atris 3.29.0 → 3.30.1

package/commands/workflow.js

@@ -555,7 +555,7 @@ async function planAtris(userInput = null) {
   printConfidenceGate('   ');
   console.log('3) Write tasks to atris/TODO.md under ## Backlog');
   console.log('   Format: - **T#:** Description [explore|execute]');
-  console.log('4) Log to atris/team/navigator/journal/YYYY-MM-DD.md');
+  console.log('4) Log to atris/team/navigator/logs/YYYY-MM-DD.md');
   console.log('   (Task, Delivered, User reaction, Pattern)');
   if (atris2Mode) {
     console.log('5) EXECUTE MODE ENABLED: Will execute tasks directly.');
@@ -636,7 +636,7 @@ async function planAtris(userInput = null) {
     userPrompt += `   - Each task: one job, clear exit condition\n`;
     userPrompt += `   - Include file:line references from MAP.md\n\n`;
     userPrompt += `STEP 5: Log to your journal\n`;
-    userPrompt += `   - Write to atris/team/navigator/journal/YYYY-MM-DD.md\n`;
+    userPrompt += `   - Write to atris/team/navigator/logs/YYYY-MM-DD.md\n`;
     userPrompt += `   - Include: Task, Delivered, User reaction, Pattern\n`;
     userPrompt += `   - Your journal is how you learn — record what worked\n\n`;
     userPrompt += `Start planning now. Read MAP.md for file references.`;
@@ -900,7 +900,7 @@ async function doAtris() {
   console.log('3) Execute step-by-step. Run tests as you go.');
   console.log('4) Before completion, rerun the gate against proof and residual risk');
   console.log('5) When done, move task to ## Completed');
-  console.log('6) Log to atris/team/executor/journal/YYYY-MM-DD.md');
+  console.log('6) Log to atris/team/executor/logs/YYYY-MM-DD.md');
   console.log('   (Task, Delivered, Errors hit, Learned)');
   console.log('');
   console.log('⛔ Do NOT plan — just execute what\'s written.');
@@ -989,7 +989,7 @@ async function doAtris() {
     userPrompt += `4. Execute task: Use file edit tools, terminal commands, etc.\n`;
     userPrompt += `5. Before completion, rerun the gate against proof and residual risk\n`;
     userPrompt += `6. Move task to ## Completed in TODO.md\n`;
-    userPrompt += `7. Log to atris/team/executor/journal/YYYY-MM-DD.md\n`;
+    userPrompt += `7. Log to atris/team/executor/logs/YYYY-MM-DD.md\n`;
     userPrompt += `   (Task, Delivered, Errors hit, Learned)\n`;
     userPrompt += `8. Use MAP.md to navigate codebase\n\n`;
     userPrompt += `DO NOT just describe what you would do - actually edit files and execute commands!\n`;
@@ -1288,7 +1288,7 @@ async function reviewAtris() {
     console.log('4) Confirm active task state is clean: no unresolved Backlog/In Progress/Blocked rows for the reviewed work.');
     console.log('   If durable task state changed, regenerate the readable view with `atris task render --out atris/TODO.md`.');
     console.log('   Do not hand-delete rendered completed history; use `atris task list --status done` for the ledger.');
-    console.log('5) Log to atris/team/validator/journal/YYYY-MM-DD.md');
+    console.log('5) Log to atris/team/validator/logs/YYYY-MM-DD.md');
     console.log('   (Task, Result, Issues found, Learned)');
     console.log('6) If anything surprised you, append to atris/lessons.md.');
     console.log('');
@@ -1389,7 +1389,7 @@ async function reviewAtris() {
     userPrompt += `  • Confirm active task state is clean — no unresolved Backlog/In Progress/Blocked rows for reviewed work.\n`;
     userPrompt += `    If durable task state changed, regenerate the readable view with \`atris task render --out atris/TODO.md\`.\n`;
     userPrompt += `    Do not hand-delete rendered completed history; if a task fails, move or mark it blocked with a note.\n`;
-    userPrompt += `  • Log to atris/team/validator/journal/YYYY-MM-DD.md\n`;
+    userPrompt += `  • Log to atris/team/validator/logs/YYYY-MM-DD.md\n`;
     userPrompt += `    (Task, Result, Issues found, Learned)\n`;
     userPrompt += `  • If anything surprised you, append to atris/lessons.md\n`;
     userPrompt += `  • EVOLUTION: If you see drift in the logs, propose a tool upgrade.\n\n`;

