@wazir-dev/cli 1.1.0 → 1.3.0

package/tooling/src/state/db.js

@@ -0,0 +1,287 @@
+import crypto from 'node:crypto';
+import fs from 'node:fs';
+import path from 'node:path';
+import { DatabaseSync } from 'node:sqlite';
+
+function getStateDatabasePath(stateRoot) {
+  return path.join(stateRoot, 'state', 'state.sqlite');
+}
+
+function hashDescription(description) {
+  return crypto.createHash('sha256').update(description).digest('hex');
+}
+
+function ensureStateSchema(db) {
+  db.exec(`
+    CREATE TABLE IF NOT EXISTS learnings (
+      id TEXT PRIMARY KEY,
+      source_run TEXT NOT NULL,
+      category TEXT NOT NULL,
+      scope_roles TEXT DEFAULT '',
+      scope_stacks TEXT DEFAULT '',
+      scope_concerns TEXT DEFAULT '',
+      confidence TEXT DEFAULT 'medium' CHECK(confidence IN ('low','medium','high')),
+      recurrence_count INTEGER DEFAULT 1,
+      content TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now')),
+      last_applied TEXT,
+      expires_at TEXT
+    );
+
+    CREATE TABLE IF NOT EXISTS findings (
+      id TEXT PRIMARY KEY,
+      run_id TEXT NOT NULL,
+      phase TEXT NOT NULL,
+      source TEXT NOT NULL CHECK(source IN ('internal','codex','self-audit','gemini')),
+      severity TEXT NOT NULL CHECK(severity IN ('critical','high','medium','low')),
+      description TEXT NOT NULL,
+      resolved INTEGER DEFAULT 0,
+      finding_hash TEXT NOT NULL,
+      created_at TEXT NOT NULL DEFAULT (datetime('now'))
+    );
+
+    CREATE TABLE IF NOT EXISTS audit_history (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      run_id TEXT NOT NULL,
+      date TEXT NOT NULL DEFAULT (date('now')),
+      finding_count INTEGER DEFAULT 0,
+      fix_count INTEGER DEFAULT 0,
+      manual_count INTEGER DEFAULT 0,
+      quality_score_before REAL,
+      quality_score_after REAL
+    );
+
+    CREATE TABLE IF NOT EXISTS usage_aggregate (
+      id INTEGER PRIMARY KEY AUTOINCREMENT,
+      run_id TEXT NOT NULL,
+      date TEXT NOT NULL DEFAULT (date('now')),
+      tokens_saved INTEGER DEFAULT 0,
+      bytes_avoided INTEGER DEFAULT 0,
+      savings_ratio REAL DEFAULT 0.0,
+      index_queries INTEGER DEFAULT 0,
+      routing_decisions INTEGER DEFAULT 0
+    );
+
+    CREATE INDEX IF NOT EXISTS idx_learnings_category ON learnings(category);
+    CREATE INDEX IF NOT EXISTS idx_findings_run_id ON findings(run_id);
+    CREATE INDEX IF NOT EXISTS idx_findings_finding_hash ON findings(finding_hash);
+    CREATE INDEX IF NOT EXISTS idx_audit_history_run_id ON audit_history(run_id);
+    CREATE INDEX IF NOT EXISTS idx_usage_aggregate_run_id ON usage_aggregate(run_id);
+  `);
+}
+
+// ---------------------------------------------------------------------------
+// Database lifecycle
+// ---------------------------------------------------------------------------
+
+export function openStateDb(stateRoot) {
+  const databasePath = getStateDatabasePath(stateRoot);
+  fs.mkdirSync(path.dirname(databasePath), { recursive: true });
+  const db = new DatabaseSync(databasePath, { timeout: 5000 });
+  ensureStateSchema(db);
+  return db;
+}
+
+export function closeStateDb(db) {
+  db.close();
+}
+
+// ---------------------------------------------------------------------------
+// Learnings CRUD
+// ---------------------------------------------------------------------------
+
+export function insertLearning(db, record) {
+  const id = crypto.randomUUID();
+  const createdAt = new Date().toISOString();
