specpass 0.1.0__tar.gz

specpass-0.1.0/PKG-INFO

@@ -0,0 +1,29 @@
+Metadata-Version: 2.4
+Name: specpass
+Version: 0.1.0
+Summary: Verification-First Code Generation Platform
+Author: WoOty
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Dynamic: requires-python
+
+# specpass
+
+**From spec to verified code. One command.**
+
+```bash
+pip install specpass
+specpass run spec.md --out build/
+```
+
+specpass — Verification-First Code Generation Pipeline. Берёт spec в формате Markdown, генерирует код через DeepSeek/Claude, проверяет 4 детерминированными gates (import, static, contract, runtime), детектит LLM-шорткаты (11 cheat patterns), выдаёт quality score.
+
+**Уникально:** Cost advantage ×2000 (DeepSeek context caching, $0.01/45 файлов). Аналогов нет.
+
+```bash
+specpass fastapi-auth  # инициализация из spec registry
+specpass verify build/ --spec spec.md  # только verification
+specpass search "jwt"  # поиск specs
+```
+
+Лицензия: MIT

specpass-0.1.0/README.md

@@ -0,0 +1,20 @@
+# specpass
+
+**From spec to verified code. One command.**
+
+```bash
+pip install specpass
+specpass run spec.md --out build/
+```
+
+specpass — Verification-First Code Generation Pipeline. Берёт spec в формате Markdown, генерирует код через DeepSeek/Claude, проверяет 4 детерминированными gates (import, static, contract, runtime), детектит LLM-шорткаты (11 cheat patterns), выдаёт quality score.
+
+**Уникально:** Cost advantage ×2000 (DeepSeek context caching, $0.01/45 файлов). Аналогов нет.
+
+```bash
+specpass fastapi-auth  # инициализация из spec registry
+specpass verify build/ --spec spec.md  # только verification
+specpass search "jwt"  # поиск specs
+```
+
+Лицензия: MIT

specpass-0.1.0/pyproject.toml

@@ -0,0 +1,17 @@
+[build-system]
+requires = ["setuptools>=68.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "specpass"
+version = "0.1.0"
+description = "Verification-First Code Generation Platform"
+authors = [{name = "WoOty"}]
+requires-python = ">=3.10"
+readme = "README.md"
+
+[project.scripts]
+specpass = "specpass:main"
+
+[tool.setuptools]
+py-modules = ["specpass"]

specpass-0.1.0/setup.cfg

@@ -0,0 +1,4 @@
+[egg_info]
+tag_build = 
+tag_date = 0
+

specpass-0.1.0/setup.py

@@ -0,0 +1,16 @@
+from setuptools import setup
+
+setup(
+    name="specpass",
+    version="0.1.0",
+    description="Verification-First Code Generation Platform",
+    long_description="From spec to verified code. One command.",
+    author="WoOty",
+    py_modules=["specpass"],
+    entry_points={
+        "console_scripts": [
+            "specpass=specpass:main",
+        ],
+    },
+    python_requires=">=3.10",
+)

specpass-0.1.0/specpass.egg-info/PKG-INFO

@@ -0,0 +1,29 @@
+Metadata-Version: 2.4
+Name: specpass
+Version: 0.1.0
+Summary: Verification-First Code Generation Platform
+Author: WoOty
+Requires-Python: >=3.10
+Description-Content-Type: text/markdown
+Dynamic: requires-python
+
+# specpass
+
+**From spec to verified code. One command.**
+
+```bash
+pip install specpass
+specpass run spec.md --out build/
+```
+
+specpass — Verification-First Code Generation Pipeline. Берёт spec в формате Markdown, генерирует код через DeepSeek/Claude, проверяет 4 детерминированными gates (import, static, contract, runtime), детектит LLM-шорткаты (11 cheat patterns), выдаёт quality score.
+
+**Уникально:** Cost advantage ×2000 (DeepSeek context caching, $0.01/45 файлов). Аналогов нет.
+
+```bash
+specpass fastapi-auth  # инициализация из spec registry
+specpass verify build/ --spec spec.md  # только verification
+specpass search "jwt"  # поиск specs
+```
+
+Лицензия: MIT

specpass-0.1.0/specpass.egg-info/SOURCES.txt

@@ -0,0 +1,9 @@
+README.md
+pyproject.toml
+setup.py
+specpass.py
+specpass.egg-info/PKG-INFO
+specpass.egg-info/SOURCES.txt
+specpass.egg-info/dependency_links.txt
+specpass.egg-info/entry_points.txt
+specpass.egg-info/top_level.txt

