shipwright-cli 2.3.1 → 3.0.0

package/scripts/sw-review-rerun.sh

@@ -0,0 +1,220 @@
+#!/usr/bin/env bash
+# ╔═══════════════════════════════════════════════════════════════════════════╗
+# ║  shipwright review-rerun — Canonical Rerun Comment Writer               ║
+# ║  SHA-deduped rerun requests · Single writer · No duplicate bot comments ║
+# ║  Part of the Code Factory pattern for deterministic agent review loops  ║
+# ╚═══════════════════════════════════════════════════════════════════════════╝
+set -euo pipefail
+trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
+
+VERSION="3.0.0"
+SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
+
+# shellcheck source=lib/compat.sh
+[[ -f "$SCRIPT_DIR/lib/compat.sh" ]] && source "$SCRIPT_DIR/lib/compat.sh"
+# shellcheck source=lib/helpers.sh
+[[ -f "$SCRIPT_DIR/lib/helpers.sh" ]] && source "$SCRIPT_DIR/lib/helpers.sh"
+[[ "$(type -t info 2>/dev/null)" == "function" ]]    || info()    { echo -e "\033[38;2;0;212;255m\033[1m▸\033[0m $*"; }
+[[ "$(type -t success 2>/dev/null)" == "function" ]] || success() { echo -e "\033[38;2;74;222;128m\033[1m✓\033[0m $*"; }
+[[ "$(type -t warn 2>/dev/null)" == "function" ]]    || warn()    { echo -e "\033[38;2;250;204;21m\033[1m⚠\033[0m $*"; }
+[[ "$(type -t error 2>/dev/null)" == "function" ]]   || error()   { echo -e "\033[38;2;248;113;113m\033[1m✗\033[0m $*" >&2; }
+if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
+  emit_event() {
+    local event_type="$1"; shift; mkdir -p "${HOME}/.shipwright"
+    local payload="{\"ts\":\"$(date -u +%Y-%m-%dT%H:%M:%SZ)\",\"type\":\"$event_type\""
+    while [[ $# -gt 0 ]]; do local key="${1%%=*}" val="${1#*=}"; payload="${payload},\"${key}\":\"${val}\""; shift; done
+    echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
+  }
+fi
+
+# Load marker from policy or use default
+get_rerun_marker() {
+    local policy="${REPO_DIR}/config/policy.json"
+    if [[ -f "$policy" ]]; then
+        jq -r '.codeReviewAgent.rerunMarker // "<!-- shipwright-review-rerun -->"' "$policy" 2>/dev/null
+    else
+        echo "<!-- shipwright-review-rerun -->"
+    fi
+}
+
+# Check if a rerun was already requested for this SHA on this PR
+rerun_already_requested() {
+    local pr_number="$1"
+    local head_sha="$2"
+    local marker
+    marker=$(get_rerun_marker)
+    local trigger="sha:${head_sha}"
+
+    local comments
+    comments=$(gh pr view "$pr_number" --json comments --jq '.comments[].body' 2>/dev/null || echo "")
+
+    if echo "$comments" | grep -qF "$marker" && echo "$comments" | grep -qF "$trigger"; then
+        return 0
+    fi
+    return 1
+}
+
+# Post a SHA-deduped rerun comment to a PR
+request_rerun() {
+    local pr_number="$1"
+    local head_sha="$2"
+    local review_agent="${3:-shipwright}"
+
+    if [[ -z "$pr_number" || -z "$head_sha" ]]; then
+        error "Usage: sw-review-rerun.sh request <pr_number> <head_sha> [review_agent]"
+        return 1
+    fi
+
+    local marker
+    marker=$(get_rerun_marker)
+    local trigger="sha:${head_sha}"
+    local short_sha="${head_sha:0:7}"
+
+    if rerun_already_requested "$pr_number" "$head_sha"; then
+        info "Rerun already requested for PR #${pr_number} at SHA ${short_sha} — skipping"
+        return 0
+    fi
+
+    local body="${marker}
+**Review Rerun Requested** (${short_sha})
+
+@${review_agent} please re-review this PR at the current head.
+
+${trigger}
+---
+*Canonical rerun request by Shipwright Code Factory. One writer, SHA-deduped.*"
+
+    if gh pr comment "$pr_number" --body "$body" 2>/dev/null; then
+        success "Rerun requested for PR #${pr_number} at SHA ${short_sha}"
+        emit_event "review.rerun_requested" "pr=${pr_number}" "head_sha=${short_sha}" "agent=${review_agent}"
+        return 0
+    else
+        error "Failed to post rerun comment on PR #${pr_number}"
+        return 1
+    fi
+}
+
+# Check current rerun state for a PR
+check_rerun_state() {
