higpertext-cli 0.8.0__py3-none-any.whl

higpertext/kernel/application/environment_manager.py

@@ -0,0 +1,154 @@
+"""higpertext Environment Manager — initializes and manages environment context (Application)."""
+
+import os
+import sys
+import json
+import shutil
+import datetime
+from pathlib import Path
+from higpertext.kernel.config_paths import WORKSPACE_DIR_NAME
+
+from higpertext.kernel.infrastructure.logger import get_logger
+_log = get_logger()
+
+# Adjusting parents[2] to parents[3] since the file is now in application/
+_MODEL_DEFAULTS_FILE = Path(__file__).parents[3] / "config" / "environments" / "model_defaults.json"
+
+
+def load_model_defaults() -> dict:
+    """Carga model_config desde src/config/environments/model_defaults.json."""
+    try:
+        return json.loads(_MODEL_DEFAULTS_FILE.read_text(encoding="utf-8")).get("model_config", {})
+    except (OSError, json.JSONDecodeError):
+        return {}
+
+
+class EnvironmentManager:
+    """Gestiona la inicialización y persistencia del contexto del entorno
+    en .higpertext/environment.json."""
+
+    def __init__(self, target_dir: Path):
+        self.target_dir = target_dir
+        self.higpertext_dir = target_dir / WORKSPACE_DIR_NAME
+        self.env_file = self.higpertext_dir / "config" / "environment.json"
+
+    def is_initialized(self) -> bool:
+        """Verifica si el proyecto ya ha sido inicializado por higpertext."""
+        return self.env_file.exists()
+
+    def load_environment(self) -> dict:
+        """Carga los metadatos y variables del entorno desde el archivo JSON."""
+        if not self.is_initialized():
+            return {}
+        try:
+            return json.loads(self.env_file.read_text(encoding="utf-8"))
+        except (OSError, json.JSONDecodeError) as e:
+            _log.warning(f"[!] Error leyendo {self.env_file}: {e}")
+            return {}
+
+    def save_environment(self, data: dict) -> None:
+        """Guarda los metadatos y variables de entorno en el archivo JSON."""
+        self.higpertext_dir.mkdir(parents=True, exist_ok=True)
+        self.env_file.parent.mkdir(parents=True, exist_ok=True)
+        self.env_file.write_text(json.dumps(data, indent=4, ensure_ascii=False), encoding="utf-8")
+        _log.ok(f"[*] Entorno guardado exitosamente en: {self.env_file}")
+
+    def _merge_list(self, existing: dict, key: str, new_val: str, fallback: str) -> list:
+        """Fusiona listas únicas preservando valores previos."""
+        result = list(existing.get(key, []))
+        legacy = existing.get(key[:-1])  # e.g. "assistant" from "assistants"
+        if legacy and legacy not in result:
+            result.append(legacy)
+        if new_val and new_val not in result:
+            result.append(new_val)
+        return result or [fallback]
+
+    # Campos que el kernel gestiona — no se propagan desde existing al merge final
+    _MANAGED_KEYS = {
+        "schema_version",
+        "project_name",
+        "initialized_at",
+        "last_updated",
+        "assistants",
+        "assistant",
+        "active_profiles",
+        "active_profile",
+        "system_environment",
+        "variables",
+        "wikis",
+        "model_config",
+    }
+
+    def initialize_environment(self, profile_name: str, assistant: str) -> dict:
+        """Inicializa o actualiza el archivo de entorno capturando variables clave del sistema."""
