mova-claude-import 0.1.1

package/dist/lint_v0.js

@@ -0,0 +1,131 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { anthropicProfileV0RequiredFiles } from "./anthropic_profile_v0.js";
+import { stableStringify } from "./stable_json.js";
+async function exists(p) {
+    try {
+        await fs.stat(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function listFilesRec(dir) {
+    const out = [];
+    const stack = [dir];
+    while (stack.length) {
+        const current = stack.pop();
+        const entries = await fs.readdir(current, { withFileTypes: true });
+        for (const e of entries) {
+            const abs = path.join(current, e.name);
+            if (e.isDirectory())
+                stack.push(abs);
+            else if (e.isFile())
+                out.push(abs);
+        }
+    }
+    return out;
+}
+function extractFrontmatterName(body) {
+    const match = body.match(/^---\s*\n([\s\S]*?)\n---\s*\n/);
+    if (!match)
+        return null;
+    const lines = match[1].split(/\r?\n/);
+    for (const line of lines) {
+        const m = line.match(/^name:\s*(.+)\s*$/);
+        if (m)
+            return m[1].trim();
+    }
+    return null;
+}
+export async function lintV0(opts) {
+    const issues = [];
+    const required = [
+        ...(opts.emitProfile ? anthropicProfileV0RequiredFiles : []),
+        "mova/claude_import/v0/import_manifest.json",
+        "mova/claude_import/v0/redaction_report.json",
+        "mova/claude_import/v0/contracts/instruction_profile_v0.json",
+        "mova/claude_import/v0/contracts/skills_catalog_v0.json",
+        "mova/claude_import/v0/contracts/mcp_servers_v0.json",
+        "mova/claude_import/v0/episode_import_run.json",
+    ];
+    if (opts.mcpExpected && opts.emitProfile) {
+        required.push(".mcp.json");
+    }
+    for (const rel of required) {
+        const abs = path.join(opts.outRoot, rel);
+        if (!(await exists(abs))) {
+            issues.push({ code: "missing_file", message: "Required file is missing.", path: rel });
+        }
+    }
+    const settingsLocal = path.join(opts.outRoot, ".claude", "settings.local.json");
+    if (await exists(settingsLocal)) {
+        issues.push({ code: "settings_local_present", message: "settings.local.json must not be written.", path: ".claude/settings.local.json" });
+    }
+    const skillsRoot = path.join(opts.outRoot, ".claude", "skills");
+    if (await exists(skillsRoot)) {
+        const entries = await fs.readdir(skillsRoot, { withFileTypes: true });
+        for (const e of entries) {
+            const abs = path.join(skillsRoot, e.name);
+            if (e.isFile()) {
+                issues.push({ code: "skill_root_file", message: "Files are not allowed directly under .claude/skills.", path: `.claude/skills/${e.name}` });
+                continue;
+            }
+            if (e.isDirectory()) {
+                const skillMd = path.join(abs, "SKILL.md");
+                if (!(await exists(skillMd))) {
+                    issues.push({ code: "missing_skill_md", message: "Skill directory is missing SKILL.md.", path: `.claude/skills/${e.name}/SKILL.md` });
+                }
+            }
+        }
+    }
+    const skillNameCounts = new Map();
+    if (await exists(skillsRoot)) {
+        const entries = await fs.readdir(skillsRoot, { withFileTypes: true });
+        for (const e of entries) {
+            if (!e.isDirectory())
+                continue;
+            const skillMd = path.join(skillsRoot, e.name, "SKILL.md");
+            if (!(await exists(skillMd)))
+                continue;
+            const body = await fs.readFile(skillMd, "utf8");
+            const name = extractFrontmatterName(body);
+            if (!name)
+                continue;
+            skillNameCounts.set(name, (skillNameCounts.get(name) ?? 0) + 1);
+        }
+    }
+    for (const [name, count] of skillNameCounts.entries()) {
+        if (count > 1) {
+            issues.push({ code: "duplicate_skill_name", message: `Duplicate skill name in frontmatter: ${name}`, path: ".claude/skills" });
+        }
+    }
+    const jsonFiles = (await exists(opts.outRoot)) ? (await listFilesRec(opts.outRoot)).filter((p) => p.toLowerCase().endsWith(".json")) : [];
+    for (const abs of jsonFiles) {
+        if (abs.endsWith(`${path.sep}lint_report_v0.json`))
+            continue;
+        const rel = path.relative(opts.outRoot, abs).replace(/\\/g, "/");
+        const raw = await fs.readFile(abs, "utf8");
+        let parsed;
+        try {
+            parsed = JSON.parse(raw);
+        }
+        catch {
+            issues.push({ code: "invalid_json", message: "JSON file failed to parse.", path: rel });
+            continue;
+        }
+        const normalized = stableStringify(parsed) + "\n";
+        if (raw !== normalized) {
+            issues.push({ code: "json_not_normalized", message: "JSON file is not normalized (sorted keys, 2 spaces, newline).", path: rel });
+        }
+    }
+    const ok = issues.length === 0;
+    const summary = ok ? "lint_v0: ok" : `lint_v0: ${issues.length} issue(s)`;
+    return {
+        profile_version: "v0",
+        ok,
+        issues,
+        summary,
+    };
+}

