pumuki-ast-hooks 5.3.17 → 5.3.19

package/scripts/hooks-system/application/services/HookSystemScheduler.js

@@ -3,23 +3,66 @@ const HookSystemStateMachine = require('../state/HookSystemStateMachine');
 
 class HookSystemScheduler {
   constructor({ orchestrator, contextEngine, intervalMs = 30000 }) {
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'constructor',
+      status: 'started',
+      intervalMs
+    });
+
     this.orchestrator = orchestrator;
     this.contextEngine = contextEngine;
     this.intervalMs = intervalMs;
     this.stateMachine = new HookSystemStateMachine();
     this.timer = null;
+
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'constructor',
+      status: 'success',
+      intervalMs
+    });
   }
 
   start() {
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'start',
+      status: 'started',
+      intervalMs: this.intervalMs
+    });
+
     if (this.timer) return;
+
     this.timer = setInterval(() => this.tick(), this.intervalMs);
+
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'start',
+      status: 'success',
+      intervalMs: this.intervalMs
+    });
   }
 
   stop() {
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'stop',
+      status: 'started',
+      hadTimer: !!this.timer
+    });
+
     if (this.timer) {
       clearInterval(this.timer);
       this.timer = null;
     }
+
+    recordMetric({
+      hook: 'hook_system_scheduler',
+      operation: 'stop',
+      status: 'success',
+      hadTimer: !!this.timer
+    });
   }
 
   async tick() {

package/scripts/hooks-system/application/services/PlaybookRunner.js

@@ -18,7 +18,7 @@ class PlaybookRunner {
   run(id) {
     const playbook = this.playbooks[id];
     if (!playbook) {
-      throw new NotFoundError(`Playbook '${id}'`);
+      throw new Error(`Playbook '${id}' not found`);
     }
 
     for (const step of playbook.steps) {

package/scripts/hooks-system/application/services/installation/GitEnvironmentService.js

@@ -110,7 +110,7 @@ fi
 
 # Try node_modules/.bin first (works with npm install)
 if [ -f "node_modules/.bin/ast-hooks" ]; then
-  OUTPUT=$(node_modules/.bin/ast-hooks ast --staged 2>&1)
+  OUTPUT=$(node_modules/.bin/ast-hooks ast 2>&1)
   EXIT_CODE=$?
   echo "$OUTPUT"
   if [ $EXIT_CODE -ne 0 ]; then

