ocak 0.1.0

data/lib/ocak/stack_detector.rb

@@ -0,0 +1,333 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Ocak
+  class StackDetector
+    Result = Struct.new(:language, :framework, :test_command, :lint_command,
+                        :format_command, :security_commands, :setup_command,
+                        :monorepo, :packages)
+
+    def initialize(project_dir)
+      @dir = project_dir
+    end
+
+    def detect
+      lang = detect_language
+      mono = detect_monorepo
+      Result.new(
+        language: lang,
+        framework: detect_framework(lang),
+        test_command: detect_test_command(lang),
+        lint_command: detect_lint_command(lang),
+        format_command: detect_format_command(lang),
+        security_commands: detect_security_commands(lang),
+        setup_command: detect_setup_command(lang),
+        monorepo: mono[:detected],
+        packages: mono[:packages]
+      )
+    end
+
+    private
+
+    def detect_language
+      return 'ruby'       if exists?('Gemfile')
+      return 'typescript' if exists?('tsconfig.json')
+      return 'javascript' if exists?('package.json')
+      return 'python'     if exists?('pyproject.toml') || exists?('setup.py') || exists?('requirements.txt')
+      return 'rust'       if exists?('Cargo.toml')
+      return 'go'         if exists?('go.mod')
+      return 'java'       if exists?('pom.xml') || exists?('build.gradle')
+      return 'elixir'     if exists?('mix.exs')
+
+      'unknown'
+    end
+
+    def detect_framework(lang)
+      case lang
+      when 'ruby' then detect_ruby_framework
+      when 'typescript', 'javascript' then detect_js_framework
+      when 'python'     then detect_python_framework
+      when 'rust'       then detect_rust_framework
+      when 'go'         then detect_go_framework
+      when 'elixir'     then 'phoenix' if gemfile_has?('mix.exs', 'phoenix')
+      end
+    end
+
+    def detect_test_command(lang)
+      case lang
+      when 'ruby'
+        gemfile_has?('Gemfile', 'rspec') ? 'bundle exec rspec' : 'bundle exec rake test'
+      when 'typescript', 'javascript'
+        return 'npx vitest run' if pkg_has?('vitest')
+        return 'npx jest'       if pkg_has?('jest')
+
+        'npm test'
+      when 'python'
+        return 'pytest' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('pytest')
+
+        'python -m pytest'
+      when 'rust'  then 'cargo test'
+      when 'go'    then 'go test ./...'
+      when 'java'  then exists?('gradlew') ? './gradlew test' : 'mvn test'
+      when 'elixir' then 'mix test'
+      end
+    end
+
+    def detect_lint_command(lang)
+      case lang
+      when 'ruby'
+        'bundle exec rubocop -A' if gemfile_has?('Gemfile', 'rubocop')
+      when 'typescript', 'javascript'
+        return 'npx biome check --write' if pkg_has?('biome') || pkg_has?('@biomejs/biome')
+
+        'npx eslint --fix .' if pkg_has?('eslint')
+      when 'python'
+        return 'ruff check --fix .' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('ruff')
+
+        'flake8'
+      when 'rust'   then 'cargo clippy --fix --allow-dirty'
+      when 'go'     then 'golangci-lint run'
+      when 'elixir' then 'mix credo'
+      end
+    end
+
+    def detect_format_command(lang)
+      case lang
+      when 'ruby' then nil # rubocop handles formatting
+      when 'typescript', 'javascript'
+        return nil if pkg_has?('biome') || pkg_has?('@biomejs/biome') # biome handles both
+
+        'npx prettier --write .' if pkg_has?('prettier')
+      when 'python'
+        return 'ruff format .' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('ruff')
+
+        'black .' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('black')
+      when 'rust'   then 'cargo fmt'
+      when 'go'     then 'gofmt -w .'
+      when 'elixir' then 'mix format'
+      end
+    end
+
+    def detect_security_commands(lang)
+      cmds = []
+      case lang
+      when 'ruby'
+        cmds << 'bundle exec brakeman -q' if gemfile_has?('Gemfile', 'brakeman')
+        cmds << 'bundle exec bundler-audit check' if gemfile_has?('Gemfile', 'bundler-audit')
+      when 'typescript', 'javascript'
+        cmds << 'npm audit --omit=dev'
+      when 'python'
+        cmds << 'bandit -r .' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('bandit')
+        cmds << 'safety check' if exists?('pyproject.toml') && read_file('pyproject.toml').include?('safety')
+      when 'rust'
+        cmds << 'cargo audit' if read_file('Cargo.toml').include?('cargo-audit')
+      when 'go'
+        cmds << 'gosec ./...'
