oxe-cc 0.9.3 → 1.2.1

package/packages/runtime/src/decision/decision-memo.ts

@@ -0,0 +1,211 @@
+import crypto from 'crypto';
+import path from 'path';
+import fs from 'fs';
+
+export type ChangeStrategy =
+  | 'minimal_patch'
+  | 'isolated_refactor'
+  | 'expand_contract'
+  | 'feature_flag'
+  | 'no_op';
+
+export interface BlastRadiusEstimate {
+  estimated_files: number;
+  subsystems: string[];
+  risk_score: number;
+  reversible: boolean;
+}
+
+export interface RollbackPlan {
+  strategy: 'revert_commit' | 'restore_workspace' | 'undo_patch' | 'no_rollback';
+  steps: string[];
+  estimated_cost: 'low' | 'medium' | 'high';
+  preconditions: string[];
+}
+
+export interface DecisionMemo {
+  memo_id: string;
+  work_item_id: string;
+  run_id: string;
+  problem_summary: string;
+  chosen_strategy: ChangeStrategy;
+  alternatives_rejected: Array<{ strategy: ChangeStrategy; reason: string }>;
+  blast_radius: BlastRadiusEstimate;
+  rollback_plan: RollbackPlan;
+  min_evidence_required: string[];
+  confidence: number;
+  created_at: string;
+}
+
+// ─── BlastRadius estimation ───────────────────────────────────────────────────
+
+function deriveSubsystems(mutationScope: string[]): string[] {
+  const seen = new Set<string>();
+  for (const p of mutationScope) {
+    const parts = p.replace(/\\/g, '/').split('/');
+    if (parts.length >= 2) seen.add(parts[0]);
+    else seen.add(p);
+  }
+  return [...seen];
+}
+
+function estimateRiskScore(mutationScope: string[], retryCount: number, riskLevel: string): number {
+  let score = 0;
+  score += Math.min(0.4, mutationScope.length * 0.05);
+  score += retryCount > 0 ? Math.min(0.2, retryCount * 0.05) : 0;
+  switch (riskLevel) {
+    case 'critical': score += 0.4; break;
+    case 'high': score += 0.3; break;
+    case 'medium': score += 0.15; break;
+    case 'low': score += 0.05; break;
+    default: break;
+  }
+  return Math.min(1, score);
+}
+
+export function buildBlastRadius(
+  mutationScope: string[],
+  retryCount: number,
+  riskLevel: string
+): BlastRadiusEstimate {
+  const risk_score = estimateRiskScore(mutationScope, retryCount, riskLevel);
+  return {
+    estimated_files: mutationScope.length,
+    subsystems: deriveSubsystems(mutationScope),
+    risk_score: Math.round(risk_score * 100) / 100,
+    reversible: riskLevel !== 'critical' && mutationScope.length <= 10,
+  };
+}
+
+// ─── RollbackPlan ─────────────────────────────────────────────────────────────
+
+export function buildRollbackPlan(
+  blastRadius: BlastRadiusEstimate,
+  retryCount: number
+): RollbackPlan {
+  if (blastRadius.risk_score >= 0.7 || !blastRadius.reversible) {
+    return {
+      strategy: 'restore_workspace',
+      steps: ['snapshot workspace before mutation', 'restore snapshot on failure', 'verify clean state'],
+      estimated_cost: 'high',
+      preconditions: ['workspace snapshot available', 'no shared-state mutations'],
+    };
+  }
+  if (retryCount > 1 || blastRadius.estimated_files > 5) {
+    return {
+      strategy: 'revert_commit',
+      steps: ['record commit SHA before change', 'git revert on failure'],
+      estimated_cost: 'medium',
+      preconditions: ['git repo initialized', 'changes committed atomically'],
+    };
+  }
+  return {
+    strategy: 'undo_patch',
+    steps: ['apply inverse patch'],
+    estimated_cost: 'low',
+    preconditions: ['original file state recorded'],
+  };
+}
+
+// ─── StrategySelector ────────────────────────────────────────────────────────
+
+export class StrategySelector {
+  select(mutationScope: string[], retryCount: number, riskLevel: string): ChangeStrategy {
+    if (riskLevel === 'critical') return 'feature_flag';
+    if (retryCount > 1) return 'minimal_patch';
+    if (mutationScope.length > 8) return 'isolated_refactor';
+    if (riskLevel === 'high') return 'feature_flag';