package/scripts/hooks-system/application/services/logging/AuditLogger.js

@@ -0,0 +1,173 @@
+const fs = require('fs');
+const path = require('path');
+
+// Import recordMetric for prometheus metrics
+const { recordMetric } = require('../../../infrastructure/telemetry/metrics-logger');
+
+class AuditLogger {
+    /**
+     * @param {Object} options
+     * @param {string} [options.repoRoot=process.cwd()]
+     * @param {string} [options.filename='.audit_tmp/audit.log']
+     * @param {Object} [options.logger=console] - fallback logger for warnings
+     */
+    constructor({ repoRoot = process.cwd(), filename, logger = console } = {}) {
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'constructor',
+            status: 'started',
+            repoRoot: repoRoot.substring(0, 100)
+        });
+
+        this.repoRoot = repoRoot;
+        this.logger = logger;
+        this.logPath = filename
+            ? (path.isAbsolute(filename) ? filename : path.join(repoRoot, filename))
+            : path.join(repoRoot, '.audit_tmp', 'audit.log');
+
+        this.ensureDir();
+
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'constructor',
+            status: 'success',
+            repoRoot: repoRoot.substring(0, 100)
+        });
+    }
+
+    ensureDir() {
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'ensure_dir',
+            status: 'started'
+        });
+
+        try {
+            const dir = path.dirname(this.logPath);
+            if (!fs.existsSync(dir)) {
+                fs.mkdirSync(dir, { recursive: true });
+            }
+            if (!fs.existsSync(this.logPath)) {
+                fs.writeFileSync(this.logPath, '', { encoding: 'utf8' });
+            }
+        } catch (error) {
+            this.warn('AUDIT_LOGGER_INIT_ERROR', error);
+        }
+
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'ensure_dir',
+            status: 'success'
+        });
+    }
+
+    warn(message, error) {
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'warn',
+            status: 'started',
+            message: message
+        });
+
+        if (this.logger?.warn) {
+            this.logger.warn(message, { error: error?.message });
+        } else {
+            console.warn(message, error?.message);
+        }
+
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'warn',
+            status: 'success'
+        });
+    }
+
+    /**
+     * @param {Object} entry
+     * @param {string} entry.action 
+     * @param {string} [entry.resource]
+     * @param {string} [entry.status='success']
+     * @param {string|null} [entry.actor=null]
+     * @param {Object} [entry.meta={}]
+     * @param {string|null} [entry.correlationId=null]
+     */
+    record(entry = {}) {
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'record',
+            status: 'started',
+            action: entry.action
+        });
+
+        if (!entry.action) {
+            recordMetric({
+                hook: 'audit_logger',
+                operation: 'record',
+                status: 'success',
+                reason: 'no_action'
+            });
+            return;
+        }
+        const safeMeta = this.sanitizeMeta(entry.meta || {});
+
+        const payload = {
+            ts: new Date().toISOString(),
+            action: entry.action,
+            resource: entry.resource || null,
+            status: entry.status || 'success',
+            actor: entry.actor || null,
+            correlationId: entry.correlationId || null,
+            meta: safeMeta
+        };
+
+        try {
+            fs.appendFileSync(this.logPath, `${JSON.stringify(payload)}\n`, { encoding: 'utf8' });
+            recordMetric({
+                hook: 'audit_logger',
+                operation: 'record',
+                status: 'success',
+                action: entry.action
+            });
+        } catch (error) {
+            this.warn('AUDIT_LOGGER_WRITE_ERROR', error);
+            recordMetric({
+                hook: 'audit_logger',
+                operation: 'record',
+                status: 'failed',
+                action: entry.action,
+                error: error.message
+            });
+        }
+    }
+
+    sanitizeMeta(meta) {
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'sanitize_meta',
+            status: 'started',
+            metaKeys: Object.keys(meta || {}).length
+        });
+
+        const forbidden = ['token', 'password', 'secret', 'authorization', 'auth', 'apiKey'];
+        const clone = {};
+        Object.entries(meta).forEach(([k, v]) => {
+            const lowered = k.toLowerCase();
+            if (forbidden.some(f => lowered.includes(f))) {
+                clone[k] = '[REDACTED]';
+            } else {
+                clone[k] = v;
+            }
+        });
+
+        recordMetric({
+            hook: 'audit_logger',
+            operation: 'sanitize_meta',
+            status: 'success',
+            metaKeys: Object.keys(clone).length
+        });
+
+        return clone;
+    }
+}
+
+module.exports = AuditLogger;

package/scripts/hooks-system/application/services/monitoring/EvidenceMonitor.js

@@ -19,6 +19,7 @@ class EvidenceMonitor {
     resolveUpdateEvidenceScript() {
         const candidates = [
             path.join(this.repoRoot, 'node_modules/@pumuki/ast-intelligence-hooks/bin/update-evidence.sh'),
+            path.join(this.repoRoot, 'scripts/hooks-system/bin/update-evidence.sh'),
             path.join(this.repoRoot, 'bin/update-evidence.sh')
         ];
 

package/scripts/hooks-system/bin/__tests__/evidence-update.spec.js

@@ -0,0 +1,49 @@
+const fs = require('fs');
+const os = require('os');
+const path = require('path');
+const { execSync } = require('child_process');
+
+describe('ast-hooks evidence:update', () => {
+    let repoRoot;
+    let subdir;
+
+    beforeEach(() => {
+        repoRoot = fs.mkdtempSync(path.join(os.tmpdir(), 'ast-hooks-evidence-cli-'));
+        subdir = path.join(repoRoot, 'packages', 'app');
+        fs.mkdirSync(subdir, { recursive: true });
+
+        execSync('git init', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git config user.email "test@example.com"', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git config user.name "Test"', { cwd: repoRoot, stdio: 'ignore' });
+
+        fs.writeFileSync(path.join(repoRoot, 'README.md'), 'test', 'utf8');
+        execSync('git add README.md', { cwd: repoRoot, stdio: 'ignore' });
+        execSync('git commit -m "chore: init"', { cwd: repoRoot, stdio: 'ignore' });
+    });
+
+    afterEach(() => {
+        fs.rmSync(repoRoot, { recursive: true, force: true });
+    });
+
+    it('updates .AI_EVIDENCE.json in repo root even when executed from subdirectory', () => {
+        const cliPath = path.resolve(__dirname, '..', 'cli.js');
+        const output = execSync(`node ${cliPath} evidence:update`, {
+            cwd: subdir,
+            encoding: 'utf8',
+            env: {
+                ...process.env,
+                AUTO_EVIDENCE_TRIGGER: 'test',
+                AUTO_EVIDENCE_REASON: 'test',
+                AUTO_EVIDENCE_SUMMARY: 'test'
+            }
+        }).trim();
+
+        const evidencePath = path.join(repoRoot, '.AI_EVIDENCE.json');
+        expect(fs.realpathSync(output)).toBe(fs.realpathSync(evidencePath));
+        expect(fs.existsSync(evidencePath)).toBe(true);
+
+        const json = JSON.parse(fs.readFileSync(evidencePath, 'utf8'));
+        expect(typeof json.timestamp).toBe('string');
+        expect(json.timestamp.length).toBeGreaterThan(10);
+    });
+});

