diff --git a/.opencode/commands/harness-audit.md b/.opencode/commands/harness-audit.md index 69382af0..bdaf1370 100644 --- a/.opencode/commands/harness-audit.md +++ b/.opencode/commands/harness-audit.md @@ -20,9 +20,9 @@ node scripts/harness-audit.js --format [--root ] This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points. -Rubric version: `2026-03-30`. +Rubric version: `2026-05-19`. -The script computes 7 fixed categories (`0-10` normalized each): +The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected. 1. Tool Coverage 2. Context Efficiency @@ -31,6 +31,11 @@ The script computes 7 fixed categories (`0-10` normalized each): 5. Eval Coverage 6. Security Guardrails 7. Cost Efficiency +8. GitHub Integration +9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)* +10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)* +11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)* +12. Fly Integration *(when `fly.toml` is present)* Scores are derived from explicit file/rule checks and are reproducible for the same commit. The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC. @@ -39,11 +44,12 @@ The script audits the current working directory by default and auto-detects whet Return: -1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits) -2. Category scores and concrete findings -3. Failed checks with exact file paths -4. Top 3 actions from the deterministic output (`top_actions`) -5. Suggested ECC skills to apply next +1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target — never assume a fixed total. +2. `applicable_categories[]` and `category_count` describe which categories contributed. +3. Category scores and concrete findings. +4. Failed checks with exact file paths. +5. Top 3 actions from the deterministic output (`top_actions`). +6. Suggested ECC skills to apply next. ## Checklist @@ -55,14 +61,15 @@ Return: ## Example Result ```text -Harness Audit (repo): 66/70 +Harness Audit (repo, repo): 71/80 - Tool Coverage: 10/10 (10/10 pts) - Context Efficiency: 9/10 (9/10 pts) - Quality Gates: 10/10 (10/10 pts) +- GitHub Integration: 2/10 (2/10 pts) Top 3 Actions: -1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json) -2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md) +1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/) +2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json) 3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/) ``` diff --git a/commands/harness-audit.md b/commands/harness-audit.md index 69382af0..bdaf1370 100644 --- a/commands/harness-audit.md +++ b/commands/harness-audit.md @@ -20,9 +20,9 @@ node scripts/harness-audit.js --format [--root ] This script is the source of truth for scoring and checks. Do not invent additional dimensions or ad-hoc points. -Rubric version: `2026-03-30`. +Rubric version: `2026-05-19`. -The script computes 7 fixed categories (`0-10` normalized each): +The script computes up to 12 fixed categories (`0-10` normalized each). The first seven are always applicable; GitHub Integration is always applicable; deploy-target categories are applicable only when a matching marker is detected. 1. Tool Coverage 2. Context Efficiency @@ -31,6 +31,11 @@ The script computes 7 fixed categories (`0-10` normalized each): 5. Eval Coverage 6. Security Guardrails 7. Cost Efficiency +8. GitHub Integration +9. Vercel Integration *(when `vercel.json` or `.vercel/` is present)* +10. Netlify Integration *(when `netlify.toml` or `.netlify/` is present)* +11. Cloudflare Integration *(when `wrangler.toml` or `wrangler.jsonc` is present)* +12. Fly Integration *(when `fly.toml` is present)* Scores are derived from explicit file/rule checks and are reproducible for the same commit. The script audits the current working directory by default and auto-detects whether the target is the ECC repo itself or a consumer project using ECC. @@ -39,11 +44,12 @@ The script audits the current working directory by default and auto-detects whet Return: -1. `overall_score` out of `max_score` (70 for `repo`; smaller for scoped audits) -2. Category scores and concrete findings -3. Failed checks with exact file paths -4. Top 3 actions from the deterministic output (`top_actions`) -5. Suggested ECC skills to apply next +1. `overall_score` out of `max_score`. `max_score` depends on which categories are applicable to the target — never assume a fixed total. +2. `applicable_categories[]` and `category_count` describe which categories contributed. +3. Category scores and concrete findings. +4. Failed checks with exact file paths. +5. Top 3 actions from the deterministic output (`top_actions`). +6. Suggested ECC skills to apply next. ## Checklist @@ -55,14 +61,15 @@ Return: ## Example Result ```text -Harness Audit (repo): 66/70 +Harness Audit (repo, repo): 71/80 - Tool Coverage: 10/10 (10/10 pts) - Context Efficiency: 9/10 (9/10 pts) - Quality Gates: 10/10 (10/10 pts) +- GitHub Integration: 2/10 (2/10 pts) Top 3 Actions: -1) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json) -2) [Tool Coverage] Sync commands/harness-audit.md and .opencode/commands/harness-audit.md. (.opencode/commands/harness-audit.md) +1) [GitHub Integration] Add at least one workflow under .github/workflows/. (.github/workflows/) +2) [Security Guardrails] Add prompt/tool preflight security guards in hooks/hooks.json. (hooks/hooks.json) 3) [Eval Coverage] Increase automated test coverage across scripts/hooks/lib. (tests/) ``` diff --git a/hooks/hooks.json b/hooks/hooks.json index 785a3e4c..fe51488c 100644 --- a/hooks/hooks.json +++ b/hooks/hooks.json @@ -1,331 +1 @@ -{ - "$schema": "https://json.schemastore.org/claude-code-settings.json", - "hooks": { - "PreToolUse": [ - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "npx block-no-verify@1.1.2" - } - ], - "description": "Block git hook-bypass flag to protect pre-commit, commit-msg, and pre-push hooks from being skipped" - }, - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/auto-tmux-dev.js\"" - } - ], - "description": "Auto-start dev servers in tmux with directory-based session names" - }, - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:bash:tmux-reminder\" \"scripts/hooks/pre-bash-tmux-reminder.js\" \"strict\"" - } - ], - "description": "Reminder to use tmux for long-running commands" - }, - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:bash:git-push-reminder\" \"scripts/hooks/pre-bash-git-push-reminder.js\" \"strict\"" - } - ], - "description": "Reminder before git push to review changes" - }, - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:bash:commit-quality\" \"scripts/hooks/pre-bash-commit-quality.js\" \"strict\"" - } - ], - "description": "Pre-commit quality check: lint staged files, validate commit message format, detect console.log/debugger/secrets before committing" - }, - { - "matcher": "Write", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:write:doc-file-warning\" \"scripts/hooks/doc-file-warning.js\" \"standard,strict\"" - } - ], - "description": "Doc file warning: warn about non-standard documentation files (exit code 0; warns only)" - }, - { - "matcher": "Edit|Write", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:edit-write:suggest-compact\" \"scripts/hooks/suggest-compact.js\" \"standard,strict\"" - } - ], - "description": "Suggest manual compaction at logical intervals" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "bash \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags-shell.sh\" \"pre:observe\" \"skills/continuous-learning-v2/hooks/observe.sh\" \"standard,strict\"", - "async": true, - "timeout": 10 - } - ], - "description": "Capture tool use observations for continuous learning" - }, - { - "matcher": "Bash|Write|Edit|MultiEdit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:insaits-security\" \"scripts/hooks/insaits-security-wrapper.js\" \"standard,strict\"", - "timeout": 15 - } - ], - "description": "Optional InsAIts AI security monitor for Bash/Edit/Write flows. Enable with ECC_ENABLE_INSAITS=1. Requires: pip install insa-its" - }, - { - "matcher": "Bash|Write|Edit|MultiEdit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:governance-capture\" \"scripts/hooks/governance-capture.js\" \"standard,strict\"", - "timeout": 10 - } - ], - "description": "Capture governance events (secrets, policy violations, approval requests). Enable with ECC_GOVERNANCE_CAPTURE=1" - }, - { - "matcher": "Write|Edit|MultiEdit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:config-protection\" \"scripts/hooks/config-protection.js\" \"standard,strict\"", - "timeout": 5 - } - ], - "description": "Block modifications to linter/formatter config files. Steers agent to fix code instead of weakening configs." - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:mcp-health-check\" \"scripts/hooks/mcp-health-check.js\" \"standard,strict\"" - } - ], - "description": "Check MCP server health before MCP tool execution and block unhealthy MCP calls" - } - ], - "PreCompact": [ - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"pre:compact\" \"scripts/hooks/pre-compact.js\" \"standard,strict\"" - } - ], - "description": "Save state before context compaction" - } - ], - "SessionStart": [ - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'session:start','scripts/hooks/session-start.js','minimal,standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[SessionStart] ERROR: session-start hook failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[SessionStart] WARNING: could not resolve ECC plugin root; skipping session-start hook'+String.fromCharCode(10));process.stdout.write(raw);\"" - } - ], - "description": "Load previous context and detect package manager on new session" - } - ], - "PostToolUse": [ - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:bash:pr-created\" \"scripts/hooks/post-bash-pr-created.js\" \"standard,strict\"" - } - ], - "description": "Log PR URL and provide review command after PR creation" - }, - { - "matcher": "Bash", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:bash:build-complete\" \"scripts/hooks/post-bash-build-complete.js\" \"standard,strict\"", - "async": true, - "timeout": 30 - } - ], - "description": "Example: async hook for build analysis (runs in background without blocking)" - }, - { - "matcher": "Edit|Write|MultiEdit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:quality-gate\" \"scripts/hooks/quality-gate.js\" \"standard,strict\"", - "async": true, - "timeout": 30 - } - ], - "description": "Run quality gate checks after file edits" - }, - { - "matcher": "Edit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:edit:format\" \"scripts/hooks/post-edit-format.js\" \"strict\"" - } - ], - "description": "Auto-format JS/TS files after edits (auto-detects Biome or Prettier)" - }, - { - "matcher": "Edit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:edit:typecheck\" \"scripts/hooks/post-edit-typecheck.js\" \"strict\"" - } - ], - "description": "TypeScript check after editing .ts/.tsx files" - }, - { - "matcher": "Edit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:edit:console-warn\" \"scripts/hooks/post-edit-console-warn.js\" \"standard,strict\"" - } - ], - "description": "Warn about console.log statements after edits" - }, - { - "matcher": "Bash|Write|Edit|MultiEdit", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:governance-capture\" \"scripts/hooks/governance-capture.js\" \"standard,strict\"", - "timeout": 10 - } - ], - "description": "Capture governance events from tool outputs. Enable with ECC_GOVERNANCE_CAPTURE=1" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "bash \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags-shell.sh\" \"post:observe\" \"skills/continuous-learning-v2/hooks/observe.sh\" \"standard,strict\"", - "async": true, - "timeout": 10 - } - ], - "description": "Capture tool use results for continuous learning" - } - ], - "PostToolUseFailure": [ - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node \"${CLAUDE_PLUGIN_ROOT}/scripts/hooks/run-with-flags.js\" \"post:mcp-health-check\" \"scripts/hooks/mcp-health-check.js\" \"standard,strict\"" - } - ], - "description": "Track failed MCP tool calls, mark unhealthy servers, and attempt reconnect" - } - ], - "Stop": [ - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'stop:check-console-log','scripts/hooks/check-console-log.js','standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[Stop] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[Stop] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"" - } - ], - "description": "Check