oxe-cc 1.2.1 → 1.3.0

package/packages/runtime/src/delivery/promotion-pipeline.ts

@@ -1,180 +1,334 @@
-import path from 'path';
-import fs from 'fs';
-import type { PRManager } from './pr-manager';
-import type { BranchManager } from './branch-manager';
-import type { VerificationManifest, ResidualRiskLedger } from '../verification/verification-manifest';
-import type { RunResult } from '../scheduler/scheduler';
-
-export interface RunPRLink {
-  run_id: string;
-  branch: string;
-  pr_url: string | null;
-  pr_number: number | null;
-  status: 'pending' | 'open' | 'merged' | 'closed' | 'blocked';
-  created_at: string;
-  merged_at: string | null;
-}
-
-export interface PromotionOptions {
-  baseBranch?: string;
-  draftPR?: boolean;
-  autoMerge?: boolean;
-  mergeMethod?: 'merge' | 'squash' | 'rebase';
-}
-
-export type MergeGateVerdict = 'approved' | 'blocked' | 'needs_review';
-
-export interface MergeGateReport {
-  verdict: MergeGateVerdict;
-  reasons: string[];
-  blocking_risks: string[];
-}
-
-export class MergeGateEvaluator {
-  evaluate(
-    runResult: RunResult,
-    manifest: VerificationManifest | null,
-    riskLedger: ResidualRiskLedger | null
-  ): MergeGateReport {
-    const reasons: string[] = [];
-    const blockingRisks: string[] = [];
-
-    if (runResult.failed.length > 0) {
-      reasons.push(`${runResult.failed.length} task(s) failed: ${runResult.failed.join(', ')}`);
-    }
-
-    if (runResult.blocked.length > 0) {
-      reasons.push(`${runResult.blocked.length} task(s) blocked: ${runResult.blocked.join(', ')}`);
-    }
-
-    if (manifest && !manifest.summary.all_passed) {
-      reasons.push(`Verification: ${manifest.summary.fail} check(s) failed, ${manifest.summary.error} error(s)`);
-    }
-
-    if (riskLedger) {
-      const critical = riskLedger.risks.filter((r) => r.severity === 'critical' || r.severity === 'high');
-      for (const risk of critical) {
-        blockingRisks.push(`[${risk.severity.toUpperCase()}] ${risk.description}`);
-      }
-    }
-
-    const hasBlockers = reasons.length > 0 || blockingRisks.length > 0;
-    const verdict: MergeGateVerdict = hasBlockers ? 'blocked' : 'approved';
-
-    return { verdict, reasons, blocking_risks: blockingRisks };
-  }
-}
-
-export class PromotionPipeline {
-  constructor(
-    private readonly projectRoot: string,
-    private readonly branchManager: BranchManager,
-    private readonly prManager: PRManager,
-    private readonly gateEvaluator: MergeGateEvaluator = new MergeGateEvaluator()
-  ) {}
-
-  buildPRBody(
-    runResult: RunResult,
-    manifest: VerificationManifest | null,
-    riskLedger: ResidualRiskLedger | null
-  ): string {
-    const lines: string[] = [];
-    lines.push('## OXE Run Summary');
-    lines.push('');
-    lines.push(`**Run ID:** \`${runResult.run_id}\``);
-    lines.push(`**Status:** ${runResult.status}`);
-    lines.push(`**Completed:** ${runResult.completed.length} tasks`);
-    if (runResult.failed.length > 0) {
-      lines.push(`**Failed:** ${runResult.failed.join(', ')}`);
-    }
-    if (runResult.blocked.length > 0) {
-      lines.push(`**Blocked:** ${runResult.blocked.join(', ')}`);
-    }
-
-    if (manifest) {
-      lines.push('');
-      lines.push('## Verification');
-      lines.push(`- Total: ${manifest.summary.total}`);
-      lines.push(`- Pass: ${manifest.summary.pass}`);
-      lines.push(`- Fail: ${manifest.summary.fail}`);
-      lines.push(`- Skip: ${manifest.summary.skip}`);
-    }
-
-    if (riskLedger && riskLedger.risks.length > 0) {
-      lines.push('');
-      lines.push('## Residual Risks');
-      for (const risk of riskLedger.risks) {
-        lines.push(`- [${risk.severity.toUpperCase()}] ${risk.description}`);
-        if (risk.mitigation) lines.push(`  - Mitigation: ${risk.mitigation}`);
-      }
-    }
-
-    lines.push('');
-    lines.push('---');
-    lines.push('*Generated by OXE Runtime*');
-
-    return lines.join('\n');
-  }
-
-  async promote(
-    runResult: RunResult,
-    manifest: VerificationManifest | null,
-    riskLedger: ResidualRiskLedger | null,
-    opts: PromotionOptions = {}
-  ): Promise<RunPRLink> {
-    const gateReport = this.gateEvaluator.evaluate(runResult, manifest, riskLedger);
