aienvmp 0.1.65 → 0.1.67
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +25 -0
- package/README.md +40 -24
- package/package.json +1 -1
- package/src/actions.js +9 -3
- package/src/cli.js +1 -1
- package/src/commands/context.js +1 -0
- package/src/commands/handoff.js +32 -0
- package/src/commands/resolve.js +35 -7
- package/src/commands/schema.js +1 -0
- package/src/commands/summary.js +7 -0
- package/src/contract.js +19 -3
- package/src/enforcement.js +24 -0
- package/src/preflight.js +87 -1
- package/src/render.js +39 -1
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,30 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## 0.1.67
|
|
4
|
+
|
|
5
|
+
- Added a dashboard `First read` strip with status, first file, review targets, and local operation mode.
|
|
6
|
+
- Kept the detailed dashboard cards below the top decision area so humans get a faster scan without losing AI context.
|
|
7
|
+
- Added `maintenanceLoop` to the AI preflight contract so agents can repeat refresh, decide, inspect, plan, intent, checkpoint, and handoff steps.
|
|
8
|
+
- Surfaced the maintenance loop in `context --json`, `summary.md`, `AIENV.md`, schema metadata, and regression tests.
|
|
9
|
+
- Added `maintenanceLoop.sbomReview` so AI agents can connect SBOM risk, scanner confidence, review targets, and dependency-change commands.
|
|
10
|
+
- Added medium light-SBOM risk planning guidance to recommended actions.
|
|
11
|
+
- Added `strictDecision` so AI agents and CI can distinguish local warn-only checks from optional strict gates.
|
|
12
|
+
- Surfaced local `doctor --json` and scoped CI strict commands in summary, dashboard, status/context JSON, and tests.
|
|
13
|
+
- Added `handoff.continuation` so the next AI receives maintenance-loop, SBOM-review, and strict-decision guidance without parsing the full preflight.
|
|
14
|
+
- Added the continuation summary to plain Markdown handoff output and schema metadata.
|
|
15
|
+
- Reworked the README first-read flow around shared AI workspaces, the 10-second command path, and the AI maintenance loop.
|
|
16
|
+
- Added `aiLoop` to `schema --json` and plain schema output so AI consumers see the same loop described in the README.
|
|
17
|
+
|
|
18
|
+
## 0.1.66
|
|
19
|
+
|
|
20
|
+
- Added `aienvmp resolve --target <target>` to resolve all open intents for one environment target.
|
|
21
|
+
- Added `aienvmp resolve --all` to close all open intents after coordination.
|
|
22
|
+
- Added `resolve --json` output so AI agents can read resolved refs and counts directly.
|
|
23
|
+
- Kept single-intent `resolve --id` behavior for precise manual cleanup.
|
|
24
|
+
- Updated coordination recommended actions to point at target-based resolve.
|
|
25
|
+
- Updated CLI help and README command guidance for the simplified resolve flow.
|
|
26
|
+
- Added regression tests for target resolve, all resolve, JSON output, and coordination action commands.
|
|
27
|
+
|
|
3
28
|
## 0.1.65
|
|
4
29
|
|
|
5
30
|
- Added a dashboard `Next command` bar directly below the AI control strip.
|
package/README.md
CHANGED
|
@@ -6,28 +6,54 @@
|
|
|
6
6
|
|
|
7
7
|
**AI Environment Map.**
|
|
8
8
|
|
|
9
|
-
`aienvmp` is a lightweight env map and light SBOM for
|
|
9
|
+
`aienvmp` is a lightweight env map and light SBOM for AI coding workspaces.
|
|
10
10
|
|
|
11
|
-
It helps Codex, Claude, Gemini, and humans avoid silent runtime, package manager, dependency, Docker, and security drift.
|
|
11
|
+
It helps Codex, Claude, Gemini, and humans avoid silent runtime, package manager, dependency, Docker, and security drift on shared machines.
|
|
12
|
+
|
|
13
|
+
**Use it when multiple AI agents or people touch the same server, repo, laptop, or CI workspace.**
|
|
14
|
+
|
|
15
|
+
## Why
|
|
16
|
+
|
|
17
|
+
- one AI-readable environment map
|
|
18
|
+
- one lightweight SBOM view
|
|
19
|
+
- one append-only intent and change timeline
|
|
20
|
+
- one human dashboard
|
|
21
|
+
- advisory by default, strict only when requested
|
|
12
22
|
|
|
13
23
|
## 10-Second Use
|
|
14
24
|
|
|
15
25
|
```bash
|
|
16
26
|
npx aienvmp sync
|
|
17
27
|
npx aienvmp status
|
|
28
|
+
npx aienvmp handoff
|
|
29
|
+
```
|
|
30
|
+
|
|
31
|
+
For AI details:
|
|
32
|
+
|
|
33
|
+
```bash
|
|
18
34
|
npx aienvmp context --json
|
|
19
35
|
npx aienvmp schema --json
|
|
20
36
|
```
|
|
21
37
|
|
|
22
|
-
Before environment
|
|
38
|
+
Before an environment-affecting change:
|
|
23
39
|
|
|
24
40
|
```bash
|
|
25
|
-
npx aienvmp intent --actor agent:
|
|
26
|
-
npx aienvmp checkpoint --actor agent:
|
|
41
|
+
npx aienvmp intent --actor agent:id --action "planned-change" --target dependency
|
|
42
|
+
npx aienvmp checkpoint --actor agent:id --summary "dependency-change" --target dependency
|
|
27
43
|
```
|
|
28
44
|
|
|
29
|
-
Use `--dir <workspace>` when AI or CI runs outside the target project.
|
|
30
|
-
|
|
45
|
+
Use `--dir <workspace>` when AI or CI runs outside the target project. Warnings do not block local work by default.
|
|
46
|
+
|
|
47
|
+
## AI Loop
|
|
48
|
+
|
|
49
|
+
1. `sync` refreshes `AIENV.md`, status, summary, SBOM, ledger, and dashboard.
|
|
50
|
+
2. `status` gives the 5-line clear/review decision.
|
|
51
|
+
3. `context --json` gives AI the full preflight contract.
|
|
52
|
+
4. `intent` records planned env changes before touching dependencies, runtimes, package managers, Docker, or global tools.
|
|
53
|
+
5. `checkpoint` records the accepted change, refreshes outputs, and writes a handoff.
|
|
54
|
+
6. `handoff` tells the next AI what to read, what to avoid, and whether SBOM/strict review is needed.
|
|
55
|
+
|
|
56
|
+
Local mode is warn-only. Use `doctor --strict security|policy|coordination|all` only for CI or explicit human-requested gates.
|
|
31
57
|
|
|
32
58
|
## What It Creates
|
|
33
59
|
|
|
@@ -46,23 +72,12 @@ AIENV.md # Markdown env map for AI agents
|
|
|
46
72
|
|
|
47
73
|
## AI Contract
|
|
48
74
|
|
|
49
|
-
- `status`, `context`, `plan`, and `handoff` share one preflight contract.