+
+  db.prepare(`
+    INSERT INTO learnings (id, source_run, category, scope_roles, scope_stacks, scope_concerns, confidence, content, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    id,
+    record.source_run,
+    record.category,
+    record.scope_roles ?? '',
+    record.scope_stacks ?? '',
+    record.scope_concerns ?? '',
+    record.confidence ?? 'medium',
+    record.content,
+    createdAt,
+  );
+
+  return id;
+}
+
+export function getLearningsByScope(db, filters = {}) {
+  const conditions = [];
+  const params = [];
+
+  if (filters.roles) {
+    conditions.push("scope_roles LIKE ?");
+    params.push(`%${filters.roles}%`);
+  }
+
+  if (filters.stacks) {
+    conditions.push("scope_stacks LIKE ?");
+    params.push(`%${filters.stacks}%`);
+  }
+
+  if (filters.concerns) {
+    conditions.push("scope_concerns LIKE ?");
+    params.push(`%${filters.concerns}%`);
+  }
+
+  if (filters.confidence) {
+    conditions.push("confidence = ?");
+    params.push(filters.confidence);
+  }
+
+  const where = conditions.length > 0 ? `WHERE ${conditions.join(' AND ')}` : '';
+  const limit = filters.limit ? `LIMIT ${Number(filters.limit)}` : '';
+
+  return db.prepare(`
+    SELECT * FROM learnings ${where} ORDER BY created_at DESC ${limit}
+  `).all(...params);
+}
+
+export function updateLearningRecurrence(db, id) {
+  const now = new Date().toISOString();
+
+  db.prepare(`
+    UPDATE learnings
+    SET recurrence_count = recurrence_count + 1,
+        last_applied = ?
+    WHERE id = ?
+  `).run(now, id);
+}
+
+export function getRecurringLearnings(db, minCount) {
+  return db.prepare(`
+    SELECT * FROM learnings
+    WHERE recurrence_count >= ?
+    ORDER BY recurrence_count DESC
+  `).all(minCount);
+}
+
+// ---------------------------------------------------------------------------
+// Findings CRUD
+// ---------------------------------------------------------------------------
+
+export function insertFinding(db, record) {
+  const id = crypto.randomUUID();
+  const findingHash = record.finding_hash ?? hashDescription(record.description);
+  const createdAt = new Date().toISOString();
+
+  db.prepare(`
+    INSERT INTO findings (id, run_id, phase, source, severity, description, finding_hash, created_at)
+    VALUES (?, ?, ?, ?, ?, ?, ?, ?)
+  `).run(
+    id,
+    record.run_id,
+    record.phase,
+    record.source,
+    record.severity,
+    record.description,
+    findingHash,
+    createdAt,
+  );
+
+  return id;
+}
+
+export function getFindingsByRun(db, runId) {
+  return db.prepare(`
+    SELECT * FROM findings
+    WHERE run_id = ?
+    ORDER BY created_at ASC
+  `).all(runId);
+}
+
+export function getRecurringFindingHashes(db, minOccurrences) {
+  return db.prepare(`
+    SELECT finding_hash, COUNT(*) AS count
+    FROM findings
+    GROUP BY finding_hash
+    HAVING COUNT(*) >= ?
+    ORDER BY count DESC
+  `).all(minOccurrences);
+}
+
+export function resolveFinding(db, id) {
+  db.prepare(`
+    UPDATE findings SET resolved = 1 WHERE id = ?
+  `).run(id);
+}
+
+// ---------------------------------------------------------------------------
+// Audit history
+// ---------------------------------------------------------------------------
+
+export function insertAuditRecord(db, record) {
+  db.prepare(`
+    INSERT INTO audit_history (run_id, finding_count, fix_count, manual_count, quality_score_before, quality_score_after)
+    VALUES (?, ?, ?, ?, ?, ?)
