oxe-cc 0.9.2 → 1.0.0

package/packages/runtime/src/context/context-pack-builder.ts

@@ -0,0 +1,193 @@
+import type { WorkItem } from '../models/work-item';
+import type { Evidence } from '../models/evidence';
+import type { RunState } from '../reducers/run-state-reducer';
+
+export interface ContextArtifact {
+  id: string;
+  kind: 'evidence' | 'lesson' | 'file' | 'summary';
+  content: string;
+  relevanceScore: number;
+  tags: string[];
+}
+
+export interface LessonMetric {
+  lesson_id: string;
+  title: string;
+  tags: string[];
+  embedding?: number[];
+  content: string;
+}
+
+export interface ContextPackOptions {
+  maxArtifacts?: number;
+  maxTokensEstimate?: number;
+  deduplicateThreshold?: number;
+}
+
+export interface ContextPack {
+  work_item_id: string;
+  artifacts: ContextArtifact[];
+  total_artifacts_considered: number;
+  redundancy_removed: number;
+  built_at: string;
+}
+
+// ─── Relevance scoring ────────────────────────────────────────────────────────
+
+function scoreEvidenceRelevance(evidence: Evidence, workItem: WorkItem): number {
+  let score = 0.5;
+  const eid = evidence.evidence_id.toLowerCase();
+  const title = workItem.title.toLowerCase();
+  const scope = workItem.mutation_scope ?? [];
+
+  if (scope.some((s) => eid.includes(s.toLowerCase()))) score += 0.3;
+  if (title.split(/\s+/).some((w) => w.length > 3 && eid.includes(w))) score += 0.1;
+  if (evidence.type === 'junit_xml') score += 0.05;
+  if (evidence.type === 'diff') score += 0.05;
+
+  return Math.min(score, 1.0);
+}
+
+function scoreLessonRelevance(lesson: LessonMetric, workItem: WorkItem): number {
+  const itemTags = new Set([
+    ...workItem.mutation_scope.map((s) => s.toLowerCase()),
+    ...workItem.title.toLowerCase().split(/\s+/).filter((w) => w.length > 3),
+  ]);
+
+  const lessonTags = lesson.tags.map((t) => t.toLowerCase());
+  const overlap = lessonTags.filter((t) => itemTags.has(t)).length;
+  const jaccard = overlap / (itemTags.size + lessonTags.length - overlap || 1);
+
+  return Math.min(0.3 + jaccard * 0.7, 1.0);
+}
+
+// ─── Redundancy elimination ───────────────────────────────────────────────────
+
+function cosineSimilarity(a: ContextArtifact, b: ContextArtifact): number {
+  const wordsA = new Set(a.content.toLowerCase().split(/\W+/).filter((w) => w.length > 3));
+  const wordsB = new Set(b.content.toLowerCase().split(/\W+/).filter((w) => w.length > 3));
+  if (wordsA.size === 0 || wordsB.size === 0) return 0;
+
+  let intersection = 0;
+  for (const w of wordsA) if (wordsB.has(w)) intersection++;
+  return intersection / Math.sqrt(wordsA.size * wordsB.size);
+}
+
+function deduplicateArtifacts(artifacts: ContextArtifact[], threshold: number): { kept: ContextArtifact[]; removed: number } {
+  const kept: ContextArtifact[] = [];
+  let removed = 0;
+
+  for (const candidate of artifacts) {
+    const isDuplicate = kept.some((existing) => cosineSimilarity(candidate, existing) >= threshold);
+    if (isDuplicate) {
+      removed++;
+    } else {
+      kept.push(candidate);
+    }
+  }
+
+  return { kept, removed };
+}
+
+// ─── Token budget estimation ──────────────────────────────────────────────────
+
+function estimateTokens(text: string): number {
+  return Math.ceil(text.length / 4);
+}
+
+function applyTokenBudget(artifacts: ContextArtifact[], maxTokens: number): ContextArtifact[] {
+  let used = 0;
+  const result: ContextArtifact[] = [];
+  for (const a of artifacts) {
+    const t = estimateTokens(a.content);
+    if (used + t > maxTokens) break;
+    result.push(a);
+    used += t;
+  }
+  return result;
+}
+
+// ─── Context Pack Builder ─────────────────────────────────────────────────────
+
+export class ContextPackBuilder {
+  constructor(private readonly opts: ContextPackOptions = {}) {}
+
+  build(
+    workItem: WorkItem,
+    state: RunState,
+    evidenceItems: Evidence[],
+    evidenceContents: Map<string, string>,
+    lessons: LessonMetric[],
+  ): ContextPack {
+    const {
+      maxArtifacts = 20,
+      maxTokensEstimate = 8000,
+      deduplicateThreshold = 0.85,
+    } = this.opts;
+
+    const raw: ContextArtifact[] = [];
+
+    // Score and collect evidence
+    for (const ev of evidenceItems) {
+      const content = evidenceContents.get(ev.evidence_id) ?? '';
+      if (!content) continue;
+      raw.push({
+        id: ev.evidence_id,
+        kind: 'evidence',
+        content,
+        relevanceScore: scoreEvidenceRelevance(ev, workItem),
+        tags: [ev.type, workItem.work_item_id],
+      });
+    }
+
+    // Score and collect lessons
+    for (const lesson of lessons) {
+      raw.push({
+        id: lesson.lesson_id,
+        kind: 'lesson',
+        content: lesson.content,
+        relevanceScore: scoreLessonRelevance(lesson, workItem),
+        tags: lesson.tags,
+      });
+    }
+
+    // Add run-level summary if available
+    const completedCount = state.completedWorkItems.size;
+    if (completedCount > 0) {
+      raw.push({
+        id: `run-summary-${workItem.run_id}`,
+        kind: 'summary',
+        content: `Run progress: ${completedCount} completed, ${state.failedWorkItems.size} failed, ${state.blockedWorkItems.size} blocked.`,
+        relevanceScore: 0.4,
+        tags: ['run-context'],
+      });
+    }
+
+    const totalConsidered = raw.length;
+
+    // Sort by relevance descending
+    raw.sort((a, b) => b.relevanceScore - a.relevanceScore);
+
+    // Deduplicate
+    const { kept, removed } = deduplicateArtifacts(raw, deduplicateThreshold);
+
+    // Apply max artifacts cap
+    const capped = kept.slice(0, maxArtifacts);
+
+    // Apply token budget
+    const final = applyTokenBudget(capped, maxTokensEstimate);
+
+    return {
+      work_item_id: workItem.work_item_id,
+      artifacts: final,
+      total_artifacts_considered: totalConsidered,
+      redundancy_removed: removed,
+      built_at: new Date().toISOString(),
+    };
+  }
+
+  /** Convenience: build with no evidence, just lessons and state summary */
+  buildLightweight(workItem: WorkItem, state: RunState, lessons: LessonMetric[]): ContextPack {
+    return this.build(workItem, state, [], new Map(), lessons);
+  }
+}