+    if (mutationScope.length > 3) return 'expand_contract';
+    if (mutationScope.length === 0) return 'no_op';
+    return 'minimal_patch';
+  }
+
+  alternatives(chosen: ChangeStrategy, mutationScope: string[], riskLevel: string): Array<{ strategy: ChangeStrategy; reason: string }> {
+    const all: ChangeStrategy[] = ['minimal_patch', 'isolated_refactor', 'expand_contract', 'feature_flag', 'no_op'];
+    return all
+      .filter((s) => s !== chosen)
+      .map((s) => ({ strategy: s, reason: this.rejectionReason(s, chosen, mutationScope, riskLevel) }));
+  }
+
+  private rejectionReason(s: ChangeStrategy, chosen: ChangeStrategy, mutationScope: string[], riskLevel: string): string {
+    switch (s) {
+      case 'no_op': return 'mutation scope is non-empty; no-op would not satisfy requirements';
+      case 'feature_flag': return riskLevel !== 'critical' && riskLevel !== 'high' ? 'risk level does not warrant feature flag overhead' : `${chosen} preferred for scope size`;
+      case 'isolated_refactor': return mutationScope.length <= 8 ? 'scope is small enough for simpler strategy' : `${chosen} preferred`;
+      case 'expand_contract': return 'expand-contract requires coordinated deployment; overhead not justified here';
+      case 'minimal_patch': return `${chosen} preferred due to scope or risk level`;
+      default: return 'not applicable';
+    }
+  }
+}
+
+// ─── Memo builder & persistence ──────────────────────────────────────────────
+
+export interface BuildMemoInput {
+  work_item_id: string;
+  run_id: string;
+  problem_summary: string;
+  mutation_scope: string[];
+  retry_count: number;
+  risk_level: string;
+  min_evidence_required?: string[];
+  confidence?: number;
+}
+
+export function buildMemo(input: BuildMemoInput): DecisionMemo {
+  const selector = new StrategySelector();
+  const chosen = selector.select(input.mutation_scope, input.retry_count, input.risk_level);
+  const blast_radius = buildBlastRadius(input.mutation_scope, input.retry_count, input.risk_level);
+  const rollback_plan = buildRollbackPlan(blast_radius, input.retry_count);
+  const alternatives_rejected = selector.alternatives(chosen, input.mutation_scope, input.risk_level);
+
+  return {
+    memo_id: `memo-${crypto.randomBytes(4).toString('hex')}`,
+    work_item_id: input.work_item_id,
+    run_id: input.run_id,
+    problem_summary: input.problem_summary,
+    chosen_strategy: chosen,
+    alternatives_rejected,
+    blast_radius,
+    rollback_plan,
+    min_evidence_required: input.min_evidence_required ?? [],
+    confidence: input.confidence ?? (1 - blast_radius.risk_score),
+    created_at: new Date().toISOString(),
+  };
+}
+
+function memoDir(projectRoot: string, runId: string): string {
+  return path.join(projectRoot, '.oxe', 'runs', runId, 'memos');
+}
+
+export function saveMemo(projectRoot: string, memo: DecisionMemo): void {
+  const dir = memoDir(projectRoot, memo.run_id);
+  fs.mkdirSync(dir, { recursive: true });
+  fs.writeFileSync(path.join(dir, `${memo.memo_id}.json`), JSON.stringify(memo, null, 2), 'utf8');
+}
+
+export function loadMemo(projectRoot: string, runId: string, memoId: string): DecisionMemo | null {
+  const p = path.join(memoDir(projectRoot, runId), `${memoId}.json`);
+  if (!fs.existsSync(p)) return null;
+  try {
+    return JSON.parse(fs.readFileSync(p, 'utf8')) as DecisionMemo;
+  } catch {
+    return null;
+  }
+}
+
+export function listMemos(projectRoot: string, runId: string): DecisionMemo[] {
+  const dir = memoDir(projectRoot, runId);
+  if (!fs.existsSync(dir)) return [];
+  return fs
+    .readdirSync(dir)
+    .filter((f) => f.endsWith('.json'))
+    .map((f) => {
+      try {
+        return JSON.parse(fs.readFileSync(path.join(dir, f), 'utf8')) as DecisionMemo;
+      } catch {
+        return null;
+      }
+    })
+    .filter((m): m is DecisionMemo => m !== null);
+}

