hadara 0.1.0-rc.0

package/dist/evidence/evidence.js

@@ -0,0 +1,170 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EvidenceArtifactPolicyError = void 0;
+exports.appendEvidence = appendEvidence;
+exports.appendEvidenceTextArtifact = appendEvidenceTextArtifact;
+exports.createPublicEvidenceArtifactPolicyReport = createPublicEvidenceArtifactPolicyReport;
+exports.createSessionEvidenceDirs = createSessionEvidenceDirs;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const fs_1 = require("../core/fs");
+const redaction_1 = require("../core/redaction");
+const workspace_1 = require("../core/workspace");
+const private_manifest_1 = require("./private-manifest");
+class EvidenceArtifactPolicyError extends Error {
+    code;
+    redactionReport;
+    constructor(code, message, redactionReport) {
+        super(message);
+        this.code = code;
+        this.redactionReport = redactionReport;
+        this.name = 'EvidenceArtifactPolicyError';
+    }
+}
+exports.EvidenceArtifactPolicyError = EvidenceArtifactPolicyError;
+function appendEvidence(projectRoot, record) {
+    const taskDir = findTaskDir(projectRoot, record.taskId);
+    if (!taskDir) {
+        throw new Error(`Task capsule not found: ${record.taskId}`);
+    }
+    const time = new Date().toISOString();
+    const visibility = record.visibility ?? 'public';
+    const attachedPath = copyPublicEvidenceArtifact({ projectRoot, taskDir, kind: record.kind, sourcePath: record.path, time, visibility });
+    return appendEvidenceRecord({ projectRoot, taskDir, time, record, visibility, attachedPath }).markdownPath;
+}
+function appendEvidenceTextArtifact(projectRoot, record, artifact, options = {}) {
+    const taskDir = findTaskDir(projectRoot, record.taskId);
+    if (!taskDir) {
+        throw new Error(`Task capsule not found: ${record.taskId}`);
+    }
+    const time = new Date().toISOString();
+    const visibility = record.visibility ?? 'public';
+    const attachedPath = visibility === 'public'
+        ? writePublicEvidenceTextArtifact({
+            taskDir,
+            kind: record.kind,
+            time,
+            fileName: artifact.fileName,
+            content: artifact.content,
+            policyOptions: options
+        })
+        : undefined;
+    return appendEvidenceRecord({ projectRoot, taskDir, time, record, visibility, attachedPath });
+}
+function createPublicEvidenceArtifactPolicyReport(content, options = {}) {
+    const redaction = (0, redaction_1.createRedactionReport)(content, { patterns: options.redactionPatterns });
+    const blocking = (0, redaction_1.hasBlockingRedactionFinding)(redaction, 'high');
+    return {
+        schemaVersion: 'hadara.evidence_artifact_policy.v1',
+        command: 'evidence.artifactPolicy',
+        ok: !blocking,
+        blocking,
+        redaction,
+        issues: blocking
+            ? [
+                {
+                    severity: 'error',
+                    code: 'PUBLIC_ARTIFACT_SECRET_DETECTED',
+                    message: 'Public evidence artifact contains secret-like content; collect it as private evidence or redact the source file first.'
