autonomous-flow-daemon 1.1.0 → 1.9.0

package/src/core/plugin-manager.ts

@@ -0,0 +1,225 @@
+/**
+ * Plugin Manager — third-party validator adapter system.
+ *
+ * Plugin manifest: .afd/plugins/<name>.json
+ * Installed validator wrapper: .afd/validators/plugin-<name>.js
+ *
+ * Installation strategy:
+ *   1. `bun add <package>` → installs to workspace node_modules
+ *   2. Wrap the package's main export in .afd/validators/plugin-<name>.js
+ *   3. Write manifest to .afd/plugins/<name>.json
+ *   Hot-reload is automatic (existing fs.watch on validators dir)
+ */
+
+import { existsSync, mkdirSync, writeFileSync, readFileSync, readdirSync, unlinkSync } from "fs";
+import { join, resolve } from "path";
+import { spawnSync } from "child_process";
+import { findWorkspaceRoot } from "./workspace";
+
+// ── Public Types ─────────────────────────────────────────────────────────────
+
+/**
+ * Contract for third-party validator plugins.
+ * The npm package's main export must satisfy this interface.
+ * A plugin can export a function directly or an object with a `validate` method.
+ */
+export interface ValidatorPlugin {
+  /** Return true if the content is CORRUPTED (should be blocked). */
+  validate(newContent: string, filePath: string): boolean;
+  /** Optional metadata shown by `afd plugin list`. */
+  meta?: {
+    name?: string;
+    description?: string;
+    version?: string;
+  };
+}
+
+export interface PluginManifest {
+  name: string;
+  package: string;
+  version: string;
+  description: string;
+  source: "npm";
+  validatorFile: string;
+  installDate: string;
+}
+
+// ── Paths ────────────────────────────────────────────────────────────────────
+
+function pluginsDir(): string {
+  const root = findWorkspaceRoot();
+  return join(root, ".afd", "plugins");
+}
+
+function validatorsDir(): string {
+  const root = findWorkspaceRoot();
+  return join(root, ".afd", "validators");
+}
+
+function manifestPath(name: string): string {
+  return join(pluginsDir(), `${name}.json`);
+}
+
+function wrapperPath(name: string): string {
+  return join(validatorsDir(), `plugin-${name}.js`);
+}
+
+// ── Install ──────────────────────────────────────────────────────────────────
+
+export interface InstallResult {
+  success: boolean;
+  message: string;
+  manifest?: PluginManifest;
+}
+
+export function installPlugin(packageName: string): InstallResult {
+  const root = findWorkspaceRoot();
+
+  // 1. bun add <package>
+  const addResult = spawnSync("bun", ["add", packageName], {
+    cwd: root,
+    encoding: "utf-8",
+    stdio: "pipe",
+  });
+
+  if (addResult.status !== 0) {
+    return { success: false, message: addResult.stderr?.trim() || `Failed to install ${packageName}` };
+  }
+
+  // 2. Resolve installed package entry point
+  let resolvedMain: string;
+  try {
+    resolvedMain = require.resolve(packageName, { paths: [root] });
+  } catch {
+    // Fallback: try node_modules/<package>/index.js
+    const fallback = join(root, "node_modules", packageName, "index.js");
+    if (!existsSync(fallback)) {
+      return { success: false, message: `Cannot resolve entry point for ${packageName}` };
+    }
+    resolvedMain = fallback;
+  }
+
+  // 3. Validate the plugin exports a usable validator
+  let pluginExport: unknown;
+  try {
+    // eslint-disable-next-line @typescript-eslint/no-require-imports
+    pluginExport = require(resolvedMain);
+  } catch (e) {
+    return { success: false, message: `Failed to load plugin: ${(e as Error).message}` };
+  }
+
+  const isDirectFn = typeof pluginExport === "function";
+  const hasValidate = typeof (pluginExport as ValidatorPlugin)?.validate === "function";
+  if (!isDirectFn && !hasValidate) {
+    return {
+      success: false,
+      message: `Plugin must export a function or an object with a validate(newContent, filePath) method`,
