avorelo 0.1.0

package/scripts/lib/feedback-signals.js

@@ -0,0 +1,205 @@
+"use strict";
+
+const fs = require("node:fs");
+const path = require("node:path");
+const crypto = require("node:crypto");
+
+const CONTRACT = "avorelo.feedbackSignal.v1";
+const SCHEMA_VERSION = 1;
+
+const FEEDBACK_DIR_REL = ".claude/cco/feedback";
+
+const VALID_SOURCES = Object.freeze([
+  "dogfood",
+  "manual_customer",
+  "support_note",
+  "session_review",
+]);
+
+const VALID_FRICTION_TYPES = Object.freeze([
+  "missing_evidence",
+  "noisy_output",
+  "manual_fallback_required",
+  "generic_next_action",
+  "verification_missing",
+  "proof_missing",
+  "unavailable_worker",
+  "context_too_large",
+  "unknown_asset_repeated",
+  "high_risk_blocked_without_continuation",
+  "value_claim_not_evidence_backed",
+  "activation_friction",
+  "support_explainability_gap",
+  "other",
+]);
+
+const VALID_SEVERITIES = Object.freeze(["low", "medium", "high", "critical"]);
+
+// Patterns that must not appear in feedback payloads
+const FORBIDDEN_PATTERNS = [
+  /\bpassword\b/i,
+  /\bsecret\b/i,
+  /\bapi[_-]?key\b/i,
+  /\btoken\b.*[:=]\s*[A-Za-z0-9+/=]{20,}/i,
+  /\bPRIVATE\s+KEY\b/,
+  /sk-[A-Za-z0-9]{20,}/,
+];
+
+function redactString(val) {
+  if (typeof val !== "string") return val;
+  let result = val;
+  for (const pattern of FORBIDDEN_PATTERNS) {
+    result = result.replace(pattern, "[REDACTED]");
+  }
+  return result;
+}
+
+function redactPayload(obj) {
+  if (typeof obj === "string") return redactString(obj);
+  if (Array.isArray(obj)) return obj.map(redactPayload);
+  if (obj && typeof obj === "object") {
+    const out = {};
+    for (const [k, v] of Object.entries(obj)) {
+      out[k] = redactPayload(v);
+    }
+    return out;
+  }
+  return obj;
+}
+
+function validateFeedbackSignal(signal) {
+  const errors = [];
+
+  if (!signal || typeof signal !== "object") {
+    return { valid: false, errors: ["Signal must be an object."] };
+  }
+
+  if (!VALID_SOURCES.includes(signal.source)) {
+    errors.push(`source must be one of: ${VALID_SOURCES.join(", ")}`);
+  }
+
+  if (!signal.summary || typeof signal.summary !== "string" || signal.summary.trim().length === 0) {
+    errors.push("summary is required and must be a non-empty string.");
+  }
+
+  if (signal.frictionType && !VALID_FRICTION_TYPES.includes(signal.frictionType)) {
+    errors.push(`frictionType must be one of: ${VALID_FRICTION_TYPES.join(", ")}`);
+  }
+
+  if (signal.severity && !VALID_SEVERITIES.includes(signal.severity)) {
+    errors.push(`severity must be one of: ${VALID_SEVERITIES.join(", ")}`);
+  }
+
+  // Reject any forbidden patterns in summary or desiredBehavior
+  for (const field of ["summary", "desiredBehavior"]) {
+    if (typeof signal[field] === "string") {
+      for (const pattern of FORBIDDEN_PATTERNS) {
+        if (pattern.test(signal[field])) {
+          errors.push(`${field} contains forbidden/sensitive content.`);
+          break;
+        }
+      }
+    }
+  }
+
+  return { valid: errors.length === 0, errors };
+}
+
+function normalizeFeedbackSignal(raw) {
+  const signal = {
+    contract: CONTRACT,
+    schemaVersion: SCHEMA_VERSION,
+    signalId: raw.signalId || `feedback-${crypto.randomBytes(6).toString("hex")}`,
+    source: raw.source,
+    persona: raw.persona || null,
+    runId: raw.runId || null,
+    frictionType: raw.frictionType || "other",
+    severity: raw.severity || "medium",
+    summary: redactString(raw.summary || ""),
+    desiredBehavior: redactString(raw.desiredBehavior || null),
+    evidencePath: raw.evidencePath || null,
+    createdAt: raw.createdAt || new Date().toISOString(),
+    redacted: true,
+  };
+  return signal;
+}
+
+function writeFeedbackSignal(cwd, raw) {
+  const validation = validateFeedbackSignal(raw);
+  if (!validation.valid) {
+    throw new Error(`Invalid feedback signal: ${validation.errors.join("; ")}`);
+  }
+
+  const signal = normalizeFeedbackSignal(raw);
+  const dir = path.join(cwd, FEEDBACK_DIR_REL);
+  fs.mkdirSync(dir, { recursive: true });
+
+  const filename = `${signal.signalId}.json`;
+  const filePath = path.join(dir, filename);
+  fs.writeFileSync(filePath, JSON.stringify(signal, null, 2), "utf8");
+
+  return { filePath, signal };
+}
+
+function readFeedbackSignals(cwd) {
+  const dir = path.join(cwd, FEEDBACK_DIR_REL);
+  if (!fs.existsSync(dir)) return [];
+
+  const signals = [];
+  let files;
+  try {
+    files = fs.readdirSync(dir).filter((f) => f.endsWith(".json"));
+  } catch {
+    return [];
+  }
+
+  for (const f of files) {
+    try {
+      const raw = JSON.parse(fs.readFileSync(path.join(dir, f), "utf8"));
+      if (raw.contract === CONTRACT) {
+        signals.push(raw);
+      }
+    } catch {
+      // skip corrupted
+    }
+  }
+
+  return signals;
+}
+
+function summarizeFeedbackSignals(cwd) {
+  const signals = readFeedbackSignals(cwd);
+  if (signals.length === 0) {
+    return { total: 0, byFrictionType: {}, bySeverity: {}, topSummaries: [] };
+  }
+
+  const byFrictionType = {};
+  const bySeverity = {};
+  for (const s of signals) {
+    const ft = s.frictionType || "other";
+    byFrictionType[ft] = (byFrictionType[ft] || 0) + 1;
+    const sev = s.severity || "medium";
+    bySeverity[sev] = (bySeverity[sev] || 0) + 1;
+  }
+
+  return {
+    total: signals.length,
+    byFrictionType,
+    bySeverity,
+    topSummaries: signals.slice(-5).map((s) => s.summary),
+  };
+}
+
+module.exports = {
+  CONTRACT,
+  SCHEMA_VERSION,
+  FEEDBACK_DIR_REL,
+  VALID_SOURCES,
+  VALID_FRICTION_TYPES,
+  VALID_SEVERITIES,
+  validateFeedbackSignal,
+  normalizeFeedbackSignal,
+  writeFeedbackSignal,
+  readFeedbackSignals,
+  summarizeFeedbackSignals,
+};

