avorelo 0.1.0 → 0.3.0

package/scripts/lib/public-distribution-truth.js

@@ -1,211 +0,0 @@
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const { nowIso } = require("./fsx");
-const { appendProductLearningEvent } = require("./product-learning-events");
-const {
-  readPackageJson,
-  getBinEntries,
-  getPublishConfig,
-  mapDistributionStateToStatus,
-} = require("./package-runtime");
-
-const CONTRACT = "avorelo.publicDistributionTruth.v1";
-const SCHEMA_VERSION = 1;
-const ARTIFACT_DIR_REL = ".claude/cco/orchestration/public-distribution";
-const ARTIFACT_REL = ARTIFACT_DIR_REL + "/latest-truth.json";
-
-function pass(id, label, evidence, detail) {
-  return { id, label, status: "pass", evidence: evidence || null, detail: detail || null, safeNextAction: null };
-}
-
-function warn(id, label, safeNextAction, evidence, detail) {
-  return { id, label, status: "warn", evidence: evidence || null, detail: detail || null, safeNextAction: safeNextAction || "Review warning." };
-}
-
-function blocked(id, label, safeNextAction, evidence, detail) {
-  return { id, label, status: "blocked", evidence: evidence || null, detail: detail || null, safeNextAction: safeNextAction || "Fix blocker." };
-}
-
-function inspectPackageMetadata(cwd) {
-  const pkg = readPackageJson(cwd);
-  const checks = [];
-  if (!pkg) {
-    checks.push(blocked("package_name_present", "package.json must exist", "Create a valid package.json."));
-    return { pkg: null, checks };
-  }
-  checks.push(pkg.name ? pass("package_name_present", "package.json name present", { name: pkg.name }) : blocked("package_name_present", "package.json name missing", "Set package.json name to avorelo."));
-  checks.push(pkg.name === "avorelo"
-    ? pass("package_name_avorelo_or_truthfully_named", "Package name is avorelo", { name: pkg.name })
-    : blocked("package_name_avorelo_or_truthfully_named", "Package name must be avorelo", "Use the public package name avorelo."));
-  checks.push(pkg.version
-    ? pass("package_version_present", "Package version is present", { version: pkg.version })
-    : blocked("package_version_present", "Package version is missing", "Set a package version."));
-  checks.push(typeof pkg.private === "boolean"
-    ? pass("package_private_status_truthful", "package.json private flag is explicit", { private: pkg.private })
-    : blocked("package_private_status_truthful", "package.json private flag must be explicit", "Set private true or false explicitly."));
-  checks.push(/wuz/i.test(JSON.stringify({ name: pkg.name, description: pkg.description, keywords: pkg.keywords || [] }))
-    ? blocked("no_wuz_public_leak", "No internal Wuz naming in public metadata", "Remove Wuz wording from public package metadata.")
-    : pass("no_wuz_public_leak", "No internal Wuz naming in public metadata"));
-  checks.push(pass("support_metadata_truthful", "Support metadata is present", { homepage: pkg.homepage || null, bugs: pkg.bugs || null }));
-  return { pkg, checks };
-}
-
-function inspectPackageBin(cwd) {
-  const pkg = readPackageJson(cwd);
-  const checks = [];
-  const binEntries = getBinEntries(pkg);
-  if (binEntries.avorelo === "bin/avorelo") {
-    checks.push(pass("bin_avorelo_present", "bin.avorelo points to bin/avorelo", { bin: binEntries.avorelo }));
-  } else {
-    checks.push(blocked("bin_avorelo_present", "bin.avorelo must point to bin/avorelo", "Set bin.avorelo to bin/avorelo."));
-  }
-  const binPath = path.join(cwd, "bin", "avorelo");
-  if (fs.existsSync(binPath)) {
-    const firstLine = fs.readFileSync(binPath, "utf8").split("\n")[0];
-    checks.push(pass("bin_target_exists", "bin/avorelo exists", { path: "bin/avorelo" }));
-    checks.push(firstLine.includes("#!/usr/bin/env node")
-      ? pass("bin_target_executable_or_node_runnable", "bin/avorelo is node-runnable", { shebang: firstLine })
