pumuki 6.3.97 → 6.3.99

package/integrations/mcp/alignedPlatformGate.ts

@@ -1,232 +0,0 @@
-import type { AiGateStage } from '../gate/evaluateAiGate';
-import { resolvePolicyForStage } from '../gate/stagePolicies';
-import type { SddDecision } from '../sdd';
-import { GitService } from '../git/GitService';
-import { runPlatformGate } from '../git/runPlatformGate';
-import type { GateScope } from '../git/runPlatformGateFacts';
-import { readMcpPrePushStdin } from './readMcpPrePushStdin';
-
-const ZERO_HASH = /^0+$/;
-
-const runGit = (repoRoot: string, args: ReadonlyArray<string>): string | null => {
-  try {
-    return new GitService().runGit(args, repoRoot).trim();
-  } catch {
-    return null;
-  }
-};
-
-const resolveUpstreamRefInRepo = (repoRoot: string): string | null =>
-  runGit(repoRoot, ['rev-parse', '@{u}']);
-
-const resolveHeadOidInRepo = (repoRoot: string): string | null =>
-  runGit(repoRoot, ['rev-parse', 'HEAD']);
-
-const resolveCiBaseRefInRepo = (repoRoot: string): string => {
-  const fromEnv = process.env.GITHUB_BASE_REF?.trim();
-  if (fromEnv) {
-    if (runGit(repoRoot, ['rev-parse', '--verify', fromEnv])) {
-      return fromEnv;
-    }
-    const remoteRef = `origin/${fromEnv}`;
-    if (runGit(repoRoot, ['rev-parse', '--verify', remoteRef])) {
-      return remoteRef;
-    }
-  }
-
-  for (const candidate of ['origin/main', 'main', 'HEAD']) {
-    if (runGit(repoRoot, ['rev-parse', '--verify', candidate])) {
-      return candidate;
-    }
-  }
-
-  return 'HEAD';
-};
-
-const resolvePrePushBootstrapBaseRefInRepo = (repoRoot: string): string => {
-  const candidates = ['origin/develop', 'develop', resolveCiBaseRefInRepo(repoRoot)];
-  for (const candidate of candidates) {
-    if (runGit(repoRoot, ['rev-parse', '--verify', candidate])) {
-      return candidate;
-    }
-  }
-
-  return 'HEAD';
-};
-
-const shouldAllowBootstrapPrePush = (rawInput: string): boolean => {
-  const lines = rawInput
-    .split('\n')
-    .map((line) => line.trim())
-    .filter((line) => line.length > 0);
-
-  for (const line of lines) {
-    const [localRef, localOid, remoteRef, remoteOid] = line.split(/\s+/);
-    if (!localRef || !localOid || !remoteRef || !remoteOid) {
-      continue;
-    }
-    const localIsBranch = localRef.startsWith('refs/heads/');
-    const remoteIsBranch = remoteRef.startsWith('refs/heads/');
-    const localIsDeletion = ZERO_HASH.test(localOid);
-    const remoteIsNewBranch = ZERO_HASH.test(remoteOid);
-
-    if (localIsBranch && remoteIsBranch && !localIsDeletion && remoteIsNewBranch) {
-      return true;
-    }
-  }
-
-  return false;
-};
-
-const resolveExplicitPrePushRange = (
-  rawInput: string
-): { fromRef: string; toRef: string } | undefined => {
-  const lines = rawInput
-    .split('\n')
-    .map((line) => line.trim())
-    .filter((line) => line.length > 0);
-
-  const eligibleRanges = lines
-    .map((line) => {
-      const [localRef, localOid, remoteRef, remoteOid] = line.split(/\s+/);
-      if (!localRef || !localOid || !remoteRef || !remoteOid) {
-        return undefined;
-      }
-      const localIsDeletion = ZERO_HASH.test(localOid);
-      const remoteIsNewBranch = ZERO_HASH.test(remoteOid);
-      if (localIsDeletion || remoteIsNewBranch) {
-        return undefined;
-      }
-      return {
-        fromRef: remoteOid,
-        toRef: localOid,
-      };