|
|
50
|
-
- `
|
|
51
|
-
- `
|
|
52
|
-
- `
|
|
53
|
-
- `
|
|
54
|
-
- `
|
|
55
|
-
- `dashboard.html` starts with a 3-card AI control strip plus one next command.
|
|
56
|
-
- `dependencyReadSet` lists manifests and lockfiles before package or security changes.
|
|
57
|
-
- `sbomRisk` gives AI a compact light-SBOM risk level, signals, and next command.
|
|
58
|
-
- `sbom.json.aiDependencyReview` connects SBOM risk, scanner confidence, and safe dependency-change steps.
|
|
59
|
-
- `coordination.conflictTargets` shows where multiple agents are planning changes.
|
|
60
|
-
- `agentActivity.multiActorTargets` shows where multiple agents actually recorded env changes.
|
|
61
|
-
- `followUps` shows records that still need `sync`, `status`, or `handoff`.
|
|
62
|
-
- `handoff` carries dependency read-set and protocol guidance for the next AI.
|
|
63
|
-
- Light SBOM includes source/confidence hints; verify security claims with dedicated scanners.
|
|
64
|
-
- `enforcementProfile.gate` explains when checks warn, fail, and set exit codes.
|
|
65
|
-
- Everything is advisory by default; strict failure is opt-in with `doctor --strict` or `--ci`.
|
|
75
|
+
- `status`, `context`, `plan`, and `handoff` share one additive preflight contract.
|
|
76
|
+
- `maintenanceLoop` gives AI the recurring env-management loop.
|
|
77
|
+
- `sbomRisk` and `sbomReview` connect light SBOM risk to safe dependency-change steps.
|
|
78
|
+
- `collaboration`, `coordination`, and `agentActivity` show multi-agent conflicts and shared targets.
|
|
79
|
+
- `strictDecision` separates local warn-only checks from optional CI strict gates.
|
|
80
|
+
- `schema --json` prints the stable machine-readable contract without scanning.
|
|
66
81
|
|
|
67
82
|
## Agent Files
|
|
68
83
|
|
|
@@ -94,6 +109,7 @@ aienvmp schema --json # stable output contract for AI/CI consumers
|
|
|
94
109
|
aienvmp plan --write # read-only action plan
|
|
95
110
|
aienvmp handoff --record # next-agent summary
|
|
96
111
|
aienvmp intent # record planned env change
|
|
112
|
+
aienvmp resolve --target dependency --actor agent:id
|
|
97
113
|
aienvmp record # record what changed
|
|
98
114
|
aienvmp checkpoint # record + sync + status + handoff after env change
|
|
99
115
|
aienvmp doctor --strict security|policy|coordination|all
|
package/package.json
CHANGED
package/src/actions.js
CHANGED
|
@@ -12,7 +12,7 @@ export function recommendedActions(manifest = {}, context = {}) {
|
|
|
12
12
|
}
|
|
13
13
|
|
|
14
14
|
if (warnings.some((warning) => warning.code === "conflicting-open-intents")) {
|
|
15
|
-
actions.push(action("coordinate-agents", "high", "coordination", "Multiple agents are planning changes to the same environment target. Coordinate with the user before proceeding."));
|
|
15
|
+
actions.push(action("coordinate-agents", "high", "coordination", "Multiple agents are planning changes to the same environment target. Coordinate with the user before proceeding.", "aienvmp resolve --actor agent:id --target <target> --status resolved"));
|
|
16
16
|
}
|
|
17
17
|
|
|
18
18
|
if (warnings.some((warning) => warning.code === "multi-agent-records")) {
|
|
@@ -44,8 +44,14 @@ function sbomRiskActions(risk = {}) {
|
|
|
44
44
|
if (risk.scanner === "off" && risk.vulnerabilityCount === 0) {
|
|
45
45
|
actions.push(action("scan-sbom-risk", "medium", "security", "Run a read-only security scan before dependency or release decisions.", "aienvmp sync --security"));
|
|
46
46
|
}
|
|
47
|
-
if (["urgent", "high"].includes(risk.level)) {
|
|
48
|
-
actions.push(action(
|
|
47
|
+
if (["urgent", "high", "medium"].includes(risk.level)) {
|
|
48
|
+
actions.push(action(
|
|
49
|
+
"review-sbom-risk",
|
|
50
|
+
["urgent", "high"].includes(risk.level) ? "high" : "medium",
|
|
51
|
+
"security",
|
|
52
|
+
`Review light SBOM risk summary before dependency changes: ${(risk.signals || []).slice(0, 2).join("; ") || risk.level}.`,
|
|
53
|
+
"aienvmp plan --write"
|
|
54
|
+
));
|
|
49
55
|
}
|
|
50
56
|
return actions;
|
|
51
57
|
}
|
package/src/cli.js
CHANGED
|
@@ -137,7 +137,7 @@ Advanced:
|
|
|
137
137
|
aienvmp init [--dir .]
|
|
138
138
|
aienvmp scan [--dir .] [--deep] [--security]
|
|
139
139
|
aienvmp intent [--dir .] --actor agent:codex --action "install pnpm"
|
|
140
|
-
aienvmp resolve [--dir .] --actor human:you --id <intent-id
|
|
140
|
+
aienvmp resolve [--dir .] --actor human:you (--id <intent-id>|--target dependency|--all) [--status resolved|cancelled] [--json]
|
|
141
141
|
aienvmp record [--dir .] --actor agent:codex --summary "updated .nvmrc" [--target node] [--before 20] [--after 24]
|
|
142
142
|
aienvmp checkpoint [--dir .] --actor agent:codex --summary "updated dependency" [--target dependency]
|
|
143
143
|
aienvmp snippet [agents|codex|claude|gemini] [--write AGENTS.md]
|
package/src/commands/context.js
CHANGED
|
@@ -28,6 +28,7 @@ export async function contextWorkspace(args) {
|
|
|
28
28
|
preflight,
|
|
29
29
|
aiReadiness: preflight.aiReadiness,
|
|
30
30
|
collaboration: preflight.collaboration,
|
|
31
|
+
maintenanceLoop: preflight.maintenanceLoop,
|
|
31
32
|
coordination: preflight.coordination,
|
|
32
33
|
agentPointers: preflight.agentPointers,
|
|
33
34
|
sbomRisk: preflight.sbomRisk,
|
package/src/commands/handoff.js
CHANGED
|
@@ -62,6 +62,7 @@ export function buildHandoff(manifest, timeline = [], warnings = [], intents = [
|
|
|
62
62
|
inventory: inventorySummary(manifest.inventory),
|
|
63
63
|
security: securitySummary(manifest.security),
|
|
64
64
|
dependencyHandoff: dependencyHandoffSummary(preflight),
|
|
65
|
+
continuation: continuationSummary(preflight),
|
|
65
66
|
coordination: preflight.coordination,
|
|
66
67
|
agentActivity: preflight.agentActivity,
|
|
67
68
|
policy: {
|
|
@@ -86,6 +87,37 @@ export function buildHandoff(manifest, timeline = [], warnings = [], intents = [
|
|
|
86
87
|
};
|
|
87
88
|
}
|
|
88
89
|
|
|
90
|
+
function continuationSummary(preflight = {}) {
|
|
91
|
+
const maintenanceLoop = preflight.maintenanceLoop || {};
|
|
92
|
+
const strictDecision = preflight.enforcementProfile?.strictDecision || preflight.enforcement?.strictDecision || {};
|
|
93
|
+
const sbomReview = maintenanceLoop.sbomReview || {};
|
|
94
|
+
return {
|
|
95
|
+
status: preflight.state || "unknown",
|
|
96
|
+
nextCommand: maintenanceLoop.nextCommand || preflight.nextCommand || "aienvmp status --json",
|
|
97
|
+
readOrder: (maintenanceLoop.readOrder || preflight.readOrder || []).slice(0, 4),
|
|
98
|
+
maintenance: {
|
|
99
|
+
mode: maintenanceLoop.mode || "advisory",
|
|
100
|
+
localImpact: maintenanceLoop.localImpact || "read-only until an AI or human records a change",
|
|
101
|
+
sbomCommand: maintenanceLoop.sbomCommand || "aienvmp sbom --json",
|
|
102
|
+
rule: maintenanceLoop.rule || "Keep local operation advisory and lightweight."