-      : warn("bin_target_executable_or_node_runnable", "bin/avorelo is missing a node shebang", "Add #!/usr/bin/env node to bin/avorelo."));
-  } else {
-    checks.push(blocked("bin_target_exists", "bin/avorelo is missing", "Add bin/avorelo to the package."));
-    checks.push(blocked("bin_target_executable_or_node_runnable", "bin/avorelo is not checkable", "Create bin/avorelo first."));
-  }
-  return { pkg, checks };
-}
-
-function inspectPackageFilesPolicy(cwd) {
-  const pkg = readPackageJson(cwd);
-  const checks = [];
-  if (pkg && Array.isArray(pkg.files) && pkg.files.length > 0) {
-    checks.push(pass("files_allowlist_present_or_safe", "package.json files allowlist is present", { files: pkg.files }));
-    return { pkg, filesPolicyStatus: "files_field", checks };
-  }
-  if (fs.existsSync(path.join(cwd, ".npmignore"))) {
-    checks.push(warn("files_allowlist_present_or_safe", ".npmignore is present without package.json files allowlist", "Prefer package.json files for a tighter publish surface."));
-    return { pkg, filesPolicyStatus: "npmignore", checks };
-  }
-  checks.push(blocked("files_allowlist_present_or_safe", "Package include/exclude control is missing", "Add a package.json files allowlist."));
-  return { pkg, filesPolicyStatus: "none", checks };
-}
-
-function inspectPublicInstallClaims(cwd) {
-  const pkg = readPackageJson(cwd);
-  const checks = [];
-  if (pkg && pkg.private === false) {
-    checks.push(pass("public_install_claims_truthful", "Public package claims can be evaluated", { private: false }));
-    checks.push(pass("install_ai_command_truthful", "Public command claims must still remain caveated until publish verification"));
-  } else {
-    checks.push(pass("public_install_claims_truthful", "Private package keeps public claims caveated", { private: true }));
-    checks.push(pass("install_ai_command_truthful", "Install guidance remains local-only until package is public-ready"));
-  }
-  return { pkg, checks };
-}
-
-function buildPublicDistributionTruth(cwd) {
-  const metaResult = inspectPackageMetadata(cwd);
-  const binResult = inspectPackageBin(cwd);
-  const filesResult = inspectPackageFilesPolicy(cwd);
-  const installResult = inspectPublicInstallClaims(cwd);
-  const pkg = metaResult.pkg || binResult.pkg || filesResult.pkg || installResult.pkg;
-  const publishConfig = getPublishConfig(pkg) || {};
-  const checks = [...metaResult.checks, ...binResult.checks, ...filesResult.checks, ...installResult.checks];
-  const blockers = checks.filter((check) => check.status === "blocked").map((check) => check.id);
-  const warnings = checks.filter((check) => check.status === "warn").map((check) => check.id);
-
-  let distributionState = "publish_blocked";
-  if (blockers.length === 0) {
-    distributionState = pkg && pkg.private === false ? "ready_to_publish" : "private_local_only";
-  }
-
-  const truth = {
-    contract: CONTRACT,
-    schemaVersion: SCHEMA_VERSION,
-    generatedAt: nowIso(),
-    status: distributionState === "publish_blocked" ? "blocked" : (warnings.length > 0 ? "warn" : "pass"),
-    distributionState,
-    packageName: pkg ? pkg.name : null,
-    version: pkg ? pkg.version : null,
-    privateStatus: pkg ? !!pkg.private : null,
-    private: pkg ? pkg.private : null,
-    publishConfig,
-    binEntries: getBinEntries(pkg),
-    filesPolicyStatus: filesResult.filesPolicyStatus,
-    publicInstallStatus: distributionState,
-    installAiStatus: distributionState === "published_verified" ? "live" : "caveated",
-    supportStatus: "present",
-    domainStatus: pkg && pkg.homepage ? "present" : "pending",
-    checks,
-    blockers,
-    warnings,
-    safeNextAction: distributionState === "publish_blocked"
-      ? "Fix package metadata, bin, or files policy before publish."
-      : distributionState === "ready_to_publish"
-        ? "Run package-audit, package-smoke, install-claims, and publish-readiness to verify the public package path."