-    })
-    .filter((value): value is { fromRef: string; toRef: string } => Boolean(value));
-
-  if (eligibleRanges.length !== 1) {
-    return undefined;
-  }
-
-  return eligibleRanges[0];
-};
-
-type PrePushScopeResolution =
-  | { kind: 'scope'; scope: GateScope; sddDecisionOverride?: Pick<SddDecision, 'allowed' | 'code' | 'message'> }
-  | { kind: 'upstream_missing' };
-
-const resolvePrePushScopeForMcp = (params: { repoRoot: string }): PrePushScopeResolution => {
-  const prePushInput = readMcpPrePushStdin();
-  const upstreamRef = resolveUpstreamRefInRepo(params.repoRoot);
-  if (!upstreamRef) {
-    const bootstrapBaseRef = resolvePrePushBootstrapBaseRefInRepo(params.repoRoot);
-    const bootstrapByPrePushStdIn = shouldAllowBootstrapPrePush(prePushInput);
-    const bootstrapByFallbackBase = !bootstrapByPrePushStdIn && bootstrapBaseRef !== 'HEAD';
-    const manualInvocationFallback =
-      !bootstrapByPrePushStdIn &&
-      !bootstrapByFallbackBase &&
-      prePushInput.trim().length === 0;
-    if (bootstrapByPrePushStdIn || bootstrapByFallbackBase) {
-      return {
-        kind: 'scope',
-        scope: {
-          kind: 'range',
-          fromRef: bootstrapBaseRef,
-          toRef: 'HEAD',
-        },
-      };
-    }
-    if (manualInvocationFallback) {
-      return { kind: 'scope', scope: { kind: 'workingTree' } };
-    }
-    return { kind: 'upstream_missing' };
-  }
-  const explicitPrePushRange = resolveExplicitPrePushRange(prePushInput);
-  const prePushFromRef = explicitPrePushRange?.fromRef ?? upstreamRef;
-  const prePushToRef = explicitPrePushRange?.toRef ?? 'HEAD';
-  const headOid = resolveHeadOidInRepo(params.repoRoot);
-  const sddDecisionOverride =
-    explicitPrePushRange && headOid && explicitPrePushRange.toRef !== headOid
-      ? ({
-        allowed: true,
-        code: 'ALLOWED',
-        message:
-          `SDD enforcement suspended for PRE_PUSH historical publish targeting ${explicitPrePushRange.toRef.slice(0, 12)} ` +
-          `instead of current HEAD ${headOid.slice(0, 12)}.`,
-      } as Pick<SddDecision, 'allowed' | 'code' | 'message'>)
-      : undefined;
-  return {
-    kind: 'scope',
-    scope: {
-      kind: 'range',
-      fromRef: prePushFromRef,
-      toRef: prePushToRef,
-    },
-    sddDecisionOverride,
-  };
-};
-
-type RunAlignedParams = {
-  repoRoot: string;
-  stage: AiGateStage;
-};
-
-export const runMcpAlignedPlatformGate = async (
-  params: RunAlignedParams
-): Promise<{ exitCode: number; aligned: boolean; skipReason: string | null }> => {
-  const git = new GitService();
-  const resolved = resolvePolicyForStage(params.stage, params.repoRoot);
-  if (params.stage === 'PRE_WRITE') {
-    const exitCode = await runPlatformGate({
-      policy: resolved.policy,
-      policyTrace: resolved.trace,
-      scope: { kind: 'workingTree' },
-      silent: true,
-      services: { git },
-    });
-    return { exitCode, aligned: true, skipReason: null };
-  }
-  if (params.stage === 'PRE_COMMIT') {
-    const exitCode = await runPlatformGate({
-      policy: resolved.policy,
-      policyTrace: resolved.trace,
-      scope: { kind: 'staged' },
-      silent: true,
-      services: { git },
-    });
-    return { exitCode, aligned: true, skipReason: null };
-  }
-  if (params.stage === 'CI') {
-    const ciBaseRef = resolveCiBaseRefInRepo(params.repoRoot);
