vibe-forge 0.4.0 → 0.8.2

package/src/lib/heimdall.js

@@ -0,0 +1,265 @@
+#!/usr/bin/env node
+/**
+ * Heimdall -- Forge worker pre-tool hook interceptor (PLAT-1)
+ *
+ * Guards the Bifrost: intercepts every tool call before execution,
+ * checks it against per-task policy, and blocks or allows.
+ *
+ * Registered as a PreToolUse hook via .claude/settings.local.json
+ * written by the forge daemon at worker startup.
+ *
+ * Exit codes:
+ *   0 -- allow (optionally with audit log entry)
+ *   2 -- block (explanation written to stdout, fed back to model)
+ *
+ * Context file (.context.json in process.cwd()) is written by the forge
+ * daemon alongside each inbox task. If absent, Heimdall exits 0 immediately
+ * -- forge-native tasks are not restricted.
+ */
+
+'use strict'
+
+const fs = require('fs')
+const path = require('path')
+
+// ── Input ─────────────────────────────────────────────────────────────────────
+
+let input
+try {
+  input = JSON.parse(fs.readFileSync(0, 'utf8'))
+} catch (e) {
+  // Malformed input -- allow and exit rather than blocking the worker
+  process.exit(0)
+}
+
+const { tool_name, tool_input } = input
+
+// ── Context file ──────────────────────────────────────────────────────────────
+
+const contextPath = path.join(process.cwd(), '.context.json')
+
+// No context file = forge-native task. Heimdall does not restrict forge-native work.
+if (!fs.existsSync(contextPath)) {
+  process.exit(0)
+}
+
+let ctx
+try {
+  ctx = JSON.parse(fs.readFileSync(contextPath, 'utf8'))
+} catch (e) {
+  // Unreadable context -- fail open to avoid blocking forge-native work
+  process.exit(0)
+}
+
+const {
+  story_id,
+  agent,
+  worktree_path,
+  has_db_migration,
+  allowed_paths,
+  escalation_dir,
+  audit_log: ctxAuditLog,
+} = ctx
+
+// ── Logging ───────────────────────────────────────────────────────────────────
+
+const AUDIT_LOG = ctxAuditLog
+  || path.join(process.cwd(), '_vibe-chain-output', 'heimdall-audit.log')
+
+const MAX_VIOLATIONS = parseInt(process.env.HEIMDALL_MAX_VIOLATIONS || '3', 10)
+
+// Violation tracking lives in the worktree root (process.cwd())
+const VIOLATION_FILE = path.join(process.cwd(), `.${story_id}.violations`)
+
+// Escalation signal written to the inbox agent dir so the daemon detects it
+const ESCALATION_DIR = escalation_dir || process.cwd()
+
+function timestamp() {
+  return new Date().toISOString()
+}
+
+function audit(level, message) {
+  const line = `[${timestamp()}] HEIMDALL ${level} ${agent}/${story_id}: ${message}\n`
+  try {
+    const dir = path.dirname(AUDIT_LOG)
+    if (!fs.existsSync(dir)) fs.mkdirSync(dir, { recursive: true })
+    fs.appendFileSync(AUDIT_LOG, line)
+  } catch (_) {
+    // Audit log write failure must never block or crash the hook
+  }
+}
+
+function block(reason) {
+  audit('BLOCKED', reason)
+
+  // Track violations
+  let violations = 0
+  try {
