avorelo 0.1.0

package/scripts/lib/tokenish.js

@@ -0,0 +1,17 @@
+"use strict";
+
+function summarizeLargeObject(obj) {
+  let s = "";
+  try {
+    s = JSON.stringify(obj);
+  } catch {
+    s = String(obj);
+  }
+  const bytes = Buffer.byteLength(s, "utf8");
+  if (bytes < 20000) return null;
+
+  const preview = s.slice(0, 2000) + "\n... (truncated)\n";
+  return { isLarge: true, bytes, preview };
+}
+
+module.exports = { summarizeLargeObject };

package/scripts/lib/tool-output-sandbox.js

@@ -0,0 +1,304 @@
+"use strict";
+
+// ── Tool Output Sandbox ───────────────────────────────────────────────────────
+//
+// Summarizes raw tool output before it enters context/proof/ledger.
+// Raw output is stored as artifacts; compact summaries enter context.
+//
+// Contracts:
+//   avorelo.toolOutputSandbox.v1
+//   avorelo.toolOutputBudget.v1
+//
+// Non-goals: executing commands, replacing proof, hiding failures.
+// Rules:
+//   - failure-first summarization
+//   - preserve failing test names + first relevant errors
+//   - strip ANSI codes
+//   - redact secrets/env-like values
+//   - max summary size enforced
+//   - debug references artifact path, not raw dump
+
+const fs = require("node:fs");
+const path = require("node:path");
+const { nowIso } = require("./fsx");
+const { appendProductLearningEvent } = require("./product-learning-events");
+
+const CONTRACT = "avorelo.toolOutputSandbox.v1";
+const BUDGET_CONTRACT = "avorelo.toolOutputBudget.v1";
+const SCHEMA_VERSION = 1;
+
+const TOOL_OUTPUT_DIR_REL = ".claude/cco/orchestration/tool-output";
+const LATEST_SUMMARY_REL = `${TOOL_OUTPUT_DIR_REL}/latest-summary.json`;
+
+const MAX_SUMMARY_CHARS = 4000;
+const MAX_ARTIFACT_BYTES = 10 * 1024 * 1024; // 10 MB cap on artifact write
+const MAX_LINES_CAPTURED = 50; // max lines in summary
+
+// ── ANSI / secret stripping ───────────────────────────────────────────────────
+
+const ANSI_RE = /\x1b\[[0-9;]*[a-zA-Z]/g;
+
+function stripAnsi(text) {
+  return text.replace(ANSI_RE, "");
+}
+
+// Redact patterns: env vars, tokens, passwords, keys in output text
+const SECRET_PATTERNS = [
+  /\b(password|passwd|secret|token|api[_-]?key|auth[_-]?key|private[_-]?key|access[_-]?token)\s*[:=]\s*\S+/gi,
+  /\b[A-Z0-9]{32,}\b/g,         // long uppercase hex strings (tokens)
+  /ghp_[A-Za-z0-9]{36,}/g,       // GitHub PATs
+  /sk-[A-Za-z0-9]{32,}/g,        // OpenAI/Anthropic keys
+  /-----BEGIN [A-Z ]+KEY-----/g,  // PEM blocks
+];
+
+function redactSecrets(text) {
+  let out = text;
+  for (const re of SECRET_PATTERNS) {
+    out = out.replace(re, "[REDACTED]");
+  }
+  return out;
+}
+
+function sanitize(text) {
+  return redactSecrets(stripAnsi(String(text || "")));
+}
+
+// ── Output kind classification ────────────────────────────────────────────────
+
+const SUPPORTED_KINDS = ["test", "build", "lint", "git_diff", "git_status", "rg_search", "log", "json", "generic"];
+
+function classifyToolOutput(kind, output, options = {}) {
+  const k = kind && SUPPORTED_KINDS.includes(kind) ? kind : "generic";
+  const raw = sanitize(output);
+  const lineCount = raw.split("\n").length;
+  const charCount = raw.length;
+  return { kind: k, lineCount, charCount, oversized: charCount > MAX_SUMMARY_CHARS * 5 };
+}
+
+// ── Kind-specific summarizers ─────────────────────────────────────────────────
+
+function summarizeTest(raw) {
+  const lines = raw.split("\n");
+  const failures = lines.filter((l) => /\b(FAIL|✗|×|not ok|Error:|AssertionError|▶ |failed)\b/i.test(l));
+  const summary = lines.filter((l) => /\b(passing|failing|pending|skipped|Tests:|Duration)\b/i.test(l));
+  const stackLines = [];
+  let inStack = false;
+  for (const l of lines) {
+    if (/^\s+at /.test(l)) { inStack = true; stackLines.push(l); }
+    else if (inStack && l.trim() === "") { inStack = false; }
+  }
+  const parts = [];
+  if (summary.length) parts.push(summary.slice(0, 3).join("\n"));
+  if (failures.length) parts.push("Failures:\n" + failures.slice(0, 10).join("\n"));
