oxe-cc 0.9.3 → 1.0.0

package/packages/runtime/src/scheduler/scheduler.ts

@@ -0,0 +1,281 @@
+import { appendEvent } from '../events/bus';
+import type { OxeEvent } from '../events/envelope';
+import type { EventInput } from '../events/bus';
+import type { ExecutionGraph, GraphNode } from '../compiler/graph-compiler';
+import type { WorkspaceManager, WorkspaceRequest } from '../workspace/workspace-manager';
+import type { WorkspaceLease } from '../models/workspace';
+
+export interface TaskResult {
+  success: boolean;
+  failure_class: 'env' | 'policy' | 'test' | 'timeout' | null;
+  evidence: string[];
+  output: string;
+}
+
+export interface TaskExecutor {
+  execute(
+    node: GraphNode,
+    lease: WorkspaceLease,
+    runId: string,
+    attemptNumber: number
+  ): Promise<TaskResult>;
+}
+
+export interface SchedulerContext {
+  projectRoot: string;
+  sessionId: string | null;
+  runId: string;
+  executor: TaskExecutor;
+  workspaceManager: WorkspaceManager;
+  onEvent?: (event: OxeEvent) => void;
+}
+
+export interface RunResult {
+  run_id: string;
+  status: 'completed' | 'failed' | 'cancelled';
+  completed: string[];
+  failed: string[];
+  blocked: string[];
+}
+
+type NodeStatus = 'pending' | 'ready' | 'running' | 'completed' | 'failed' | 'blocked';
+
+export class Scheduler {
+  private cancelled = false;
+  private paused = false;
+
+  async run(graph: ExecutionGraph, ctx: SchedulerContext): Promise<RunResult> {
+    this.cancelled = false;
+    this.paused = false;
+
+    const status = new Map<string, NodeStatus>();
+    for (const id of graph.nodes.keys()) status.set(id, 'pending');
+
+    const completed: string[] = [];
+    const failed: string[] = [];
+    const blocked: string[] = [];
+
+    this.emit(ctx, { type: 'RunStarted', payload: { run_id: ctx.runId } });
+
+    for (const wave of graph.waves) {
+      if (this.cancelled) break;
+      const waveFailed = await this.runWave(
+        wave.node_ids,
+        graph,
+        ctx,
+        status,
+        completed,
+        failed,
+        blocked
+      );
+      if (waveFailed) break;
+    }
+
+    // Any remaining pending nodes become blocked
+    for (const [id, s] of status) {
+      if (s === 'pending') {
+        status.set(id, 'blocked');
+        blocked.push(id);
+        this.emit(ctx, {
+          type: 'WorkItemBlocked',
+          work_item_id: id,
+          payload: { reason: 'upstream_wave_failed' },
+        });
+      }
+    }
+
+    const finalStatus: RunResult['status'] = this.cancelled
+      ? 'cancelled'
+      : failed.length > 0
+      ? 'failed'
+      : 'completed';
+
+    this.emit(ctx, {
+      type: 'RunCompleted',
+      payload: { run_id: ctx.runId, status: finalStatus },
+    });
+
+    return { run_id: ctx.runId, status: finalStatus, completed, failed, blocked };
+  }
+
+  private async runWave(
+    nodeIds: string[],
+    graph: ExecutionGraph,
+    ctx: SchedulerContext,
+    status: Map<string, NodeStatus>,
+    completed: string[],
+    failed: string[],
+    blocked: string[]
+  ): Promise<boolean> {
+    // Partition: eligible vs blocked-by-dep
+    const eligible: string[] = [];
+    const depsNotMet: string[] = [];
+
+    for (const id of nodeIds) {
+      const node = graph.nodes.get(id)!;
+      const depsMet = node.depends_on.every((dep) => status.get(dep) === 'completed');
+      if (depsMet) {
+        eligible.push(id);
+      } else {
+        depsNotMet.push(id);
+      }
+    }
+
+    // Nodes whose deps weren't met in this wave → blocked
+    for (const id of depsNotMet) {
+      status.set(id, 'blocked');
+      blocked.push(id);
+      this.emit(ctx, {
+        type: 'WorkItemBlocked',
+        work_item_id: id,
+        payload: { reason: 'dependency_not_met' },
+      });
+    }
+
+    // Separate read-only (no mutation_scope) from mutation nodes
+    const readOnly = eligible.filter((id) => {
+      const node = graph.nodes.get(id)!;
+      return node.mutation_scope.length === 0;
+    });
