shipwright-cli 2.3.1 → 3.0.0

package/scripts/lib/pipeline-intelligence.sh

@@ -106,8 +106,45 @@ pipeline_should_skip_stage() {
 # Returns JSON with classified findings and routing recommendations.
 # ──────────────────────────────────────────────────────────────────────────────
 classify_quality_findings() {
-    local findings_dir="$ARTIFACTS_DIR"
-    local result_file="$ARTIFACTS_DIR/classified-findings.json"
+    local findings_dir="${1:-$ARTIFACTS_DIR}"
+    local result_file="$findings_dir/classified-findings.json"
+
+    # Build combined content for semantic classification
+    local content=""
+    if [[ -f "$findings_dir/adversarial-review.md" ]]; then
+        content="${content}
+--- adversarial-review.md ---
+$(head -500 "$findings_dir/adversarial-review.md" 2>/dev/null)"
+    fi
+    if [[ -f "$findings_dir/negative-review.md" ]]; then
+        content="${content}
+--- negative-review.md ---
+$(head -300 "$findings_dir/negative-review.md" 2>/dev/null)"
+    fi
+    if [[ -f "$findings_dir/security-audit.log" ]]; then
+        content="${content}
+--- security-audit.log ---
+$(cat "$findings_dir/security-audit.log" 2>/dev/null)"
+    fi
+    if [[ -f "$findings_dir/compound-architecture-validation.json" ]]; then
+        content="${content}
+--- compound-architecture-validation.json ---
+$(jq -r '.[] | "\(.severity): \(.message // .description // .)"' "$findings_dir/compound-architecture-validation.json" 2>/dev/null | head -50)"
+    fi
+
+    # Try semantic classification first when Claude is available
+    local route=""
+    if command -v claude &>/dev/null && [[ "${INTELLIGENCE_ENABLED:-false}" != "false" ]] && [[ -n "$content" ]]; then
+        local prompt="Classify these code review findings into exactly ONE primary category. Return ONLY a single word: security, architecture, correctness, performance, testing, documentation, style.
+
+Findings:
+$content"
+        local category
+        category=$(echo "$prompt" | timeout 30 claude -p --model sonnet 2>/dev/null | tr -d '[:space:]' | tr '[:upper:]' '[:lower:]')
+        if [[ "$category" =~ ^(security|architecture|correctness|performance|testing|documentation|style)$ ]]; then
+            route="$category"
+        fi
+    fi
 
     # Initialize counters
     local arch_count=0 security_count=0 correctness_count=0 performance_count=0 testing_count=0 style_count=0
@@ -173,40 +210,53 @@ classify_quality_findings() {
     fi
 
     # ── Determine routing ──
-    # Priority order: security > architecture > correctness > performance > testing > style
-    local route="correctness"  # default
+    # Use semantic classification when available; else fall back to grep-derived priority
     local needs_backtrack=false
     local priority_findings=""
 
-    if [[ "$security_count" -gt 0 ]]; then
-        route="security"
-        priority_findings="security:${security_count}"
-    fi
+    if [[ -z "$route" ]]; then
+        # Fallback: grep-based priority order: security > architecture > correctness > performance > testing > style
+        route="correctness"
 
-    if [[ "$arch_count" -gt 0 ]]; then
-        if [[ "$route" == "correctness" ]]; then
-            route="architecture"
-            needs_backtrack=true
+        if [[ "$security_count" -gt 0 ]]; then
+            route="security"
+            priority_findings="security:${security_count}"
         fi
-        priority_findings="${priority_findings:+${priority_findings},}architecture:${arch_count}"
-    fi
 
-    if [[ "$correctness_count" -gt 0 ]]; then
-        priority_findings="${priority_findings:+${priority_findings},}correctness:${correctness_count}"
-    fi
+        if [[ "$arch_count" -gt 0 ]]; then
+            if [[ "$route" == "correctness" ]]; then
+                route="architecture"
+                needs_backtrack=true
+            fi
+            priority_findings="${priority_findings:+${priority_findings},}architecture:${arch_count}"
+        fi
 