-    const exitCode = await runPlatformGate({
-      policy: resolved.policy,
-      policyTrace: resolved.trace,
-      scope: {
-        kind: 'range',
-        fromRef: ciBaseRef,
-        toRef: 'HEAD',
-      },
-      silent: true,
-      services: { git },
-    });
-    return { exitCode, aligned: true, skipReason: null };
-  }
-  if (params.stage === 'PRE_PUSH') {
-    const scopeResolution = resolvePrePushScopeForMcp({ repoRoot: params.repoRoot });
-    if (scopeResolution.kind === 'upstream_missing') {
-      return { exitCode: 1, aligned: false, skipReason: 'PRE_PUSH_UPSTREAM_MISSING' };
-    }
-    const exitCode = await runPlatformGate({
-      policy: resolved.policy,
-      policyTrace: resolved.trace,
-      scope: scopeResolution.scope,
-      silent: true,
-      services: { git },
-      ...(scopeResolution.sddDecisionOverride
-        ? { sddDecisionOverride: scopeResolution.sddDecisionOverride }
-        : {}),
-    });
-    return { exitCode, aligned: true, skipReason: null };
-  }
-  throw new Error(`Unsupported MCP aligned stage: ${String(params.stage)}`);
-};

package/integrations/mcp/readMcpPrePushStdin.ts

@@ -1,7 +0,0 @@
-export const readMcpPrePushStdin = (): string => {
-  const envInput = process.env.PUMUKI_PRE_PUSH_STDIN;
-  if (typeof envInput === 'string' && envInput.trim().length > 0) {
-    return envInput;
-  }
-  return '';
-};

package/scripts/build-ruralgo-s1-evidence-pack.ts

@@ -1,85 +0,0 @@
-import {
-  buildRuralGoS1EvidencePackMarkdown,
-  writeRuralGoS1EvidencePack,
-} from './ruralgo-s1-evidence-pack-lib';
-
-type CliOptions = {
-  consumerRoot: string;
-  outFile: string;
-  packageVersion: string;
-  generatedAt: string;
-};
-
-const parseArgs = (argv: ReadonlyArray<string>): CliOptions => {
-  const options: CliOptions = {
-    consumerRoot: '<RURALGO_REPO_ROOT>',
-    outFile: '.audit-reports/ruralgo-s1/ruralgo-s1-evidence-pack.md',
-    packageVersion: 'unknown',
-    generatedAt: new Date().toISOString(),
-  };
-
-  for (let index = 0; index < argv.length; index += 1) {
-    const token = argv[index];
-    const next = argv[index + 1];
-    switch (token) {
-      case '--consumer-root':
-        if (!next) {
-          throw new Error('missing value for --consumer-root');
-        }
-        options.consumerRoot = next;
-        index += 1;
-        break;
-      case '--out':
-        if (!next) {
-          throw new Error('missing value for --out');
-        }
-        options.outFile = next;
-        index += 1;
-        break;
-      case '--package-version':
-        if (!next) {
-          throw new Error('missing value for --package-version');
-        }
-        options.packageVersion = next;
-        index += 1;
-        break;
-      case '--generated-at':
-        if (!next) {
-          throw new Error('missing value for --generated-at');
-        }
-        options.generatedAt = next;
-        index += 1;
-        break;
-      default:
-        throw new Error(`unknown argument: ${token}`);
-    }
-  }
-
-  return options;
-};
-
-const main = (): number => {
-  const cwd = process.cwd();
-  const options = parseArgs(process.argv.slice(2));
-  const markdown = buildRuralGoS1EvidencePackMarkdown({
-    cwd,
-    consumerRoot: options.consumerRoot,
-    packageVersion: options.packageVersion,
-    generatedAt: options.generatedAt,
-  });