+    };
+  }
+
+  // 4. Read package.json for version/description
+  let pkgVersion = "unknown";
+  let pkgDescription = "";
+  try {
+    const pkgJson = JSON.parse(
+      readFileSync(join(root, "node_modules", packageName, "package.json"), "utf-8")
+    );
+    pkgVersion = pkgJson.version ?? "unknown";
+    pkgDescription = pkgJson.description ?? "";
+  } catch { /* best-effort */ }
+
+  // 5. Write wrapper into .afd/validators/
+  mkdirSync(validatorsDir(), { recursive: true });
+  const safeName = packageName.replace(/[^a-zA-Z0-9_-]/g, "-");
+  const wrapper = buildWrapper(packageName, resolvedMain, isDirectFn);
+  writeFileSync(wrapperPath(safeName), wrapper, "utf-8");
+
+  // 6. Write manifest into .afd/plugins/
+  mkdirSync(pluginsDir(), { recursive: true });
+  const manifest: PluginManifest = {
+    name: safeName,
+    package: packageName,
+    version: pkgVersion,
+    description: pkgDescription,
+    source: "npm",
+    validatorFile: `plugin-${safeName}.js`,
+    installDate: new Date().toISOString(),
+  };
+  writeFileSync(manifestPath(safeName), JSON.stringify(manifest, null, 2), "utf-8");
+
+  return {
+    success: true,
+    message: `Installed ${packageName}@${pkgVersion} → .afd/validators/plugin-${safeName}.js`,
+    manifest,
+  };
+}
+
+// ── List ─────────────────────────────────────────────────────────────────────
+
+export function listPlugins(): PluginManifest[] {
+  const dir = pluginsDir();
+  if (!existsSync(dir)) return [];
+  return readdirSync(dir)
+    .filter((f) => f.endsWith(".json"))
+    .map((f) => {
+      try {
+        return JSON.parse(readFileSync(join(dir, f), "utf-8")) as PluginManifest;
+      } catch {
+        return null;
+      }
+    })
+    .filter(Boolean) as PluginManifest[];
+}
+
+// ── Remove ───────────────────────────────────────────────────────────────────
+
+export interface RemoveResult {
+  success: boolean;
+  message: string;
+}
+
+export function removePlugin(name: string): RemoveResult {
+  const safeName = name.replace(/[^a-zA-Z0-9_-]/g, "-");
+  const mPath = manifestPath(safeName);
+  const wPath = wrapperPath(safeName);
+
+  if (!existsSync(mPath)) {
+    return { success: false, message: `Plugin not found: ${name}` };
+  }
+
+  let manifest: PluginManifest;
+  try {
+    manifest = JSON.parse(readFileSync(mPath, "utf-8"));
+  } catch {
+    return { success: false, message: `Corrupt manifest for ${name}` };
+  }
+
+  // Remove wrapper
+  if (existsSync(wPath)) unlinkSync(wPath);
+
+  // Remove manifest
+  unlinkSync(mPath);
+
+  // bun remove <package>
+  const root = findWorkspaceRoot();
+  spawnSync("bun", ["remove", manifest.package], { cwd: root, stdio: "pipe" });
+
+  return { success: true, message: `Removed plugin ${name} (${manifest.package})` };
+}
+
+// ── Wrapper codegen ──────────────────────────────────────────────────────────
+
+function buildWrapper(packageName: string, resolvedMain: string, isDirectFn: boolean): string {
+  const rel = resolve(resolvedMain).replace(/\\/g, "/");
+  return [
+    `// [afd plugin wrapper] package: ${packageName}`,
+    `// Auto-generated — managed by \`afd plugin\`. Do not edit manually.`,
+    `const _plugin = require(${JSON.stringify(rel)});`,
+    `module.exports = function(newContent, filePath) {`,
+    isDirectFn
+      ? `  return _plugin(newContent, filePath);`
+      : `  return _plugin.validate(newContent, filePath);`,
+    `};`,
+    ``,
+  ].join("\n");
+}

package/src/core/rule-engine.ts

@@ -0,0 +1,287 @@
+/**
+ * Custom Diagnostic Rule Engine
+ *
+ * Loads diagnostic rules from:
+ *   1. Built-in rules (hardcoded IMM-001~003 equivalents)
+ *   2. Project rules: .afd/rules/*.yml
+ *
+ * Each rule defines a condition + severity + auto-heal patches.
