avorelo 0.1.0 → 0.2.0

package/scripts/lib/launch-hardening-gate.js

@@ -1,436 +0,0 @@
-"use strict";
-
-// ── Launch Hardening Gate ─────────────────────────────────────────────────────
-//
-// Contract: avorelo.launchHardeningGate.v1
-//
-// Evaluates all critical alpha-launch surfaces and produces a pass/warn/fail
-// gate with compact summary and safe next action. No raw logs or secrets.
-
-const fs = require("fs");
-const path = require("path");
-const { nowIso } = require("./fsx");
-
-const CONTRACT = "avorelo.launchHardeningGate.v1";
-const SCHEMA_VERSION = 1;
-
-const GATE_DIR_REL = ".claude/cco/orchestration/launch-hardening";
-const LATEST_GATE_REL = `${GATE_DIR_REL}/latest-gate.json`;
-
-// ── Helpers ───────────────────────────────────────────────────────────────────
-
-function safeReadJson(absPath) {
-  try {
-    if (!fs.existsSync(absPath)) return null;
-    return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^/, ""));
-  } catch {
-    return null;
-  }
-}
-
-function checkPass(id, summary, nextAction) {
-  return { id, status: "pass", summary, nextAction: nextAction || null };
-}
-
-function checkWarn(id, summary, nextAction) {
-  return { id, status: "warn", summary, nextAction: nextAction || null };
-}
-
-function checkFail(id, summary, nextAction) {
-  return { id, status: "fail", summary, nextAction: nextAction || null };
-}
-
-function checkSkip(id, summary) {
-  return { id, status: "skip", summary, nextAction: null };
-}
-
-function tryRequire(modulePath) {
-  try {
-    return { mod: require(modulePath), err: null };
-  } catch (e) {
-    return { mod: null, err: e };
-  }
-}
-
-// ── Individual checks ─────────────────────────────────────────────────────────
-
-function checkActivationAvailable(cwd) {
-  const id = "activation_available";
-  const { mod, err } = tryRequire("./alpha-activation");
-  if (err || !mod) {
-    return checkFail(id, "alpha-activation module not loadable.", "Implement scripts/lib/alpha-activation.js.");
-  }
-  if (typeof mod.buildActivationSurface !== "function" && typeof mod.runAlphaActivation !== "function") {
-    return checkWarn(id, "alpha-activation loaded but missing expected exports.", "Check alpha-activation.js exports.");
-  }
-  return checkPass(id, "Alpha activation module loadable.");
-}
-
-function checkAlphaReadinessPassOrClearRecovery(cwd) {
-  const id = "alpha_readiness_pass_or_clear_recovery";
-  const rel = ".claude/cco/orchestration/alpha-readiness/latest-gate.json";
-  const absPath = path.join(cwd, rel);
-  if (!fs.existsSync(absPath)) {
-    return checkSkip(id, "Alpha readiness gate not yet run. Run `avorelo outcome` first.");
-  }
-  const gate = safeReadJson(absPath);
-  if (!gate) {
-    return checkWarn(id, "Alpha readiness gate artifact exists but cannot be parsed.", "Run `avorelo outcome` to regenerate.");
-  }
-  if (gate.status === "fail") {
-    return checkWarn(id, `Alpha readiness gate status: fail (score: ${gate.score ?? "N/A"}).`, "Run `avorelo outcome` to see failures. Fix blocking items before launch.");
-  }
-  return checkPass(id, `Alpha readiness gate: ${gate.status} (score: ${gate.score ?? "N/A"}).`);
-}
-
-function checkSafeRunAvailable(cwd) {
-  const id = "safe_run_available";
-  const rel = ".claude/cco/orchestration/safe-run/latest-run.json";
-  const absPath = path.join(cwd, rel);
-  if (!fs.existsSync(absPath)) {
-    return checkWarn(id, "No safe-run receipt found.", "Run `avorelo run` on a task to generate a safe-run receipt.");
-  }
