avorelo 0.1.0

package/scripts/lib/launch-hardening-gate.js

@@ -0,0 +1,436 @@
+"use strict";
+
+// ── Launch Hardening Gate ─────────────────────────────────────────────────────
+//
+// Contract: avorelo.launchHardeningGate.v1
+//
+// Evaluates all critical alpha-launch surfaces and produces a pass/warn/fail
+// gate with compact summary and safe next action. No raw logs or secrets.
+
+const fs = require("fs");
+const path = require("path");
+const { nowIso } = require("./fsx");
+
+const CONTRACT = "avorelo.launchHardeningGate.v1";
+const SCHEMA_VERSION = 1;
+
+const GATE_DIR_REL = ".claude/cco/orchestration/launch-hardening";
+const LATEST_GATE_REL = `${GATE_DIR_REL}/latest-gate.json`;
+
+// ── Helpers ───────────────────────────────────────────────────────────────────
+
+function safeReadJson(absPath) {
+  try {
+    if (!fs.existsSync(absPath)) return null;
+    return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^/, ""));
+  } catch {
+    return null;
+  }
+}
+
+function checkPass(id, summary, nextAction) {
+  return { id, status: "pass", summary, nextAction: nextAction || null };
+}
+
+function checkWarn(id, summary, nextAction) {
+  return { id, status: "warn", summary, nextAction: nextAction || null };
+}
+
+function checkFail(id, summary, nextAction) {
+  return { id, status: "fail", summary, nextAction: nextAction || null };
+}
+
+function checkSkip(id, summary) {
+  return { id, status: "skip", summary, nextAction: null };
+}
+
+function tryRequire(modulePath) {
+  try {
+    return { mod: require(modulePath), err: null };
+  } catch (e) {
+    return { mod: null, err: e };
+  }
+}
+
+// ── Individual checks ─────────────────────────────────────────────────────────
+
+function checkActivationAvailable(cwd) {
+  const id = "activation_available";
+  const { mod, err } = tryRequire("./alpha-activation");
+  if (err || !mod) {
+    return checkFail(id, "alpha-activation module not loadable.", "Implement scripts/lib/alpha-activation.js.");
+  }
+  if (typeof mod.buildActivationSurface !== "function" && typeof mod.runAlphaActivation !== "function") {
+    return checkWarn(id, "alpha-activation loaded but missing expected exports.", "Check alpha-activation.js exports.");
+  }
+  return checkPass(id, "Alpha activation module loadable.");
+}
+
+function checkAlphaReadinessPassOrClearRecovery(cwd) {
+  const id = "alpha_readiness_pass_or_clear_recovery";
+  const rel = ".claude/cco/orchestration/alpha-readiness/latest-gate.json";
+  const absPath = path.join(cwd, rel);
+  if (!fs.existsSync(absPath)) {
+    return checkSkip(id, "Alpha readiness gate not yet run. Run `avorelo outcome` first.");
+  }
+  const gate = safeReadJson(absPath);
+  if (!gate) {
+    return checkWarn(id, "Alpha readiness gate artifact exists but cannot be parsed.", "Run `avorelo outcome` to regenerate.");
+  }
+  if (gate.status === "fail") {
+    return checkWarn(id, `Alpha readiness gate status: fail (score: ${gate.score ?? "N/A"}).`, "Run `avorelo outcome` to see failures. Fix blocking items before launch.");
+  }
+  return checkPass(id, `Alpha readiness gate: ${gate.status} (score: ${gate.score ?? "N/A"}).`);
+}
+
+function checkSafeRunAvailable(cwd) {
+  const id = "safe_run_available";
+  const rel = ".claude/cco/orchestration/safe-run/latest-run.json";
+  const absPath = path.join(cwd, rel);
+  if (!fs.existsSync(absPath)) {
+    return checkWarn(id, "No safe-run receipt found.", "Run `avorelo run` on a task to generate a safe-run receipt.");
+  }
