avorelo 0.1.0

package/scripts/lib/public-activation-distribution-gate.js

@@ -0,0 +1,258 @@
+"use strict";
+
+const fs = require("fs");
+const path = require("path");
+const { nowIso } = require("./fsx");
+const { appendProductLearningEvent } = require("./product-learning-events");
+const { readPackageJson, mapDistributionStateToStatus } = require("./package-runtime");
+const { didRealPackedCliSmokePass } = require("./local-package-smoke");
+
+const CONTRACT = "avorelo.publicActivationDistributionGate.v1";
+const SCHEMA_VERSION = 1;
+const ARTIFACT_DIR_REL = ".claude/cco/orchestration/public-distribution";
+const ARTIFACT_REL = ARTIFACT_DIR_REL + "/latest-gate.json";
+
+function safeReadJson(absPath) {
+  try {
+    if (!fs.existsSync(absPath)) return null;
+    return JSON.parse(fs.readFileSync(absPath, "utf8").replace(/^\uFEFF/, ""));
+  } catch {
+    return null;
+  }
+}
+
+function readPublicSmokeEvidence(cwd) {
+  return safeReadJson(path.join(cwd, ARTIFACT_DIR_REL, "latest-public-npx-smoke.json"));
+}
+
+function collectPublicActivationDistributionSignals(cwd, options = {}) {
+  const truth = options.publicDistributionTruth || require("./public-distribution-truth").buildPublicDistributionTruth(cwd, options);
+  const packageContentAudit = options.packageAudit || require("./package-content-audit").buildPackageContentAudit(cwd, options);
+  const localPackageSmoke = options.packageSmoke || require("./local-package-smoke").runLocalPackageSmoke(cwd, options);
+  const publicInstallClaimCheck = options.installClaims || require("./public-install-claim-checker").validateInstallClaims(cwd, options);
+  const publishProvenanceReadiness = options.publishReadiness || require("./publish-provenance-readiness").buildPublishProvenanceReadiness(cwd, {
+    ...options,
+    packageAudit: packageContentAudit,
+    packageSmoke: localPackageSmoke,
+    installClaims: publicInstallClaimCheck,
+  });
+
+  return {
+    publicDistributionTruth: truth,
+    packageContentAudit,
+    localPackageSmoke,
+    publicInstallClaimCheck,
+    publishProvenanceReadiness,
+    publicSmoke: options.publicSmoke || readPublicSmokeEvidence(cwd),
+  };
+}
+
+function scorePublicActivationDistribution(cwd, signals) {
+  const checks = [];
+  const blockers = [];
+  const warnings = [];
+  let score = 100;
+
+  const truth = signals.publicDistributionTruth;
+  const audit = signals.packageContentAudit;
+  const smoke = signals.localPackageSmoke;
+  const claims = signals.publicInstallClaimCheck;
+  const readiness = signals.publishProvenanceReadiness;
+  const publicSmoke = signals.publicSmoke;
+
+  checks.push({
+    id: "public_distribution_truth",
+    label: "Public distribution truth",
+    status: truth && truth.distributionState !== "publish_blocked" ? "pass" : "blocked",
+    detail: truth ? truth.distributionState : "missing",
+    safeNextAction: truth ? truth.safeNextAction : "Run public-distribution.",
+  });
+  if (!truth || truth.distributionState === "publish_blocked") blockers.push("public_distribution_truth_blocked");
+
+  checks.push({
+    id: "package_content_audit",
+    label: "Package content audit",
+    status: audit && audit.ok ? "pass" : "blocked",
+    detail: audit ? audit.status : "missing",
+    safeNextAction: audit ? audit.safeNextAction : "Run package-audit.",
+  });
+  if (!audit || !audit.ok) blockers.push("package_content_audit_fail");
+
+  const realSmokePassed = didRealPackedCliSmokePass(smoke);
+
+  checks.push({
+    id: "local_package_smoke",
+    label: "Local package smoke",
+    status: realSmokePassed ? "pass" : "blocked",
+    detail: smoke ? smoke.status : "missing",
+    safeNextAction: smoke ? smoke.safeNextAction : "Run package-smoke.",
+  });
+  if (!realSmokePassed) blockers.push("local_smoke_fail");
+
+  checks.push({
+    id: "public_install_claim_check",
