pumuki-ast-hooks 5.3.18 → 5.3.20

package/scripts/hooks-system/infrastructure/shell/orchestrators/audit-orchestrator.sh

@@ -31,15 +31,15 @@ elif [[ "$SCRIPT_DIR" == *"scripts/hooks-system"* ]]; then
   fi
 else
   # Fallback: try to find it relative to current directory
-  REPO_ROOT="$(pwd)"
-  if [[ -d "$REPO_ROOT/node_modules/@pumuki/ast-intelligence-hooks" ]]; then
-    HOOKS_SYSTEM_DIR="$REPO_ROOT/node_modules/@pumuki/ast-intelligence-hooks"
-  elif [[ -d "$REPO_ROOT/scripts/hooks-system" ]]; then
-    HOOKS_SYSTEM_DIR="$REPO_ROOT/scripts/hooks-system"
+  ROOT_DIR="$(git rev-parse --show-toplevel 2>/dev/null || pwd)"
+  if [[ -d "$ROOT_DIR/node_modules/@pumuki/ast-intelligence-hooks" ]]; then
+    HOOKS_SYSTEM_DIR="$ROOT_DIR/node_modules/@pumuki/ast-intelligence-hooks"
+  elif [[ -d "$ROOT_DIR/scripts/hooks-system" ]]; then
+    HOOKS_SYSTEM_DIR="$ROOT_DIR/scripts/hooks-system"
   else
     echo "Error: Could not determine HOOKS_SYSTEM_DIR" >&2
     echo "  SCRIPT_DIR: $SCRIPT_DIR" >&2
-    echo "  REPO_ROOT: $REPO_ROOT" >&2
+    echo "  ROOT_DIR: $ROOT_DIR" >&2
     exit 1
   fi
 fi
@@ -58,11 +58,7 @@ source "$INFRASTRUCTURE_DIR/eslint/eslint-integration.sh"
 START_TIME=$(date +%s)
 
 # Determine repository root using git
-if command -v git >/dev/null 2>&1; then
-  ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
-else
-  ROOT_DIR=$(pwd)
-fi
+ROOT_DIR=$(git rev-parse --show-toplevel 2>/dev/null || pwd)
 
 # Default to temp directories to avoid polluting repositories.
 # Can be overridden by setting AUDIT_TMP / AUDIT_REPORTS.
@@ -212,6 +208,11 @@ run_intelligent_audit() {
 }
 
 full_audit() {
+  export AUDIT_STRICT=1
+  export BLOCK_ALL_SEVERITIES=1
+  export BLOCK_ON_REPO_VIOLATIONS=1
+  export AUDIT_LIBRARY=true
+  unset STAGING_ONLY_MODE
   run_basic_checks
   run_eslint_suite
   run_ast_intelligence
@@ -276,8 +277,8 @@ full_audit_strict_staging_only() {
     printf "\n%b✅ STAGING CLEAN - COMMIT ALLOWED%b\n" "$GREEN" "$NC"
     printf "  🔴 CRITICAL: 0\n"
     printf "  🟠 HIGH:     0\n"
-    printf "  🟡 MEDIUM:   0\n"
-    printf "  🔵 LOW:      0\n"
+    printf "  🟡 MEDIUM:   %s\n" "$gate_med"
+    printf "  🔵 LOW:      %s\n" "$gate_low"
     printf "\n  All staged files pass strict quality gates.\n"
     printf "  Ready to commit! 🚀\n\n"
     print_final_signature
@@ -544,8 +545,8 @@ summarize_all() {
   printf "\n%b2. ESLINT AUDIT RESULTS%b\n" "$YELLOW" "$NC"
   printf "─────────────────────────────────────────────────────────────\n"
   if [[ -f "$TMP_DIR/eslint-summary.txt" ]]; then
-    es_err=$(grep -o 'errors=[0-9]\+' "$TMP_DIR/eslint-summary.txt" | head -n1 | sed 's/[^0-9]//g')
-    es_warn=$(grep -o 'warnings=[0-9]\+' "$TMP_DIR/eslint-summary.txt" | head -n1 | sed 's/[^0-9]//g')
+    es_err=$(grep -o 'errors=[0-9]\+' "$TMP_DIR/eslint-summary.txt" 2>/dev/null | head -n1 | sed 's/[^0-9]//g')
+    es_warn=$(grep -o 'warnings=[0-9]\+' "$TMP_DIR/eslint-summary.txt" 2>/dev/null | head -n1 | sed 's/[^0-9]//g')
     es_err=${es_err:-0}; es_warn=${es_warn:-0}
     if [[ $es_err -gt 0 ]]; then
       printf "  %bESLint:%b 🔴 errors=%s 🟡 warnings=%s\n" "$RED" "$NC" "$es_err" "$es_warn"
@@ -841,31 +842,32 @@ save_audit_reports() {
   local report_prefix="${REPORTS_DIR}/audit_${timestamp}"
 