|
|
103
|
+
},
|
|
104
|
+
sbomReview: {
|
|
105
|
+
status: sbomReview.status || "unknown",
|
|
106
|
+
riskLevel: sbomReview.riskLevel || "unknown",
|
|
107
|
+
securityConfidence: sbomReview.securityConfidence || "unknown",
|
|
108
|
+
nextCommand: sbomReview.nextCommand || maintenanceLoop.sbomCommand || "aienvmp sbom --json",
|
|
109
|
+
reviewTargets: (sbomReview.reviewTargets || []).slice(0, 5)
|
|
110
|
+
},
|
|
111
|
+
strict: {
|
|
112
|
+
localCommand: strictDecision.localCommand || "aienvmp doctor --json",
|
|
113
|
+
local: strictDecision.local || "warn-only",
|
|
114
|
+
shouldFailLocal: strictDecision.shouldFailLocal === true,
|
|
115
|
+
ciCommand: strictDecision.ciCommand || "aienvmp doctor --strict all --json",
|
|
116
|
+
rule: strictDecision.rule || "Local checks stay advisory; strict failure is opt-in."
|
|
117
|
+
}
|
|
118
|
+
};
|
|
119
|
+
}
|
|
120
|
+
|
|
89
121
|
function dependencyHandoffSummary(preflight = {}) {
|
|
90
122
|
const protocol = preflight.dependencyChangeProtocol || {};
|
|
91
123
|
return {
|
package/src/commands/resolve.js
CHANGED
|
@@ -5,18 +5,32 @@ import { intentsPath, workspaceDir } from "../paths.js";
|
|
|
5
5
|
export async function resolveWorkspace(args) {
|
|
6
6
|
const dir = workspaceDir(args);
|
|
7
7
|
const actor = required(args.actor, "actor");
|
|
8
|
-
const
|
|
9
|
-
const
|
|
10
|
-
const
|
|
11
|
-
at:
|
|
8
|
+
const refs = await resolveIntentRefs(dir, args);
|
|
9
|
+
const now = new Date().toISOString();
|
|
10
|
+
const entries = refs.map((ref) => ({
|
|
11
|
+
at: now,
|
|
12
12
|
type: "intent-resolved",
|
|
13
13
|
actor,
|
|
14
14
|
ref,
|
|
15
15
|
status: args.status || "resolved",
|
|
16
16
|
reason: args.reason || ""
|
|
17
|
+
}));
|
|
18
|
+
for (const entry of entries) {
|
|
19
|
+
await appendJsonLine(intentsPath(dir), entry);
|
|
20
|
+
}
|
|
21
|
+
const output = {
|
|
22
|
+
status: args.status || "resolved",
|
|
23
|
+
count: entries.length,
|
|
24
|
+
refs,
|
|
25
|
+
actor,
|
|
26
|
+
reason: args.reason || ""
|
|
17
27
|
};
|
|
18
|
-
|
|
19
|
-
|
|
28
|
+
if (args.json) {
|
|
29
|
+
console.log(JSON.stringify(output, null, 2));
|
|
30
|
+
} else if (!args.quiet) {
|
|
31
|
+
console.log(`intents ${output.status}: ${output.count}${refs.length ? ` (${refs.join(", ")})` : ""}`);
|
|
32
|
+
}
|
|
33
|
+
return output;
|
|
20
34
|
}
|
|
21
35
|
|
|
22
36
|
function required(value, name) {
|
|
@@ -24,8 +38,22 @@ function required(value, name) {
|
|
|
24
38
|
return String(value);
|
|
25
39
|
}
|
|
26
40
|
|
|
27
|
-
async function
|
|
41
|
+
async function resolveIntentRefs(dir, args) {
|
|
28
42
|
const open = openIntents(await readJsonl(intentsPath(dir)));
|
|
43
|
+
if (args.all) return open.map((intent) => intent.id);
|
|
44
|
+
if (args.target) {
|
|
45
|
+
const target = String(args.target).trim().toLowerCase();
|
|
46
|
+
const refs = open
|
|
47
|
+
.filter((intent) => String(intent.target || "").trim().toLowerCase() === target)
|
|
48
|
+
.map((intent) => intent.id);
|
|
49
|
+
if (!refs.length) throw new Error(`resolve: no open intents for target "${target}"`);
|
|
50
|
+
return refs;
|
|
51
|
+
}
|
|
52
|
+
const requested = required(args.id || args.ref, "id");
|
|
53
|
+
return [await resolveIntentRef(open, requested)];
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
async function resolveIntentRef(open, requested) {
|
|
29
57
|
const matches = open.filter((intent) => intent.id === requested || intent.id.startsWith(requested));
|
|
30
58
|
if (matches.length === 1) return matches[0].id;
|
|
31
59
|
if (matches.length > 1) {
|
package/src/commands/schema.js
CHANGED
|
@@ -10,6 +10,7 @@ export async function schemaWorkspace(args = {}) {
|
|
|
10
10
|
console.log(`status: ${schema.outputs.status.command}`);
|
|
11
11
|
console.log(`context: ${schema.outputs.context.command}`);
|
|
12
12
|
console.log(`handoff: ${schema.outputs.handoff.command}`);
|
|
13
|
+
console.log(`loop: ${schema.aiLoop.steps.map((item) => item.command).join(" -> ")}`);
|
|
13
14
|
console.log(`rule: ${schema.compatibility.consumerRule}`);
|
|
14
15
|
}
|
|
15
16
|
return schema;
|
package/src/commands/summary.js
CHANGED
|
@@ -38,6 +38,8 @@ export function renderSummary(status = {}, manifest = {}) {
|
|
|
38
38
|
const coordination = status.coordination || {};
|
|
39
39
|
const activity = status.agentActivity || {};
|
|
40
40
|
const collaboration = status.collaboration || {};
|
|
41
|
+
const maintenanceLoop = status.maintenanceLoop || {};
|
|
42
|
+
const sbomReview = maintenanceLoop.sbomReview || {};
|
|
41
43
|
const workspace = manifest.workspace?.root || manifest.workspace?.name || ".";
|
|
42
44
|
const next = status.nextCommand || status.decision?.nextCommand || "aienvmp status";
|
|
43
45
|
const readFirst = status.nextAgent?.readFirst || ".aienvmp/status.json";
|
|
@@ -58,6 +60,7 @@ export function renderSummary(status = {}, manifest = {}) {
|
|
|
58
60
|
const aiNext = aiReadiness.next || "Run aienvmp context --json for details.";
|
|
59
61
|
const aiDependencyReview = manifest.lightSbom?.aiDependencyReview || {};
|
|
60
62
|
const strictPlan = status.enforcementProfile?.strictPlan || status.enforcement?.strictPlan || {};