+                }
+            ]
+            : []
+    };
+}
+function appendEvidenceIndex(taskDir, record) {
+    node_fs_1.default.appendFileSync(node_path_1.default.join(taskDir, 'evidence.jsonl'), `${JSON.stringify(record)}\n`, 'utf8');
+}
+function appendEvidenceRecord(input) {
+    const summary = (0, redaction_1.redactSecrets)(input.record.summary.replace(/\|/g, '/'));
+    const markdownPath = node_path_1.default.join(input.taskDir, 'EVIDENCE.md');
+    const rowSummary = input.visibility === 'private' || !input.attachedPath ? summary : `${summary} (${input.attachedPath})`;
+    const row = `| ${input.time} | ${input.record.kind} | ${rowSummary} | ${input.record.result} |\n`;
+    if (!node_fs_1.default.existsSync(markdownPath)) {
+        node_fs_1.default.writeFileSync(markdownPath, '# Evidence\n\n| Time | Kind | Summary | Result |\n|---|---|---|---|\n', 'utf8');
+    }
+    node_fs_1.default.appendFileSync(markdownPath, row, 'utf8');
+    const evidence = {
+        schemaVersion: 'hadara.evidence.v1',
+        time: input.time,
+        taskId: input.record.taskId,
+        kind: input.record.kind,
+        summary,
+        result: input.record.result,
+        visibility: input.visibility,
+        ...(input.visibility === 'public' && input.attachedPath ? { evidencePath: input.attachedPath } : {})
+    };
+    appendEvidenceIndex(input.taskDir, evidence);
+    if (input.visibility === 'private') {
+        (0, private_manifest_1.writePrivateEvidenceManifest)({
+            projectRoot: input.projectRoot,
+            taskId: input.record.taskId,
+            kind: input.record.kind,
+            summary,
+            result: input.record.result,
+            sourcePath: input.record.path,
+            time: input.time
+        });
+    }
+    return { markdownPath, evidence };
+}
+function copyPublicEvidenceArtifact(input) {
+    if (!input.sourcePath || input.visibility === 'private')
+        return undefined;
+    const sourceFile = (0, workspace_1.resolveProjectFile)(input.projectRoot, input.sourcePath);
+    const artifactText = readPublicTextArtifact(sourceFile.absolutePath);
+    const policy = createPublicEvidenceArtifactPolicyReport(artifactText);
+    if (policy.blocking) {
+        throw new EvidenceArtifactPolicyError('PUBLIC_ARTIFACT_SECRET_DETECTED', 'Public evidence artifact contains secret-like content; collect it as private evidence or redact the source file first.', policy.redaction);
+    }
+    const artifactsDir = node_path_1.default.join(input.taskDir, 'artifacts', input.kind);
+    (0, fs_1.ensureDir)(artifactsDir);
+    const targetPath = node_path_1.default.join(artifactsDir, `${safeFilePart(input.time)}-${safeFilePart(node_path_1.default.basename(sourceFile.absolutePath))}`);
+    node_fs_1.default.writeFileSync(targetPath, artifactText, 'utf8');
+    return toPortablePath(node_path_1.default.relative(input.taskDir, targetPath));
+}
+function writePublicEvidenceTextArtifact(input) {
+    const policy = createPublicEvidenceArtifactPolicyReport(input.content, input.policyOptions);
+    if (policy.blocking) {
+        throw new EvidenceArtifactPolicyError('PUBLIC_ARTIFACT_SECRET_DETECTED', 'Public evidence artifact contains secret-like content; collect it as private evidence or redact the source file first.', policy.redaction);
+    }
+    const artifactsDir = node_path_1.default.join(input.taskDir, 'artifacts', input.kind);
+    (0, fs_1.ensureDir)(artifactsDir);
+    const targetPath = node_path_1.default.join(artifactsDir, `${safeFilePart(input.time)}-${safeFilePart(input.fileName)}`);
+    node_fs_1.default.writeFileSync(targetPath, input.content, 'utf8');
+    return toPortablePath(node_path_1.default.relative(input.taskDir, targetPath));
+}
+function readPublicTextArtifact(filePath) {
+    const content = node_fs_1.default.readFileSync(filePath);
+    if (!isTextBuffer(content)) {
+        throw new EvidenceArtifactPolicyError('PUBLIC_ARTIFACT_BINARY_REJECTED', 'Public evidence artifacts must be UTF-8 text; collect binary evidence as private evidence until binary policy is implemented.');
+    }
+    return content.toString('utf8');
+}
+function isTextBuffer(content) {
+    if (content.includes(0))
+        return false;
+    return !content.toString('utf8').includes('\uFFFD');
+}
+function findTaskDir(projectRoot, taskId) {
+    const tasksDir = node_path_1.default.join(projectRoot, 'tasks');
+    if (!node_fs_1.default.existsSync(tasksDir))
+        return null;
+    const entry = node_fs_1.default.readdirSync(tasksDir).find((name) => name.startsWith(`${taskId}-`));
+    return entry ? node_path_1.default.join(tasksDir, entry) : null;
+}
+function createSessionEvidenceDirs(dataRoot, sessionId) {
+    const evidenceDir = node_path_1.default.join(dataRoot, 'sessions', sessionId, 'evidence');
+    for (const child of ['command-logs', 'test-results', 'diff-summary', 'screenshots', 'release-smoke']) {
+        (0, fs_1.ensureDir)(node_path_1.default.join(evidenceDir, child));