specpass-0.1.0/specpass.egg-info/dependency_links.txt

@@ -0,0 +1 @@
+

specpass-0.1.0/specpass.egg-info/entry_points.txt

@@ -0,0 +1,2 @@
+[console_scripts]
+specpass = specpass:main

specpass-0.1.0/specpass.egg-info/top_level.txt

@@ -0,0 +1 @@
+specpass

specpass-0.1.0/specpass.py

@@ -0,0 +1,874 @@
+#!/usr/bin/env python3
+"""
+specpass v1 — Verification-First Code Platform.
+
+Pipeline:
+  spec.md → [verify spec] → [generate code + harness] → [run harness] → [cheat detect] → [score + audit]
+
+Usage:
+  specpass spec.md --out build/
+  specpass verify build/ --spec spec.md
+  specpass search "jwt auth"
+  specpass publish spec.md
+"""
+
+import sys, os, json, subprocess, time, re, hashlib, argparse, shutil, textwrap
+from pathlib import Path
+from typing import Optional, List, Dict
+
+SPECPASS_DIR = Path(__file__).parent
+AGENTS_DIR = SPECPASS_DIR / "agents"
+TEMPLATES_DIR = SPECPASS_DIR / "templates"
+SPECS_DIR = SPECPASS_DIR / "specs"
+REGISTRY_DIR = SPECPASS_DIR / "registry"
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 1: Spec
+# ═══════════════════════════════════════════════════════════════════
+
+def load_markdown_spec(path: Path) -> dict:
+    """Parse Markdown spec into structured dict."""
+    text = path.read_text()
+    spec = {
+        "name": "", "contracts": [], "dependencies": [], "boundaries": [],
+        "examples": [], "path": str(path), "complexity": "simple",
+    }
+    lines = text.split("\n")
+    for line in lines:
+        if line.startswith("# ") and not line.startswith("## "):
+            spec["name"] = line[2:].strip()
+            break
+
+    current_section = None
+    for line in lines:
+        stripped = line.strip()
+        if stripped.startswith("## Contracts"):
+            current_section = "contracts"; continue
+        elif stripped.startswith("## Dependencies"):
+            current_section = "deps"; continue
+        elif stripped.startswith("## Boundaries"):
+            current_section = "boundaries"; continue
+        elif stripped.startswith("## Examples"):
+            current_section = "examples"; continue
+        elif stripped.startswith("## "):
+            current_section = None; continue
+
+        if current_section == "contracts" and stripped.startswith("- `"):
+            m = re.match(r"- `(.+?)`\s*(?:@test\s+(\S+))?", stripped)
+            if m:
+                sig_str, test_path = m.group(1), m.group(2) or ""
+                sig_match = re.match(r"(\w+(?:\.\w+)?)\(([^)]*)\)\s*(?:->\s*(\S+))?", sig_str)
+                if sig_match:
+                    name, args_str, returns = sig_match.group(1), sig_match.group(2), sig_match.group(3) or "None"
+                    args = []
+                    if args_str.strip():
+                        for a in args_str.split(","):
+                            a = a.strip()
+                            if ":" in a:
+                                aname, atype = a.split(":", 1)
+                                args.append({"name": aname.strip(), "type": atype.strip()})
+                            else:
+                                args.append({"name": a, "type": "Any"})
+                    spec["contracts"].append({"name": name, "args": args, "returns": returns, "test": test_path})
+        elif current_section == "deps" and stripped.startswith("- "):
+            spec["dependencies"].append(stripped[2:].strip())
+        elif current_section == "boundaries" and stripped.startswith("- "):
+            spec["boundaries"].append(stripped[2:].strip())
+        elif current_section == "examples" and stripped.startswith("- "):
+            spec["examples"].append(stripped[2:].strip())
+
+    # Определяем сложность
+    num_contracts = len(spec["contracts"])
+    has_deps = len(spec["dependencies"]) > 0
+    has_complex_types = any(
+        "List" in str(c["args"]) or "Dict" in str(c["args"]) or "Optional" in str(c["args"])
+        for c in spec["contracts"]
+    )
+    if num_contracts > 5 or (has_deps and has_complex_types) or len(spec["boundaries"]) > 3:
+        spec["complexity"] = "complex"
+    
+    return spec
+
+
+def verify_spec(spec: dict) -> list:
+    """Pre-generation spec verification."""
+    errors = []
+    if not spec["name"]:
+        errors.append("Spec must have a name (# Module Name)")
+    if not spec["contracts"]:
+        errors.append("Spec must have at least one contract")
+    for c in spec["contracts"]:
+        if not c["test"]:
+            errors.append(f"Contract '{c['name']}' has no @test path")
+    for c in spec["contracts"]:
+        if c["test"]:
+            test_path = Path(c["test"])
+            if not test_path.is_absolute():
+                test_path = Path(spec.get("path", ".")).parent / test_path
+            if not test_path.exists():
+                errors.append(f"Test file for '{c['name']}' not found: {test_path}")