+  `).run(
+    record.run_id,
+    record.finding_count ?? 0,
+    record.fix_count ?? 0,
+    record.manual_count ?? 0,
+    record.quality_score_before ?? null,
+    record.quality_score_after ?? null,
+  );
+}
+
+export function getAuditTrend(db, limit) {
+  const limitClause = limit ? `LIMIT ${Number(limit)}` : '';
+
+  return db.prepare(`
+    SELECT * FROM audit_history
+    ORDER BY date DESC, id DESC
+    ${limitClause}
+  `).all();
+}
+
+// ---------------------------------------------------------------------------
+// Usage
+// ---------------------------------------------------------------------------
+
+export function insertUsageRecord(db, record) {
+  db.prepare(`
+    INSERT INTO usage_aggregate (run_id, tokens_saved, bytes_avoided, savings_ratio, index_queries, routing_decisions)
+    VALUES (?, ?, ?, ?, ?, ?)
+  `).run(
+    record.run_id,
+    record.tokens_saved ?? 0,
+    record.bytes_avoided ?? 0,
+    record.savings_ratio ?? 0.0,
+    record.index_queries ?? 0,
+    record.routing_decisions ?? 0,
+  );
+}
+
+export function getUsageSummary(db) {
+  const row = db.prepare(`
+    SELECT
+      COALESCE(SUM(tokens_saved), 0) AS total_tokens_saved,
+      COALESCE(SUM(bytes_avoided), 0) AS total_bytes_avoided,
+      CASE WHEN COUNT(*) > 0 THEN AVG(savings_ratio) ELSE 0.0 END AS avg_savings_ratio,
+      COALESCE(SUM(index_queries), 0) AS total_index_queries,
+      COUNT(*) AS run_count
+    FROM usage_aggregate
+  `).get();
+
+  return row;
+}
+
+// ---------------------------------------------------------------------------
+// Stats (for CLI)
+// ---------------------------------------------------------------------------
+
+export function getStateCounts(db) {
+  return {
+    learning_count: db.prepare('SELECT COUNT(*) AS count FROM learnings').get().count,
+    finding_count: db.prepare('SELECT COUNT(*) AS count FROM findings').get().count,
+    audit_count: db.prepare('SELECT COUNT(*) AS count FROM audit_history').get().count,
+    usage_count: db.prepare('SELECT COUNT(*) AS count FROM usage_aggregate').get().count,
+  };
+}

package/tooling/src/status/command.js

@@ -5,6 +5,46 @@ import { parseCommandOptions } from '../command-options.js';
 import { readYamlFile } from '../loaders.js';
 import { findProjectRoot } from '../project-root.js';
 import { resolveStateRoot } from '../state-root.js';
+import { estimateTokens } from '../capture/usage.js';
+
+function readUsageSavingsSummary(stateRoot, runId) {
+  const usagePath = path.join(stateRoot, 'runs', runId, 'usage.json');
+
+  if (!fs.existsSync(usagePath)) {
+    return null;
+  }
+
+  try {
+    const usage = JSON.parse(fs.readFileSync(usagePath, 'utf8'));
+    const cr = usage.savings?.capture_routing ?? {};
+    const cm = usage.savings?.context_mode ?? {};
+    const co = usage.savings?.compaction ?? {};
+    const iq = usage.savings?.index_queries ?? {};
+
+    const crTokensSaved = cr.estimated_tokens_avoided ?? 0;
+    const cmRawTokens = estimateTokens(Math.round((cm.raw_kb ?? 0) * 1024));
+    const cmAfterTokens = estimateTokens(Math.round((cm.context_kb ?? 0) * 1024));
+    const cmTokensSaved = cmRawTokens - cmAfterTokens;
+    const coTokensSaved = (co.pre_compaction_tokens_est ?? 0) - (co.post_compaction_tokens_est ?? 0);
+    const iqTokensSaved = iq.estimated_tokens_saved ?? 0;
+
+    const totalSaved = crTokensSaved + cmTokensSaved + coTokensSaved + iqTokensSaved;
+
+    if (totalSaved === 0) {
+      return null;
+    }
+
+    const crRawTokens = crTokensSaved + estimateTokens(cr.summary_bytes ?? 0);
