pumuki-ast-hooks 5.3.30 → 5.4.0

package/scripts/hooks-system/application/services/guard/EvidenceManager.js

@@ -0,0 +1,153 @@
+const fs = require('fs');
+const path = require('path');
+const { recordMetric } = require('../../../infrastructure/telemetry/metrics-logger');
+const env = require('../../../config/env.js');
+
+class EvidenceManager {
+    constructor(evidencePath, notifier, auditLogger) {
+        this.evidencePath = evidencePath;
+        this.notifier = notifier;
+        this.auditLogger = auditLogger;
+        this.staleThresholdMs = env.getNumber('HOOK_GUARD_EVIDENCE_STALE_THRESHOLD', 60000);
+        this.reminderIntervalMs = env.getNumber('HOOK_GUARD_EVIDENCE_REMINDER_INTERVAL', 60000);
+        this.inactivityGraceMs = env.getNumber('HOOK_GUARD_INACTIVITY_GRACE_MS', 120000);
+        this.pollIntervalMs = env.getNumber('HOOK_GUARD_EVIDENCE_POLL_INTERVAL', 30000);
+        this.pollTimer = null;
+        this.lastStaleNotification = 0;
+        this.lastUserActivityAt = 0;
+        this.autoRefreshCooldownMs = env.getNumber('HOOK_GUARD_EVIDENCE_AUTO_REFRESH_COOLDOWN', 180000);
+        this.lastAutoRefresh = 0;
+        this.autoRefreshInFlight = false;
+    }
+
+    startPolling(onStale, onRefresh) {
+        this.onStale = onStale;
+        this.onRefresh = onRefresh;
+
+        if (this.pollTimer) {
+            clearInterval(this.pollTimer);
+        }
+
+        if (this.pollIntervalMs <= 0) return;
+
+        this.pollTimer = setInterval(() => {
+            this.evaluateEvidenceAge('polling');
+        }, this.pollIntervalMs);
+    }
+
+    stopPolling() {
+        if (this.pollTimer) {
+            clearInterval(this.pollTimer);
+            this.pollTimer = null;
+        }
+    }
+
+    readEvidenceTimestamp() {
+        try {
+            if (!fs.existsSync(this.evidencePath)) {
+                return null;
+            }
+            const raw = fs.readFileSync(this.evidencePath, 'utf8');
+            const json = JSON.parse(raw);
+            const ts = json?.timestamp;
+            if (!ts) return null;
+            const ms = new Date(ts).getTime();
+            if (Number.isNaN(ms)) return null;
+            return ms;
+        } catch (error) {
+            const msg = error && error.message ? error.message : String(error);
+            this.notifier.appendDebugLog(`EVIDENCE_TIMESTAMP_ERROR|${msg}`);
+            return null;
+        }
+    }
+
+    evaluateEvidenceAge(source = 'manual', notifyFresh = false) {
+        const now = Date.now();
+        const timestamp = this.readEvidenceTimestamp();
+        if (!timestamp) return;
+
+        const ageMs = now - timestamp;
+        const isStale = ageMs > this.staleThresholdMs;
+        const isRecentlyActive = this.lastUserActivityAt && (now - this.lastUserActivityAt) < this.inactivityGraceMs;
+