+  if (stackLines.length) parts.push("Stack (first 5):\n" + stackLines.slice(0, 5).join("\n"));
+  return parts.join("\n---\n") || lines.slice(0, 10).join("\n");
+}
+
+function summarizeBuild(raw) {
+  const lines = raw.split("\n");
+  const errors = lines.filter((l) => /\b(error|Error|ERROR|failed|FAILED)\b/.test(l));
+  const warnings = lines.filter((l) => /\b(warn|WARN|warning)\b/i.test(l));
+  const last = lines.filter((l) => l.trim()).slice(-5);
+  const parts = [];
+  if (errors.length) parts.push("Errors:\n" + errors.slice(0, 8).join("\n"));
+  else if (warnings.length) parts.push("Warnings:\n" + warnings.slice(0, 5).join("\n"));
+  if (last.length) parts.push("Last lines:\n" + last.join("\n"));
+  return parts.join("\n---\n") || lines.slice(0, 10).join("\n");
+}
+
+function summarizeLint(raw) {
+  const lines = raw.split("\n");
+  const errors = lines.filter((l) => /\berror\b/i.test(l));
+  const warnings = lines.filter((l) => /\bwarning\b/i.test(l));
+  const parts = [];
+  if (errors.length) parts.push(`${errors.length} error(s):\n` + errors.slice(0, 8).join("\n"));
+  if (warnings.length) parts.push(`${warnings.length} warning(s) (first 3):\n` + warnings.slice(0, 3).join("\n"));
+  return parts.join("\n---\n") || lines.slice(0, 10).join("\n");
+}
+
+function summarizeGitDiff(raw) {
+  const lines = raw.split("\n");
+  const fileLines = lines.filter((l) => /^diff --git|^\+\+\+|^---/.test(l));
+  const statLines = lines.filter((l) => /\|\s+\d+/.test(l));
+  const parts = [];
+  if (statLines.length) parts.push("Changed files:\n" + statLines.slice(0, 20).join("\n"));
+  else if (fileLines.length) parts.push("Files:\n" + fileLines.slice(0, 20).join("\n"));
+  parts.push(`Total lines: ${lines.length}`);
+  return parts.join("\n---\n");
+}
+
+function summarizeGitStatus(raw) {
+  const lines = raw.split("\n").filter((l) => l.trim());
+  return lines.slice(0, 30).join("\n");
+}
+
+function summarizeRgSearch(raw) {
+  const lines = raw.split("\n").filter((l) => l.trim());
+  const fileMatches = new Set(lines.map((l) => l.split(":")[0]).filter(Boolean));
+  return `${fileMatches.size} file(s) matched, ${lines.length} result(s)\n` + lines.slice(0, 20).join("\n");
+}
+
+function summarizeLog(raw) {
+  const lines = raw.split("\n");
+  const errors = lines.filter((l) => /\b(error|ERROR|FATAL|fatal|critical)\b/.test(l));
+  const warns = lines.filter((l) => /\b(warn|WARN|WARNING)\b/.test(l));
+  const parts = [];
+  if (errors.length) parts.push("Errors:\n" + errors.slice(0, 5).join("\n"));
+  if (warns.length) parts.push("Warnings:\n" + warns.slice(0, 5).join("\n"));
+  parts.push("Last lines:\n" + lines.filter((l) => l.trim()).slice(-5).join("\n"));
+  return parts.join("\n---\n");
+}
+
+function summarizeJson(raw) {
+  try {
+    const obj = JSON.parse(raw);
+    const keys = Object.keys(obj).slice(0, 10);
+    return `JSON object with keys: ${keys.join(", ")} (${raw.length} chars total)`;
+  } catch {
+    return `JSON-like output (${raw.length} chars, parse failed)`;
+  }
+}
+
+function summarizeGeneric(raw) {
+  const lines = raw.split("\n").filter((l) => l.trim());
+  return lines.slice(0, MAX_LINES_CAPTURED).join("\n");
+}
+
+function summarizeByKind(kind, raw) {
+  switch (kind) {
+    case "test": return summarizeTest(raw);
+    case "build": return summarizeBuild(raw);
+    case "lint": return summarizeLint(raw);
+    case "git_diff": return summarizeGitDiff(raw);
+    case "git_status": return summarizeGitStatus(raw);
+    case "rg_search": return summarizeRgSearch(raw);
+    case "log": return summarizeLog(raw);
+    case "json": return summarizeJson(raw);
+    default: return summarizeGeneric(raw);
+  }
+}
+
+// ── Main summarizer ───────────────────────────────────────────────────────────
+
+function summarizeToolOutput(output, options = {}) {
+  const kind = options.kind || "generic";
+  const raw = sanitize(output);
+  const summary = summarizeByKind(kind, raw);