-    if [[ "$performance_count" -gt 0 ]]; then
-        if [[ "$route" == "correctness" && "$correctness_count" -eq 0 ]]; then
-            route="performance"
+        if [[ "$correctness_count" -gt 0 ]]; then
+            priority_findings="${priority_findings:+${priority_findings},}correctness:${correctness_count}"
         fi
-        priority_findings="${priority_findings:+${priority_findings},}performance:${performance_count}"
-    fi
 
-    if [[ "$testing_count" -gt 0 ]]; then
-        if [[ "$route" == "correctness" && "$correctness_count" -eq 0 && "$performance_count" -eq 0 ]]; then
-            route="testing"
+        if [[ "$performance_count" -gt 0 ]]; then
+            if [[ "$route" == "correctness" && "$correctness_count" -eq 0 ]]; then
+                route="performance"
+            fi
+            priority_findings="${priority_findings:+${priority_findings},}performance:${performance_count}"
         fi
-        priority_findings="${priority_findings:+${priority_findings},}testing:${testing_count}"
+
+        if [[ "$testing_count" -gt 0 ]]; then
+            if [[ "$route" == "correctness" && "$correctness_count" -eq 0 && "$performance_count" -eq 0 ]]; then
+                route="testing"
+            fi
+            priority_findings="${priority_findings:+${priority_findings},}testing:${testing_count}"
+        fi
+    else
+        # Semantic route: build priority_findings from counts, set needs_backtrack for architecture
+        [[ "$route" == "architecture" ]] && needs_backtrack=true
+        [[ "$arch_count" -gt 0 ]] && priority_findings="architecture:${arch_count}"
+        [[ "$security_count" -gt 0 ]] && priority_findings="${priority_findings:+${priority_findings},}security:${security_count}"
+        [[ "$correctness_count" -gt 0 ]] && priority_findings="${priority_findings:+${priority_findings},}correctness:${correctness_count}"
+        [[ "$performance_count" -gt 0 ]] && priority_findings="${priority_findings:+${priority_findings},}performance:${performance_count}"
+        [[ "$testing_count" -gt 0 ]] && priority_findings="${priority_findings:+${priority_findings},}testing:${testing_count}"
+        [[ -z "$priority_findings" ]] && priority_findings="${route}:1"
     fi
 
     # Style findings don't affect routing or count toward failure threshold
@@ -749,7 +799,7 @@ pipeline_record_quality_score() {
     rm -f "$tmp_score"
 
     # Rotate quality scores file to prevent unbounded growth
-    type rotate_jsonl &>/dev/null 2>&1 && rotate_jsonl "$scores_file" 5000
+    type rotate_jsonl >/dev/null 2>&1 && rotate_jsonl "$scores_file" 5000
 
     emit_event "pipeline.quality_score_recorded" \
         "issue=${ISSUE_NUMBER:-0}" \
@@ -1117,7 +1167,7 @@ stage_compound_quality() {
 
     # Intelligent audit selection
     local audit_plan='{"adversarial":"targeted","architecture":"targeted","simulation":"targeted","security":"targeted","dod":"targeted"}'
-    if type pipeline_select_audits &>/dev/null 2>&1; then
+    if type pipeline_select_audits >/dev/null 2>&1; then
         local _selected
         _selected=$(pipeline_select_audits 2>/dev/null) || true
         if [[ -n "$_selected" && "$_selected" != "null" ]]; then
@@ -1205,9 +1255,9 @@ stage_compound_quality() {
 
     # Vitals-driven adaptive cycle limit (preferred)
     local base_max_cycles="$max_cycles"
-    if type pipeline_adaptive_limit &>/dev/null 2>&1; then
+    if type pipeline_adaptive_limit >/dev/null 2>&1; then
         local _cq_vitals=""
-        if type pipeline_compute_vitals &>/dev/null 2>&1; then
+        if type pipeline_compute_vitals >/dev/null 2>&1; then
             _cq_vitals=$(pipeline_compute_vitals "$STATE_FILE" "$ARTIFACTS_DIR" "${ISSUE_NUMBER:-}" 2>/dev/null) || true
         fi
         local vitals_cq_limit
@@ -1270,7 +1320,7 @@ stage_compound_quality() {
         fi
 