+        if (isStale && !isRecentlyActive) {
+            this.triggerStaleAlert(source, ageMs);
+            return;
+        }
+
+        if (notifyFresh && this.lastStaleNotification > 0 && !isStale) {
+            this.notifier.notify('Evidence updated; back within SLA.', 'info');
+            this.lastStaleNotification = 0;
+        }
+    }
+
+    triggerStaleAlert(source, ageMs) {
+        const now = Date.now();
+        if (this.lastStaleNotification && (now - this.lastStaleNotification) < this.reminderIntervalMs) {
+            return;
+        }
+
+        this.lastStaleNotification = now;
+        const ageSec = Math.floor(ageMs / 1000);
+        this.notifier.notify(`Evidence has been stale for ${ageSec}s (source: ${source}).`, 'warn', { forceDialog: true });
+        this.auditLogger.record({
+            action: 'guard.evidence.stale',
+            resource: 'evidence',
+            status: 'warning',
+            meta: { ageSec, source }
+        });
+        recordMetric({ hook: 'evidence', status: 'stale', ageSec, source });
+        this.attemptAutoRefresh('stale');
+
+        if (this.onStale) this.onStale();
+    }
+
+    async attemptAutoRefresh(reason = 'manual') {
+        if (!env.getBool('HOOK_GUARD_AUTO_REFRESH', false)) return;
+
+        const updateScriptCandidates = [
+            path.join(process.cwd(), 'scripts/hooks-system/bin/update-evidence.sh'),
+            path.join(process.cwd(), 'node_modules/@pumuki/ast-intelligence-hooks/bin/update-evidence.sh'),
+            path.join(process.cwd(), 'bin/update-evidence.sh')
+        ];
+
+        const updateScript = updateScriptCandidates.find(p => fs.existsSync(p));
+        if (!updateScript) return;
+
+        const now = Date.now();
+        const ts = this.readEvidenceTimestamp();
+        if (ts && (now - ts) <= this.staleThresholdMs) return;
+
+        if (this.lastAutoRefresh && (now - this.lastAutoRefresh) < this.autoRefreshCooldownMs) return;
+
+        if (this.autoRefreshInFlight) return;
+
+        this.autoRefreshInFlight = true;
+        try {
+            await this.runDirectEvidenceRefresh(reason);
+            this.lastAutoRefresh = now;
+            this.auditLogger.record({
+                action: 'guard.evidence.auto_refresh',
+                resource: 'evidence',
+                status: 'success',
+                meta: { reason }
+            });
+            recordMetric({ hook: 'evidence', status: 'auto_refresh_success', reason });
+
+            if (this.onRefresh) this.onRefresh();
+        } finally {
+            this.autoRefreshInFlight = false;
+        }
+    }
+
+    async runDirectEvidenceRefresh(_reason) {
+        // Specific implementation if needed
+        return;
+    }
+
+    updateUserActivity() {
+        this.lastUserActivityAt = Date.now();
+    }
+}
+
+module.exports = EvidenceManager;