+ */
+
+import { existsSync, readFileSync, readdirSync, statSync } from "fs";
+import { join, extname } from "path";
+import { parse as parseYaml } from "./yaml-minimal";
+
+// Re-declare types locally to avoid circular import with immune.ts
+interface Symptom {
+  id: string;
+  patternType: string;
+  fileTarget: string;
+  title: string;
+  description: string;
+  severity: "critical" | "warning" | "info";
+  patches: PatchOp[];
+}
+
+interface PatchOp {
+  op: "add" | "remove" | "replace" | "move" | "copy" | "test";
+  path: string;
+  value?: string;
+}
+
+// ── Rule Definition ──
+
+export interface DiagnosticRule {
+  id: string;
+  title: string;
+  description: string;
+  severity: "critical" | "warning" | "info";
+  condition: RuleCondition;
+  patches: PatchOp[];
+}
+
+export type RuleCondition =
+  | { type: "file-missing"; path: string }
+  | { type: "file-empty"; path: string; minLength?: number }
+  | { type: "file-invalid-json"; path: string }
+  | { type: "file-missing-line"; path: string; pattern: string }
+  | { type: "file-contains"; path: string; pattern: string }; // inverse: triggers when pattern IS found
+
+// ── Built-in Rules (IMM-001~003) ──
+
+const CLAUDEIGNORE_DEFAULT = `# Autonomous Flow Daemon defaults
+node_modules/
+dist/
+.afd/
+*.log
+.env
+`;
+
+const HOOKS_DEFAULT = `{
+  "hooks": []
+}
+`;
+
+const BUILTIN_RULES: DiagnosticRule[] = [
+  {
+    id: "IMM-001",
+    title: "Missing .claudeignore",
+    description:
+      "No .claudeignore found. Without it, AI agents ingest node_modules, build artifacts, and other noise — wasting tokens and degrading context quality.",
+    severity: "critical",
+    condition: { type: "file-missing", path: ".claudeignore" },
+    patches: [{ op: "add", path: "/.claudeignore", value: CLAUDEIGNORE_DEFAULT }],
+  },
+  {
+    id: "IMM-002",
+    title: "Missing or invalid hooks.json",
+    description:
+      "No valid .claude/hooks.json found. Without a hooks file, pre/post-command automation cannot be configured.",
+    severity: "warning",
+    condition: { type: "file-invalid-json", path: ".claude/hooks.json" },
+    patches: [{ op: "add", path: "/.claude/hooks.json", value: HOOKS_DEFAULT }],
+  },
+  {
+    id: "IMM-003",
+    title: "Missing or empty CLAUDE.md",
+    description:
+      "No CLAUDE.md found or content is too short. AI agents have no project constitution to follow.",
+    severity: "critical",
+    condition: { type: "file-empty", path: "CLAUDE.md", minLength: 20 },
+    patches: [{ op: "add", path: "/CLAUDE.md", value: "# Project Constitution\n\n<!-- Add project rules here -->\n" }],
+  },
+];
+
+// ── Condition Evaluator ──
+
+function evaluateCondition(cond: RuleCondition): { triggered: boolean; detail?: string } {
+  switch (cond.type) {
+    case "file-missing":
+      return { triggered: !existsSync(cond.path) };
+
+    case "file-empty": {
+      if (!existsSync(cond.path)) return { triggered: true, detail: "file not found" };
+      try {
+        const content = readFileSync(cond.path, "utf-8").trim();
+        const min = cond.minLength ?? 1;
+        return {
+          triggered: content.length < min,
+          detail: `${content.length} chars (min: ${min})`,
+        };
+      } catch {
+        return { triggered: true, detail: "unreadable" };
+      }
+    }
+
+    case "file-invalid-json": {
+      if (!existsSync(cond.path)) return { triggered: true, detail: "file not found" };
+      try {
+        JSON.parse(readFileSync(cond.path, "utf-8"));
+        return { triggered: false };
+      } catch {
+        return { triggered: true, detail: "invalid JSON" };
+      }
+    }
+
+    case "file-missing-line": {
+      if (!existsSync(cond.path)) return { triggered: true, detail: "file not found" };
+      try {
+        const content = readFileSync(cond.path, "utf-8");
+        const regex = new RegExp(cond.pattern);
+        return { triggered: !regex.test(content), detail: `pattern /${cond.pattern}/ not found` };
+      } catch {
+        return { triggered: true, detail: "unreadable" };
+      }
+    }
+
+    case "file-contains": {
+      if (!existsSync(cond.path)) return { triggered: false }; // file doesn't exist → pattern can't be found
+      try {
+        const content = readFileSync(cond.path, "utf-8");
+        const regex = new RegExp(cond.pattern);
+        return { triggered: regex.test(content), detail: `pattern /${cond.pattern}/ found` };
+      } catch {
+        return { triggered: false };
+      }