-    const link: RunPRLink = {
-      run_id: runResult.run_id,
-      branch: this.branchManager.currentBranch(),
-      pr_url: null,
-      pr_number: null,
-      status: 'pending',
-      created_at: new Date().toISOString(),
-      merged_at: null,
-    };
-
-    if (gateReport.verdict === 'blocked') {
-      link.status = 'blocked';
-      this.savePRLink(runResult.run_id, link);
-      return link;
-    }
-
-    const body = this.buildPRBody(runResult, manifest, riskLedger);
-    const title = `oxe: run ${runResult.run_id} — ${runResult.completed.length} tasks`;
-
-    const prResult = this.prManager.createDraft({
-      title,
-      body,
-      base: opts.baseBranch ?? 'main',
-      draft: opts.draftPR !== false,
-    });
-
-    if (!prResult.success || !prResult.url) {
-      link.status = 'blocked';
-      this.savePRLink(runResult.run_id, link);
-      return link;
-    }
-
-    link.pr_url = prResult.url;
-    link.status = 'open';
-    this.savePRLink(runResult.run_id, link);
-
-    return link;
-  }
-
-  savePRLink(runId: string, link: RunPRLink): void {
-    const p = path.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
-    fs.mkdirSync(path.dirname(p), { recursive: true });
-    fs.writeFileSync(p, JSON.stringify(link, null, 2), 'utf8');
-  }
-
-  loadPRLink(runId: string): RunPRLink | null {
-    const p = path.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
-    if (!fs.existsSync(p)) return null;
-    try {
-      return JSON.parse(fs.readFileSync(p, 'utf8')) as RunPRLink;
-    } catch {
-      return null;
-    }
-  }
-}
+import path from 'path';
+import fs from 'fs';
+import type { PRManager } from './pr-manager';
+import type { BranchManager } from './branch-manager';
+import type { VerificationManifest, ResidualRiskLedger } from '../verification/verification-manifest';
+import type { EvidenceCoverageSummary } from '../verification/verification-manifest';
+import type { RunResult } from '../scheduler/scheduler';
+import type { GateToken } from '../gate/gate-manager';
+import {
+  saveCommitRecord,
+  loadCommitRecord,
+  savePromotionRecord,
+  loadPromotionRecord,
+  type CommitRecord,
+  type PromotionRecord,
+  type PromotionRemoteTarget,
+} from './delivery-records';
+
+export interface RunPRLink {
+  run_id: string;
+  branch: string;
+  pr_url: string | null;
+  pr_number: number | null;
+  status: 'pending' | 'open' | 'merged' | 'closed' | 'blocked';
+  created_at: string;
+  merged_at: string | null;
+}
+
+export interface PromotionOptions {
+  baseBranch?: string;
+  draftPR?: boolean;
+  autoMerge?: boolean;
+  mergeMethod?: 'merge' | 'squash' | 'rebase';
+  targetRef?: string;
+  remote?: string;
+  targetKind?: PromotionRemoteTarget;
+  minimumCoverage?: number;
+}
+
+export type MergeGateVerdict = 'approved' | 'blocked' | 'needs_review';
+
+export interface MergeGateReport {
+  verdict: MergeGateVerdict;
+  reasons: string[];
+  blocking_risks: string[];
+  pending_gates: Array<{ gate_id: string; scope: string; work_item_id: string | null }>;
+}
+
+export class MergeGateEvaluator {
+  evaluate(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null,
+    gates: GateToken[] = [],
+    evidenceCoverage: EvidenceCoverageSummary | null = null,
+    minimumCoverage = 100
+  ): MergeGateReport {
+    const reasons: string[] = [];
+    const blockingRisks: string[] = [];
+    const pendingGates = gates
+      .filter((gate) => gate.status === 'pending')
+      .map((gate) => ({
+        gate_id: gate.gate_id,
+        scope: gate.scope,
+        work_item_id: gate.work_item_id ?? null,
+      }));
+
+    if (runResult.failed.length > 0) {
+      reasons.push(`${runResult.failed.length} task(s) failed: ${runResult.failed.join(', ')}`);
+    }
+
+    if (runResult.blocked.length > 0) {
+      reasons.push(`${runResult.blocked.length} task(s) blocked: ${runResult.blocked.join(', ')}`);
+    }
+
+    if (manifest && !manifest.summary.all_passed) {
+      reasons.push(`Verification: ${manifest.summary.fail} check(s) failed, ${manifest.summary.error} error(s)`);
+    }
+
+    if (riskLedger) {
+      const critical = riskLedger.risks.filter((r) => r.severity === 'critical' || r.severity === 'high');