package/commands/xp.js

@@ -2106,7 +2106,16 @@ function renderSync(payload) {
     console.log('Login auth mapped this sync to your Atris account.');
   }
   console.log(`Packet ${payload.packet_hash}`);
-  console.log(`Leaderboard: ${AGENTXP_LEADERBOARD_URL}`);
+  const publicAccepted = asNumber(server.public_accepted_count);
+  const internalAccepted = asNumber(server.internal_accepted_count);
+  if (publicAccepted > 0) {
+    console.log(`Published to AgentXP: ${AGENTXP_LEADERBOARD_URL}`);
+  } else if (internalAccepted > 0 || server.private_agentxp) {
+    console.log('Saved internally. Public AgentXP was not updated.');
+    console.log('To publish publicly, run: atris xp sync --all --public');
+  } else {
+    console.log(`Leaderboard: ${AGENTXP_LEADERBOARD_URL}`);
+  }
 }
 
 function render(payload) {

package/lib/file-ops.js

@@ -57,7 +57,7 @@ function createLogFile(logFile, dateFormatted) {
       const prevMonth = String(prev.getMonth() + 1).padStart(2, '0');
       const prevDay = String(prev.getDate()).padStart(2, '0');
       const prevDateFormatted = `${prevYear}-${prevMonth}-${prevDay}`;
-      const prevLogFile = path.join(process.cwd(), 'atris', 'logs', prevYear.toString(), `${prevDateFormatted}.md`);
+      const { logFile: prevLogFile } = getLogPath(prevDateFormatted);
 
       if (fs.existsSync(prevLogFile)) {
         const prevContent = fs.readFileSync(prevLogFile, 'utf8');

package/lib/journal.js

@@ -3,7 +3,13 @@ const fs = require('fs');
 const path = require('path');
 const os = require('os');
 const { spawnSync } = require('child_process');
-const escapeRegExp = require('./escape-regexp');
+
+// Path/directory helpers for atris/logs/<YYYY>/<YYYY-MM-DD>.md live in lib/file-ops.
+// Re-export them here so existing `require('../lib/journal')` consumers
+// (activate, autopilot, brainstorm, run, status, visualize, workflow) keep working
+// without code changes while we collapse the duplicate-truth bug. PR2/3 will
+// re-point consumers directly at lib/file-ops.
+const { getLogPath, ensureLogDirectory, createLogFile } = require('./file-ops');
 
 /**
  * Check if two timestamps are effectively the same (within 5ms).
@@ -189,78 +195,6 @@ function showLogDiff(localPath, remoteContent) {
   }
 }
 
-function getLogPath(dateStr) {
-  const targetDir = path.join(process.cwd(), 'atris');
-  const date = dateStr ? new Date(dateStr) : new Date();
-  const year = date.getFullYear();
-  const month = String(date.getMonth() + 1).padStart(2, '0');
-  const day = String(date.getDate()).padStart(2, '0');
-  const dateFormatted = `${year}-${month}-${day}`; // YYYY-MM-DD in local time
-
-  const logsDir = path.join(targetDir, 'logs');
-  const yearDir = path.join(logsDir, year.toString());
-  const logFile = path.join(yearDir, `${dateFormatted}.md`);
-
-  return { logsDir, yearDir, logFile, dateFormatted };
-}
-
-function ensureLogDirectory() {
-  const { logsDir, yearDir } = getLogPath();
-
-  if (!fs.existsSync(logsDir)) {
-    fs.mkdirSync(logsDir, { recursive: true });
-  }
-
-  if (!fs.existsSync(yearDir)) {
-    fs.mkdirSync(yearDir, { recursive: true });
-  }
-}
-
-function createLogFile(logFile, dateFormatted) {
-  let carryInProgress = '';
-  let carryBacklog = '';
-  let carryInbox = '';
-
-  try {
-    const [y, m, d] = String(dateFormatted).split('-').map(Number);
-    if (Number.isFinite(y) && Number.isFinite(m) && Number.isFinite(d)) {
-      const prev = new Date(y, m - 1, d);
-      prev.setDate(prev.getDate() - 1);
-
-      const prevYear = prev.getFullYear();
-      const prevMonth = String(prev.getMonth() + 1).padStart(2, '0');
-      const prevDay = String(prev.getDate()).padStart(2, '0');
-      const prevDateFormatted = `${prevYear}-${prevMonth}-${prevDay}`;
-      const prevLogFile = path.join(process.cwd(), 'atris', 'logs', prevYear.toString(), `${prevDateFormatted}.md`);
-
-      if (fs.existsSync(prevLogFile)) {
-        const prevContent = fs.readFileSync(prevLogFile, 'utf8');
-
-        const sectionBody = (headingLine) => {
-          const regex = new RegExp(
-            `## ${escapeRegExp(headingLine)}\\n([\\s\\S]*?)(?=\\n---|\\n## |$)`
-          );
-          const match = prevContent.match(regex);
-          return match ? match[1].trim() : '';
-        };
-
-        carryInProgress = sectionBody('In Progress 🔄');
-        carryBacklog = sectionBody('Backlog');
-        carryInbox = sectionBody('Inbox');
-      }
-    }
-  } catch {
-    // Best-effort carry-forward; never block journal creation.
-  }
-
-  const inProgressBody = carryInProgress ? `${carryInProgress}\n\n` : '';
-  const backlogBody = carryBacklog ? `${carryBacklog}\n\n` : '';
-  const inboxBody = carryInbox ? `${carryInbox}\n\n` : '';
-
-  const initialContent = `# Log — ${dateFormatted}\n\n## Handoff\n\n---\n\n## Completed ✅\n\n---\n\n## In Progress 🔄\n\n${inProgressBody}---\n\n## Backlog\n\n${backlogBody}---\n\n## Notes\n\n---\n\n## Inbox\n\n${inboxBody}\n`;
-  fs.writeFileSync(logFile, initialContent);
-}
-
 module.exports = {
   isSameTimestamp,
   computeContentHash,