package/packages/runtime/src/decision/index.ts

@@ -0,0 +1,2 @@
+export * from './decision-engine';
+export * from './decision-memo';

package/packages/runtime/src/delivery/branch-manager.ts

@@ -0,0 +1,84 @@
+import { execFileSync, spawnSync } from 'child_process';
+
+export interface BranchInfo {
+  name: string;
+  current: boolean;
+  commit: string;
+}
+
+export class BranchManager {
+  constructor(private readonly projectRoot: string) {}
+
+  currentBranch(): string {
+    return this.git(['rev-parse', '--abbrev-ref', 'HEAD']).trim();
+  }
+
+  currentCommit(): string {
+    return this.git(['rev-parse', 'HEAD']).trim();
+  }
+
+  createSessionBranch(sessionId: string): string {
+    const name = `oxe/${sessionId}`;
+    this.git(['checkout', '-b', name]);
+    return name;
+  }
+
+  createOxeBranch(name: string, base?: string): string {
+    const fullName = name.startsWith('oxe/') ? name : `oxe/${name}`;
+    if (base) {
+      this.git(['checkout', '-b', fullName, base]);
+    } else {
+      this.git(['checkout', '-b', fullName]);
+    }
+    return fullName;
+  }
+
+  switchTo(branchName: string): void {
+    this.git(['checkout', branchName]);
+  }
+
+  deleteBranch(name: string, force = false): void {
+    const flag = force ? '-D' : '-d';
+    this.git(['branch', flag, name]);
+  }
+
+  listOxeBranches(): BranchInfo[] {
+    const raw = this.git(['branch', '--list', 'oxe/*', '--format=%(refname:short) %(objectname:short) %(HEAD)']);
+    return raw
+      .split('\n')
+      .filter(Boolean)
+      .map((line) => {
+        const parts = line.trim().split(/\s+/);
+        return {
+          name: parts[0],
+          commit: parts[1] ?? '',
+          current: parts[2] === '*',
+        };
+      });
+  }
+
+  mergeWorktreeBranch(worktreeBranch: string, targetBranch: string): void {
+    const saved = this.currentBranch();
+    try {
+      this.git(['checkout', targetBranch]);
+      this.git(['merge', '--no-ff', worktreeBranch, '-m', `oxe: merge ${worktreeBranch}`]);
+    } finally {
+      try { this.git(['checkout', saved]); } catch { /* best effort */ }
+    }
+  }
+
+  branchExists(name: string): boolean {
+    const result = spawnSync('git', ['rev-parse', '--verify', name], {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+    return result.status === 0;
+  }
+
+  private git(args: string[]): string {
+    return execFileSync('git', args, {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+  }
+}