-  const outputPath = writeRuralGoS1EvidencePack({
-    cwd,
-    outFile: options.outFile,
-    markdown,
-  });
-  process.stdout.write(`ruralgo s1 evidence pack generated at ${outputPath}\n`);
-  return 0;
-};
-
-try {
-  process.exitCode = main();
-} catch (error) {
-  const message = error instanceof Error ? error.message : 'unknown error';
-  process.stderr.write(`ruralgo s1 evidence pack failed: ${message}\n`);
-  process.exitCode = 1;
-}

package/scripts/ruralgo-s1-evidence-pack-lib.ts

@@ -1,200 +0,0 @@
-import { mkdirSync, writeFileSync } from 'node:fs';
-import { dirname, resolve } from 'node:path';
-
-type RuralGoS1EvidenceEntry = {
-  title: string;
-  mode: 'shell' | 'mcp';
-  command: string;
-  capture: ReadonlyArray<string>;
-  expectedFragments: ReadonlyArray<string>;
-  incs: ReadonlyArray<string>;
-};
-
-export type RuralGoS1EvidencePackOptions = {
-  cwd: string;
-  consumerRoot: string;
-  packageVersion: string;
-  generatedAt: string;
-};
-
-const resolvePumukiPackageSelector = (packageVersion: string): string => {
-  const trimmed = packageVersion.trim();
-  const isStableSemver = /^\d+\.\d+\.\d+(?:[-+][0-9A-Za-z.-]+)?$/.test(trimmed);
-  if (isStableSemver) {
-    return `pumuki@${trimmed}`;
-  }
-  return 'pumuki@latest';
-};
-
-const EVIDENCE_ENTRIES: ReadonlyArray<RuralGoS1EvidenceEntry> = [
-  {
-    title: 'Lifecycle status',
-    mode: 'shell',
-    command: 'npm run pumuki:status',
-    capture: [
-      'Bloque `governance truth` completo.',
-      'Indicadores de contrato efectivo, rama y skills surface.',
-    ],
-    expectedFragments: [
-      'governance truth',
-      'governance_effective',
-      'contract_surface',
-      'current_branch',
-    ],
-    incs: ['PUMUKI-INC-070', 'PUMUKI-INC-071', 'PUMUKI-INC-073', 'PUMUKI-INC-076'],
-  },
-  {
-    title: 'Lifecycle doctor',
-    mode: 'shell',
-    command: 'npm run pumuki:doctor',
-    capture: [
-      'Veredicto humano final.',
-      'Bloque `governance truth` con `next_action` visible.',
-    ],
-    expectedFragments: [
-      'governance truth',
-      'next_action',
-      'reason_code',
-      'WARN',
-    ],
-    incs: ['PUMUKI-INC-070', 'PUMUKI-INC-071', 'PUMUKI-INC-073'],
-  },
-  {
-    title: 'PRE_WRITE canónico',
-    mode: 'shell',
-    command: 'npx --yes --package pumuki@latest pumuki sdd validate --stage=PRE_WRITE --json',
-    capture: [
-      'Salida JSON completa.',
-      'Campos de session/mode y remediación inmediata.',
-    ],
-    expectedFragments: [
-      '"stage":"PRE_WRITE"',
-      '"decision"',
-      '"next_action"',
-    ],
-    incs: ['PUMUKI-INC-070', 'PUMUKI-INC-072'],
-  },
-  {
-    title: 'Hook pre-commit / gate',
-    mode: 'shell',
-    command: 'git commit --allow-empty -m "test: pumuki s1 validation"',
-    capture: [
-      'Bloque de gate con `reason_code`, `instruction` y `next_action`.',
-      'Si bloquea, conservar `NEXT:` y `REMEDIATION:`.',
-    ],
-    expectedFragments: [
-      'reason_code=',
-      'instruction=',
-      'next_action=',
-    ],
-    incs: ['PUMUKI-INC-071', 'PUMUKI-INC-073', 'PUMUKI-INC-076'],
-  },
-  {
-    title: 'MCP pre_flight_check',
-    mode: 'mcp',
-    command: 'mcp::pre_flight_check(stage=PRE_WRITE)',
-    capture: [
-      'Payload completo de `result`.',
-      'Campos `reason_code`, `instruction`, `next_action`, `hints`.',
-    ],