         # 3. Developer Simulation (intelligence module)
-        if type simulation_review &>/dev/null 2>&1; then
+        if type simulation_review >/dev/null 2>&1; then
             local sim_enabled
             sim_enabled=$(jq -r '.intelligence.simulation_enabled // false' "$PIPELINE_CONFIG" 2>/dev/null || echo "false")
             local daemon_cfg="${PROJECT_ROOT}/.claude/daemon-config.json"
@@ -1310,7 +1360,7 @@ stage_compound_quality() {
         fi
 
         # 4. Architecture Enforcer (intelligence module)
-        if type architecture_validate_changes &>/dev/null 2>&1; then
+        if type architecture_validate_changes >/dev/null 2>&1; then
             local arch_enabled
             arch_enabled=$(jq -r '.intelligence.architecture_enabled // false' "$PIPELINE_CONFIG" 2>/dev/null || echo "false")
             local daemon_cfg="${PROJECT_ROOT}/.claude/daemon-config.json"
@@ -1474,7 +1524,7 @@ All quality checks clean:
 
             # DoD verification on successful pass
             local _dod_pass_rate=100
-            if type pipeline_verify_dod &>/dev/null 2>&1; then
+            if type pipeline_verify_dod >/dev/null 2>&1; then
                 pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
                 if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
                     _dod_pass_rate=$(jq -r '.pass_rate // 100' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "100")
@@ -1496,7 +1546,7 @@ All quality checks clean:
 
             # DoD verification on successful pass
             local _dod_pass_rate=100
-            if type pipeline_verify_dod &>/dev/null 2>&1; then
+            if type pipeline_verify_dod >/dev/null 2>&1; then
                 pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
                 if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
                     _dod_pass_rate=$(jq -r '.pass_rate // 100' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "100")
@@ -1590,7 +1640,7 @@ All quality checks clean:
 
     # DoD verification
     local _dod_pass_rate=0
-    if type pipeline_verify_dod &>/dev/null 2>&1; then
+    if type pipeline_verify_dod >/dev/null 2>&1; then
         pipeline_verify_dod "$ARTIFACTS_DIR" 2>/dev/null || true
         if [[ -f "$ARTIFACTS_DIR/dod-verification.json" ]]; then
             _dod_pass_rate=$(jq -r '.pass_rate // 0' "$ARTIFACTS_DIR/dod-verification.json" 2>/dev/null || echo "0")

package/scripts/lib/pipeline-quality-checks.sh

@@ -10,15 +10,15 @@ quality_check_security() {
     local tool_found=false
 
     # Try npm audit
-    if [[ -f "package.json" ]] && command -v npm &>/dev/null; then
+    if [[ -f "package.json" ]] && command -v npm >/dev/null 2>&1; then
         tool_found=true
         npm audit --production 2>&1 | tee "$audit_log" || audit_exit=$?
     # Try pip-audit
-    elif [[ -f "requirements.txt" || -f "pyproject.toml" ]] && command -v pip-audit &>/dev/null; then
+    elif [[ -f "requirements.txt" || -f "pyproject.toml" ]] && command -v pip-audit >/dev/null 2>&1; then
         tool_found=true
         pip-audit 2>&1 | tee "$audit_log" || audit_exit=$?
     # Try cargo audit
-    elif [[ -f "Cargo.toml" ]] && command -v cargo-audit &>/dev/null; then
+    elif [[ -f "Cargo.toml" ]] && command -v cargo-audit >/dev/null 2>&1; then
         tool_found=true
         cargo audit 2>&1 | tee "$audit_log" || audit_exit=$?
     fi
@@ -170,7 +170,7 @@ quality_check_bundle_size() {
     mv "$tmp_bundle_hist" "$bundle_history_file" 2>/dev/null || true
 