package/dist/mova_overlay_v0.d.ts

@@ -0,0 +1,14 @@
+type OverlayParams = {
+    contractsDir: string;
+    artifactsDir: string;
+    instructionProfileFile: string;
+    skillsCatalogFile: string;
+    mcpServersFile: string;
+    lintReportFile: string;
+    qualityReportFile: string;
+    exportManifestFile: string;
+};
+export declare const MOVA_CONTROL_ENTRY_MARKER = "<!-- MOVA_CONTROL_ENTRY_V0 -->";
+export declare function buildMovaOverlayV0(params: OverlayParams): Record<string, string>;
+export declare function buildMovaControlEntryV0(params: OverlayParams): string;
+export {};

package/dist/mova_overlay_v0.js

@@ -0,0 +1,65 @@
+export const MOVA_CONTROL_ENTRY_MARKER = "<!-- MOVA_CONTROL_ENTRY_V0 -->";
+export function buildMovaOverlayV0(params) {
+    const contractsDir = params.contractsDir;
+    const artifactsDir = params.artifactsDir;
+    const instruction = `${contractsDir}${params.instructionProfileFile}`;
+    const skills = `${contractsDir}${params.skillsCatalogFile}`;
+    const mcp = `${contractsDir}${params.mcpServersFile}`;
+    const lint = `${artifactsDir}${params.lintReportFile}`;
+    const quality = `${artifactsDir}${params.qualityReportFile}`;
+    const exportManifest = `${artifactsDir}${params.exportManifestFile}`;
+    return {
+        ".claude/commands/mova_context.md": [
+            "# mova_context",
+            "",
+            "Use MOVA contracts as source of truth:",
+            `- ${instruction}`,
+            `- ${skills}`,
+            `- ${mcp}`,
+            "",
+            "Then use CLAUDE.md and MOVA.md as narrative guides.",
+            "",
+        ].join("\n"),
+        ".claude/commands/mova_proof.md": [
+            "# mova_proof",
+            "",
+            "Proof/evidence files:",
+            `- ${lint}`,
+            `- ${quality}`,
+            `- ${exportManifest}`,
+            "",
+        ].join("\n"),
+        ".claude/skills/mova-control-v0/SKILL.md": [
+            "---",
+            "name: mova-control-v0",
+            "version: v0",
+            "---",
+            "",
+            "# mova-control-v0",
+            "",
+            "Rules:",
+            "- Use MOVA contracts first.",
+            "- Use evidence files for verification.",
+            "- Do not invent missing data.",
+            "",
+        ].join("\n"),
+    };
+}
+export function buildMovaControlEntryV0(params) {
+    const contractsDir = params.contractsDir;
+    const artifactsDir = params.artifactsDir;
+    return [
+        MOVA_CONTROL_ENTRY_MARKER,
+        "## MOVA Control Entry (v0)",
+        "",
+        "Source of truth (do this first):",
+        `- ${contractsDir}${params.instructionProfileFile}`,
+        `- ${contractsDir}${params.skillsCatalogFile}`,
+        `- ${contractsDir}${params.mcpServersFile}`,
+        "",
+        "Proof / evidence:",
+        `- ${artifactsDir}${params.qualityReportFile}`,
+        `- ${artifactsDir}${params.exportManifestFile}`,
+        "",
+    ].join("\n");
+}