|
|
63
|
+
const strictDecision = status.enforcementProfile?.strictDecision || status.enforcement?.strictDecision || {};
|
|
61
64
|
|
|
62
65
|
return [
|
|
63
66
|
"# aienvmp summary",
|
|
@@ -66,9 +69,11 @@ export function renderSummary(status = {}, manifest = {}) {
|
|
|
66
69
|
`- AI signals: ${aiSignals.length ? aiSignals.join("; ") : "none"}`,
|
|
67
70
|
`- AI next: ${aiNext}`,
|
|
68
71
|
`- AI collaboration: ${collaboration.status || "unknown"} / ${toList(collaboration.activeTargets).join(", ") || "none"} / ${collaboration.nextCommand || "aienvmp status --json"}`,
|
|
72
|
+
`- AI maintenance loop: ${maintenanceLoop.nextCommand || next}`,
|
|
69
73
|
`- AI safe local work: ${toList(aiReadiness.safeProjectLocalActions)[0] || "read artifacts and avoid environment changes until reviewed"}`,
|
|
70
74
|
`- AI read first: ${readFirst}, then ${detail}`,
|
|
71
75
|
`- mode: advisory by default; strict is opt-in with ${strict}`,
|
|
76
|
+
`- local check: ${strictDecision.localCommand || "aienvmp doctor --json"} (${strictDecision.local || "warn-only"})`,
|
|
72
77
|
`- CI strict: ${strictPlan.ciCommand || `${strict} --json`}`,
|
|
73
78
|
"",
|
|
74
79
|
`- state: ${status.state || "unknown"}`,
|
|
@@ -84,6 +89,7 @@ export function renderSummary(status = {}, manifest = {}) {
|
|
|
84
89
|
`- collaboration rule: ${collaboration.rule || "Record intent before shared environment changes."}`,
|
|
85
90
|
`- coordination: ${coordination.next || "No open environment intents."}`,
|
|
86
91
|
`- recent agent activity: ${activity.next || "No environment records need coordination."}`,
|
|
92
|
+
`- maintenance rule: ${maintenanceLoop.rule || "Refresh, inspect, record intent, checkpoint, and hand off without blocking local operation."}`,
|
|
87
93
|
`- conflict targets: ${conflictTargets.length ? conflictTargets.join(", ") : "none"}`,
|
|
88
94
|
`- multi-actor targets: ${multiActorTargets.length ? multiActorTargets.join(", ") : "none"}`,
|
|
89
95
|
"",
|
|
@@ -91,6 +97,7 @@ export function renderSummary(status = {}, manifest = {}) {
|
|
|
91
97
|
"",
|
|
92
98
|
`- source: ${manifest.lightSbom?.source?.dependencies || "project manifests"}`,
|
|
93
99
|
`- confidence: transitive ${manifest.lightSbom?.confidence?.transitiveDependencies || "not-resolved"}`,
|
|
100
|
+
`- maintenance SBOM review: ${sbomReview.status || "unknown"} / ${sbomReview.securityConfidence || "unknown"} / ${sbomReview.nextCommand || maintenanceLoop.sbomCommand || "aienvmp sbom --json"}`,
|
|
94
101
|
`- AI dependency review: ${aiDependencyReview.status || "unknown"} / ${aiDependencyReview.securityConfidence || "unknown"} / ${aiDependencyReview.beforeDependencyChange?.[0] || "aienvmp sbom --json"}`,
|
|
95
102
|
`- signals: ${riskSignals.length ? riskSignals.join("; ") : "none"}`,
|
|
96
103
|
`- verify: ${sbomRisk.next || "Use a dedicated scanner for security decisions."}`,
|
package/src/contract.js
CHANGED
|
@@ -4,7 +4,7 @@ export function preflightContract() {
|
|
|
4
4
|
version: 1,
|
|
5
5
|
stability: "additive",
|
|
6
6
|
requiredFields: ["schemaVersion", "state", "decision", "quickstart", "commands", "artifacts"],
|
|
7
|
-
aiEntryFields: ["state", "summary", "aiReadiness", "collaboration", "nextAgent", "coordination", "agentActivity", "agentPointers", "sbomRisk", "followUps", "dependencyReadSet", "dependencyChangeProtocol"],
|
|
7
|
+
aiEntryFields: ["state", "summary", "aiReadiness", "collaboration", "maintenanceLoop", "nextAgent", "coordination", "agentActivity", "agentPointers", "sbomRisk", "followUps", "dependencyReadSet", "dependencyChangeProtocol"],
|
|
8
8
|
rule: "Consumers should ignore unknown fields and treat missing optional fields as unavailable."
|
|
9
9
|
};
|
|
10
10
|
}
|
|
@@ -14,6 +14,20 @@ export function schemaContract() {
|
|
|
14
14
|
schemaVersion: 1,
|
|
15
15
|
name: "aienvmp-contract",
|
|
16
16
|
purpose: "Stable AI-readable contract for aienvmp outputs.",
|
|
17
|
+
aiLoop: {
|
|
18
|
+
name: "AI maintenance loop",
|
|
19
|
+
purpose: "Shared lightweight workflow for AI agents that maintain one workspace environment.",
|
|
20
|
+
localMode: "warn-only",
|
|
21
|
+
steps: [
|
|
22
|
+
{ step: "sync", command: "aienvmp sync", purpose: "refresh AIENV.md, status, summary, SBOM, ledger, and dashboard" },
|
|
23
|
+
{ step: "status", command: "aienvmp status", purpose: "read the 5-line clear/review decision" },
|
|
24
|
+
{ step: "context", command: "aienvmp context --json", purpose: "read the full AI preflight contract when details are needed" },
|
|
25
|
+
{ step: "intent", command: "aienvmp intent --actor agent:id --action planned-change --target dependency", purpose: "record planned environment-affecting changes before touching shared state" },
|
|
26
|
+
{ step: "checkpoint", command: "aienvmp checkpoint --actor agent:id --summary dependency-change --target dependency", purpose: "record accepted changes, refresh outputs, and write handoff context" },
|
|
27
|
+
{ step: "handoff", command: "aienvmp handoff", purpose: "tell the next AI what to read, avoid, and review" }
|
|
28
|
+
],
|
|
29
|
+
strictRule: "Local checks are warn-only; use doctor --strict only for CI or explicit human-requested gates."