+        existing = self.load_environment()
+        existing_vars = existing.get("variables", {})
+
+        assistants = self._merge_list(existing, "assistants", assistant, "gemini")
+        active_profiles = self._merge_list(existing, "active_profiles", profile_name, "ado_admin")
+
+        org_url = os.getenv(
+            "ADO_ORG_URL",
+            existing_vars.get("organization_url"),
+        )
+        guidelines_source = os.getenv(
+            "HIGPERTEXT_GUIDELINES_SOURCE", existing_vars.get("guidelines_source")
+        )
+        _reserved_vars = {
+            "default_branch",
+            "repository_id",
+            "repo_id",
+            "organization_url",
+            "guidelines_source",
+        }
+        variables = {
+            "default_branch": existing_vars.get("default_branch", "main"),
+            "repository_id": existing_vars.get("repository_id", self.target_dir.name),
+            "repo_id": existing_vars.get("repo_id", self.target_dir.name),
+            "organization_url": org_url,
+            "guidelines_source": guidelines_source,
+            **{k: v for k, v in existing_vars.items() if k not in _reserved_vars},
+        }
+
+        # Preservar campos custom del usuario que no son gestionados por el kernel
+        user_custom = {k: v for k, v in existing.items() if k not in self._MANAGED_KEYS}
+
+        data = {
+            **user_custom,
+            "schema_version": "5.0.0",
+            "project_name": self.target_dir.name,
+            "initialized_at": existing.get("initialized_at", datetime.datetime.now().isoformat()),
+            "last_updated": datetime.datetime.now().isoformat(),
+            "assistants": assistants,
+            "assistant": assistant or existing.get("assistant", "gemini"),
+            "active_profiles": active_profiles,
+            "active_profile": profile_name or existing.get("active_profile", "ado_admin"),
+            "system_environment": {
+                "os": sys.platform,
+                "python_executable": sys.executable,
+                "has_powershell": bool(shutil.which("powershell") or shutil.which("pwsh")),
+                "project_root": str(self.target_dir.absolute()),
+            },
+            "variables": variables,
+            "wikis": existing.get("wikis", {}),
+            "model_config": existing.get("model_config", {}),
+        }
+        self.save_environment(data)
+        return data
+
+    def add_active_profile(self, profile_name: str) -> dict:
+        """Añade y registra de forma permanente un nuevo perfil en el proyecto activo."""
+        data = self.load_environment()
+        if not data:
+            return {}
+        active_profiles = data.get("active_profiles", [])
+        if "active_profile" in data and data["active_profile"] not in active_profiles:
+            active_profiles.append(data["active_profile"])
+        if profile_name and profile_name not in active_profiles:
+            active_profiles.append(profile_name)
+        data["active_profiles"] = active_profiles
+        data["active_profile"] = profile_name
+        data["last_updated"] = datetime.datetime.now().isoformat()
+        data["model_config"] = data.get("model_config", {})
+        self.save_environment(data)
+        return data

higpertext/kernel/application/governance.py

@@ -0,0 +1,192 @@
+"""Casos de uso y coordinadores de Gobernanza (Aplicación)."""
+
+from __future__ import annotations
+from pathlib import Path
+import json
+from datetime import datetime, timezone
+import re
+
+from higpertext.kernel.config_paths import WORKSPACE_DIR_NAME
+from higpertext.kernel.domain.governance import Scope, Severity, Finding, Verdict, GovernanceException
+from higpertext.kernel.infrastructure.governance import ContractLoader, AuditLog
+
+
+class ExceptionRegistry:
+    def __init__(self, project_root: Path) -> None:
+        self._store = project_root / WORKSPACE_DIR_NAME / "state" / "governance_exceptions.json"
+
+    def register(self, exc: GovernanceException) -> None:
+        exceptions = self._load_all()
+        key = f"{exc.profile}:{exc.rule_id}"
+        data = exc.to_dict()
+        data["created_at"] = datetime.now(timezone.utc).isoformat(timespec="seconds")
+        exceptions[key] = data
+        self._save(exceptions)
+
+    def is_excepted(self, rule_id: str, profile: str) -> bool:
+        exceptions = self._load_all()
+        key = f"{profile}:{rule_id}"
+        entry = exceptions.get(key) or exceptions.get(f"global:{rule_id}")
+        if not entry:
+            return False
+        exc = GovernanceException.from_dict(entry)
+        return exc.is_active()
+
+    def list_active(self, profile: str = "") -> list[GovernanceException]:
+        all_exc = self._load_all()
+        result = []
+        for key, data in all_exc.items():
+            exc = GovernanceException.from_dict(data)
+            if not exc.is_active():
+                continue
+            if profile and exc.profile not in (profile, "global"):
+                continue
+            result.append(exc)
+        return result
+
+    def _load_all(self) -> dict:
+        if not self._store.exists():
+            return {}
+        try:
+            return json.loads(self._store.read_text(encoding="utf-8"))
+        except (OSError, json.JSONDecodeError):
+            return {}
+
+    def _save(self, data: dict) -> None:
+        self._store.parent.mkdir(parents=True, exist_ok=True)
+        self._store.write_text(json.dumps(data, indent=2, ensure_ascii=False), encoding="utf-8")
+
+
+class GovernanceEnforcer:
+    """Evalúa gobernanza efectiva para un perfil y scope, con excepciones y audit trail."""