-  const run = safeReadJson(absPath);
-  if (!run) return checkWarn(id, "Safe-run receipt exists but cannot be parsed.", "Run `avorelo run` to regenerate.");
-  return checkPass(id, `Safe-run receipt available (status: ${run.status || "unknown"}).`);
-}
-
-function checkHookDoctorPassOrClearRecovery(cwd) {
-  const id = "hook_doctor_pass_or_clear_recovery";
-  const rel = ".claude/cco/orchestration/hook-apply/latest-doctor.json";
-  const absPath = path.join(cwd, rel);
-  if (!fs.existsSync(absPath)) {
-    return checkSkip(id, "Hook doctor not yet run. Run `avorelo hooks doctor` first.");
-  }
-  const doctor = safeReadJson(absPath);
-  if (!doctor) return checkWarn(id, "Hook doctor artifact exists but cannot be parsed.", "Run `avorelo hooks doctor` to regenerate.");
-  if (doctor.status === "fail" || doctor.status === "error") {
-    return checkWarn(id, `Hook doctor: ${doctor.status}.`, "Run `avorelo hooks doctor` to see failing checks. Fix or rollback before launch.");
-  }
-  return checkPass(id, `Hook doctor: ${doctor.status || "pass"}.`);
-}
-
-function checkTokenContextQualityPassOrClearRecovery(cwd) {
-  const id = "token_context_quality_pass_or_clear_recovery";
-  const rel = ".claude/cco/orchestration/token-efficiency/latest-quality-gate.json";
-  const absPath = path.join(cwd, rel);
-  if (!fs.existsSync(absPath)) {
-    return checkSkip(id, "Token context quality gate not yet run. Run `avorelo token-efficiency` first.");
-  }
-  const gate = safeReadJson(absPath);
-  if (!gate) return checkWarn(id, "Token quality gate artifact exists but cannot be parsed.", "Run `avorelo token-efficiency` to regenerate.");
-  if (gate.status === "fail") {
-    return checkWarn(id, `Token context quality gate: fail (score: ${gate.score ?? "N/A"}).`, "Run `avorelo token-efficiency` to see failures. Reduce context before launch.");
-  }
-  return checkPass(id, `Token context quality gate: ${gate.status} (score: ${gate.score ?? "N/A"}).`);
-}
-
-function checkSupportBundleRedacted(cwd) {
-  const id = "support_bundle_redacted";
-  const rel = ".claude/cco/support/latest-support-bundle.json";
-  const absPath = path.join(cwd, rel);
-  if (!fs.existsSync(absPath)) {
-    return checkSkip(id, "No support bundle found. Run `avorelo support-bundle` first.");
-  }
-  const bundle = safeReadJson(absPath);
-  if (!bundle) return checkWarn(id, "Support bundle exists but cannot be parsed.", "Run `avorelo support-bundle` to regenerate.");
-  if (!bundle.redacted) {
-    return checkFail(id, "Support bundle is missing redacted:true flag.", "Fix support-bundle.js to set redacted:true.");
-  }
-  return checkPass(id, "Support bundle present and redacted.");
-}
-
-function checkProofAvailableOrClearRecovery(cwd) {
-  const id = "proof_available_or_clear_recovery";
-  const proofDir = path.join(cwd, ".claude", "cco", "orchestration", "proof");
-  const altPath = path.join(cwd, ".claude", "cco", "orchestration", "seamless-outcome", "latest-reality-gate.json");
-  const proofExists = fs.existsSync(proofDir) || fs.existsSync(altPath);
-  if (!proofExists) {
-    return checkWarn(id, "No proof artifacts found.", "Run `avorelo outcome` to generate proof.");
-  }
-  return checkPass(id, "Proof artifacts present.");
-}
-
-function checkLedgerAvailable(cwd) {
-  const id = "ledger_available";
-  const { mod, err } = tryRequire("./work-ledger");
-  if (err || !mod) {
-    return checkFail(id, "work-ledger module not loadable.", "Check scripts/lib/work-ledger.js.");
-  }