+    }
+    return evidenceDir;
+}
+function safeFilePart(value) {
+    return value.replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || 'artifact';
+}
+function toPortablePath(value) {
+    return value.split(node_path_1.default.sep).join('/');
+}

package/dist/evidence/private-manifest.js

@@ -0,0 +1,101 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.writePrivateEvidenceManifest = writePrivateEvidenceManifest;
+exports.listPrivateEvidenceManifests = listPrivateEvidenceManifests;
+const node_crypto_1 = __importDefault(require("node:crypto"));
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const audit_1 = require("../core/audit");
+const fs_1 = require("../core/fs");
+const redaction_1 = require("../core/redaction");
+const paths_1 = require("../core/paths");
+const workspace_1 = require("../core/workspace");
+function writePrivateEvidenceManifest(input) {
+    const source = readPrivateEvidenceSource(input.projectRoot, input.sourcePath);
+    if (!source)
+        return null;
+    const paths = (0, paths_1.resolveHadaraPaths)({ projectRoot: input.projectRoot });
+    const evidenceId = createEvidenceId(input.time);
+    const privateDir = node_path_1.default.join(paths.dataRoot, 'private-evidence', input.taskId);
+    (0, fs_1.ensureDir)(privateDir);
+    const artifactPath = node_path_1.default.join(privateDir, `${evidenceId}.bin`);
+    node_fs_1.default.writeFileSync(artifactPath, source);
+    const manifest = {
+        schemaVersion: 'hadara.privateEvidence.v1',
+        taskId: input.taskId,
+        evidenceId,
+        kind: input.kind,
+        summary: (0, redaction_1.redactSecrets)(input.summary),
+        result: input.result,
+        storage: {
+            kind: 'portable-store',
+            relativePath: toPortablePath(node_path_1.default.relative(paths.portableRoot, artifactPath)),
+            encrypted: false,
+            hash: `sha256:${node_crypto_1.default.createHash('sha256').update(source).digest('hex')}`,
+            byteLength: source.byteLength
+        },
+        createdAt: input.time,
+        retention: {
+            policy: 'local-only',
+            includeInContextExport: false
+        },
+        encryption: {
+            status: 'deferred',
+            reason: 'Private evidence encryption is deferred; content remains in the private portable store and is excluded from committed project context.'
+        }
+    };
+    (0, fs_1.writeJsonl)(node_path_1.default.join(privateDir, 'manifest.jsonl'), manifest);
+    (0, audit_1.writeAuditEvent)(paths.auditDir, {
+        actor: 'system',
+        task_id: input.taskId,
+        event_type: 'evidence.private_manifest.created',
+        risk: 'medium',
+        summary: `Private evidence manifest created for ${input.taskId}`,
+        payload: {
+            evidenceId,
+            kind: input.kind,
+            result: input.result,
+            hash: manifest.storage.hash,
+            byteLength: manifest.storage.byteLength,
+            includeInContextExport: false,
+            encrypted: false
+        }
+    });
+    return manifest;
+}
+function listPrivateEvidenceManifests(projectRoot, taskId) {
+    const paths = (0, paths_1.resolveHadaraPaths)({ projectRoot });
+    const manifestPath = node_path_1.default.join(paths.dataRoot, 'private-evidence', taskId, 'manifest.jsonl');
+    if (!node_fs_1.default.existsSync(manifestPath))
+        return [];
+    return node_fs_1.default
+        .readFileSync(manifestPath, 'utf8')
+        .split(/\r?\n/)
+        .filter(Boolean)
+        .map((line) => JSON.parse(line));
+}
+function readPrivateEvidenceSource(projectRoot, sourcePath) {
+    if (!sourcePath)
+        return null;
+    try {
+        const sourceFile = (0, workspace_1.resolveProjectFile)(projectRoot, sourcePath);
+        return node_fs_1.default.readFileSync(sourceFile.absolutePath);
+    }
+    catch (error) {
+        if (error instanceof workspace_1.WorkspaceFileError)
+            return null;
+        return null;
+    }
+}
+function createEvidenceId(time) {
+    return `ev_${safeFilePart(time)}_${node_crypto_1.default.randomBytes(4).toString('hex')}`;
+}
+function safeFilePart(value) {
+    return value.replace(/[^A-Za-z0-9._-]+/g, '-').replace(/^-+|-+$/g, '') || 'evidence';
+}
+function toPortablePath(value) {
+    return value.split(node_path_1.default.sep).join('/');
+}

package/dist/handoff/handoff.js

@@ -0,0 +1,49 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.updateHandoff = updateHandoff;
+const node_fs_1 = __importDefault(require("node:fs"));
+const node_path_1 = __importDefault(require("node:path"));
+const fs_1 = require("../core/fs");
+function updateHandoff(input) {
+    const docsDir = node_path_1.default.join(input.projectRoot, 'docs');
+    (0, fs_1.ensureDir)(docsDir);
+    const filePath = node_path_1.default.join(docsDir, 'AGENT_HANDOFF.md');
+    const content = `# AGENT_HANDOFF
+
+## Current Branch
+
+TBD. Run \`git branch --show-current\`.