+    const withoutSavings = crRawTokens + cmRawTokens + (co.pre_compaction_tokens_est ?? 0);
+    const pct = withoutSavings > 0
+      ? `${((totalSaved / withoutSavings) * 100).toFixed(0)}%`
+      : '0%';
+
+    return `Context savings: ~${totalSaved.toLocaleString('en-US')} tokens saved (${pct} reduction)`;
+  } catch {
+    return null;
+  }
+}
 
 function success(payload, options = {}) {
   if (options.json) {
@@ -14,9 +54,20 @@ function success(payload, options = {}) {
     };
   }
 
+  const parentPhase = payload.parent_phase ?? payload.phase;
+  const workflow = payload.workflow;
+  const phaseLabel = workflow
+    ? `Phase: ${parentPhase} > Workflow: ${workflow}`
+    : `Phase: ${parentPhase}`;
+  let output = `${payload.run_id} ${phaseLabel} ${payload.status}\n`;
+
+  if (payload.savings_summary) {
+    output += `${payload.savings_summary}\n`;
+  }
+
   return {
     exitCode: 0,
-    stdout: `${payload.run_id} ${payload.phase} ${payload.status}\n`,
+    stdout: output,
   };
 }
 
@@ -61,6 +112,12 @@ export function runStatusCommand(parsed, context = {}) {
       status_path: statusPath,
     };
 
+    const savingsSummary = readUsageSavingsSummary(stateRoot, options.run);
+
+    if (savingsSummary) {
+      payload.savings_summary = savingsSummary;
+    }
+
     return success(payload, { json: options.json });
   } catch (error) {
     return {

package/tooling/src/verify/proof-collector.js

@@ -0,0 +1,299 @@
+import fs from 'node:fs';
+import path from 'node:path';
+import { execFileSync } from 'node:child_process';
+
+const WEB_FRAMEWORKS = ['next', 'vite', 'react-scripts', '@angular/cli', 'nuxt', 'astro', 'gatsby'];
+const API_FRAMEWORKS = ['express', 'fastify', 'hono', 'koa', '@nestjs/core', '@hapi/hapi'];
+
+/**
+ * Detect whether a project produces runnable output and what type.
+ *
+ * @param {string} projectRoot
+ * @returns {'web' | 'api' | 'cli' | 'library'}
+ */
+export function detectRunnableType(projectRoot) {
+  const pkgPath = path.join(projectRoot, 'package.json');
+  if (!fs.existsSync(pkgPath)) return 'library';
+
+  let pkg;
+  try {
+    pkg = JSON.parse(fs.readFileSync(pkgPath, 'utf8'));
+  } catch {
+    return 'library';
+  }
+
+  const allDeps = { ...pkg.dependencies, ...pkg.devDependencies };
+
+  if (WEB_FRAMEWORKS.some((fw) => fw in allDeps)) return 'web';
+  if (API_FRAMEWORKS.some((fw) => fw in allDeps)) return 'api';
+  if (pkg.bin) return 'cli';
+
+  return 'library';
+}
+
+/**
+ * Run a command safely using execFileSync (no shell injection).
+ *
+ * @param {string} cmd - The executable
+ * @param {string[]} args - Arguments array
+ * @param {string} cwd
+ * @returns {{ exit_code: number, stdout: string, stderr: string }}
+ */
+function runCommand(cmd, args, cwd) {
+  try {
+    const stdout = execFileSync(cmd, args, {
+      cwd,
+      encoding: 'utf8',
+      timeout: 60000,
+      stdio: ['pipe', 'pipe', 'pipe'],
+    });
+    return { exit_code: 0, stdout: stdout.trim(), stderr: '' };
+  } catch (err) {
+    return {
+      exit_code: err.status ?? 1,
+      stdout: (err.stdout ?? '').trim(),
+      stderr: (err.stderr ?? '').trim(),
+    };
+  }
+}
+
+/**
+ * Summarize command output to a short string.
+ *
+ * @param {string} stdout
+ * @param {number} maxLen
+ * @returns {string}
+ */
+function summarize(stdout, maxLen = 200) {
+  if (!stdout) return '';
+  const lines = stdout.split('\n');
+  if (lines.length <= 5) return stdout.slice(0, maxLen);
+  return [...lines.slice(0, 3), `... (${lines.length} lines total)`, ...lines.slice(-2)]
+    .join('\n')
+    .slice(0, maxLen);
+}
+
+/**
+ * Check if a package.json has a specific script.