package/scripts/hooks-system/bin/cli.js

@@ -121,21 +121,7 @@ const commands = {
   },
 
   ast: () => {
-    const env = { ...process.env };
-    const filteredArgs = [];
-
-    for (const arg of args) {
-      if (arg === '--staged') {
-        env.STAGING_ONLY_MODE = '1';
-      } else {
-        filteredArgs.push(arg);
-      }
-    }
-
-    execSync(
-      `node ${path.join(HOOKS_ROOT, 'infrastructure/ast/ast-intelligence.js')} ${filteredArgs.join(' ')}`,
-      { stdio: 'inherit', env }
-    );
+    execSync(`node ${path.join(HOOKS_ROOT, 'infrastructure/ast/ast-intelligence.js')}`, { stdio: 'inherit' });
   },
 
   install: () => {

package/scripts/hooks-system/config/env.js

@@ -0,0 +1,33 @@
+const ENV = (process.env.NODE_ENV || 'development').toLowerCase();
+
+function normalizeBool(val, defaultValue = false) {
+    if (val === undefined) return defaultValue;
+    if (typeof val === 'boolean') return val;
+    const str = String(val).trim().toLowerCase();
+    if (str === '') return defaultValue;
+    return !(['false', '0', 'no', 'off'].includes(str));
+}
+
+function get(name, defaultValue = undefined) {
+    return process.env[name] !== undefined ? process.env[name] : defaultValue;
+}
+
+function getNumber(name, defaultValue = 0) {
+    const raw = process.env[name];
+    const parsed = Number(raw);
+    return Number.isFinite(parsed) ? parsed : defaultValue;
+}
+
+function getBool(name, defaultValue = false) {
+    return normalizeBool(process.env[name], defaultValue);
+}
+
+module.exports = {
+    env: ENV,
+    isProd: ENV === 'production',
+    isStg: ENV === 'staging' || ENV === 'stage' || ENV === 'stg',
+    isDev: ENV === 'development' || ENV === 'dev',
+    get,
+    getNumber,
+    getBool,
+};

package/scripts/hooks-system/domain/events/__tests__/EventBus.spec.js

@@ -0,0 +1,33 @@
+const { EventBus, DomainEvent } = require('..');
+
+describe('EventBus', () => {
+    test('no reprocesa eventos duplicados (idempotencia por id)', async () => {
+        const bus = new EventBus();
+        const handled = [];
+        bus.subscribe('TEST_EVENT', async (evt) => {
+            handled.push(evt.id);
+        });
+
+        const evt = new DomainEvent('TEST_EVENT', { foo: 'bar' });
+        await bus.publish(evt);
+        await bus.publish(evt); // segunda vez mismo id
+
+        expect(handled).toHaveLength(1);
+        expect(handled[0]).toBe(evt.id);
+    });
+
+    test('recorta processedIds al superar maxProcessed', async () => {
+        const bus = new EventBus();
+        bus.maxProcessed = 3;
+        bus.subscribe('*', async () => { });
+
+        const idsBefore = [];
+        for (let i = 0; i < 5; i++) {
+            const evt = new DomainEvent('TEST_EVENT', { seq: i });
+            idsBefore.push(evt.id);
+            await bus.publish(evt);
+        }
+
+        expect(bus.processedIds.size).toBeLessThanOrEqual(bus.maxProcessed);
+    });
+});

package/scripts/hooks-system/domain/events/index.js

@@ -1,5 +1,3 @@
-const { ValidationError } = require('../errors');
-
 class DomainEvent {
     constructor(type, payload) {
         this.type = type;
@@ -9,8 +7,8 @@ class DomainEvent {
     }
 
     validate() {
-        if (!this.type) throw new ValidationError('Event type is required', 'type', this.type);
-        if (!this.payload) throw new ValidationError('Event payload is required', 'payload', this.payload);
+        if (!this.type) throw new Error('Event type is required');
+        if (!this.payload) throw new Error('Event payload is required');
         return true;
     }
 