+  const run = safeReadJson(absPath);
+  if (!run) return checkWarn(id, "Safe-run receipt exists but cannot be parsed.", "Run `avorelo run` to regenerate.");
+  return checkPass(id, `Safe-run receipt available (status: ${run.status || "unknown"}).`);
+}
+
+function checkHookDoctorPassOrClearRecovery(cwd) {
+  const id = "hook_doctor_pass_or_clear_recovery";
+  const rel = ".claude/cco/orchestration/hook-apply/latest-doctor.json";
+  const absPath = path.join(cwd, rel);
+  if (!fs.existsSync(absPath)) {
+    return checkSkip(id, "Hook doctor not yet run. Run `avorelo hooks doctor` first.");
+  }
+  const doctor = safeReadJson(absPath);
+  if (!doctor) return checkWarn(id, "Hook doctor artifact exists but cannot be parsed.", "Run `avorelo hooks doctor` to regenerate.");
+  if (doctor.status === "fail" || doctor.status === "error") {
+    return checkWarn(id, `Hook doctor: ${doctor.status}.`, "Run `avorelo hooks doctor` to see failing checks. Fix or rollback before launch.");
+  }
+  return checkPass(id, `Hook doctor: ${doctor.status || "pass"}.`);
+}
+
+function checkTokenContextQualityPassOrClearRecovery(cwd) {
+  const id = "token_context_quality_pass_or_clear_recovery";
+  const rel = ".claude/cco/orchestration/token-efficiency/latest-quality-gate.json";
+  const absPath = path.join(cwd, rel);
+  if (!fs.existsSync(absPath)) {
+    return checkSkip(id, "Token context quality gate not yet run. Run `avorelo token-efficiency` first.");
+  }
+  const gate = safeReadJson(absPath);
+  if (!gate) return checkWarn(id, "Token quality gate artifact exists but cannot be parsed.", "Run `avorelo token-efficiency` to regenerate.");
+  if (gate.status === "fail") {
+    return checkWarn(id, `Token context quality gate: fail (score: ${gate.score ?? "N/A"}).`, "Run `avorelo token-efficiency` to see failures. Reduce context before launch.");
+  }
+  return checkPass(id, `Token context quality gate: ${gate.status} (score: ${gate.score ?? "N/A"}).`);
+}
+
+function checkSupportBundleRedacted(cwd) {
+  const id = "support_bundle_redacted";
+  const rel = ".claude/cco/support/latest-support-bundle.json";
+  const absPath = path.join(cwd, rel);
+  if (!fs.existsSync(absPath)) {
+    return checkSkip(id, "No support bundle found. Run `avorelo support-bundle` first.");
+  }
+  const bundle = safeReadJson(absPath);
+  if (!bundle) return checkWarn(id, "Support bundle exists but cannot be parsed.", "Run `avorelo support-bundle` to regenerate.");
+  if (!bundle.redacted) {
+    return checkFail(id, "Support bundle is missing redacted:true flag.", "Fix support-bundle.js to set redacted:true.");
+  }
+  return checkPass(id, "Support bundle present and redacted.");
+}
+
+function checkProofAvailableOrClearRecovery(cwd) {
+  const id = "proof_available_or_clear_recovery";
+  const proofDir = path.join(cwd, ".claude", "cco", "orchestration", "proof");
+  const altPath = path.join(cwd, ".claude", "cco", "orchestration", "seamless-outcome", "latest-reality-gate.json");
+  const proofExists = fs.existsSync(proofDir) || fs.existsSync(altPath);
+  if (!proofExists) {
+    return checkWarn(id, "No proof artifacts found.", "Run `avorelo outcome` to generate proof.");
+  }
+  return checkPass(id, "Proof artifacts present.");
+}
+
+function checkLedgerAvailable(cwd) {
+  const id = "ledger_available";
+  const { mod, err } = tryRequire("./work-ledger");
+  if (err || !mod) {
+    return checkFail(id, "work-ledger module not loadable.", "Check scripts/lib/work-ledger.js.");
+  }