+  const truncated = summary.length > MAX_SUMMARY_CHARS ? summary.slice(0, MAX_SUMMARY_CHARS) + "\n[summary truncated]" : summary;
+  return {
+    kind,
+    summaryChars: truncated.length,
+    rawChars: raw.length,
+    summary: truncated,
+    oversized: raw.length > MAX_SUMMARY_CHARS * 5,
+  };
+}
+
+// ── Artifact write ────────────────────────────────────────────────────────────
+
+function writeRawToolOutputArtifact(cwd, output, metadata = {}, options = {}) {
+  const dir = path.join(cwd, TOOL_OUTPUT_DIR_REL);
+  fs.mkdirSync(dir, { recursive: true });
+  const ts = Date.now();
+  const kind = metadata.kind || "generic";
+  const filename = `${ts}-${kind}.txt`;
+  const abs = path.join(dir, filename);
+  const raw = sanitize(output);
+  if (raw.length > MAX_ARTIFACT_BYTES) {
+    fs.writeFileSync(abs, raw.slice(0, MAX_ARTIFACT_BYTES) + "\n[artifact truncated]", "utf8");
+  } else {
+    fs.writeFileSync(abs, raw, "utf8");
+  }
+  try {
+    appendProductLearningEvent(cwd, "raw_tool_output_artifact_written", {
+      kind,
+      rawChars: raw.length,
+      artifactPath: path.relative(cwd, abs),
+    });
+  } catch {}
+  return path.relative(cwd, abs);
+}
+
+// ── Build sandbox result ──────────────────────────────────────────────────────
+
+function buildToolOutputSandboxResult(cwd, input = {}, options = {}) {
+  const { output, kind, writeArtifact = true } = input;
+  const classification = classifyToolOutput(kind, output, options);
+  const summaryResult = summarizeToolOutput(output, { kind: classification.kind });
+
+  let artifactRef = null;
+  if (writeArtifact && classification.oversized) {
+    try {
+      artifactRef = writeRawToolOutputArtifact(cwd, output, { kind: classification.kind });
+    } catch {}
+  }
+
+  return {
+    contract: CONTRACT,
+    schemaVersion: SCHEMA_VERSION,
+    createdAt: nowIso(),
+    kind: classification.kind,
+    rawChars: classification.charCount,
+    summaryChars: summaryResult.summaryChars,
+    summary: summaryResult.summary,
+    oversized: classification.oversized,
+    artifactRef,
+    redacted: true,
+  };
+}
+
+function enforceToolOutputBudget(result, options = {}) {
+  const maxChars = options.maxChars || MAX_SUMMARY_CHARS;
+  if (result.summaryChars > maxChars) {
+    return {
+      ...result,
+      summary: result.summary.slice(0, maxChars) + "\n[budget enforced]",
+      summaryChars: maxChars,
+      budgetEnforced: true,
+    };
+  }
+  return { ...result, budgetEnforced: false };
+}
+
+function formatToolOutputSummary(result, options = {}) {
+  const lines = [`Tool Output [${result.kind}]`];
+  if (result.artifactRef) lines.push(`  Raw artifact: ${result.artifactRef}`);
+  lines.push(`  Raw: ${result.rawChars} chars → Summary: ${result.summaryChars} chars`);
+  lines.push(result.summary);
+  return lines.join("\n");
+}
+
+function writeSandboxSummary(cwd, result) {
+  const dir = path.join(cwd, TOOL_OUTPUT_DIR_REL);
+  fs.mkdirSync(dir, { recursive: true });
+  const abs = path.join(cwd, LATEST_SUMMARY_REL);
+  fs.writeFileSync(abs, JSON.stringify(result, null, 2), "utf8");
+  try {
+    appendProductLearningEvent(cwd, "tool_output_sandbox_summary_written", {
+      kind: result.kind,
+      rawChars: result.rawChars,
+      summaryChars: result.summaryChars,
+      oversized: result.oversized,
+    });
+  } catch {}
+  return abs;
+}
+
+module.exports = {
+  CONTRACT,
+  BUDGET_CONTRACT,
+  SCHEMA_VERSION,
+  TOOL_OUTPUT_DIR_REL,
+  LATEST_SUMMARY_REL,
+  SUPPORTED_KINDS,
+  sanitize,
+  stripAnsi,
+  redactSecrets,
+  classifyToolOutput,
+  summarizeToolOutput,
+  writeRawToolOutputArtifact,
+  buildToolOutputSandboxResult,
+  enforceToolOutputBudget,
+  formatToolOutputSummary,
+  writeSandboxSummary,
+};

package/scripts/lib/trust-audit.js

@@ -0,0 +1,136 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const crypto = require("crypto");
+
+function sha256(content) {
+  return crypto.createHash("sha256").update(content).digest("hex");