package/packages/runtime/src/delivery/ci-checks.ts

@@ -0,0 +1,252 @@
+import fs from 'fs';
+import path from 'path';
+import type { EvidenceStore } from '../evidence/evidence-store';
+
+export type CICheckStatus = 'pass' | 'fail' | 'skip' | 'error';
+
+export interface CICheckContext {
+  projectRoot: string;
+  sessionId: string | null;
+  runId?: string;
+  evidenceStore?: EvidenceStore;
+}
+
+export interface CICheckResult {
+  check: string;
+  status: CICheckStatus;
+  message: string;
+  details?: unknown;
+}
+
+export interface CICheck {
+  name: string;
+  description: string;
+  run(ctx: CICheckContext): Promise<CICheckResult>;
+}
+
+// ─── Check: plan-consistency ─────────────────────────────────────────────────
+
+export const planConsistencyCheck: CICheck = {
+  name: 'oxe-plan-consistency',
+  description: 'Verifies ACTIVE-RUN.json exists and has a compiled ExecutionGraph',
+  async run(ctx) {
+    const activeRunPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'execution', 'ACTIVE-RUN.json')
+      : path.join(ctx.projectRoot, '.oxe', 'ACTIVE-RUN.json');
+
+    if (!fs.existsSync(activeRunPath)) {
+      return { check: this.name, status: 'skip', message: 'No ACTIVE-RUN.json found' };
+    }
+
+    try {
+      const raw = JSON.parse(fs.readFileSync(activeRunPath, 'utf8')) as Record<string, unknown>;
+      const hasGraph = raw.compiled_graph && typeof raw.compiled_graph === 'object';
+      const hasRunId = typeof raw.run_id === 'string';
+
+      if (!hasRunId) {
+        return { check: this.name, status: 'fail', message: 'ACTIVE-RUN.json missing run_id', details: raw };
+      }
+      if (!hasGraph) {
+        return { check: this.name, status: 'fail', message: 'No compiled ExecutionGraph found in ACTIVE-RUN.json', details: { run_id: raw.run_id } };
+      }
+      return { check: this.name, status: 'pass', message: `Run ${String(raw.run_id)} has compiled graph` };
+    } catch (err) {
+      return { check: this.name, status: 'error', message: `Failed to parse ACTIVE-RUN.json: ${String(err)}` };
+    }
+  },
+};
+
+// ─── Check: verify-acceptance ────────────────────────────────────────────────
+
+export const verifyAcceptanceCheck: CICheck = {
+  name: 'oxe-verify-acceptance',
+  description: 'Checks that VERIFY.md exists and contains no failed criteria',
+  async run(ctx) {
+    const verifyPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'verification', 'VERIFY.md')
+      : path.join(ctx.projectRoot, '.oxe', 'VERIFY.md');
+
+    if (!fs.existsSync(verifyPath)) {
+      return { check: this.name, status: 'skip', message: 'No VERIFY.md found — run /oxe-verify first' };
+    }
+
+    const content = fs.readFileSync(verifyPath, 'utf8');
+    const failLines = content.split('\n').filter((l) => l.includes('✗ FAIL'));
+    const passLines = content.split('\n').filter((l) => l.includes('✓ PASS'));
+
+    if (failLines.length > 0) {
+      return {
+        check: this.name,
+        status: 'fail',
+        message: `${failLines.length} acceptance criteria failed`,
+        details: { failed: failLines, passed: passLines.length },
+      };
+    }
+    if (passLines.length === 0) {
+      return { check: this.name, status: 'skip', message: 'VERIFY.md has no pass/fail markers' };
+    }
+    return { check: this.name, status: 'pass', message: `${passLines.length} acceptance criteria passed` };
+  },
+};
+
+// ─── Check: policy ───────────────────────────────────────────────────────────
+
+export const policyCheck: CICheck = {
+  name: 'oxe-policy',
+  description: 'Checks that no gates are pending (unresolved human approval)',
+  async run(ctx) {
+    const gatesPath = ctx.sessionId
+      ? path.join(ctx.projectRoot, '.oxe', ctx.sessionId, 'execution', 'GATES.json')
+      : path.join(ctx.projectRoot, '.oxe', 'execution', 'GATES.json');
+
+    if (!fs.existsSync(gatesPath)) {
+      return { check: this.name, status: 'pass', message: 'No pending gates' };
+    }
+
+    try {
+      const gates = JSON.parse(fs.readFileSync(gatesPath, 'utf8')) as Array<{ status: string; scope: string; gate_id: string }>;
+      const pending = gates.filter((g) => g.status === 'pending');
+      if (pending.length > 0) {
+        return {
+          check: this.name,
+          status: 'fail',
+          message: `${pending.length} unresolved gate(s)`,
+          details: pending.map((g) => ({ gate_id: g.gate_id, scope: g.scope })),
+        };
+      }
+      return { check: this.name, status: 'pass', message: 'All gates resolved' };
+    } catch (err) {
+      return { check: this.name, status: 'error', message: `Failed to read GATES.json: ${String(err)}` };
+    }
+  },
+};
+
+// ─── Check: security-baseline ────────────────────────────────────────────────