package/lib/security-scan.js

@@ -431,10 +431,82 @@ function scoreFindings(findings) {
   return findings.reduce((sum, f) => sum + (score[f.sev] || 0), 0);
 }
 
+// --- the loop's flight recorder + landing ---
+// Takeoff = the overnight loop grinding the repo. Landing = the one clean
+// artifact a human reads after: what changed, what still needs you, the trend.
+// One compact row per run keeps it honest without noise.
+const DEFAULT_LEDGER = path.join('.atris', 'state', 'security_review.jsonl');
+
+function gitCommit(root) {
+  try { return execFileSync('git', ['rev-parse', '--short', 'HEAD'], { cwd: root, encoding: 'utf8', stdio: ['ignore', 'pipe', 'ignore'] }).trim(); }
+  catch { return null; }
+}
+
+function openFingerprints(findings, failOn = 'high') {
+  const threshold = SEVERITY_RANK[failOn] == null ? SEVERITY_RANK.high : SEVERITY_RANK[failOn];
+  return findings.filter((f) => SEVERITY_RANK[f.sev] >= threshold)
+    .map((f) => f.fingerprint || findingFingerprint(f));
+}
+
+function recordRun(root, scan, { failOn = 'high' } = {}) {
+  try {
+    const findings = scan.findings || [];
+    const row = {
+      ts: new Date().toISOString(),
+      commit: gitCommit(root),
+      scanned: scan.scanned || 0,
+      counts: scan.counts || summarizeFindings(findings),
+      accepted: scan.suppressed || 0,
+      open: [...new Set(openFingerprints(findings, failOn))].sort(),
+    };
+    const file = path.join(root, DEFAULT_LEDGER);
+    fs.mkdirSync(path.dirname(file), { recursive: true });
+    fs.appendFileSync(file, JSON.stringify(row) + '\n');
+    return row;
+  } catch { return null; }
+}
+
+function loadLedger(root) {
+  try {
+    return fs.readFileSync(path.join(root, DEFAULT_LEDGER), 'utf8')
+      .split('\n').filter(Boolean)
+      .map((l) => { try { return JSON.parse(l); } catch { return null; } })
+      .filter(Boolean);
+  } catch { return []; }
+}
+
+// Compare the current scan to the last recorded run. Returns the decision-ready
+// landing: cleared-to-ship or hold, what was fixed/appeared, what still needs a
+// human, and the trend over recent runs.
+function buildLanding(root, scan, { failOn = 'high' } = {}) {
+  const ledger = loadLedger(root);
+  const prev = ledger.length ? ledger[ledger.length - 1] : null;
+  const findings = scan.findings || [];
+  const open = findings.filter((f) => SEVERITY_RANK[f.sev] >= (SEVERITY_RANK[failOn] ?? SEVERITY_RANK.high));
+  const openNow = new Set(open.map((f) => f.fingerprint || findingFingerprint(f)));
+  const prevOpen = new Set(prev ? prev.open || [] : []);
+  return {
+    cleared: openNow.size === 0,
+    open,
+    fixed: [...prevOpen].filter((fp) => !openNow.has(fp)).length,
+    appeared: prev ? [...openNow].filter((fp) => !prevOpen.has(fp)).length : openNow.size,
+    accepted: scan.suppressed || 0,
+    scanned: scan.scanned || 0,
+    runs: ledger.length + 1,
+    hadPrevRun: Boolean(prev),
+    // include THIS run as the latest trend point so the posture line is current
+    trend: [
+      ...ledger.slice(-4).map((r) => ({ ts: r.ts, critical: (r.counts && r.counts.critical) || 0, high: (r.counts && r.counts.high) || 0 })),
+      { ts: new Date().toISOString(), critical: (scan.counts && scan.counts.critical) || 0, high: (scan.counts && scan.counts.high) || 0 },
+    ],
+  };
+}
+
 module.exports = {
   scanLine, scanText, scanFile, sensitiveFileFindings, gitTrackedFiles,
   resolveTargets, runScan, SECRET_RULES, PII_RULES, RULES, CODE_RULES,
-  DEFAULT_BASELINE, SEVERITIES, SEVERITY_RANK, normalizeSnippet,
+  DEFAULT_BASELINE, DEFAULT_LEDGER, SEVERITIES, SEVERITY_RANK, normalizeSnippet,
   shannonEntropy, secretQuality, findingFingerprint, summarizeFindings,
   loadBaseline, writeBaseline, applyBaseline, shouldFail, scoreFindings,
+  recordRun, loadLedger, buildLanding,
 };