+    if (fs.existsSync(VIOLATION_FILE)) {
+      violations = parseInt(fs.readFileSync(VIOLATION_FILE, 'utf8').trim(), 10) || 0
+    }
+  } catch (_) {}
+
+  violations++
+
+  try {
+    fs.writeFileSync(VIOLATION_FILE, String(violations))
+  } catch (_) {}
+
+  if (violations >= MAX_VIOLATIONS) {
+    // Sound the Gjallarhorn
+    const escalationFile = path.join(ESCALATION_DIR, `${story_id}.escalation`)
+    try {
+      fs.writeFileSync(escalationFile, JSON.stringify({
+        story_id,
+        agent,
+        violations,
+        last_reason: reason,
+        timestamp: timestamp(),
+      }, null, 2))
+    } catch (_) {}
+
+    audit('SOUNDED', `${violations} violations -- escalating to human review`)
+
+    console.log(
+      `[HEIMDALL] Action blocked: ${reason}\n` +
+      `[HEIMDALL] GJALLARHORN SOUNDED: ${violations} violations recorded.\n` +
+      `[HEIMDALL] Story ${story_id} has been escalated to human review. Stop working on this story.`
+    )
+  } else {
+    console.log(
+      `[HEIMDALL] Action blocked: ${reason}\n` +
+      `[HEIMDALL] Violation ${violations}/${MAX_VIOLATIONS}. Self-correct and continue.`
+    )
+  }
+
+  process.exit(2)
+}
+
+function allow(note) {
+  if (note) audit('ALLOWED', note)
+  process.exit(0)
+}
+
+// ── Path helpers ──────────────────────────────────────────────────────────────
+
+function isOutsideAllowedPaths(targetPath) {
+  if (!targetPath) return false
+  try {
+    const resolved = path.resolve(targetPath)
+    return !allowed_paths.some(p => resolved.startsWith(path.resolve(p)))
+  } catch (_) {
+    return true // Unresolvable path -- treat as outside
+  }
+}
+
+// ── Bash tool checks ──────────────────────────────────────────────────────────
+
+if (tool_name === 'Bash') {
+  const cmd = (tool_input && tool_input.command || '').trim()
+
+  // Destructive rm -- check if target escapes worktree
+  if (/rm\s+-[a-zA-Z]*r[a-zA-Z]*f|-[a-zA-Z]*f[a-zA-Z]*r/.test(cmd) && /\brm\b/.test(cmd)) {
+    // Extract everything after the flags as the target
+    const rmMatch = cmd.match(/rm\s+(?:-\S+\s+)(.+)/)
+    const rmTarget = rmMatch ? rmMatch[1].trim().replace(/^['"]|['"]$/g, '') : ''
+
+    const isRootTarget = /^(\/|~)/.test(rmTarget) || rmTarget === '' || rmTarget.includes('..')
+    const isOutside = !rmTarget || isRootTarget || isOutsideAllowedPaths(rmTarget)
+
+    if (isOutside) {
+      block(`destructive rm outside worktree: ${cmd}`)
+    }
+  }
+
+  // Credential access
+  if (/\.(env|pem|key|cert)\b/.test(cmd) && !/\.env\.(example|sample|template)/.test(cmd)) {
+    block(`credential file access: ${cmd}`)
+  }
+  if (/~\/\.(ssh|aws|gnupg)\b/.test(cmd)) {
+    block(`credential directory access: ${cmd}`)
+  }
+  // Echoing or exporting secrets (but not reading them as part of build)
+  if (/(echo|printf|export)\s+.*\b(TOKEN|SECRET|PASSWORD|API_KEY)\s*=/.test(cmd)) {
+    block(`credential assignment in shell: ${cmd}`)