+    }
+
+    default:
+      return { triggered: false };
+  }
+}
+
+// ── Rule Loader ──
+
+function loadYamlRules(rulesDir: string): DiagnosticRule[] {
+  if (!existsSync(rulesDir)) return [];
+
+  const rules: DiagnosticRule[] = [];
+
+  let files: string[];
+  try {
+    files = readdirSync(rulesDir).filter(f => extname(f) === ".yml" || extname(f) === ".yaml");
+  } catch {
+    return [];
+  }
+
+  for (const file of files) {
+    const filePath = join(rulesDir, file);
+    try {
+      if (!statSync(filePath).isFile()) continue;
+      const content = readFileSync(filePath, "utf-8");
+      const parsed = parseYaml(content);
+      if (!parsed || !parsed.id || !parsed.condition) continue;
+
+      const rule: DiagnosticRule = {
+        id: String(parsed.id),
+        title: String(parsed.title ?? parsed.id),
+        description: String(parsed.description ?? ""),
+        severity: validateSeverity(parsed.severity),
+        condition: parseCondition(parsed.condition),
+        patches: parsePatchOps(parsed.patches),
+      };
+      rules.push(rule);
+    } catch {
+      // Skip malformed rule files — crash-only design
+    }
+  }
+
+  return rules;
+}
+
+function validateSeverity(val: unknown): "critical" | "warning" | "info" {
+  if (val === "critical" || val === "warning" || val === "info") return val;
+  return "warning";
+}
+
+function parseCondition(raw: unknown): RuleCondition {
+  if (!raw || typeof raw !== "object") return { type: "file-missing", path: "" };
+  const obj = raw as Record<string, unknown>;
+  const type = String(obj.type ?? "file-missing");
+  const path = String(obj.path ?? "");
+
+  switch (type) {
+    case "file-missing":
+      return { type: "file-missing", path };
+    case "file-empty":
+      return { type: "file-empty", path, minLength: Number(obj.minLength ?? 1) };
+    case "file-invalid-json":
+      return { type: "file-invalid-json", path };
+    case "file-missing-line":
+      return { type: "file-missing-line", path, pattern: String(obj.pattern ?? "") };
+    case "file-contains":
+      return { type: "file-contains", path, pattern: String(obj.pattern ?? "") };
+    default:
+      return { type: "file-missing", path };
+  }
+}
+
+function parsePatchOps(raw: unknown): PatchOp[] {
+  if (!Array.isArray(raw)) return [];
+  return raw
+    .filter((p): p is Record<string, unknown> => p && typeof p === "object")
+    .map(p => ({
+      op: (String(p.op ?? "add")) as PatchOp["op"],
+      path: String(p.path ?? ""),
+      value: p.value !== undefined ? String(p.value) : undefined,
+    }));
+}
+
+// ── Public API ──
+
+const RULES_DIR = join(".afd", "rules");
+
+export function loadAllRules(): DiagnosticRule[] {
+  const custom = loadYamlRules(RULES_DIR);
+  // Custom rules can override built-in by ID
+  const customIds = new Set(custom.map(r => r.id));
+  const builtins = BUILTIN_RULES.filter(r => !customIds.has(r.id));
+  return [...builtins, ...custom];
+}
+
+export function evaluateRules(
+  rules: DiagnosticRule[],
+  knownAntibodies: string[],
+  opts?: { raw?: boolean },
+): { symptoms: Symptom[]; healthy: string[] } {
+  const symptoms: Symptom[] = [];
+  const healthy: string[] = [];
+
+  for (const rule of rules) {
+    const result = evaluateCondition(rule.condition);
+
+    if (!result.triggered) {
+      healthy.push("OK");
+      continue;
+    }
+
+    // In raw mode, report all symptoms regardless of antibodies
+    if (!opts?.raw && knownAntibodies.includes(rule.id)) {
+      healthy.push(`${rule.id} (immunized)`);
+      continue;
+    }
+
+    symptoms.push({
+      id: rule.id,
+      patternType: rule.condition.type,
+      fileTarget: "path" in rule.condition ? rule.condition.path : "",
+      title: rule.title,
+      description: result.detail
+        ? `${rule.description} (${result.detail})`
+        : rule.description,
+      severity: rule.severity,
+      patches: rule.patches,
+    });
+  }
+
+  return { symptoms, healthy };
+}
+
+/** Convenience: load rules + evaluate in one call (replaces old diagnose()) */
+export function diagnoseWithRules(
+  knownAntibodies: string[],
+  opts?: { raw?: boolean },
+): { symptoms: Symptom[]; healthy: string[] } {
+  const rules = loadAllRules();
+  return evaluateRules(rules, knownAntibodies, opts);
+}

package/src/core/rule-suggestion.ts

@@ -0,0 +1,127 @@
+/**
+ * Rule Suggestion Engine — analyzes mistake_history to recommend
+ * auto-validator generation for frequently recurring failure patterns.
