
-      }
-    }
-    
-    return null;
-  }
-}
-
-/**
- * Session-scoped intent tracking
- */
-class SessionIntentTracker {
-  constructor() {
-    this.sessions = new Map();
-  }
-  
-  /**
-   * Set intent for a session
-   * @param {string} sessionId - Session identifier
-   * @param {Object} intent - Intent object
-   */
-  setIntent(sessionId, intent) {
-    this.sessions.set(sessionId, {
-      intent,
-      set_at: new Date().toISOString(),
-      locked: true, // Immutable by default
-    });
-  }
-  
-  /**
-   * Get intent for a session
-   * @param {string} sessionId - Session identifier
-   * @returns {Object|null} Intent or null
-   */
-  getIntent(sessionId) {
-    const session = this.sessions.get(sessionId);
-    return session?.intent || null;
-  }
-  
-  /**
-   * Check if session has intent
-   * @param {string} sessionId - Session identifier
-   * @returns {boolean} True if intent exists
-   */
-  hasIntent(sessionId) {
-    return this.sessions.has(sessionId);
-  }
-  
-  /**
-   * Clear session intent
-   * @param {string} sessionId - Session identifier
-   */
-  clearIntent(sessionId) {
-    this.sessions.delete(sessionId);
-  }
-}
-
-// Global session tracker
-const globalSessionTracker = new SessionIntentTracker();
-
-module.exports = {
-  IntentStore,
-  SessionIntentTracker,
-  globalSessionTracker,
-};
+/**
+ * Intent Store - Persistent Intent Storage
+ * 
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * AGENT FIREWALL™ - INTENT PERSISTENCE
+ * ═══════════════════════════════════════════════════════════════════════════════
+ * 
+ * Stores intent declarations for session and audit purposes.
+ * Intent is immutable once stored - updates create new versions.
+ * 
+ * @module intent/store
+ * @version 2.0.0
+ */
+
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { verifyIntentIntegrity, createBlockingIntent } = require("./schema");
+
+/**
+ * Intent Store - manages intent persistence
+ */
+class IntentStore {
+  constructor(projectRoot) {
+    this.projectRoot = projectRoot;
+    this.intentDir = path.join(projectRoot, ".vibecheck", "intents");
+    this.currentIntentPath = path.join(this.intentDir, "current.json");
+    this.historyDir = path.join(this.intentDir, "history");
+  }
+  
+  /**
+   * Ensure storage directories exist
+   */
+  ensureDirectories() {
+    if (!fs.existsSync(this.intentDir)) {
+      fs.mkdirSync(this.intentDir, { recursive: true });
+    }
+    if (!fs.existsSync(this.historyDir)) {
+      fs.mkdirSync(this.historyDir, { recursive: true });
+    }
+  }
+  
+  /**
+   * Store a new intent (or update)
+   * @param {Object} intent - Intent to store
+   * @returns {Object} Storage result
+   */
+  store(intent) {
+    this.ensureDirectories();
+    
+    // Verify intent integrity
+    const verification = verifyIntentIntegrity(intent);
+    if (!verification.valid) {
+      return {
+        success: false,
+        error: `INTENT_INTEGRITY_FAILED: ${verification.reason}`,
+      };
+    }
+    
+    // Archive current intent if exists (use allowMissing to avoid archiving blocking intent)
+    const current = this.getCurrent({ allowMissing: true });
+    if (current && current.hash !== intent.hash) {
+      this.archive(current);
+    }
+    
+    // Write new current intent
+    const data = {
+      intent,
+      stored_at: new Date().toISOString(),
+      verified: true,
+    };
+    
+    fs.writeFileSync(this.currentIntentPath, JSON.stringify(data, null, 2));
+    
+    return {
+      success: true,
+      hash: intent.hash,
+      path: this.currentIntentPath,
+    };
+  }
+  
+  /**
+   * Get current intent (returns blocking intent if none exists)
+   * @param {Object} options - Options
+   * @param {boolean} options.allowMissing - Don't return blocking intent if missing
+   * @returns {Object|null} Current intent or blocking intent
+   */
+  getCurrent(options = {}) {
+    if (!fs.existsSync(this.currentIntentPath)) {
+      if (options.allowMissing) {
+        return null;
+      }
+      // Return blocking intent when no intent declared
+      return createBlockingIntent();
+    }
+    
+    try {
+      const data = JSON.parse(fs.readFileSync(this.currentIntentPath, "utf-8"));
+      const intent = data.intent;
+      
+      // Verify integrity on load
+      const verification = verifyIntentIntegrity(intent);
+      if (!verification.valid) {
+        console.error(`[IntentStore] INTEGRITY VIOLATION: ${verification.reason}`);
+        // Return blocking intent on integrity failure
+        return createBlockingIntent();
+      }
+      
+      return intent;
+    } catch (error) {
+      console.error(`[IntentStore] Error loading intent: ${error.message}`);
+      if (options.allowMissing) {
+        return null;
+      }
