codeharness 0.20.0 → 0.21.1

package/patches/AGENTS.md

@@ -28,7 +28,12 @@ Semgrep YAML rules for static analysis of observability gaps. Each `.yaml` file
 - `function-no-debug-log.yaml` — Detects functions without debug/info logging (INFO)
 - `error-path-no-log.yaml` — Detects error paths (throw/return err) without preceding log (WARNING)
 
-**Testing:** `semgrep --test patches/observability/` runs annotated test fixtures (`.ts` files alongside rules).
+**Test fixtures** (`.ts` files alongside rules, annotated with `// ruleid:` / `// ok:` comments):
+- `catch-without-logging.ts` — Test cases for catch-without-logging rule
+- `function-no-debug-log.ts` — Test cases for function-no-debug-log rule
+- `error-path-no-log.ts` — Test cases for error-path-no-log rule
+
+**Testing:** `semgrep --test patches/observability/` runs annotated test fixtures.
 
 **Customization:** Edit YAML rules to add custom logger patterns (e.g., `logger.error(...)` for winston). Rules use `pattern-not` / `pattern-not-inside` to detect absence of logging.
 

package/patches/observability/AGENTS.md

@@ -0,0 +1,27 @@
+# patches/observability/ — Semgrep Rules for Observability Gap Detection
+
+Standalone Semgrep YAML rules for static analysis of observability gaps. Each `.yaml` file is a complete Semgrep config — no build step, no TypeScript. Deleting a rule file removes that check.
+
+## Rules
+
+| File | Purpose | Severity |
+|------|---------|----------|
+| catch-without-logging.yaml | Detects catch blocks without error/warn logging | WARNING |
+| function-no-debug-log.yaml | Detects functions without debug/info logging | INFO |
+| error-path-no-log.yaml | Detects error paths (throw/return err) without preceding log | WARNING |
+
+## Test Fixtures
+
+| File | Purpose |
+|------|---------|
+| catch-without-logging.ts | Test cases for catch-without-logging rule (annotated with `// ruleid:` / `// ok:`) |
+| function-no-debug-log.ts | Test cases for function-no-debug-log rule |
+| error-path-no-log.ts | Test cases for error-path-no-log rule |
+
+## Testing
+
+Run `semgrep --test patches/observability/` to execute all test fixtures against their rules.
+
+## Customization
+
+Edit YAML rules to add custom logger patterns (e.g., `logger.error(...)` for winston). Rules use `pattern-not` / `pattern-not-inside` to detect absence of logging.

package/ralph/bridge.sh

@@ -99,9 +99,9 @@ fi
 
 # ─── Sprint Status Parsing ────────────────────────────────────────────────
 
-# Parse sprint status YAML into an associative array
+# Parse sprint status YAML into a newline-delimited key=value store
 # Maps story slug (e.g., "1-1-login-page") to status
-declare -A SPRINT_STATUSES
+SPRINT_STATUSES=""
 
 parse_sprint_status() {
     local file="$1"
@@ -133,7 +133,8 @@ parse_sprint_status() {
                 # Extract story number from slug: "1-1-login-page" -> "1.1"
                 if [[ "$key" =~ ^([0-9]+)-([0-9]+) ]]; then
                     local story_id="${BASH_REMATCH[1]}.${BASH_REMATCH[2]}"
-                    SPRINT_STATUSES["$story_id"]="$value"
+                    SPRINT_STATUSES="${SPRINT_STATUSES}${story_id}=${value}
+"
                 fi
             fi
         fi
@@ -181,8 +182,10 @@ parse_epics() {
 
         # Determine status from sprint status or default to pending
         local status="pending"
-        if [[ -n "${SPRINT_STATUSES[$current_story_id]:-}" ]]; then
-            status=$(map_status "${SPRINT_STATUSES[$current_story_id]}")
+        local _sprint_val
+        _sprint_val=$(echo "$SPRINT_STATUSES" | grep "^${current_story_id}=" | head -1 | cut -d= -f2-)
+        if [[ -n "$_sprint_val" ]]; then
+            status=$(map_status "$_sprint_val")
         fi
 
         # Clean up description

package/ralph/drivers/claude-code.sh

@@ -79,10 +79,8 @@ driver_build_command() {
         CLAUDE_CMD_ARGS+=("--plugin-dir" "$plugin_dir")
     fi
 