+ *
+ * Query strategy: aggregate by (file_path, mistake_type), rank by frequency,
+ * filter out patterns already covered by existing validators.
+ */
+
+import { existsSync, readdirSync, readFileSync } from "fs";
+import { join } from "path";
+import { Database } from "bun:sqlite";
+import { VALIDATORS_DIR } from "../daemon/types";
+
+// ── Types ───────────────────────────────────────────────────────────────────
+
+export interface RuleSuggestion {
+  /** Target file path (workspace-relative) */
+  filePath: string;
+  /** Mistake category (English enum) */
+  mistakeType: string;
+  /** Number of occurrences in the analysis window */
+  frequency: number;
+  /** Most recent occurrence timestamp (epoch ms) */
+  lastSeen: number;
+  /** Representative description from the most recent event */
+  description: string;
+  /** Whether an existing validator already covers this file */
+  alreadyCovered: boolean;
+}
+
+export interface SuggestionOptions {
+  /** Analysis window in days (default: 30) */
+  days?: number;
+  /** Minimum frequency to trigger a suggestion (default: 3) */
+  minFrequency?: number;
+  /** Maximum number of suggestions to return (default: 10) */
+  limit?: number;
+}
+
+// ── Core query ──────────────────────────────────────────────────────────────
+
+/**
+ * Aggregate mistake_history and produce ranked suggestions.
+ */
+export function suggestRules(db: Database, opts: SuggestionOptions = {}): RuleSuggestion[] {
+  const days = opts.days ?? 30;
+  const minFreq = opts.minFrequency ?? 3;
+  const limit = opts.limit ?? 10;
+
+  const cutoffMs = Date.now() - days * 86_400_000;
+
+  // Single query: group by (file_path, mistake_type), count, get latest
+  const rows = db.prepare(`
+    SELECT
+      file_path,
+      mistake_type,
+      COUNT(*) AS frequency,
+      MAX(timestamp) AS last_seen,
+      -- Get the description from the most recent entry
+      (SELECT description FROM mistake_history m2
+       WHERE m2.file_path = m1.file_path AND m2.mistake_type = m1.mistake_type
+       ORDER BY m2.timestamp DESC LIMIT 1) AS description
+    FROM mistake_history m1
+    WHERE timestamp >= ?
+    GROUP BY file_path, mistake_type
+    HAVING COUNT(*) >= ?
+    ORDER BY frequency DESC, last_seen DESC
+    LIMIT ?
+  `).all(cutoffMs, minFreq, limit) as {
+    file_path: string;
+    mistake_type: string;
+    frequency: number;
+    last_seen: number;
+    description: string;
+  }[];
+
+  const coveredFiles = getExistingValidatorTargets();
+
+  return rows.map(row => ({
+    filePath: row.file_path,
+    mistakeType: row.mistake_type,
+    frequency: row.frequency,
+    lastSeen: row.last_seen,
+    description: row.description,
+    alreadyCovered: coveredFiles.has(row.file_path),
+  }));
+}
+
+// ── Validator coverage detection ────────────────────────────────────────────
+
+/**
+ * Scan existing `.afd/validators/*.js` files and extract the file targets
+ * they protect (by parsing the `endsWith("...")` pattern in the source).
+ */
+function getExistingValidatorTargets(): Set<string> {
+  const targets = new Set<string>();
+  const dir = VALIDATORS_DIR;
+  if (!existsSync(dir)) return targets;
+
+  let files: string[];
+  try { files = readdirSync(dir).filter(f => f.endsWith(".js")); } catch { return targets; }
+
+  for (const file of files) {
+    try {
+      const code = readFileSync(join(dir, file), "utf-8");
+      // Extract endsWith("...") targets from generated validators
+      const matches = code.matchAll(/endsWith\(["']([^"']+)["']\)/g);
+      for (const m of matches) {
+        targets.add(m[1]);
+      }
+    } catch {
+      // skip unreadable files
+    }
+  }
+  return targets;
+}
+
+/**
+ * Check if a specific file path is already covered by a validator.
+ */
+export function isFileCovered(filePath: string, coveredTargets?: Set<string>): boolean {
+  const targets = coveredTargets ?? getExistingValidatorTargets();
+  for (const target of targets) {
+    if (filePath.endsWith(target)) return true;
+  }
+  return false;
+}