pumuki-ast-hooks 5.3.3 → 5.3.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scripts/hooks-system/.AI_TOKEN_STATUS.txt +2 -4
- package/scripts/hooks-system/.audit-reports/notifications.log +23 -0
- package/scripts/hooks-system/.audit-reports/token-monitor.log +69 -0
- package/scripts/hooks-system/.audit_tmp/intelligent-report.json +49992 -29251
- package/scripts/hooks-system/.audit_tmp/intelligent-report.txt +22 -1310
- package/scripts/hooks-system/.audit_tmp/severity-history.jsonl +6 -0
- package/scripts/hooks-system/.audit_tmp/token-usage.jsonl +6 -0
- package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js +20 -2
- package/scripts/hooks-system/infrastructure/shell/orchestrators/audit-orchestrator.sh +23 -11
|
@@ -1 +1,7 @@
|
|
|
1
1
|
{"timestamp":"2025-12-25T22:29:39.634Z","commit":"cce11ed7eb1e70da937d1443853ccb86f718fe95","branch":"feature/meta-audit-insights","summary":{"total":556,"CRITICAL":257,"HIGH":0,"MEDIUM":99,"LOW":200},"averageScore":50,"gatePassed":false,"blockedBy":"CRITICAL"}
|
|
2
|
+
{"timestamp":"2025-12-29T15:17:57.510Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
3
|
+
{"timestamp":"2025-12-29T15:24:55.686Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
4
|
+
{"timestamp":"2025-12-29T15:29:28.676Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
5
|
+
{"timestamp":"2025-12-29T15:33:41.996Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
6
|
+
{"timestamp":"2025-12-29T15:35:31.277Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
7
|
+
{"timestamp":"2025-12-29T15:38:11.144Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
|
|
@@ -1 +1,7 @@
|
|
|
1
1
|
{"timestamp":"2025-12-25T22:29:39.685Z","estimated":555199.75,"percentUsed":55.519975,"remaining":444800.25}
|
|
2
|
+
{"timestamp":"2025-12-29T15:17:57.538Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
3
|
+
{"timestamp":"2025-12-29T15:24:55.714Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
4
|
+
{"timestamp":"2025-12-29T15:29:28.704Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
5
|
+
{"timestamp":"2025-12-29T15:33:42.024Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
6
|
+
{"timestamp":"2025-12-29T15:35:31.306Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
7
|
+
{"timestamp":"2025-12-29T15:38:11.174Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
|
|
@@ -28,6 +28,7 @@ async function runASTIntelligence() {
|
|
|
28
28
|
const root = getRepoRoot();
|
|
29
29
|
|
|
30
30
|
const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
|
|
31
|
+
|
|
31
32
|
const allFiles = listSourceFiles(root).filter(f => {
|
|
32
33
|
const p = String(f || '').replace(/\\/g, '/');
|
|
33
34
|
if (!isLibraryAudit && p.includes('/infrastructure/ast/')) return false;
|
|
@@ -534,19 +535,34 @@ function listSourceFiles(root) {
|
|
|
534
535
|
if (process.env.STAGING_ONLY_MODE === "1") {
|
|
535
536
|
const { execSync } = require("child_process");
|
|
536
537
|
try {
|
|
537
|
-
const
|
|
538
|
+
const allStaged = execSync("git diff --cached --name-only --diff-filter=ACM", {
|
|
538
539
|
encoding: "utf8",
|
|
539
540
|
cwd: root
|
|
540
541
|
})
|
|
541
542
|
.trim()
|
|
542
543
|
.split("\n")
|
|
543
|
-
.filter(f => f.trim())
|
|
544
|
+
.filter(f => f.trim());
|
|
545
|
+
|
|
546
|
+
if (allStaged.length === 0) {
|
|
547
|
+
return [];
|
|
548
|
+
}
|
|
549
|
+
|
|
550
|
+
const stagedFiles = allStaged
|
|
544
551
|
.map(f => path.resolve(root, f.trim()))
|
|
545
552
|
.filter(f => {
|
|
546
553
|
const ext = path.extname(f);
|
|
547
554
|
return [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".swift", ".kt", ".kts"].includes(ext);
|
|
548
555
|
})
|
|
549
556
|
.filter(f => fs.existsSync(f) && !shouldIgnore(f.replace(/\\/g, "/")));
|
|
557
|
+
|
|
558
|
+
// Si hay staged files pero ninguno es compatible con AST
|
|
559
|
+
if (stagedFiles.length === 0 && allStaged.length > 0) {
|
|
560
|
+
console.error('\n⚠️ No AST-compatible files in staging area');
|
|
561
|
+
console.error(' Staged files found:', allStaged.length);
|
|
562
|
+
console.error(' AST analyzes: .ts, .tsx, .js, .jsx, .mjs, .cjs, .swift, .kt, .kts');
|
|
563
|
+
console.error(' Consider staging source code files or use option 2 for full repository analysis\n');
|
|
564
|
+
}
|
|
565
|
+
|
|
550
566
|
return stagedFiles;
|
|
551
567
|
} catch (error) {
|
|
552
568
|
return [];
|
|
@@ -584,7 +600,9 @@ function listSourceFiles(root) {
|
|
|
584
600
|
function shouldIgnore(file) {
|
|
585
601
|
const p = file.replace(/\\/g, "/");
|
|
586
602
|
if (p.includes("node_modules/")) return true;