     # Intelligence: identify top dependency bloaters
-    if type intelligence_search_memory &>/dev/null 2>&1 && [[ -f "package.json" ]] && command -v jq &>/dev/null; then
+    if type intelligence_search_memory >/dev/null 2>&1 && [[ -f "package.json" ]] && command -v jq >/dev/null 2>&1; then
         local dep_sizes=""
         local deps
         deps=$(jq -r '.dependencies // {} | keys[]' package.json 2>/dev/null || true)
@@ -237,7 +237,7 @@ quality_check_perf_regression() {
         if [[ -f "$daemon_cfg" ]]; then
             intel_enabled=$(jq -r '.intelligence.enabled // false' "$daemon_cfg" 2>/dev/null || echo "false")
         fi
-        if [[ "$intel_enabled" == "true" ]] && command -v claude &>/dev/null; then
+        if [[ "$intel_enabled" == "true" ]] && command -v claude >/dev/null 2>&1; then
             local tail_output
             tail_output=$(tail -30 "$test_log" 2>/dev/null || true)
             if [[ -n "$tail_output" ]]; then
@@ -378,7 +378,7 @@ quality_check_api_compat() {
 
     # Check for breaking changes: removed endpoints, changed methods
     local removed_endpoints=""
-    if command -v jq &>/dev/null && [[ "$spec_file" == *.json ]]; then
+    if command -v jq >/dev/null 2>&1 && [[ "$spec_file" == *.json ]]; then
         local old_paths new_paths
         old_paths=$(echo "$old_spec" | jq -r '.paths | keys[]' 2>/dev/null | sort || true)
         new_paths=$(jq -r '.paths | keys[]' "$spec_file" 2>/dev/null | sort || true)
@@ -387,7 +387,7 @@ quality_check_api_compat() {
 
     # Enhanced schema diff: parameter changes, response schema, auth changes
     local param_changes="" schema_changes=""
-    if command -v jq &>/dev/null && [[ "$spec_file" == *.json ]]; then
+    if command -v jq >/dev/null 2>&1 && [[ "$spec_file" == *.json ]]; then
         # Detect parameter changes on existing endpoints
         local common_paths
         common_paths=$(comm -12 <(echo "$old_spec" | jq -r '.paths | keys[]' 2>/dev/null | sort) <(jq -r '.paths | keys[]' "$spec_file" 2>/dev/null | sort) 2>/dev/null || true)
@@ -407,7 +407,7 @@ quality_check_api_compat() {
 
     # Intelligence: semantic API diff for complex changes
     local semantic_diff=""
-    if type intelligence_search_memory &>/dev/null 2>&1 && command -v claude &>/dev/null; then
+    if type intelligence_search_memory >/dev/null 2>&1 && command -v claude >/dev/null 2>&1; then
         local spec_git_diff
         spec_git_diff=$(git diff "${BASE_BRANCH}...HEAD" -- "$spec_file" 2>/dev/null | head -200 || true)
         if [[ -n "$spec_git_diff" ]]; then
@@ -441,7 +441,7 @@ ${spec_git_diff}" --model haiku < /dev/null 2>/dev/null || true)
     if [[ -n "$removed_endpoints" || -n "$param_changes" ]]; then
         local issue_count=0
         [[ -n "$removed_endpoints" ]] && issue_count=$((issue_count + $(echo "$removed_endpoints" | wc -l | xargs)))
-        [[ -n "$param_changes" ]] && issue_count=$((issue_count + $(echo "$param_changes" | grep -c '.' || true)))
+        [[ -n "$param_changes" ]] && issue_count=$((issue_count + $(echo "$param_changes" | grep -c '.' 2>/dev/null || echo "0")))
         warn "API breaking changes: ${issue_count} issue(s) found"
         return 1
     fi
@@ -470,7 +470,7 @@ quality_check_coverage() {
         if [[ -f "$daemon_cfg_cov" ]]; then
             intel_enabled_cov=$(jq -r '.intelligence.enabled // false' "$daemon_cfg_cov" 2>/dev/null || echo "false")
         fi
-        if [[ "$intel_enabled_cov" == "true" ]] && command -v claude &>/dev/null; then
+        if [[ "$intel_enabled_cov" == "true" ]] && command -v claude >/dev/null 2>&1; then
             local tail_cov_output
             tail_cov_output=$(tail -40 "$test_log" 2>/dev/null || true)
             if [[ -n "$tail_cov_output" ]]; then
@@ -559,7 +559,7 @@ run_adversarial_review() {
     fi
 