|
|
30
|
+
},
|
|
17
31
|
outputs: {
|
|
18
32
|
status: {
|
|
19
33
|
file: ".aienvmp/status.json",
|
|
@@ -29,11 +43,11 @@ export function schemaContract() {
|
|
|
29
43
|
},
|
|
30
44
|
context: {
|
|
31
45
|
command: "aienvmp context --json",
|
|
32
|
-
rootFields: ["status", "preflight", "aiReadiness", "collaboration", "coordination", "agentPointers", "decision", "enforcement", "recommendedActions", "workspace", "dependencySnapshot", "lightSbom", "warnings"]
|
|
46
|
+
rootFields: ["status", "preflight", "aiReadiness", "collaboration", "maintenanceLoop", "coordination", "agentPointers", "decision", "enforcement", "recommendedActions", "workspace", "dependencySnapshot", "lightSbom", "warnings"]
|
|
33
47
|
},
|
|
34
48
|
handoff: {
|
|
35
49
|
command: "aienvmp handoff --json",
|
|
36
|
-
rootFields: ["status", "decision", "preflight", "coordination", "dependencyHandoff", "openIntents", "warnings", "recommendedActions", "recentChanges"]
|
|
50
|
+
rootFields: ["status", "decision", "preflight", "continuation", "coordination", "dependencyHandoff", "openIntents", "warnings", "recommendedActions", "recentChanges"]
|
|
37
51
|
},
|
|
38
52
|
manifest: {
|
|
39
53
|
file: ".aienvmp/manifest.json",
|
|
@@ -57,6 +71,8 @@ export function schemaContract() {
|
|
|
57
71
|
localBehavior: "read-only; this command does not scan, install, update, or lock anything.",
|
|
58
72
|
aiReadinessRule: "When aiReadiness.level is review, project-local code work may still continue if aiReadiness.projectLocalWork is allowed; environment changes should follow intent/review guidance.",
|
|
59
73
|
collaborationRule: "Use collaboration.status, activeTargets, and nextCommand as the shortest multi-agent environment coordination hint.",
|
|
74
|
+
maintenanceLoopRule: "Use maintenanceLoop as the short recurring AI workflow: refresh, decide, inspect, plan, intent, checkpoint, and handoff without blocking local operation.",
|
|
75
|
+
strictDecisionRule: "Use enforcement.strictDecision or preflight.enforcementProfile.strictDecision for the shortest local warn-only vs CI strict decision.",
|
|
60
76
|
strictPlanRule: "Use enforcement.strictPlan or preflight.enforcementProfile.strictPlan to choose the narrowest explicit strict scope for CI."
|
|
61
77
|
}
|
|
62
78
|
};
|
package/src/enforcement.js
CHANGED
|
@@ -34,6 +34,7 @@ export function enforcementAdvice(warnings = []) {
|
|
|
34
34
|
suggestedStrictScopes,
|
|
35
35
|
scopes: scopeResults,
|
|
36
36
|
strictPlan: strictScopePlan(suggestedStrictScopes, scopeResults),
|
|
37
|
+
strictDecision: strictDecision(suggestedStrictScopes, scopeResults),
|
|
37
38
|
recommendedCommand: suggestedStrictScopes.length
|
|
38
39
|
? `aienvmp doctor --strict ${suggestedStrictScopes[0]}`
|
|
39
40
|
: "aienvmp doctor --strict all",
|
|
@@ -41,6 +42,29 @@ export function enforcementAdvice(warnings = []) {
|
|
|
41
42
|
};
|
|
42
43
|
}
|
|
43
44
|
|
|
45
|
+
export function strictDecision(suggestedStrictScopes = [], scopeResults = []) {
|
|
46
|
+
const recommendedScope = suggestedStrictScopes[0] || "all";
|
|
47
|
+
const failingScopes = suggestedStrictScopes.slice();
|
|
48
|
+
const passingScopes = scopeResults
|
|
49
|
+
.filter((item) => item.scope !== "all" && item.status === "pass")
|
|
50
|
+
.map((item) => item.scope);
|
|
51
|
+
return {
|
|
52
|
+
local: "warn-only",
|
|
53
|
+
localCommand: "aienvmp doctor --json",
|
|
54
|
+
shouldFailLocal: false,
|
|
55
|
+
ci: failingScopes.length ? "fail-on-recommended-scope" : "optional-health-check",
|
|
56
|
+
recommendedScope,
|
|
57
|
+
recommendedCommand: `aienvmp doctor --strict ${recommendedScope}`,
|
|
58
|
+
ciCommand: `aienvmp doctor --strict ${recommendedScope} --json`,
|
|
59
|
+
failingScopes,
|
|
60
|
+
passingScopes,
|
|
61
|
+
rule: failingScopes.length
|
|
62
|
+
? "Keep local operation advisory; use the first failing scope only when CI or the user wants a gate."
|
|
63
|
+
: "Keep local operation advisory; use --strict all only for explicit CI health checks.",
|
|
64
|
+
whenToUseStrict: "CI, release checks, or explicit human-requested verification."