+    return errors
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 2: Cost Routing Engine
+# ═══════════════════════════════════════════════════════════════════
+
+ROUTE_TABLE = {
+    "simple": {
+        "generation": "deepseek/deepseek-v4-flash",     # $0.14/M inp, $0.28/M out
+        "fix": "deepseek/deepseek-v4-flash",
+        "harness": "deepseek/deepseek-v4-flash",
+        "adversarial": None,  # skip for simple
+    },
+    "complex": {
+        "generation": "deepseek/deepseek-v4-flash",     # cache hit 95% = $0.0028/M
+        "fix": "anthropic/claude-sonnet-4",              # better at fixing logic
+        "harness": "anthropic/claude-sonnet-4",
+        "adversarial": "anthropic/claude-sonnet-4",
+    },
+    "critical": {
+        "generation": "anthropic/claude-sonnet-4",       # best quality
+        "fix": "anthropic/claude-sonnet-4",
+        "harness": "anthropic/claude-sonnet-4",
+        "adversarial": "anthropic/claude-opus-4",
+    },
+}
+
+
+def select_model(spec: dict, task: str = "generation") -> str:
+    """Выбрать модель для задачи на основе сложности spec."""
+    complexity = spec.get("complexity", "simple")
+    route = ROUTE_TABLE.get(complexity, ROUTE_TABLE["simple"])
+    model = route.get(task, "deepseek/deepseek-v4-flash")
+    if model is None:
+        return "deepseek/deepseek-v4-flash"  # fallback if task skipped
+    return model
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 3: Custom Verification Harness Generator
+# ═══════════════════════════════════════════════════════════════════
+
+def generate_harness(spec: dict, code_dir: Path, model: str) -> dict:
+    """
+    Генерирует verification harness под конкретный spec.
+    Вместо 4 статических gates — скрипт, который точно знает что проверять.
+    """
+    contract_details = "\n".join(
+        f"# {c['name']}({', '.join(a['name']+':'+a['type'] for a in c['args'])}) -> {c['returns']}"
+        for c in spec["contracts"]
+    )
+    examples_text = "\n".join(f"# {e}" for e in spec["examples"]) if spec["examples"] else "# no examples"
+    boundaries_text = "\n".join(f"# {b}" for b in spec["boundaries"]) if spec["boundaries"] else "# no boundaries"
+
+    prompt = f"""Generate a Python verification script for this spec:
+
+Project: {spec['name']}
+Contracts:
+{contract_details}
+
+Examples:
+{examples_text}
+
+Boundaries:
+{boundaries_text}
+
+The script MUST:
+1. Check all modules import successfully
+2. Verify all contract function names exist with correct args
+3. Run pytest on {spec['name'].lower().replace(' ', '_')}/
+4. Check security boundaries are respected
+5. Return a JSON report with: "pass": bool, "score": float, "details": dict
+
+Write ONLY the Python script. No explanations. Use pytest for step 3."""
+
+    # Call LLM to generate harness
+    result = _call_llm_simple(model, prompt)
+    if not result["success"]:
+        return {"success": False, "error": result.get("error", "harness gen failed"), "code": ""}
+
+    code = result["content"]
+    # Extract code block
+    m = re.search(r"```(?:python)?\n(.+?)\n```", code, re.DOTALL)
+    if m:
+        code = m.group(1).strip()
+
+    # Save harness
+    harness_path = code_dir / "verify.py"
+    harness_path.write_text(code)
+
+    return {"success": True, "path": str(harness_path), "code": code}
+
+
+def run_harness(code_dir: Path) -> dict:
+    """Run generated verification harness."""
+    harness_path = code_dir / "verify.py"
+    if not harness_path.exists():
+        return {"pass": False, "score": 0, "error": "No harness found, running static gates"}
+
+    result = subprocess.run(
+        [sys.executable, str(harness_path)],
+        cwd=code_dir, capture_output=True, text=True, timeout=60
+    )
+
+    # Try to parse JSON output from harness
+    try:
+        report = json.loads(result.stdout)
+        return {
+            "pass": report.get("pass", False),
+            "score": report.get("score", 0),
+            "details": report.get("details", {}),
+            "stdout": result.stdout[:500],
+        }
+    except (json.JSONDecodeError, ValueError):
+        # Harness didn't return JSON — fallback to exit code
+        return {
+            "pass": result.returncode == 0,
+            "score": 100 if result.returncode == 0 else 0,
+            "stdout": result.stdout[:500],
+            "stderr": result.stderr[:200],
+        }
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 4: Static Gates (fallback when no custom harness)
+# ═══════════════════════════════════════════════════════════════════
+
+def gate_imports(code_dir: Path) -> dict:
+    modules = []
+    seen = set()
+    for f in Path(code_dir).rglob("*.py"):
+        if f.name in ("conftest.py", "verify.py"):
+            continue
+        # Определяем полное имя модуля
+        rel = f.relative_to(code_dir)
+        if f.name == "__init__.py":
