Commit Graph

55 Commits

  • feat(opencode): complete OpenCode agent setup - add 10 missing agent prompts (#726)
    * feat(opencode): complete OpenCode agent setup - add 11 missing agent prompts
    
    Summary:
    - Add 11 missing OpenCode agent prompt files for: chief-of-staff, cpp-reviewer, cpp-build-resolver, docs-lookup, harness-optimizer, java-reviewer, java-build-resolver, kotlin-reviewer, kotlin-build-resolver, loop-operator, python-reviewer
    - Update opencode.json to register all 25 agents (previously only 14 were configured)
    
    Type:
    - [x] Agent
    
    Testing:
    - Verified JSON syntax is valid
    - All 25 agents now have corresponding prompt files in .opencode/prompts/agents/
    - opencode.json updated with all agent configurations
    
    * fix: address PR review comments - add SOUL.md, update AGENTS.md, fix tool configs, and refine agent prompts
    
    * fix: remove chief-of-staff agent and SOUL.md per affaan-m review
    
    - Remove chief-of-staff agent from opencode.json (outside ECC scope)
    - Remove chief-of-staff.txt prompt file
    - Remove SOUL.md file
    - Remove chief-of-staff from AGENTS.md table and orchestration section
    - Update agent count from 28 to 27
    
    ---------
    
    Co-authored-by: Nayan Jaiswal <jaiswal2062@gmail.com>
  • fix: CI fixes, security audit, remotion skill, lead-intelligence, npm audit (#1039)
    * fix(ci): resolve cross-platform test failures
    
    - Sanity check script (check-codex-global-state.sh) now falls back to
      grep -E when ripgrep is not available, fixing the codex-hooks sync
      test on all CI platforms. Patterns converted to POSIX ERE for
      portability.
    - Unicode safety test accepts both / and \ path separators so the
      executable-file assertion passes on Windows.
    - Gacha test sets PYTHONUTF8=1 so Python uses UTF-8 stdout encoding on
      Windows instead of cp1252, preventing UnicodeEncodeError on box-drawing
      characters.
    - Quoted-hook-path test skipped on Windows where NTFS disallows
      double-quote characters in filenames.
    
    * feat: port remotion-video-creation skill (29 rules), restore missing files
    
    New skill:
    - remotion-video-creation: 29 domain-specific Remotion rules covering 3D/Three.js,
      animations, audio, captions, charts, compositions, fonts, GIFs, Lottie,
      measuring, sequencing, tailwind, text animations, timing, transitions,
      trimming, and video embedding. Ported from personal skills.
    
    Restored:
    - autonomous-agent-harness/SKILL.md (was in commit but missing from worktree)
    - lead-intelligence/ (full directory restored from branch commit)
    
    Updated:
    - manifests/install-modules.json: added remotion-video-creation to media-generation
    - README.md + AGENTS.md: synced counts to 139 skills
    
    Catalog validates: 30 agents, 60 commands, 139 skills.
    
    * fix(security): pin MCP server versions, add dependabot, pin github-script SHA
    
    Critical:
    - Pin all npx -y MCP server packages to specific versions in .mcp.json
      to prevent supply chain attacks via version hijacking:
      - @modelcontextprotocol/server-github@2025.4.8
      - @modelcontextprotocol/server-memory@2026.1.26
      - @modelcontextprotocol/server-sequential-thinking@2025.12.18
      - @playwright/mcp@0.0.69 (was 0.0.68)
    
    Medium:
    - Add .github/dependabot.yml for weekly npm + github-actions updates
      with grouped minor/patch PRs
    - Pin actions/github-script to SHA (was @v7 tag, now pinned to commit)
    
    * feat: add social-graph-ranker skill — weighted network proximity scoring
    
    New skill: social-graph-ranker
    - Weighted social graph traversal with exponential decay across hops
    - Bridge Score: B(m) = Σ w(t) · λ^(d(m,t)-1) ranks mutuals by target proximity
    - Extended Score incorporates 2nd-order network (mutual-of-mutual connections)
    - Final ranking includes engagement bonus for responsive connections
    - Runs in parallel with lead-intelligence skill for combined warm+cold outreach
    - Supports X API + LinkedIn CSV for graph harvesting
    - Outputs tiered action list: warm intros, direct outreach, network gap analysis
    
    Added to business-content install module. Catalog validates: 30/60/140.
    
    * fix(security): npm audit fix — resolve all dependency vulnerabilities
    
    Applied npm audit fix --force to resolve:
    - minimatch ReDoS (3 vulnerabilities, HIGH)
    - smol-toml DoS (MODERATE)
    - brace-expansion memory exhaustion (MODERATE)
    - markdownlint-cli upgraded from 0.47.0 to 0.48.0
    
    npm audit now reports 0 vulnerabilities.
    
