Merge pull request #9 from chittyos/session-20251010-172233

ChittyOS Compliance: Service Deployments & File Organization

Author: chitcommit

.ai-coordination/sessions/cf8ba8440633367875ecb50de694692a.json

@@ -0,0 +1,16 @@
+{
+  "id": "cf8ba8440633367875ecb50de694692a",
+  "name": "project-sync-mg4fzg9n",
+  "pid": 11885,
+  "hostname": "chitty.local",
+  "startTime": 1759108840476,
+  "lastHeartbeat": 1759181387976,
+  "status": "active",
+  "metadata": {
+    "model": "claude",
+    "type": "project-sync"
+  },
+  "tasks": [],
+  "locks": [],
+  "lastUpdate": 1759181387978
+}

.chittyos/project.id

@@ -0,0 +1 @@
+CHITTY-PROJECT-1759558292-536c4cec

.github/workflows/chittyos-compliance.yml

@@ -0,0 +1,178 @@
+name: ChittyOS Compliance CI
+
+on:
+  pull_request:
+    branches: [main, develop]
+    paths:
+      - '**/*session*.js'
+      - '**/*session*.ts'
+      - 'cross-session-sync/**'
+      - 'src/session-persistence/**'
+  push:
+    branches: [main, develop]
+    paths:
+      - '**/*session*.js'
+      - '**/*session*.ts'
+
+jobs:
+  chittyid-compliance:
+    name: ChittyID Session Compliance
+    runs-on: ubuntu-latest
+    timeout-minutes: 10
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+          cache: 'npm'
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Verify ChittyID Client installed
+        run: |
+          if ! npm list @chittyos/chittyid-client > /dev/null 2>&1; then
+            echo "❌ ERROR: @chittyos/chittyid-client not installed"
+            echo "Required for ChittyOS compliance"
+            exit 1
+          fi
+          echo "✅ ChittyID Client package verified"
+
+      - name: Check for rogue session ID patterns
+        run: |
+          echo "🔍 Scanning for UUID/crypto session ID generation patterns..."
+
+          VIOLATIONS=0
+
+          # Pattern 1: crypto.randomBytes in session files
+          if grep -rn "crypto\.randomBytes" src/ cross-session-sync/ | grep -i "session" | grep -v node_modules; then
+            echo "❌ Found crypto.randomBytes() in session code"
+            VIOLATIONS=$((VIOLATIONS + 1))
+          fi
+
+          # Pattern 2: uuid imports in session files
+          if find src/ cross-session-sync/ -name "*session*.js" -o -name "*session*.ts" | xargs grep -l "import.*uuid\|require.*uuid" 2>/dev/null; then
+            echo "❌ Found uuid imports in session files"
+            VIOLATIONS=$((VIOLATIONS + 1))
+          fi
+
+          # Pattern 3: Missing ChittyID client imports
+          SESSION_FILES=$(find src/ cross-session-sync/ -name "*session*.js" -o -name "*session*.ts" 2>/dev/null || true)
+          for file in $SESSION_FILES; do
+            if grep -q "generateSessionId" "$file"; then
+              if ! grep -q "@chittyos/chittyid-client" "$file"; then
+                echo "❌ $file has generateSessionId but no @chittyos/chittyid-client"
+                VIOLATIONS=$((VIOLATIONS + 1))
+              fi
+            fi
+          done
+
+          if [ $VIOLATIONS -gt 0 ]; then
+            echo ""
+            echo "════════════════════════════════════════"
+            echo "  ❌ ChittyID Compliance Check Failed"
+            echo "════════════════════════════════════════"
+            echo "Found $VIOLATIONS policy violations"
+            echo ""
+            echo "Session IDs MUST be minted from id.chitty.cc"