+ *
+ * @param {string} projectRoot
+ * @param {string} scriptName
+ * @returns {boolean}
+ */
+function hasScript(projectRoot, scriptName) {
+  try {
+    const pkg = JSON.parse(fs.readFileSync(path.join(projectRoot, 'package.json'), 'utf8'));
+    return !!(pkg.scripts && pkg.scripts[scriptName]);
+  } catch {
+    return false;
+  }
+}
+
+/**
+ * Check if a config file exists for a tool.
+ *
+ * @param {string} projectRoot
+ * @param {string[]} candidates
+ * @returns {boolean}
+ */
+function hasConfigFile(projectRoot, candidates) {
+  return candidates.some((f) => fs.existsSync(path.join(projectRoot, f)));
+}
+
+/**
+ * Collect library-type proof: tests, lint, format, type-check.
+ *
+ * @param {string} projectRoot
+ * @returns {{ tool: string, command: string, exit_code: number, stdout_summary: string, passed: boolean }[]}
+ */
+function collectLibraryEvidence(projectRoot) {
+  const evidence = [];
+
+  // npm test
+  if (hasScript(projectRoot, 'test')) {
+    const result = runCommand('npm', ['test'], projectRoot);
+    evidence.push({
+      tool: 'npm test',
+      command: 'npm test',
+      exit_code: result.exit_code,
+      stdout_summary: summarize(result.stdout),
+      passed: result.exit_code === 0,
+    });
+  }
+
+  // TypeScript type check
+  if (
+    hasConfigFile(projectRoot, ['tsconfig.json']) ||
+    hasScript(projectRoot, 'typecheck')
+  ) {
+    const cmd = hasScript(projectRoot, 'typecheck')
+      ? ['npm', ['run', 'typecheck']]
+      : ['npx', ['tsc', '--noEmit']];
+    const result = runCommand(cmd[0], cmd[1], projectRoot);
+    evidence.push({
+      tool: 'tsc',
+      command: cmd[0] + ' ' + cmd[1].join(' '),
+      exit_code: result.exit_code,
+      stdout_summary: summarize(result.exit_code === 0 ? 'No type errors' : result.stdout || result.stderr),
+      passed: result.exit_code === 0,
+    });
+  }
+
+  // ESLint
+  if (
+    hasConfigFile(projectRoot, ['.eslintrc', '.eslintrc.js', '.eslintrc.json', '.eslintrc.yml', 'eslint.config.js', 'eslint.config.mjs']) ||
+    hasScript(projectRoot, 'lint')
+  ) {
+    const cmd = hasScript(projectRoot, 'lint')
+      ? ['npm', ['run', 'lint']]
+      : ['npx', ['eslint', '.']];
+    const result = runCommand(cmd[0], cmd[1], projectRoot);
+    evidence.push({
+      tool: 'eslint',
+      command: cmd[0] + ' ' + cmd[1].join(' '),
+      exit_code: result.exit_code,
+      stdout_summary: summarize(result.exit_code === 0 ? 'No lint errors' : result.stdout || result.stderr),
+      passed: result.exit_code === 0,
+    });
+  }
+
+  // Prettier
+  if (
+    hasConfigFile(projectRoot, ['.prettierrc', '.prettierrc.js', '.prettierrc.json', '.prettierrc.yml', 'prettier.config.js', 'prettier.config.mjs']) ||
+    hasScript(projectRoot, 'format:check')
+  ) {
+    const cmd = hasScript(projectRoot, 'format:check')
+      ? ['npm', ['run', 'format:check']]
+      : ['npx', ['prettier', '--check', '.']];
+    const result = runCommand(cmd[0], cmd[1], projectRoot);
+    evidence.push({
+      tool: 'prettier',
+      command: cmd[0] + ' ' + cmd[1].join(' '),
+      exit_code: result.exit_code,
+      stdout_summary: summarize(result.exit_code === 0 ? 'All files formatted' : result.stdout || result.stderr),
+      passed: result.exit_code === 0,
+    });
+  }
+
+  return evidence;
+}
+
+/**
+ * Collect web-type proof: build + library checks.
