pumuki-ast-hooks 5.5.8 → 5.5.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/scripts/hooks-system/application/services/guard/EvidenceManager.js +4 -4
- package/scripts/hooks-system/application/services/monitoring/EvidenceMonitorService.js +3 -1
- package/scripts/hooks-system/bin/update-evidence.sh +2 -2
- package/scripts/hooks-system/infrastructure/orchestration/intelligent-audit.js +2 -0
- package/scripts/hooks-system/infrastructure/shell/orchestrators/audit-orchestrator.sh +25 -0
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pumuki-ast-hooks",
|
|
3
|
-
"version": "5.5.
|
|
3
|
+
"version": "5.5.10",
|
|
4
4
|
"description": "Enterprise-grade AST Intelligence System with multi-platform support (iOS, Android, Backend, Frontend) and Feature-First + DDD + Clean Architecture enforcement. Includes dynamic violations API for intelligent querying.",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"bin": {
|
|
@@ -54,10 +54,10 @@ class EvidenceManager {
|
|
|
54
54
|
}
|
|
55
55
|
const raw = fs.readFileSync(this.evidencePath, 'utf8');
|
|
56
56
|
const json = JSON.parse(raw);
|
|
57
|
-
const
|
|
58
|
-
|
|
59
|
-
const ms =
|
|
60
|
-
if (Number.
|
|
57
|
+
const rootMs = new Date(json?.timestamp).getTime();
|
|
58
|
+
const severityMs = new Date(json?.severity_metrics?.last_updated).getTime();
|
|
59
|
+
const ms = [rootMs, severityMs].filter(Number.isFinite).reduce((max, v) => Math.max(max, v), NaN);
|
|
60
|
+
if (!Number.isFinite(ms)) return null;
|
|
61
61
|
return ms;
|
|
62
62
|
} catch (error) {
|
|
63
63
|
const msg = error && error.message ? error.message : String(error);
|
|
@@ -89,7 +89,9 @@ class EvidenceMonitorService {
|
|
|
89
89
|
try {
|
|
90
90
|
const raw = this.fs.readFileSync(this.evidencePath, 'utf8');
|
|
91
91
|
const data = JSON.parse(raw);
|
|
92
|
-
const
|
|
92
|
+
const rootTimestamp = new Date(data.timestamp).getTime();
|
|
93
|
+
const severityTimestamp = new Date(data?.severity_metrics?.last_updated).getTime();
|
|
94
|
+
const timestamp = [rootTimestamp, severityTimestamp].filter(Number.isFinite).reduce((max, v) => Math.max(max, v), NaN);
|
|
93
95
|
if (!Number.isFinite(timestamp)) {
|
|
94
96
|
this.notify({
|
|
95
97
|
message: 'Evidence timestamp is invalid.',
|
|
@@ -14,9 +14,9 @@ for arg in "$@"; do
|
|
|
14
14
|
fi
|
|
15
15
|
done
|
|
16
16
|
|
|
17
|
-
CLI="$REPO_ROOT/scripts/hooks-system/bin/cli.js"
|
|
17
|
+
CLI="$REPO_ROOT/node_modules/pumuki-ast-hooks/scripts/hooks-system/bin/cli.js"
|
|
18
18
|
if [[ ! -f "$CLI" ]]; then
|
|
19
|
-
CLI="$REPO_ROOT/
|
|
19
|
+
CLI="$REPO_ROOT/scripts/hooks-system/bin/cli.js"
|
|
20
20
|
fi
|
|
21
21
|
|
|
22
22
|
if [[ ! -f "$CLI" ]]; then
|
|
@@ -180,6 +180,8 @@ function updateAIEvidence(violations, gateResult, tokenUsage) {
|
|
|
180
180
|
try {
|
|
181
181
|
const evidence = JSON.parse(fs.readFileSync(evidencePath, 'utf8'));
|
|
182
182
|
|
|
183
|
+
evidence.timestamp = new Date().toISOString();
|
|
184
|
+
|
|
183
185
|
evidence.severity_metrics = {
|
|
184
186
|
last_updated: new Date().toISOString(),
|
|
185
187
|
total_violations: violations.length,
|
|
@@ -771,6 +771,13 @@ summarize_all() {
|
|
|
771
771
|
print_final_signature
|
|
772
772
|
exit 0
|
|
773
773
|
fi
|
|
774
|
+
|
|
775
|
+
local is_revert_in_progress=0
|
|
776
|
+
if [[ "${AST_ALLOW_REVERT:-1}" == "1" ]] && command -v git >/dev/null 2>&1; then
|
|
777
|
+
if git rev-parse -q --verify REVERT_HEAD >/dev/null 2>&1; then
|
|
778
|
+
is_revert_in_progress=1
|
|
779
|
+
fi
|
|
780
|
+
fi
|
|
774
781
|
local gate_crit gate_high gate_med gate_low gate_es
|
|
775
782
|
|
|
776
783
|
# Decide gate values based on mode
|
|
@@ -795,6 +802,15 @@ summarize_all() {
|
|
|
795
802
|
# Block on ANY violation (CRITICAL + HIGH + MEDIUM + LOW)
|
|
796
803
|
if (( gate_crit > 0 || gate_high > 0 || gate_med > 0 || gate_low > 0 || gate_es > 0 )); then
|
|
797
804
|
printf "\n"
|
|
805
|
+
if (( is_revert_in_progress == 1 )); then
|
|
806
|
+
printf "%b[REVERT MODE - COMMIT ALLOWED]%b\n" "$YELLOW" "$NC"
|
|
807
|
+
printf " Detected git revert in progress (REVERT_HEAD).\n"
|
|
808
|
+
printf " Skipping quality gate blocking for pre-existing violations.\n"
|
|
809
|
+
printf " Tip: set AST_ALLOW_REVERT=0 to enforce gates during revert.\n"
|
|
810
|
+
printf "\n"
|
|
811
|
+
print_final_signature
|
|
812
|
+
exit 0
|
|
813
|
+
fi
|
|
798
814
|
if [[ "${BLOCK_ON_REPO_VIOLATIONS:-0}" == "1" ]]; then
|
|
799
815
|
printf "%b[COMMIT BLOCKED - STRICT REPO+STAGING]%b\n" "$RED" "$NC"
|
|
800
816
|
printf " CRITICAL violations (repository): %s\n" "$gate_crit"
|
|
@@ -819,6 +835,15 @@ summarize_all() {
|
|
|
819
835
|
# Standard mode: Block only on CRITICAL/HIGH IN STAGING
|
|
820
836
|
if (( gate_crit > 0 || gate_high > 0 )); then
|
|
821
837
|
printf "\n"
|
|
838
|
+
if (( is_revert_in_progress == 1 )); then
|
|
839
|
+
printf "%b[REVERT MODE - COMMIT ALLOWED]%b\n" "$YELLOW" "$NC"
|
|
840
|
+
printf " Detected git revert in progress (REVERT_HEAD).\n"
|
|
841
|
+
printf " Skipping quality gate blocking for pre-existing violations.\n"
|
|
842
|
+
printf " Tip: set AST_ALLOW_REVERT=0 to enforce gates during revert.\n"
|
|
843
|
+
printf "\n"
|
|
844
|
+
print_final_signature
|
|
845
|
+
exit 0
|
|
846
|
+
fi
|
|
822
847
|
printf "%b[COMMIT BLOCKED - CRITICAL/HIGH]%b\n" "$RED" "$NC"
|
|
823
848
|
printf " CRITICAL violations in staging: %s\n" "$gate_crit"
|
|
824
849
|
printf " HIGH violations in staging: %s\n" "$gate_high"
|