@bhargavvc/sdd-cc 1.30.0

package/scripts/rebrand-gsd-to-sdd.sh

@@ -0,0 +1,220 @@
+#!/usr/bin/env bash
+##############################################################################
+# rebrand-gsd-to-sdd.sh (for sdd-cc repo)
+#
+# Converts all G.S.D references to S.D.D in the IDE installer package.
+# IDEMPOTENT — safe to re-run. Excludes itself from modification.
+#
+# USAGE:  bash scripts/rebrand-gsd-to-sdd.sh
+# RUN AFTER:  git merge upstream-sync  (into main)
+##############################################################################
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+
+# Build literal strings via hex to avoid self-modification by sed
+OLD_LC=$(printf '\x67\x73\x64')       # g-s-d
+OLD_UC=$(printf '\x47\x53\x44')       # G-S-D
+NEW_LC="sdd"
+NEW_UC="SDD"
+
+# The old framework directory name (hex-encoded to avoid self-match)
+OLD_DIR=$(printf '\x67\x65\x74\x2d\x73\x68\x69\x74\x2d\x64\x6f\x6e\x65')  # get-shit-done
+NEW_DIR="sdd"
+
+# Old branding phrases (hex-encoded)
+OLD_BRAND1=$(printf '\x47\x65\x74\x20\x53\x68\x69\x74\x20\x44\x6f\x6e\x65')  # Get Shit Done
+OLD_BRAND2=$(printf '\x47\x65\x74\x20\x53\x74\x75\x66\x66\x20\x44\x6f\x6e\x65') # Get Stuff Done
+NEW_BRAND="Spec-Driven Development"
+
+SELF_NAME="rebrand-$(echo "${OLD_LC}")-to-${NEW_LC}.sh"
+
+echo "=== ${NEW_UC}-CC Rebrand Script ==="
+echo "Working in: $REPO_ROOT"
+
+# ─── STEP 1: Rename directories ─────────────────────────────────────────────
+echo ""
+echo "[1/5] Renaming directories..."
+
+# Rename get-shit-done/ → sdd/
+if [ -d "${OLD_DIR}" ] && [ ! -d "${NEW_DIR}" ]; then
+  echo "  ${OLD_DIR}/ -> ${NEW_DIR}/"
+  mv "${OLD_DIR}" "${NEW_DIR}"
+fi
+
+# Rename commands/gsd/ → commands/sdd/
+if [ -d "commands/${OLD_LC}" ] && [ ! -d "commands/${NEW_LC}" ]; then
+  echo "  commands/${OLD_LC}/ -> commands/${NEW_LC}/"
+  mv "commands/${OLD_LC}" "commands/${NEW_LC}"
+fi
+
+# Rename internal get-shit-done/commands/gsd/ if it exists
+if [ -d "${NEW_DIR}/commands/${OLD_LC}" ] && [ ! -d "${NEW_DIR}/commands/${NEW_LC}" ]; then
+  echo "  ${NEW_DIR}/commands/${OLD_LC}/ -> ${NEW_DIR}/commands/${NEW_LC}/"
+  mv "${NEW_DIR}/commands/${OLD_LC}" "${NEW_DIR}/commands/${NEW_LC}"
+fi
+
+echo "  Done."
+
+# ─── STEP 2: Rename files ───────────────────────────────────────────────────
+echo ""
+echo "[2/5] Renaming files..."
+
+find . -not -path './.git/*' -not -path './node_modules/*' \
+  -not -name "$SELF_NAME" \
+  \( -name "*${OLD_LC}*" -o -name "*${OLD_UC}*" -o -name "*${OLD_DIR}*" \) \
+  -type f 2>/dev/null | sort -r | while read -r path; do
+  dir=$(dirname "$path")
+  base=$(basename "$path")
+  newbase=$(echo "$base" | sed "s/${OLD_DIR}/${NEW_DIR}/g; s/${OLD_LC}/${NEW_LC}/g; s/${OLD_UC}/${NEW_UC}/g")
+  [ "$base" = "$newbase" ] && continue
+  echo "  $path -> $dir/$newbase"
+  mv "$path" "$dir/$newbase"
+done
+
+echo "  Done."