+
+const SECRET_PATTERNS = [
+  /(?:password|passwd|secret|api[_-]?key|auth[_-]?token)\s*[:=]\s*['"]?\S{8,}/i,
+  /(?:AKIA|ASIA)[A-Z0-9]{16}/,
+  /-----BEGIN (?:RSA|EC|OPENSSH) PRIVATE KEY-----/,
+];
+
+export const securityBaselineCheck: CICheck = {
+  name: 'oxe-security-baseline',
+  description: 'Scans evidence artifacts for common secret patterns',
+  async run(ctx) {
+    if (!ctx.evidenceStore || !ctx.runId) {
+      return { check: this.name, status: 'skip', message: 'No evidence store or run ID provided' };
+    }
+
+    const evidenceDir = path.join(ctx.projectRoot, '.oxe', 'evidence', 'runs', ctx.runId);
+    if (!fs.existsSync(evidenceDir)) {
+      return { check: this.name, status: 'skip', message: 'No evidence found for this run' };
+    }
+
+    const findings: string[] = [];
+    walkDir(evidenceDir, (filePath) => {
+      if (filePath.endsWith('.json') || filePath.endsWith('.patch') || filePath.endsWith('.txt')) {
+        try {
+          const content = fs.readFileSync(filePath, 'utf8');
+          for (const pattern of SECRET_PATTERNS) {
+            if (pattern.test(content)) {
+              findings.push(`${path.basename(filePath)}: matches pattern ${pattern.source.slice(0, 40)}`);
+              break;
+            }
+          }
+        } catch { /* skip unreadable */ }
+      }
+    });
+
+    if (findings.length > 0) {
+      return { check: this.name, status: 'fail', message: `Secret patterns detected in ${findings.length} evidence file(s)`, details: findings };
+    }
+    return { check: this.name, status: 'pass', message: 'No secret patterns detected in evidence' };
+  },
+};
+
+// ─── Check: runtime-evidence-integrity ───────────────────────────────────────
+
+export const runtimeEvidenceIntegrityCheck: CICheck = {
+  name: 'oxe-runtime-evidence-integrity',
+  description: 'Validates that all evidence index files are valid JSON and files exist on disk',
+  async run(ctx) {
+    if (!ctx.runId) {
+      return { check: this.name, status: 'skip', message: 'No run ID provided' };
+    }
+
+    const runEvidenceDir = path.join(ctx.projectRoot, '.oxe', 'evidence', 'runs', ctx.runId);
+    if (!fs.existsSync(runEvidenceDir)) {
+      return { check: this.name, status: 'skip', message: 'No evidence directory for this run' };
+    }
+
+    const errors: string[] = [];
+    let indexCount = 0;
+    let evidenceCount = 0;
+
+    walkDir(runEvidenceDir, (filePath) => {
+      if (path.basename(filePath) !== 'index.json') return;
+      indexCount++;
+      try {
+        const items = JSON.parse(fs.readFileSync(filePath, 'utf8')) as Array<{ path: string; evidence_id: string }>;
+        for (const item of items) {
+          evidenceCount++;
+          const absPath = path.join(ctx.projectRoot, item.path);
+          if (!fs.existsSync(absPath)) {
+            errors.push(`Missing file for ${item.evidence_id}: ${item.path}`);
+          }
+        }
+      } catch (err) {
+        errors.push(`Corrupt index at ${filePath}: ${String(err)}`);
+      }
+    });
+
+    if (errors.length > 0) {
+      return { check: this.name, status: 'fail', message: `${errors.length} integrity error(s)`, details: errors };
+    }
+    return {
+      check: this.name,
+      status: indexCount === 0 ? 'skip' : 'pass',
+      message: `${evidenceCount} evidence artifact(s) across ${indexCount} index(es) — all valid`,
+    };
+  },
+};
+
+// ─── Suite ───────────────────────────────────────────────────────────────────
+
+export const OXE_CI_CHECKS: CICheck[] = [
+  planConsistencyCheck,
+  verifyAcceptanceCheck,
+  policyCheck,
+  securityBaselineCheck,
+  runtimeEvidenceIntegrityCheck,
+];
+
+export async function runCIChecks(
+  ctx: CICheckContext,
+  checks: CICheck[] = OXE_CI_CHECKS
+): Promise<CICheckResult[]> {
+  const results: CICheckResult[] = [];
+  for (const check of checks) {
+    results.push(await check.run(ctx));
+  }
+  return results;
+}
+
+export function summarizeCIResults(results: CICheckResult[]): {
+  total: number; pass: number; fail: number; skip: number; error: number; allPassed: boolean;
+} {
+  const counts = { total: results.length, pass: 0, fail: 0, skip: 0, error: 0 };
+  for (const r of results) counts[r.status]++;
+  return { ...counts, allPassed: counts.fail === 0 && counts.error === 0 };
+}
+
+// ─── Helpers ─────────────────────────────────────────────────────────────────
+
+function walkDir(dir: string, visitor: (filePath: string) => void): void {
+  if (!fs.existsSync(dir)) return;
+  for (const entry of fs.readdirSync(dir, { withFileTypes: true })) {
+    const full = path.join(dir, entry.name);
+    if (entry.isDirectory()) walkDir(full, visitor);
+    else visitor(full);
+  }
+}