    * fix: resolve markdown lint and yarn lockfile sync
    
    - MD047: ensure single trailing newline on all remotion rule files
    - MD012: remove consecutive blank lines in lottie, measuring-dom-nodes, trimming
    - MD034: wrap bare URLs in angle brackets (tailwind, transcribe-captions)
    - yarn.lock: regenerated to sync with npm audit changes in package.json
    
    * fix: replace unicode arrows in lead-intelligence (CI unicode safety check)
  • feat(skills): add skill-comply — automated behavioral compliance measurement (#724)
    * feat(skills): add skill-comply — automated behavioral compliance measurement
    
    Automated compliance measurement for skills, rules, and agent definitions.
    Generates behavioral specs, runs scenarios at 3 strictness levels,
    classifies tool calls via LLM, and produces self-contained reports.
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    * fix(skill-comply): address bot review feedback
    
    - AGENTS.md: fix stale skill count (115 → 117) in project structure
    - run.py: replace remaining print() with logger, add zero-division guard,
      create parent dirs for --output path
    - runner.py: add returncode check for claude subprocess, clarify
      relative_to path traversal validation
    - parser.py: use is_file() instead of exists(), catch KeyError for
      missing trace fields, add file check in parse_spec
    - classifier.py: log warnings on malformed classification output,
      guard against non-dict JSON responses
    - grader.py: filter negative indices from LLM classification
    
    Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
  • feat: pending instinct TTL pruning and /prune command (#725)
    * feat: add pending instinct TTL pruning and /prune command
    
    Pending instincts generated by the observer accumulate indefinitely
    with no cleanup mechanism. This adds lifecycle management:
    
    - `instinct-cli.py prune` — delete pending instincts older than 30 days
      (configurable via --max-age). Supports --dry-run and --quiet flags.
    - Enhanced `status` command — shows pending count, warns at 5+,
      highlights instincts expiring within 7 days.
    - `observer-loop.sh` — runs prune before each analysis cycle.
    - `/prune` slash command — user-facing command for manual pruning.
    
    Design rationale: council consensus (4/4) rejected auto-promote in
    favor of TTL-based garbage collection. Frequency of observation does
    not establish correctness. Unreviewed pending instincts auto-delete
    after 30 days; if the pattern is real, the observer will regenerate it.
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix: remove duplicate functions, broaden extension filter, fix prune output
    
    - Remove duplicate _collect_pending_dirs and _parse_created_date defs
    - Use ALLOWED_INSTINCT_EXTENSIONS (.md/.yaml/.yml) instead of .md-only
    - Track actually-deleted items separately from expired for accurate output
    - Update README.md and AGENTS.md command counts: 59 → 60
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix: address Copilot and CodeRabbit review findings
    
    - Use is_dir() instead of exists() for pending path checks
    - Change > to >= for --max-age boundary (--max-age 0 now prunes all)
    - Use CLV2_PYTHON_CMD env var in observer-loop.sh prune call
    - Remove unused source_dupes variable
    - Remove extraneous f-string prefix on static string
    
    Generated with [Claude Code](https://claude.ai/code)
    via [Happy](https://happy.engineering)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    Co-Authored-By: Happy <yesreply@happy.engineering>
    
    * fix: update AGENTS.md project structure command count 59 → 60
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    
    * fix: address cubic and coderabbit review findings
    
    - Fix status early return skipping pending instinct warnings (cubic #1)
    - Exclude already-expired items from expiring-soon filter (cubic #2)
    - Warn on unparseable pending instinct age instead of silent skip (cubic #4)
    - Log prune failures to observer.log instead of silencing (cubic #5)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    
    * fix: YAML single-quote unescaping, f-string cleanup, add /prune to README
    
    - Fix single-quoted YAML unescaping: use '' doubling (YAML spec) not
      backslash escaping which only applies to double-quoted strings (greptile P1)
    - Remove extraneous f-string prefix on static string (coderabbit)
    - Add /prune to README command catalog and file tree (cubic)
    
    Co-Authored-By: Claude <noreply@anthropic.com>
    
    ---------
    
    Co-authored-by: Claude <noreply@anthropic.com>
    Co-authored-by: Happy <yesreply@happy.engineering>
  • feat(skills): add rules-distill skill (rebased #561) (#678)
    * feat(skills): add rules-distill — extract cross-cutting principles from skills into rules
    
    Applies the skill-stocktake pattern to rules maintenance:
    scan skills → extract shared principles → propose rule changes.
    