+  }
+
+  // Dangerous git operations
+  if (/git\s+push\b.*--force(-with-lease)?/.test(cmd)) {
+    block(`force push blocked: ${cmd}`)
+  }
+  if (/git\s+reset\s+--hard\s+HEAD~[2-9]/.test(cmd)) {
+    block(`multi-commit hard reset blocked: ${cmd}`)
+  }
+  if (/git\s+clean\s+-[a-zA-Z]*f[a-zA-Z]*d|-[a-zA-Z]*d[a-zA-Z]*f/.test(cmd) && /\bgit\b/.test(cmd)) {
+    block(`git clean -fd blocked: ${cmd}`)
+  }
+  // Push to a non-origin remote (e.g. git push upstream)
+  if (/git\s+push\s+(?!origin\b)(\S+)/.test(cmd)) {
+    const remoteMatch = cmd.match(/git\s+push\s+(\S+)/)
+    if (remoteMatch && remoteMatch[1] !== 'origin' && !remoteMatch[1].startsWith('-')) {
+      block(`push to non-origin remote blocked: ${cmd}`)
+    }
+  }
+  // Direct push to main/master — all changes must go through PRs
+  if (/git\s+push\b/.test(cmd) && /\b(main|master)\b/.test(cmd)) {
+    block(`direct push to main/master blocked — create a feature branch and open a PR`)
+  }
+
+  // DB destructive operations without authorization
+  if (/(DROP\s+TABLE|TRUNCATE\s+TABLE)/i.test(cmd) && !has_db_migration) {
+    block(`DROP/TRUNCATE requires has_db_migration: true on the story`)
+  }
+  if (/DELETE\s+FROM\s+\S+\s*;?\s*$/i.test(cmd) && !/WHERE\s+/i.test(cmd)) {
+    block(`DELETE without WHERE clause blocked: ${cmd}`)
+  }
+
+  // High-risk but legitimate -- audit log only
+  if (/\b(npm|yarn|pnpm)\s+(install|add|ci)\b/.test(cmd)) {
+    allow(`dependency install: ${cmd}`)
+  }
+  if (/\b(pip|pip3)\s+install\b/.test(cmd)) {
+    allow(`pip install: ${cmd}`)
+  }
+  if (/\bcargo\s+(build|install)\b/.test(cmd)) {
+    allow(`cargo build: ${cmd}`)
+  }
+  if (/\b(curl|wget)\b/.test(cmd)) {
+    allow(`network request: ${cmd}`)
+  }
+  if (/git\s+commit\s+--amend/.test(cmd)) {
+    allow(`git commit --amend`)
+  }
+}
+
+// ── Write / Edit tool checks ──────────────────────────────────────────────────
+
+if (tool_name === 'Write' || tool_name === 'Edit') {
+  const filePath = tool_input && (tool_input.file_path || tool_input.path) || ''
+
+  if (filePath) {
+    // Credential files
+    if (/\.(env|pem|key|cert)$/.test(filePath) && !/\.(example|sample|template)$/.test(filePath)) {
+      block(`write to credential file: ${filePath}`)
+    }
+
+    // Settings that could override Heimdall
+    if (/\.claude[/\\]settings(\.local)?\.json$/.test(filePath)) {
+      block(`write to .claude/settings blocked -- Heimdall config is daemon-managed`)
+    }
+
+    // Path escape check
+    if (isOutsideAllowedPaths(filePath)) {
+      block(`path escape: ${filePath} is outside allowed paths`)
+    }
+
+    // Pipeline output writes -- allowed but logged
+    if (filePath.includes('_vibe-chain-output')) {
+      allow(`pipeline output write: ${filePath}`)
+    }
+  }
+}
+
+// ── Default: allow ────────────────────────────────────────────────────────────
+
+allow(null)