   if [[ -f "$TMP_DIR/ast-summary.json" ]]; then
-    cp "$TMP_DIR/ast-summary.json" "${report_prefix}_ast_summary.json"
+    mkdir -p "$ROOT_DIR/.audit-reports" || { echo "Failed to create .audit-reports directory"; exit 1; }
+    cp "$TMP_DIR/ast-summary.json" "$ROOT_DIR/.audit-reports/latest_ast-summary.json" || { echo "Failed to copy AST summary"; exit 1; }
   fi
 
   if [[ -f "$TMP_DIR/ast-findings.json" ]]; then
-    cp "$TMP_DIR/ast-findings.json" "${report_prefix}_ast_findings.json"
+    cp "$TMP_DIR/ast-findings.json" "$REPORTS_DIR/latest_ast-findings.json"
   fi
 
   if [[ -f "$TMP_DIR/pattern-summary.txt" ]]; then
-    cp "$TMP_DIR/pattern-summary.txt" "${report_prefix}_patterns.txt"
+    cp "$TMP_DIR/pattern-summary.txt" "$REPORTS_DIR/latest_patterns.txt"
   fi
 
   if [[ -f "$TMP_DIR/eslint-summary.txt" ]]; then
-    cp "$TMP_DIR/eslint-summary.txt" "${report_prefix}_eslint.txt"
+    cp "$TMP_DIR/eslint-summary.txt" "$REPORTS_DIR/latest_eslint.txt"
   fi
 
-  local latest_summary="${REPORTS_DIR}/latest_ast_summary.json"
-  local latest_findings="${REPORTS_DIR}/latest_ast_findings.json"
-  local latest_critical="${REPORTS_DIR}/latest_critical.json"
-  local latest_high="${REPORTS_DIR}/latest_high.json"
-  local latest_medium="${REPORTS_DIR}/latest_medium.json"
-  local latest_low="${REPORTS_DIR}/latest_low.json"
+  local latest_summary="$REPORTS_DIR/latest_ast_summary.json"
+  local latest_findings="$REPORTS_DIR/latest_ast_findings.json"
+  local latest_critical="$REPORTS_DIR/latest_critical.json"
+  local latest_high="$REPORTS_DIR/latest_high.json"
+  local latest_medium="$REPORTS_DIR/latest_medium.json"
+  local latest_low="$REPORTS_DIR/latest_low.json"
 
   if [[ -f "$TMP_DIR/ast-summary.json" ]]; then
     cp "$TMP_DIR/ast-summary.json" "$latest_summary"
-    cp "$TMP_DIR/ast-summary.json" "${REPORTS_DIR}/baseline_ast_summary.json"
+    cp "$TMP_DIR/ast-summary.json" "$REPORTS_DIR/baseline_ast_summary.json"
 
     if command -v jq >/dev/null 2>&1; then
       jq '{
@@ -923,15 +925,15 @@ save_audit_reports() {
 }
 