+  if (typeof mod.buildWorkLedger !== "function" && typeof mod.ENTRY_TYPES === "undefined") {
+    return checkWarn(id, "work-ledger loaded but missing expected exports.", "Check work-ledger.js exports.");
+  }
+  return checkPass(id, "Work ledger module loadable.");
+}
+
+function checkCompanyLoopAvailable(cwd) {
+  const id = "company_loop_available";
+  const { mod, err } = tryRequire("./company-loop");
+  if (err || !mod) {
+    return checkFail(id, "company-loop module not loadable.", "Check scripts/lib/company-loop.js.");
+  }
+  return checkPass(id, "Company loop module loadable.");
+}
+
+function checkRollbackUninstallAvailable(cwd) {
+  const id = "rollback_uninstall_available";
+  const { mod, err } = tryRequire("./hook-apply");
+  if (err || !mod) {
+    return checkFail(id, "hook-apply module not loadable.", "Check scripts/lib/hook-apply.js.");
+  }
+  if (typeof mod.rollbackHookApply !== "function") {
+    return checkWarn(id, "hook-apply loaded but missing rollbackHookApply export.", "Add rollbackHookApply to hook-apply.js.");
+  }
+  return checkPass(id, "Hook rollback/uninstall available.");
+}
+
+function checkArtifactHealthAvailable(cwd) {
+  const id = "artifact_health_available";
+  const healthPath = path.join(path.dirname(__filename), "artifact-health.js");
+  if (!fs.existsSync(healthPath)) {
+    return checkFail(id, "artifact-health.js not found in scripts/lib/.", "Create scripts/lib/artifact-health.js.");
+  }
+  return checkPass(id, "artifact-health.js present in scripts/lib/.");
+}
+
+function checkArtifactCleanupDryRunAvailable(cwd) {
+  const id = "artifact_cleanup_dry_run_available";
+  const { mod, err } = tryRequire("./artifact-health");
+  if (err || !mod) {
+    return checkFail(id, "artifact-health.js not loadable.", "Fix scripts/lib/artifact-health.js.");
+  }
+  if (typeof mod.applyArtifactCleanup !== "function") {
+    return checkFail(id, "artifact-health.js missing applyArtifactCleanup export.", "Export applyArtifactCleanup from artifact-health.js.");
+  }
+  return checkPass(id, "Artifact cleanup dry-run available.");
+}
+
+function checkJsonOutputParseable(cwd) {
+  const id = "json_output_parseable";
+  // Structural: JSON.stringify/parse round-trip for a sample object
+  try {
+    const sample = { contract: CONTRACT, status: "pass", redacted: true };
+    const parsed = JSON.parse(JSON.stringify(sample));
+    if (parsed.contract !== CONTRACT) throw new Error("round-trip mismatch");
+    return checkPass(id, "JSON output round-trip parseable.");
+  } catch (e) {
+    return checkFail(id, `JSON round-trip failed: ${e.message}`, "Fix JSON serialization in output layer.");
+  }
+}
+
+function checkDefaultOutputCompact(cwd) {
+  const id = "default_output_compact";
+  // Structural check — always pass (compact output policy)
+  return checkPass(id, "Default output format is compact (policy enforced).");
+}
+
+function checkNonInteractiveCiModeAvailable(cwd) {
+  const id = "non_interactive_ci_mode_available";
+  const cliPath = path.join(path.dirname(__filename), "public-cli.js");
+  if (!fs.existsSync(cliPath)) {
+    return checkWarn(id, "public-cli.js not found.", "Check scripts/lib/public-cli.js.");
+  }
+  try {
+    const content = fs.readFileSync(cliPath, "utf8");
+    if (!content.includes("--json")) {
+      return checkFail(id, "public-cli.js does not reference --json flag.", "Add --json support to public-cli.js for CI mode.");
+    }
+    return checkPass(id, "--json flag handling present in public-cli.js.");