+    local pr_number="$1"
+
+    local head_sha
+    head_sha=$(gh pr view "$pr_number" --json headRefOid --jq '.headRefOid' 2>/dev/null || echo "")
+
+    if [[ -z "$head_sha" ]]; then
+        error "Could not get head SHA for PR #${pr_number}"
+        return 1
+    fi
+
+    local short_sha="${head_sha:0:7}"
+
+    if rerun_already_requested "$pr_number" "$head_sha"; then
+        info "Rerun already requested for current head ${short_sha}"
+    else
+        info "No rerun requested for current head ${short_sha}"
+    fi
+
+    echo "head_sha=${head_sha}"
+}
+
+# Wait for a review agent check to complete on the current head
+wait_for_review() {
+    local pr_number="$1"
+    local head_sha="$2"
+    local timeout_minutes="${3:-20}"
+
+    local policy="${REPO_DIR}/config/policy.json"
+    if [[ -f "$policy" ]]; then
+        timeout_minutes=$(jq -r ".codeReviewAgent.timeoutMinutes // ${timeout_minutes}" "$policy" 2>/dev/null || echo "$timeout_minutes")
+    fi
+
+    local short_sha="${head_sha:0:7}"
+    local deadline=$(($(date +%s) + timeout_minutes * 60))
+
+    info "Waiting for review completion on ${short_sha} (timeout: ${timeout_minutes}m)..."
+
+    while [[ $(date +%s) -lt "$deadline" ]]; do
+        local owner_repo
+        owner_repo=$(gh repo view --json nameWithOwner --jq '.nameWithOwner' 2>/dev/null || echo "")
+        [[ -z "$owner_repo" ]] && { warn "Cannot detect repo"; return 1; }
+
+        local review_checks
+        review_checks=$(gh api "repos/${owner_repo}/commits/${head_sha}/check-runs" \
+            --jq '.check_runs[] | select(.name | test("review|code.review"; "i")) | {name: .name, status: .status, conclusion: .conclusion}' 2>/dev/null || echo "")
+
+        if [[ -n "$review_checks" ]]; then
+            local all_complete="true"
+            local any_failure="false"
+            while IFS= read -r check; do
+                [[ -z "$check" ]] && continue
+                local status conclusion
+                status=$(echo "$check" | jq -r '.status' 2>/dev/null || echo "")
+                conclusion=$(echo "$check" | jq -r '.conclusion' 2>/dev/null || echo "")
+                if [[ "$status" != "completed" ]]; then
+                    all_complete="false"
+                fi
+                if [[ "$conclusion" == "failure" || "$conclusion" == "action_required" ]]; then
+                    any_failure="true"
+                fi
+            done <<< "$review_checks"
+
+            if [[ "$all_complete" == "true" ]]; then
+                if [[ "$any_failure" == "true" ]]; then
+                    error "Review check failed for SHA ${short_sha}"
+                    return 1
+                fi
+                success "Review check passed for SHA ${short_sha}"
+                return 0
+            fi
+        fi
+
+        sleep 30
+    done
+
+    error "Review timed out after ${timeout_minutes}m for SHA ${short_sha}"
+    return 1
+}
+
+show_help() {
+    cat << 'EOF'
+Usage: shipwright review-rerun <command> [args]
+
+Commands:
+  request <pr#> <sha> [agent]   Post SHA-deduped rerun comment
+  check <pr#>                   Check rerun state for current head
+  wait <pr#> <sha> [timeout]    Wait for review completion on SHA
+
+Part of the Code Factory pattern — single canonical rerun writer
+with SHA deduplication to prevent duplicate bot comments.
+EOF
+}
+
+main() {
+    local subcommand="${1:-help}"
+    shift || true
+
+    case "$subcommand" in
+        request)
+            request_rerun "$@"
+            ;;
+        check)
+            check_rerun_state "$@"
+            ;;
+        wait)
+            wait_for_review "$@"
+            ;;
+        help|--help|-h)
+            show_help
+            ;;
+        *)
+            error "Unknown subcommand: $subcommand"
+            show_help
+            return 1
+            ;;
+    esac
+}
+
+if [[ "${BASH_SOURCE[0]}" == "$0" ]]; then
+    main "$@"
+fi