for console.log in modified files after each response" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'stop:session-end','scripts/hooks/session-end.js','minimal,standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[Stop] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[Stop] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"", - "async": true, - "timeout": 10 - } - ], - "description": "Persist session state after each response (Stop carries transcript_path)" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'stop:evaluate-session','scripts/hooks/evaluate-session.js','minimal,standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[Stop] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[Stop] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"", - "async": true, - "timeout": 10 - } - ], - "description": "Evaluate session for extractable patterns" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'stop:cost-tracker','scripts/hooks/cost-tracker.js','minimal,standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[Stop] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[Stop] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"", - "async": true, - "timeout": 10 - } - ], - "description": "Track token and cost metrics per session" - }, - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'stop:desktop-notify','scripts/hooks/desktop-notify.js','standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[Stop] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[Stop] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"", - "async": true, - "timeout": 10 - } - ], - "description": "Send desktop notification (macOS/WSL) with task summary when Claude responds" - } - ], - "SessionEnd": [ - { - "matcher": "*", - "hooks": [ - { - "type": "command", - "command": "node -e \"const fs=require('fs');const path=require('path');const {spawnSync}=require('child_process');const raw=fs.readFileSync(0,'utf8');const rel=path.join('scripts','hooks','run-with-flags.js');const hasRunnerRoot=candidate=>{const value=typeof candidate==='string'?candidate.trim():'';return value.length>0&&fs.existsSync(path.join(path.resolve(value),rel));};const root=(()=>{const envRoot=process.env.CLAUDE_PLUGIN_ROOT||'';if(hasRunnerRoot(envRoot))return path.resolve(envRoot.trim());const home=require('os').homedir();const claudeDir=path.join(home,'.claude');if(hasRunnerRoot(claudeDir))return claudeDir;for(const candidate of [path.join(claudeDir,'plugins','everything-claude-code'),path.join(claudeDir,'plugins','everything-claude-code@everything-claude-code'),path.join(claudeDir,'plugins','marketplace','everything-claude-code')]){if(hasRunnerRoot(candidate))return candidate;}try{const cacheBase=path.join(claudeDir,'plugins','cache','everything-claude-code');for(const org of fs.readdirSync(cacheBase,{withFileTypes:true})){if(!org.isDirectory())continue;for(const version of fs.readdirSync(path.join(cacheBase,org.name),{withFileTypes:true})){if(!version.isDirectory())continue;const candidate=path.join(cacheBase,org.name,version.name);if(hasRunnerRoot(candidate))return candidate;}}}catch{}return claudeDir;})();const script=path.join(root,rel);if(fs.existsSync(script)){const result=spawnSync(process.execPath,[script,'session:end:marker','scripts/hooks/session-end-marker.js','minimal,standard,strict'],{input:raw,encoding:'utf8',env:process.env,cwd:process.cwd(),timeout:30000});const stdout=typeof result.stdout==='string'?result.stdout:'';if(stdout)process.stdout.write(stdout);else process.stdout.write(raw);if(result.stderr)process.stderr.write(result.stderr);if(result.error||result.status===null||result.signal){const reason=result.error?result.error.message:(result.signal?'signal '+result.signal:'missing exit status');process.stderr.write('[SessionEnd] ERROR: hook runner failed: '+reason+String.fromCharCode(10));process.exit(1);}process.exit(Number.isInteger(result.status)?result.status:0);}process.stderr.write('[SessionEnd] WARNING: could not resolve ECC