npm - soloforge - Versions diffs - 1.4.2 → 1.4.4 - Mend

soloforge 1.4.2 → 1.4.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/dist/bin/soloforge.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"soloforge.d.ts","sourceRoot":"","sources":["../../src/bin/soloforge.ts"],"names":[],"mappings":";~~AA87BA~~,OAAO,EAAE,0BAA0B,EAAE,MAAM,gDAAgD,CAAC"}
1	+ {"version":3,"file":"soloforge.d.ts","sourceRoot":"","sources":["../../src/bin/soloforge.ts"],"names":[],"mappings":";AAqgCA,OAAO,EAAE,0BAA0B,EAAE,MAAM,gDAAgD,CAAC"}

package/dist/bin/soloforge.js CHANGED Viewed

@@ -174,7 +174,7 @@ async function main() {
   generate-trae       生成 .trae/mcp.json 和 .trae/rules/project_rules.md
   generate-codex      生成 .codex/ 配置和 AGENTS.md
   check-write         PreToolUse hook，用于范围检查（读取 stdin JSON）
-  check-bash          PreToolUse hook，阻止 Bash 直接篡改 .soloforge/state
+  check-bash          PreToolUse hook，阻止 Bash 直接篡改 .soloforge/state 或绕过受控任务写业务实现
   doctor              审计 MCP 控制面、适配器 hook、状态可信和恢复路径
   post-bash           PostToolUse hook，用于跟踪 Bash 执行结果
   validate            验证项目配置和知识文件（config.yaml 可选，缺失时自动推断）
@@ -698,61 +698,11 @@ async function cmdCheckWrite() {
         if (result.severity === "warning") {
             jsonSafeError(JSON.stringify(result));
         }
-        // 问题六十二: Claude Code 直接 Edit/Write 也必须遵守设计产物就绪门。
-        // 设计资产本身允许继续修订；非设计文件在产物包复验通过前禁止写入。
         const relativeFilePath = path.relative(projectRealPath, targetFilePath).replaceAll(path.sep, "/");
-        const isDesignArtifactFile = /^docs\/architecture\//.test(relativeFilePath) ||
-            /^docs\/api\/openapi\.(?:ya?ml|json)$/.test(relativeFilePath) ||
-            /^db\/(?:migrations|schema)\//.test(relativeFilePath);
-        if (!isDesignArtifactFile) {
-            const { TaskContextManager } = await import("../engine/task_context.js");
-            const stateDir = path.join(projectPath, ".soloforge", "state");
-            const implementationSource = isImplementationSourcePath(relativeFilePath);
-            if (fss.existsSync(stateDir)) {
-                const manager = new TaskContextManager(stateDir);
-                const currentTask = await manager.getCurrentTask();
-                const designPack = currentTask?.design_artifact_pack;
-                if (implementationSource && currentTask && ["classifying", "clarifying", "expanding"].includes(currentTask.status)) {
-                    process.stdout.write(JSON.stringify({
-                        hookSpecificOutput: {
-                            hookEventName: "PreToolUse",
-                            permissionDecision: "deny",
-                            permissionDecisionReason: `当前 SoloForge 任务仍处于 ${currentTask.status}，说明分类、澄清或意图膨胀未闭合。不得绕过 sf_expand 直接写业务实现；请先运行 soloforge next 或 sf_status action=archive_stale confirm=true 处理任务状态。`,
-                        },
-                    }));
-                    process.exit(0);
-                }
-                if (implementationSource && !currentTask && hasDesignArtifacts(projectPath)) {
-                    process.stdout.write(JSON.stringify({
-                        hookSpecificOutput: {
-                            hookEventName: "PreToolUse",
-                            permissionDecision: "deny",
-                            permissionDecisionReason: "检测到项目已有架构/详细/API/数据库设计产物，但当前没有受控 SoloForge 任务。不得绕过 sf_classify/sf_expand 直接写业务实现；请先运行 soloforge next 或通过 MCP 建立编码任务。",