package/scripts/sw-scale.sh

@@ -6,11 +6,11 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
 # ─── Dependency check ─────────────────────────────────────────────────────────
-if ! command -v jq &>/dev/null; then
+if ! command -v jq >/dev/null 2>&1; then
     echo "ERROR: sw-scale.sh requires 'jq'. Install with: brew install jq (macOS) or apt install jq (Linux)" >&2
     exit 1
 fi
@@ -39,16 +39,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Constants ──────────────────────────────────────────────────────────────
 SCALE_RULES_FILE="${HOME}/.shipwright/scale-rules.json"
 SCALE_EVENTS_FILE="${HOME}/.shipwright/scale-events.jsonl"
@@ -148,13 +138,19 @@ emit_scale_event() {
         '{ts: $ts, action: $action, role: $role, reason: $reason, context: $context}')
 
     echo "$event" >> "$SCALE_EVENTS_FILE"
-    type rotate_jsonl &>/dev/null 2>&1 && rotate_jsonl "$SCALE_EVENTS_FILE" 5000
+    type rotate_jsonl >/dev/null 2>&1 && rotate_jsonl "$SCALE_EVENTS_FILE" 5000
 }
 
 # ─── Scale Up: spawn new agent ───────────────────────────────────────────
 cmd_up() {
-    local role="${1:-builder}"
-    shift 2>/dev/null || true
+    local count="${1:-1}"
+    local role="${2:-builder}"
+
+    # Parse: "up builder" -> count=1 role=builder; "up 2 tester" -> count=2 role=tester
+    if ! [[ "$count" =~ ^[0-9]+$ ]]; then
+        role="$count"
+        count=1
+    fi
 
     ensure_dirs
     init_rules
@@ -178,43 +174,124 @@ cmd_up() {
     local max_size
     max_size=$(jq -r '.max_team_size // 8' "$SCALE_RULES_FILE")
 
-    info "Scaling up team with ${role} agent"
+    info "Scaling up team with ${count} ${role} agent(s)"
     echo -e "  Max team size: ${CYAN}${max_size}${RESET}"
     echo -e "  Role:          ${CYAN}${role}${RESET}"
     echo ""
 
-    # TODO: Integrate with tmux/SendMessage to spawn agent
-    # For now, emit event and log
-    emit_scale_event "up" "$role" "manual" "$*"
+    local repo_root
+    repo_root=$(git rev-parse --show-toplevel 2>/dev/null) || repo_root="$(cd "$SCRIPT_DIR/.." 2>/dev/null && pwd)"
+
+    if ! command -v tmux &>/dev/null; then
+        warn "tmux not available - cannot spawn agents"
+        echo "Install tmux to enable agent scaling: brew install tmux"
+        emit_scale_event "up" "$role" "manual" "tmux_unavailable"
+        update_scale_state
+        success "Scale-up event recorded (role: ${role})"
+        echo ""
+        echo -e "  ${DIM}Note: Actual agent spawn requires tmux (brew install tmux)${RESET}"
+        return 1
+    fi
+
+    for i in $(seq 1 "$count"); do
+        local agent_name="sw-agent-${role}-$(date +%s)-${i}"
+        local session_name="shipwright-${agent_name}"
+
+        # Spawn a real agent in a tmux session
+        tmux new-session -d -s "$session_name" \
+            "cd \"${repo_root}\" && SW_AGENT_ROLE=$role SW_AGENT_NAME=$agent_name bash scripts/sw-daemon.sh start --role $role 2>&1 | tee /tmp/sw-agent-${agent_name}.log" 2>/dev/null && {
+            emit_scale_event "up" "$role" "agent_started" "agent=$agent_name"
+            echo "Started agent $agent_name in tmux session $session_name"
+        } || {
+            warn "Failed to spawn agent $agent_name in tmux"
+        }
+    done
+
+    emit_scale_event "up" "$role" "manual" "count=$count"
     update_scale_state
 
-    success "Scale-up event recorded (role: ${role})"
+    success "Scale-up event recorded (role: ${role}, count: ${count})"
     echo ""
-    echo -e "  ${DIM}Note: Actual agent spawn requires tmux/claude integration${RESET}"
 }
 