+      end
+      cmds
+    end
+
+    def detect_setup_command(lang)
+      case lang
+      when 'ruby' then 'bundle install' if exists?('Gemfile')
+      when 'typescript', 'javascript' then detect_js_setup_command
+      when 'python' then detect_python_setup_command
+      when 'rust' then 'cargo fetch' if exists?('Cargo.toml')
+      when 'go' then 'go mod download' if exists?('go.mod')
+      when 'elixir' then 'mix deps.get' if exists?('mix.exs')
+      when 'java' then detect_java_setup_command
+      end
+    end
+
+    def detect_js_setup_command
+      return 'npm install' if exists?('package-lock.json')
+      return 'yarn install' if exists?('yarn.lock')
+      return 'pnpm install' if exists?('pnpm-lock.yaml')
+
+      'npm install' if exists?('package.json')
+    end
+
+    def detect_python_setup_command
+      return 'pip install -e .' if exists?('pyproject.toml')
+
+      'pip install -r requirements.txt' if exists?('requirements.txt')
+    end
+
+    def detect_java_setup_command
+      return './gradlew dependencies' if exists?('gradlew')
+
+      'mvn dependency:resolve' if exists?('pom.xml')
+    end
+
+    # Monorepo detection
+
+    def detect_monorepo
+      packages = []
+      packages.concat(detect_npm_workspaces)
+      packages.concat(detect_pnpm_workspaces)
+      packages.concat(detect_cargo_workspaces)
+      packages.concat(detect_go_workspaces)
+      packages.concat(detect_lerna_packages)
+      packages.concat(detect_convention_packages) if packages.empty?
+      packages.uniq!
+      { detected: packages.any?, packages: packages }
+    end
+
+    def detect_npm_workspaces
+      return [] unless exists?('package.json')
+
+      pkg = begin
+        JSON.parse(read_file('package.json'))
+      rescue JSON::ParserError
+        {}
+      end
+      workspaces = pkg['workspaces']
+      workspaces = workspaces['packages'] if workspaces.is_a?(Hash)
+      return [] unless workspaces.is_a?(Array) && workspaces.any?
+
+      expand_workspace_globs(workspaces)
+    end
+
+    def detect_pnpm_workspaces
+      return [] unless exists?('pnpm-workspace.yaml')
+
+      content = read_file('pnpm-workspace.yaml')
+      globs = content.scan(/^\s*-\s*['"]?([^'"#\n]+)/).flatten.map(&:strip)
+      expand_workspace_globs(globs)
+    end
+
+    def detect_cargo_workspaces
+      return [] unless exists?('Cargo.toml') && read_file('Cargo.toml').include?('[workspace]')
+
+      read_file('Cargo.toml').scan(/members\s*=\s*\[(.*?)\]/m).flatten.flat_map do |members|
+        globs = members.scan(/"([^"]+)"/).flatten
+        expand_workspace_globs(globs)
+      end
+    end
+
+    def detect_go_workspaces
+      return [] unless exists?('go.work')
+
+      read_file('go.work').scan(/use\s+(\S+)/).flatten.select do |pkg|
+        Dir.exist?(File.join(@dir, pkg))
+      end
+    end
+
+    def detect_lerna_packages
+      return [] unless exists?('lerna.json')
+
+      lerna = begin
+        JSON.parse(read_file('lerna.json'))
+      rescue JSON::ParserError
+        {}
+      end
+      expand_workspace_globs(lerna['packages'] || ['packages/*'])
+    end
+
+    def detect_convention_packages
+      packages = []
+      %w[packages apps services modules libs].each do |candidate|
+        path = File.join(@dir, candidate)
+        next unless Dir.exist?(path)
+
+        subdirs = Dir.entries(path).reject { |e| e.start_with?('.') }.select do |e|
+          File.directory?(File.join(path, e))
+        end
+        packages.concat(subdirs.map { |s| "#{candidate}/#{s}" }) if subdirs.size > 1
+      end
+      packages
+    end
+
+    def expand_workspace_globs(globs)
+      globs.flat_map do |glob|
+        pattern = File.join(@dir, glob)
+        Dir.glob(pattern).select { |p| File.directory?(p) }.map do |p|
+          p.sub("#{@dir}/", '')
+        end
+      end
+    end
+
+    # Framework detection helpers
+
+    def detect_ruby_framework
+      return 'rails'   if gemfile_has?('Gemfile', 'rails')
+      return 'sinatra' if gemfile_has?('Gemfile', 'sinatra')
+      return 'hanami'  if gemfile_has?('Gemfile', 'hanami')
+
+      nil
+    end
+
+    def detect_js_framework
+      return 'next'    if pkg_has?('next')
+      return 'remix'   if pkg_has?('@remix-run/react')
+      return 'nuxt'    if pkg_has?('nuxt')
+      return 'svelte'  if pkg_has?('svelte') || pkg_has?('@sveltejs/kit')
+      return 'react'   if pkg_has?('react')
+      return 'vue'     if pkg_has?('vue')
+      return 'express' if pkg_has?('express')
+
+      nil
+    end
+
+    def detect_python_framework