-    # Output format
-    if [[ "$CLAUDE_OUTPUT_FORMAT" == "json" ]]; then
-        CLAUDE_CMD_ARGS+=("--output-format" "json")
-    fi
+    # Output format — always stream-json for real-time NDJSON output
+    CLAUDE_CMD_ARGS+=("--output-format" "stream-json" "--verbose" "--include-partial-messages")
 
     # Allowed tools
     if [[ -n "$CLAUDE_ALLOWED_TOOLS" ]]; then
@@ -123,30 +121,6 @@ driver_supports_live_output() {
     return 0
 }
 
-# Prepare command arguments for live stream-json output
-driver_prepare_live_command() {
-    LIVE_CMD_ARGS=()
-    local skip_next=false
-
-    for arg in "${CLAUDE_CMD_ARGS[@]}"; do
-        if [[ "$skip_next" == "true" ]]; then
-            LIVE_CMD_ARGS+=("stream-json")
-            skip_next=false
-        elif [[ "$arg" == "--output-format" ]]; then
-            LIVE_CMD_ARGS+=("$arg")
-            skip_next=true
-        else
-            LIVE_CMD_ARGS+=("$arg")
-        fi
-    done
-
-    if [[ "$skip_next" == "true" ]]; then
-        return 1
-    fi
-
-    LIVE_CMD_ARGS+=("--verbose" "--include-partial-messages")
-}
-
 # Stream filter for raw Claude stream-json events
 driver_stream_filter() {
     echo '

package/ralph/lib/circuit_breaker.sh

@@ -27,7 +27,7 @@ NC='\033[0m'
 
 init_circuit_breaker() {
     if [[ -f "$CB_STATE_FILE" ]]; then
-        if ! jq '.' "$CB_STATE_FILE" > /dev/null 2>&1; then
+        if ! jq -e type "$CB_STATE_FILE" > /dev/null 2>&1; then
             rm -f "$CB_STATE_FILE"
         fi
     fi

package/ralph/ralph.sh

@@ -47,7 +47,7 @@ RATE_LIMIT_SLEEP=3600  # 1 hour
 
 # Driver
 PLATFORM_DRIVER="${PLATFORM_DRIVER:-claude-code}"
-CLAUDE_OUTPUT_FORMAT="${CLAUDE_OUTPUT_FORMAT:-json}"
+CLAUDE_OUTPUT_FORMAT="${CLAUDE_OUTPUT_FORMAT:-stream-json}"
 CLAUDE_ALLOWED_TOOLS="${CLAUDE_ALLOWED_TOOLS:-}"
 CLAUDE_USE_CONTINUE="${CLAUDE_USE_CONTINUE:-false}"  # Fresh context per iteration by default
 
@@ -829,7 +829,8 @@ execute_iteration() {
             log_status "ERROR" "Claude API usage limit reached"
             return 2
         # Check for transient API errors (500, 529, overloaded) — don't count against story
-        elif grep -qi "Internal server error\|api_error\|overloaded\|529\|503" "$output_file" 2>/dev/null; then
+        # Status code patterns exclude decimal prefixes (e.g., cost_usd=0.503 ≠ HTTP 503)
+        elif grep -qiE 'Internal server error|api_error|overloaded|(^|[^0-9.])529([^0-9]|$)|(^|[^0-9.])503([^0-9]|$)' "$output_file" 2>/dev/null; then
             log_status "WARN" "Transient API error (not story's fault) — will retry"
             return 4
         else

package/templates/Dockerfile.verify

@@ -5,12 +5,19 @@ FROM node:20-slim
 
 ARG TARBALL=package.tgz
 
-# System utilities
+# System utilities + Python for Semgrep
 RUN apt-get update && apt-get install -y --no-install-recommends \
     curl \
     jq \
+    python3 \
+    python3-pip \
+    pipx \
   && rm -rf /var/lib/apt/lists/*
 
+# Semgrep for static analysis verification
+RUN pipx install semgrep && pipx ensurepath
+ENV PATH="/root/.local/bin:${PATH}"
+
 # Verification tools + Claude Code CLI
 RUN npm install -g showboat @anthropic-ai/claude-code