package/dist/mova_spec_bindings_v0.d.ts

@@ -0,0 +1,5 @@
+export declare const MOVA_SPEC_BINDINGS_V0: {
+    readonly instruction_profile_id: "https://mova.dev/schemas/ds.instruction_profile_core_v1.schema.json";
+    readonly mcp_servers_id: "https://mova.dev/schemas/ds.runtime_binding_core_v1.schema.json";
+    readonly core_schema_id: "https://mova.dev/schemas/ds.mova_schema_core_v1.schema.json";
+};

package/dist/mova_spec_bindings_v0.js

@@ -0,0 +1,5 @@
+export const MOVA_SPEC_BINDINGS_V0 = {
+    instruction_profile_id: "https://mova.dev/schemas/ds.instruction_profile_core_v1.schema.json",
+    mcp_servers_id: "https://mova.dev/schemas/ds.runtime_binding_core_v1.schema.json",
+    core_schema_id: "https://mova.dev/schemas/ds.mova_schema_core_v1.schema.json",
+};

package/dist/quality_v0.d.ts

@@ -0,0 +1 @@
+export {};

package/dist/quality_v0.js

@@ -0,0 +1,223 @@
+import fs from "node:fs/promises";
+import path from "node:path";
+import { execFile } from "node:child_process";
+import { promisify } from "node:util";
+import { runImport } from "./run_import.js";
+import { stableStringify } from "./stable_json.js";
+import { controlCheckV0 } from "./control_check_v0.js";
+import { controlPrefillV0 } from "./control_prefill_v0.js";
+import { controlApplyV0 } from "./control_apply_v0.js";
+import { writeCleanClaudeProfileScaffoldV0 } from "./claude_profile_scaffold_v0.js";
+const execFileP = promisify(execFile);
+function getArg(name) {
+    const idx = process.argv.indexOf(name);
+    if (idx === -1)
+        return undefined;
+    return process.argv[idx + 1];
+}
+async function exists(p) {
+    try {
+        await fs.stat(p);
+        return true;
+    }
+    catch {
+        return false;
+    }
+}
+async function readJson(p) {
+    const raw = await fs.readFile(p, "utf8");
+    return JSON.parse(raw);
+}
+async function runDepsAudit() {
+    try {
+        await execFileP("node", ["tools/deps_audit_v0.mjs"], { cwd: process.cwd() });
+    }
+    catch (err) {
+        const code = err?.code ?? 1;
+        if (code === 2) {
+            throw new Error("deps_audit_failed");
+        }
+        throw err;
+    }
+}
+async function writeJson(p, obj) {
+    await fs.mkdir(path.dirname(p), { recursive: true });
+    await fs.writeFile(p, stableStringify(obj) + "\n", "utf8");
+}
+async function checkSkillStructure(projectDir) {
+    const issues = [];
+    const skillsRoot = path.join(projectDir, ".claude", "skills");
+    if (!(await exists(skillsRoot)))
+        return { ok: true, issues };
+    const entries = await fs.readdir(skillsRoot, { withFileTypes: true });
+    for (const entry of entries) {
+        const rel = `.claude/skills/${entry.name}`;
+        if (entry.isFile()) {
+            issues.push(`skill_root_file:${rel}`);
+            continue;
+        }
+        if (entry.isDirectory()) {
+            const skillMd = path.join(skillsRoot, entry.name, "SKILL.md");
+            if (!(await exists(skillMd))) {
+                issues.push(`missing_skill_md:${rel}/SKILL.md`);
+            }
+        }
+    }
+    return { ok: issues.length === 0, issues };
+}
+async function runCase(suite, caseId, fixturesRoot) {
+    const repoRoot = process.cwd();
+    const projectDir = path.join(fixturesRoot, caseId);
+    const outRoot = path.join(repoRoot, ".tmp_test", "quality", suite, caseId, "out");
+    await fs.rm(outRoot, { recursive: true, force: true });
+    await fs.mkdir(outRoot, { recursive: true });
+    const strict = suite === "neg" && caseId === "strict_denied_local";
+    const result = await runImport({
+        projectDir,
+        outDir: outRoot,
+        includeLocal: false,
+        includeUserSettings: false,
+        dryRun: false,
+        strict,
+        emitProfile: true,
+        emitOverlay: true,
+        emitZip: true,
+        zipName: "export.zip",
+    });
+    const movaBase = path.join(outRoot, "mova", "claude_import", "v0");
+    const manifestPath = path.join(movaBase, "import_manifest.json");
+    const lintPath = path.join(movaBase, "lint_report_v0.json");
+    const redactionPath = path.join(movaBase, "redaction_report.json");
+    const exportManifestPath = path.join(movaBase, "export_manifest_v0.json");
+    const inputPolicyPath = path.join(movaBase, "input_policy_report_v0.json");
+    const failures = [];
+    const inputPolicyReport = await readJson(inputPolicyPath);
+    const lintReport = await exists(lintPath) ? await readJson(lintPath) : null;
+    const redactionReport = await exists(redactionPath) ? await readJson(redactionPath) : { hits: [] };
+    const exportManifestExists = await exists(exportManifestPath);
+    const exportManifest = exportManifestExists ? await readJson(exportManifestPath) : null;
+    const settingsLocalInput = await exists(path.join(projectDir, ".claude", "settings.local.json"));
+    const skillStructure = await checkSkillStructure(projectDir);
+    const zipRelPath = exportManifest?.zip_rel_path;