package/packages/runtime/src/context/index.ts

@@ -0,0 +1 @@
+export * from './context-pack-builder';

package/packages/runtime/src/delivery/branch-manager.ts

@@ -0,0 +1,84 @@
+import { execFileSync, spawnSync } from 'child_process';
+
+export interface BranchInfo {
+  name: string;
+  current: boolean;
+  commit: string;
+}
+
+export class BranchManager {
+  constructor(private readonly projectRoot: string) {}
+
+  currentBranch(): string {
+    return this.git(['rev-parse', '--abbrev-ref', 'HEAD']).trim();
+  }
+
+  currentCommit(): string {
+    return this.git(['rev-parse', 'HEAD']).trim();
+  }
+
+  createSessionBranch(sessionId: string): string {
+    const name = `oxe/${sessionId}`;
+    this.git(['checkout', '-b', name]);
+    return name;
+  }
+
+  createOxeBranch(name: string, base?: string): string {
+    const fullName = name.startsWith('oxe/') ? name : `oxe/${name}`;
+    if (base) {
+      this.git(['checkout', '-b', fullName, base]);
+    } else {
+      this.git(['checkout', '-b', fullName]);
+    }
+    return fullName;
+  }
+
+  switchTo(branchName: string): void {
+    this.git(['checkout', branchName]);
+  }
+
+  deleteBranch(name: string, force = false): void {
+    const flag = force ? '-D' : '-d';
+    this.git(['branch', flag, name]);
+  }
+
+  listOxeBranches(): BranchInfo[] {
+    const raw = this.git(['branch', '--list', 'oxe/*', '--format=%(refname:short) %(objectname:short) %(HEAD)']);
+    return raw
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => {
+        const parts = line.trim().split(/\s+/);
+        return {
+          name: parts[0],
+          commit: parts[1] ?? '',
+          current: parts[2] === '*',
+        };
+      });
+  }
+
+  mergeWorktreeBranch(worktreeBranch: string, targetBranch: string): void {
+    const saved = this.currentBranch();
+    try {
+      this.git(['checkout', targetBranch]);
+      this.git(['merge', '--no-ff', worktreeBranch, '-m', `oxe: merge ${worktreeBranch}`]);
+    } finally {
+      try { this.git(['checkout', saved]); } catch { /* best effort */ }
+    }
+  }
+
+  branchExists(name: string): boolean {
+    const result = spawnSync('git', ['rev-parse', '--verify', name], {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+    return result.status === 0;
+  }
+
+  private git(args: string[]): string {
+    return execFileSync('git', args, {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+  }
+}