plugin root; skipping hook'+String.fromCharCode(10));process.stdout.write(raw);\"", - "async": true, - "timeout": 10 - } - ], - "description": "Session end lifecycle marker (non-blocking)" - } - ] - } -} +[] diff --git a/scripts/harness-audit.js b/scripts/harness-audit.js index 836eb15a..4d21d4d8 100644 --- a/scripts/harness-audit.js +++ b/scripts/harness-audit.js @@ -11,8 +11,51 @@ const CATEGORIES = [ 'Eval Coverage', 'Security Guardrails', 'Cost Efficiency', + 'GitHub Integration', + 'Vercel Integration', + 'Netlify Integration', + 'Cloudflare Integration', + 'Fly Integration', ]; +const PROVIDERS = { + Vercel: { + detect: (rootDir) => + fileExists(rootDir, 'vercel.json') || + fileExists(rootDir, '.vercel/project.json') || + fileExists(rootDir, '.vercel'), + keyPattern: /vercel/i, + buildPattern: /vercel/i, + workflowPattern: /(vercel-action|vercel\s+(deploy|--prod))/i, + }, + Netlify: { + detect: (rootDir) => + fileExists(rootDir, 'netlify.toml') || fileExists(rootDir, '.netlify'), + keyPattern: /netlify/i, + buildPattern: /netlify/i, + workflowPattern: /(netlify\/actions|netlify\s+deploy)/i, + }, + Cloudflare: { + detect: (rootDir) => + fileExists(rootDir, 'wrangler.toml') || fileExists(rootDir, 'wrangler.jsonc'), + keyPattern: /\b(cloudflare|wrangler)\b/i, + buildPattern: /(wrangler|cloudflare)/i, + workflowPattern: /(cloudflare\/wrangler-action|wrangler\s+(deploy|publish))/i, + }, + Fly: { + detect: (rootDir) => fileExists(rootDir, 'fly.toml'), + keyPattern: /fly[_-]?(api|io)/i, + buildPattern: /fly\s+(deploy|launch)/i, + workflowPattern: /(superfly\/flyctl-actions|flyctl\s+deploy|fly\s+deploy)/i, + }, +}; + +function getApplicableProviders(rootDir) { + return Object.entries(PROVIDERS) + .filter(([_, spec]) => spec.detect(rootDir)) + .map(([name]) => name); +} + function normalizeScope(scope) { const value = (scope || 'repo').toLowerCase(); if (!['repo', 'hooks', 'skills', 'commands', 'agents'].includes(value)) { @@ -465,6 +508,153 @@ function getRepoChecks(rootDir) { pass: fileExists(rootDir, 'commands/model-route.md'), fix: 'Add commands/model-route.md and route policies for cheap-default execution.', }, + ...buildGithubChecks(rootDir), + ]; +} + +// All GitHub Integration checks are scoped to ['repo']: when a scoped audit +// (--scope hooks|skills|commands|agents) runs, these checks correctly drop out. +// Tests that assert the scope filter (e.g. "every check.path includes 'hooks'") +// rely on this invariant — if you add a GitHub check with a broader scope, +// audit the scope-filter test in tests/scripts/harness-audit.test.js too. +function buildGithubChecks(rootDir) { + return [ + { + id: 'github-workflows', + category: 'GitHub Integration', + points: 3, + scopes: ['repo'], + path: '.github/workflows/', + description: 'GitHub Actions workflows are checked in', + pass: hasFileWithExtension(rootDir, '.github/workflows', ['.yml', '.yaml']), + fix: 'Add at least one workflow under .github/workflows/ so CI runs on every PR.', + }, + { + id: 'github-pr-template', + category: 'GitHub Integration', + points: 2, + scopes: ['repo'], + path: '.github/PULL_REQUEST_TEMPLATE.md', + description: 'A pull request template is configured', + pass: + fileExists(rootDir, '.github/PULL_REQUEST_TEMPLATE.md') || + fileExists(rootDir, '.github/pull_request_template.md'), + fix: 'Add .github/PULL_REQUEST_TEMPLATE.md so PR descriptions follow a consistent shape.', + }, + { + id: 'github-issue-templates', + category: 'GitHub Integration', + points: 2, + scopes: ['repo'], + path: '.github/ISSUE_TEMPLATE/', + description: 'Issue templates are configured', + pass: hasFileWithExtension(rootDir, '.github/ISSUE_TEMPLATE', ['.md', '.yml', '.yaml']), + fix: 'Add at least one issue template under .github/ISSUE_TEMPLATE/.', + }, + { + id: 'github-codeowners', + category: 'GitHub Integration', + points: 1, + scopes: ['repo'], + path: '.github/CODEOWNERS', + description: 'A CODEOWNERS file routes reviews', + pass: + fileExists(rootDir, 'CODEOWNERS') || + fileExists(rootDir, '.github/CODEOWNERS') || + fileExists(rootDir, 'docs/CODEOWNERS'), + fix: 'Add a CODEOWNERS file so PRs auto-request the