+    const zipPresent = typeof zipRelPath === "string" && (await exists(path.join(outRoot, zipRelPath)));
+    const exportFilesCountMatch = typeof exportManifest?.files_count === "number" &&
+        Array.isArray(exportManifest?.files) &&
+        exportManifest.files_count === exportManifest.files.length;
+    if (!(await exists(manifestPath)))
+        failures.push("missing_import_manifest");
+    if (!inputPolicyReport?.ok && suite === "pos")
+        failures.push("input_policy_not_ok");
+    if (!lintReport?.ok && !strict)
+        failures.push("lint_not_ok");
+    if (Array.isArray(redactionReport?.hits) && redactionReport.hits.length > 0)
+        failures.push("redaction_hits_present");
+    if (settingsLocalInput)
+        failures.push("settings_local_input_present");
+    if (!skillStructure.ok)
+        failures.push("skill_structure_invalid");
+    if (!strict) {
+        if (!exportManifestExists)
+            failures.push("missing_export_manifest");
+        if (!zipPresent)
+            failures.push("zip_missing");
+        if (!exportFilesCountMatch)
+            failures.push("export_files_count_mismatch");
+    }
+    else {
+        if (result.exit_code !== 2)
+            failures.push("strict_exit_code_not_2");
+    }
+    const ok = failures.length === 0;
+    const report = {
+        profile_version: "v0",
+        suite,
+        case_id: caseId,
+        run_id: result.run_id,
+        ok,
+        failures,
+        checks: {
+            input_policy_ok: Boolean(inputPolicyReport?.ok),
+            lint_ok: Boolean(lintReport?.ok),
+            redaction_hits: Array.isArray(redactionReport?.hits) ? redactionReport.hits.length : 0,
+            settings_local_input: settingsLocalInput,
+            skill_structure_ok: skillStructure.ok,
+            skill_structure_issues: skillStructure.issues,
+            export_manifest_present: exportManifestExists,
+            zip_present: zipPresent,
+            export_files_count_match: exportFilesCountMatch,
+        },
+        exit_code: result.exit_code,
+    };
+    const reportPath = path.join(repoRoot, "artifacts", "quality_v0", result.run_id, "quality_report_v0.json");
+    await writeJson(reportPath, report);
+    return report;
+}
+async function main() {
+    const suiteArg = getArg("--suite") ?? "pos";
+    if (suiteArg !== "pos" && suiteArg !== "neg") {
+        console.error(`Unknown suite: ${suiteArg}`);
+        process.exit(2);
+    }
+    const suite = suiteArg;
+    if (suite === "pos") {
+        await runDepsAudit();
+    }
+    const fixturesRoot = path.join(process.cwd(), "fixtures", suite);
+    const entries = await fs.readdir(fixturesRoot, { withFileTypes: true });
+    const cases = entries.filter((e) => e.isDirectory()).map((e) => e.name).sort();
+    if (!cases.length) {
+        console.error(`No fixtures found in ${fixturesRoot}`);
+        process.exit(2);
+    }
+    const reports = [];
+    for (const caseId of cases) {
+        reports.push(await runCase(suite, caseId, fixturesRoot));
+    }
+    if (suite === "pos") {
+        const projectDir = path.join(fixturesRoot, "control_basic_project");
+        const profilePath = path.join(process.cwd(), "fixtures", "pos", "control_profile_filled", "claude_control_profile_v0.json");
+        const outDir = path.join(process.cwd(), ".tmp_test", "quality", "control_check");
+        await controlCheckV0(projectDir, profilePath, outDir);
+        const roundtripDir = path.join(process.cwd(), ".tmp_test", "quality", "full_scaffold_roundtrip");
+        const profileOut = path.join(roundtripDir, "profile");
+        const runOut = path.join(roundtripDir, "out");
+        await fs.rm(roundtripDir, { recursive: true, force: true });
+        await fs.mkdir(roundtripDir, { recursive: true });
+        await writeCleanClaudeProfileScaffoldV0(roundtripDir);
+        const prefill = await controlPrefillV0(roundtripDir, profileOut);
+        await controlCheckV0(roundtripDir, prefill.profile_path, runOut);
+        await controlApplyV0(roundtripDir, prefill.profile_path, runOut, "apply");
+        await runImport({
+            projectDir: roundtripDir,
+            outDir: path.join(roundtripDir, "rebuild"),
+            includeLocal: false,
+            includeUserSettings: false,
+            dryRun: false,
+            strict: false,
+            emitProfile: true,
+            emitOverlay: true,
+            emitZip: true,
+        });
+    }
+    const failed = reports.filter((r) => !r.ok);
+    const passed = reports.filter((r) => r.ok);
+    let ok = true;
+    if (suite === "pos") {
+        ok = failed.length === 0;
+    }
+    else {
+        ok = passed.length === 0;
+    }
+    console.log([
+        `quality_v0 suite=${suite}`,
+        `cases=${reports.length}`,
+        `passed=${passed.length}`,
+        `failed=${failed.length}`,
+        `ok=${ok}`,
+    ].join(" "));
+    process.exit(ok ? 0 : 1);
+}
+main().catch((err) => {
+    console.error(err);
+    process.exit(1);
+});