package/packages/runtime/src/delivery/ci-checks.ts

@@ -0,0 +1,252 @@
+import fs from 'fs';
+import path from 'path';
+import type { EvidenceStore } from '../evidence/evidence-store';
+
+export type CICheckStatus = 'pass' | 'fail' | 'skip' | 'error';
+
+export interface CICheckContext {
+  projectRoot: string;
+  sessionId: string | null;
+  runId?: string;
+  evidenceStore?: EvidenceStore;
+}
+
+export interface CICheckResult {
+  check: string;
+  status: CICheckStatus;
+  message: string;
+  details?: unknown;
+}
+
+export interface CICheck {
+  name: string;
+  description: string;
+  run(ctx: CICheckContext): Promise<CICheckResult>;
+}
+
+// ─── Check: plan-consistency ─────────────────────────────────────────────────
+
+export const planConsistencyCheck: CICheck = {
+  name: 'oxe-plan-consistency',
+  description: 'Verifies ACTIVE-RUN.json exists and has a compiled ExecutionGraph',
+  async run(ctx) {
+    const activeRunPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'execution', 'ACTIVE-RUN.json')
+      : path.join(ctx.projectRoot, '.oxe', 'ACTIVE-RUN.json');
+
+    if (!fs.existsSync(activeRunPath)) {
+      return { check: this.name, status: 'skip', message: 'No ACTIVE-RUN.json found' };
+    }
+
+    try {
+      const raw = JSON.parse(fs.readFileSync(activeRunPath, 'utf8')) as Record<string, unknown>;
+      const hasGraph = raw.compiled_graph && typeof raw.compiled_graph === 'object';
+      const hasRunId = typeof raw.run_id === 'string';
+
+      if (!hasRunId) {
+        return { check: this.name, status: 'fail', message: 'ACTIVE-RUN.json missing run_id', details: raw };
+      }
+      if (!hasGraph) {
+        return { check: this.name, status: 'fail', message: 'No compiled ExecutionGraph found in ACTIVE-RUN.json', details: { run_id: raw.run_id } };
+      }
+      return { check: this.name, status: 'pass', message: `Run ${String(raw.run_id)} has compiled graph` };
+    } catch (err) {
+      return { check: this.name, status: 'error', message: `Failed to parse ACTIVE-RUN.json: ${String(err)}` };
+    }
+  },
+};
+
+// ─── Check: verify-acceptance ────────────────────────────────────────────────
+
+export const verifyAcceptanceCheck: CICheck = {
+  name: 'oxe-verify-acceptance',
+  description: 'Checks that VERIFY.md exists and contains no failed criteria',
+  async run(ctx) {
+    const verifyPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'verification', 'VERIFY.md')
+      : path.join(ctx.projectRoot, '.oxe', 'VERIFY.md');
+
+    if (!fs.existsSync(verifyPath)) {
+      return { check: this.name, status: 'skip', message: 'No VERIFY.md found — run /oxe-verify first' };
+    }
+
+    const content = fs.readFileSync(verifyPath, 'utf8');
+    const failLines = content.split('\n').filter((l) => l.includes('✗ FAIL'));
+    const passLines = content.split('\n').filter((l) => l.includes('✓ PASS'));
+
+    if (failLines.length > 0) {
+      return {
+        check: this.name,
+        status: 'fail',
+        message: `${failLines.length} acceptance criteria failed`,
+        details: { failed: failLines, passed: passLines.length },
+      };
+    }
+    if (passLines.length === 0) {
+      return { check: this.name, status: 'skip', message: 'VERIFY.md has no pass/fail markers' };
+    }
+    return { check: this.name, status: 'pass', message: `${passLines.length} acceptance criteria passed` };
+  },
+};
+
+// ─── Check: policy ───────────────────────────────────────────────────────────
+
+export const policyCheck: CICheck = {
+  name: 'oxe-policy',
+  description: 'Checks that no gates are pending (unresolved human approval)',
+  async run(ctx) {
+    const gatesPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'execution', 'GATES.json')
+      : path.join(ctx.projectRoot, '.oxe', 'execution', 'GATES.json');
+
+    if (!fs.existsSync(gatesPath)) {
+      return { check: this.name, status: 'pass', message: 'No pending gates' };
+    }
+
+    try {
+      const gates = JSON.parse(fs.readFileSync(gatesPath, 'utf8')) as Array<{ status: string; scope: string; gate_id: string }>;
+      const pending = gates.filter((g) => g.status === 'pending');
+      if (pending.length > 0) {
+        return {
+          check: this.name,
+          status: 'fail',
+          message: `${pending.length} unresolved gate(s)`,
+          details: pending.map((g) => ({ gate_id: g.gate_id, scope: g.scope })),
+        };
+      }
+      return { check: this.name, status: 'pass', message: 'All gates resolved' };
+    } catch (err) {
+      return { check: this.name, status: 'error', message: `Failed to read GATES.json: ${String(err)}` };
+    }
+  },
+};
+
