@wazir-dev/cli 1.2.0 → 1.4.0

package/tooling/src/hooks/pretooluse-pipeline-guard.js

@@ -0,0 +1,141 @@
+import fs from 'node:fs';
+import { readPipelineState } from '../state/pipeline-state.js';
+
+// ---------------------------------------------------------------------------
+// Phase → tool restriction rules
+// ---------------------------------------------------------------------------
+
+// Phases where Write/Edit to project files are blocked
+const WRITE_BLOCKED_PHASES = new Set(['clarify', 'verify', 'review']);
+
+// Phases where git commit/push are blocked
+const GIT_BLOCKED_PHASES = new Set(['init', 'clarify', 'verify', 'review']);
+
+// Phases where all tools are unrestricted
+const UNRESTRICTED_PHASES = new Set(['init', 'execute', 'complete']);
+
+// Tools that are always allowed (read-only operations)
+const ALWAYS_ALLOWED_TOOLS = new Set(['Read', 'Grep', 'Glob', 'Agent', 'Skill', 'TaskCreate', 'TaskUpdate', 'TaskList', 'TaskGet']);
+
+// Git commands that modify state
+const GIT_MUTATING_PATTERNS = [
+  /^git\s+commit/,
+  /^git\s+push/,
+  /^git\s+merge/,
+  /^git\s+rebase/,
+  /^git\s+reset/,
+  /^git\s+checkout\s+--/,
+];
+
+// ---------------------------------------------------------------------------
+// Evaluation
+// ---------------------------------------------------------------------------
+
+/**
+ * Evaluate whether a tool call should be allowed in the current pipeline phase.
+ *
+ * @param {string} stateRoot  — path to the pipeline state directory
+ * @param {object} hookInput  — { tool: string, input: object }
+ * @returns {{ decision: 'allow'|'deny', reason?: string }}
+ */
+export function evaluatePreToolUse(stateRoot, hookInput) {
+  const { tool, input = {} } = hookInput;
+
+  // 1. Always-allowed tools (reads are never blocked)
+  if (ALWAYS_ALLOWED_TOOLS.has(tool)) {
+    return { decision: 'allow' };
+  }
+
+  // 2. No state file → not a pipeline session → allow everything
+  let state;
+  try {
+    state = readPipelineState(stateRoot);
+  } catch {
+    return { decision: 'allow' };
+  }
+
+  if (!state || !state.current_phase) {
+    return { decision: 'allow' };
+  }
+
+  const phase = state.current_phase;
+
+  // 3. Unrestricted phases
+  if (UNRESTRICTED_PHASES.has(phase)) {
+    return { decision: 'allow' };
+  }
+
+  // 4. Always-allow: .wazir/ path writes (pipeline state management)
+  if ((tool === 'Write' || tool === 'Edit') && isWazirPath(input.file_path)) {
+    return { decision: 'allow' };
+  }
+
+  // 5. Always-allow: wazir CLI commands
+  if (tool === 'Bash' && isWazirCommand(input.command)) {
+    return { decision: 'allow' };
+  }
+
+  // 6. Check Write/Edit restrictions
+  if ((tool === 'Write' || tool === 'Edit') && WRITE_BLOCKED_PHASES.has(phase)) {
+    return {
+      decision: 'deny',
+      reason: `Write/Edit blocked during "${phase}" phase. This phase is read-only for project files. Only .wazir/ writes are allowed.`,
+    };
+  }
+
+  // 7. Check git mutation restrictions in Bash
+  if (tool === 'Bash' && GIT_BLOCKED_PHASES.has(phase) && isGitMutating(input.command)) {
+    return {
+      decision: 'deny',
+      reason: `Git mutations (commit/push) blocked during "${phase}" phase. Git commits are only allowed during the execute phase.`,
+    };
+  }
+
+  // 8. Default: allow
+  return { decision: 'allow' };
+}
+
+// ---------------------------------------------------------------------------
+// Helpers
+// ---------------------------------------------------------------------------
+
+function isWazirPath(filePath) {
+  if (!filePath) return false;
+  return filePath.includes('.wazir/') || filePath.includes('/.wazir');
+}
+
+function isWazirCommand(command) {
+  if (!command) return false;
+  const trimmed = command.trim();
+  return trimmed.startsWith('wazir ') || trimmed === 'wazir';
+}
+
+function isGitMutating(command) {
+  if (!command) return false;
+  const trimmed = command.trim();
+  return GIT_MUTATING_PATTERNS.some(pattern => pattern.test(trimmed));
+}
+
+// ---------------------------------------------------------------------------
+// CLI entry point
+// ---------------------------------------------------------------------------
+
+const isDirectRun = process.argv[1] && import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/'));
+
+if (isDirectRun) {
+  const stateRoot = process.argv[2] || process.env.WAZIR_STATE_ROOT;
+  if (!stateRoot) {
+    console.log(JSON.stringify({ decision: 'allow' }));
+    process.exit(0);
+  }
+
+  let hookInput = {};
+  try {
+    const input = fs.readFileSync(0, 'utf8').trim();
+    if (input) hookInput = JSON.parse(input);
+  } catch { /* no stdin */ }
+
+  const result = evaluatePreToolUse(stateRoot, hookInput);
+  console.log(JSON.stringify(result));
+  process.exit(0);
+}