|
|
65
|
+
};
|
|
66
|
+
}
|
|
67
|
+
|
|
44
68
|
export function strictScopePlan(suggestedStrictScopes = [], scopeResults = []) {
|
|
45
69
|
const firstScope = suggestedStrictScopes[0] || "all";
|
|
46
70
|
return {
|
package/src/preflight.js
CHANGED
|
@@ -20,6 +20,16 @@ export function buildPreflight(manifest = {}, warnings = [], intents = [], timel
|
|
|
20
20
|
const agentPointers = agentPointerSummary(manifest.agentFiles);
|
|
21
21
|
const aiReadiness = aiReadinessSummary({ state, decision, coordination, agentActivity, agentPointers, sbomRisk, followUps });
|
|
22
22
|
const collaboration = collaborationSummary({ state, decision, coordination, agentActivity, followUps, aiReadiness });
|
|
23
|
+
const maintenanceLoop = maintenanceLoopSummary({
|
|
24
|
+
state,
|
|
25
|
+
decision,
|
|
26
|
+
topAction,
|
|
27
|
+
followUps,
|
|
28
|
+
sbomRisk,
|
|
29
|
+
aiDependencyReview: manifest.lightSbom?.aiDependencyReview,
|
|
30
|
+
dependencyReadSet,
|
|
31
|
+
collaboration
|
|
32
|
+
});
|
|
23
33
|
return {
|
|
24
34
|
schemaVersion: 1,
|
|
25
35
|
contract: preflightContract(),
|
|
@@ -38,6 +48,7 @@ export function buildPreflight(manifest = {}, warnings = [], intents = [], timel
|
|
|
38
48
|
reason: "Avoid disrupting shared servers or developer machines while still making drift visible.",
|
|
39
49
|
recommendedStrictCommand: enforcement.recommendedCommand,
|
|
40
50
|
strictPlan: enforcement.strictPlan,
|
|
51
|
+
strictDecision: enforcement.strictDecision,
|
|
41
52
|
strictCommands: [
|
|
42
53
|
"aienvmp doctor --strict security",
|
|
43
54
|
"aienvmp doctor --strict policy",
|
|
@@ -63,6 +74,7 @@ export function buildPreflight(manifest = {}, warnings = [], intents = [], timel
|
|
|
63
74
|
coordination,
|
|
64
75
|
agentActivity,
|
|
65
76
|
collaboration,
|
|
77
|
+
maintenanceLoop,
|
|
66
78
|
agentPointers,
|
|
67
79
|
aiReadiness,
|
|
68
80
|
sbomRisk,
|
|
@@ -90,7 +102,81 @@ export function buildPreflight(manifest = {}, warnings = [], intents = [], timel
|
|
|
90
102
|
recordIntent: intentTargets[0]?.command || "aienvmp intent --actor agent:id --action planned-change"
|
|
91
103
|
},
|
|
92
104
|
topAction,
|
|
93
|
-
nextCommand: topAction?.command || decision.nextCommand
|
|
105
|
+
nextCommand: maintenanceLoop.nextCommand || topAction?.command || decision.nextCommand
|
|
106
|
+
};
|
|
107
|
+
}
|
|
108
|
+
|
|
109
|
+
function maintenanceLoopSummary({ state, decision, topAction, followUps, sbomRisk, aiDependencyReview = {}, dependencyReadSet, collaboration }) {
|
|
110
|
+
const followUpCommand = firstFollowUpCommand(followUps);
|
|
111
|
+
const dependencyAware = dependencyReadSet.length > 0;
|
|
112
|
+
const securityReview = ["urgent", "high", "medium"].includes(sbomRisk?.level || "");
|
|
113
|
+
const scannerOff = sbomRisk?.scanner === "off" || aiDependencyReview.securityConfidence === "scanner-off";
|
|
114
|
+
const nextCommand = followUpCommand
|
|
115
|
+
|| collaboration?.nextCommand
|
|
116
|
+
|| topAction?.command
|
|
117
|
+
|| decision?.nextCommand
|
|
118
|
+
|| "aienvmp status --json";
|
|
119
|
+
const triggers = [
|
|
120
|
+
"start of an AI coding session",
|
|
121
|
+
"before runtime, dependency, package manager, Docker, or global tool changes",
|
|
122
|
+
"after accepted environment changes",
|
|
123
|
+
"before handing work to another AI or human"
|
|
124
|
+
];
|
|
125
|
+
if (securityReview) triggers.push("before dependency or release decisions when SBOM risk is not clear");
|
|
126
|
+
return {
|
|
127
|
+
mode: "advisory",
|
|
128
|
+
localImpact: "read-only until an AI or human intentionally records intent, checkpoint, or handoff",
|
|
129
|
+
state,
|
|
130
|
+
nextCommand,
|
|
131
|
+
triggers,
|
|
132
|
+
readOrder: [
|
|
133
|
+
".aienvmp/status.json",
|
|
134
|
+
".aienvmp/summary.md",
|
|
135
|
+
"aienvmp context --json",
|
|
136
|
+
"AIENV.md"
|
|
137
|
+
],
|
|
138
|
+
cycle: [
|
|
139
|
+
{ step: "refresh", command: "aienvmp sync", when: "workspace env map may be stale" },
|
|
140
|
+
{ step: "decide", command: "aienvmp status --json", when: "first AI read or quick gate" },
|
|
141
|
+
{ step: "inspect", command: "aienvmp context --json", when: "status is review-required or details are needed" },
|
|
142
|
+
{ step: "plan", command: "aienvmp plan --write", when: "warnings, SBOM risk, or multi-agent activity need a read-only plan" },
|
|
143
|
+
{ step: "intent", command: dependencyAware ? "aienvmp intent --actor agent:id --action planned-change --target dependency" : "aienvmp intent --actor agent:id --action planned-change --target environment", when: "before environment-affecting changes" },
|
|
144
|
+
{ step: "checkpoint", command: dependencyAware ? "aienvmp checkpoint --actor agent:id --summary dependency-change --target dependency" : "aienvmp checkpoint --actor agent:id --summary what-changed --target environment", when: "after accepted environment-affecting changes" },
|
|
145
|
+
{ step: "handoff", command: "aienvmp handoff --record --actor agent:id", when: "before another AI continues environment work" }
|
|
146
|
+
],
|
|
147
|
+
sbomCommand: securityReview || scannerOff ? "aienvmp sync --security" : "aienvmp sbom --json",
|
|
148
|
+
sbomReview: sbomReviewSummary({ sbomRisk, aiDependencyReview, securityReview, scannerOff }),
|
|
149
|
+
rule: "Keep local operation advisory and lightweight; use strict checks only when CI or the user explicitly asks."
|
|
150
|
+
};
|
|
151
|
+
}
|
|
152
|
+
|
|
153
|
+
function sbomReviewSummary({ sbomRisk = {}, aiDependencyReview = {}, securityReview = false, scannerOff = false }) {
|
|
154
|
+
const status = securityReview || aiDependencyReview.status === "review" ? "review" : "ready";
|
|
155
|
+
const before = aiDependencyReview.beforeDependencyChange?.length
|
|
156
|
+
? aiDependencyReview.beforeDependencyChange
|
|
157
|
+
: [
|
|
158
|
+
scannerOff ? "aienvmp sync --security" : "aienvmp sbom --json",
|
|
159
|
+
"aienvmp intent --actor agent:id --action dependency-review --target dependency",
|
|
160
|
+
"aienvmp plan --write"
|
|
161
|
+
];
|
|
162
|
+
const after = aiDependencyReview.afterDependencyChange?.length
|
|
163
|
+
? aiDependencyReview.afterDependencyChange
|
|
164
|
+
: [
|
|
165
|
+
"run the narrowest relevant project validation",
|
|
166
|
+
"aienvmp checkpoint --actor agent:id --summary dependency-change --target dependency"
|
|
167
|
+
];
|
|
168
|
+
return {
|
|
169
|
+
status,
|
|
170
|
+
riskLevel: sbomRisk.level || "unknown",
|
|
171
|
+
score: Number(sbomRisk.score || 0),
|
|
172
|
+
securityConfidence: aiDependencyReview.securityConfidence || (scannerOff ? "scanner-off" : "unknown"),
|
|
173
|
+
reviewTargets: aiDependencyReview.reviewTargets || sbomRisk.reviewTargets || [],
|
|
174
|
+
nextCommand: before[0] || "aienvmp sbom --json",
|
|
175
|
+
beforeDependencyChange: before,
|
|
176
|
+
afterDependencyChange: after,
|
|
177
|
+
rule: status === "review"
|
|
178
|
+
? "Review SBOM risk, package manager policy, and dependency read set before dependency changes."