+// ─── Check: security-baseline ────────────────────────────────────────────────
+
+const SECRET_PATTERNS = [
+  /(?:password|passwd|secret|api[_-]?key|auth[_-]?token)\s*[:=]\s*['"]?\S{8,}/i,
+  /(?:AKIA|ASIA)[A-Z0-9]{16}/,
+  /-----BEGIN (?:RSA|EC|OPENSSH) PRIVATE KEY-----/,
+];
+
+export const securityBaselineCheck: CICheck = {
+  name: 'oxe-security-baseline',
+  description: 'Scans evidence artifacts for common secret patterns',
+  async run(ctx) {
+    if (!ctx.evidenceStore || !ctx.runId) {
+      return { check: this.name, status: 'skip', message: 'No evidence store or run ID provided' };
+    }
+
+    const evidenceDir = path.join(ctx.projectRoot, '.oxe', 'evidence', 'runs', ctx.runId);
+    if (!fs.existsSync(evidenceDir)) {
+      return { check: this.name, status: 'skip', message: 'No evidence found for this run' };
+    }
+
+    const findings: string[] = [];
+    walkDir(evidenceDir, (filePath) => {
+      if (filePath.endsWith('.json') || filePath.endsWith('.patch') || filePath.endsWith('.txt')) {
+        try {
+          const content = fs.readFileSync(filePath, 'utf8');
+          for (const pattern of SECRET_PATTERNS) {
+            if (pattern.test(content)) {
+              findings.push(`${path.basename(filePath)}: matches pattern ${pattern.source.slice(0, 40)}`);
+              break;
+            }
+          }
+        } catch { /* skip unreadable */ }
+      }
+    });
+
+    if (findings.length > 0) {
+      return { check: this.name, status: 'fail', message: `Secret patterns detected in ${findings.length} evidence file(s)`, details: findings };
+    }
+    return { check: this.name, status: 'pass', message: 'No secret patterns detected in evidence' };
+  },
+};
+
+// ─── Check: runtime-evidence-integrity ───────────────────────────────────────
+
+export const runtimeEvidenceIntegrityCheck: CICheck = {
+  name: 'oxe-runtime-evidence-integrity',
+  description: 'Validates that all evidence index files are valid JSON and files exist on disk',
+  async run(ctx) {
+    if (!ctx.runId) {
+      return { check: this.name, status: 'skip', message: 'No run ID provided' };
+    }
+
+    const runEvidenceDir = path.join(ctx.projectRoot, '.oxe', 'evidence', 'runs', ctx.runId);
+    if (!fs.existsSync(runEvidenceDir)) {
+      return { check: this.name, status: 'skip', message: 'No evidence directory for this run' };
+    }
+
+    const errors: string[] = [];
+    let indexCount = 0;
+    let evidenceCount = 0;
+
+    walkDir(runEvidenceDir, (filePath) => {
+      if (path.basename(filePath) !== 'index.json') return;
+      indexCount++;
+      try {
+        const items = JSON.parse(fs.readFileSync(filePath, 'utf8')) as Array<{ path: string; evidence_id: string }>;
+        for (const item of items) {
+          evidenceCount++;
+          const absPath = path.join(ctx.projectRoot, item.path);
+          if (!fs.existsSync(absPath)) {
+            errors.push(`Missing file for ${item.evidence_id}: ${item.path}`);
+          }
+        }
+      } catch (err) {
+        errors.push(`Corrupt index at ${filePath}: ${String(err)}`);
+      }
+    });
+
+    if (errors.length > 0) {
+      return { check: this.name, status: 'fail', message: `${errors.length} integrity error(s)`, details: errors };
+    }
+    return {
+      check: this.name,
+      status: indexCount === 0 ? 'skip' : 'pass',
+      message: `${evidenceCount} evidence artifact(s) across ${indexCount} index(es) — all valid`,
+    };
+  },
+};
+
+// ─── Suite ───────────────────────────────────────────────────────────────────
+
+export const OXE_CI_CHECKS: CICheck[] = [
+  planConsistencyCheck,
+  verifyAcceptanceCheck,
+  policyCheck,
+  securityBaselineCheck,
+  runtimeEvidenceIntegrityCheck,
+];
+
+export async function runCIChecks(
+  ctx: CICheckContext,
+  checks: CICheck[] = OXE_CI_CHECKS
+): Promise<CICheckResult[]> {
+  const results: CICheckResult[] = [];
+  for (const check of checks) {
+    results.push(await check.run(ctx));
+  }
+  return results;
+}
+
+export function summarizeCIResults(results: CICheckResult[]): {
+  total: number; pass: number; fail: number; skip: number; error: number; allPassed: boolean;
+} {
+  const counts = { total: results.length, pass: 0, fail: 0, skip: 0, error: 0 };
+  for (const r of results) counts[r.status]++;
+  return { ...counts, allPassed: counts.fail === 0 && counts.error === 0 };
+}
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function walkDir(dir: string, visitor: (filePath: string) => void): void {
+  if (!fs.existsSync(dir)) return;
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) walkDir(full, visitor);
+    else visitor(full);
+  }
+}