+    const mutations = eligible.filter((id) => !readOnly.includes(id));
+
+    // Run read-only nodes in parallel
+    if (readOnly.length > 0) {
+      await Promise.all(
+        readOnly.map((id) => this.runNode(id, graph, ctx, status, completed, failed))
+      );
+    }
+
+    // Run mutation nodes sequentially to avoid scope conflicts
+    for (const id of mutations) {
+      if (this.cancelled) break;
+      await this.runNode(id, graph, ctx, status, completed, failed);
+    }
+
+    return failed.length > 0;
+  }
+
+  private async runNode(
+    nodeId: string,
+    graph: ExecutionGraph,
+    ctx: SchedulerContext,
+    status: Map<string, NodeStatus>,
+    completed: string[],
+    failed: string[]
+  ): Promise<void> {
+    const node = graph.nodes.get(nodeId)!;
+    status.set(nodeId, 'running');
+    this.emit(ctx, {
+      type: 'WorkItemReady',
+      work_item_id: nodeId,
+      payload: { title: node.title, wave: node.wave },
+    });
+
+    let lease: WorkspaceLease | null = null;
+    let lastResult: TaskResult | null = null;
+    const maxAttempts = node.policy.max_retries + 1;
+
+    for (let attempt = 1; attempt <= maxAttempts; attempt++) {
+      const attemptId = `${nodeId}-a${attempt}`;
+
+      this.emit(ctx, {
+        type: 'AttemptStarted',
+        work_item_id: nodeId,
+        attempt_id: attemptId,
+        payload: { attempt_number: attempt },
+      });
+
+      try {
+        const wsReq: WorkspaceRequest = {
+          work_item_id: nodeId,
+          attempt_number: attempt,
+          strategy: node.workspace_strategy,
+          mutation_scope: node.mutation_scope,
+        };
+        lease = await ctx.workspaceManager.allocate(wsReq);
+        this.emit(ctx, {
+          type: 'WorkspaceAllocated',
+          work_item_id: nodeId,
+          attempt_id: attemptId,
+          payload: { workspace_id: lease.workspace_id, strategy: lease.strategy },
+        });
+
+        lastResult = await ctx.executor.execute(node, lease, ctx.runId, attempt);
+
+        if (lastResult.success) {
+          this.emit(ctx, {
+            type: 'WorkItemCompleted',
+            work_item_id: nodeId,
+            attempt_id: attemptId,
+            payload: { attempt_number: attempt, evidence: lastResult.evidence },
+          });
+          status.set(nodeId, 'completed');
+          completed.push(nodeId);
+          return;
+        }
+
+        // Policy failures never retry
+        if (lastResult.failure_class === 'policy') break;
+
+        if (attempt < maxAttempts) {
+          this.emit(ctx, {
+            type: 'RetryScheduled',
+            work_item_id: nodeId,
+            payload: { next_attempt: attempt + 1, reason: lastResult.failure_class },
+          });
+        }
+      } catch (err) {
+        lastResult = {
+          success: false,
+          failure_class: 'env',
+          evidence: [],
+          output: String(err),
+        };
+        if (attempt < maxAttempts) {
+          this.emit(ctx, {
+            type: 'RetryScheduled',
+            work_item_id: nodeId,
+            payload: { next_attempt: attempt + 1, reason: 'env' },
+          });
+        }
+      } finally {
+        if (lease) {
+          await ctx.workspaceManager.dispose(lease.workspace_id).catch(() => {});
+          lease = null;
+        }
+      }
+    }
+
+    // All attempts exhausted
+    this.emit(ctx, {
+      type: 'WorkItemBlocked',
+      work_item_id: nodeId,
+      payload: { failure_class: lastResult?.failure_class ?? 'env', max_attempts: maxAttempts },
+    });
+    status.set(nodeId, 'failed');
+    failed.push(nodeId);
+  }
+
+  pause(): void {
+    this.paused = true;
+  }
+
+  resume(): void {
+    this.paused = false;
+  }
+
+  cancel(): void {
+    this.cancelled = true;
+  }
+
+  private emit(
+    ctx: SchedulerContext,
+    input: EventInput
+  ): void {
+    const event = appendEvent(ctx.projectRoot, ctx.sessionId, {
+      run_id: ctx.runId,
+      ...input,
+    });
+    ctx.onEvent?.(event);
+  }
+}