package/src/lib/index.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+#
+# src/lib/index.sh
+#
+# Central entry point for sourcing common libraries.
+# Scripts source this instead of individually sourcing each lib.
+#
+# Usage: source "$LIB_DIR/index.sh"
+
+# Prevent double-sourcing
+[[ -n "${_LIB_INDEX_LOADED:-}" ]] && return 0
+_LIB_INDEX_LOADED=1
+
+_LIB_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
+
+# Core libraries (order matters: colors first, then constants, then the rest)
+source "$_LIB_DIR/colors.sh"
+source "$_LIB_DIR/constants.sh"
+source "$_LIB_DIR/json.sh"
+source "$_LIB_DIR/util.sh"
+
+# Optional libraries (sourced on demand by scripts that need them)
+# source "$_LIB_DIR/config.sh"    # Agent config loading
+# source "$_LIB_DIR/agents.sh"    # Agent resolution
+# source "$_LIB_DIR/database.sh"  # SQLite operations (daemon only)

package/{bin → src}/lib/json.sh

@@ -102,7 +102,13 @@ json_read_multi() {
 # Reads all keys from a JSON file and outputs key=value lines.
 # Useful for loading all config values at once.
 #
-# Example: eval "$(json_read_all config.json | sed 's/^/export /')"
+# SECURITY WARNING: Do NOT use this function with eval on untrusted JSON files.
+# JSON key names are NOT validated or escaped - a malicious key name like
+# "FOO=1; evil_command; export BAR" would result in arbitrary code execution.
+# Only use with fully trusted, version-controlled config files.
+#
+# Safe usage (read individual values): json_read FILE KEY
+# Unsafe pattern to avoid: eval "$(json_read_all untrusted.json | sed 's/^/export /')"
 json_read_all() {
     local file="$1"
 

package/{bin → src}/lib/terminal.js

@@ -142,11 +142,16 @@ function getBestTerminal() {
 // =============================================================================
 
 function spawnWindowsTerminal(title, command, opts = {}) {
-  const { cwd, tabColor } = opts;
+  const { cwd, tabColor, suppressApplicationTitle = true } = opts;
 
   // Build wt arguments
   const args = ['-w', '0', 'new-tab', '--title', title];
 
+  // FORGE-9: Prevent the spawned process from overwriting the tab title
+  if (suppressApplicationTitle) {
+    args.push('--suppressApplicationTitle');
+  }
+
   if (tabColor) {
     args.push('--tabColor', tabColor);
   }
@@ -436,6 +441,7 @@ module.exports = {
   detectTerminals,
   getBestTerminal,
   spawnTerminal,
+  findGitBash,
   TERMINALS,
   getPlatform,
 };

package/.claude/settings.local.json

@@ -1,33 +0,0 @@
-{
-  "permissions": {
-    "allow": [
-      "Bash(ls:*)",
-      "Bash(git pull:*)",
-      "Bash(npm view:*)",
-      "Bash(gh run list:*)",
-      "Bash(gh run view:*)",
-      "Bash(gh secret list:*)",
-      "Bash(git add:*)",
-      "Bash(git commit:*)",
-      "Bash(gh workflow run:*)",
-      "Bash(gh repo view:*)",
-      "Bash(git push:*)",
-      "Bash(sqlite3:*)",
-      "Bash(npm test)",
-      "Bash(git rm:*)"
-    ]
-  },
-  "hooks": {
-    "Stop": [
-      {
-        "matcher": "",
-        "hooks": [
-          {
-            "type": "command",
-            "command": "node .claude/hooks/worker-loop.js"
-          }
-        ]
-      }
-    ]
-  }
-}