+      return 'django' if exists?('manage.py') || pip_has?('django')
+      return 'flask'  if pip_has?('flask')
+      return 'fastapi' if pip_has?('fastapi')
+
+      nil
+    end
+
+    def detect_rust_framework
+      content = read_file('Cargo.toml')
+      return 'actix'  if content.include?('actix-web')
+      return 'axum'   if content.include?('axum')
+      return 'rocket' if content.include?('rocket')
+
+      nil
+    end
+
+    def detect_go_framework
+      content = read_file('go.mod')
+      return 'gin'   if content.include?('gin-gonic')
+      return 'echo'  if content.include?('labstack/echo')
+      return 'fiber' if content.include?('gofiber/fiber')
+      return 'chi'   if content.include?('go-chi/chi')
+
+      nil
+    end
+
+    # File helpers
+
+    def exists?(filename)
+      File.exist?(File.join(@dir, filename))
+    end
+
+    def read_file(filename)
+      path = File.join(@dir, filename)
+      File.exist?(path) ? File.read(path) : ''
+    end
+
+    def gemfile_has?(file, gem_name)
+      read_file(file).match?(/['"]#{Regexp.escape(gem_name)}[\w-]*['"]/)
+    end
+
+    def pkg_has?(package)
+      @pkg_json ||= begin
+        raw = read_file('package.json')
+        raw.empty? ? {} : JSON.parse(raw)
+      rescue JSON::ParserError
+        {}
+      end
+
+      deps = (@pkg_json['dependencies'] || {}).merge(@pkg_json['devDependencies'] || {})
+      deps.key?(package)
+    end
+
+    def pip_has?(package)
+      %w[pyproject.toml setup.py requirements.txt].any? do |f|
+        read_file(f).downcase.include?(package.downcase)
+      end
+    end
+  end
+end

data/lib/ocak/stream_parser.rb

@@ -0,0 +1,189 @@
+# frozen_string_literal: true
+
+require 'json'
+
+module Ocak
+  # Parses NDJSON lines from `claude --output-format stream-json`.
+  class StreamParser
+    TEST_CMD_PATTERN = %r{
+      \b(rails\stest|bin/rails\stest|rspec|npm\stest|
+      npx\svitest|cargo\stest|pytest|go\stest|mix\stest|
+      rubocop|biome|clippy|eslint)\b
+    }x
+
+    attr_reader :result_text, :cost_usd, :duration_ms, :num_turns, :files_edited
+
+    def initialize(agent_name, logger)
+      @agent_name = agent_name
+      @logger = logger
+      @result_text = nil
+      @cost_usd = nil
+      @duration_ms = nil
+      @num_turns = nil
+      @success = nil
+      @files_edited = []
+      @pending_tools = {}
+    end
+
+    def success?
+      @success == true
+    end
+
+    def parse_line(line)
+      stripped = line.strip
+      return [] if stripped.empty?
+
+      data = JSON.parse(stripped)
+
+      case data['type']
+      when 'system'    then parse_system(data)
+      when 'assistant' then parse_assistant(data)
+      when 'user'      then parse_user(data)
+      when 'result'    then parse_result(data)
+      else []
+      end
+    rescue JSON::ParserError
+      []
+    end
+
+    private
+
+    def parse_system(data)
+      return [] unless data['subtype'] == 'init'
+
+      model = data['model'] || 'unknown'
+      @logger.info("[INIT] session (model: #{model})", agent: @agent_name)
+      [{ category: :init, model: model, session_id: data['session_id'] }]
+    end
+
+    def parse_assistant(data)
+      content = data.dig('message', 'content')
+      return [] unless content.is_a?(Array)
+
+      content.filter_map do |block|
+        case block['type']
+        when 'text'     then parse_text_block(block)
+        when 'tool_use' then parse_tool_use(block)
+        end
+      end
+    end
+
+    def parse_text_block(block)
+      text = block['text'].to_s
+      has_red    = text.include?("\u{1F534}")
+      has_yellow = text.include?("\u{1F7E1}")
+      has_green  = text.include?("\u{1F7E2}")
+      has_findings = has_red || has_yellow || has_green
+
+      if has_findings
+        severity = if has_red
+                     'BLOCKING'
+                   else
+                     (has_yellow ? 'WARNING' : 'PASS')
+                   end
+        @logger.info("[REVIEW] #{severity}", agent: @agent_name)
+      end
+
+      { category: :text, text: text[0..200], has_findings: has_findings,
+        has_red: has_red, has_yellow: has_yellow, has_green: has_green }
+    end
+
+    def parse_tool_use(block)
+      tool_id = block['id']
+      tool_name = block['name']
+      input = block['input'] || {}
+      @pending_tools[tool_id] = { name: tool_name, input: input }
+
+      build_tool_event(tool_name, input)
+    end
+
+    def build_tool_event(tool_name, input)
+      case tool_name
+      when 'Edit', 'Write'
+        file_path = input['file_path'].to_s
+        @files_edited << file_path unless file_path.empty?