+            mod_name = str(rel.parent).replace("/", ".") if str(rel.parent) != "." else f.parent.name
+        else:
+            mod_name = str(rel.with_suffix("")).replace("/", ".")
+        if not mod_name or not mod_name.replace("_", "").replace(".", "").isalnum():
+            continue
+        if mod_name not in seen:
+            modules.append((mod_name, f))
+            seen.add(mod_name)
+
+    results = {}
+    for mod_name, fpath in modules:
+        r = subprocess.run([sys.executable, "-c", f"import {mod_name}"], cwd=code_dir,
+                          capture_output=True, text=True, timeout=10)
+        results[mod_name] = {"pass": r.returncode == 0, "error": r.stderr[:200] if r.returncode else "",
+                            "file": str(fpath.relative_to(code_dir))}
+    return results
+
+
+def gate_static(code_dir: Path) -> dict:
+    mypy = subprocess.run([sys.executable, "-m", "mypy", "."], cwd=code_dir,
+                         capture_output=True, text=True, timeout=30)
+    mypy_errs = sum(1 for l in mypy.stdout.split("\n") if "error:" in l)
+    return {"pass": mypy_errs == 0, "mypy_errors": mypy_errs}
+
+
+def gate_contracts(code_dir: Path, spec: dict) -> dict:
+    results = {}
+    for c in spec["contracts"]:
+        name = c["name"]
+        grep = subprocess.run(["grep", "-rn", f"def {name}(", str(code_dir)],
+                             capture_output=True, text=True, timeout=10)
+        if grep.returncode != 0:
+            results[name] = {"pass": False, "error": f"Function '{name}()' not found"}
+            continue
+        req_args = c["args"]
+        for line in grep.stdout.split("\n"):
+            if f"def {name}(" in line:
+                arg_match = re.search(rf"def {name}\(([^)]*)\)", line)
+                if arg_match:
+                    actual_args = [a.strip().split(":")[0].strip() for a in arg_match.group(1).split(",")
+                                   if a.strip() and a.strip() != "self"]
+                    missing = [a["name"] for a in req_args if a["name"] not in actual_args]
+                    results[name] = {"pass": len(missing) == 0, "error": f"Missing args: {missing}" if missing else ""}
+                    break
+        if name not in results:
+            results[name] = {"pass": True}
+    return results
+
+
+def gate_runtime(code_dir: Path) -> dict:
+    import shutil
+    pytest_path = shutil.which("pytest")
+    if not pytest_path:
+        return {"pass": False, "passed": 0, "failed": 1, "error": "pytest not found"}
+    result = subprocess.run([pytest_path, "-x", "-q", "--tb=short"], cwd=code_dir,
+                           capture_output=True, text=True, timeout=60)
+    return {"pass": result.returncode == 0, "passed": result.stdout.count("passed"),
+            "failed": result.stdout.count("failed")}
+
+
+def run_static_gates(code_dir: Path, spec: dict) -> dict:
+    """Fallback: 4 статических gates."""
+    print("\n  ⚡ Using static gates (no custom harness)")
+    gates = {
+        "import": gate_imports(code_dir),
+        "static": gate_static(code_dir),
+        "contract": gate_contracts(code_dir, spec),
+        "runtime": gate_runtime(code_dir),
+    }
+    import_pass = all(g["pass"] for g in gates["import"].values())
+    contract_pass = all(g["pass"] for g in gates["contract"].values())
+    runtime_pass = gates["runtime"]["pass"]
+    static_pass = gates["static"]["pass"]
+
+    score = (100 if import_pass else 0) * 0.2 + (100 if static_pass else 0) * 0.2 + \
+            (100 if contract_pass else 0) * 0.3 + (100 if runtime_pass else 0) * 0.3
+
+    print(f"    Import: {'✅' if import_pass else '❌'} {sum(1 for g in gates['import'].values() if g['pass'])}/{len(gates['import'])}")
+    print(f"    Static: {'✅' if static_pass else '❌'} {gates['static']['mypy_errors']} mypy errors")
+    contract_report = next((g for n, g in gates['contract'].items()), {"pass": contract_pass})
+    print(f"    Contracts: {'✅' if contract_pass else '❌'} {sum(1 for n, g in gates['contract'].items() if g['pass'])}/{len(gates['contract'])}")
+    print(f"    Runtime: {'✅' if runtime_pass else '❌'} {gates['runtime']['passed']} passed, {gates['runtime']['failed']} failed")
+
+    return {"score": round(score, 1), "gates": gates,
+            "pass": import_pass and contract_pass and score >= 70}
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 5: Cheat Detection (Swarm-inspired, 11 patterns)
+# ═══════════════════════════════════════════════════════════════════
+
+CHEAT_PATTERNS = {
+    "test-modification": {
+        "description": "Agent edited test instead of implementation",
+        "severity": "high",
+        "check": lambda f, c: False  # requires diff, skip for now
+    },
+    "hardcoded-answer": {
+        "description": "Literal return of expected output",
+        "severity": "high",