-                        },
-                    }));
-                    process.exit(0);
-                }
-                if (implementationSource && currentTask && !designPack && hasDesignArtifacts(projectPath)) {
-                    process.stdout.write(JSON.stringify({
-                        hookSpecificOutput: {
-                            hookEventName: "PreToolUse",
-                            permissionDecision: "deny",
-                            permissionDecisionReason: "检测到项目已有设计产物，但当前任务缺少 design_artifact_pack 复验状态。不得直接写业务实现；请先运行 soloforge audit-design-artifacts，并通过 sf_expand/sf_verify 绑定设计产物包。",
-                        },
-                    }));
-                    process.exit(0);
-                }
-                if (designPack && designPack.status !== "implementation_ready") {
-                    process.stdout.write(JSON.stringify({
-                        hookSpecificOutput: {
-                            hookEventName: "PreToolUse",
-                            permissionDecision: "deny",
-                            permissionDecisionReason: `设计产物包状态为 ${designPack.status}，请先完善 docs/architecture、docs/api/openapi 或 db/migrations|schema 并通过复验，再写入业务实现`,
-                        },
-                    }));
-                    process.exit(0);
-                }
-            }
+        const implementationGateReason = await evaluateImplementationWriteGate(projectPath, relativeFilePath);
+        if (implementationGateReason) {
+            denyPreToolUse(implementationGateReason);
+            process.exit(0);
         }
         process.exit(0); // 允许
     }
@@ -790,6 +740,46 @@ function isImplementationSourcePath(relativeFilePath) {
         return false;
     return /\.(?:java|kt|kts|scala|ts|tsx|js|jsx|mjs|cjs|py|go|rs|php|rb|cs|swift|vue|svelte|sql|xml|yml|yaml|properties)$/.test(relativeFilePath);
 }
+function isDesignArtifactPath(relativeFilePath) {
+    return /^docs\/architecture\//.test(relativeFilePath) ||
+        /^docs\/api\/openapi\.(?:ya?ml|json)$/.test(relativeFilePath) ||
+        /^db\/(?:migrations|schema)\//.test(relativeFilePath);
+}
+function denyPreToolUse(reason) {
+    process.stdout.write(JSON.stringify({
+        hookSpecificOutput: {
+            hookEventName: "PreToolUse",
+            permissionDecision: "deny",
+            permissionDecisionReason: reason,
+        },
+    }));
+}
+async function evaluateImplementationWriteGate(projectPath, relativeFilePath) {
+    // 问题六十二/七十三: Edit/Write/Bash 都必须遵守同一编码前门禁。
+    // 设计资产本身允许继续修订；非设计业务实现文件在产物包复验通过前禁止写入。
+    if (isDesignArtifactPath(relativeFilePath) || !isImplementationSourcePath(relativeFilePath))
+        return undefined;
+    const stateDir = path.join(projectPath, ".soloforge", "state");
+    if (!fss.existsSync(stateDir))
+        return undefined;
+    const { TaskContextManager } = await import("../engine/task_context.js");
+    const manager = new TaskContextManager(stateDir);
+    const currentTask = await manager.getCurrentTask();
+    const designPack = currentTask?.design_artifact_pack;
+    if (currentTask && ["classifying", "clarifying", "expanding"].includes(currentTask.status)) {
+        return `当前 SoloForge 任务仍处于 ${currentTask.status}，说明分类、澄清或意图膨胀未闭合。不得绕过 sf_expand，不得取消/归档当前任务后改用 Bash/Edit/Write 直接写业务实现，也不得把 Bash 作为恢复路径。请先运行 soloforge next 查看阻断项；按返回的 auto_resolvable 或 recovery_command 补齐后重新 sf_expand。只有 soloforge next 明确判定 current-task 陈旧且用户确认时，才可运行 sf_status action=archive_stale confirm=true；归档后仍必须重新 sf_classify → sf_expand 建立受控编码任务。`;