+      for (const risk of critical) {
+        blockingRisks.push(`[${risk.severity.toUpperCase()}] ${risk.description}`);
+      }
+    }
+
+    if (pendingGates.length > 0) {
+      reasons.push(`${pendingGates.length} pending gate(s)`);
+    }
+
+    if (evidenceCoverage && evidenceCoverage.coverage_percent < minimumCoverage) {
+      reasons.push(`Evidence coverage below threshold: ${evidenceCoverage.coverage_percent}%/${minimumCoverage}%`);
+    }
+
+    const hasBlockers = reasons.length > 0 || blockingRisks.length > 0;
+    const verdict: MergeGateVerdict = hasBlockers ? 'blocked' : 'approved';
+
+    return { verdict, reasons, blocking_risks: blockingRisks, pending_gates: pendingGates };
+  }
+}
+
+export class PromotionPipeline {
+  constructor(
+    private readonly projectRoot: string,
+    private readonly branchManager: BranchManager,
+    private readonly prManager: PRManager,
+    private readonly gateEvaluator: MergeGateEvaluator = new MergeGateEvaluator()
+  ) {}
+
+  private baseSummaryLines(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null
+  ): string[] {
+    const lines: string[] = [];
+    lines.push(`**Run ID:** \`${runResult.run_id}\``);
+    lines.push(`**Status:** ${runResult.status}`);
+    lines.push(`**Completed:** ${runResult.completed.length} tasks`);
+    if (runResult.failed.length > 0) {
+      lines.push(`**Failed:** ${runResult.failed.join(', ')}`);
+    }
+    if (runResult.blocked.length > 0) {
+      lines.push(`**Blocked:** ${runResult.blocked.join(', ')}`);
+    }
+
+    if (manifest) {
+      lines.push('');
+      lines.push('## Verification');
+      lines.push(`- Total: ${manifest.summary.total}`);
+      lines.push(`- Pass: ${manifest.summary.pass}`);
+      lines.push(`- Fail: ${manifest.summary.fail}`);
+      lines.push(`- Skip: ${manifest.summary.skip}`);
+    }
+
+    if (riskLedger && riskLedger.risks.length > 0) {
+      lines.push('');
+      lines.push('## Residual Risks');
+      for (const risk of riskLedger.risks) {
+        lines.push(`- [${risk.severity.toUpperCase()}] ${risk.description}`);
+        if (risk.mitigation) lines.push(`  - Mitigation: ${risk.mitigation}`);
+      }
+    }
+
+    lines.push('');
+    lines.push('---');
+    lines.push('*Generated by OXE Runtime*');
+
+    return lines;
+  }
+
+  buildCommitSummary(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null,
+    commitMessage: string | null = null
+  ): string {
+    const lines = ['## OXE Commit Summary', ''];
+    if (commitMessage) lines.push(`**Commit message:** \`${commitMessage}\``, '');
+    lines.push(...this.baseSummaryLines(runResult, manifest, riskLedger));
+    return lines.join('\n');
+  }
+
+  buildPromotionSummary(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null
+  ): string {
+    const lines = ['## OXE Promotion Summary', '', ...this.baseSummaryLines(runResult, manifest, riskLedger)];
+    return lines.join('\n');
+  }
+
+  buildPRBody(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null
+  ): string {
+    return this.buildPromotionSummary(runResult, manifest, riskLedger);
+  }
+
+  recordLocalCommit(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null,
+    options: {
+      commitMessage?: string;
+      commitSha?: string | null;
+      summaryPath?: string | null;
+    } = {}
+  ): CommitRecord {
+    const blocked = runResult.failed.length > 0 || runResult.blocked.length > 0;
+    const record: CommitRecord = {
+      run_id: runResult.run_id,
+      branch: this.branchManager.currentBranch(),
+      commit_sha: options.commitSha ?? this.safeCurrentCommit(),
+      status: blocked ? 'blocked' : 'committed',
+      created_at: new Date().toISOString(),
+      committed_at: blocked ? null : new Date().toISOString(),
+      message: options.commitMessage ?? null,
+      summary_path: options.summaryPath ?? null,
+    };
+    saveCommitRecord(this.projectRoot, runResult.run_id, record);
+    return record;
+  }
+
+  async promote(
+    runResult: RunResult,
+    manifest: VerificationManifest | null,
+    riskLedger: ResidualRiskLedger | null,
+    opts: PromotionOptions = {},
+    gates: GateToken[] = [],