 # ─── Scale Down: send shutdown to agent ──────────────────────────────────
 cmd_down() {
-    local agent_id="${1:-}"
-    shift 2>/dev/null || true
+    local first_arg="${1:-}"
+    local second_arg="${2:-}"
 
-    if [[ -z "$agent_id" ]]; then
-        error "Usage: shipwright scale down <agent-id>"
+    # Require at least one argument for backward compat (down <agent-id> or down <count> [role])
+    if [[ -z "$first_arg" ]]; then
+        error "Usage: shipwright scale down <agent-id|count> [role]"
         return 1
     fi
 
+    local count="$first_arg"
+    local role="$second_arg"
+
+    # Backward compat: "down agent-42" -> treat as session/agent identifier
+    if [[ -n "$count" ]] && [[ "$count" != *[0-9]* ]] || [[ "$count" == agent-* ]]; then
+        # Specific agent/session id
+        local session_pattern="*${count}*"
+        local sessions
+        sessions=$(tmux list-sessions -F '#{session_name}' 2>/dev/null | grep -E "shipwright|swarm" | grep -i "$count" || true)
+        if [[ -z "$sessions" ]]; then
+            emit_scale_event "down" "unknown" "manual" "agent_id=$count"
+            update_scale_state
+            success "Scale-down event recorded (agent: ${count})"
+            return 0
+        fi
+        local session
+        session=$(echo "$sessions" | head -1)
+        tmux kill-session -t "$session" 2>/dev/null && {
+            emit_scale_event "down" "unknown" "agent_stopped" "session=$session"
+            echo "Stopped agent session: $session"
+        }
+        emit_scale_event "down" "unknown" "manual" "agent_id=$count"
+        update_scale_state
+        success "Scale-down event recorded (agent: ${count})"
+        return 0
+    fi
+
+    # Numeric count
+    if ! [[ "$count" =~ ^[0-9]+$ ]]; then
+        count=1
+    fi
+
     ensure_dirs
     init_rules
 
-    info "Scaling down agent: ${agent_id}"
-    echo ""
+    # Find running agent sessions
+    local sessions
+    sessions=$(tmux list-sessions -F '#{session_name}' 2>/dev/null | grep '^shipwright-sw-agent\|^swarm-' || true)
 
-    # TODO: Integrate with SendMessage to shut down agent
-    emit_scale_event "down" "unknown" "manual" "agent_id=$agent_id"
-    update_scale_state
+    if [[ -z "$sessions" ]]; then
+        echo "No running agents to stop"
+        emit_scale_event "down" "unknown" "manual" "none_running"
+        update_scale_state
+        return 0
+    fi
 
-    success "Scale-down event recorded (agent: ${agent_id})"
-    echo -e "  ${DIM}Note: Agent shutdown requires SendMessage integration${RESET}"
+    local stopped=0
+    while IFS= read -r session; do
+        [[ "$stopped" -ge "$count" ]] && break
+        [[ -z "$session" ]] && continue
+
+        # Filter by role if specified
+        if [[ -n "$role" ]] && ! echo "$session" | grep -q "$role"; then
+            continue
+        fi
+
+        if tmux kill-session -t "$session" 2>/dev/null; then
+            stopped=$((stopped + 1))
+            emit_scale_event "down" "unknown" "agent_stopped" "session=$session"
+            echo "Stopped agent session: $session"
+        fi
+    done <<< "$sessions"
+
+    emit_scale_event "down" "unknown" "manual" "count=$stopped"
+    update_scale_state
+    echo "Stopped $stopped agent(s)"
+    success "Scale-down event recorded"
 }
 
 # ─── Manage scaling rules ────────────────────────────────────────────────

package/scripts/sw-security-audit.sh

@@ -6,7 +6,7 @@
 set -euo pipefail
 trap 'echo "ERROR: $BASH_SOURCE:$LINENO exited with status $?" >&2' ERR
 
-VERSION="2.3.1"
+VERSION="3.0.0"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 REPO_DIR="$(cd "$SCRIPT_DIR/.." && pwd)"
 