package/scripts/hooks-system/application/services/guard/GitTreeManager.js

@@ -0,0 +1,129 @@
+const { getGitTreeState, isTreeBeyondLimit } = require('../GitTreeState');
+const { recordMetric } = require('../../../infrastructure/telemetry/metrics-logger');
+const env = require('../../../config/env.js');
+const path = require('path');
+const fs = require('fs');
+
+class GitTreeManager {
+    constructor(notifier, auditLogger) {
+        this.notifier = notifier;
+        this.auditLogger = auditLogger;
+        this.gitTreeStagedThreshold = env.getNumber('HOOK_GUARD_DIRTY_TREE_STAGED_LIMIT', 10);
+        this.gitTreeUnstagedThreshold = env.getNumber('HOOK_GUARD_DIRTY_TREE_UNSTAGED_LIMIT', 15);
+        this.gitTreeTotalThreshold = env.getNumber('HOOK_GUARD_DIRTY_TREE_TOTAL_LIMIT', 20);
+        this.gitTreeCheckIntervalMs = env.getNumber('HOOK_GUARD_DIRTY_TREE_INTERVAL', 60000);
+        this.gitTreeReminderMs = env.getNumber('HOOK_GUARD_DIRTY_TREE_REMINDER', 300000);
+        this.gitTreeTimer = null;
+        this.lastDirtyTreeNotification = 0;
+        this.dirtyTreeActive = false;
+    }
+
+    startMonitoring(onStateChange) {
+        this.onStateChange = onStateChange;
+
+        if (env.getBool('HOOK_GUARD_DIRTY_TREE_DISABLED', false)) return;
+
+        if (this.gitTreeTimer) {
+            clearInterval(this.gitTreeTimer);
+        }
+
+        const thresholdsValid = this.gitTreeStagedThreshold > 0 || this.gitTreeUnstagedThreshold > 0 || this.gitTreeTotalThreshold > 0;
+        if (!thresholdsValid || this.gitTreeCheckIntervalMs <= 0) return;
+
+        this.evaluateGitTree();
+        this.gitTreeTimer = setInterval(() => {
+            this.evaluateGitTree();
+        }, this.gitTreeCheckIntervalMs);
+    }
+
+    stopMonitoring() {
+        if (this.gitTreeTimer) {
+            clearInterval(this.gitTreeTimer);
+            this.gitTreeTimer = null;
+        }
+    }
+
+    async evaluateGitTree() {
+        try {
+            const state = getGitTreeState();
+            const limits = {
+                stagedLimit: this.gitTreeStagedThreshold,
+                unstagedLimit: this.gitTreeUnstagedThreshold,
+                totalLimit: this.gitTreeTotalThreshold
+            };
+
+            if (isTreeBeyondLimit(state, limits)) {
+                this.handleDirtyTree(state, limits);
+                return;
+            }
+            this.resolveDirtyTree(state, limits);
+        } catch (error) {
+            this.notifier.appendDebugLog(`DIRTY_TREE_ERROR|${error.message}`);
+        }
+    }
+
+    resolveDirtyTree(_state, _limits) {
+        this.dirtyTreeActive = false;
+        this.notifier.notify('✅ Git tree is clean', 'success');
+        this.auditLogger.record({
+            action: 'guard.git_tree.clean',
+            resource: 'git_tree',
+            status: 'success'
+        });
+        recordMetric({ hook: 'git_tree', status: 'clean' });
+
+        if (this.onStateChange) {
+            this.onStateChange({ isBeyondLimit: false, ..._state });
+        }
+    }
+
+    handleDirtyTree(_state, limitOrLimits) {
+        const now = Date.now();
+        const limits = typeof limitOrLimits === 'number'
+            ? { totalLimit: limitOrLimits }
+            : (limitOrLimits || {});
+
+        if (this.lastDirtyTreeNotification && (now - this.lastDirtyTreeNotification) < this.gitTreeReminderMs) {
+            return;
+        }
+
+        this.lastDirtyTreeNotification = now;
+        this.dirtyTreeActive = true;
+        const message = `Git tree has too many files: ${_state.total} total (${_state.staged} staged, ${_state.unstaged} unstaged)`;
+        this.notifier.notify(message, 'error', { forceDialog: true, ...limits });
+        this.auditLogger.record({
+            action: 'guard.git_tree.dirty',
+            resource: 'git_tree',
+            status: 'warning',
+            meta: { total: _state.total, staged: _state.staged, unstaged: _state.unstaged }
+        });
+        recordMetric({ hook: 'git_tree', status: 'dirty', total: _state.total, staged: _state.staged, unstaged: _state.unstaged });
+        this.persistDirtyTreeState();
+
+        if (this.onStateChange) {
+            this.onStateChange({ isBeyondLimit: true, ..._state });
+        }
+    }
+
+    persistDirtyTreeState() {
+        const persistPath = path.join(process.cwd(), '.audit_tmp', 'dirty-tree-state.json');
+        const state = {
+            timestamp: new Date().toISOString(),
+            lastNotification: this.lastDirtyTreeNotification,
+            isActive: this.dirtyTreeActive,
+            thresholds: {
+                staged: this.gitTreeStagedThreshold,
+                unstaged: this.gitTreeUnstagedThreshold,
+                total: this.gitTreeTotalThreshold
+            }
+        };
+
+        try {
+            fs.writeFileSync(persistPath, JSON.stringify(state, null, 2));
+        } catch (error) {
+            this.notifier.appendDebugLog(`PERSIST_DIRTY_TREE_ERROR|${error.message}`);
+        }
+    }
+}
+
+module.exports = GitTreeManager;