package/packages/runtime/src/verification/index.ts

@@ -0,0 +1 @@
+export * from './verification-compiler';

package/packages/runtime/src/verification/verification-compiler.ts

@@ -0,0 +1,225 @@
+import crypto from 'crypto';
+import { spawnSync } from 'child_process';
+import type { EvidenceType } from '../models/evidence';
+import type { VerificationStatus } from '../models/verification-result';
+
+export type CheckType =
+  | 'unit'
+  | 'integration'
+  | 'contract'
+  | 'smoke'
+  | 'policy'
+  | 'security'
+  | 'ux_snapshot'
+  | 'performance_baseline'
+  | 'custom';
+
+export interface AcceptanceCheck {
+  id: string;
+  type: CheckType;
+  command: string | null;
+  evidence_type_expected: EvidenceType;
+  acceptance_ref: string | null;
+  description: string;
+}
+
+export interface AcceptanceCheckSuite {
+  checks: AcceptanceCheck[];
+  compiled_at: string;
+  spec_hash: string;
+  plan_hash: string;
+}
+
+export interface CheckResult {
+  check_id: string;
+  acceptance_ref: string | null;
+  status: VerificationStatus;
+  stdout: string;
+  stderr: string;
+  exit_code: number | null;
+  duration_ms: number;
+  error: string | null;
+}
+
+// Mirror of ParsedSpec/ParsedPlan (same as in graph-compiler to avoid circular deps)
+interface Criterion {
+  id: string;
+  criterion: string;
+  howToVerify: string;
+}
+
+interface ParsedSpecLike {
+  objective: string | null;
+  criteria: Criterion[];
+}
+
+interface ParsedTaskLike {
+  id: string;
+  verifyCommand: string | null;
+  aceite: string[];
+}
+
+interface ParsedPlanLike {
+  tasks: ParsedTaskLike[];
+}
+
+function inferCheckType(howToVerify: string): CheckType {
+  const v = howToVerify.toLowerCase();
+  if (v.includes('npm test') || v.includes('jest') || v.includes('vitest') || v.includes('node --test')) return 'unit';
+  if (v.includes('postman') || v.includes('newman') || v.includes('integration')) return 'integration';
+  if (v.includes('smoke') || v.includes('curl')) return 'smoke';
+  if (v.includes('eslint') || v.includes('lint') || v.includes('oxe-policy')) return 'policy';
+  if (v.includes('security') || v.includes('audit') || v.includes('trivy')) return 'security';
+  return 'custom';
+}
+
+function inferEvidenceType(checkType: CheckType): EvidenceType {
+  switch (checkType) {
+    case 'unit': return 'junit_xml';
+    case 'integration': return 'api_output';
+    case 'security': return 'security_report';
+    case 'policy': return 'log';
+    default: return 'stdout';
+  }
+}
+
+export function compile(
+  spec: ParsedSpecLike,
+  plan: ParsedPlanLike
+): AcceptanceCheckSuite {
+  const checks: AcceptanceCheck[] = [];
+  const seenRefs = new Set<string>();
+
+  // Generate checks from spec criteria
+  for (const criterion of spec.criteria) {
+    // Find the verify command from the task that references this criterion
+    const task = plan.tasks.find((t) => t.aceite.includes(criterion.id));
+    const command = task?.verifyCommand ?? null;
+    const type = inferCheckType(criterion.howToVerify);
+
+    checks.push({
+      id: `check-${criterion.id.toLowerCase()}`,
+      type,
+      command: command ?? (criterion.howToVerify.startsWith('#') ? null : criterion.howToVerify),
+      evidence_type_expected: inferEvidenceType(type),