-        : "Package is still private-only. Keep public install claims caveated.",
-    noPublicLaunchClaim: true,
-    redacted: true,
-  };
-
-  return truth;
-}
-
-function writePublicDistributionTruth(cwd, truth) {
-  const dir = path.join(cwd, ARTIFACT_DIR_REL);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(path.join(cwd, ARTIFACT_REL), JSON.stringify(truth, null, 2));
-}
-
-function buildPublicDistributionSurface(cwd) {
-  const truth = buildPublicDistributionTruth(cwd);
-  writePublicDistributionTruth(cwd, truth);
-  try {
-    appendProductLearningEvent(cwd, {
-      event: "public_distribution_truth_built",
-      contract: CONTRACT,
-      distributionState: truth.distributionState,
-      blockerCount: truth.blockers.length,
-      warningCount: truth.warnings.length,
-    });
-  } catch {}
-
-  return {
-    status: truth.status,
-    distributionState: truth.distributionState,
-    packageName: truth.packageName,
-    version: truth.version,
-    privateStatus: truth.privateStatus,
-    binStatus: truth.binEntries.avorelo ? "present" : "missing",
-    filesPolicyStatus: truth.filesPolicyStatus,
-    publicInstallStatus: truth.publicInstallStatus,
-    blockerCount: truth.blockers.length,
-    warningCount: truth.warnings.length,
-    safeNextAction: truth.safeNextAction,
-    noPublicLaunchClaim: true,
-  };
-}
-
-function formatPublicDistributionText(truth) {
-  return [
-    "Public Distribution Truth [" + String(truth.status || "unknown").toUpperCase() + "]",
-    "  Package: " + (truth.packageName || "?") + "@" + (truth.version || "?"),
-    "  Distribution state: " + truth.distributionState,
-    "  Private: " + truth.privateStatus,
-    "  Files policy: " + truth.filesPolicyStatus,
-    "  Blockers: " + truth.blockers.length,
-    "  Warnings: " + truth.warnings.length,
-    "  Next: " + truth.safeNextAction,
-  ].join("\n");
-}
-
-module.exports = {
-  buildPublicDistributionTruth,
-  inspectPackageMetadata,
-  inspectPackageBin,
-  inspectPackageFilesPolicy,
-  inspectPublicInstallClaims,
-  writePublicDistributionTruth,
-  buildPublicDistributionSurface,
-  formatPublicDistributionText,
-};

package/scripts/lib/public-install-claim-checker.js

@@ -1,294 +0,0 @@
-"use strict";
-
-const fs = require("fs");
-const path = require("path");
-const { nowIso } = require("./fsx");
-const { appendProductLearningEvent } = require("./product-learning-events");
-const { readPackageJson } = require("./package-runtime");
-
-const CONTRACT = "avorelo.publicInstallClaimCheck.v1";
-const SCHEMA_VERSION = 1;
-const ARTIFACT_DIR_REL = ".claude/cco/orchestration/public-distribution";
-const ARTIFACT_REL = ARTIFACT_DIR_REL + "/latest-install-claim-check.json";
-const MAX_FILES = 500;
-const MAX_CHARS_PER_FILE = 8000;
-
-const STRONG_PUBLIC_CLAIMS = [
-  /npx avorelo@latest/i,
-  /npm install -g avorelo/i,
-  /npm exec avorelo/i,
-];
-
-const BLOCK_ALWAYS_PATTERNS = [
-  { pattern: /works everywhere|works on every machine/i, reason: "works-everywhere claim is not allowed" },
-  { pattern: /guaranteed/i, reason: "guaranteed outcome claim is not allowed" },
-  { pattern: /official partnership/i, reason: "unsupported partnership claim is not allowed" },
-];
-
-const CAVEAT_CONTEXT_PATTERNS = [
-  /pending npm publication/i,
-  /publish verification/i,
-  /publication is still required/i,
-  /target public install/i,
-  /ready_to_publish/i,
-  /ready to publish/i,
-  /not yet verified live/i,
-  /once npm publication is verified/i,
-  /until publication is confirmed/i,
-  /distribution status/i,
-];
-
-const FILE_LEVEL_CAVEAT_PATTERNS = [
-  /distribution status/i,
-  /not yet publicly available/i,
-  /ready to publish/i,
-  /ready_to_publish/i,
-  /publish verification/i,
-  /pending npm publication/i,
-  /not yet verified live/i,
-  /dogfood/i,
-  /demo script/i,
-  /planning/i,
-];
-
-function safeReadJson(absPath) {
-  try {
-    if (!fs.existsSync(absPath)) return null;
-    return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^\uFEFF/, ""));
-  } catch {
-    return null;
-  }
-}
-
-function safeReadText(absPath, maxChars) {
-  try {
-    if (!fs.existsSync(absPath)) return null;
-    const file = fs.readFileSync(absPath, "utf8");
-    return file.slice(0, maxChars || MAX_CHARS_PER_FILE);
-  } catch {
-    return null;
-  }
-}
-