|
|
179
|
+
: "Keep SBOM review lightweight; run security scan before dependency or release decisions when scanner confidence is low."
|
|
94
180
|
};
|
|
95
181
|
}
|
|
96
182
|
|
package/src/render.js
CHANGED
|
@@ -71,6 +71,7 @@ export function renderAIEnv(manifest, timeline = [], warnings = [], intents = []
|
|
|
71
71
|
function preflightLines(preflight = {}) {
|
|
72
72
|
const quickstart = preflight.quickstart;
|
|
73
73
|
const targets = preflight.intentTargets || [];
|
|
74
|
+
const maintenanceLoop = preflight.maintenanceLoop || {};
|
|
74
75
|
const lines = ["## 10-Second AI Flow", ""];
|
|
75
76
|
if (quickstart) {
|
|
76
77
|
lines.push(`- Read first: \`${quickstart.readFirst}\``);
|
|
@@ -82,6 +83,9 @@ function preflightLines(preflight = {}) {
|
|
|
82
83
|
} else {
|
|
83
84
|
lines.push("- Run `aienvmp status --write`, then `aienvmp context --json` before environment changes.");
|
|
84
85
|
}
|
|
86
|
+
if (maintenanceLoop.nextCommand) {
|
|
87
|
+
lines.push(`- Maintenance loop: \`${maintenanceLoop.nextCommand}\` - ${maintenanceLoop.rule || "refresh, inspect, record intent, checkpoint, and hand off"}`);
|
|
88
|
+
}
|
|
85
89
|
lines.push("", "## Recommended Intent Targets", "");
|
|
86
90
|
if (targets.length) {
|
|
87
91
|
for (const target of targets.slice(0, 5)) {
|
|
@@ -212,6 +216,9 @@ export function renderHandoff(handoff) {
|
|
|
212
216
|
`- Inventory: ${handoff.inventory?.mode || "basic"}${handoff.inventory?.enabled ? " enabled" : " disabled"}`,
|
|
213
217
|
`- Security: ${handoff.security?.mode || "basic"}${handoff.security?.enabled ? ` enabled (${handoff.security.summary?.total || 0} vulnerabilities)` : " disabled"}`,
|
|
214
218
|
"",
|
|
219
|
+
"AI continuation:",
|
|
220
|
+
...continuationHandoffLines(handoff.continuation),
|
|
221
|
+
"",
|
|
215
222
|
"Open intents:",
|
|
216
223
|
...(handoff.openIntents.length ? handoff.openIntents.map((i) => `- ${i.actor}: ${i.action}${i.target ? ` (${i.target})` : ""}`) : ["- none"]),
|
|
217
224
|
"",
|
|
@@ -242,6 +249,20 @@ export function renderHandoff(handoff) {
|
|
|
242
249
|
return lines.join("\n");
|
|
243
250
|
}
|
|
244
251
|
|
|
252
|
+
function continuationHandoffLines(continuation = {}) {
|
|
253
|
+
const strict = continuation.strict || {};
|
|
254
|
+
const sbomReview = continuation.sbomReview || {};
|
|
255
|
+
const maintenance = continuation.maintenance || {};
|
|
256
|
+
return [
|
|
257
|
+
`- Next: ${continuation.nextCommand || "aienvmp status --json"}`,
|
|
258
|
+
`- Read: ${(continuation.readOrder || []).join(", ") || ".aienvmp/status.json"}`,
|
|
259
|
+
`- Local check: ${strict.localCommand || "aienvmp doctor --json"} (${strict.local || "warn-only"})`,
|
|
260
|
+
`- CI strict: ${strict.ciCommand || "aienvmp doctor --strict all --json"}`,
|
|
261
|
+
`- SBOM review: ${sbomReview.status || "unknown"} / ${sbomReview.riskLevel || "unknown"} / ${sbomReview.nextCommand || maintenance.sbomCommand || "aienvmp sbom --json"}`,
|
|
262
|
+
`- Rule: ${maintenance.rule || strict.rule || "Keep local operation advisory and lightweight."}`
|
|
263
|
+
];
|
|
264
|
+
}
|
|
265
|
+
|
|
245
266
|
function coordinationHandoffLines(coordination = {}) {
|
|
246
267
|
const conflicts = coordination.conflictTargets || [];
|
|
247
268
|
if (conflicts.length) return [`- Conflicts: ${conflicts.join(", ")}`, `- Next: ${coordination.next || "review open intents"}`];
|
|
@@ -392,6 +413,10 @@ h1,h2,h3,p{margin:0}h1{font-size:clamp(28px,4vw,46px);line-height:1.02;margin-to
|
|
|
392
413
|
.nextbar b{color:var(--green);font-size:12px;text-transform:uppercase;letter-spacing:.08em}
|
|
393
414
|
.nextbar code{display:inline-block;max-width:100%;white-space:normal;overflow-wrap:anywhere}
|
|
394
415
|
.nextbar span{color:var(--muted);font-size:12px;overflow-wrap:anywhere}
|
|
416
|
+
.brief{display:grid;grid-template-columns:1fr 1fr 1fr 1fr;gap:8px;margin:0 0 14px}
|
|
417
|
+
.brief-item{border:1px solid var(--line2);background:rgba(9,19,16,.9);border-radius:8px;padding:10px;min-width:0}
|
|
418
|
+
.brief-k{color:var(--muted);font-size:11px;font-weight:800;text-transform:uppercase;letter-spacing:.08em}
|
|
419
|
+
.brief-v{margin-top:5px;font-size:13px;font-weight:700;color:var(--text);overflow-wrap:anywhere}
|
|
395
420
|
.audit{display:grid;grid-template-columns:1.2fr repeat(3,minmax(0,.8fr));gap:12px;margin:14px 0}
|
|
396
421
|
.audit-item{border:1px solid var(--line);background:rgba(13,24,21,.92);border-radius:8px;padding:14px;min-width:0}
|
|
397
422
|
.audit-item.primary{background:linear-gradient(135deg,rgba(19,61,42,.88),rgba(9,19,16,.95))}
|
|
@@ -417,8 +442,10 @@ code{color:var(--code);background:#0a2017;border:1px solid #17462f;padding:2px 6
|
|
|
417
442
|
@media (max-width:860px){header,.layout{grid-template-columns:1fr}.metrics{grid-template-columns:repeat(2,1fr)}.grid{grid-template-columns:1fr}.agents{grid-template-columns:1fr}}
|
|
418
443
|
@media (max-width:860px){.control{grid-template-columns:1fr}}
|
|
419
444
|
@media (max-width:860px){.nextbar{grid-template-columns:1fr}}
|
|
445
|
+
@media (max-width:860px){.brief{grid-template-columns:1fr 1fr}}
|
|
420
446
|
@media (max-width:860px){.audit{grid-template-columns:1fr 1fr}}
|
|
421
447
|