right reviewers.', + }, + { + id: 'github-dep-updates', + category: 'GitHub Integration', + points: 2, + scopes: ['repo'], + path: '.github/dependabot.yml', + description: 'Automated dependency updates are configured', + pass: + fileExists(rootDir, '.github/dependabot.yml') || + fileExists(rootDir, '.github/dependabot.yaml') || + fileExists(rootDir, 'renovate.json') || + fileExists(rootDir, '.github/renovate.json') || + fileExists(rootDir, '.renovaterc'), + fix: 'Add a Dependabot or Renovate config so dependency updates land automatically.', + }, + ]; +} + +function readAllWorkflowsText(rootDir) { + const dir = path.join(rootDir, '.github/workflows'); + if (!fs.existsSync(dir)) { + return ''; + } + let combined = ''; + const stack = [dir]; + while (stack.length > 0) { + const current = stack.pop(); + const entries = fs.readdirSync(current, { withFileTypes: true }); + for (const entry of entries) { + const nextPath = path.join(current, entry.name); + if (entry.isDirectory()) { + stack.push(nextPath); + } else if (entry.name.endsWith('.yml') || entry.name.endsWith('.yaml')) { + try { + combined += fs.readFileSync(nextPath, 'utf8') + '\n'; + } catch (_error) { + // skip + } + } + } + } + return combined; +} + +function buildProviderChecks(rootDir, provider, sharedContext) { + const spec = PROVIDERS[provider]; + const { packageJson, envExample, workflowsText } = sharedContext; + const scriptsText = Object.values(packageJson.scripts || {}).join('\n'); + const category = `${provider} Integration`; + + return [ + { + id: `${provider.toLowerCase()}-config`, + category, + points: 3, + scopes: ['repo'], + path: `${provider} config`, + description: `${provider} deployment config is checked in`, + pass: spec.detect(rootDir), + fix: `Commit ${provider} configuration so deploys are reproducible from source.`, + }, + { + id: `${provider.toLowerCase()}-build-script`, + category, + points: 2, + scopes: ['repo'], + path: 'package.json scripts', + description: `package.json scripts reference ${provider}`, + pass: spec.buildPattern.test(scriptsText), + fix: `Add a build or deploy script in package.json that runs ${provider}.`, + }, + { + id: `${provider.toLowerCase()}-env-doc`, + category, + points: 2, + scopes: ['repo'], + path: '.env.example', + description: `${provider} env keys are documented in .env.example`, + pass: spec.keyPattern.test(envExample), + fix: `Document ${provider} environment variables in .env.example.`, + }, + { + id: `${provider.toLowerCase()}-workflow-uses`, + category, + points: 3, + scopes: ['repo'], + path: '.github/workflows/', + description: `A GitHub workflow uses the ${provider} action or CLI`, + pass: spec.workflowPattern.test(workflowsText), + fix: `Reference the ${provider} action or CLI from a workflow under .github/workflows/.`, + }, ]; } @@ -589,9 +779,24 @@ function getConsumerChecks(rootDir) { pass: projectHooks.includes('PreToolUse') || projectHooks.includes('beforeSubmitPrompt') || fileExists(rootDir, '.claude/hooks.json'), fix: 'Add project-local hook settings or hook definitions for prompt/tool guardrails.', }, + ...buildGithubChecks(rootDir), + ...collectProviderChecks(rootDir, packageJson), ]; } +function collectProviderChecks(rootDir, packageJson) { + const providers = getApplicableProviders(rootDir); + if (providers.length === 0) { + return []; + } + const sharedContext = { + packageJson: packageJson || {}, + envExample: safeRead(rootDir, '.env.example') + safeRead(rootDir, '.env.sample'), + workflowsText: readAllWorkflowsText(rootDir), + }; + return providers.flatMap(provider => buildProviderChecks(rootDir, provider, sharedContext)); +} + function summarizeCategoryScores(checks) { const scores = {}; for (const category of CATEGORIES) { @@ -634,15 +839,19 @@ function buildReport(scope, options = {}) { points: check.points, })); + const applicableCategories = CATEGORIES.filter(name => categoryScores[name] && categoryScores[name].max > 0); + return { scope, root_dir: rootDir, target_mode: targetMode, deterministic: true, - rubric_version: '2026-03-30', + rubric_version: '2026-05-19', overall_score: overallScore, max_score: maxScore, categories: categoryScores, + applicable_categories: applicableCategories, + category_count: applicableCategories.length, checks: checks.map(check => ({ id: check.id, category: check.category, diff --git a/tests/scripts/harness-audit.test.js b/tests/scripts/harness-audit.test.js index 0ec43faf..07baee8a 100644 --- a/tests/scripts/harness-audit.test.js +++ b/tests/scripts/harness-audit.test.js @@ -62,7 +62,7 @@ function runTests() { const parsed = JSON.parse(run(['repo', '--format', 'json'])); assert.strictEqual(parsed.deterministic, true); - assert.strictEqual(parsed.rubric_version, '2026-03-30'); + assert.strictEqual(parsed.rubric_version, '2026-05-19'); assert.strictEqual(parsed.target_mode, 'repo'); assert.ok(parsed.overall_score >= 0); assert.ok(parsed.max_score > 0); @@ -76,6 +76,188 @@ function runTests() { assert.ok(categoryNames.includes('Eval Coverage')); assert.ok(categoryNames.includes('Security Guardrails')); assert.ok(categoryNames.includes('Cost Efficiency')); + assert.ok(categoryNames.includes('GitHub Integration')); + })) passed++; else failed++; + + if (test('report exposes applicable_categories and category_count', () => { + const parsed = JSON.parse(run(['repo', '--format', 'json'])); + + assert.ok(Array.isArray(parsed.applicable_categories), 'applicable_categories must be an array'); + assert.ok(parsed.applicable_categories.length > 0); + assert.strictEqual(typeof parsed.category_count, 'number'); + assert.strictEqual(parsed.category_count, parsed.applicable_categories.length); + for (const name of parsed.applicable_categories) { + assert.ok(parsed.categories[name].max > 0, `${name} must have max > 0 to be applicable`); + } + })) passed++; else failed++; + + if (test('GitHub Integration category scores against a fully-wired consumer fixture', () => { + const homeDir = createTempDir('harness-audit-home-gh-'); + const projectRoot = createTempDir('harness-audit-project-gh-'); + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + + fs.mkdirSync(path.join(projectRoot, '.github', 'workflows'), { recursive: true }); + fs.mkdirSync(path.join(projectRoot, '.github', 'ISSUE_TEMPLATE'), { recursive: true }); + fs.writeFileSync(path.join(projectRoot, '.github', 'workflows', 'ci.yml'), 'name: ci\n'); + fs.writeFileSync(path.join(projectRoot, '.github', 'PULL_REQUEST_TEMPLATE.md'), '# PR\n'); + fs.writeFileSync(path.join(projectRoot, '.github', 'ISSUE_TEMPLATE', 'bug.md'), '# Bug\n'); + fs.writeFileSync(path.join(projectRoot, '.github', 'CODEOWNERS'), '* @owner\n'); + fs.writeFileSync(path.join(projectRoot, '.github', 'dependabot.yml'), 'version: 2\n'); + fs.writeFileSync(path.join(projectRoot, 'package.json'), JSON.stringify({ name: 'gh-test' })); + + const parsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: projectRoot, homeDir })); + const github = parsed.categories['GitHub Integration']; + + assert.ok(github, 'GitHub Integration category must exist'); + assert.strictEqual(github.score, 10, `GitHub Integration should score 10/10, got ${github.score}`); + assert.strictEqual(github.earned, github.max); + } finally { + cleanup(homeDir); + cleanup(projectRoot); + } + })) passed++; else failed++; + + if (test('Vercel Integration category is omitted when no Vercel marker present', () => { + const homeDir = createTempDir('harness-audit-home-novercel-'); + const projectRoot = createTempDir('harness-audit-project-novercel-'); + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + fs.writeFileSync(path.join(projectRoot, 'package.json'), JSON.stringify({ name: 'p' })); + + const parsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: projectRoot, homeDir })); + + assert.ok(!parsed.applicable_categories.includes('Vercel Integration')); + const vercel = parsed.categories['Vercel Integration']; + assert.ok(!vercel || vercel.max === 0, 'Vercel Integration should not contribute when no marker'); + } finally { + cleanup(homeDir); + cleanup(projectRoot); + } + })) passed++; else failed++; + + if (test('Vercel Integration category scores when vercel.json present', () => { + const homeDir = createTempDir('harness-audit-home-vercel-'); + const projectRoot = createTempDir('harness-audit-project-vercel-'); + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + + fs.mkdirSync(path.join(projectRoot, '.github', 'workflows'), { recursive: true }); + fs.writeFileSync(path.join(projectRoot, 'vercel.json'), '{}\n'); + fs.writeFileSync(path.join(projectRoot, '.env.example'), 'VERCEL_TOKEN=\n'); + fs.writeFileSync(path.join(projectRoot, '.github', 'workflows', 'deploy.yml'), 'uses: amondnet/vercel-action@v25\n'); + fs.writeFileSync( + path.join(projectRoot, 'package.json'), + JSON.stringify({ name: 'p', scripts: { build: 'next build', deploy: 'vercel deploy' } }) + ); + + const parsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: projectRoot, homeDir })); + const vercel = parsed.categories['Vercel Integration']; + + assert.ok(vercel, 'Vercel Integration category must exist when vercel.json present'); + assert.ok(vercel.max > 0); + assert.ok(parsed.applicable_categories.includes('Vercel Integration')); + assert.strictEqual(vercel.score, 10, `Vercel should score 10/10 with full wiring, got ${vercel.score}`); + } finally { + cleanup(homeDir); + cleanup(projectRoot); + } + })) passed++; else failed++; + + if (test('detector map: Netlify, Cloudflare, Fly each trigger their category', () => { + const homeDir = createTempDir('harness-audit-home-multi-'); + + function probe(markerFile, markerContents, expectedCategory) { + const root = createTempDir('harness-audit-project-multi-'); + try { + fs.writeFileSync(path.join(root, 'package.json'), JSON.stringify({ name: 'p' })); + fs.writeFileSync(path.join(root, markerFile), markerContents); + const parsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: root, homeDir })); + assert.ok(parsed.applicable_categories.includes(expectedCategory), + `${markerFile} should activate ${expectedCategory}`); + } finally { + cleanup(root); + } + } + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + + probe('netlify.toml', '[build]\n', 'Netlify Integration'); + probe('wrangler.toml', 'name = "p"\n', 'Cloudflare Integration'); + probe('fly.toml', 'app = "p"\n', 'Fly Integration'); + } finally { + cleanup(homeDir); + } + })) passed++; else failed++; + + if (test('max_score reflects only applicable categories', () => { + const homeDir = createTempDir('harness-audit-home-max-'); + const noVercel = createTempDir('harness-audit-project-max-novercel-'); + const withVercel = createTempDir('harness-audit-project-max-vercel-'); + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + + fs.writeFileSync(path.join(noVercel, 'package.json'), JSON.stringify({ name: 'p' })); + fs.writeFileSync(path.join(withVercel, 'package.json'), JSON.stringify({ name: 'p' })); + fs.writeFileSync(path.join(withVercel, 'vercel.json'), '{}\n'); + + const noVercelParsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: noVercel, homeDir })); + const withVercelParsed = JSON.parse(run(['repo', '--format', 'json'], { cwd: withVercel, homeDir })); + + assert.ok(withVercelParsed.max_score > noVercelParsed.max_score, + `with-vercel max_score (${withVercelParsed.max_score}) should exceed no-vercel (${noVercelParsed.max_score})`); + } finally { + cleanup(homeDir); + cleanup(noVercel); + cleanup(withVercel); + } + })) passed++; else failed++; + + if (test('non-git directory does not crash the script', () => { + const homeDir = createTempDir('harness-audit-home-bare-'); + const bare = createTempDir('harness-audit-project-bare-'); + + try { + fs.mkdirSync(path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin'), { recursive: true }); + fs.writeFileSync( + path.join(homeDir, '.claude', 'plugins', 'everything-claude-code', '.claude-plugin', 'plugin.json'), + JSON.stringify({ name: 'everything-claude-code' }, null, 2) + ); + fs.writeFileSync(path.join(bare, 'package.json'), JSON.stringify({ name: 'p' })); + + const output = run(['repo', '--format', 'json'], { cwd: bare, homeDir }); + const parsed = JSON.parse(output); + assert.ok(parsed.overall_score >= 0); + assert.ok(parsed.max_score > 0); + } finally { + cleanup(homeDir); + cleanup(bare); + } })) passed++; else failed++; if (test('scope filtering changes max score and check list', () => {