package/scripts/hooks-system/application/services/guard/GuardNotifier.js

@@ -0,0 +1,54 @@
+const fs = require('fs');
+const path = require('path');
+
+class GuardNotifier {
+    constructor(logger, notificationService, notifier = null, notificationsEnabled = true) {
+        this.logger = logger;
+        this.notificationService = notificationService;
+        this.notifier = typeof notifier === 'function' ? notifier : null;
+        this.notificationsEnabled = notificationsEnabled;
+    }
+
+    setDebugLogPath(debugLogPath) {
+        this.debugLogPath = debugLogPath;
+    }
+
+    notify(message, level = 'info', options = {}) {
+        const { forceDialog = false, ...metadata } = options;
+        this._appendDebugLog(`NOTIFY|${level}|${forceDialog ? 'force-dialog|' : ''}${message}`);
+
+        if (this.notifier && this.notificationsEnabled) {
+            try {
+                this.notifier(message, level, { ...metadata, forceDialog });
+            } catch (error) {
+                const msg = error && error.message ? error.message : String(error);
+                this._appendDebugLog(`NOTIFIER_ERROR|${msg}`);
+                this.logger?.debug?.('REALTIME_GUARD_NOTIFIER_ERROR', { error: msg });
+            }
+        }
+
+        if (this.notificationService) {
+            this.notificationService.enqueue({
+                message,
+                level,
+                metadata: { ...metadata, forceDialog }
+            });
+        }
+    }
+
+    _appendDebugLog(entry) {
+        if (!this.debugLogPath) return;
+        try {
+            const timestamp = new Date().toISOString();
+            fs.appendFileSync(this.debugLogPath, `[${timestamp}] ${entry}\n`);
+        } catch (error) {
+            console.error('[GuardNotifier] Failed to write debug log:', error.message);
+        }
+    }
+
+    appendDebugLog(entry) {
+        this._appendDebugLog(entry);
+    }
+}
+
+module.exports = GuardNotifier;

package/scripts/hooks-system/application/services/installation/McpConfigurator.js

@@ -61,8 +61,9 @@ class McpConfigurator {
         for (const c of candidates) {
             try {
                 if (fs.existsSync(c)) return c;
-            } catch {
-                // ignore
+            } catch (error) {
+                // Log error but continue checking other candidates
+                console.warn(`Failed to check path ${c}:`, error.message);
             }
         }
 

package/scripts/hooks-system/infrastructure/ast/ast-intelligence.js

@@ -28,6 +28,9 @@ async function runASTIntelligence() {
     const { getRepoRoot } = require('./ast-core');
     const root = getRepoRoot();
 
+    const stagingOnlyMode = env.get('STAGING_ONLY_MODE', '0') === '1';
+    const stagedRelFiles = stagingOnlyMode ? getStagedFilesRel(root) : [];
+
     const allFiles = listSourceFiles(root);
 
     const project = createProject(allFiles);
@@ -58,7 +61,7 @@ async function runASTIntelligence() {
     await runPlatformAnalysis(project, findings, context);
 
     // Generate output
-    generateOutput(findings, context, project, root);
+    generateOutput(findings, { ...context, stagingOnlyMode, stagedFiles: stagedRelFiles }, project, root);
 
   } catch (error) {
     console.error("AST Intelligence Error:", error.message);
@@ -69,6 +72,23 @@ async function runASTIntelligence() {
   }
 }
 
+function getStagedFilesRel(root) {
+  try {
+    const { execSync } = require('child_process');
+    return execSync('git diff --cached --name-only --diff-filter=ACM', {
+      encoding: 'utf8',
+      cwd: root,
+      stdio: ['ignore', 'pipe', 'pipe']
+    })
+      .trim()
+      .split('\n')
+      .map(s => s.trim())
+      .filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+
 function runProjectHardcodedThresholdAudit(root, allFiles, findings) {
   if (env.get('AST_INSIGHTS', '0') !== '1') return;
 
@@ -368,36 +388,18 @@ function generateOutput(findings, context, project, root) {
 
   // Top violations
   const grouped = {};
-  const levelRank = { LOW: 1, MEDIUM: 2, HIGH: 3, CRITICAL: 4 };
-  const emojiForLevel = (level) => (level === 'CRITICAL' || level === 'HIGH' ? '🔴' : '🔵');
-
   findings.forEach(f => {
-    if (!f || !f.ruleId) return;
-    const level = mapToLevel(f.severity);
-    if (!grouped[f.ruleId]) {
-      grouped[f.ruleId] = { count: 0, worstLevel: level };
-    }
-    grouped[f.ruleId].count += 1;
-    if ((levelRank[level] || 0) > (levelRank[grouped[f.ruleId].worstLevel] || 0)) {
-      grouped[f.ruleId].worstLevel = level;
-    }
-  });
-
-  const entries = Object.entries(grouped)
-    .map(([ruleId, data]) => ({ ruleId, count: data.count, worstLevel: data.worstLevel }))
-    .sort((a, b) => b.count - a.count);
-
-  const blockers = entries.filter(e => e.worstLevel === 'CRITICAL' || e.worstLevel === 'HIGH');
-  const nonBlockers = entries.filter(e => e.worstLevel !== 'CRITICAL' && e.worstLevel !== 'HIGH');
-
-  blockers.forEach(({ ruleId, count, worstLevel }) => {
-    console.error(`${emojiForLevel(worstLevel)} ${ruleId} - ${count} violations`);
+    grouped[f.ruleId] = (grouped[f.ruleId] || 0) + 1;
   });
 