+
+    def __init__(self, project_root: Path) -> None:
+        self._root = project_root
+        self._loader = ContractLoader(project_root)
+        self._audit = AuditLog(project_root)
+        self._exceptions = ExceptionRegistry(project_root)
+
+    def evaluate(
+        self,
+        scope: str,
+        profile: str = "",
+        triggered_by: str = "",
+        context: dict | None = None,
+    ) -> Verdict:
+        """Evalúa todas las reglas aplicables al scope y perfil dados."""
+        scope_enum = self._normalize_scope(scope)
+        rules = self._loader.load(profile)
+        verdict = Verdict(scope=scope)
+
+        for rule in rules:
+            if self._should_skip_rule(rule, profile, scope_enum):
+                continue
+            self._apply_rule(rule, verdict, profile, context)
+
+        self._audit.record(verdict, profile=profile, triggered_by=triggered_by)
+        return verdict
+
+    def _normalize_scope(self, scope: str) -> Scope:
+        try:
+            return Scope(scope)
+        except ValueError:
+            return Scope.ANY
+
+    def _should_skip_rule(self, rule, profile: str, scope_enum: Scope) -> bool:
+        return (
+            not rule.applies_to(scope_enum)
+            or self._exceptions.is_excepted(rule.id, profile)
+        )
+
+    def _apply_rule(self, rule, verdict: Verdict, profile: str, context: dict | None) -> None:
+        if rule.automated and context:
+            finding = self._run_automated_check(rule, context, profile)
+            if finding:
+                verdict.add(finding)
+            return
+
+        if not rule.automated and rule.severity == Severity.HIGH:
+            verdict.add(
+                Finding(
+                    rule_id=rule.id,
+                    severity=Severity.MEDIUM,  # degradar a WARN, nunca BLOCK
+                    message=rule.description,
+                    source=rule.source,
+                    detail="Verificación manual requerida.",
+                )
+            )
+
+    def _run_automated_check(self, rule, context: dict, profile: str) -> Finding | None:
+        """Ejecuta verificaciones automáticas según el ID de la regla."""
+        checks = {
+            "security.no-hardcoded-secrets": self._check_no_secrets,
+            "code_quality.max-function-lines": self._check_function_lines,
+            "code_quality.min-coverage": self._check_coverage,
+            "gitflow_commits.conventional-format": self._check_commit_format,
+        }
+        checker = checks.get(rule.id)
+        if checker:
+            return checker(rule, context, profile)
+        return None
+
+    @staticmethod
+    def _check_no_secrets(rule, context: dict, profile: str) -> Finding | None:
+        patterns = [
+            r"(?i)(password|passwd|secret|token|api_key|apikey)\s*=\s*['\"][^'\"]{4,}['\"]",
+            r"(?i)bearer\s+[a-zA-Z0-9\-._~+/]{20,}",
+        ]
+        diff = context.get("diff", "")
+        for pat in patterns:
+            if re.search(pat, diff):
+                return Finding(
+                    rule_id=rule.id,
+                    severity=rule.severity,
+                    message="Posible secret hardcodeado detectado en el diff.",
+                    source=rule.source,
+                    detail="Usa variables de entorno o un secrets manager.",
+                )
+        return None
+
+    @staticmethod
+    def _check_function_lines(rule, context: dict, profile: str) -> Finding | None:
+        threshold = rule.numeric_threshold or 30
+        violations = context.get("function_line_violations", [])
+        if violations:
+            return Finding(
+                rule_id=rule.id,
+                severity=rule.severity,
+                message=f"{len(violations)} función(es) exceden {int(threshold)} líneas.",
+                source=rule.source,
+                detail=", ".join(violations[:5]),
+            )
+        return None
+
+    @staticmethod
+    def _check_coverage(rule, context: dict, profile: str) -> Finding | None:
+        threshold = rule.numeric_threshold or 80.0
+        coverage = context.get("coverage_pct")
+        if coverage is not None and coverage < threshold:
+            return Finding(
+                rule_id=rule.id,
+                severity=rule.severity,
+                message=f"Cobertura {coverage:.1f}% < umbral {threshold:.0f}%.",
+                source=rule.source,
+            )
+        return None
+
+    @staticmethod
+    def _check_commit_format(rule, context: dict, profile: str) -> Finding | None:
+        msg = context.get("commit_message", "")
+        pattern = (
+            r"^(feat|fix|docs|style|refactor|perf|test|build|ci|chore|revert)"
+            r"(\([^)]+\))?(!)?: .+"
+        )
+        if msg and not re.match(pattern, msg):
+            return Finding(
+                rule_id=rule.id,
+                severity=rule.severity,
+                message="Mensaje de commit no sigue Conventional Commits.",
+                source=rule.source,
+                detail=f"Recibido: '{msg[:60]}'",
+            )
+        return None

higpertext/kernel/application/hook_registry.py

@@ -0,0 +1,102 @@
+"""HookRegistry — carga hooks_config.json y filtra por asistente + perfil."""