|
|
603
|
+
|
|
587
604
|
const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
|
|
605
|
+
|
|
588
606
|
if (!isLibraryAudit && p.includes("scripts/hooks-system/")) return true;
|
|
589
607
|
if (!isLibraryAudit && p.includes("/infrastructure/ast/")) return true;
|
|
590
608
|
if (p.includes("/.cursor/")) return true;
|
|
@@ -218,6 +218,8 @@ full_audit_strict_repo_and_staging() {
|
|
|
218
218
|
export AUDIT_STRICT=1
|
|
219
219
|
export BLOCK_ALL_SEVERITIES=1
|
|
220
220
|
export BLOCK_ON_REPO_VIOLATIONS=1
|
|
221
|
+
export AUDIT_LIBRARY=true
|
|
222
|
+
unset STAGING_ONLY_MODE
|
|
221
223
|
full_audit
|
|
222
224
|
}
|
|
223
225
|
|
|
@@ -335,6 +337,9 @@ full_audit_standard() {
|
|
|
335
337
|
compute_staged_summary() {
|
|
336
338
|
if ! command -v git >/dev/null 2>&1; then return; fi
|
|
337
339
|
local staged_file="$TMP_DIR/staged.txt"
|
|
340
|
+
local staged_file_rel="$TMP_DIR/staged-rel.txt"
|
|
341
|
+
# Store both absolute and relative paths for different matching needs
|
|
342
|
+
git diff --cached --name-only --diff-filter=ACM > "$staged_file_rel" || true
|
|
338
343
|
git diff --cached --name-only --diff-filter=ACM | sed "s|^|$ROOT_DIR/|" > "$staged_file" || true
|
|
339
344
|
if [[ ! -s "$staged_file" ]]; then return; fi
|
|
340
345
|
printf "\n%bStaging Area%b\n" "$YELLOW" "$NC"
|
|
@@ -350,15 +355,22 @@ compute_staged_summary() {
|
|
|
350
355
|
|
|
351
356
|
if [[ -f "$TMP_DIR/ast-summary.json" ]] && command -v jq >/dev/null 2>&1; then
|
|
352
357
|
local scrit=0 shigh=0 smed=0 slow=0
|
|
353
|
-
|
|
354
|
-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
358
|
-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
358
|
+
local total_findings=$(jq -r '.findings | length' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
|
|
359
|
+
|
|
360
|
+
if [[ "$total_findings" -gt 0 ]] && [[ -s "$staged_file_rel" ]]; then
|
|
361
|
+
# Use relative paths for matching - more reliable across different path formats
|
|
362
|
+
while IFS= read -r relpath; do
|
|
363
|
+
[[ -z "$relpath" ]] && continue
|
|
364
|
+
local ccrit chigh cmed clow
|
|
365
|
+
# Match using 'endswith' with relative path OR exact match with absolute path
|
|
366
|
+
local abs_path="$ROOT_DIR/$relpath"
|
|
367
|
+
ccrit=$(jq -r --arg rel "$relpath" --arg abs "$abs_path" '[ .findings[] | select((.filePath | endswith($rel)) or .filePath == $abs) | .severity | ascii_downcase | if .=="critical" or .=="error" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
|
|
368
|
+
chigh=$(jq -r --arg rel "$relpath" --arg abs "$abs_path" '[ .findings[] | select((.filePath | endswith($rel)) or .filePath == $abs) | .severity | ascii_downcase | if .=="high" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
|
|
369
|
+
cmed=$(jq -r --arg rel "$relpath" --arg abs "$abs_path" '[ .findings[] | select((.filePath | endswith($rel)) or .filePath == $abs) | .severity | ascii_downcase | if .=="warning" or .=="medium" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
|
|
370
|
+
clow=$(jq -r --arg rel "$relpath" --arg abs "$abs_path" '[ .findings[] | select((.filePath | endswith($rel)) or .filePath == $abs) | .severity | ascii_downcase | if .=="info" or .=="low" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
|
|
371
|
+
scrit=$((scrit + ccrit)); shigh=$((shigh + chigh)); smed=$((smed + cmed)); slow=$((slow + clow))
|
|
372
|
+
done < "$staged_file_rel"
|
|
373
|
+
fi
|
|
362
374
|
printf " Staged AST → 🔴 CRITICAL:%s 🟠 HIGH:%s 🟡 MEDIUM:%s 🔵 LOW:%s\n" "${scrit:-0}" "${shigh:-0}" "${smed:-0}" "${slow:-0}"
|
|
363
375
|
export STAGED_CRIT=${scrit:-0}
|
|
364
376
|
export STAGED_HIGH=${shigh:-0}
|
|
@@ -999,9 +1011,9 @@ run_ast_intelligence() {
|
|
|
999
1011
|
# Execute AST with proper error handling and NODE_PATH
|
|
1000
1012
|
# Change to HOOKS_SYSTEM_DIR so Node.js resolves modules correctly
|
|
1001
1013
|
if [[ -n "$node_path_value" ]]; then
|
|
1002
|
-
ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export NODE_PATH="$node_path_value" && export AUDIT_TMP="$TMP_DIR" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
|
|
1014
|
+
ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export NODE_PATH="$node_path_value" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
|
|
1003
1015
|
else
|
|
1004
|
-
ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export AUDIT_TMP="$TMP_DIR" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
|
|
1016
|
+
ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
|
|
1005
1017
|
fi
|
|
1006
1018
|
|
|
1007
1019
|
# Check if AST script failed
|