package/scripts/lib/file-integrity.js

@@ -0,0 +1,68 @@
+// File integrity validation
+// Ensures "completed" states actually have required files
+
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Expected files for a "completed" onboarding state
+ */
+const EXPECTED_ONBOARDING_FILES = [
+  '.claude/cco/config.json',
+  '.claude/cco/state/onboarding.json',
+];
+
+/**
+ * Validates that required files exist when onboarding state claims completion
+ * If files are missing, returns validation errors for repair
+ */
+function validateOnboardingFileIntegrity(cwd) {
+  const missing = [];
+  const onboardingPath = path.join(cwd, '.claude/cco/state/onboarding.json');
+
+  // Check onboarding state exists
+  if (!fs.existsSync(onboardingPath)) {
+    return {
+      isValid: false,
+      reason: 'no-state',
+      missing: [onboardingPath],
+      recommendedAction: 'Run initial setup'
+    };
+  }
+
+  // Check if state says "completed"
+  try {
+    const state = JSON.parse(fs.readFileSync(onboardingPath, 'utf8'));
+    if (state.status === 'completed') {
+      // Verify expected files exist
+      for (const file of EXPECTED_ONBOARDING_FILES) {
+        const fullPath = path.join(cwd, file);
+        if (!fs.existsSync(fullPath)) {
+          missing.push(file);
+        }
+      }
+
+      if (missing.length > 0) {
+        return {
+          isValid: false,
+          reason: 'missing-files',
+          missing: missing,
+          recommendedAction: 'Restore missing onboarding files or re-run initialization'
+        };
+      }
+    }
+  } catch (err) {
+    return {
+      isValid: false,
+      reason: 'corrupt-state',
+      error: err.message
+    };
+  }
+
+  return { isValid: true };
+}
+
+module.exports = {
+  validateOnboardingFileIntegrity,
+  EXPECTED_ONBOARDING_FILES
+};