+
+## Last Completed
+
+${input.summary ?? 'TBD.'}
+
+## In Progress
+
+${input.taskId ?? 'No active task recorded.'}
+
+## Do Not Change Without Updating Tests
+
+- ProviderClient contract
+- Policy decision matrix
+- Task Capsule file contract
+- Portable/project store boundary
+
+## Known Problems
+
+TBD.
+
+## Next Recommended Step
+
+${input.nextStep ?? 'Read PROJECT_STATE.md, TASK_BOARD.md, and the active Task Capsule before continuing.'}
+
+## Evidence
+
+Attach test logs, command outputs, and diff summaries under the active Task Capsule.
+`;
+    node_fs_1.default.writeFileSync(filePath, content, 'utf8');
+    return filePath;
+}

package/dist/harness/replay.js

@@ -0,0 +1,200 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.replayScenario = replayScenario;
+const node_fs_1 = __importDefault(require("node:fs"));
+const workspace_1 = require("../core/workspace");
+const scripted_provider_1 = require("../providers/scripted-provider");
+async function replayScenario(projectRoot, scenarioPath) {
+    let scenario = scenarioPath;
+    const issues = [];
+    const steps = [];
+    let resolvedScenarioPath;
+    try {
+        const scenarioFile = (0, workspace_1.resolveProjectFile)(projectRoot, scenarioPath);
+        resolvedScenarioPath = scenarioFile.absolutePath;
+        scenario = scenarioFile.relativePath;
+    }
+    catch (error) {
+        return {
+            schemaVersion: 'hadara.harness.replay.v1',
+            command: 'harness.replay',
+            ok: false,
+            scenario,
+            eventsRead: 0,
+            steps,
+            issues: [
+                {
+                    severity: 'error',
+                    code: error instanceof workspace_1.WorkspaceFileError && error.code !== 'WORKSPACE_FILE_NOT_FOUND' ? error.code : 'SCENARIO_NOT_FOUND',
+                    message: error instanceof workspace_1.WorkspaceFileError && error.code !== 'WORKSPACE_FILE_NOT_FOUND'
+                        ? error.message
+                        : `Replay scenario not found: ${scenario}`
+                }
+            ]
+        };
+    }
+    if (!node_fs_1.default.existsSync(resolvedScenarioPath)) {
+        return {
+            schemaVersion: 'hadara.harness.replay.v1',
+            command: 'harness.replay',
+            ok: false,
+            scenario,
+            eventsRead: 0,
+            steps,
+            issues: [
+                {
+                    severity: 'error',
+                    code: 'SCENARIO_NOT_FOUND',
+                    message: `Replay scenario not found: ${scenario}`
+                }
+            ]
+        };
+    }
+    const lines = node_fs_1.default
+        .readFileSync(resolvedScenarioPath, 'utf8')
+        .split(/\r?\n/)
+        .map((line, index) => ({ line: index + 1, text: line.trim() }))
+        .filter((line) => line.text.length > 0);
+    const events = parseEvents(lines, issues);
+    if (!issues.some((issue) => issue.severity === 'error')) {
+        await executeEvents(events, steps, issues);
+    }
+    return {
+        schemaVersion: 'hadara.harness.replay.v1',
+        command: 'harness.replay',
+        ok: !issues.some((issue) => issue.severity === 'error'),
+        scenario,
+        eventsRead: lines.length,
+        steps,
+        issues
+    };
+}
+function parseEvents(lines, issues) {
+    const events = [];
+    for (const line of lines) {
+        try {
+            const parsed = JSON.parse(line.text);
+            const event = normalizeEvent(parsed, line.line, issues);
+            if (event)
+                events.push({ line: line.line, event });
+        }
+        catch {
+            issues.push({
+                severity: 'error',
+                code: 'SCENARIO_JSON_INVALID',
+                message: `Scenario line ${line.line} is not valid JSON.`,
+                line: line.line
+            });
+        }
+    }
+    return events;
+}
+function normalizeEvent(parsed, line, issues) {
+    if (!parsed || typeof parsed !== 'object' || !('type' in parsed)) {
+        issues.push({
+            severity: 'error',