 export_markdown() {
-  local out="${TMP_DIR}/audit-report.md"
+  local out="$TMP_DIR/audit-report.md"
   printf "# Audit Report\n\n" > "$out"
   printf "## %s\n\n" "$MSG_SUMMARY" >> "$out"
-  if [[ -f "${TMP_DIR}/pattern-summary.txt" ]]; then
-    cat "${TMP_DIR}/pattern-summary.txt" >> "$out"
+  if [[ -f "$TMP_DIR/pattern-summary.txt" ]]; then
+    cat "$TMP_DIR/pattern-summary.txt" >> "$out"
     printf "\n" >> "$out"
   fi
-  if [[ -f "${TMP_DIR}/eslint-summary.txt" ]]; then
-    cat "${TMP_DIR}/eslint-summary.txt" >> "$out"
+  if [[ -f "$TMP_DIR/eslint-summary.txt" ]]; then
+    cat "$TMP_DIR/eslint-summary.txt" >> "$out"
     printf "\n" >> "$out"
   fi
   printf "%s %s\n" "$EMJ_OK" "$out"
@@ -960,77 +962,33 @@ run_ast_intelligence() {
     if [[ -x "/usr/bin/node" ]]; then node_bin="/usr/bin/node"; fi
   fi
   if [[ -z "$node_bin" ]]; then
-    local nvm_dir="${NVM_DIR:-$HOME/.nvm}"
-    local nvm_default=""
-    if [[ -f "$nvm_dir/alias/default" ]]; then
-      nvm_default="$(cat "$nvm_dir/alias/default" 2>/dev/null || true)"
-      nvm_default="${nvm_default##v}"
-      nvm_default="${nvm_default%%[[:space:]]*}"
-    fi
-    if [[ -n "$nvm_default" ]] && [[ -x "$nvm_dir/versions/node/v${nvm_default}/bin/node" ]]; then
-      node_bin="$nvm_dir/versions/node/v${nvm_default}/bin/node"
-    fi
-  fi
-  if [[ -z "$node_bin" ]]; then
-    local nvm_dir_fallback="${NVM_DIR:-$HOME/.nvm}"
-    local latest_node=""
-    latest_node="$(ls -1 "$nvm_dir_fallback/versions/node" 2>/dev/null | grep -E '^v[0-9]+' | sort -V | tail -n 1 || true)"
-    if [[ -n "$latest_node" ]] && [[ -x "$nvm_dir_fallback/versions/node/${latest_node}/bin/node" ]]; then
-      node_bin="$nvm_dir_fallback/versions/node/${latest_node}/bin/node"
-    fi
-  fi
-  if [[ -z "$node_bin" ]]; then
-    printf "%b❌ Node.js not found in PATH. Install Node.js >= 18 or ensure your shell loads nvm/asdf for non-interactive scripts.%b\n" "$RED" "$NC" >&2
-    return 127
+    return 0
   fi
 
-  # Determine NODE_PATH to include library's node_modules
-  # Try multiple locations: HOOKS_SYSTEM_DIR/node_modules, or project root node_modules
-  local -a node_path_parts
-  node_path_parts=()
-  
-  # If HOOKS_SYSTEM_DIR has its own node_modules
-  if [[ -d "$HOOKS_SYSTEM_DIR/node_modules" ]]; then
-    node_path_parts+=("$HOOKS_SYSTEM_DIR/node_modules")
+  local intelligent_audit="$HOOKS_SYSTEM_DIR/infrastructure/orchestration/intelligent-audit.js"
+  if [[ ! -f "$intelligent_audit" ]]; then
+    return 0
   fi
-  
-  # Also check if we're in a project with node_modules/@pumuki/ast-intelligence-hooks
-  local repo_root=""
-  if [[ "$HOOKS_SYSTEM_DIR" == *"scripts/hooks-system"* ]]; then
-    # Running from scripts/hooks-system, go to repo root
-    repo_root="$(cd "$HOOKS_SYSTEM_DIR/../.." && pwd)"
-  elif [[ "$HOOKS_SYSTEM_DIR" == *"node_modules/@pumuki/ast-intelligence-hooks"* ]]; then
-    # Running from node_modules, go to repo root
-    repo_root="$(cd "$HOOKS_SYSTEM_DIR/../../.." && pwd)"
+
+  export AUDIT_TMP="$TMP_DIR"
+  if [[ "${BLOCK_ON_REPO_VIOLATIONS:-0}" == "1" ]]; then
+    export AI_GATE_SCOPE="repo"
   else
-    # Try current directory
-    repo_root="$(pwd)"
-  fi
-  
-  if [[ -n "$repo_root" ]] && [[ -d "$repo_root/node_modules/@pumuki/ast-intelligence-hooks/node_modules" ]]; then
-    node_path_parts+=("$repo_root/node_modules/@pumuki/ast-intelligence-hooks/node_modules")
-  fi
-  
-  if [[ -n "$repo_root" ]] && [[ -d "$repo_root/node_modules" ]]; then
-    node_path_parts+=("$repo_root/node_modules")
+    export AI_GATE_SCOPE="staging"
   fi
 