package/tooling/src/hooks/stop-pipeline-gate.js

@@ -0,0 +1,92 @@
+import fs from 'node:fs';
+import { readPipelineState, setStopHookActive } from '../state/pipeline-state.js';
+
+const SAFETY_VALVE_REASONS = new Set(['context-limit', 'user-abort']);
+
+/**
+ * Evaluate whether the Stop hook should block or allow conversation end.
+ *
+ * @param {string} stateRoot  — path to the pipeline state directory
+ * @param {object} context    — stop context (may include stop_reason)
+ * @returns {{ decision: 'approve'|'block', reason: string }}
+ */
+export function evaluateStopGate(stateRoot, context = {}) {
+  // 1. No state file → not a pipeline session → allow
+  let state;
+  try {
+    state = readPipelineState(stateRoot);
+  } catch {
+    return { decision: 'approve', reason: 'State read error — allowing stop.' };
+  }
+
+  if (!state) {
+    return { decision: 'approve', reason: 'No pipeline state — no pipeline active, allowing stop.' };
+  }
+
+  // 2. Malformed state (no current_phase)
+  if (!state.current_phase) {
+    return { decision: 'approve', reason: 'Pipeline state malformed — allowing stop.' };
+  }
+
+  // 3. Safety valve: stop_hook_active flag (infinite loop guard)
+  if (state.stop_hook_active) {
+    try { setStopHookActive(stateRoot, false); } catch { /* best effort */ }
+    return { decision: 'approve', reason: 'Stop hook loop guard active — allowing stop to break loop.' };
+  }
+
+  // 4. Safety valve: context-limit or user-abort
+  if (context.stop_reason && SAFETY_VALVE_REASONS.has(context.stop_reason)) {
+    return { decision: 'approve', reason: `Safety valve: ${context.stop_reason} — allowing stop.` };
+  }
+
+  // 5. Init phase — pipeline hasn't started real work yet
+  if (state.current_phase === 'init') {
+    return { decision: 'approve', reason: 'Pipeline at init — no work in progress, allowing stop.' };
+  }
+
+  // 6. Complete phase — all done
+  if (state.current_phase === 'complete') {
+    return { decision: 'approve', reason: 'Pipeline complete — all phases done.' };
+  }
+
+  // 7. Pipeline is in progress — block
+  try { setStopHookActive(stateRoot, true); } catch { /* best effort */ }
+
+  const remaining = getRemainingPhases(state.current_phase);
+  return {
+    decision: 'block',
+    reason: `Pipeline incomplete: currently in "${state.current_phase}" phase. Remaining: ${remaining.join(', ')}. Complete all phases before stopping.`,
+  };
+}
+
+function getRemainingPhases(currentPhase) {
+  const phases = ['clarify', 'execute', 'verify', 'review', 'complete'];
+  const idx = phases.indexOf(currentPhase);
+  if (idx === -1) return phases;
+  return phases.slice(idx);
+}
+
+// ---------------------------------------------------------------------------
+// CLI entry point — reads stateRoot from argv, prints JSON to stdout
+// ---------------------------------------------------------------------------
+
+const isDirectRun = process.argv[1] && import.meta.url.endsWith(process.argv[1].replace(/\\/g, '/'));
+
+if (isDirectRun) {
+  const stateRoot = process.argv[2] || process.env.WAZIR_STATE_ROOT;
+  if (!stateRoot) {
+    console.log(JSON.stringify({ decision: 'approve', reason: 'No state root provided.' }));
+    process.exit(0);
+  }
+
+  // Read context from stdin if available
+  let context = {};
+  try {
+    const input = fs.readFileSync(0, 'utf8').trim();
+    if (input) context = JSON.parse(input);
+  } catch { /* no stdin or invalid JSON */ }
+
+  const result = evaluateStopGate(stateRoot, context);
+  console.log(JSON.stringify(result));
+  process.exit(0);
+}