package/packages/runtime/src/delivery/index.ts

@@ -0,0 +1,3 @@
+export * from './branch-manager';
+export * from './pr-manager';
+export * from './ci-checks';

package/packages/runtime/src/delivery/pr-manager.ts

@@ -0,0 +1,112 @@
+import { spawnSync } from 'child_process';
+
+export interface PRDraftOptions {
+  title: string;
+  body: string;
+  base?: string;
+  head?: string;
+  draft?: boolean;
+}
+
+export interface PRInfo {
+  number: number;
+  title: string;
+  url: string;
+  state: string;
+  draft: boolean;
+  head: string;
+  base: string;
+}
+
+export interface PRResult {
+  success: boolean;
+  url?: string;
+  error?: string;
+  pr?: PRInfo;
+}
+
+function isGhAvailable(cwd: string): boolean {
+  const result = spawnSync('gh', ['--version'], { cwd, encoding: 'utf8' });
+  return result.status === 0;
+}
+
+export class PRManager {
+  constructor(private readonly projectRoot: string) {}
+
+  isAvailable(): boolean {
+    return isGhAvailable(this.projectRoot);
+  }
+
+  createDraft(opts: PRDraftOptions): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available — install from https://cli.github.com' };
+    }
+    const args = [
+      'pr', 'create',
+      '--title', opts.title,
+      '--body', opts.body,
+    ];
+    if (opts.draft !== false) args.push('--draft');
+    if (opts.base) args.push('--base', opts.base);
+    if (opts.head) args.push('--head', opts.head);
+
+    const result = spawnSync('gh', args, {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+
+    if (result.status !== 0) {
+      return { success: false, error: result.stderr?.trim() ?? 'gh pr create failed' };
+    }
+    const url = result.stdout?.trim();
+    return { success: true, url };
+  }
+
+  view(prNumberOrUrl: string | number): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available' };
+    }
+    const result = spawnSync(
+      'gh',
+      ['pr', 'view', String(prNumberOrUrl), '--json', 'number,title,url,state,isDraft,headRefName,baseRefName'],
+      { cwd: this.projectRoot, encoding: 'utf8' }
+    );
+    if (result.status !== 0) {
+      return { success: false, error: result.stderr?.trim() };
+    }
+    try {
+      const raw = JSON.parse(result.stdout) as {
+        number: number; title: string; url: string; state: string;
+        isDraft: boolean; headRefName: string; baseRefName: string;
+      };
+      return {
+        success: true,
+        url: raw.url,
+        pr: {
+          number: raw.number,
+          title: raw.title,
+          url: raw.url,
+          state: raw.state.toLowerCase(),
+          draft: raw.isDraft,
+          head: raw.headRefName,
+          base: raw.baseRefName,
+        },
+      };
+    } catch {
+      return { success: false, error: 'Failed to parse gh output' };
+    }
+  }
+
+  mergePR(prNumber: number, method: 'merge' | 'squash' | 'rebase' = 'merge'): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available' };
+    }
+    const result = spawnSync('gh', ['pr', 'merge', String(prNumber), `--${method}`, '--delete-branch'], {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+    return result.status === 0
+      ? { success: true }
+      : { success: false, error: result.stderr?.trim() };
+  }
+}