-function collectFiles(dir, matcher, collected = []) {
-  if (!fs.existsSync(dir) || collected.length >= MAX_FILES) return collected;
-  const entries = fs.readdirSync(dir, { withFileTypes: true });
-  for (const entry of entries) {
-    if (collected.length >= MAX_FILES) break;
-    const full = path.join(dir, entry.name);
-    if (entry.isDirectory()) {
-      if (/node_modules|\.git|\.wasp|dist|artifacts|\.tmp/i.test(entry.name)) continue;
-      collectFiles(full, matcher, collected);
-    } else if (entry.isFile() && matcher(entry.name)) {
-      collected.push(full);
-    }
-  }
-  return collected;
-}
-
-function detectDistributionState(cwd, options = {}) {
-  if (options.distributionState) return options.distributionState;
-  const truthArtifact = safeReadJson(path.join(cwd, ARTIFACT_DIR_REL, "latest-truth.json"));
-  if (truthArtifact && truthArtifact.distributionState) return truthArtifact.distributionState;
-  const pkg = readPackageJson(cwd);
-  if (pkg && typeof pkg.avoreloDistributionState === "string") return pkg.avoreloDistributionState;
-  return pkg && pkg.private === false ? "ready_to_publish" : "private_local_only";
-}
-
-function hasCaveatContext(contextLines) {
-  const combined = (contextLines || []).join(" ");
-  return CAVEAT_CONTEXT_PATTERNS.some((pattern) => pattern.test(combined));
-}
-
-function hasFileLevelCaveat(lines, relPath) {
-  if (/dogfood|demo|decision|deployment|contract|audit|roadmap|feedback/i.test(relPath || "")) return true;
-  const combined = lines.slice(0, 30).join(" ");
-  return FILE_LEVEL_CAVEAT_PATTERNS.some((pattern) => pattern.test(combined));
-}
-
-function classifyInstallClaim(claim, distributionState) {
-  const text = claim.text || "";
-  const effectiveState = distributionState || "private_local_only";
-  const isNegatedPolicyText = /\b(no|not|never|without|unsupported)\b/i.test(text);
-  const isPrimaryPublicSurface = /README\.md$|docs\/INSTALL\.md$|docs\/ACTIVATION\.md$|docs\/WEBSITE-ACTIVATION-COPY\.md$|apps\/public-web\/src\/index\.html$/i.test(claim.file || "");
-
-  for (const { pattern, reason } of BLOCK_ALWAYS_PATTERNS) {
-    if (pattern.test(text)) {
-      if (!isPrimaryPublicSurface) {
-        return { ...claim, decision: "allowed", reason: "internal or non-primary doc reference" };
-      }
-      if (isNegatedPolicyText || claim.fileCaveated) {
-        return { ...claim, decision: "allowed", reason: "policy or caveat text, not a positive claim" };
-      }
-      return { ...claim, decision: "blocked", reason };
-    }
-  }
-
-  const isStrongPublicClaim = STRONG_PUBLIC_CLAIMS.some((pattern) => pattern.test(text));
-  if (isStrongPublicClaim) {
-    if (effectiveState === "published_verified") {
-      return { ...claim, decision: "allowed", reason: "published_verified allows live public install commands" };
-    }
-    if (claim.fileCaveated || hasCaveatContext(claim.contextLines)) {
-      return { ...claim, decision: "caveated", reason: "public install claim is present but explicitly caveated" };
-    }
-    return {
-      ...claim,
-      decision: "blocked",
-      reason: "uncaveated public install claim is stronger than current distribution state (" + effectiveState + ")",
-    };
-  }
-
-  if (/local.*install|node bin\/avorelo|npm run avorelo:activate/i.test(text)) {
-    return { ...claim, decision: "allowed", reason: "repo-local install path is allowed" };
-  }
-
-  return { ...claim, decision: "allowed", reason: "no blocked claim pattern matched" };
-}
-
-function scanTextForClaims(text, relPath, distributionState, metadataOnly) {
-  if (!text) return [];
-  const lines = text.split("\n");
-  const claims = [];
-  const fileCaveated = !metadataOnly && hasFileLevelCaveat(lines, relPath);
-
-  for (let index = 0; index < lines.length; index += 1) {
-    const line = lines[index];
-    const textLooksRelevant =
-      /avorelo@latest|npm install -g avorelo|npm exec avorelo|works everywhere|works on every machine|guaranteed|official partnership/i.test(line);
-    if (!textLooksRelevant) continue;
-
-    const contextStart = Math.max(0, index - 12);
-    const contextEnd = Math.min(lines.length - 1, index + 12);
-    const rawClaim = {
-      file: relPath,
-      line: index + 1,
-      text: line.trim().slice(0, 140),
-      metadataOnly: !!metadataOnly,
-      fileCaveated,
