mova-claude-import 0.1.1

package/src/quality_v0.ts

@@ -0,0 +1,264 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+import { runImport } from "./run_import.js";
+import { stableStringify } from "./stable_json.js";
+import { controlCheckV0 } from "./control_check_v0.js";
+import { controlPrefillV0 } from "./control_prefill_v0.js";
+import { controlApplyV0 } from "./control_apply_v0.js";
+import { writeCleanClaudeProfileScaffoldV0 } from "./claude_profile_scaffold_v0.js";
+
+type QualityCaseReport = {
+  profile_version: "v0";
+  suite: "pos" | "neg";
+  case_id: string;
+  run_id: string;
+  ok: boolean;
+  failures: string[];
+  checks: {
+    input_policy_ok: boolean;
+    lint_ok: boolean;
+    redaction_hits: number;
+    settings_local_input: boolean;
+    skill_structure_ok: boolean;
+    skill_structure_issues: string[];
+    export_manifest_present: boolean;
+    zip_present: boolean;
+    export_files_count_match: boolean;
+  };
+  exit_code?: number;
+};
+
+const execFileP = promisify(execFile);
+
+function getArg(name: string): string | undefined {
+  const idx = process.argv.indexOf(name);
+  if (idx === -1) return undefined;
+  return process.argv[idx + 1];
+}
+
+async function exists(p: string): Promise<boolean> {
+  try {
+    await fs.stat(p);
+    return true;
+  } catch {
+    return false;
+  }
+}
+
+async function readJson(p: string): Promise<any> {
+  const raw = await fs.readFile(p, "utf8");
+  return JSON.parse(raw);
+}
+
+async function runDepsAudit() {
+  try {
+    await execFileP("node", ["tools/deps_audit_v0.mjs"], { cwd: process.cwd() });
+  } catch (err: any) {
+    const code = err?.code ?? 1;
+    if (code === 2) {
+      throw new Error("deps_audit_failed");
+    }
+    throw err;
+  }
+}
+
+async function writeJson(p: string, obj: any) {
+  await fs.mkdir(path.dirname(p), { recursive: true });
+  await fs.writeFile(p, stableStringify(obj) + "\n", "utf8");
+}
+
+async function checkSkillStructure(projectDir: string): Promise<{ ok: boolean; issues: string[] }> {
+  const issues: string[] = [];
+  const skillsRoot = path.join(projectDir, ".claude", "skills");
+  if (!(await exists(skillsRoot))) return { ok: true, issues };
+  const entries = await fs.readdir(skillsRoot, { withFileTypes: true });
+  for (const entry of entries) {
+    const rel = `.claude/skills/${entry.name}`;
+    if (entry.isFile()) {
+      issues.push(`skill_root_file:${rel}`);
+      continue;
+    }
+    if (entry.isDirectory()) {
+      const skillMd = path.join(skillsRoot, entry.name, "SKILL.md");
+      if (!(await exists(skillMd))) {
+        issues.push(`missing_skill_md:${rel}/SKILL.md`);
+      }
+    }
+  }
+  return { ok: issues.length === 0, issues };
+}
+
+async function runCase(suite: "pos" | "neg", caseId: string, fixturesRoot: string) {
+  const repoRoot = process.cwd();
+  const projectDir = path.join(fixturesRoot, caseId);
+  const outRoot = path.join(repoRoot, ".tmp_test", "quality", suite, caseId, "out");
+  await fs.rm(outRoot, { recursive: true, force: true });
+  await fs.mkdir(outRoot, { recursive: true });
+
+  const strict = suite === "neg" && caseId === "strict_denied_local";
+  const result = await runImport({
+    projectDir,
+    outDir: outRoot,
+    includeLocal: false,
+    includeUserSettings: false,
+    dryRun: false,
+    strict,
+    emitProfile: true,
+    emitOverlay: true,
+    emitZip: true,
+    zipName: "export.zip",
+  });
+
+  const movaBase = path.join(outRoot, "mova", "claude_import", "v0");
+  const manifestPath = path.join(movaBase, "import_manifest.json");
+  const lintPath = path.join(movaBase, "lint_report_v0.json");
+  const redactionPath = path.join(movaBase, "redaction_report.json");