package/agents/forge-master/capabilities.md

@@ -1,144 +0,0 @@
-# Forge Master Capabilities
-
-## Tools & Commands
-
-### Task Management
-
-| Command | Description | Example |
-|---------|-------------|---------|
-| `/forge task:create` | Create a new task file | `/forge task:create --type=backend --title="Add auth endpoint"` |
-| `/forge task:assign` | Assign task to agent | `/forge task:assign task-021 furnace` |
-| `/forge task:status` | Get status of task(s) | `/forge task:status` or `/forge task:status task-021` |
-| `/forge task:block` | Mark task as blocked | `/forge task:block task-022 --reason="Awaiting API spec"` |
-| `/forge task:unblock` | Unblock a task | `/forge task:unblock task-022` |
-| `/forge task:priority` | Change task priority | `/forge task:priority task-021 critical` |
-
-### Agent Coordination
-
-| Command | Description | Example |
-|---------|-------------|---------|
-| `/forge agents` | List all agents and status | `/forge agents` |
-| `/forge agent:wake` | Spin up an agent terminal | `/forge agent:wake anvil` |
-| `/forge agent:status` | Check specific agent status | `/forge agent:status furnace` |
-| `/forge agent:notify` | Send message to agent | `/forge agent:notify anvil "task-015 priority elevated"` |
-
-### Progress & Reporting
-
-| Command | Description | Example |
-|---------|-------------|---------|
-| `/forge status` | Full forge status dashboard | `/forge status` |
-| `/forge progress` | Progress on current epic | `/forge progress epic-003` |
-| `/forge blockers` | List all current blockers | `/forge blockers` |
-| `/forge today` | Summary of today's activity | `/forge today` |
-
-### Epic & Planning
-
-| Command | Description | Example |
-|---------|-------------|---------|
-| `/forge epic:decompose` | Break epic into tasks | `/forge epic:decompose epic-003` |
-| `/forge epic:status` | Epic completion status | `/forge epic:status epic-003` |
-
----
-
-## File Operations
-
-### Task Lifecycle Management
-
-```
-READ:  /tasks/*/task-*.md           # Monitor all task states
-WRITE: /tasks/pending/*.md          # Create new tasks
-MOVE:  /tasks/{from}/* → /tasks/{to}/*  # Transition task states
-```
-
-### Directories Monitored
-
-| Directory | Watches For | Action |
-|-----------|-------------|--------|
-| `/tasks/completed/` | New completions | Route to Sentinel |
-| `/tasks/needs-changes/` | Review rejections | Re-assign to original worker |
-| `/tasks/approved/` | Review passes | Move to merged, notify Planning Hub |
-
----
-
-## Decision Matrix
-
-### Task Assignment Logic
-
-```
-IF task.type == "frontend" OR task.type == "component" OR task.type == "ui"
-  → Assign to Anvil
-
-IF task.type == "backend" OR task.type == "api" OR task.type == "database"
-  → Assign to Furnace
-
-IF task.type == "test" OR task.type == "qa" OR task.type == "bugfix"
-  → Assign to Crucible
-
-IF task.type == "docs" OR task.type == "readme" OR task.type == "api-docs"
-  → Assign to Scribe
-
-IF task.type == "release" OR task.type == "deploy" OR task.type == "changelog"
-  → Assign to Herald
-
-IF task.type == "review"
-  → Assign to Sentinel (automatic for all completed work)
-
-IF task.type == "devops" OR task.type == "infra" OR task.type == "ci-cd"
-  → Assign to Ember
-
-IF task.type == "security" OR task.type == "audit"
-  → Assign to Aegis
-```
-
-### Priority Levels
-
-| Priority | Meaning | SLA |
-|----------|---------|-----|
-| `critical` | Blocking other work | Immediate |
-| `high` | Sprint commitment | Today |
-| `medium` | Sprint goal | This sprint |
-| `low` | Nice to have | When available |
-
----
-
-## Integration Points
-
-### Inputs (Forge Master Receives)
-- Epic files from Planning Hub (`/specs/epics/*.md`)
-- Completion signals from Workers (`/tasks/completed/*.md`)
-- Review results from Sentinel (`/tasks/approved/*.md` or `/tasks/needs-changes/*.md`)
-- Blocker escalations from Workers
-- Priority changes from Quartermaster
-
-### Outputs (Forge Master Produces)
-- Task files for Workers (`/tasks/pending/*.md`)
-- Status reports for Planning Hub
-- Notifications to specific agents
-- Progress updates to Dashboard
-
----
-
-## State Management
-
-### Forge Master Maintains
-
-```yaml
-# /context/forge-state.yaml
-current_epic: epic-003
-tasks_pending: 5
-tasks_in_progress: 3
-tasks_blocked: 1
-tasks_in_review: 2
-tasks_completed_today: 7
-agents_active:
-  - anvil
-  - furnace
-  - crucible
-last_updated: 2026-01-11T14:30:00Z
-```
-
-### Does NOT Maintain
-- Code state (that's git)
-- Test results (that's Crucible)
-- Release state (that's Herald)
-- Architecture decisions (that's Sage)