+      acceptance_ref: criterion.id,
+      description: criterion.criterion,
+    });
+    seenRefs.add(criterion.id);
+  }
+
+  // Add checks for task verify commands not already covered
+  for (const task of plan.tasks) {
+    if (!task.verifyCommand) continue;
+    const uncovered = task.aceite.filter((ref) => !seenRefs.has(ref));
+    if (uncovered.length === 0 && checks.some((c) => c.command === task.verifyCommand)) continue;
+
+    checks.push({
+      id: `check-task-${task.id.toLowerCase()}`,
+      type: inferCheckType(task.verifyCommand),
+      command: task.verifyCommand,
+      evidence_type_expected: 'stdout',
+      acceptance_ref: uncovered[0] ?? null,
+      description: `Verify command for task ${task.id}`,
+    });
+  }
+
+  return {
+    checks,
+    compiled_at: new Date().toISOString(),
+    spec_hash: hashObject(spec),
+    plan_hash: hashObject(plan),
+  };
+}
+
+export async function runCheck(
+  check: AcceptanceCheck,
+  cwd: string,
+  timeoutMs = 60_000
+): Promise<CheckResult> {
+  if (!check.command) {
+    return {
+      check_id: check.id,
+      acceptance_ref: check.acceptance_ref,
+      status: 'skip',
+      stdout: '',
+      stderr: '',
+      exit_code: null,
+      duration_ms: 0,
+      error: null,
+    };
+  }
+
+  const start = Date.now();
+  try {
+    // Split command into program + args (simple split; no shell expansion)
+    const parts = check.command.split(/\s+/);
+    const prog = parts[0];
+    const args = parts.slice(1);
+
+    const result = spawnSync(prog, args, {
+      cwd,
+      encoding: 'utf8',
+      timeout: timeoutMs,
+      maxBuffer: 2 * 1024 * 1024,
+    });
+
+    const duration_ms = Date.now() - start;
+    const status: VerificationStatus = result.status === 0 ? 'pass' : 'fail';
+
+    return {
+      check_id: check.id,
+      acceptance_ref: check.acceptance_ref,
+      status,
+      stdout: result.stdout ?? '',
+      stderr: result.stderr ?? '',
+      exit_code: result.status ?? null,
+      duration_ms,
+      error: result.error ? String(result.error) : null,
+    };
+  } catch (err) {
+    return {
+      check_id: check.id,
+      acceptance_ref: check.acceptance_ref,
+      status: 'error',
+      stdout: '',
+      stderr: '',
+      exit_code: null,
+      duration_ms: Date.now() - start,
+      error: String(err),
+    };
+  }
+}
+
+export async function runSuite(
+  suite: AcceptanceCheckSuite,
+  cwd: string,
+  timeoutMs = 60_000
+): Promise<CheckResult[]> {
+  const results: CheckResult[] = [];
+  for (const check of suite.checks) {
+    results.push(await runCheck(check, cwd, timeoutMs));
+  }
+  return results;
+}
+
+export function summarizeSuite(results: CheckResult[]): {
+  total: number;
+  pass: number;
+  fail: number;
+  skip: number;
+  error: number;
+  allPassed: boolean;
+} {
+  const counts = { total: results.length, pass: 0, fail: 0, skip: 0, error: 0 };
+  for (const r of results) counts[r.status]++;
+  return { ...counts, allPassed: counts.fail === 0 && counts.error === 0 };
+}
+
+function hashObject(obj: unknown): string {
+  return crypto
+    .createHash('sha256')
+    .update(JSON.stringify(obj))
+    .digest('hex')
+    .slice(0, 12);
+}