package/packages/runtime/src/delivery/index.ts

@@ -0,0 +1,4 @@
+export * from './branch-manager';
+export * from './pr-manager';
+export * from './ci-checks';
+export * from './promotion-pipeline';

package/packages/runtime/src/delivery/pr-manager.ts

@@ -0,0 +1,112 @@
+import { spawnSync } from 'child_process';
+
+export interface PRDraftOptions {
+  title: string;
+  body: string;
+  base?: string;
+  head?: string;
+  draft?: boolean;
+}
+
+export interface PRInfo {
+  number: number;
+  title: string;
+  url: string;
+  state: string;
+  draft: boolean;
+  head: string;
+  base: string;
+}
+
+export interface PRResult {
+  success: boolean;
+  url?: string;
+  error?: string;
+  pr?: PRInfo;
+}
+
+function isGhAvailable(cwd: string): boolean {
+  const result = spawnSync('gh', ['--version'], { cwd, encoding: 'utf8' });
+  return result.status === 0;
+}
+
+export class PRManager {
+  constructor(private readonly projectRoot: string) {}
+
+  isAvailable(): boolean {
+    return isGhAvailable(this.projectRoot);
+  }
+
+  createDraft(opts: PRDraftOptions): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available — install from https://cli.github.com' };
+    }
+    const args = [
+      'pr', 'create',
+      '--title', opts.title,
+      '--body', opts.body,
+    ];
+    if (opts.draft !== false) args.push('--draft');
+    if (opts.base) args.push('--base', opts.base);
+    if (opts.head) args.push('--head', opts.head);
+
+    const result = spawnSync('gh', args, {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+
+    if (result.status !== 0) {
+      return { success: false, error: result.stderr?.trim() ?? 'gh pr create failed' };
+    }
+    const url = result.stdout?.trim();
+    return { success: true, url };
+  }
+
+  view(prNumberOrUrl: string | number): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available' };
+    }
+    const result = spawnSync(
+      'gh',
+      ['pr', 'view', String(prNumberOrUrl), '--json', 'number,title,url,state,isDraft,headRefName,baseRefName'],
+      { cwd: this.projectRoot, encoding: 'utf8' }
+    );
+    if (result.status !== 0) {
+      return { success: false, error: result.stderr?.trim() };
+    }
+    try {
+      const raw = JSON.parse(result.stdout) as {
+        number: number; title: string; url: string; state: string;
+        isDraft: boolean; headRefName: string; baseRefName: string;
+      };
+      return {
+        success: true,
+        url: raw.url,
+        pr: {
+          number: raw.number,
+          title: raw.title,
+          url: raw.url,
+          state: raw.state.toLowerCase(),
+          draft: raw.isDraft,
+          head: raw.headRefName,
+          base: raw.baseRefName,
+        },
+      };
+    } catch {
+      return { success: false, error: 'Failed to parse gh output' };
+    }
+  }
+
+  mergePR(prNumber: number, method: 'merge' | 'squash' | 'rebase' = 'merge'): PRResult {
+    if (!this.isAvailable()) {
+      return { success: false, error: 'gh CLI not available' };
+    }
+    const result = spawnSync('gh', ['pr', 'merge', String(prNumber), `--${method}`, '--delete-branch'], {
+      cwd: this.projectRoot,
+      encoding: 'utf8',
+    });
+    return result.status === 0
+      ? { success: true }
+      : { success: false, error: result.stderr?.trim() };
+  }
+}