+  } catch {
+    return checkWarn(id, "Could not read public-cli.js.", "Check scripts/lib/public-cli.js.");
+  }
+}
+
+function checkCrossPlatformPathSanityPresent(cwd) {
+  const id = "cross_platform_path_sanity_present";
+  const keyModules = ["fsx.js", "public-cli.js", "work-ledger.js"];
+  const missing = [];
+  for (const mod of keyModules) {
+    const absPath = path.join(path.dirname(__filename), mod);
+    if (!fs.existsSync(absPath)) {
+      missing.push(mod);
+      continue;
+    }
+    try {
+      const content = fs.readFileSync(absPath, "utf8");
+      if (!content.includes("path.join")) {
+        missing.push(`${mod} (no path.join)`);
+      }
+    } catch {
+      missing.push(`${mod} (read error)`);
+    }
+  }
+  if (missing.length > 0) {
+    return checkWarn(id, `path.join usage missing in: ${missing.join(", ")}.`, "Use path.join() for all path construction in these modules.");
+  }
+  return checkPass(id, "path.join() usage present in key modules.");
+}
+
+function checkNoLaunchReadyClaimBeforeLaunchCandidate(cwd) {
+  const id = "no_launch_ready_claim_before_launch_candidate";
+  const checkPaths = [
+    ".claude/cco/orchestration/launch-hardening/latest-gate.json",
+    ".claude/cco/orchestration/alpha-readiness/latest-gate.json",
+    ".claude/cco/support/latest-support-bundle.json",
+  ];
+  const overclaims = [];
+  for (const rel of checkPaths) {
+    const absPath = path.join(cwd, rel);
+    if (!fs.existsSync(absPath)) continue;
+    try {
+      const raw = fs.readFileSync(absPath, "utf8");
+      if (/launch.ready/i.test(raw) && !/not.launch.ready|not.yet.launch.ready|not.claim.launch.ready/i.test(raw)) {
+        overclaims.push(rel);
+      }
+    } catch {}
+  }
+  if (overclaims.length > 0) {
+    return checkWarn(id, `Possible launch-ready claim found in artifacts: ${overclaims.join(", ")}.`, "Do not claim launch-ready before launch candidate checklist passes.");
+  }
+  return checkPass(id, "No premature launch-ready claim found in artifacts.");
+}
+
+// ── buildLaunchHardeningChecks ────────────────────────────────────────────────
+
+function buildLaunchHardeningChecks(cwd, options = {}) {
+  return [
+    checkActivationAvailable(cwd),
+    checkAlphaReadinessPassOrClearRecovery(cwd),
+    checkSafeRunAvailable(cwd),
+    checkHookDoctorPassOrClearRecovery(cwd),
+    checkTokenContextQualityPassOrClearRecovery(cwd),
+    checkSupportBundleRedacted(cwd),
+    checkProofAvailableOrClearRecovery(cwd),
+    checkLedgerAvailable(cwd),
+    checkCompanyLoopAvailable(cwd),
+    checkRollbackUninstallAvailable(cwd),
+    checkArtifactHealthAvailable(cwd),
+    checkArtifactCleanupDryRunAvailable(cwd),
+    checkJsonOutputParseable(cwd),
+    checkDefaultOutputCompact(cwd),
+    checkNonInteractiveCiModeAvailable(cwd),
+    checkCrossPlatformPathSanityPresent(cwd),
+    checkNoLaunchReadyClaimBeforeLaunchCandidate(cwd),
+  ];
+}
+
+// ── runLaunchHardeningGate ────────────────────────────────────────────────────
+
+function runLaunchHardeningGate(cwd, options = {}) {
+  const checks = buildLaunchHardeningChecks(cwd, options);
+
+  const passCount = checks.filter((c) => c.status === "pass").length;
+  const warnCount = checks.filter((c) => c.status === "warn").length;
+  const failCount = checks.filter((c) => c.status === "fail").length;
+  const skipCount = checks.filter((c) => c.status === "skip").length;
+  const scored = checks.filter((c) => c.status !== "skip");
+  const score = scored.length > 0 ? Math.round((passCount / scored.length) * 100) : 100;