+        "check": lambda f, c: bool(re.search(r"return\s+(True|False|\d+|'[^']*'|\"[^\"]*\")", c)) and "def " in c
+    },
+    "exception-swallowing": {
+        "description": "Caught/ignored exceptions to pass tests",
+        "severity": "medium",
+        "check": lambda f, c: bool(re.search(r"except\s+\w+\s*:\s*\n\s*(?:pass|#|$)", c))
+    },
+    "mock-hallucination": {
+        "description": "Mock of nonexistent function/dependency",
+        "severity": "medium",
+        "check": lambda f, c: bool(re.search(r"mock\.patch\(['\"](?!.*\.)", c))
+    },
+    "assertion-removal": {
+        "description": "Test has no assertions (passes vacuously)",
+        "severity": "high",
+        "check": lambda f, c: "def test_" in f and f.endswith(".py") and "assert" not in c
+    },
+    "complexity-mismatch": {
+        "description": "Trivial impl + complex test (test-does-all)",
+        "severity": "medium",
+        "check": lambda f, c: len(c) < 50 and "def " in c and \
+                               "def test_" not in c and "assert" not in c
+    },
+    "test-only-fix": {
+        "description": "Only tests changed, no impl change",
+        "severity": "high",
+        "check": lambda f, c: False  # requires diff, skip for now
+    },
+    "circular-import": {
+        "description": "Module imports itself or creates cycle",
+        "severity": "medium",
+        "check": lambda f, c: False  # requires full module graph
+    },
+    "stale-comment": {
+        "description": "Comment says one thing, code does another",
+        "severity": "low",
+        "check": lambda f, c: bool(re.search(r"TODO|FIXME|HACK|XXX", c))
+    },
+    "dead-branch": {
+        "description": "Condition that's always True/False",
+        "severity": "low",
+        "check": lambda f, c: bool(re.search(r"if\s+(True|False)\s*:", c))
+    },
+    "config-leak": {
+        "description": "Hardcoded config/secrets in code",
+        "severity": "high",
+        "check": lambda f, c: bool(re.search(r"(api_key|secret|password|token)\s*=\s*['\"][^'\"]+['\"]", c, re.I))
+    },
+}
+
+
+def run_cheat_detection(code_dir: Path) -> dict:
+    """Scan generated code for LLM shortcut patterns."""
+    findings = []
+    for py_file in sorted(code_dir.rglob("*.py")):
+        if py_file.name == "conftest.py" or py_file.name == "verify.py":
+            continue
+        rel = str(py_file.relative_to(code_dir))
+        content = py_file.read_text()
+
+        for pattern_name, pattern in CHEAT_PATTERNS.items():
+            try:
+                if pattern["check"](rel, content):
+                    findings.append({
+                        "pattern": pattern_name,
+                        "severity": pattern["severity"],
+                        "file": rel,
+                        "description": pattern["description"],
+                    })
+            except Exception:
+                pass
+
+    score = 100
+    for f in findings:
+        if f["severity"] == "high":
+            score -= 15
+        elif f["severity"] == "medium":
+            score -= 8
+        else:
+            score -= 3
+
+    return {
+        "pass": score >= 70,
+        "score": max(0, score),
+        "findings": findings,
+        "total": len(findings),
+        "high": len([f for f in findings if f["severity"] == "high"]),
+        "medium": len([f for f in findings if f["severity"] == "medium"]),
+        "low": len([f for f in findings if f["severity"] == "low"]),
+    }
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 6: Verification Cache
+# ═══════════════════════════════════════════════════════════════════
+
+VERIFY_CACHE = {}  # code_dir -> (checksum, result)
+
+def _dir_checksum(code_dir: Path) -> str:
+    """SHA256 of all .py files in directory."""
+    h = hashlib.sha256()
+    for f in sorted(code_dir.rglob("*.py")):
+        h.update(f.read_bytes())
+    return h.hexdigest()[:16]
+
+
+def cached_verification(code_dir: Path, spec: dict, force: bool = False) -> dict:
+    """Run verification with caching — skip if code unchanged."""
+    if force:
+        return _run_verification(code_dir, spec)
+
+    checksum = _dir_checksum(code_dir)
+    if code_dir in VERIFY_CACHE and VERIFY_CACHE[code_dir][0] == checksum:
+        print("  📦 Verification cache hit — skipping")
+        return VERIFY_CACHE[code_dir][1]
+
+    result = _run_verification(code_dir, spec)
+    VERIFY_CACHE[code_dir] = (checksum, result)
+    return result
+
+
+def _run_verification(code_dir: Path, spec: dict) -> dict:
+    """Full verification: try custom harness first, fallback to static gates, then cheat detection."""
+    print("\n  ── Verification Pipeline ──")
+
+    # Phase 1: Custom harness (if generated)
+    harness_result = run_harness(code_dir)
+    if harness_result.get("pass", False):