package/packages/runtime/src/workspace/index.ts

@@ -0,0 +1,5 @@
+export * from './workspace-manager';
+export { InplaceWorkspaceManager } from './strategies/inplace';
+export { GitWorktreeManager } from './strategies/git-worktree';
+export { EphemeralContainerManager } from './strategies/ephemeral-container';
+export type { ContainerOptions } from './strategies/ephemeral-container';

package/packages/runtime/src/workspace/strategies/ephemeral-container.ts

@@ -0,0 +1,121 @@
+import { execFileSync, spawnSync } from 'child_process';
+import crypto from 'crypto';
+import type { WorkspaceManager, WorkspaceRequest } from '../workspace-manager';
+import type { WorkspaceLease, SnapshotRef } from '../../models/workspace';
+import { GitWorktreeManager } from './git-worktree';
+
+export interface ContainerOptions {
+  image: string;
+  mountPath: string;
+  extraEnv?: Record<string, string>;
+  /** Gracefully fall back to git_worktree if Docker is unavailable */
+  fallback?: boolean;
+}
+
+function isDockerAvailable(): boolean {
+  const result = spawnSync('docker', ['version', '--format', '{{.Server.Version}}'], {
+    encoding: 'utf8',
+    timeout: 5000,
+  });
+  return result.status === 0;
+}
+
+export class EphemeralContainerManager implements WorkspaceManager {
+  private readonly fallbackManager: GitWorktreeManager;
+  private containerIds = new Map<string, string>();
+  private useFallback = false;
+
+  constructor(
+    private readonly projectRoot: string,
+    private readonly opts: ContainerOptions = { image: 'node:20-alpine', mountPath: '/workspace', fallback: true }
+  ) {
+    this.fallbackManager = new GitWorktreeManager(projectRoot);
+    if (!isDockerAvailable()) {
+      if (opts.fallback !== false) {
+        this.useFallback = true;
+      } else {
+        throw new Error('Docker is not available and fallback is disabled');
+      }
+    }
+  }
+
+  get usingFallback(): boolean { return this.useFallback; }
+
+  async allocate(req: WorkspaceRequest): Promise<WorkspaceLease> {
+    if (this.useFallback) return this.fallbackManager.allocate(req);
+
+    const wsId = `ws-container-${req.work_item_id}-a${req.attempt_number}`;
+    const envArgs = Object.entries(this.opts.extraEnv ?? {}).flatMap(([k, v]) => ['-e', `${k}=${v}`]);
+
+    const result = spawnSync('docker', [
+      'run', '-d',
+      '-v', `${this.projectRoot}:${this.opts.mountPath}`,
+      '-w', this.opts.mountPath,
+      ...envArgs,
+      this.opts.image,
+      'sleep', '3600',
+    ], { encoding: 'utf8' });
+
+    if (result.status !== 0) {
+      if (this.opts.fallback !== false) {
+        this.useFallback = true;
+        return this.fallbackManager.allocate(req);
+      }
+      throw new Error(`docker run failed: ${result.stderr}`);
+    }
+
+    const containerId = result.stdout.trim().slice(0, 12);
+    this.containerIds.set(wsId, containerId);
+
+    return {
+      workspace_id: wsId,
+      strategy: 'ephemeral_container',
+      branch: null,
+      base_commit: null,
+      root_path: `docker:${containerId}:${this.opts.mountPath}`,
+      ttl_minutes: 60,
+    };
+  }
+
+  async snapshot(id: string): Promise<SnapshotRef> {
+    if (this.useFallback) return this.fallbackManager.snapshot(id);
+    const containerId = this.containerIds.get(id);
+    if (!containerId) throw new Error(`Container for workspace ${id} not found`);
+
+    const tag = `oxe-snap-${crypto.randomBytes(4).toString('hex')}`;
+    execFileSync('docker', ['commit', containerId, tag]);
+
+    return {
+      snapshot_id: tag,
+      workspace_id: id,
+      commit: tag,
+      created_at: new Date().toISOString(),
+    };
+  }
+
+  async reset(id: string, snapRef: SnapshotRef): Promise<void> {
+    if (this.useFallback) return this.fallbackManager.reset(id, snapRef);
+    const containerId = this.containerIds.get(id);
+    if (!containerId) return;
+    // Stop current container and start from snapshot
+    spawnSync('docker', ['stop', containerId]);
+    spawnSync('docker', ['rm', containerId]);
+    const result = spawnSync('docker', [
+      'run', '-d',
+      '-v', `${this.projectRoot}:${this.opts.mountPath}`,
+      snapRef.commit,
+      'sleep', '3600',
+    ], { encoding: 'utf8' });
+    const newId = result.stdout.trim().slice(0, 12);
+    this.containerIds.set(id, newId);
+  }
+
+  async dispose(id: string): Promise<void> {
+    if (this.useFallback) return this.fallbackManager.dispose(id);
+    const containerId = this.containerIds.get(id);
+    if (!containerId) return;
+    spawnSync('docker', ['stop', containerId], { encoding: 'utf8' });
+    spawnSync('docker', ['rm', containerId], { encoding: 'utf8' });
+    this.containerIds.delete(id);
+  }
+}