+            echo "Use @chittyos/chittyid-client package"
+            echo ""
+            echo "See: chittycheck-session-rules.sh for details"
+            exit 1
+          fi
+
+          echo "✅ No rogue session ID generation patterns detected"
+
+      - name: Validate CHITTY_ID_TOKEN usage
+        run: |
+          echo "🔍 Checking CHITTY_ID_TOKEN validation in session code..."
+
+          SESSION_FILES=$(find src/ cross-session-sync/ -name "*session*.js" -o -name "*session*.ts" 2>/dev/null || true)
+          MISSING_VALIDATION=0
+
+          for file in $SESSION_FILES; do
+            if grep -q "generateSessionId" "$file"; then
+              if ! grep -A 20 "generateSessionId" "$file" | grep -q "CHITTY_ID_TOKEN"; then
+                echo "⚠️  WARNING: $file should validate CHITTY_ID_TOKEN"
+                MISSING_VALIDATION=$((MISSING_VALIDATION + 1))
+              fi
+            fi
+          done
+
+          if [ $MISSING_VALIDATION -gt 0 ]; then
+            echo "⚠️  $MISSING_VALIDATION files missing CHITTY_ID_TOKEN validation"
+            echo "Recommendation: Add token validation before ChittyID minting"
+          else
+            echo "✅ CHITTY_ID_TOKEN validation present"
+          fi
+
+      - name: Run ChittyCheck Session Rules
+        run: |
+          if [ -f "chittycheck-session-rules.sh" ]; then
+            chmod +x chittycheck-session-rules.sh
+            ./chittycheck-session-rules.sh || true
+          else
+            echo "⚠️  chittycheck-session-rules.sh not found, skipping"
+          fi
+
+      - name: Check session file format in todos
+        run: |
+          # This would typically run on the actual machine, not CI
+          # For CI, we just document the requirement
+          echo "📋 Session File Format Requirements:"
+          echo "   - All session IDs must use CTXT_ prefix (ChittyID format)"
+          echo "   - UUID-based session files must be migrated"
+          echo "   - Run: scripts/migrate-legacy-session-ids.sh on target system"
+
+      - name: Generate Compliance Report
+        if: always()
+        run: |
+          echo "════════════════════════════════════════"
+          echo "  ChittyOS Compliance CI Report"
+          echo "════════════════════════════════════════"
+          echo "Branch: ${{ github.ref_name }}"
+          echo "Commit: ${{ github.sha }}"
+          echo "Workflow: ${{ github.workflow }}"
+          echo ""
+          echo "Validation Status: ${{ job.status }}"
+          echo "════════════════════════════════════════"
+
+  dependency-audit:
+    name: Audit ChittyID Dependencies
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '18'
+
+      - name: Verify @chittyos/chittyid-client version
+        run: |
+          echo "🔍 Checking @chittyos/chittyid-client package..."
+
+          if [ -f "package.json" ]; then
+            VERSION=$(jq -r '.dependencies."@chittyos/chittyid-client" // empty' package.json)
+
+            if [ -z "$VERSION" ]; then
+              echo "❌ @chittyos/chittyid-client not in dependencies"
+              echo "Add with: npm install @chittyos/chittyid-client"
+              exit 1
+            fi
+
+            echo "✅ @chittyos/chittyid-client: $VERSION"
+          fi
+
+      - name: Security audit
+        run: |
+          npm audit --audit-level=high || true
+          echo "✅ Security audit completed"