+        print(f"    ✅ Custom harness: score {harness_result.get('score', 100)}")
+        ver_score = harness_result.get("score", 100)
+        gates_result = {"harness": harness_result}
+    else:
+        # Phase 2: Static gates fallback
+        gates_result = run_static_gates(code_dir, spec)
+        ver_score = gates_result.get("score", 0)
+
+    # Phase 3: Cheat detection (always runs)
+    print("\n  ── Cheat Detection ──")
+    cheat = run_cheat_detection(code_dir)
+    if cheat["findings"]:
+        print(f"    ⚠️  {cheat['total']} findings: {cheat['high']} high, {cheat['medium']} med, {cheat['low']} low")
+        for f in cheat["findings"][:5]:
+            print(f"      {'🔴' if f['severity']=='high' else '🟡' if f['severity']=='medium' else '🔵'} {f['file']}: {f['description']}")
+    else:
+        print(f"    ✅ Clean: no shortcuts detected")
+
+    # Combined score
+    combined = round(ver_score * 0.7 + cheat["score"] * 0.3, 1)
+    overall_pass = gates_result.get("pass", False) and cheat["pass"]
+
+    print(f"\n    Combined Score: {combined}/100 — {'✅ PASS' if overall_pass else '❌ FAIL'}")
+
+    report = {
+        "score": combined,
+        "pass": overall_pass,
+        "verification": gates_result,
+        "cheat_detection": cheat,
+    }
+    return report
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 7: Code Generation (v6 — with cost routing)
+# ═══════════════════════════════════════════════════════════════════
+
+def _call_llm_simple(model: str, prompt: str) -> dict:
+    """Minimal LLM call via OpenRouter."""
+    key = os.environ.get("OPENROUTER_API_KEY", "")
+    if not key:
+        env_path = Path("/home/wooty/.hermes/.env")
+        if env_path.exists():
+            for line in env_path.read_text().split("\n"):
+                if "OPENROUTER_API_KEY" in line and "=" in line:
+                    key = line.split("=", 1)[1].strip()
+                    break
+    if not key:
+        return {"success": False, "error": "No API key"}
+
+    import urllib.request
+    data = json.dumps({
+        "model": model,
+        "messages": [{"role": "user", "content": prompt}],
+        "temperature": 0.3,
+        "max_tokens": 4000,
+    }).encode()
+    req = urllib.request.Request(
+        "https://openrouter.ai/api/v1/chat/completions", data=data,
+        headers={"Authorization": f"Bearer {key}", "Content-Type": "application/json"}
+    )
+    try:
+        resp = urllib.request.urlopen(req, timeout=120)
+        result = json.loads(resp.read())
+        content = result.get("choices", [{}])[0].get("message", {}).get("content", "")
+        return {"success": True, "content": content,
+                "usage": result.get("usage", {}), "model": model}
+    except Exception as e:
+        return {"success": False, "error": str(e)}
+
+
+def generate_code_v6(spec: dict, output_dir: Path) -> dict:
+    """
+    Generate code with cost routing.
+    Simple specs → DeepSeek ($0.001/файл)
+    Complex specs → Claude ($0.01/файл) для ключевых файлов
+    """
+    gen_model = select_model(spec, "generation")
+    fix_model = select_model(spec, "fix")
+
+    module_name = spec["name"].lower().replace(" ", "_")
+    output_dir.mkdir(parents=True, exist_ok=True)
+
+    # Генерируем по одному файлу на контракт
+    files_created = 0
+    total_cost = 0.0
+
+    for c in spec["contracts"]:
+        file_path = output_dir / f"{module_name}/{c['name']}.py"
+        file_path.parent.mkdir(parents=True, exist_ok=True)
+
+        prompt = f"""Generate Python code for function: {c['name']}
+
+Signature: {c['name']}({', '.join(a['name']+': '+a['type'] for a in c['args'])}) -> {c['returns']}
+
+Requirements:
+- Complete, working code
+- Type hints
+- Docstring
+- Absolute imports only
+- Return correct type
+
+Write ONLY the code."""
+
+        result = _call_llm_simple(gen_model, prompt)
+        if result["success"]:
+            # Extract code block
+            code = result["content"]
+            m = re.search(r"```(?:python)?\n(.+?)\n```", code, re.DOTALL)
+            if m:
+                code = m.group(1).strip()
+            file_path.write_text(code)
+            files_created += 1
+            # Estimate cost
+            usage = result.get("usage", {})
+            tokens = usage.get("total_tokens", 500) if isinstance(usage, dict) else 500
+            total_cost += tokens / 1_000_000 * 0.14
+
+    # Обновляем __init__.py с экспортами
+    init_path = output_dir / module_name / "__init__.py"
+    if init_path.parent.exists():
+        exports = [f"from {module_name}.{c['name']} import {c['name']}" for c in spec["contracts"]]
+        init_path.write_text(f"# {spec['name']} — auto-generated\n" + "\n".join(exports) + "\n")
+
+    # Копируем тесты
+    spec_dir = Path(spec["path"]).parent if spec.get("path") else None
+    if spec_dir:
+        for c in spec["contracts"]:
+            if c["test"]:
