pumuki-ast-hooks 5.3.3 → 5.3.5

package/scripts/hooks-system/.audit_tmp/severity-history.jsonl

@@ -1 +1,7 @@
 {"timestamp":"2025-12-25T22:29:39.634Z","commit":"cce11ed7eb1e70da937d1443853ccb86f718fe95","branch":"feature/meta-audit-insights","summary":{"total":556,"CRITICAL":257,"HIGH":0,"MEDIUM":99,"LOW":200},"averageScore":50,"gatePassed":false,"blockedBy":"CRITICAL"}
+{"timestamp":"2025-12-29T15:17:57.510Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
+{"timestamp":"2025-12-29T15:24:55.686Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
+{"timestamp":"2025-12-29T15:29:28.676Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
+{"timestamp":"2025-12-29T15:33:41.996Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
+{"timestamp":"2025-12-29T15:35:31.277Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}
+{"timestamp":"2025-12-29T15:38:11.144Z","commit":"61b9945cfda1764f08f359ffed6228f4af1d7d92","branch":"fix/audit-staged-severity-case-insensitive","summary":{"total":546,"CRITICAL":0,"HIGH":0,"MEDIUM":0,"LOW":546},"averageScore":4,"gatePassed":true,"blockedBy":null}

package/scripts/hooks-system/.audit_tmp/token-usage.jsonl

@@ -1 +1,7 @@
 {"timestamp":"2025-12-25T22:29:39.685Z","estimated":555199.75,"percentUsed":55.519975,"remaining":444800.25}
+{"timestamp":"2025-12-29T15:17:57.538Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
+{"timestamp":"2025-12-29T15:24:55.714Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
+{"timestamp":"2025-12-29T15:29:28.704Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
+{"timestamp":"2025-12-29T15:33:42.024Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
+{"timestamp":"2025-12-29T15:35:31.306Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}
+{"timestamp":"2025-12-29T15:38:11.174Z","estimated":723658.5,"percentUsed":72.36585,"remaining":276341.5}

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -28,6 +28,7 @@ async function runASTIntelligence() {
     const root = getRepoRoot();
 
     const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
+
     const allFiles = listSourceFiles(root).filter(f => {
       const p = String(f || '').replace(/\\/g, '/');
       if (!isLibraryAudit && p.includes('/infrastructure/ast/')) return false;
@@ -534,19 +535,34 @@ function listSourceFiles(root) {
   if (process.env.STAGING_ONLY_MODE === "1") {
     const { execSync } = require("child_process");
     try {
-      const stagedFiles = execSync("git diff --cached --name-only --diff-filter=ACM", {
+      const allStaged = execSync("git diff --cached --name-only --diff-filter=ACM", {
         encoding: "utf8",
         cwd: root
       })
         .trim()
         .split("\n")
-        .filter(f => f.trim())
+        .filter(f => f.trim());
+
+      if (allStaged.length === 0) {
+        return [];
+      }
+
+      const stagedFiles = allStaged
         .map(f => path.resolve(root, f.trim()))
         .filter(f => {
           const ext = path.extname(f);
           return [".ts", ".tsx", ".js", ".jsx", ".mjs", ".cjs", ".swift", ".kt", ".kts"].includes(ext);
         })
         .filter(f => fs.existsSync(f) && !shouldIgnore(f.replace(/\\/g, "/")));
+
+      // Si hay staged files pero ninguno es compatible con AST
+      if (stagedFiles.length === 0 && allStaged.length > 0) {
+        console.error('\n⚠️  No AST-compatible files in staging area');
+        console.error('   Staged files found:', allStaged.length);
+        console.error('   AST analyzes: .ts, .tsx, .js, .jsx, .mjs, .cjs, .swift, .kt, .kts');
+        console.error('   Consider staging source code files or use option 2 for full repository analysis\n');
+      }
+
       return stagedFiles;
     } catch (error) {
       return [];
@@ -584,7 +600,9 @@ function listSourceFiles(root) {
 function shouldIgnore(file) {
   const p = file.replace(/\\/g, "/");
   if (p.includes("node_modules/")) return true;
+
   const isLibraryAudit = process.env.AUDIT_LIBRARY === 'true';
+
   if (!isLibraryAudit && p.includes("scripts/hooks-system/")) return true;
   if (!isLibraryAudit && p.includes("/infrastructure/ast/")) return true;
   if (p.includes("/.cursor/")) return true;

package/scripts/hooks-system/infrastructure/shell/orchestrators/audit-orchestrator.sh

@@ -218,6 +218,8 @@ full_audit_strict_repo_and_staging() {
   export AUDIT_STRICT=1
   export BLOCK_ALL_SEVERITIES=1
   export BLOCK_ON_REPO_VIOLATIONS=1
+  export AUDIT_LIBRARY=true
+  unset STAGING_ONLY_MODE
   full_audit
 }
 