+    }
+    if (!currentTask && hasDesignArtifacts(projectPath)) {
+        return "检测到项目已有架构/详细/API/数据库设计产物，但当前没有受控 SoloForge 任务。不得绕过 sf_classify/sf_expand 直接写业务实现，不得改用 Bash/Edit/Write 先写代码再补验证；请先运行 soloforge next 或通过 MCP 建立编码任务。";
+    }
+    if (currentTask && !designPack && hasDesignArtifacts(projectPath)) {
+        return "检测到项目已有设计产物，但当前任务缺少 design_artifact_pack 复验状态。不得取消任务后直接写业务实现，不得改用 Bash 绕过；请先运行 soloforge audit-design-artifacts，并通过 sf_expand/sf_verify 绑定设计产物包。";
+    }
+    if (designPack && designPack.status !== "implementation_ready") {
+        return `设计产物包状态为 ${designPack.status}，不得改用 Bash/Edit/Write 绕过设计复验；请先完善 docs/architecture、docs/api/openapi 或 db/migrations|schema 并通过复验，再写入业务实现`;
+    }
+    return undefined;
+}
 function hasDesignArtifacts(projectPath) {
     const candidates = [
         path.join(projectPath, "docs", "architecture", "00-架构决策记录.md"),
@@ -824,6 +814,68 @@ function extractBashCommand(rawInput) {
         return trimmed;
     }
 }
+function unquoteShellToken(token) {
+    if (!token)
+        return undefined;
+    const trimmed = token.trim();
+    if ((trimmed.startsWith("\"") && trimmed.endsWith("\"")) || (trimmed.startsWith("'") && trimmed.endsWith("'"))) {
+        return trimmed.slice(1, -1);
+    }
+    return trimmed;
+}
+function addShellPathToken(targets, token) {
+    const value = unquoteShellToken(token);
+    if (!value || value === "-" || value.startsWith("$"))
+        return;
+    targets.add(value.replace(/[),;]+$/, ""));
+}
+function addSourcePathTokens(targets, commandText) {
+    const pathTokenPattern = /"([^"]+\.(?:java|kt|kts|scala|ts|tsx|js|jsx|mjs|cjs|py|go|rs|php|rb|cs|swift|vue|svelte|sql|xml|ya?ml|properties))"|'([^']+\.(?:java|kt|kts|scala|ts|tsx|js|jsx|mjs|cjs|py|go|rs|php|rb|cs|swift|vue|svelte|sql|xml|ya?ml|properties))'|([^\s'";&|()<>]+\.(?:java|kt|kts|scala|ts|tsx|js|jsx|mjs|cjs|py|go|rs|php|rb|cs|swift|vue|svelte|sql|xml|ya?ml|properties))/gi;
+    for (const match of commandText.matchAll(pathTokenPattern)) {
+        addShellPathToken(targets, match[1] || match[2] || match[3]);
+    }
+}
+function extractBashWriteTargets(commandText) {
+    const command = commandText.replace(/\s+/g, " ").trim();
+    const targets = new Set();
+    const redirectionPattern = /(?:^|[^<])>>?\s*(?:"([^"]+)"|'([^']+)'|([^\s;&|]+))/g;
+    for (const match of command.matchAll(redirectionPattern)) {
+        addShellPathToken(targets, match[1] || match[2] || match[3]);
+    }
+    const teePattern = /(?:^|[\s;&|()])tee\s+(?:-[A-Za-z]+\s+)*(?:"([^"]+)"|'([^']+)'|([^\s;&|]+))/g;
+    for (const match of command.matchAll(teePattern)) {
+        addShellPathToken(targets, match[1] || match[2] || match[3]);
+    }
+    const writeApiPattern = /(?:writeFileSync|writeFile|write_text)\s*\(\s*["']([^"']+)["']/g;
+    for (const match of command.matchAll(writeApiPattern)) {
+        addShellPathToken(targets, match[1]);
+    }
+    const pythonOpenWritePattern = /open\s*\(\s*["']([^"']+)["']\s*,\s*["'][^"']*[wa+][^"']*["']/g;
+    for (const match of command.matchAll(pythonOpenWritePattern)) {
+        addShellPathToken(targets, match[1]);
+    }
+    const pathlibWritePattern = /(?:Path|pathlib\.Path)\s*\(\s*["']([^"']+)["']\s*\)\.write_text/g;
+    for (const match of command.matchAll(pathlibWritePattern)) {