+            code: 'SCENARIO_EVENT_INVALID',
+            message: `Scenario line ${line} must be an object with a type field.`,
+            line
+        });
+        return null;
+    }
+    const record = parsed;
+    if (record.type === 'user' && typeof record.content === 'string') {
+        return { type: 'user', content: record.content };
+    }
+    if (record.type === 'assistant_response' && typeof record.content === 'string') {
+        return {
+            type: 'assistant_response',
+            content: record.content,
+            ...(typeof record.match === 'string' ? { match: record.match } : {}),
+            ...(isFinishReason(record.finishReason) ? { finishReason: record.finishReason } : {})
+        };
+    }
+    if (record.type === 'expect_final' && typeof record.content === 'string') {
+        return { type: 'expect_final', content: record.content };
+    }
+    issues.push({
+        severity: 'error',
+        code: 'SCENARIO_EVENT_INVALID',
+        message: `Scenario line ${line} has an unsupported event shape.`,
+        line
+    });
+    return null;
+}
+async function executeEvents(events, steps, issues) {
+    let pendingUser = null;
+    let lastAssistantContent = null;
+    let sawExpectation = false;
+    for (const item of events) {
+        if (item.event.type === 'user') {
+            pendingUser = { line: item.line, content: item.event.content };
+            steps.push({ line: item.line, type: item.event.type, ok: true, summary: 'Accepted user prompt.' });
+            continue;
+        }
+        if (item.event.type === 'assistant_response') {
+            if (!pendingUser) {
+                issues.push({
+                    severity: 'error',
+                    code: 'REPLAY_ORDER_INVALID',
+                    message: 'assistant_response requires a preceding user event.',
+                    line: item.line
+                });
+                steps.push({ line: item.line, type: item.event.type, ok: false, summary: 'Missing preceding user event.' });
+                continue;
+            }
+            const provider = new scripted_provider_1.ScriptedProvider([toScriptedProviderStep(item.event)]);
+            const response = await provider.chat({ messages: [{ role: 'user', content: pendingUser.content }] });
+            lastAssistantContent = response.content;
+            pendingUser = null;
+            steps.push({
+                line: item.line,
+                type: item.event.type,
+                ok: true,
+                summary: `ScriptedProvider returned ${response.finishReason}.`
+            });
+            continue;
+        }
+        sawExpectation = true;
+        if (lastAssistantContent !== item.event.content) {
+            issues.push({
+                severity: 'error',
+                code: 'REPLAY_EXPECTATION_FAILED',
+                message: 'Final assistant content did not match expect_final.',
+                line: item.line
+            });
+            steps.push({ line: item.line, type: item.event.type, ok: false, summary: 'Final content mismatch.' });
+        }
+        else {
+            steps.push({ line: item.line, type: item.event.type, ok: true, summary: 'Final content matched.' });
+        }
+    }
+    if (pendingUser) {
+        issues.push({
+            severity: 'error',
+            code: 'REPLAY_INCOMPLETE',
+            message: 'Scenario ended with a user event that had no assistant_response.',
+            line: pendingUser.line
+        });
+    }
+    if (!sawExpectation) {
+        issues.push({
+            severity: 'error',
+            code: 'REPLAY_EXPECTATION_MISSING',
+            message: 'Scenario must include an expect_final event.'
+        });
+    }
+}
+function toScriptedProviderStep(event) {
+    return {
+        response: event.content,
+        ...(event.match ? { match: event.match } : {}),
+        ...(event.finishReason ? { finishReason: event.finishReason } : {})
+    };
+}
+function isFinishReason(value) {
+    return value === 'stop' || value === 'length' || value === 'tool_call' || value === 'error';
+}