+        @logger.info("[EDIT] #{tool_name}: #{file_path}", agent: @agent_name)
+        { category: :tool_call, tool: tool_name, detail: file_path, file_path: file_path }
+      when 'Bash'
+        cmd = input['command'].to_s
+        truncated = cmd.length > 100 ? "#{cmd[0..97]}..." : cmd
+        @logger.info("[BASH] #{truncated}", agent: @agent_name)
+        { category: :tool_call, tool: tool_name, detail: truncated, command: cmd }
+      else
+        build_read_tool_event(tool_name, input)
+      end
+    end
+
+    def build_read_tool_event(tool_name, input)
+      case tool_name
+      when 'Read'
+        { category: :tool_call, tool: tool_name, detail: input['file_path'].to_s }
+      when 'Glob', 'Grep'
+        pattern = (input['pattern'] || input['glob']).to_s
+        { category: :tool_call, tool: tool_name, detail: pattern }
+      else
+        { category: :tool_call, tool: tool_name, detail: '' }
+      end
+    end
+
+    def parse_user(data)
+      content = data.dig('message', 'content')
+      return [] unless content.is_a?(Array)
+
+      content.filter_map do |block|
+        next unless block['type'] == 'tool_result'
+
+        process_tool_result(block)
+      end
+    end
+
+    def process_tool_result(block)
+      tool_info = @pending_tools[block['tool_use_id']]
+      return unless tool_info&.dig(:name) == 'Bash'
+
+      command = tool_info[:input]['command'].to_s
+      return unless command.match?(TEST_CMD_PATTERN)
+
+      result_text = extract_tool_text(block['content'])
+      passed = detect_test_pass(result_text)
+      cmd_label = command[TEST_CMD_PATTERN] || 'test'
+      @logger.info("[TEST] #{passed ? 'PASS' : 'FAIL'} (#{cmd_label})", agent: @agent_name)
+
+      { category: :tool_result, is_test_result: true, passed: passed, command: cmd_label }
+    end
+
+    def parse_result(data)
+      @result_text = data['result'].to_s
+      @cost_usd = data['total_cost_usd']
+      @duration_ms = data['duration_ms']
+      @num_turns = data['num_turns']
+      @success = data['subtype'] == 'success'
+
+      cost_str = @cost_usd ? format('$%.4f', @cost_usd) : 'n/a'
+      dur_str = @duration_ms ? "#{(@duration_ms / 1000.0).round(1)}s" : 'n/a'
+      @logger.info("[DONE] #{@success ? 'success' : 'failed'}, #{cost_str}, #{dur_str}", agent: @agent_name)
+
+      [{ category: :result, subtype: data['subtype'], cost_usd: @cost_usd,
+         duration_ms: @duration_ms, num_turns: @num_turns }]
+    end
+
+    def extract_tool_text(content)
+      case content
+      when String then content
+      when Array  then content.filter_map { |c| c['text'] if c['type'] == 'text' }.join("\n")
+      else ''
+      end
+    end
+
+    def detect_test_pass(output)
+      return true  if output.match?(/0 failures,\s*0 errors/)
+      return true  if output.match?(/no offenses detected/i)
+      return true  if output.match?(/test result: ok/i) # cargo test
+      return false if output.match?(/[1-9]\d* failures?/) || output.match?(/[1-9]\d* errors?/)
+      return false if output.match?(/FAIL/i) && !output.match?(/0 failed/i)
+      return true  if output.match?(/passed/i) && !output.match?(/failed/i)
+
+      true # no obvious failure signal
+    end
+  end
+end

data/lib/ocak/templates/agents/auditor.md.erb

@@ -0,0 +1,87 @@
+---
+name: auditor
+description: Pre-merge gate audit — reviews changed files for security, patterns, tests, and data issues
+tools: Read, Grep, Glob, Bash
+disallowedTools: Write, Edit
+model: sonnet
+---
+
+# Auditor Agent
+
+You audit changed files as a pre-merge gate. You are read-only. Focus ONLY on files changed in the current branch.