@media (max-width:520px){.shell{padding:14px}.metrics{grid-template-columns:1fr}.event{grid-template-columns:1fr}h1{font-size:32px}}
|
|
448
|
+
@media (max-width:520px){.brief{grid-template-columns:1fr}}
|
|
422
449
|
@media (max-width:520px){.audit{grid-template-columns:1fr}}
|
|
423
450
|
</style>
|
|
424
451
|
</head>
|
|
@@ -488,7 +515,8 @@ const enforcementProfile=manifest.preflight?.enforcementProfile||{};
|
|
|
488
515
|
const strictCommands=enforcementProfile.strictCommands||[];
|
|
489
516
|
const gate=enforcementProfile.gate||{};
|
|
490
517
|
const strictPlan=enforcementProfile.strictPlan||{};
|
|
491
|
-
const
|
|
518
|
+
const strictDecision=enforcementProfile.strictDecision||{};
|
|
519
|
+
const enforcementHtml=\`<table><tr><th>Default</th><td><code>\${esc(gate.defaultMode||enforcementProfile.defaultMode||'advisory')}</code> \${esc(gate.localDefault||'warn-only')}</td></tr><tr><th>Local</th><td><code>\${esc(strictDecision.localCommand||'aienvmp doctor --json')}</code> \${esc(strictDecision.local||'warn-only')}</td></tr><tr><th>Strict</th><td><code>\${esc(gate.strictMode||'off')}</code></td></tr><tr><th>Fail</th><td>\${esc(gate.failCondition||'never in default mode')}</td></tr><tr><th>Exit</th><td>\${esc(gate.exitCode||'0 unless the command itself errors')}</td></tr><tr><th>Recommended</th><td><code>\${esc(strictDecision.recommendedCommand||strictPlan.recommendedStrictCommand||enforcementProfile.recommendedStrictCommand||'aienvmp doctor --strict all')}</code></td></tr><tr><th>CI</th><td><code>\${esc(strictDecision.ciCommand||strictPlan.ciCommand||'aienvmp doctor --strict all --json')}</code></td></tr></table><div class="timeline">\${strictCommands.slice(0,4).map(cmd=>\`<div class="event"><time>CI</time><div><code>\${esc(cmd)}</code></div></div>\`).join('')}</div><div class="path">\${esc(strictDecision.rule||strictPlan.rule||gate.rule||enforcementProfile.reason||'Warnings stay advisory unless strict mode is requested.')}</div>\`;
|
|
492
520
|
const contract=manifest.preflight?.contract||{};
|
|
493
521
|
const contractHtml=contract.name?\`<table><tr><th>Name</th><td><code>\${esc(contract.name)}</code></td></tr><tr><th>Version</th><td><code>\${esc(contract.version||1)}</code></td></tr><tr><th>Stability</th><td><code>\${esc(contract.stability||'additive')}</code></td></tr><tr><th>AI fields</th><td>\${esc((contract.aiEntryFields||[]).join(', ')||'none')}</td></tr></table><div class="path">\${esc(contract.rule||'Ignore unknown fields.')}</div>\`:'<div class="okline">Run <code>aienvmp status --write</code> to include AI contract metadata.</div>';
|
|
494
522
|
const intentTargets=manifest.preflight?.intentTargets||[];
|
|
@@ -530,6 +558,10 @@ const coordination=manifest.preflight?.coordination||{};
|
|
|
530
558
|
const conflictTargets=coordination.conflictTargets||[];
|
|
531
559
|
const handoffFiles=nextAgent.dependencyFiles?.length?nextAgent.dependencyFiles:(dependencyReadSet[0]?[dependencyReadSet[0].manifest,...(dependencyReadSet[0].lockfiles||[])].filter(Boolean):[]);
|
|
532
560
|
const handoffNext=nextAgent.rule||(reviewRequired?'Review warnings and open intents':'Continue project-local work');
|
|
561
|
+
const firstRead=nextAgent.readFirst||'.aienvmp/status.json';
|
|
562
|
+
const reviewTargets=[...new Set([...(conflictTargets||[]),...(collaboration.activeTargets||[]),...(riskSummary.reviewTargets||[])].filter(Boolean))];
|
|
563
|
+
const safeMode=enforcementProfile.gate?.localDefault||enforcementProfile.localOperation||'warn-only';
|
|
564
|
+
const briefItem=(key,value)=>\`<div class="brief-item"><div class="brief-k">\${key}</div><div class="brief-v">\${esc(value)}</div></div>\`;
|
|
533
565
|
const handoffHtml=\`<table><tr><th>Status</th><td>\${reviewRequired?'review-required':'clear'}</td></tr><tr><th>Trust</th><td><code>\${esc(trustState)}</code></td></tr><tr><th>Read first</th><td><code>\${esc(nextAgent.readFirst||'.aienvmp/status.json')}</code></td></tr><tr><th>Dependency files</th><td>\${handoffFiles.length?'<code>'+esc(handoffFiles.join(', '))+'</code>':'none'}</td></tr><tr><th>Conflicts</th><td>\${conflictTargets.length?'<code>'+esc(conflictTargets.join(', '))+'</code>':'none'}</td></tr><tr><th>Next</th><td>\${esc(handoffNext)}</td></tr></table>\`;
|
|
534
566
|
document.getElementById('app').innerHTML=\`
|
|
535
567
|
<header>
|
|
@@ -550,6 +582,12 @@ document.getElementById('app').innerHTML=\`
|
|
|
550
582
|
<code>\${esc(nextCommand)}</code>
|
|
551
583
|
<span>\${esc(nextReason)}</span>
|
|
552
584
|
</section>
|
|
585
|
+
<section class="brief" aria-label="First read">
|
|
586
|
+
\${briefItem('Status',reviewRequired?'review required':'clear')}
|
|
587
|
+
\${briefItem('Read first',firstRead)}
|
|
588
|
+
\${briefItem('Review targets',reviewTargets.length?reviewTargets.slice(0,4).join(', '):'none')}
|
|
589
|
+
\${briefItem('Local mode',safeMode)}
|
|
590
|
+
</section>
|
|
553
591
|
<section class="audit" aria-label="Audit summary">
|
|
554
592
|
\${auditItem('AI decision',reviewRequired?'review required':'can proceed',nextAction,reviewRequired?'review':'primary')}
|
|
555
593
|
\${auditItem('AI readiness',aiReadiness.level||'unknown',aiReadinessHint,aiReadiness.level==='ready'?'primary':'review')}
|