+  const exportManifestPath = path.join(movaBase, "export_manifest_v0.json");
+  const inputPolicyPath = path.join(movaBase, "input_policy_report_v0.json");
+
+  const failures: string[] = [];
+
+  const inputPolicyReport = await readJson(inputPolicyPath);
+  const lintReport = await exists(lintPath) ? await readJson(lintPath) : null;
+  const redactionReport = await exists(redactionPath) ? await readJson(redactionPath) : { hits: [] };
+  const exportManifestExists = await exists(exportManifestPath);
+  const exportManifest = exportManifestExists ? await readJson(exportManifestPath) : null;
+
+  const settingsLocalInput = await exists(path.join(projectDir, ".claude", "settings.local.json"));
+  const skillStructure = await checkSkillStructure(projectDir);
+
+  const zipRelPath = exportManifest?.zip_rel_path;
+  const zipPresent = typeof zipRelPath === "string" && (await exists(path.join(outRoot, zipRelPath)));
+  const exportFilesCountMatch =
+    typeof exportManifest?.files_count === "number" &&
+    Array.isArray(exportManifest?.files) &&
+    exportManifest.files_count === exportManifest.files.length;
+
+  if (!(await exists(manifestPath))) failures.push("missing_import_manifest");
+  if (!inputPolicyReport?.ok && suite === "pos") failures.push("input_policy_not_ok");
+  if (!lintReport?.ok && !strict) failures.push("lint_not_ok");
+  if (Array.isArray(redactionReport?.hits) && redactionReport.hits.length > 0) failures.push("redaction_hits_present");
+  if (settingsLocalInput) failures.push("settings_local_input_present");
+  if (!skillStructure.ok) failures.push("skill_structure_invalid");
+  if (!strict) {
+    if (!exportManifestExists) failures.push("missing_export_manifest");
+    if (!zipPresent) failures.push("zip_missing");
+    if (!exportFilesCountMatch) failures.push("export_files_count_mismatch");
+  } else {
+    if (result.exit_code !== 2) failures.push("strict_exit_code_not_2");
+  }
+
+  const ok = failures.length === 0;
+  const report: QualityCaseReport = {
+    profile_version: "v0",
+    suite,
+    case_id: caseId,
+    run_id: result.run_id,
+    ok,
+    failures,
+    checks: {
+      input_policy_ok: Boolean(inputPolicyReport?.ok),
+      lint_ok: Boolean(lintReport?.ok),
+      redaction_hits: Array.isArray(redactionReport?.hits) ? redactionReport.hits.length : 0,
+      settings_local_input: settingsLocalInput,
+      skill_structure_ok: skillStructure.ok,
+      skill_structure_issues: skillStructure.issues,
+      export_manifest_present: exportManifestExists,
+      zip_present: zipPresent,
+      export_files_count_match: exportFilesCountMatch,
+    },
+    exit_code: result.exit_code,
+  };
+
+  const reportPath = path.join(repoRoot, "artifacts", "quality_v0", result.run_id, "quality_report_v0.json");
+  await writeJson(reportPath, report);
+
+  return report;
+}
+
+async function main() {
+  const suiteArg = getArg("--suite") ?? "pos";
+  if (suiteArg !== "pos" && suiteArg !== "neg") {
+    console.error(`Unknown suite: ${suiteArg}`);
+    process.exit(2);
+  }
+  const suite = suiteArg as "pos" | "neg";
+  if (suite === "pos") {
+    await runDepsAudit();
+  }
+  const fixturesRoot = path.join(process.cwd(), "fixtures", suite);
+  const entries = await fs.readdir(fixturesRoot, { withFileTypes: true });
+  const cases = entries.filter((e) => e.isDirectory()).map((e) => e.name).sort();
+  if (!cases.length) {
+    console.error(`No fixtures found in ${fixturesRoot}`);
+    process.exit(2);
+  }
+
+  const reports: QualityCaseReport[] = [];
+  for (const caseId of cases) {
+    reports.push(await runCase(suite, caseId, fixturesRoot));
+  }
+
+  if (suite === "pos") {
+    const projectDir = path.join(fixturesRoot, "control_basic_project");