-      contextLines: metadataOnly ? [] : lines.slice(contextStart, contextEnd + 1).map((entry) => entry.trim()),
-    };
-    const classified = classifyInstallClaim(rawClaim, distributionState);
-    const outputClaim = { ...classified };
-    delete outputClaim.contextLines;
-    claims.push(outputClaim);
-  }
-
-  return claims;
-}
-
-function scanInstallClaims(cwd, options = {}) {
-  const distributionState = detectDistributionState(cwd, options);
-  const claims = [];
-  let filesScanned = 0;
-
-  const docsFiles = collectFiles(path.join(cwd, "docs"), (name) => name.endsWith(".md"));
-  const webFiles = collectFiles(path.join(cwd, "apps", "public-web", "src"), (name) => name.endsWith(".html"));
-
-  for (const absPath of [...docsFiles, ...webFiles]) {
-    const text = safeReadText(absPath, MAX_CHARS_PER_FILE);
-    const relPath = path.relative(cwd, absPath).replace(/\\/g, "/");
-    claims.push(...scanTextForClaims(text, relPath, distributionState, false));
-    filesScanned += 1;
-  }
-
-  const readmePath = path.join(cwd, "README.md");
-  if (fs.existsSync(readmePath)) {
-    claims.push(...scanTextForClaims(safeReadText(readmePath, MAX_CHARS_PER_FILE), "README.md", distributionState, false));
-    filesScanned += 1;
-  }
-
-  const pkg = readPackageJson(cwd);
-  if (pkg) {
-    const metadataText = [pkg.name || "", pkg.description || "", (pkg.keywords || []).join(" ")].join(" ");
-    claims.push(...scanTextForClaims(metadataText, "package.json#metadata", distributionState, true));
-    filesScanned += 1;
-  }
-
-  return {
-    claims,
-    filesScanned,
-    distributionState,
-  };
-}
-
-function validateInstallClaims(cwd, options = {}) {
-  const { claims, filesScanned, distributionState } = scanInstallClaims(cwd, options);
-  const blockedClaims = claims.filter((claim) => claim.decision === "blocked");
-  const caveatedClaims = claims.filter((claim) => claim.decision === "caveated");
-  const allowedClaims = claims.filter((claim) => claim.decision === "allowed");
-  const ok = blockedClaims.length === 0;
-  const status = blockedClaims.length > 0 ? "blocked" : "pass";
-  const safeNextAction = blockedClaims.length > 0
-    ? "Fix blocked public install claims so they match the current distribution state."
-    : caveatedClaims.length > 0
-    ? "Claims are appropriately caveated for " + distributionState + "."
-    : "Install claim check passed. No false public install claims found.";
-
-  const report = {
-    contract: CONTRACT,
-    schemaVersion: SCHEMA_VERSION,
-    generatedAt: nowIso(),
-    status,
-    ok,
-    distributionState,
-    filesScanned,
-    claimsFound: claims.length,
-    blockedCount: blockedClaims.length,
-    caveatedCount: caveatedClaims.length,
-    allowedCount: allowedClaims.length,
-    blockedClaims,
-    caveatedClaims,
-    allowedClaims,
-    safeNextAction,
-    noPublicLaunchClaim: true,
-    redacted: true,
-  };
-
-  try {
-    appendProductLearningEvent(cwd, {
-      event: "public_install_claim_check",
-      contract: CONTRACT,
-      status,
-      distributionState,
-      blockedCount: blockedClaims.length,
-      caveatedCount: caveatedClaims.length,
-    });
-  } catch {}
-
-  return report;
-}
-
-function writePublicInstallClaimCheck(cwd, report) {
-  const dir = path.join(cwd, ARTIFACT_DIR_REL);
-  fs.mkdirSync(dir, { recursive: true });
-  fs.writeFileSync(path.join(cwd, ARTIFACT_REL), JSON.stringify(report, null, 2));
-}
-
-function formatPublicInstallClaimText(report) {
-  const lines = [
-    "Public Install Claim Check [" + String(report.status || "unknown").toUpperCase() + "]",
-    "  Distribution state: " + report.distributionState,
-    "  Files scanned: " + report.filesScanned,
-    "  Claims found: " + report.claimsFound,
-    "  Blocked: " + report.blockedCount,
-    "  Caveated: " + report.caveatedCount,
-    "  Allowed: " + report.allowedCount,
-    "  Next: " + report.safeNextAction,
-  ];
-  if (report.blockedCount > 0) {
-    lines.push("  Blocked claims:");
-    for (const claim of report.blockedClaims.slice(0, 5)) {
-      lines.push("    [" + claim.file + ":" + claim.line + "] " + claim.text);
-    }
-  }
-  return lines.join("\n");
-}
-
-module.exports = {
-  scanInstallClaims,
-  classifyInstallClaim,
-  validateInstallClaims,
-  writePublicInstallClaimCheck,
-  formatPublicInstallClaimText,
-};