+      return createBlockingIntent();
+    }
+  }
+  
+  /**
+   * Check if an intent is currently declared
+   * @returns {boolean} True if intent exists
+   */
+  hasIntent() {
+    return fs.existsSync(this.currentIntentPath);
+  }
+  
+  /**
+   * Archive an intent to history
+   * @param {Object} intent - Intent to archive
+   */
+  archive(intent) {
+    this.ensureDirectories();
+    
+    const timestamp = new Date().toISOString().replace(/[:.]/g, "-");
+    const archivePath = path.join(this.historyDir, `${timestamp}_${intent.hash.slice(0, 8)}.json`);
+    
+    const data = {
+      intent,
+      archived_at: new Date().toISOString(),
+    };
+    
+    fs.writeFileSync(archivePath, JSON.stringify(data, null, 2));
+  }
+  
+  /**
+   * Get intent history
+   * @param {number} limit - Maximum number of intents to return
+   * @returns {Object[]} Array of historical intents
+   */
+  getHistory(limit = 10) {
+    if (!fs.existsSync(this.historyDir)) {
+      return [];
+    }
+    
+    const files = fs.readdirSync(this.historyDir)
+      .filter(f => f.endsWith(".json"))
+      .sort()
+      .reverse()
+      .slice(0, limit);
+    
+    return files.map(file => {
+      try {
+        const data = JSON.parse(fs.readFileSync(path.join(this.historyDir, file), "utf-8"));
+        return {
+          ...data.intent,
+          archived_at: data.archived_at,
+        };
+      } catch {
+        return null;
+      }
+    }).filter(Boolean);
+  }
+  
+  /**
+   * Clear current intent
+   * @returns {boolean} Success
+   */
+  clear() {
+    const current = this.getCurrent({ allowMissing: true });
+    if (current) {
+      this.archive(current);
+    }
+    
+    if (fs.existsSync(this.currentIntentPath)) {
+      fs.unlinkSync(this.currentIntentPath);
+    }
+    
+    return true;
+  }
+  
+  /**
+   * Get intent by hash (from history)
+   * @param {string} hash - Intent hash
+   * @returns {Object|null} Intent or null
+   */
+  getByHash(hash) {
+    // Check current
+    const current = this.getCurrent({ allowMissing: true });
+    if (current && current.hash === hash) {
+      return current;
+    }
+    
+    // Check history
+    if (!fs.existsSync(this.historyDir)) {
+      return null;
+    }
+    
+    const files = fs.readdirSync(this.historyDir);
+    for (const file of files) {
+      if (file.includes(hash.slice(0, 8))) {
+        try {
+          const data = JSON.parse(fs.readFileSync(path.join(this.historyDir, file), "utf-8"));
+          if (data.intent.hash === hash) {
+            return data.intent;
+          }
+        } catch {
+          continue;
+        }
+      }
+    }
+    
+    return null;
+  }
+}
+
+/**
+ * Session-scoped intent tracking
+ */
+class SessionIntentTracker {
+  constructor() {
+    this.sessions = new Map();
+  }
+  
+  /**
+   * Set intent for a session
+   * @param {string} sessionId - Session identifier
+   * @param {Object} intent - Intent object
+   */
+  setIntent(sessionId, intent) {
+    this.sessions.set(sessionId, {
+      intent,
+      set_at: new Date().toISOString(),
+      locked: true, // Immutable by default
+    });
+  }
+  
+  /**
+   * Get intent for a session
+   * @param {string} sessionId - Session identifier
+   * @returns {Object|null} Intent or null
+   */
+  getIntent(sessionId) {
+    const session = this.sessions.get(sessionId);
+    return session?.intent || null;
+  }
+  
+  /**
+   * Check if session has intent
+   * @param {string} sessionId - Session identifier
+   * @returns {boolean} True if intent exists
+   */
+  hasIntent(sessionId) {
+    return this.sessions.has(sessionId);
+  }
+  
+  /**
+   * Clear session intent
+   * @param {string} sessionId - Session identifier
+   */
+  clearIntent(sessionId) {
+    this.sessions.delete(sessionId);
+  }
+}
+
+// Global session tracker
+const globalSessionTracker = new SessionIntentTracker();
+
+module.exports = {
+  IntentStore,
+  SessionIntentTracker,
+  globalSessionTracker,
+};

package/bin/runners/lib/agent-firewall/interceptor/base.js

@@ -114,13 +114,17 @@ async function interceptFileWrite({
   }
   
   // Return interception result
+  // In observe mode, always allow but still report violations
+  const isObserveMode = policy.mode === "observe";
   return {
-    allowed: verdict.decision === "ALLOW",
-    verdict: verdict.decision,
+    allowed: isObserveMode || verdict.decision === "ALLOW",
+    verdict: isObserveMode && verdict.decision !== "ALLOW" ? "ALLOW" : verdict.decision,
     violations: verdict.violations,
     unblockPlan,
     packetId: packet.id,
-    message: verdict.message
+    message: isObserveMode && verdict.violations?.length > 0 
+      ? `[OBSERVE MODE] Would have blocked: ${verdict.message}` 
+      : verdict.message
   };
 }