package/lib/task-db.js

@@ -501,7 +501,7 @@ function doneTask(db, { id, status, actor, allowReview = false, action, proof }
   return { updated: false };
 }
 
-function readyTask(db, { id, actor, proof, lesson, nextTask }) {
+function readyTask(db, { id, actor, proof, lesson, nextTask, resultTrace }) {
   if (!id) throw new Error('id required');
   const text = String(proof || '').trim();
   if (!text) throw new Error('proof required');
@@ -537,20 +537,25 @@ function readyTask(db, { id, actor, proof, lesson, nextTask }) {
   `).run(now, JSON.stringify(metadata), id));
   if (result.changes !== 1) return { ready: false, reason: 'not_open_claimed_or_review' };
   const updated = getTask(db, id);
+  const payload = {
+    proof: text,
+    lesson: metadata.latest_agent_lesson,
+    next_task: metadata.latest_agent_next_task,
+    approval_status: 'pending',
+    review_pass_count: reviewPassCount,
+    agent_certified: metadata.agent_certified === true,
+    agent_certification_policy: metadata.agent_certification_policy || null,
+  };
+  if (resultTrace && typeof resultTrace === 'object') {
+    payload.result_trace = resultTrace;
+    payload.result_packet = `TASK_RESULT_TRACE ${JSON.stringify(resultTrace)}`;
+  }
   const event = appendTaskEvent(db, {
     taskId: id,
     workspaceRoot: updated.workspace_root,
     actor: actor || null,
     eventType: 'proof_ready',
-    payload: {
-      proof: text,
-      lesson: metadata.latest_agent_lesson,
-      next_task: metadata.latest_agent_next_task,
-      approval_status: 'pending',
-      review_pass_count: reviewPassCount,
-      agent_certified: metadata.agent_certified === true,
-      agent_certification_policy: metadata.agent_certification_policy || null,
-    },
+    payload,
   });
   return { ready: true, event, row: updated };
 }
@@ -770,6 +775,9 @@ function stagePacketFromPayload(payload) {
   if (data.proof_needed) lines.push(`proof_needed: ${data.proof_needed}`);
   if (data.first_move) lines.push(`first_move: ${data.first_move}`);
   if (data.next_button) lines.push(`next_button: ${data.next_button}`);
+  if (data.plan_trace && typeof data.plan_trace === 'object') {
+    lines.push(`TASK_PLAN_TRACE ${JSON.stringify(data.plan_trace)}`);
+  }
   return lines.filter(Boolean).join('\n');
 }
 
@@ -797,6 +805,7 @@ function stageTask(db, {
   firstMove,
   nextButton,
   confidence,
+  planTrace,
 }) {
   if (!id) throw new Error('id required');
   const targetStage = cleanStageText(stage).toLowerCase();
@@ -1015,6 +1024,7 @@ function stageTask(db, {
     first_move: cleanStageText(firstMove) || null,
     next_button: metadata.next_button || null,
     confidence: Number.isFinite(confidenceValue) ? metadata.stage_confidence : null,
+    plan_trace: targetStage === 'plan' && planTrace && typeof planTrace === 'object' ? planTrace : null,
   };
   payload.stage_packet = stagePacketFromPayload(payload);
   const updated = getTask(db, id);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "atris",
-  "version": "3.29.0",
+  "version": "3.30.1",
   "main": "bin/atris.js",
   "bin": {
     "atris": "bin/atris.js",