+        addShellPathToken(targets, match[1]);
+    }
+    const mutatingCommandPattern = /(?:^|[\s;&|()])(?:rm|mv|cp|touch|chmod|chown)\b/i;
+    const inPlaceEditPattern = /(?:^|[\s;&|()])(?:(?:g?sed)\s+[^;&|]*\s-i\b|perl\s+[^;&|]*\s-pi\b)/i;
+    if (mutatingCommandPattern.test(command) || inPlaceEditPattern.test(command)) {
+        addSourcePathTokens(targets, command);
+    }
+    return [...targets];
+}
+function resolveProjectRelativeTarget(projectPath, targetPath) {
+    const rawTargetFilePath = path.isAbsolute(targetPath) ? path.normalize(targetPath) : path.resolve(projectPath, targetPath);
+    const projectRealPath = fss.realpathSync(projectPath);
+    const targetFilePath = rawTargetFilePath === projectPath || rawTargetFilePath.startsWith(projectPath + path.sep)
+        ? path.join(projectRealPath, path.relative(projectPath, rawTargetFilePath))
+        : rawTargetFilePath;
+    const relativeFilePath = path.relative(projectRealPath, targetFilePath).replaceAll(path.sep, "/");
+    if (relativeFilePath === "" || relativeFilePath.startsWith("../") || path.isAbsolute(relativeFilePath))
+        return undefined;
+    return relativeFilePath;
+}
 async function cmdCheckBash() {
     debugLog("CLI: 执行 cmdCheckBash");
     try {
@@ -834,13 +886,19 @@ async function cmdCheckBash() {
         const stdin = Buffer.concat(chunks).toString();
         const commandText = extractBashCommand(stdin || args.join(" "));
         if (isSoloforgeStateBypassCommand(commandText)) {
-            process.stdout.write(JSON.stringify({
-                hookSpecificOutput: {
-                    hookEventName: "PreToolUse",
-                    permissionDecision: "deny",
-                    permissionDecisionReason: "禁止通过 Bash 直接修改 .soloforge/state；请使用 SoloForge MCP 工具，例如 sf_status action=archive_stale confirm=true。",
-                },
-            }));
+            denyPreToolUse("禁止通过 Bash 直接修改 .soloforge/state；请使用 SoloForge MCP 工具，例如 sf_status action=archive_stale confirm=true。");
+            process.exit(0);
+        }
+        const projectPath = resolveProjectPath();
+        for (const target of extractBashWriteTargets(commandText)) {
+            const relativeTarget = resolveProjectRelativeTarget(projectPath, target);
+            if (!relativeTarget)
+                continue;
+            const implementationGateReason = await evaluateImplementationWriteGate(projectPath, relativeTarget);
+            if (implementationGateReason) {
+                denyPreToolUse(`禁止通过 Bash 直接写业务实现文件 ${relativeTarget}；${implementationGateReason}`);
+                process.exit(0);
+            }
         }
         process.exit(0);
     }
@@ -1494,6 +1552,12 @@ async function cmdAuditDesignArtifacts() {
         userInfo(`  hard_fail: ${result.findings.filter((finding) => finding.severity === "hard_fail").length}`);
         for (const finding of result.findings) {
             userInfo(`  ${finding.severity === "hard_fail" ? "❌" : "⚠️"} [${finding.code}] ${finding.message_zh}`);
+            if (finding.template_path)
+                userInfo(`     模板: ${finding.template_path}`);
+            if (finding.recovery_command)
+                userInfo(`     命令: ${finding.recovery_command}`);
+            if (finding.recovery_zh)
+                userInfo(`     恢复: ${finding.recovery_zh}`);
         }
         if (result.passed)
             userInfo("✅ 设计产物包复验通过，可作为后续实现输入");