+
+  let status;
+  if (failCount > 0) status = "fail";
+  else if (warnCount > 0) status = "warn";
+  else status = "pass";
+
+  const firstFail = checks.find((c) => c.status === "fail");
+  const firstWarn = checks.find((c) => c.status === "warn");
+  const nextAction = (firstFail || firstWarn)?.nextAction
+    || "All launch hardening checks pass. Review alpha readiness checklist before launch.";
+
+  const failureRecoveryRefs = checks
+    .filter((c) => c.status === "fail" || c.status === "warn")
+    .map((c) => ({ checkId: c.id, nextAction: c.nextAction }));
+
+  return {
+    contract: CONTRACT,
+    schemaVersion: SCHEMA_VERSION,
+    status,
+    score,
+    checks,
+    failureRecoveryRefs,
+    nextAction,
+    summary: { pass: passCount, warn: warnCount, fail: failCount, skip: skipCount, total: checks.length },
+    createdAt: nowIso(),
+    redacted: true,
+  };
+}
+
+// ── writeLaunchHardeningGate ──────────────────────────────────────────────────
+
+function writeLaunchHardeningGate(cwd, gate) {
+  try {
+    const absPath = path.join(cwd, LATEST_GATE_REL);
+    fs.mkdirSync(path.dirname(absPath), { recursive: true });
+    fs.writeFileSync(absPath, JSON.stringify(gate, null, 2), "utf8");
+  } catch {}
+}
+
+// ── buildLaunchHardeningSurface ───────────────────────────────────────────────
+
+function buildLaunchHardeningSurface(cwd, options = {}) {
+  const absPath = path.join(cwd, LATEST_GATE_REL);
+  const latest = (() => {
+    try {
+      if (!fs.existsSync(absPath)) return null;
+      return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^/, ""));
+    } catch { return null; }
+  })();
+
+  if (!latest) {
+    return {
+      contract: CONTRACT,
+      status: "not_run",
+      score: null,
+      nextAction: "Run `avorelo launch-hardening` to evaluate launch readiness.",
+      latestGatePath: null,
+    };
+  }
+
+  return {
+    contract: CONTRACT,
+    status: latest.status,
+    score: latest.score,
+    warnings: latest.summary?.warn || 0,
+    failures: latest.summary?.fail || 0,
+    nextAction: latest.nextAction,
+    createdAt: latest.createdAt,
+    latestGatePath: LATEST_GATE_REL,
+  };
+}
+
+// ── formatLaunchHardeningText ─────────────────────────────────────────────────
+
+function formatLaunchHardeningText(gate, options = {}) {
+  if (!gate) return "No launch hardening gate data available.";
+  const lines = [];
+  lines.push(`Launch Hardening Gate: ${gate.status?.toUpperCase() || "UNKNOWN"} (score: ${gate.score ?? "N/A"})`);
+  lines.push(`Checks: ${gate.summary?.pass ?? 0} pass, ${gate.summary?.warn ?? 0} warn, ${gate.summary?.fail ?? 0} fail, ${gate.summary?.skip ?? 0} skip`);
+  lines.push("");
+
+  const failing = (gate.checks || []).filter((c) => c.status === "fail");
+  const warning = (gate.checks || []).filter((c) => c.status === "warn");
+
+  if (failing.length > 0) {
+    lines.push("FAIL:");
+    failing.forEach((c) => lines.push(`  !! ${c.id}: ${c.summary}`));
+    lines.push("");
+  }
+  if (warning.length > 0) {
+    lines.push("WARN:");
+    warning.forEach((c) => lines.push(`  -- ${c.id}: ${c.summary}`));
+    lines.push("");
+  }
+
+  lines.push(`Next step: ${gate.nextAction || "Review checks."}`);
+  return lines.join("\n");
+}
+
+module.exports = {
+  CONTRACT,
+  SCHEMA_VERSION,
+  LATEST_GATE_REL,
+  runLaunchHardeningGate,
+  buildLaunchHardeningChecks,
+  writeLaunchHardeningGate,
+  buildLaunchHardeningSurface,
+  formatLaunchHardeningText,
+};