package/tooling/src/init/auto-detect.js

@@ -244,8 +244,6 @@ export function autoInit(projectRoot, opts = {}) {
     model_mode: 'claude-only',
     default_depth: 'standard',
     default_intent: 'feature',
-    team_mode: 'sequential',
-    parallel_backend: 'none',
     context_mode: contextMode,
     detected_host: host.host,
     detected_stack: stack,

package/tooling/src/init/command.js

@@ -4,10 +4,9 @@ import path from 'node:path';
 import { autoInit, detectHost, detectProjectStack } from './auto-detect.js';
 
 /**
- * wazir init [--auto|--interactive|--force]
+ * wazir init [--auto|--force]
  *
  * Default: --auto (zero-config, no prompts, infer everything)
- * --interactive: legacy mode with @inquirer/prompts (may fail in non-TTY)
  * --force: reinitialize even if already initialized
  */
 export async function runInitCommand(parsed, context = {}) {
@@ -15,7 +14,6 @@ export async function runInitCommand(parsed, context = {}) {
   const wazirDir = path.join(cwd, '.wazir');
   const configPath = path.join(wazirDir, 'state', 'config.json');
   const isForce = parsed.args.includes('--force');
-  const isInteractive = parsed.args.includes('--interactive');
 
   // Already initialized check
   if (fs.existsSync(configPath) && !isForce) {
@@ -25,12 +23,7 @@ export async function runInitCommand(parsed, context = {}) {
     };
   }
 
-  // Interactive mode — legacy prompts (may fail in non-TTY environments like Claude Code)
-  if (isInteractive) {
-    return runInteractiveInit(parsed, context);
-  }
-
-  // Default: auto mode — zero-config
+  // Auto mode — zero-config
   try {
     const result = autoInit(cwd, { context, force: isForce });
 
@@ -65,8 +58,7 @@ export async function runInitCommand(parsed, context = {}) {
       '',
       'Next: /wazir <what you want to build>',
       '',
-      'Power users: `wazir init --interactive` for manual config.',
-      'Override:    `wazir config set model_mode multi-tool`',
+      'Override: `wazir config set model_mode multi-tool`',
       '',
     ];
 