-  # Build NODE_PATH
   local node_path_value="${NODE_PATH:-}"
-  for path_part in "${node_path_parts[@]:-}"; do
-    if [[ -n "$node_path_value" ]]; then
-      node_path_value="$path_part:$node_path_value"
-    else
-      node_path_value="$path_part"
-    fi
-  done
+  if [[ -d "$HOOKS_SYSTEM_DIR/node_modules" ]]; then
+    node_path_value="$HOOKS_SYSTEM_DIR/node_modules${node_path_value:+:$node_path_value}"
+  fi
+  if [[ -d "$ROOT_DIR/node_modules" ]]; then
+    node_path_value="$ROOT_DIR/node_modules${node_path_value:+:$node_path_value}"
+  fi
 
-  # Execute AST with proper error handling and NODE_PATH
-  # Change to HOOKS_SYSTEM_DIR so Node.js resolves modules correctly
   if [[ -n "$node_path_value" ]]; then
-    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export NODE_PATH="$node_path_value" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
+    (cd "$ROOT_DIR" && export NODE_PATH="$node_path_value" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
   else
-    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
+    (cd "$ROOT_DIR" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
   fi
 
   # Check if AST script failed
@@ -1083,6 +1041,10 @@ run_ast_intelligence() {
   fi
 
   printf "%b✅ AST Intelligence completed%b\n\n" "$GREEN" "$NC"
+
+  # Ensure the .audit-reports directory exists and copy the AST summary
+  mkdir -p "$ROOT_DIR/.audit-reports" || { echo "Failed to create .audit-reports directory"; exit 1; }
+  cp "$TMP_DIR/ast-summary.json" "$ROOT_DIR/.audit-reports/latest_ast-summary.json" || { echo "Failed to copy AST summary"; exit 1; }
 }
 
 interactive_menu() {

package/scripts/hooks-system/infrastructure/telemetry/metric-scope.js

@@ -0,0 +1,98 @@
+const { recordMetric } = require('./metrics-logger');
+
+function truncateString(value, maxLen) {
+    if (typeof value !== 'string') {
+        return value;
+    }
+    if (!Number.isFinite(maxLen) || maxLen <= 0) {
+        return value;
+    }
+    if (value.length <= maxLen) {
+        return value;
+    }
+    return value.substring(0, maxLen);
+}
+
+function sanitizeMeta(meta, { maxStringLength = 120 } = {}) {
+    if (!meta || typeof meta !== 'object') {
+        return {};
+    }
+
+    const out = {};
+    for (const [k, v] of Object.entries(meta)) {
+        if (v == null) {
+            continue;
+        }
+        if (typeof v === 'string') {
+            out[k] = truncateString(v, maxStringLength);
+            continue;
+        }
+        if (typeof v === 'number' || typeof v === 'boolean') {
+            out[k] = v;
+            continue;
+        }
+        if (v instanceof Error) {
+            out[k] = truncateString(v.message, maxStringLength);
+            continue;
+        }
+
+        try {
+            out[k] = JSON.parse(JSON.stringify(v));
+        } catch {
+            out[k] = truncateString(String(v), maxStringLength);
+        }
+    }
+    return out;
+}
+
+function toErrorMeta(error, { maxStringLength = 160 } = {}) {
+    if (!error) {
+        return {};
+    }
+
+    if (typeof error === 'string') {
+        return { error: truncateString(error, maxStringLength) };
+    }
+
+    const err = error instanceof Error ? error : null;
+    if (!err) {
+        return { error: truncateString(String(error), maxStringLength) };
+    }
+
+    return {
+        error: truncateString(err.message, maxStringLength),
+        errorName: truncateString(err.name, 80)
+    };
+}
+
+function createMetricScope({ hook, operation, baseMeta = {}, options = {} } = {}) {
+    const base = sanitizeMeta({ ...baseMeta }, options);
+
+    const startedAt = Date.now();
+
+    function emit(status, meta = {}) {
+        recordMetric({
+            hook,
+            operation,
+            status,
+            ...base,
+            ...sanitizeMeta(meta, options)
+        });
+    }
+
+    return {
+        started(meta = {}) {
+            emit('started', meta);
+        },
+        success(meta = {}) {
+            emit('success', { durationMs: Date.now() - startedAt, ...meta });
+        },
+        failed(error, meta = {}) {
+            emit('failed', { durationMs: Date.now() - startedAt, ...toErrorMeta(error, options), ...meta });
+        }
+    };
+}
+
+module.exports = {
+    createMetricScope
+};

package/scripts/hooks-system/infrastructure/telemetry/metrics-server.js

@@ -3,22 +3,9 @@
 const http = require('http');
 const fs = require('fs');
 const path = require('path');
-const env = require('../../config/env');
 