.github/workflows/ecosystem-cicd.yml

@@ -118,9 +118,19 @@ jobs:
           echo "Running ChittyID compliance validation..."
           ./chittycheck-enhanced.sh --ci-mode
 
-          # Ensure no local ID generation
-          if grep -r "CHITTY-.*-.*-.*" . --exclude-dir=node_modules --exclude="*.json" --exclude="*.md"; then
-            echo "❌ Found hardcoded ChittyIDs - all IDs must come from id.chitty.cc"
+          # Ensure no local ID generation (exclude submodules and build artifacts)
+          if grep -r "CHITTY-.*-.*-.*" . \
+            --exclude-dir=node_modules \
+            --exclude-dir=.git \
+            --exclude-dir=chittychronicle \
+            --exclude-dir=chittychain \
+            --exclude-dir=chittyforce \
+            --exclude-dir=nevershitty-github \
+            --exclude-dir=dist \
+            --exclude-dir=build \
+            --exclude="*.json" \
+            --exclude="*.md"; then
+            echo "❌ Found hardcoded ChittyIDs in source code - all IDs must come from id.chitty.cc"
             exit 1
           fi
 

.gitignore

@@ -9,3 +9,4 @@ build/
 coverage/
 .vscode/
 .idea/
+.chittycheck/

.husky/pre-commit

@@ -0,0 +1,113 @@
+#!/usr/bin/env bash
+# ChittyOS Pre-Commit Hook
+# Prevents commits with rogue session ID generation patterns
+
+set -e
+
+RED='\033[0;31m'
+YELLOW='\033[1;33m'
+GREEN='\033[0;32m'
+NC='\033[0m'
+
+echo "🔍 ChittyOS Pre-Commit Validation..."
+
+# Get list of staged files
+STAGED_FILES=$(git diff --cached --name-only --diff-filter=ACM)
+
+# Check for session-related files
+SESSION_FILES=$(echo "$STAGED_FILES" | grep -E "session.*\.(js|ts)$" || true)
+
+if [[ -z "$SESSION_FILES" ]]; then
+  echo -e "${GREEN}✅ No session files modified${NC}"
+  exit 0
+fi
+
+echo -e "${YELLOW}⚠️  Session files detected, running ChittyID validation...${NC}"
+
+VIOLATIONS=0
+
+# Pattern 1: crypto.randomBytes in session files
+for file in $SESSION_FILES; do
+  if git diff --cached "$file" | grep -E "^\+.*crypto\.randomBytes.*session|^\+.*generateSessionId.*crypto\.randomBytes" > /dev/null; then
+    echo -e "${RED}❌ BLOCKED: crypto.randomBytes() usage in session file: $file${NC}"
+    echo -e "${RED}   Session IDs must come from id.chitty.cc via @chittyos/chittyid-client${NC}"
+    ((VIOLATIONS++))
+  fi
+done
+
+# Pattern 2: uuid/nanoid imports in session files
+for file in $SESSION_FILES; do
+  if git diff --cached "$file" | grep -E "^\+.*import.*['\"]uuid['\"]|^\+.*require.*['\"]uuid['\"]|^\+.*import.*['\"]nanoid['\"]" > /dev/null; then
+    echo -e "${RED}❌ BLOCKED: uuid/nanoid import in session file: $file${NC}"
+    echo -e "${RED}   Use @chittyos/chittyid-client instead${NC}"
+    ((VIOLATIONS++))
+  fi
+done
+
+# Pattern 3: Direct session ID string generation
+for file in $SESSION_FILES; do
+  if git diff --cached "$file" | grep -E "^\+.*['\"]session-.*Date\.now|^\+.*session_.*Date\.now" | grep -v "CTXT_" > /dev/null; then
+    echo -e "${RED}❌ BLOCKED: Direct session ID generation in: $file${NC}"
+    echo -e "${RED}   Session IDs must be minted from id.chitty.cc${NC}"
+    ((VIOLATIONS++))
+  fi
+done
+
+# Pattern 4: Missing ChittyID client import
+for file in $SESSION_FILES; do
+  if git show ":$file" 2>/dev/null | grep -q "generateSessionId"; then
+    if ! git show ":$file" 2>/dev/null | grep -q "@chittyos/chittyid-client"; then
+      echo -e "${YELLOW}⚠️  WARNING: $file has generateSessionId but no @chittyos/chittyid-client import${NC}"
+      # Don't block, just warn
+    fi
+  fi
+done
+
+# Check CHITTY_ID_TOKEN validation in generateSessionId functions
+for file in $SESSION_FILES; do
+  if git diff --cached "$file" | grep -E "^\+.*async generateSessionId|^\+.*generateSessionId.*async" > /dev/null; then
+    # Check if the function validates CHITTY_ID_TOKEN
+    if ! git show ":$file" | grep -A 10 "generateSessionId" | grep -q "CHITTY_ID_TOKEN"; then
+      echo -e "${YELLOW}⚠️  WARNING: generateSessionId in $file should validate CHITTY_ID_TOKEN${NC}"
+    fi
+  fi
+done
+
+if [[ $VIOLATIONS -gt 0 ]]; then
+  echo ""
+  echo -e "${RED}════════════════════════════════════════${NC}"
+  echo -e "${RED}  COMMIT BLOCKED - ChittyID Violations${NC}"
+  echo -e "${RED}════════════════════════════════════════${NC}"
+  echo -e "${RED}Found $VIOLATIONS ChittyID policy violations${NC}"
+  echo ""
+  echo -e "${YELLOW}Required actions:${NC}"
+  echo "1. Replace crypto.randomBytes() with @chittyos/chittyid-client"
+  echo "2. Remove uuid/nanoid dependencies for session IDs"
+  echo "3. Import ChittyIDClient and call mint() method"
+  echo ""
+  echo -e "${YELLOW}Example correct implementation:${NC}"
+  echo ""
+  echo "  import ChittyIDClient from '@chittyos/chittyid-client';"
+  echo ""
+  echo "  async generateSessionId() {"
+  echo "    if (!process.env.CHITTY_ID_TOKEN) {"
+  echo "      throw new Error('CHITTY_ID_TOKEN required');"
+  echo "    }"
+  echo "    const client = new ChittyIDClient({"
+  echo "      apiKey: process.env.CHITTY_ID_TOKEN"
+  echo "    });"
+  echo "    return await client.mint({"
+  echo "      entity: 'CONTEXT',"
+  echo "      name: 'Session',"
+  echo "      metadata: { type: 'session' }"
+  echo "    });"
+  echo "  }"
+  echo ""
+  echo -e "${YELLOW}To bypass this check (NOT RECOMMENDED):${NC}"
+  echo "  git commit --no-verify"
+  echo ""
+  exit 1
+fi
+
+echo -e "${GREEN}✅ ChittyID validation passed${NC}"
+exit 0