-  nonBlockers
-    .slice(0, Math.max(0, 20 - blockers.length))
-    .forEach(({ ruleId, count, worstLevel }) => {
-      console.error(`${emojiForLevel(worstLevel)} ${ruleId} - ${count} violations`);
+  Object.entries(grouped)
+    .sort((a, b) => b[1] - a[1])
+    .slice(0, 20)
+    .forEach(([ruleId, count]) => {
+      const severity = ruleId.includes("types.any") || ruleId.includes("security.") || ruleId.includes("architecture.") ? "error" :
+        ruleId.includes("performance.") || ruleId.includes("debug.") ? "warning" : "info";
+      const emoji = severity === "error" ? "🔴" : severity === "warning" ? "🟡" : "🔵";
+      console.error(`${emoji} ${ruleId} - ${count} violations`);
     });
 
   // Summary
@@ -474,6 +476,8 @@ function saveDetailedReport(findings, levelTotals, platformTotals, project, root
         totalFiles: project.getSourceFiles().length,
         timestamp: new Date().toISOString(),
         root,
+        stagingOnlyMode: !!(context && context.stagingOnlyMode),
+        stagedFiles: Array.isArray(context && context.stagedFiles) ? context.stagedFiles : [],
       },
     };
 
@@ -593,7 +597,7 @@ function listSourceFiles(root) {
         })
         .filter(f => fs.existsSync(f) && !shouldIgnore(f.replace(/\\/g, "/")));
 
-      // Si hay staged files pero ninguno es compatible con AST
+      // If there are staged files but none are compatible with AST
       if (stagedFiles.length === 0 && allStaged.length > 0) {
         console.error('\n⚠️  No AST-compatible files in staging area');
         console.error('   Staged files found:', allStaged.length);

package/scripts/hooks-system/infrastructure/ast/ios/analyzers/iOSASTIntelligentAnalyzer.js

@@ -2,6 +2,8 @@
 const { execSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
+const crypto = require('crypto');
+const env = require('../../../config/env');
 
 class iOSASTIntelligentAnalyzer {
   constructor(findings) {
@@ -22,6 +24,30 @@ class iOSASTIntelligentAnalyzer {
     this.closures = [];
   }
 
+  resolveAuditTmpDir(repoRoot) {
+    const configured = String(env.get('AUDIT_TMP', '') || '').trim();
+    if (configured.length > 0) {
+      return path.isAbsolute(configured) ? configured : path.join(repoRoot, configured);
+    }
+    return path.join(repoRoot, '.audit_tmp');
+  }
+
+  safeTempFilePath(repoRoot, displayPath) {
+    const tmpDir = this.resolveAuditTmpDir(repoRoot);
+    const hash = crypto.createHash('sha1').update(String(displayPath)).digest('hex').slice(0, 10);
+    const base = path.basename(displayPath, '.swift');
+    const filename = `${base}.${hash}.staged.swift`;
+    return path.join(tmpDir, filename);
+  }
+
+  readStagedFileContent(repoRoot, relPath) {
+    try {
+      return execSync(`git show :"${relPath}"`, { encoding: 'utf8', cwd: repoRoot, stdio: ['ignore', 'pipe', 'pipe'] });
+    } catch {
+      return null;
+    }
+  }
+
   checkSourceKitten() {
     try {
       execSync(`${this.sourceKittenPath} version`, { stdio: 'pipe' });
@@ -50,7 +76,7 @@ class iOSASTIntelligentAnalyzer {
     return false;
   }
 