-// AuditLogger import for logging critical operations
-const AuditLogger = require('../services/logging/AuditLogger');
-
-// Import recordMetric for prometheus metrics
-const { recordMetric } = require('./metrics-logger');
-
-const PORT = env.getNumber('HOOK_METRICS_PORT', 9464);
-const METRICS_FILE = path.join(process.cwd(), env.get('HOOK_METRICS_FILE', '.audit_tmp/hook-metrics.jsonl'));
-
-// Initialize audit logger
-const auditLogger = new AuditLogger({
-  repoRoot: process.cwd(),
-  filename: path.join('.audit_tmp', 'metrics-server-audit.log')
-});
+const PORT = Number(process.env.HOOK_METRICS_PORT || 9464);
+const METRICS_FILE = path.join(process.cwd(), '.audit_tmp', 'hook-metrics.jsonl');
 
 function loadMetrics() {
   if (!fs.existsSync(METRICS_FILE)) return [];
@@ -62,49 +49,13 @@ const server = http.createServer((req, res) => {
     const body = buildPrometheusMetrics();
     res.writeHead(200, { 'Content-Type': 'text/plain' });
     res.end(body);
-
-    auditLogger.log({
-      action: 'metrics_served',
-      category: 'observability',
-      severity: 'info',
-      message: 'Prometheus metrics served successfully',
-      metadata: {
-        port: PORT,
-        metricsCount: body.split('\n').filter(line => line.trim() && !line.startsWith('#')).length,
-        endpoint: '/metrics'
-      }
-    });
     return;
   }
 
   res.writeHead(404);
   res.end();
-
-  auditLogger.log({
-    action: 'invalid_request',
-    category: 'observability',
-    severity: 'warn',
-    message: 'Invalid request to metrics server',
-    metadata: {
-      url: req.url,
-      method: req.method,
-      port: PORT
-    }
-  });
 });
 
 server.listen(PORT, () => {
   console.log(`Hook-System metrics server running on http://localhost:${PORT}/metrics`);
-
-  auditLogger.log({
-    action: 'server_started',
-    category: 'system',
-    severity: 'info',
-    message: 'Metrics server started successfully',
-    metadata: {
-      port: PORT,
-      endpoint: '/metrics',
-      metricsFile: METRICS_FILE
-    }
-  });
 });

package/scripts/hooks-system/infrastructure/validators/enforce-english-literals.js

@@ -4,9 +4,8 @@
 const fs = require('fs');
 const path = require('path');
 const { execSync } = require('child_process');
-const env = require('../../config/env');
 
-const REPO_ROOT = env.get('HOOK_GUARD_REPO_ROOT', process.cwd());
+const REPO_ROOT = process.env.HOOK_GUARD_REPO_ROOT || process.cwd();
 const CONFIG_PATH = path.join(REPO_ROOT, 'scripts', 'hooks-system', 'config', 'language-guard.json');
 const DEFAULT_IGNORED_SEGMENTS = [
     `${path.sep}node_modules${path.sep}`,
@@ -23,7 +22,7 @@ function decodeUnicode(value) {
     try {
         return JSON.parse(`"${value}"`);
     } catch (error) {
-        if (env.isDev || env.getBool('DEBUG', false)) {
+        if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
             console.debug(`[enforce-english-literals] Failed to decode Unicode value "${value}": ${error.message}`);
         }
         return value;
@@ -120,10 +119,13 @@ function analyzeFile(relativePath, config) {
 
 function collectStagedFiles() {
     try {
-        const stagedFilesRaw = execSync('git diff --cached --name-only', { encoding: 'utf8' });
-        return stagedFilesRaw.split('\n').filter(Boolean).map(file => file.trim());
+        const raw = execSync('git diff --cached --name-only --diff-filter=ACMR', {
+            cwd: REPO_ROOT,
+            encoding: 'utf8'
+        });
+        return raw.split('\n').map(entry => entry.trim()).filter(Boolean);
     } catch (error) {
-        if (env.isDev || env.getBool('DEBUG', false)) {
+        if (process.env.NODE_ENV === 'development' || process.env.DEBUG) {
             console.debug(`[enforce-english-literals] Failed to collect staged files: ${error.message}`);
         }
         return [];