@@ -31,9 +29,7 @@ class EvidenceStaleEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!this.payload.evidencePath) {
-            throw new ValidationError('Evidence path is required', 'payload.evidencePath', this.payload.evidencePath);
-        }
+        if (!this.payload.evidencePath) throw new Error('Evidence path is required');
     }
 }
 
@@ -45,12 +41,8 @@ class GitFlowViolationEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!this.payload.branch) {
-            throw new ValidationError('Branch name is required', 'payload.branch', this.payload.branch);
-        }
-        if (!this.payload.violation) {
-            throw new ValidationError('Violation details are required', 'payload.violation', this.payload.violation);
-        }
+        if (!this.payload.branch) throw new Error('Branch name is required');
+        if (!this.payload.violation) throw new Error('Violation details are required');
     }
 }
 
@@ -62,9 +54,7 @@ class AstCriticalFoundEvent extends DomainEvent {
 
     validate() {
         super.validate();
-        if (!Array.isArray(this.payload.findings)) {
-            throw new ValidationError('Findings must be an array', 'payload.findings', this.payload.findings);
-        }
+        if (!Array.isArray(this.payload.findings)) throw new Error('Findings must be an array');
     }
 }
 

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/__tests__/iOSASTIntelligentAnalyzer.spec.js

@@ -0,0 +1,66 @@
+const { iOSASTIntelligentAnalyzer } = require('../iOSASTIntelligentAnalyzer');
+
+describe('iOSASTIntelligentAnalyzer - event-driven navigation rules', () => {
+    const makeSUT = () => {
+        const findings = [];
+        const sut = new iOSASTIntelligentAnalyzer(findings);
+        sut.fileContent = '';
+        sut.syntaxTokens = [];
+        sut.imports = [];
+        sut.classes = [];
+        sut.structs = [];
+        return { sut, findings };
+    };
+
+    const identifierToken = (value, offset = 0) => ({
+        kind: 'source.lang.swift.syntaxtype.identifier',
+        value,
+        offset,
+        length: value.length,
+    });
+
+    it('should report CRITICAL when UIKit imperative navigation is detected', () => {
+        const { sut, findings } = makeSUT();
+        sut.fileContent = 'pushViewController';
+        sut.syntaxTokens = [identifierToken('pushViewController', 0)];
+
+        sut.analyzeAdditionalRules('/tmp/File.swift');
+
+        const rule = findings.find((f) => f.ruleId === 'ios.navigation.imperative_navigation');
+        expect(rule).toBeDefined();
+        expect(String(rule.severity).toLowerCase()).toBe('critical');
+    });
+
+    it('should report CRITICAL when SwiftUI navigation API is detected outside View types', () => {
+        const { sut, findings } = makeSUT();
+        sut.fileContent = 'NavigationLink';
+        sut.syntaxTokens = [identifierToken('NavigationLink', 0)];
+        sut.imports = [];
+        sut.classes = [];
+        sut.structs = [];
+
+        sut.analyzeAdditionalRules('/tmp/NotAView.swift');
+
+        const rule = findings.find((f) => f.ruleId === 'ios.navigation.swiftui_navigation_outside_view');
+        expect(rule).toBeDefined();
+        expect(String(rule.severity).toLowerCase()).toBe('critical');
+    });
+
+    it('should not report SwiftUI navigation outside View when file is a SwiftUI View', () => {
+        const { sut, findings } = makeSUT();
+        sut.fileContent = 'import SwiftUI\nstruct MyView: View { var body: some View { NavigationLink("x", destination: Text("y")) } }';
+        sut.syntaxTokens = [identifierToken('NavigationLink', 0)];
+        sut.imports = [{ name: 'SwiftUI', line: 1 }];
+        sut.structs = [
+            {
+                'key.name': 'MyView',
+                'key.inheritedtypes': [{ 'key.name': 'View' }],
+            },
+        ];
+
+        sut.analyzeAdditionalRules('/tmp/MyView.swift');
+
+        const rule = findings.find((f) => f.ruleId === 'ios.navigation.swiftui_navigation_outside_view');
+        expect(rule).toBeUndefined();
+    });
+});