package/dist/redaction.d.ts

@@ -0,0 +1,14 @@
+export type RedactionHit = {
+    rule_id: string;
+    key?: string;
+    len?: number;
+};
+export declare function redactText(input: string): {
+    redacted: string;
+    hits: RedactionHit[];
+};
+export declare function redactJson(obj: unknown): {
+    redacted: unknown;
+    hits: RedactionHit[];
+};
+export declare function stableSha256(text: string): string;

package/dist/redaction.js

@@ -0,0 +1,52 @@
+import crypto from "node:crypto";
+const KEY_RE = /(api[_-]?key|token|secret|password|authorization|bearer)/i;
+const INLINE_SECRET_RE = /(sk-[a-zA-Z0-9]{8,})/g; // best‑effort
+export function redactText(input) {
+    const hits = [];
+    let out = input;
+    // redact obvious inline tokens
+    out = out.replace(INLINE_SECRET_RE, (m) => {
+        hits.push({ rule_id: "inline_token_like", len: m.length });
+        return "[REDACTED_TOKEN]";
+    });
+    // redact KEY=VALUE lines (best‑effort)
+    out = out.replace(/^([A-Z0-9_]{3,80})\s*=\s*(.+)$/gmi, (line, k, v) => {
+        if (!KEY_RE.test(k))
+            return line;
+        hits.push({ rule_id: "key_value_line", key: k, len: String(v).length });
+        return `${k}=[REDACTED_VALUE_LEN_${String(v).length}]`;
+    });
+    return { redacted: out, hits };
+}
+export function redactJson(obj) {
+    const hits = [];
+    function walk(x) {
+        if (x === null || x === undefined)
+            return x;
+        if (typeof x === "string") {
+            const r = redactText(x);
+            hits.push(...r.hits);
+            return r.redacted;
+        }
+        if (Array.isArray(x))
+            return x.map(walk);
+        if (typeof x === "object") {
+            const out = {};
+            for (const [k, v] of Object.entries(x)) {
+                if (KEY_RE.test(k) && typeof v === "string") {
+                    hits.push({ rule_id: "json_secret_field", key: k, len: v.length });
+                    out[k] = `[REDACTED_VALUE_LEN_${v.length}]`;
+                }
+                else {
+                    out[k] = walk(v);
+                }
+            }
+            return out;
+        }
+        return x;
+    }
+    return { redacted: walk(obj), hits };
+}
+export function stableSha256(text) {
+    return crypto.createHash("sha256").update(text, "utf8").digest("hex");
+}

package/dist/run_import.d.ts

@@ -0,0 +1,2 @@
+import type { ImportOptions, ImportResult } from "./index.js";
+export declare function runImport(opts: ImportOptions): Promise<ImportResult>;