+    const profilePath = path.join(
+      process.cwd(),
+      "fixtures",
+      "pos",
+      "control_profile_filled",
+      "claude_control_profile_v0.json"
+    );
+    const outDir = path.join(process.cwd(), ".tmp_test", "quality", "control_check");
+    await controlCheckV0(projectDir, profilePath, outDir);
+
+    const roundtripDir = path.join(process.cwd(), ".tmp_test", "quality", "full_scaffold_roundtrip");
+    const profileOut = path.join(roundtripDir, "profile");
+    const runOut = path.join(roundtripDir, "out");
+    await fs.rm(roundtripDir, { recursive: true, force: true });
+    await fs.mkdir(roundtripDir, { recursive: true });
+    await writeCleanClaudeProfileScaffoldV0(roundtripDir);
+    const prefill = await controlPrefillV0(roundtripDir, profileOut);
+    await controlCheckV0(roundtripDir, prefill.profile_path, runOut);
+    await controlApplyV0(roundtripDir, prefill.profile_path, runOut, "apply");
+    await runImport({
+      projectDir: roundtripDir,
+      outDir: path.join(roundtripDir, "rebuild"),
+      includeLocal: false,
+      includeUserSettings: false,
+      dryRun: false,
+      strict: false,
+      emitProfile: true,
+      emitOverlay: true,
+      emitZip: true,
+    });
+  }
+
+  const failed = reports.filter((r) => !r.ok);
+  const passed = reports.filter((r) => r.ok);
+
+  let ok = true;
+  if (suite === "pos") {
+    ok = failed.length === 0;
+  } else {
+    ok = passed.length === 0;
+  }
+
+  console.log(
+    [
+      `quality_v0 suite=${suite}`,
+      `cases=${reports.length}`,
+      `passed=${passed.length}`,
+      `failed=${failed.length}`,
+      `ok=${ok}`,
+    ].join(" ")
+  );
+
+  process.exit(ok ? 0 : 1);
+}
+
+main().catch((err) => {
+  console.error(err);
+  process.exit(1);
+});

package/src/redaction.ts

@@ -0,0 +1,63 @@
+import crypto from "node:crypto";
+
+export type RedactionHit = {
+  rule_id: string;
+  key?: string;
+  len?: number;
+};
+
+const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;
+const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g; // best‑effort
+
+export function redactText(input: string): { redacted: string; hits: RedactionHit[] } {
+  const hits: RedactionHit[] = [];
+  let out = input;
+
+  // redact obvious inline tokens
+  out = out.replace(INLINE_SECRET_RE, (m) => {
+    hits.push({ rule_id: "inline_token_like", len: m.length });
+    return "[REDACTED_TOKEN]";
+  });
+
+  // redact KEY=VALUE lines (best‑effort)
+  out = out.replace(/^([A-Z0-9_]{3,80})\s*=\s*(.+)$/gmi, (line, k, v) => {
+    if (!KEY_RE.test(k)) return line;
+    hits.push({ rule_id: "key_value_line", key: k, len: String(v).length });
+    return `${k}=[REDACTED_VALUE_LEN_${String(v).length}]`;
+  });
+
+  return { redacted: out, hits };
+}
+
+export function redactJson(obj: unknown): { redacted: unknown; hits: RedactionHit[] } {
+  const hits: RedactionHit[] = [];
+
+  function walk(x: any): any {
+    if (x === null || x === undefined) return x;
+    if (typeof x === "string") {
+      const r = redactText(x);
+      hits.push(...r.hits);
+      return r.redacted;
+    }
+    if (Array.isArray(x)) return x.map(walk);
+    if (typeof x === "object") {
+      const out: any = {};
+      for (const [k, v] of Object.entries(x)) {
+        if (KEY_RE.test(k) && typeof v === "string") {
+          hits.push({ rule_id: "json_secret_field", key: k, len: v.length });
+          out[k] = `[REDACTED_VALUE_LEN_${v.length}]`;
+        } else {
+          out[k] = walk(v);
+        }
+      }
+      return out;
+    }
+    return x;
+  }
+
+  return { redacted: walk(obj), hits };
+}
+
+export function stableSha256(text: string): string {
+  return crypto.createHash("sha256").update(text, "utf8").digest("hex");
+}