+
+from __future__ import annotations
+from pathlib import Path
+
+from higpertext.kernel.infrastructure.hook_config_loader import (
+    load_hooks_config,
+    save_hooks_config,
+)
+from higpertext.kernel.domain.hook_models import HookDefinition, WebhookEvent
+
+
+class HookRegistry:
+    def __init__(self, project_root: Path) -> None:
+        self._project_root = project_root
+        self._data: dict = load_hooks_config(project_root)
+
+    def _get_valid_hooks(self) -> list[dict]:
+        all_hooks: list[dict] = self._data.get("hooks", []) + self._data.get("agent_hooks", [])
+        return [
+            h
+            for h in all_hooks
+            if isinstance(h, dict) and "id" in h and "event" in h and "script" in h
+        ]
+
+    def _get_profile_ids(self, profile: str) -> set[str]:
+        profile_ids: set[str] = set(self._data.get("profile_hooks", {}).get(profile, []))
+
+        # Siempre permite que los hooks locales del agente se ejecuten,
+        # asociándolos al perfil activo
+        for h in self._data.get("agent_hooks", []):
+            if isinstance(h, dict) and "id" in h:
+                profile_ids.add(h["id"])
+
+        return profile_ids
+
+    def _is_hook_allowed(self, raw: dict, assistant: str, profile: str, profile_ids: set[str]) -> bool:
+        if not raw.get("enabled", True):
+            return False
+
+        allowed_assistants = raw.get("assistants", [])
+        if allowed_assistants and assistant not in allowed_assistants:
+            return False
+
+        allowed_profiles = raw.get("profiles", [])
+        if allowed_profiles and profile not in allowed_profiles:
+            return False
+
+        return not profile_ids or raw["id"] in profile_ids
+
+    def get_hooks_for(self, assistant: str, profile: str) -> list[HookDefinition]:
+        """Devuelve hooks activos filtrados por asistente y perfil."""
+        all_hooks = self._get_valid_hooks()
+        profile_ids = self._get_profile_ids(profile)
+
+        result: list[HookDefinition] = []
+        for raw in all_hooks:
+            if not self._is_hook_allowed(raw, assistant, profile, profile_ids):
+                continue
+            result.append(
+                HookDefinition(
+                    id=raw["id"],
+                    event=raw["event"],
+                    script=raw["script"],
+                    description=raw.get("description", ""),
+                    matcher=raw.get("matcher", ""),
+                    timeout=raw.get("timeout", 10),
+                    enabled=raw.get("enabled", True),
+                    assistants=raw.get("assistants", []),
+                    profiles=raw.get("profiles", []),
+                    capability_id=raw.get("capability_id", ""),
+                )
+            )
+        return result
+
+    def get_webhooks_for(self, assistant: str) -> list[WebhookEvent]:
+        result: list[WebhookEvent] = []
+        for raw in self._data.get("webhooks", []):
+            if not raw.get("enabled", False):
+                continue
+            allowed = raw.get("assistants", [])
+            if allowed and assistant not in allowed:
+                continue
+            result.append(
+                WebhookEvent(
+                    id=raw["id"],
+                    event=raw["event"],
+                    url=raw["url"],
+                    payload_template=raw.get("payload_template", {}),
+                    assistants=raw.get("assistants", []),
+                    enabled=raw.get("enabled", False),
+                    timeout=raw.get("timeout", 5),
+                )
+            )
+        return result
+
+    def get_all_hook_ids(self) -> list[str]:
+        return [h["id"] for h in self._data.get("hooks", [])]
+
+    def save(self, data: dict) -> None:
+        self._data = data
+        save_hooks_config(self._project_root, data)