+    evidenceCoverage: EvidenceCoverageSummary | null = null
+  ): Promise<PromotionRecord> {
+    const gateReport = this.gateEvaluator.evaluate(
+      runResult,
+      manifest,
+      riskLedger,
+      gates,
+      evidenceCoverage,
+      opts.minimumCoverage ?? 100
+    );
+    const targetKind = opts.targetKind ?? 'pr_draft';
+    const link: PromotionRecord = {
+      run_id: runResult.run_id,
+      target: 'remote_promotion',
+      target_kind: targetKind,
+      branch: this.branchManager.currentBranch(),
+      status: 'pending',
+      created_at: new Date().toISOString(),
+      promoted_at: null,
+      summary_path: null,
+      remote: opts.remote ?? 'origin',
+      target_ref: opts.targetRef ?? opts.baseBranch ?? 'main',
+      pr_url: null,
+      pr_number: null,
+      reasons: gateReport.reasons,
+      coverage_percent: evidenceCoverage ? evidenceCoverage.coverage_percent : null,
+    };
+
+    if (gateReport.verdict === 'blocked') {
+      link.status = 'blocked';
+      savePromotionRecord(this.projectRoot, runResult.run_id, link);
+      this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+      return link;
+    }
+
+    if (targetKind === 'branch_push') {
+      try {
+        this.branchManager.push(opts.remote ?? 'origin', link.branch, false);
+        link.status = 'promoted';
+        link.promoted_at = new Date().toISOString();
+        savePromotionRecord(this.projectRoot, runResult.run_id, link);
+        this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+        return link;
+      } catch {
+        link.status = 'blocked';
+        savePromotionRecord(this.projectRoot, runResult.run_id, link);
+        this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+        return link;
+      }
+    }
+
+    const body = this.buildPromotionSummary(runResult, manifest, riskLedger);
+    const title = `oxe: run ${runResult.run_id} — ${runResult.completed.length} tasks`;
+
+    const prResult = this.prManager.createDraft({
+      title,
+      body,
+      base: opts.baseBranch ?? 'main',
+      draft: opts.draftPR !== false,
+    });
+
+    if (!prResult.success || !prResult.url) {
+      link.status = 'blocked';
+      savePromotionRecord(this.projectRoot, runResult.run_id, link);
+      this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+      return link;
+    }
+
+    link.pr_url = prResult.url;
+    link.status = 'open';
+    link.promoted_at = new Date().toISOString();
+    savePromotionRecord(this.projectRoot, runResult.run_id, link);
+    this.savePRLink(runResult.run_id, this.asRunPRLink(link));
+
+    return link;
+  }
+
+  loadCommitRecord(runId: string): CommitRecord | null {
+    return loadCommitRecord(this.projectRoot, runId);
+  }
+
+  loadPromotionRecord(runId: string): PromotionRecord | null {
+    return loadPromotionRecord(this.projectRoot, runId);
+  }
+
+  savePRLink(runId: string, link: RunPRLink): void {
+    const p = path.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
+    fs.mkdirSync(path.dirname(p), { recursive: true });
+    fs.writeFileSync(p, JSON.stringify(link, null, 2), 'utf8');
+  }
+
+  loadPRLink(runId: string): RunPRLink | null {
+    const p = path.join(this.projectRoot, '.oxe', 'runs', runId, 'pr-link.json');
+    if (!fs.existsSync(p)) return null;
+    try {
+      return JSON.parse(fs.readFileSync(p, 'utf8')) as RunPRLink;
+    } catch {
+      const promotion = loadPromotionRecord(this.projectRoot, runId);
+      return promotion ? this.asRunPRLink(promotion) : null;
+    }
+  }
+
+  private asRunPRLink(record: PromotionRecord): RunPRLink {
+    return {
+      run_id: record.run_id,
+      branch: record.branch,
+      pr_url: record.pr_url,
+      pr_number: record.pr_number,
+      status: record.target_kind === 'branch_push'
+        ? (record.status === 'blocked' ? 'blocked' : 'open')
+        : (record.status === 'promoted' ? 'open' : record.status),
+      created_at: record.created_at,
+      merged_at: record.status === 'merged' ? record.promoted_at : null,
+    };
+  }
+
+  private safeCurrentCommit(): string | null {
+    try {
+      return this.branchManager.currentCommit();
+    } catch {
+      return null;
+    }
+  }
+}