@@ -75,87 +67,3 @@ export async function runInitCommand(parsed, context = {}) {
     return { exitCode: 1, stderr: `Auto-init failed: ${error.message}\n` };
   }
 }
-
-/**
- * Legacy interactive init with @inquirer/prompts.
- * Kept for power users who want manual control.
- * Will fail in non-TTY environments (Claude Code Bash tool).
- */
-async function runInteractiveInit(parsed, context = {}) {
-  const cwd = context.cwd ?? process.cwd();
-  const wazirDir = path.join(cwd, '.wazir');
-  const configPath = path.join(wazirDir, 'state', 'config.json');
-
-  try {
-    const { select } = await import('@inquirer/prompts');
-
-    for (const dir of ['input', 'state', 'runs']) {
-      fs.mkdirSync(path.join(wazirDir, dir), { recursive: true });
-    }
-
-    const modelMode = await select({
-      message: 'How should Wazir run in this project?',
-      choices: [
-        { name: 'Single model (Recommended)', value: 'claude-only' },
-        { name: 'Multi-model (Haiku/Sonnet/Opus routing)', value: 'multi-model' },
-        { name: 'Multi-tool (current model + external reviewers)', value: 'multi-tool' },
-      ],
-      default: 'claude-only',
-    });
-
-    let multiToolTools = [];
-    if (modelMode === 'multi-tool') {
-      const toolChoice = await select({
-        message: 'Which external tools for reviews?',
-        choices: [
-          { name: 'Codex', value: 'codex' },
-          { name: 'Gemini', value: 'gemini' },
-          { name: 'Both', value: 'both' },
-        ],
-      });
-      multiToolTools = toolChoice === 'both' ? ['codex', 'gemini'] : [toolChoice];
-    }
-
-    let codexModel = null;
-    if (multiToolTools.includes('codex')) {
-      codexModel = await select({
-        message: 'Codex model?',
-        choices: [
-          { name: 'gpt-5.3-codex-spark (Recommended)', value: 'gpt-5.3-codex-spark' },
-          { name: 'gpt-5.4', value: 'gpt-5.4' },
-        ],
-        default: 'gpt-5.3-codex-spark',
-      });
-    }
-
-    const host = detectHost();
-    const stack = detectProjectStack(cwd);
-
-    const config = {
-      model_mode: modelMode,
-      ...(modelMode === 'multi-tool' && {
-        multi_tool: {
-          tools: multiToolTools,
-          ...(codexModel && { codex: { model: codexModel } }),
-        },
-      }),
-      default_depth: 'standard',
-      default_intent: 'feature',
-      team_mode: 'sequential',
-      parallel_backend: 'none',
-      detected_host: host.host,
-      detected_stack: stack,
-    };
-    fs.writeFileSync(configPath, JSON.stringify(config, null, 2) + '\n');
-
-    return {
-      exitCode: 0,
-      stdout: `\nInitialized (${modelMode}). Host: ${host.host}. Next: /wazir <request>\n`,
-    };
-  } catch (error) {
-    if (error.name === 'ExitPromptError') {
-      return { exitCode: 130, stderr: '\nInit cancelled.\n' };
-    }
-    return { exitCode: 1, stderr: `${error.message}\n` };
-  }
-}