+
+## Setup
+
+1. Read CLAUDE.md for project conventions
+2. Get list of changed files:
+```bash
+git diff main --name-only
+```
+3. Read every changed file in full
+
+## Audit Checklist
+
+For each changed file, check:
+
+### Security
+- Auth gaps or missing authorization
+- Unvalidated user inputs
+- Injection risks (SQL, command, XSS)
+- Hardcoded secrets or credentials
+- Missing access control checks
+
+### Patterns
+- Convention violations (check CLAUDE.md)
+- Dead code or commented-out code
+- Over-engineering or unnecessary abstractions
+- Inconsistent naming or structure
+
+### Error Handling
+<%- if language == "ruby" -%>
+- Bare `rescue` without specific exception types
+- Swallowed exceptions (rescue with no action)
+- Missing transaction boundaries for multi-record operations
+<%- elsif language == "python" -%>
+- Bare `except` without specific exception types
+- Swallowed exceptions
+- Missing database transaction boundaries
+<%- else -%>
+- Generic error catching without specific types
+- Swallowed errors
+- Missing error handling for async operations
+<%- end -%>
+
+### Test Coverage
+- Are there tests for the changed code?
+- Do tests cover error paths?
+- Do tests cover edge cases?
+
+### Data
+- Potential N+1 queries or unbounded queries
+- Missing database indexes for new queries
+- Incorrect data types for the domain
+
+## Output Format
+
+```
+## Audit Report
+
+### Critical Issues (BLOCK if found)
+[List any critical security or correctness issues. Use the word BLOCK for critical items.]
+
+### Warnings
+[Pattern violations, missing tests, minor issues]
+
+### Observations
+[Non-blocking notes and suggestions]
+
+### Files Audited
+- [file]: [status]
+```
+
+Use the word **BLOCK** for any finding that should prevent merging. Only use BLOCK for:
+- Authentication/authorization bypass
+- Injection vulnerabilities
+- Secrets exposure
+- Data corruption risks
+- Critical missing tests for dangerous operations

data/lib/ocak/templates/agents/documenter.md.erb

@@ -0,0 +1,67 @@
+---
+name: documenter
+description: Reviews changes and adds missing documentation — API docs, inline comments, README, CHANGELOG
+tools: Read, Write, Edit, Glob, Grep, Bash
+model: sonnet
+---
+
+# Documenter Agent
+
+You review code changes and add missing documentation. You do NOT modify any logic or tests — only documentation.
+
+## Setup
+
+1. Read CLAUDE.md for project conventions
+2. Get the issue context: `gh issue view <number> --json title,body` (if provided)
+3. Get the diff: `git diff main --stat` then `git diff main`
+4. Read the issue's "Documentation" section for specific requirements
+
+## What to Document
+
+### Inline Comments
+
+Add comments ONLY for non-obvious logic:
+- Complex algorithms or calculations
+- Business rules that aren't self-evident from the code
+- Workarounds with context on why they're needed
+- Regular expressions or complex queries
+
+Do NOT add comments for:
+- Self-explanatory code
+- Method signatures that are clear from naming
+- Simple CRUD operations
+- Code you didn't change (unless the issue specifically asks)
+
+### CLAUDE.md / Project Documentation Updates
+
+If the changes introduce:
+- New API routes or endpoints — document them
+- New conventions or patterns — add to conventions section
+- New environment variables — document configuration
+- New development commands — add to developer guide
+
+### README Updates
+
+If the changes add user-facing features, update the README if one exists and it documents features.
+
+### CHANGELOG
+
+If a CHANGELOG exists, add an entry for this change.
+
+## Rules
+
+- Do NOT modify any application logic, tests, or configuration
+- Do NOT add excessive comments — favor clean, self-documenting code
+- Do NOT create new documentation files unless the issue specifically requests it
+- Keep documentation concise
+- Match the documentation style already in the project
+
+## Output
+
+```
+## Documentation Changes
+- [file]: [what was documented and why]
+
+## Skipped
+- [anything from the issue's documentation requirements that wasn't needed, with reason]
+```