+ *
+ * @param {string} projectRoot
+ * @returns {{ tool: string, command: string, exit_code: number, stdout_summary: string, passed: boolean }[]}
+ */
+function collectWebEvidence(projectRoot) {
+  const evidence = [];
+
+  // Build
+  if (hasScript(projectRoot, 'build')) {
+    const result = runCommand('npm', ['run', 'build'], projectRoot);
+    evidence.push({
+      tool: 'build',
+      command: 'npm run build',
+      exit_code: result.exit_code,
+      stdout_summary: summarize(result.stdout),
+      passed: result.exit_code === 0,
+    });
+  }
+
+  // Also run library checks (tests, lint, etc.)
+  evidence.push(...collectLibraryEvidence(projectRoot));
+
+  return evidence;
+}
+
+/**
+ * Collect API-type proof: library checks (server start/stop is complex, defer to manual).
+ *
+ * @param {string} projectRoot
+ * @returns {{ tool: string, command: string, exit_code: number, stdout_summary: string, passed: boolean }[]}
+ */
+function collectApiEvidence(projectRoot) {
+  return collectLibraryEvidence(projectRoot);
+}
+
+/**
+ * Collect CLI-type proof: --help output + library checks.
+ *
+ * @param {string} projectRoot
+ * @returns {{ tool: string, command: string, exit_code: number, stdout_summary: string, passed: boolean }[]}
+ */
+function collectCliEvidence(projectRoot) {
+  const evidence = [];
+
+  try {
+    const pkg = JSON.parse(fs.readFileSync(path.join(projectRoot, 'package.json'), 'utf8'));
+    const binEntry = typeof pkg.bin === 'string' ? pkg.bin : Object.values(pkg.bin || {})[0];
+    if (binEntry) {
+      const binPath = path.join(projectRoot, binEntry);
+      if (fs.existsSync(binPath)) {
+        const result = runCommand('node', [binPath, '--help'], projectRoot);
+        evidence.push({
+          tool: 'cli --help',
+          command: `node ${binEntry} --help`,
+          exit_code: result.exit_code,
+          stdout_summary: summarize(result.stdout),
+          passed: result.exit_code === 0,
+        });
+      }
+    }
+  } catch { /* ignore */ }
+
+  evidence.push(...collectLibraryEvidence(projectRoot));
+
+  return evidence;
+}
+
+/**
+ * Collect proof of implementation for a task.
+ *
+ * @param {{ id: string, title: string }} taskSpec
+ * @param {{ projectRoot: string, runId?: string, stateRoot?: string }} runConfig
+ * @returns {Promise<{ task_id: string, type: string, timestamp: string, evidence: object[], status: string, all_passed: boolean }>}
+ */
+export async function collectProof(taskSpec, runConfig) {
+  const { projectRoot } = runConfig;
+  const type = detectRunnableType(projectRoot);
+
+  let evidence;
+  switch (type) {
+    case 'web':
+      evidence = collectWebEvidence(projectRoot);
+      break;
+    case 'api':
+      evidence = collectApiEvidence(projectRoot);
+      break;
+    case 'cli':
+      evidence = collectCliEvidence(projectRoot);
+      break;
+    default:
+      evidence = collectLibraryEvidence(projectRoot);
+  }
+
+  const allPassed = evidence.length === 0 || evidence.every((e) => e.passed);
+
+  const result = {
+    task_id: taskSpec.id,
+    type,
+    timestamp: new Date().toISOString(),
+    evidence,
+    status: allPassed ? 'pass' : 'fail',
+    all_passed: allPassed,
+  };
+
+  // Save to artifacts if runId provided
+  if (runConfig.runId && runConfig.stateRoot) {
+    const artifactDir = path.join(runConfig.stateRoot, 'runs', runConfig.runId, 'artifacts');
+    if (fs.existsSync(artifactDir)) {
+      fs.writeFileSync(
+        path.join(artifactDir, `proof-${taskSpec.id}.json`),
+        JSON.stringify(result, null, 2) + '\n',
+      );
+    }
+  }
+
+  return result;
+}