#!/usr/bin/env node /** * patch-p1-2-jsonl-baseline-init.js * * P1.2 step2: 给 evolution-log.jsonl + route-feedback.jsonl 创建 HMAC baseline 快照 * * 输出: .hmac-baseline.json (只读快照) * * warn 模式策略: * - baseline 一旦创建后只增(写入新行不改 baseline) * - 周期 verifier 跑时若发现 drift → 仅记录到 evolution-log violation 行 * - 用户切 enforce 后才禁止 drift(需另写 enforce 脚本) */ 'use strict'; const fs = require('fs'); const path = require('path'); const ROOT = path.join(__dirname, '..', '..'); const TARGETS = [ { jsonl: path.join(ROOT, 'evolution-log.jsonl'), label: 'evolution-log' }, { jsonl: path.join(ROOT, 'debug', 'route-feedback.jsonl'), label: 'route-feedback' }, ]; let mod; try { mod = require(path.join(ROOT, 'hooks', 'lib', 'jsonl-hmac.js')); } catch (e) { process.stderr.write('[ERROR] jsonl-hmac.js lib not found. Run patch-p1-2-jsonl-hmac-lib.js first.\n'); process.exit(1); } let okCount = 0, skipCount = 0, errCount = 0; for (const { jsonl, label } of TARGETS) { const baselinePath = jsonl + '.hmac-baseline.json'; if (!fs.existsSync(jsonl)) { process.stdout.write('[SKIP] ' + label + ': source not found (' + jsonl + ')\n'); skipCount++; continue; } if (fs.existsSync(baselinePath)) { process.stdout.write('[SKIP] ' + label + ': baseline already exists\n'); skipCount++; continue; } const result = mod.writeBaseline(jsonl, baselinePath); if (!result.ok) { process.stderr.write('[ERROR] ' + label + ': ' + result.error + '\n'); errCount++; continue; } process.stdout.write('[OK] ' + label + ' baseline created\n'); process.stdout.write(' lines=' + result.baseline.lineCount + ' sig=' + (result.baseline.sig || '').slice(0, 16) + '...\n'); process.stdout.write(' fingerprint=' + result.baseline.hmacKeyFingerprint + '\n'); okCount++; } process.stdout.write('\n[SUMMARY] ok=' + okCount + ' skip=' + skipCount + ' err=' + errCount + '\n'); process.exit(errCount > 0 ? 1 : 0);