package/scripts/lib/fsx.js

@@ -0,0 +1,127 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const {
+  readProjectConfig,
+  ensureProjectConfig,
+  writeProjectConfig,
+  readTeamPolicy,
+  ensureTeamPolicy,
+  getEffectiveConfig,
+} = require("./config");
+
+function readStdinJson() {
+  return new Promise((resolve) => {
+    let data = "";
+    process.stdin.setEncoding("utf8");
+    process.stdin.on("data", (chunk) => (data += chunk));
+    process.stdin.on("end", () => {
+      try {
+        resolve(JSON.parse(data || "{}"));
+      } catch {
+        resolve({});
+      }
+    });
+  });
+}
+
+function ensureDir(p) {
+  fs.mkdirSync(p, { recursive: true });
+}
+
+function ensureCcoDirs(cwd) {
+  // Essential directories for local-first operation (7 dirs for core functionality)
+  ensureDir(path.join(cwd, ".claude", "cco", "reports"));
+  ensureDir(path.join(cwd, ".claude", "cco", "metrics"));
+  ensureDir(path.join(cwd, ".claude", "cco", "state"));
+  ensureDir(path.join(cwd, ".claude", "cco", "security"));
+  ensureDir(path.join(cwd, ".claude", "cco", "events"));
+  ensureDir(path.join(cwd, ".claude", "cco", "memory"));
+  ensureDir(path.join(cwd, ".claude", "cco", "orchestration"));
+  ensureDir(path.join(cwd, ".claude", "cco", "orchestration", "runs"));
+  ensureDir(path.join(cwd, ".claude", "cco", "orchestration", "handoffs"));
+  ensureDir(path.join(cwd, ".claude", "cco", "orchestration", "host-contracts"));
+}
+
+function safeWriteText(cwd, relPath, content) {
+  const abs = path.join(cwd, relPath);
+  ensureDir(path.dirname(abs));
+  fs.writeFileSync(abs, content, "utf8");
+}
+
+function safeWriteJson(cwd, relPath, obj) {
+  safeWriteText(cwd, relPath, JSON.stringify(obj, null, 2));
+}
+
+function safeReadJson(cwd, relPath, fallback = null) {
+  const abs = path.join(cwd, relPath);
+  try {
+    return JSON.parse(fs.readFileSync(abs, "utf8").replace(/^\uFEFF/, ""));
+  } catch {
+    return fallback;
+  }
+}
+
+function nowIso() {
+  return new Date().toISOString();
+}
+
+function latestArtifactMeta(cwd, dirRel, nameContains) {
+  const dir = path.join(cwd, dirRel);
+  try {
+    const files = fs
+      .readdirSync(dir)
+      .filter((f) => f.endsWith(".json") && (!nameContains || f.includes(nameContains)));
+    if (!files.length) return null;
+    const latest = files
+      .map((name) => ({ name, mtimeMs: fs.statSync(path.join(dir, name)).mtimeMs }))
+      .sort((a, b) => b.mtimeMs - a.mtimeMs)[0];
+    return {
+      relPath: path.posix.join(dirRel.replace(/\\/g, "/"), latest.name.replace(/\\/g, "/")),
+      mtimeMs: latest.mtimeMs,
+    };
+  } catch {
+    return null;
+  }
+}
+
+function latestSecurityScanMeta(cwd) {
+  return latestArtifactMeta(cwd, ".claude/cco/security", null);
+}
+
+function latestTrustAuditMeta(cwd) {
+  return latestArtifactMeta(cwd, ".claude/cco/security", "trust-audit-");
+}
+
+function latestMemoryProfileMeta(cwd) {
+  return latestArtifactMeta(cwd, ".claude/cco/memory", "profile");
+}
+
+function latestIntelSignalsMeta(cwd) {
+  return latestArtifactMeta(cwd, ".claude/cco/intel/signals", null);
+}
+
+function latestOutcomeEventsMeta(cwd) {
+  return latestArtifactMeta(cwd, ".claude/cco/events", "outcome-events");
+}
+
+module.exports = {
+  readStdinJson,
+  ensureCcoDirs,
+  safeWriteJson,
+  safeWriteText,
+  safeReadJson,
+  readProjectConfig,
+  ensureProjectConfig,
+  writeProjectConfig,
+  readTeamPolicy,
+  ensureTeamPolicy,
+  getEffectiveConfig,
+  nowIso,
+  latestSecurityScanMeta,
+  latestTrustAuditMeta,
+  latestMemoryProfileMeta,
+  latestIntelSignalsMeta,
+  latestOutcomeEventsMeta,
+};