package/agents/forge-master/context-template.md

@@ -1,128 +0,0 @@
-# Forge Master Session Context
-
-You are the **Forge Master** - chief orchestrator of Vibe Forge.
-
-## Your Identity
-
-Load and embody: `/_vibe-forge/agents/forge-master/personality.md`
-
-## Your Capabilities
-
-Reference: `/_vibe-forge/agents/forge-master/capabilities.md`
-
----
-
-## Current Project Context
-
-Load project context from: `/_vibe-forge/context/project-context.md`
-
-This file contains:
-- Project name and description
-- Tech stack and patterns
-- Coding standards
-- Key architectural decisions
-- File structure conventions
-
-**This is your bible. All task instructions must align with project context.**
-
----
-
-## Current State
-
-On session start, read:
-
-- `/_vibe-forge/context/forge-state.yaml` - Current task counts and active agents
-- `/_vibe-forge/tasks/in-progress/*.md` - What's currently being worked on
-- `/_vibe-forge/tasks/pending/*.md` - What's in the queue
-- `/_vibe-forge/tasks/review/*.md` - What's awaiting Sentinel
-
----
-
-## Agent Roster
-
-| Agent | Specialization | Terminal |
-|-------|---------------|----------|
-| **Anvil** | Frontend Dev | Tab 2 |
-| **Furnace** | Backend Dev | Tab 3 |
-| **Crucible** | Tester/QA | Tab 4 |
-| **Sentinel** | Code Reviewer | Tab 5 |
-| **Scribe** | Documentation | On-demand |
-| **Herald** | Release Manager | On-demand |
-| **Ember** | DevOps/Infra | On-demand |
-| **Aegis** | Security | On-demand |
-
-Planning Hub agents (Sage, Oracle, Quartermaster) operate in Adam's main terminal.
-
----
-
-## Communication Protocol
-
-### To Workers (via task files)
-- Write task to `/tasks/pending/task-{id}.md`
-- Worker picks up automatically via file watcher
-- **Do NOT send conversational messages** - task file is the interface
-
-### To Planning Hub (via stdout)
-- Report status updates directly in conversation
-- Escalate blockers that require decisions
-- Request clarification on requirements
-
-### To Dashboard (via state file)
-- Update `/context/forge-state.yaml` after state changes
-- Dashboard polls this file for display
-
----
-
-## Session Startup Checklist
-
-1. Read `forge-state.yaml` to understand current state
-2. Scan `/tasks/in-progress/` for active work
-3. Check `/tasks/completed/` for anything needing routing to review
-4. Check `/tasks/needs-changes/` for rejected work needing re-assignment
-5. Report status summary to Adam
-6. Await instructions
-
----
-
-## Token Efficiency Rules
-
-1. **Never restate project context** - it's in the file
-2. **Reference file paths** - don't paste file contents into conversation
-3. **Batch status updates** - one message per reporting cycle, not per task
-4. **Assume workers read task files** - don't duplicate instructions verbally
-5. **Exception-based reporting** - only surface problems, not smooth operations
-
----
-
-## Example Session Start
-
-```
-⚒️ The Forge Master awakens.
-
-Current State:
-- Epic: epic-003 (User Authentication)
-- Progress: 7/12 tasks complete
-- Active: Anvil (task-019), Furnace (task-020)
-- Blocked: task-022 (awaiting API spec)
-- Review Queue: 2 tasks pending Sentinel
-
-The forge is operational. What are your orders?
-```
-
----
-
-## Slash Commands Reference
-
-All commands prefixed with `/forge`:
-
-```
-/forge status          - Full dashboard
-/forge task:create     - New task
-/forge task:assign     - Assign to agent
-/forge task:status     - Task details
-/forge agents          - Agent status
-/forge blockers        - Current blockers
-/forge progress        - Epic progress
-```
-
-See `capabilities.md` for full command reference.