+    label: "Public install claim check",
+    status: claims && claims.ok ? "pass" : "blocked",
+    detail: claims ? ("blocked=" + claims.blockedCount + ", caveated=" + claims.caveatedCount) : "missing",
+    safeNextAction: claims ? claims.safeNextAction : "Run install-claims.",
+  });
+  if (!claims || !claims.ok) blockers.push("install_claim_blocked");
+
+  checks.push({
+    id: "publish_provenance_readiness",
+    label: "Publish readiness",
+    status: readiness && readiness.readyToPublish ? "pass" : "blocked",
+    detail: readiness ? readiness.status : "missing",
+    safeNextAction: readiness ? readiness.safeNextAction : "Run publish-readiness.",
+  });
+  if (!readiness || !readiness.readyToPublish) blockers.push("publish_readiness_blocked");
+
+  if (readiness && readiness.auth && readiness.auth.status !== "authenticated") warnings.push("publish_auth_pending");
+  if (readiness && !readiness.publishApproved) warnings.push("publish_approval_pending");
+  if (!publicSmoke || !publicSmoke.passed) warnings.push("public_smoke_not_verified");
+
+  score -= blockers.length * 20;
+  score -= warnings.length * 5;
+  score = Math.max(0, Math.min(100, score));
+
+  return { score, checks, blockers, warnings };
+}
+
+function deriveDistributionState(pkg, signals) {
+  const audit = signals.packageContentAudit;
+  const smoke = signals.localPackageSmoke;
+  const claims = signals.publicInstallClaimCheck;
+  const readiness = signals.publishProvenanceReadiness;
+  const publicSmoke = signals.publicSmoke;
+
+  const realSmokePassed = didRealPackedCliSmokePass(smoke);
+
+  if (!pkg || !audit || !smoke || !claims || !readiness) return "publish_blocked";
+  if (publicSmoke && publicSmoke.passed && readiness.auth.status === "authenticated" && readiness.publishApproved) {
+    return "published_verified";
+  }
+  if (pkg.private === true) {
+    return realSmokePassed && claims.ok ? "local_verified" : "private_local_only";
+  }
+  if (pkg.private === false && audit.ok && realSmokePassed && claims.ok && readiness.readyToPublish) {
+    return "ready_to_publish";
+  }
+  return "publish_blocked";
+}
+
+function runPublicActivationDistributionGate(cwd, options = {}) {
+  const pkg = readPackageJson(cwd);
+  const signals = collectPublicActivationDistributionSignals(cwd, options);
+  const { score, checks, blockers, warnings } = scorePublicActivationDistribution(cwd, signals, options);
+  const distributionState = deriveDistributionState(pkg, signals);
+  const readiness = signals.publishProvenanceReadiness;
+  const publishCommand = ["AVORELO_ALLOW_NPM_PUBLISH=1", "npm", "publish", "--access", "public"].join(" ");
+  const gate = {
+    contract: CONTRACT,
+    schemaVersion: SCHEMA_VERSION,
+    generatedAt: nowIso(),
+    status: mapDistributionStateToStatus(distributionState),
+    distributionState,
+    score,
+    checks,
+    blockers,
+    warnings,
+    publicInstallStatus: distributionState,
+    localPackageStatus: signals.localPackageSmoke ? signals.localPackageSmoke.status : "missing",
+    packageContentStatus: signals.packageContentAudit ? signals.packageContentAudit.status : "missing",
+    claimSafetyStatus: signals.publicInstallClaimCheck ? signals.publicInstallClaimCheck.status : "missing",
+    provenanceStatus: readiness ? readiness.status : "missing",
+    readyToPublish: readiness ? readiness.readyToPublish : false,
+    publishedVerified: distributionState === "published_verified",
+    publishApproved: readiness ? readiness.publishApproved : false,
+    auth: readiness ? readiness.auth : { status: "unknown" },
+    recommendedNextPr: distributionState === "publish_blocked" ? "Repair public distribution blockers" : "Close public distribution readiness",
+    safeNextAction: distributionState === "publish_blocked"
+      ? "Fix package audit, smoke, or claim blockers before publish."