-  if (typeof mod.buildWorkLedger !== "function" && typeof mod.ENTRY_TYPES === "undefined") {
-    return checkWarn(id, "work-ledger loaded but missing expected exports.", "Check work-ledger.js exports.");
-  }
-  return checkPass(id, "Work ledger module loadable.");
-}
-
-function checkCompanyLoopAvailable(cwd) {
-  const id = "company_loop_available";
-  const { mod, err } = tryRequire("./company-loop");
-  if (err || !mod) {
-    return checkFail(id, "company-loop module not loadable.", "Check scripts/lib/company-loop.js.");
-  }
-  return checkPass(id, "Company loop module loadable.");
-}
-
-function checkRollbackUninstallAvailable(cwd) {
-  const id = "rollback_uninstall_available";
-  const { mod, err } = tryRequire("./hook-apply");
-  if (err || !mod) {
-    return checkFail(id, "hook-apply module not loadable.", "Check scripts/lib/hook-apply.js.");
-  }
-  if (typeof mod.rollbackHookApply !== "function") {
-    return checkWarn(id, "hook-apply loaded but missing rollbackHookApply export.", "Add rollbackHookApply to hook-apply.js.");
-  }
-  return checkPass(id, "Hook rollback/uninstall available.");
-}
-
-function checkArtifactHealthAvailable(cwd) {
-  const id = "artifact_health_available";
-  const healthPath = path.join(path.dirname(__filename), "artifact-health.js");
-  if (!fs.existsSync(healthPath)) {
-    return checkFail(id, "artifact-health.js not found in scripts/lib/.", "Create scripts/lib/artifact-health.js.");
-  }
-  return checkPass(id, "artifact-health.js present in scripts/lib/.");
-}
-
-function checkArtifactCleanupDryRunAvailable(cwd) {
-  const id = "artifact_cleanup_dry_run_available";
-  const { mod, err } = tryRequire("./artifact-health");
-  if (err || !mod) {
-    return checkFail(id, "artifact-health.js not loadable.", "Fix scripts/lib/artifact-health.js.");
-  }
-  if (typeof mod.applyArtifactCleanup !== "function") {
-    return checkFail(id, "artifact-health.js missing applyArtifactCleanup export.", "Export applyArtifactCleanup from artifact-health.js.");
-  }
-  return checkPass(id, "Artifact cleanup dry-run available.");
-}
-
-function checkJsonOutputParseable(cwd) {
-  const id = "json_output_parseable";
-  // Structural: JSON.stringify/parse round-trip for a sample object
-  try {
-    const sample = { contract: CONTRACT, status: "pass", redacted: true };
-    const parsed = JSON.parse(JSON.stringify(sample));
-    if (parsed.contract !== CONTRACT) throw new Error("round-trip mismatch");
-    return checkPass(id, "JSON output round-trip parseable.");
-  } catch (e) {
-    return checkFail(id, `JSON round-trip failed: ${e.message}`, "Fix JSON serialization in output layer.");
-  }
-}
-
-function checkDefaultOutputCompact(cwd) {
-  const id = "default_output_compact";
-  // Structural check — always pass (compact output policy)
-  return checkPass(id, "Default output format is compact (policy enforced).");
-}
-
-function checkNonInteractiveCiModeAvailable(cwd) {
-  const id = "non_interactive_ci_mode_available";
-  const cliPath = path.join(path.dirname(__filename), "public-cli.js");
-  if (!fs.existsSync(cliPath)) {
-    return checkWarn(id, "public-cli.js not found.", "Check scripts/lib/public-cli.js.");
-  }
-  try {
-    const content = fs.readFileSync(cliPath, "utf8");
-    if (!content.includes("--json")) {
-      return checkFail(id, "public-cli.js does not reference --json flag.", "Add --json support to public-cli.js for CI mode.");
-    }
-    return checkPass(id, "--json flag handling present in public-cli.js.");