    Key design decisions:
    - Deterministic collection (scan scripts) + LLM judgment (cross-read & verdict)
    - 6 verdict types: Append, Revise, New Section, New File, Already Covered, Too Specific
    - Anti-abstraction safeguard: 2+ skills evidence, actionable behavior test, violation risk
    - Rules full text passed to LLM (no grep pre-filter) for accurate matching
    - Never modifies rules automatically — always requires user approval
    
    * fix(skills): address review feedback for rules-distill
    
    Fixes raised by CodeRabbit, Greptile, and cubic:
    
    - Add Prerequisites section documenting skill-stocktake dependency
    - Add fallback command when skill-stocktake is not installed
    - Fix shell quoting: add IFS= and -r to while-read loops
    - Replace hardcoded paths with env var placeholders ($CLAUDE_RULES_DIR, $SKILL_STOCKTAKE_DIR)
    - Add json language identifier to code blocks
    - Add "How It Works" parent heading for Phase 1/2/3
    - Add "Example" section with end-to-end run output
    - Add revision.reason/before/after fields to output schema for Revise verdict
    - Document timestamp format (date -u +%Y-%m-%dT%H:%M:%SZ)
    - Document candidate-id format (kebab-case from principle)
    - Use concrete examples in results.json schema
    
    * fix(skills): remove skill-stocktake dependency, add self-contained scripts
    
    Address P1 review feedback:
    - Add scan-skills.sh and scan-rules.sh directly in rules-distill/scripts/
      (no external dependency on skill-stocktake)
    - Remove Prerequisites section (no longer needed)
    - Add cross-batch merge step to prevent 2+ skills requirement
      from being silently broken across batch boundaries
    - Fix nested triple-backtick fences (use quadruple backticks)
    - Remove head -100 cap (silent truncation)
    - Rename "When to Activate" → "When to Use" (ECC standard)
    - Remove unnecessary env var placeholders (SKILL.md is a prompt, not a script)
    
    * fix: update skill/command counts in README.md and AGENTS.md
    
    rules-distill added 1 skill + 1 command:
    - skills: 108 → 109
    - commands: 57 → 58
    
    Updates all count references to pass CI catalog validation.
    
    * fix(skills): address Servitor review feedback for rules-distill
    
    1. Rename SKILL_STOCKTAKE_* env vars to RULES_DISTILL_* for consistency
    2. Remove unnecessary observation counting (use_7d/use_30d) from scan-skills.sh
    3. Fix header comment: scan.sh → scan-skills.sh
    4. Use jq for JSON construction in scan-rules.sh to properly escape
       headings containing special characters (", \)
    
    * fix(skills): address CodeRabbit review — portability and scan scope
    
    1. scan-rules.sh: use jq for error JSON output (proper escaping)
    2. scan-rules.sh: replace GNU-only sort -z with portable sort (BSD compat)
    3. scan-rules.sh: fix pipefail crash on files without H2 headings
    4. scan-skills.sh: scan only SKILL.md files (skip learned/*.md and
       auxiliary docs that lack frontmatter)
    5. scan-skills.sh: add portable get_mtime helper (GNU stat/date
       fallback to BSD stat/date)
    
    * fix: sync catalog counts with filesystem (27 agents, 114 skills, 59 commands)
    
    ---------
    
    Co-authored-by: Tatsuya Shimomoto <shimo4228@gmail.com>
  • chore: prepare v1.9.0 release (#666)
    - Bump version to 1.9.0 in package.json, package-lock.json, .opencode/package.json
    - Add v1.9.0 changelog with 212 commits covering selective install architecture,
      6 new agents, 15+ new skills, session/state infrastructure, observer fixes,
      12 language ecosystems, and community contributions
    - Update README with v1.9.0 release notes and complete agents tree (27 agents)
    - Add pytorch-build-resolver to AGENTS.md agent table
    - Update documentation counts to 27 agents, 109 skills, 57 commands
    - Update version references in zh-CN README
    - All 1421 tests passing, catalog counts verified
  • fix: update catalog counts and resolve lint error
    - Update agent count 26→27 in README.md (quick-start + comparison table) and AGENTS.md (summary + project structure)
    - Update skill count 108→109 in README.md (quick-start + comparison table) and AGENTS.md (summary)
    - Rename unused variable provenance → _provenance in tests/lib/skill-dashboard.test.js
  • feat(agents): add typescript-reviewer agent (#647)
    Adds typescript-reviewer agent following the established agent format, covering type safety, async correctness, security, and React/Next.js patterns.
  • feat(agents): add java-reviewer agent (#528)
    * Add java-reviewer agent for Java and Spring Boot code review
    
    * Fix java-reviewer: update tools format, git diff scope, diagnostic commands, AGENTS.md registration
    
    * Fix: correct skill reference, add command injection check, update agent count to 17
    
    * Fix: report-only disclaimer, path traversal, split ScriptEngine, escalation note, agent count 19
  • fix(ci): enforce catalog count integrity (#525)
    * fix(ci): enforce catalog count integrity
    
    * test: harden catalog structure parsing