+      : distributionState === "published_verified"
+        ? "Public npm distribution is verified."
+        : readiness && readiness.auth.status !== "authenticated"
+          ? `Run npm adduser, then ${publishCommand}`
+          : readiness && !readiness.publishApproved
+            ? publishCommand
+            : "Run a real public npx smoke after publish before claiming published_verified.",
+    noPublicLaunchClaim: true,
+    redacted: true,
+  };
+
+  writePublicActivationDistributionGate(cwd, gate);
+  try {
+    appendProductLearningEvent(cwd, {
+      event: "public_activation_distribution_gate_run",
+      contract: CONTRACT,
+      distributionState,
+      score,
+      blockerCount: blockers.length,
+      warningCount: warnings.length,
+    });
+  } catch {}
+  return gate;
+}
+
+function writePublicActivationDistributionGate(cwd, gate) {
+  const dir = path.join(cwd, ARTIFACT_DIR_REL);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(cwd, ARTIFACT_REL), JSON.stringify(gate, null, 2));
+}
+
+function buildPublicActivationDistributionSurface(cwd, options = {}) {
+  const gate = runPublicActivationDistributionGate(cwd, options);
+  return {
+    status: gate.status,
+    distributionState: gate.distributionState,
+    score: gate.score,
+    blockerCount: gate.blockers.length,
+    warningCount: gate.warnings.length,
+    publicInstallStatus: gate.publicInstallStatus,
+    localPackageStatus: gate.localPackageStatus,
+    packageContentStatus: gate.packageContentStatus,
+    claimSafetyStatus: gate.claimSafetyStatus,
+    provenanceStatus: gate.provenanceStatus,
+    readyToPublish: gate.readyToPublish,
+    publishedVerified: gate.publishedVerified,
+    safeNextAction: gate.safeNextAction,
+    noPublicLaunchClaim: true,
+  };
+}
+
+function formatPublicActivationDistributionText(gate) {
+  return [
+    "Public Activation Distribution Gate [" + String(gate.status || "unknown").toUpperCase() + "] score=" + gate.score + "/100",
+    "  Distribution state: " + gate.distributionState,
+    "  Public install: " + gate.publicInstallStatus,
+    "  Local package: " + gate.localPackageStatus,
+    "  Package content: " + gate.packageContentStatus,
+    "  Claim safety: " + gate.claimSafetyStatus,
+    "  Publish readiness: " + gate.provenanceStatus,
+    "  Blockers: " + gate.blockers.length,
+    "  Warnings: " + gate.warnings.length,
+    "  Next: " + gate.safeNextAction,
+  ].join("\n");
+}
+
+if (require.main === module) {
+  const gate = runPublicActivationDistributionGate(process.cwd(), {
+    json: process.argv.includes("--json"),
+    debug: process.argv.includes("--debug"),
+  });
+  if (process.argv.includes("--json")) {
+    process.stdout.write(JSON.stringify(gate, null, 2) + "\n");
+  } else {
+    process.stdout.write(formatPublicActivationDistributionText(gate) + "\n");
+  }
+  process.exit(gate.distributionState === "publish_blocked" ? 1 : 0);
+}
+
+module.exports = {
+  runPublicActivationDistributionGate,
+  collectPublicActivationDistributionSignals,
+  scorePublicActivationDistribution,
+  writePublicActivationDistributionGate,
+  buildPublicActivationDistributionSurface,
+  formatPublicActivationDistributionText,
+};