-  analyzeWithSwiftSyntax(filePath) {
+  analyzeWithSwiftSyntax(filePath, displayPath = null) {
     if (!this.swiftSyntaxPath) return;
     try {
       const result = execSync(`"${this.swiftSyntaxPath}" "${filePath}"`, {
@@ -58,8 +84,9 @@ class iOSASTIntelligentAnalyzer {
       });
       const violations = JSON.parse(result);
       for (const v of violations) {
+        const reportedPath = displayPath || filePath;
         this.findings.push({
-          ruleId: v.ruleId, severity: v.severity, filePath,
+          ruleId: v.ruleId, severity: v.severity, filePath: reportedPath,
           line: v.line, column: v.column, message: v.message
         });
       }
@@ -81,21 +108,46 @@ class iOSASTIntelligentAnalyzer {
     }
   }
 
-  analyzeFile(filePath) {
-    if (!filePath.endsWith('.swift')) return;
+  analyzeFile(filePath, options = {}) {
+    if (!filePath || !String(filePath).endsWith('.swift')) return;
+
+    const repoRoot = options.repoRoot || require('../ast-core').getRepoRoot();
+    const displayPath = options.displayPath || filePath;
+    const stagedRelPath = options.stagedRelPath || null;
+    const stagingOnly = env.get('STAGING_ONLY_MODE', '0') === '1';
+
+    let parsePath = filePath;
+    let contentOverride = null;
+
+    if (stagingOnly && stagedRelPath) {
+      const stagedContent = this.readStagedFileContent(repoRoot, stagedRelPath);
+      if (typeof stagedContent === 'string') {
+        const tmpPath = this.safeTempFilePath(repoRoot, stagedRelPath);
+        try {
+          fs.mkdirSync(path.dirname(tmpPath), { recursive: true });
+          fs.writeFileSync(tmpPath, stagedContent, 'utf8');
+          parsePath = tmpPath;
+          contentOverride = stagedContent;
+        } catch {
+          // Fall back to working tree file
+        }
+      }
+    }
 
     if (this.hasSwiftSyntax) {
-      this.analyzeWithSwiftSyntax(filePath);
+      this.analyzeWithSwiftSyntax(parsePath, displayPath);
     }
 
-    const ast = this.parseFile(filePath);
+    const ast = this.parseFile(parsePath);
     if (!ast) return;
 
-    this.currentFilePath = filePath;
+    this.currentFilePath = displayPath;
     this.resetCollections();
 
     try {
-      this.fileContent = fs.readFileSync(filePath, 'utf8');
+      this.fileContent = typeof contentOverride === 'string'
+        ? contentOverride
+        : fs.readFileSync(parsePath, 'utf8');
     } catch {
       this.fileContent = '';
     }
@@ -103,7 +155,7 @@ class iOSASTIntelligentAnalyzer {
     const substructure = ast['key.substructure'] || [];
 
     this.collectAllNodes(substructure, null);
-    this.analyzeCollectedNodes(filePath);
+    this.analyzeCollectedNodes(displayPath);
   }
 
   resetCollections() {
@@ -427,10 +479,28 @@ class iOSASTIntelligentAnalyzer {
     }
   }
 
+  countLinesInBody(node) {
+    const offset = Number(node['key.bodyoffset']);
+    const length = Number(node['key.bodylength']);
+    if (!Number.isFinite(offset) || !Number.isFinite(length) || offset < 0 || length <= 0) {
+      return 0;
+    }
+
+    try {
+      const buf = Buffer.from(this.fileContent || '', 'utf8');
+      const slice = buf.subarray(offset, Math.min(buf.length, offset + length));
+      const text = slice.toString('utf8');
+      if (!text) return 0;
+      return text.split('\n').length;
+    } catch {
+      return 0;
+    }
+  }
+
   analyzeFunctionAST(node, filePath) {
     const name = node['key.name'] || '';
     const line = node['key.line'] || 1;
-    const bodyLength = node['key.bodylength'] || 0;
+    const bodyLength = this.countLinesInBody(node) || 0;
     const attributes = this.getAttributes(node);
     const substructure = node['key.substructure'] || [];