+                src = spec_dir / c["test"]
+                if src.exists():
+                    dst = output_dir / c["test"]
+                    dst.parent.mkdir(parents=True, exist_ok=True)
+                    shutil.copy2(src, dst)
+
+    return {"files_created": files_created, "total_cost": round(total_cost, 6), "model": gen_model}
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 8: Spec Registry
+# ═══════════════════════════════════════════════════════════════════
+
+def init_default_registry():
+    """Инициализирует registry с несколькими базовыми spec-ами."""
+    REGISTRY_DIR.mkdir(parents=True, exist_ok=True)
+    defaults = {
+        "fastapi-auth": """# FastAPI JWT Auth
+
+## Contracts
+- `create_token(user_id: int) -> str` @test tests/test_auth.py
+- `verify_token(token: str) -> dict` @test tests/test_auth.py
+- `get_current_user(token: str) -> User` @test tests/test_auth.py
+
+## Dependencies
+- fastapi>=0.100.0
+- python-jose[cryptography]>=3.3.0
+- passlib[bcrypt]>=1.7.4
+
+## Boundaries
+- Never log passwords
+- Token expiry: 24h
+- Always hash before store
+""",
+        "cli-app": """# CLI Application
+
+## Contracts
+- `main(args: list) -> int` @test tests/test_cli.py
+- `parse_config(path: str) -> dict` @test tests/test_cli.py
+
+## Dependencies
+- click>=8.0.0
+
+## Boundaries
+- Exit code 0 for success, 1 for error
+- Log to stderr, output to stdout
+""",
+        "pydantic-model": """# Pydantic Data Model
+
+## Contracts
+- `validate(data: dict) -> Model` @test tests/test_model.py
+- `to_dict(instance: Model) -> dict` @test tests/test_model.py
+
+## Dependencies
+- pydantic>=2.0.0
+
+## Boundaries
+- Raise ValidationError on invalid data
+- All fields required unless Optional
+""",
+    }
+    for name, content in defaults.items():
+        path = REGISTRY_DIR / f"{name}.md"
+        if not path.exists():
+            path.write_text(content)
+
+
+def cmd_search(query: str):
+    """Search spec registry."""
+    init_default_registry()
+    results = []
+    query_lower = query.lower()
+    for f in REGISTRY_DIR.glob("*.md"):
+        content = f.read_text().lower()
+        if query_lower in content or query_lower in f.stem.lower():
+            results.append({"name": f.stem, "path": str(f), "preview": content[:100].strip()})
+    return results
+
+
+def cmd_publish(spec_path: str):
+    """Publish spec to registry."""
+    path = Path(spec_path)
+    if not path.exists():
+        return {"error": f"Spec not found: {spec_path}"}
+    dest = REGISTRY_DIR / path.name
+    shutil.copy2(path, dest)
+    return {"success": True, "path": str(dest), "name": path.stem}
+
+
+def cmd_init(spec_name: str, output: str):
+    """Initialize project from a registry spec."""
+    init_default_registry()
+    spec_path = REGISTRY_DIR / f"{spec_name}.md"
+    if not spec_path.exists():
+        return {"error": f"Spec '{spec_name}' not found. Available: {[f.stem for f in REGISTRY_DIR.glob('*.md')]}"}
+
+    out_path = Path(output) / spec_path.name
+    out_path.parent.mkdir(parents=True, exist_ok=True)
+    shutil.copy2(spec_path, out_path)
+    return {"success": True, "path": str(out_path), "spec": spec_name}
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 9: Pipeline
+# ═══════════════════════════════════════════════════════════════════
+
+def run_pipeline(spec_path: str, output_dir: str, model: str = "",
+                 max_iterations: int = 3, force: bool = False) -> dict:
+    """Full specpass pipeline."""
+    start = time.time()
+
+    print(f"{'='*60}")
+    print(f"  specpass — Verification-First Platform")
+    print(f"  Spec: {spec_path}")
+    print(f"  Output: {output_dir}")
+    print(f"{'='*60}")
+
+    spec_file = Path(spec_path)
+    out_dir = Path(output_dir)
+
+    if not spec_file.exists():
+        return {"success": False, "error": f"Spec not found: {spec_path}"}
+
+    # Phase 0: Load & verify spec
+    print(f"\n📋 Phase 0: Spec")
+    spec = load_markdown_spec(spec_file)
+    spec_errors = verify_spec(spec)
+    if spec_errors:
+        for e in spec_errors:
+            print(f"  ❌ {e}")
+        return {"success": False, "phase": "spec_verify", "errors": spec_errors}
+    gen_model = select_model(spec, "generation")
+    fix_model = select_model(spec, "fix")
+    print(f"  ✅ {spec['name']} ({len(spec['contracts'])} contracts, {spec['complexity']})")
+    print(f"     Gen: {gen_model} | Fix: {fix_model}")
+
+    # Phase 1: Generate code
+    print(f"\n🤖 Phase 1: Generation")
+    gen_result = generate_code_v6(spec, out_dir)
+    files = list(out_dir.rglob("*.py"))
+    print(f"  Generated {gen_result['files_created']} files, ~${gen_result['total_cost']:.4f}")
+
+    # Phase 2: Verification
+    print(f"\n🔬 Phase 2: Verification")
+    verification = cached_verification(out_dir, spec, force=force)
+
+    # Phase 3: Fix loop