@@ -33,16 +33,6 @@ if [[ "$(type -t emit_event 2>/dev/null)" != "function" ]]; then
     echo "${payload}}" >> "${HOME}/.shipwright/events.jsonl"
   }
 fi
-CYAN="${CYAN:-\033[38;2;0;212;255m}"
-PURPLE="${PURPLE:-\033[38;2;124;58;237m}"
-BLUE="${BLUE:-\033[38;2;0;102;255m}"
-GREEN="${GREEN:-\033[38;2;74;222;128m}"
-YELLOW="${YELLOW:-\033[38;2;250;204;21m}"
-RED="${RED:-\033[38;2;248;113;113m}"
-DIM="${DIM:-\033[2m}"
-BOLD="${BOLD:-\033[1m}"
-RESET="${RESET:-\033[0m}"
-
 # ─── Audit State ───────────────────────────────────────────────────────────
 FINDINGS=()
 CRITICAL_COUNT=0
@@ -60,10 +50,10 @@ add_finding() {
 
     local color=""
     case "$priority" in
-        CRITICAL) color="$RED"; ((CRITICAL_COUNT++)) ;;
-        HIGH) color="$RED"; ((HIGH_COUNT++)) ;;
-        MEDIUM) color="$YELLOW"; ((MEDIUM_COUNT++)) ;;
-        LOW) color="$BLUE"; ((LOW_COUNT++)) ;;
+        CRITICAL) color="$RED"; CRITICAL_COUNT=$((CRITICAL_COUNT + 1)) ;;
+        HIGH) color="$RED"; HIGH_COUNT=$((HIGH_COUNT + 1)) ;;
+        MEDIUM) color="$YELLOW"; MEDIUM_COUNT=$((MEDIUM_COUNT + 1)) ;;
+        LOW) color="$BLUE"; LOW_COUNT=$((LOW_COUNT + 1)) ;;
     esac
 
     FINDINGS+=("${priority}|${category}|${title}|${description}|${remediation}")
@@ -133,7 +123,7 @@ scan_licenses() {
     [[ -f "$REPO_DIR/Cargo.toml" ]] && has_cargo=true
 
     # Check npm licenses
-    if $has_npm && command -v npm &>/dev/null; then
+    if $has_npm && command -v npm >/dev/null 2>&1; then
         while IFS= read -r line; do
             [[ "$line" =~ GPL|AGPL ]] && [[ ! "$line" =~ MIT|Apache|BSD ]] && \
                 add_finding "MEDIUM" "licenses" "GPL/AGPL dependency in npm project" \
@@ -173,10 +163,10 @@ scan_vulnerabilities() {
     local vuln_count=0
 
     # Check npm vulnerabilities
-    if [[ -f "$REPO_DIR/package.json" ]] && command -v npm &>/dev/null; then
+    if [[ -f "$REPO_DIR/package.json" ]] && command -v npm >/dev/null 2>&1; then
         while IFS= read -r line; do
             [[ -z "$line" ]] && continue
-            ((vuln_count++))
+            vuln_count=$((vuln_count + 1))
             add_finding "HIGH" "vulnerabilities" "npm security vulnerability" \
                 "Found npm audit issue: $line" \
                 "Run 'npm audit fix' to remediate. Update vulnerable dependencies. Re-test after updates."
@@ -184,11 +174,11 @@ scan_vulnerabilities() {
     fi
 
     # Check pip vulnerabilities
-    if [[ -f "$REPO_DIR/requirements.txt" ]] && command -v pip &>/dev/null; then
-        if command -v safety &>/dev/null; then
+    if [[ -f "$REPO_DIR/requirements.txt" ]] && command -v pip >/dev/null 2>&1; then
+        if command -v safety >/dev/null 2>&1; then
             while IFS= read -r line; do
                 [[ -z "$line" ]] && continue
-                ((vuln_count++))
+                vuln_count=$((vuln_count + 1))
                 add_finding "HIGH" "vulnerabilities" "Python package vulnerability" \
                     "Found via safety: $line" \
                     "Update vulnerable package. Test compatibility. Run safety check after updates."
@@ -210,7 +200,7 @@ generate_sbom() {
     local sbom='{"bomFormat":"CycloneDX","specVersion":"1.4","version":1,"components":[]}'
 
     # Add npm packages
-    if [[ -f "$REPO_DIR/package.json" ]] && command -v npm &>/dev/null; then
+    if [[ -f "$REPO_DIR/package.json" ]] && command -v npm >/dev/null 2>&1; then
         local npm_list
         npm_list=$(npm list --json 2>/dev/null || echo '{"dependencies":{}}')
         while IFS='=' read -r name version; do