-    expectedFragments: [
-      'reason_code',
-      'instruction',
-      'next_action',
-      'hints',
-    ],
-    incs: ['PUMUKI-INC-071', 'PUMUKI-INC-072', 'PUMUKI-INC-073'],
-  },
-  {
-    title: 'MCP auto_execute_ai_start',
-    mode: 'mcp',
-    command: 'mcp::auto_execute_ai_start(stage=PRE_WRITE)',
-    capture: [
-      'Payload completo de `result`.',
-      'Campos `action`, `reason_code`, `next_action`, `confidence_pct`.',
-    ],
-    expectedFragments: [
-      'action',
-      'reason_code',
-      'next_action',
-      'confidence_pct',
-    ],
-    incs: ['PUMUKI-INC-071', 'PUMUKI-INC-073', 'PUMUKI-INC-076'],
-  },
-];
-
-const renderEntry = (params: {
-  entry: RuralGoS1EvidenceEntry;
-  consumerRoot: string;
-}): string => {
-  const command = params.entry.mode === 'shell'
-    ? `cd ${params.consumerRoot} && ${params.entry.command}`
-    : params.entry.command;
-
-  return [
-    `### ${params.entry.title}`,
-    '',
-    `- mode: ${params.entry.mode}`,
-    `- command: \`${command}\``,
-    `- incs: ${params.entry.incs.join(', ')}`,
-    '- capture:',
-    ...params.entry.capture.map((item) => `  - ${item}`),
-    '- expected_fragments:',
-    ...params.entry.expectedFragments.map((item) => `  - ${item}`),
-    '',
-  ].join('\n');
-};
-
-export const buildRuralGoS1EvidencePackMarkdown = (
-  options: RuralGoS1EvidencePackOptions
-): string => {
-  const pumukiPackageSelector = resolvePumukiPackageSelector(options.packageVersion);
-  const evidenceEntries: ReadonlyArray<RuralGoS1EvidenceEntry> = EVIDENCE_ENTRIES.map((entry) =>
-    entry.title === 'PRE_WRITE canónico'
-      ? {
-        ...entry,
-        command: `npx --yes --package ${pumukiPackageSelector} pumuki sdd validate --stage=PRE_WRITE --json`,
-      }
-      : entry
-  );
-
-  return [
-    '# RuralGo S1 Evidence Pack',
-    '',
-    `- generated_at: ${options.generatedAt}`,
-    `- consumer_root: \`${options.consumerRoot}\``,
-    `- package_version: ${options.packageVersion}`,
-    '- objective: validar S1 contra PUMUKI-INC-071/073/076 y reunir soporte adicional para 070/072.',
-    '',
-    '## Uso',
-    '',
-    '- Ejecuta los comandos shell desde el consumer real tras repinear la semver publicada.',
-    '- Captura las respuestas MCP desde una sesión conectada al servidor enterprise.',
-    '- No muevas un INC a `FIXED` si falta convergencia entre lifecycle, hooks y MCP.',
-    '',
-    ...evidenceEntries.map((entry) =>
-      renderEntry({
-        entry,
-        consumerRoot: options.consumerRoot,
-      })
-    ),
-    '## Criterio rápido de cierre',
-    '',
-    '- `PUMUKI-INC-071`: candidato a FIXED si lifecycle, hooks y MCP exponen contrato efectivo del repo.',
-    '- `PUMUKI-INC-073`: candidato a FIXED si el verde parcial desaparece y se ve governance real.',
-    '- `PUMUKI-INC-076`: candidato a FIXED si hooks y surfaces muestran GitFlow/naming como parte del gate.',
-    '- `PUMUKI-INC-072`: no cerrar salvo que el pre-edit gate aparezca de forma homogénea y automática.',
-    '',
-  ].join('\n');
-};
-
-export const writeRuralGoS1EvidencePack = (params: {
-  cwd: string;
-  outFile: string;
-  markdown: string;
-}): string => {
-  const outputPath = resolve(params.cwd, params.outFile);
-  mkdirSync(dirname(outputPath), { recursive: true });
-  writeFileSync(outputPath, params.markdown, 'utf8');
-  return outputPath;
-};