-  } catch {
-    return checkWarn(id, "Could not read public-cli.js.", "Check scripts/lib/public-cli.js.");
-  }
-}
-
-function checkCrossPlatformPathSanityPresent(cwd) {
-  const id = "cross_platform_path_sanity_present";
-  const keyModules = ["fsx.js", "public-cli.js", "work-ledger.js"];
-  const missing = [];
-  for (const mod of keyModules) {
-    const absPath = path.join(path.dirname(__filename), mod);
-    if (!fs.existsSync(absPath)) {
-      missing.push(mod);
-      continue;
-    }
-    try {
-      const content = fs.readFileSync(absPath, "utf8");
-      if (!content.includes("path.join")) {
-        missing.push(`${mod} (no path.join)`);
-      }
-    } catch {
-      missing.push(`${mod} (read error)`);
-    }
-  }
-  if (missing.length > 0) {
-    return checkWarn(id, `path.join usage missing in: ${missing.join(", ")}.`, "Use path.join() for all path construction in these modules.");
-  }
-  return checkPass(id, "path.join() usage present in key modules.");
-}
-
-function checkNoLaunchReadyClaimBeforeLaunchCandidate(cwd) {
-  const id = "no_launch_ready_claim_before_launch_candidate";
-  const checkPaths = [
-    ".claude/cco/orchestration/launch-hardening/latest-gate.json",
-    ".claude/cco/orchestration/alpha-readiness/latest-gate.json",
-    ".claude/cco/support/latest-support-bundle.json",
-  ];
-  const overclaims = [];
-  for (const rel of checkPaths) {
-    const absPath = path.join(cwd, rel);
-    if (!fs.existsSync(absPath)) continue;
-    try {
-      const raw = fs.readFileSync(absPath, "utf8");
-      if (/launch.ready/i.test(raw) && !/not.launch.ready|not.yet.launch.ready|not.claim.launch.ready/i.test(raw)) {
-        overclaims.push(rel);
-      }
-    } catch {}
-  }
-  if (overclaims.length > 0) {
-    return checkWarn(id, `Possible launch-ready claim found in artifacts: ${overclaims.join(", ")}.`, "Do not claim launch-ready before launch candidate checklist passes.");
-  }
-  return checkPass(id, "No premature launch-ready claim found in artifacts.");
-}
-
-// ── buildLaunchHardeningChecks ────────────────────────────────────────────────
-
-function buildLaunchHardeningChecks(cwd, options = {}) {
-  return [
-    checkActivationAvailable(cwd),
-    checkAlphaReadinessPassOrClearRecovery(cwd),
-    checkSafeRunAvailable(cwd),
-    checkHookDoctorPassOrClearRecovery(cwd),
-    checkTokenContextQualityPassOrClearRecovery(cwd),
-    checkSupportBundleRedacted(cwd),
-    checkProofAvailableOrClearRecovery(cwd),
-    checkLedgerAvailable(cwd),
-    checkCompanyLoopAvailable(cwd),
-    checkRollbackUninstallAvailable(cwd),
-    checkArtifactHealthAvailable(cwd),
-    checkArtifactCleanupDryRunAvailable(cwd),
-    checkJsonOutputParseable(cwd),
-    checkDefaultOutputCompact(cwd),
-    checkNonInteractiveCiModeAvailable(cwd),
-    checkCrossPlatformPathSanityPresent(cwd),
-    checkNoLaunchReadyClaimBeforeLaunchCandidate(cwd),
-  ];
-}
-
-// ── runLaunchHardeningGate ────────────────────────────────────────────────────
-
-function runLaunchHardeningGate(cwd, options = {}) {
-  const checks = buildLaunchHardeningChecks(cwd, options);
-
-  const passCount = checks.filter((c) => c.status === "pass").length;
-  const warnCount = checks.filter((c) => c.status === "warn").length;
-  const failCount = checks.filter((c) => c.status === "fail").length;
-  const skipCount = checks.filter((c) => c.status === "skip").length;
-  const scored = checks.filter((c) => c.status !== "skip");
-  const score = scored.length > 0 ? Math.round((passCount / scored.length) * 100) : 100;