     # Delegate to sw-adversarial.sh module when available (uses intelligence cache)
-    if type adversarial_review &>/dev/null 2>&1; then
+    if type adversarial_review >/dev/null 2>&1; then
         info "Using intelligence-backed adversarial review..."
         local json_result
         json_result=$(adversarial_review "$diff_content" "${GOAL:-}" 2>/dev/null || echo "[]")
@@ -605,7 +605,7 @@ run_adversarial_review() {
 
     # Inject previous adversarial findings from memory
     local adv_memory=""
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         adv_memory=$(intelligence_search_memory "adversarial review security findings for: ${GOAL:-}" "${HOME}/.shipwright/memory" 5 2>/dev/null) || true
     fi
 
@@ -676,7 +676,7 @@ $(head -200 "$file" 2>/dev/null || true)
 
     # Inject previous negative prompting findings from memory
     local neg_memory=""
-    if type intelligence_search_memory &>/dev/null 2>&1; then
+    if type intelligence_search_memory >/dev/null 2>&1; then
         neg_memory=$(intelligence_search_memory "negative prompting findings common concerns for: ${GOAL:-}" "${HOME}/.shipwright/memory" 5 2>/dev/null) || true
     fi
 
@@ -853,9 +853,9 @@ run_bash_compat_check() {
     while IFS= read -r filepath; do
         [[ -z "$filepath" ]] && continue
 
-        # declare -A (associative arrays)
+        # declare -A (associative arrays; declare -a is bash 3.2 compatible)
         local declare_a_count
-        declare_a_count=$(grep -c 'declare[[:space:]]*-[aA]' "$filepath" 2>/dev/null || true)
+        declare_a_count=$(grep -c 'declare[[:space:]]*-A' "$filepath" 2>/dev/null || true)
         if [[ "$declare_a_count" -gt 0 ]]; then
             violations=$((violations + declare_a_count))
             violation_details="${violation_details}${filepath}: declare -A (${declare_a_count} occurrences)
@@ -990,7 +990,7 @@ run_atomic_write_check() {
 
         # Check for direct redirection writes (> file) in state/config paths
         local bad_writes
-        bad_writes=$(git show "HEAD:$filepath" 2>/dev/null | grep -c 'echo.*>' "$filepath" 2>/dev/null || true)
+        bad_writes=$(git show "HEAD:$filepath" 2>/dev/null | grep -c 'echo.*>' 2>/dev/null || echo "0")
 
         if [[ "$bad_writes" -gt 0 ]]; then
             violations=$((violations + bad_writes))

package/scripts/lib/pipeline-quality.sh

@@ -5,7 +5,7 @@ _PIPELINE_QUALITY_LOADED=1
 
 # Policy overrides when config/policy.json exists
 [[ -f "${SCRIPT_DIR:-}/lib/policy.sh" ]] && source "${SCRIPT_DIR:-}/lib/policy.sh"
-if type policy_get &>/dev/null 2>&1; then
+if type policy_get >/dev/null 2>&1; then
     PIPELINE_COVERAGE_THRESHOLD=$(policy_get ".pipeline.coverage_threshold_percent" "60")
     PIPELINE_QUALITY_GATE_THRESHOLD=$(policy_get ".pipeline.quality_gate_score_threshold" "70")
     QUALITY_COVERAGE_THRESHOLD=$(policy_get ".quality.coverage_threshold" "70")