+    iteration = 1
+    while not verification["pass"] and iteration < max_iterations:
+        print(f"\n🔄 Fix iteration {iteration}/{max_iterations}")
+        # Regenerate failing files via debug agent
+        debug_result = subprocess.run(
+            [sys.executable, str(AGENTS_DIR / "debug_agent.py"),
+             spec_path, "--code-dir", str(out_dir),
+             "--base-dir", str(out_dir.parent), "--max-cycles", "1"],
+            capture_output=True, text=True, timeout=120
+        )
+        print(debug_result.stdout[:200] if debug_result.stdout else "  No debug output")
+        verification = cached_verification(out_dir, spec, force=True)
+        iteration += 1
+
+    # Phase 4: Custom verification harness generation (for next time)
+    if verification["pass"]:
+        print(f"\n🔧 Generating custom verification harness...")
+        harness_model = select_model(spec, "harness")
+        if harness_model:
+            harness = generate_harness(spec, out_dir, harness_model)
+            if harness["success"]:
+                print(f"  ✅ Harness saved to {harness['path']}")
+            else:
+                print(f"  ⚠️  Harness generation skipped: {harness.get('error', '?')}")
+
+    # Summary
+    elapsed = time.time() - start
+    print(f"\n{'='*60}")
+    print(f"  {'✅ PIPELINE PASS' if verification['pass'] else '❌ PIPELINE FAIL'}")
+    print(f"  Score: {verification['score']}/100")
+    print(f"  Time: {elapsed:.1f}s, Files: {len(files)}, Cost: ~${gen_result['total_cost']:.4f}")
+    print(f"{'='*60}")
+
+    return {
+        "success": verification["pass"],
+        "score": verification["score"],
+        "elapsed": elapsed,
+        "files": len(files),
+        "cost": gen_result["total_cost"],
+        "model": gen_model,
+        "output_dir": str(out_dir),
+    }
+
+
+# ═══════════════════════════════════════════════════════════════════
+# PART 10: CLI
+# ═══════════════════════════════════════════════════════════════════
+
+def main():
+    parser = argparse.ArgumentParser(description="specpass — Verification-First Platform")
+    sub = parser.add_subparsers(dest="command", help="Commands")
+
+    # Pipeline
+    p = sub.add_parser("run", help="Run full pipeline")
+    p.add_argument("spec", help="Path to spec file")
+    p.add_argument("--out", "-o", default="build", help="Output directory")
+    p.add_argument("--model", default="", help="Override model")
+    p.add_argument("--max-iterations", type=int, default=3)
+    p.add_argument("--force", action="store_true", help="Skip cache")
+
+    # Verify
+    v = sub.add_parser("verify", help="Verify existing build")
+    v.add_argument("dir", help="Build directory")
+    v.add_argument("--spec", "-s", required=True, help="Spec file")
+    v.add_argument("--force", action="store_true")
+
+    # Registry
+    s = sub.add_parser("search", help="Search spec registry")
+    s.add_argument("query", help="Search query")
+
+    pub = sub.add_parser("publish", help="Publish spec to registry")
+    pub.add_argument("spec", help="Path to spec file")
+
+    init = sub.add_parser("init", help="Init from registry spec")
+    init.add_argument("spec_name", help="Spec name (e.g. fastapi-auth)")
+    init.add_argument("--out", "-o", default=".", help="Output directory")
+
+    args = parser.parse_args()
+
+    if args.command == "run":
+        result = run_pipeline(args.spec, args.out, args.model, args.max_iterations, args.force)
+        print(json.dumps(result, indent=2, ensure_ascii=False))
+        sys.exit(0 if result["success"] else 1)
+
+    elif args.command == "verify":
+        spec = load_markdown_spec(Path(args.spec))
+        code_dir = Path(args.dir)
+        if not code_dir.exists():
+            print(f"Error: directory not found: {code_dir}")
+            sys.exit(1)
+        result = cached_verification(code_dir, spec, force=args.force)
+        print(json.dumps(result, indent=2, ensure_ascii=False))
+        sys.exit(0 if result["pass"] else 1)
+
+    elif args.command == "search":
+        results = cmd_search(args.query)
+        if results:
+            for r in results:
+                print(f"  📄 {r['name']}")
+                print(f"     {r['preview']}...")
+        else:
+            print(f"No specs found for '{args.query}'")
+
+    elif args.command == "publish":
+        result = cmd_publish(args.spec)
+        if "error" in result:
+            print(f"❌ {result['error']}")
+        else:
+            print(f"✅ Published '{result['name']}' to {result['path']}")
+
+    elif args.command == "init":
+        result = cmd_init(args.spec_name, args.out)
+        if "error" in result:
+            print(f"❌ {result['error']}")
+        else:
+            print(f"✅ Created {result['path']} from '{args.spec_name}'")
+
+    else:
+        parser.print_help()
+
+
+if __name__ == "__main__":
+    main()