+}
+
+function hashFile(absPath) {
+  const data = fs.readFileSync(absPath);
+  return sha256(data);
+}
+
+function walkFiles(absDir, relRoot, out) {
+  if (!fs.existsSync(absDir)) return;
+  const entries = fs.readdirSync(absDir, { withFileTypes: true });
+  entries.forEach((e) => {
+    const abs = path.join(absDir, e.name);
+    const rel = path.posix.join(relRoot, e.name).replace(/\\/g, "/");
+    if (e.isDirectory()) {
+      walkFiles(abs, rel, out);
+      return;
+    }
+    if (!e.isFile()) return;
+    if (!/\.(md|json|js|ts)$/i.test(e.name)) return;
+    out.push({ rel, abs });
+  });
+}
+
+function collectTrustTargets(cwd) {
+  const out = [];
+  const roots = [
+    { rel: ".claude-plugin", abs: path.join(cwd, ".claude-plugin") },
+    { rel: "hooks", abs: path.join(cwd, "hooks") },
+    { rel: "skills", abs: path.join(cwd, "skills") },
+    { rel: "agents", abs: path.join(cwd, "agents") },
+    { rel: "scripts", abs: path.join(cwd, "scripts") },
+  ];
+
+  roots.forEach((root) => walkFiles(root.abs, root.rel, out));
+  return out;
+}
+
+function snapshotPath(cwd) {
+  return path.join(cwd, ".claude", "cco", "state", "trust-snapshot.json");
+}
+
+function loadSnapshot(cwd) {
+  try {
+    return JSON.parse(fs.readFileSync(snapshotPath(cwd), "utf8"));
+  } catch {
+    return { files: {}, capturedAt: null };
+  }
+}
+
+function saveSnapshot(cwd, filesMap) {
+  const p = snapshotPath(cwd);
+  fs.mkdirSync(path.dirname(p), { recursive: true });
+  fs.writeFileSync(
+    p,
+    JSON.stringify({ capturedAt: new Date().toISOString(), files: filesMap }, null, 2),
+    "utf8"
+  );
+}
+
+function pathBlockedByPolicy(rel, teamPolicy) {
+  const patterns = Array.isArray(teamPolicy?.blockedPatterns) ? teamPolicy.blockedPatterns : [];
+  return patterns.some((pat) => {
+    try {
+      return new RegExp(pat, "i").test(rel);
+    } catch {
+      return false;
+    }
+  });
+}
+
+function classifyChanges(currentFiles, previousSnapshot, teamPolicy) {
+  const prev = previousSnapshot?.files || {};
+  const changed = [];
+  const currentMap = {};
+
+  currentFiles.forEach((f) => {
+    const hash = hashFile(f.abs);
+    currentMap[f.rel] = hash;
+    const prevHash = prev[f.rel] || null;
+
+    if (!prevHash) {
+      changed.push({ path: f.rel, changeType: "new", trustLevel: pathBlockedByPolicy(f.rel, teamPolicy) ? "untrusted" : "unknown", hash });
+      return;
+    }
+
+    if (prevHash !== hash) {
+      changed.push({ path: f.rel, changeType: "changed", trustLevel: pathBlockedByPolicy(f.rel, teamPolicy) ? "untrusted" : "unknown", hash });
+      return;
+    }
+
+    changed.push({ path: f.rel, changeType: "unchanged", trustLevel: "trusted", hash });
+  });
+
+  Object.keys(prev).forEach((rel) => {
+    if (!currentMap[rel]) changed.push({ path: rel, changeType: "removed", trustLevel: "unknown", hash: null });
+  });
+
+  return { currentMap, changed };
+}
+
+function runTrustAudit({ cwd, teamPolicy, writeSnapshot = true }) {
+  const targets = collectTrustTargets(cwd);
+  const previous = loadSnapshot(cwd);
+  const { currentMap, changed } = classifyChanges(targets, previous, teamPolicy);
+
+  const summary = {
+    total: changed.length,
+    newOrChanged: changed.filter((x) => x.changeType === "new" || x.changeType === "changed").length,
+    unknown: changed.filter((x) => x.trustLevel === "unknown").length,
+    untrusted: changed.filter((x) => x.trustLevel === "untrusted").length,
+    trusted: changed.filter((x) => x.trustLevel === "trusted").length,
+  };
+
+  const audit = {
+    createdAt: new Date().toISOString(),
+    summary,
+    entries: changed,
+    unknownFiles: changed.filter((x) => x.trustLevel === "unknown").map((x) => x.path),
+    untrustedFiles: changed.filter((x) => x.trustLevel === "untrusted").map((x) => x.path),
+  };
+
+  if (writeSnapshot) saveSnapshot(cwd, currentMap);
+  return audit;
+}
+
+module.exports = {
+  runTrustAudit,
+};