-
-  let status;
-  if (failCount > 0) status = "fail";
-  else if (warnCount > 0) status = "warn";
-  else status = "pass";
-
-  const firstFail = checks.find((c) => c.status === "fail");
-  const firstWarn = checks.find((c) => c.status === "warn");
-  const nextAction = (firstFail || firstWarn)?.nextAction
-    || "All launch hardening checks pass. Review alpha readiness checklist before launch.";
-
-  const failureRecoveryRefs = checks
-    .filter((c) => c.status === "fail" || c.status === "warn")
-    .map((c) => ({ checkId: c.id, nextAction: c.nextAction }));
-
-  return {
-    contract: CONTRACT,
-    schemaVersion: SCHEMA_VERSION,
-    status,
-    score,
-    checks,
-    failureRecoveryRefs,
-    nextAction,
-    summary: { pass: passCount, warn: warnCount, fail: failCount, skip: skipCount, total: checks.length },
-    createdAt: nowIso(),
-    redacted: true,
-  };
-}
-
-// ── writeLaunchHardeningGate ──────────────────────────────────────────────────
-
-function writeLaunchHardeningGate(cwd, gate) {
-  try {
-    const absPath = path.join(cwd, LATEST_GATE_REL);
-    fs.mkdirSync(path.dirname(absPath), { recursive: true });
-    fs.writeFileSync(absPath, JSON.stringify(gate, null, 2), "utf8");
-  } catch {}
-}
-
-// ── buildLaunchHardeningSurface ───────────────────────────────────────────────
-
-function buildLaunchHardeningSurface(cwd, options = {}) {
-  const absPath = path.join(cwd, LATEST_GATE_REL);
-  const latest = (() => {
-    try {
-      if (!fs.existsSync(absPath)) return null;
-      return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^/, ""));
-    } catch { return null; }
-  })();
-
-  if (!latest) {
-    return {
-      contract: CONTRACT,
-      status: "not_run",
-      score: null,
-      nextAction: "Run `avorelo launch-hardening` to evaluate launch readiness.",
-      latestGatePath: null,
-    };
-  }
-
-  return {
-    contract: CONTRACT,
-    status: latest.status,
-    score: latest.score,
-    warnings: latest.summary?.warn || 0,
-    failures: latest.summary?.fail || 0,
-    nextAction: latest.nextAction,
-    createdAt: latest.createdAt,
-    latestGatePath: LATEST_GATE_REL,
-  };
-}
-
-// ── formatLaunchHardeningText ─────────────────────────────────────────────────
-
-function formatLaunchHardeningText(gate, options = {}) {
-  if (!gate) return "No launch hardening gate data available.";
-  const lines = [];
-  lines.push(`Launch Hardening Gate: ${gate.status?.toUpperCase() || "UNKNOWN"} (score: ${gate.score ?? "N/A"})`);
-  lines.push(`Checks: ${gate.summary?.pass ?? 0} pass, ${gate.summary?.warn ?? 0} warn, ${gate.summary?.fail ?? 0} fail, ${gate.summary?.skip ?? 0} skip`);
-  lines.push("");
-
-  const failing = (gate.checks || []).filter((c) => c.status === "fail");
-  const warning = (gate.checks || []).filter((c) => c.status === "warn");
-
-  if (failing.length > 0) {
-    lines.push("FAIL:");
-    failing.forEach((c) => lines.push(`  !! ${c.id}: ${c.summary}`));
-    lines.push("");
-  }
-  if (warning.length > 0) {
-    lines.push("WARN:");
-    warning.forEach((c) => lines.push(`  -- ${c.id}: ${c.summary}`));
-    lines.push("");
-  }
-
-  lines.push(`Next step: ${gate.nextAction || "Review checks."}`);
-  return lines.join("\n");
-}
-
-module.exports = {
-  CONTRACT,
-  SCHEMA_VERSION,
-  LATEST_GATE_REL,
-  runLaunchHardeningGate,
-  buildLaunchHardeningChecks,
-  writeLaunchHardeningGate,
-  buildLaunchHardeningSurface,
-  formatLaunchHardeningText,
-};