@@ -335,6 +337,9 @@ full_audit_standard() {
 compute_staged_summary() {
   if ! command -v git >/dev/null 2>&1; then return; fi
   local staged_file="$TMP_DIR/staged.txt"
+  local staged_file_rel="$TMP_DIR/staged-rel.txt"
+  # Store both absolute and relative paths for different matching needs
+  git diff --cached --name-only --diff-filter=ACM > "$staged_file_rel" || true
   git diff --cached --name-only --diff-filter=ACM | sed "s|^|$ROOT_DIR/|" > "$staged_file" || true
   if [[ ! -s "$staged_file" ]]; then return; fi
   printf "\n%bStaging Area%b\n" "$YELLOW" "$NC"
@@ -350,15 +355,34 @@ compute_staged_summary() {
 
   if [[ -f "$TMP_DIR/ast-summary.json" ]] && command -v jq >/dev/null 2>&1; then
     local scrit=0 shigh=0 smed=0 slow=0
-    while IFS= read -r fpath; do
-      [[ -z "$fpath" ]] && continue
-      local ccrit chigh cmed clow
-      ccrit=$(jq -r --arg p "$fpath" '[ .findings[] | select(.filePath == $p) | .severity | ascii_downcase | if .=="critical" or .=="error" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
-      chigh=$(jq -r --arg p "$fpath" '[ .findings[] | select(.filePath == $p) | .severity | ascii_downcase | if .=="high" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
-      cmed=$(jq -r --arg p "$fpath" '[ .findings[] | select(.filePath == $p) | .severity | ascii_downcase | if .=="warning" or .=="medium" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
-      clow=$(jq -r --arg p "$fpath" '[ .findings[] | select(.filePath == $p) | .severity | ascii_downcase | if .=="info" or .=="low" then 1 else 0 end ] | add // 0' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
-      scrit=$((scrit + ccrit)); shigh=$((shigh + chigh)); smed=$((smed + cmed)); slow=$((slow + clow))
-    done < "$staged_file"
+    local total_findings=$(jq -r '.findings | length' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0")
+    
+    if [[ "$total_findings" -gt 0 ]] && [[ -s "$staged_file_rel" ]]; then
+      # Build jq array of staged files for efficient matching in single pass
+      local staged_array=$(jq -R -s 'split("\n") | map(select(length > 0))' "$staged_file_rel")
+      
+      # Single jq pass: filter findings by staged files and count by severity
+      local counts=$(jq -r --argjson staged "$staged_array" '
+        .findings 
+        | map(select(
+            .filePath as $fp 
+            | $staged[] as $sf 
+            | ($fp | endswith($sf)) or ($fp | contains("/" + $sf))
+          ))
+        | group_by(.severity | ascii_downcase)
+        | map({key: .[0].severity | ascii_downcase, value: length})
+        | from_entries
+        | {
+            critical: ((.critical // 0) + (.error // 0)),
+            high: (.high // 0),
+            medium: ((.medium // 0) + (.warning // 0)),
+            low: ((.low // 0) + (.info // 0))
+          }
+        | "\(.critical) \(.high) \(.medium) \(.low)"
+      ' "$TMP_DIR/ast-summary.json" 2>/dev/null || echo "0 0 0 0")
+      
+      read scrit shigh smed slow <<< "$counts"
+    fi
     printf "  Staged AST → 🔴 CRITICAL:%s 🟠 HIGH:%s 🟡 MEDIUM:%s 🔵 LOW:%s\n" "${scrit:-0}" "${shigh:-0}" "${smed:-0}" "${slow:-0}"
     export STAGED_CRIT=${scrit:-0}
     export STAGED_HIGH=${shigh:-0}
@@ -999,9 +1023,9 @@ run_ast_intelligence() {
   # Execute AST with proper error handling and NODE_PATH
   # Change to HOOKS_SYSTEM_DIR so Node.js resolves modules correctly
   if [[ -n "$node_path_value" ]]; then
-    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export NODE_PATH="$node_path_value" && export AUDIT_TMP="$TMP_DIR" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
+    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export NODE_PATH="$node_path_value" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
   else
-    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export AUDIT_TMP="$TMP_DIR" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
+    ast_output=$(cd "$HOOKS_SYSTEM_DIR" && export AUDIT_TMP="$TMP_DIR" && export AUDIT_LIBRARY="${AUDIT_LIBRARY:-false}" && "$node_bin" "${AST_DIR}/ast-intelligence.js" 2>&1) || ast_exit_code=$?
   fi
 
   # Check if AST script failed