package/tooling/src/learn/pipeline.js

@@ -0,0 +1,177 @@
+/**
+ * Learning Pipeline — Findings-to-Antipattern Promotion
+ *
+ * 4-stage pipeline: TALLY → CANDIDATE → PROMOTE → ACTIVE
+ *
+ * Stage 1 (TALLY): Automatic. Every finding is hashed, categorized, and
+ *   clustered by canonical pattern. Happens at finding insertion time.
+ *
+ * Stage 2 (CANDIDATE): Automatic. When a cluster reaches the promotion
+ *   threshold (3+ occurrences across 2+ runs), it becomes a candidate.
+ *
+ * Stage 3 (PROMOTE): Human gate. Candidates are proposed for review.
+ *   User accepts or rejects. Accepted candidates become active antipatterns.
+ *
+ * Stage 4 (ACTIVE): Automatic. Active antipatterns are loaded into
+ *   reviewer context for future runs. Hit-rate tracking enables demotion.
+ *
+ * Drift prevention (from research):
+ * - Max 30 active project-level antipatterns
+ * - 90-day TTL on candidates (auto-expire if not reviewed)
+ * - 5% hit-rate demotion threshold (antipatterns that never trigger get demoted)
+ * - Principle consolidation when count exceeds 25
+ */
+
+import crypto from 'node:crypto';
+import {
+  upsertFindingCluster,
+  getClustersReadyForPromotion,
+  promoteClusterToCandidate,
+  insertAntipatternCandidate,
+  getActiveLearningsCount,
+  expireStaleAntipatternCandidates,
+} from '../state/db.js';
+
+const MAX_ACTIVE_ANTIPATTERNS = 30;
+const PROMOTION_THRESHOLD_OCCURRENCES = 3;
+const PROMOTION_THRESHOLD_RUNS = 2;
+
+/**
+ * Normalize a finding description to a canonical form for clustering.
+ * Strips file paths, line numbers, variable names, and normalizes whitespace.
+ */
+export function canonicalizeFinding(description) {
+  return description
+    // Remove file paths
+    .replace(/[a-zA-Z0-9_\-./]+\.[a-zA-Z]{1,4}(:\d+)?/g, '<FILE>')
+    // Remove line numbers
+    .replace(/line \d+/gi, 'line <N>')
+    // Remove quoted identifiers
+    .replace(/['"`][\w.]+['"`]/g, '<ID>')
+    // Remove hex hashes
+    .replace(/[0-9a-f]{7,40}/gi, '<HASH>')
+    // Normalize whitespace
+    .replace(/\s+/g, ' ')
+    .trim()
+    .toLowerCase();
+}
+
+/**
+ * Hash a canonicalized finding for dedup and clustering.
+ */
+export function hashCanonical(canonicalized) {
+  return crypto.createHash('sha256').update(canonicalized).digest('hex').slice(0, 16);
+}
+
+/**
+ * Stage 1: TALLY — Process a finding and cluster it.
+ * Called after each finding is inserted into the findings table.
+ *
+ * @param {object} db - open state database
+ * @param {object} finding - { description, category, finding_hash, run_id }
+ * @returns {string} cluster ID
+ */
+export function tallyFinding(db, finding) {
+  const canonical = canonicalizeFinding(finding.description);
+  const canonicalHash = hashCanonical(canonical);
+
+  return upsertFindingCluster(db, {
+    canonical_hash: canonicalHash,
+    category: finding.category || '',
+    pattern_description: canonical,
+    finding_hash: finding.finding_hash,
+    run_id: finding.run_id,
+    evidence_runs: JSON.stringify([finding.run_id]),
+  });
+}
+
+/**
+ * Stage 2: CANDIDATE — Check clusters that meet the promotion threshold.
+ * Returns clusters ready for promotion.
+ *
+ * @param {object} db - open state database
+ * @returns {Array} clusters ready for promotion
+ */
+export function identifyCandidates(db) {
+  return getClustersReadyForPromotion(
+    db,
+    PROMOTION_THRESHOLD_OCCURRENCES,
+    PROMOTION_THRESHOLD_RUNS,
+  );
+}
+
+/**
+ * Stage 2→3: Promote eligible clusters to candidates and generate
+ * antipattern proposals.
+ *
+ * @param {object} db - open state database
+ * @param {Array} clusters - from identifyCandidates()
+ * @returns {Array} created candidate IDs
+ */
+export function promoteToCandidates(db, clusters) {
+  const activeCount = getActiveLearningsCount(db);
+  if (activeCount >= MAX_ACTIVE_ANTIPATTERNS) {
+    return []; // Drift prevention: don't propose more if at cap
+  }
+
+  const candidateIds = [];
+
+  for (const cluster of clusters) {
+    promoteClusterToCandidate(db, cluster.id);
+
+    const runIds = JSON.parse(cluster.run_ids || '[]');
+    const candidateId = insertAntipatternCandidate(db, {
+      cluster_id: cluster.id,
+      title: `Recurring: ${cluster.category || 'uncategorized'}`,
+      description: cluster.pattern_description,
+      detection_signal: `Pattern occurred ${cluster.occurrence_count} times across ${cluster.distinct_runs} runs`,
+      severity: cluster.occurrence_count >= 5 ? 'high' : 'medium',
+      evidence_runs: runIds,
+      evidence_count: cluster.occurrence_count,
+    });
+
+    candidateIds.push(candidateId);
+  }
+
+  return candidateIds;
+}
+
+/**
+ * Run the full pipeline pass: tally → identify → promote → expire stale.
+ * Called by the learn workflow after a run completes.
+ *
+ * @param {object} db - open state database
+ * @param {string} runId - current run ID
+ * @param {Array} findings - array of { description, category, severity, source }
+ * @returns {object} pipeline results
+ */
+export function runLearningPipeline(db, runId, findings) {
+  // Stage 1: Tally all findings
+  const clusterIds = [];
+  for (const finding of findings) {
+    const hash = crypto.createHash('sha256').update(finding.description).digest('hex');
+    const clusterId = tallyFinding(db, {
+      description: finding.description,
+      category: finding.category || '',
+      finding_hash: hash,
+      run_id: runId,
+    });
+    clusterIds.push(clusterId);
+  }
+
+  // Stage 2: Identify clusters ready for promotion
+  const readyClusters = identifyCandidates(db);
+
+  // Stage 2→3: Promote to candidates
+  const newCandidateIds = promoteToCandidates(db, readyClusters);
+
+  // Housekeeping: expire stale candidates
+  expireStaleAntipatternCandidates(db);
+
+  return {
+    findings_tallied: findings.length,
+    clusters_touched: new Set(clusterIds).size,
+    new_candidates: newCandidateIds.length,
+    candidate_ids: newCandidateIds,
+  };
+}