+
+# ─── STEP 3: Replace content in all files ───────────────────────────────────
+echo ""
+echo "[3/5] Finding files with content to replace..."
+
+grep -rl --include="*.md" --include="*.js" --include="*.cjs" \
+  --include="*.json" --include="*.sh" --include="*.yml" --include="*.yaml" \
+  -E "${OLD_LC}|${OLD_UC}|${OLD_DIR}" . 2>/dev/null \
+  | grep -v '\.git/' | grep -v 'node_modules/' \
+  | grep -v "$SELF_NAME" \
+  | grep -v 'package-lock.json' \
+  > /tmp/${NEW_LC}-cc-rebrand-files.txt || true
+
+FCOUNT=$(wc -l < /tmp/${NEW_LC}-cc-rebrand-files.txt)
+echo "  Found $FCOUNT files."
+
+echo "  Replacing..."
+while IFS= read -r file; do
+  [ -z "$file" ] && continue
+
+  # Branding phrases first (longest match first)
+  sed -i \
+    -e "s/${OLD_BRAND1}/${NEW_BRAND}/g" \
+    -e "s/${OLD_BRAND2}/${NEW_BRAND}/g" \
+    "$file"
+
+  # Directory name: get-shit-done → sdd
+  sed -i \
+    -e "s/${OLD_DIR}-cc/@bhargavvc\/${NEW_LC}-cc/g" \
+    -e "s/${OLD_DIR}/${NEW_DIR}/g" \
+    "$file"
+
+  # Targeted patterns
+  sed -i \
+    -e "s/${OLD_LC}:/${NEW_LC}:/g" \
+    -e "s/${OLD_LC}-/${NEW_LC}-/g" \
+    -e "s/_${OLD_LC}/_${NEW_LC}/g" \
+    -e "s/${OLD_LC}_/${NEW_LC}_/g" \
+    -e "s/\/${OLD_LC}\//\/${NEW_LC}\//g" \
+    -e "s/\.${OLD_LC}\//\.${NEW_LC}\//g" \
+    -e "s/\.${OLD_LC}\"/.${NEW_LC}\"/g" \
+    -e "s/\.${OLD_LC}'/.${NEW_LC}'/g" \
+    -e "s/\"${OLD_LC}\"/\"${NEW_LC}\"/g" \
+    -e "s/'${OLD_LC}'/'${NEW_LC}'/g" \
+    -e "s/@${OLD_LC}\//@${NEW_LC}\//g" \
+    -e "s/${OLD_UC}_/${NEW_UC}_/g" \
+    -e "s/\"${OLD_UC}\"/\"${NEW_UC}\"/g" \
+    -e "s/'${OLD_UC}'/'${NEW_UC}'/g" \
+    "$file"
+
+  # Variable syntax: {{GSD_ARGS}} → {{SDD_ARGS}}
+  sed -i \
+    -e "s/{{${OLD_UC}_ARGS}}/{{${NEW_UC}_ARGS}}/g" \
+    -e "s/{{${OLD_UC}_/{{${NEW_UC}_/g" \
+    "$file"
+
+  # Catch-all: remaining standalone instances
+  sed -i \
+    -e "s/\b${OLD_LC}\b/${NEW_LC}/g" \
+    -e "s/\b${OLD_UC}\b/${NEW_UC}/g" \
+    "$file"
+
+  # Restore @gsd-build (upstream npm scope — must stay)
+  if grep -q "${NEW_LC}-build" "$file" 2>/dev/null; then
+    sed -i \
+      -e "s/@${NEW_LC}-build/@${OLD_LC}-build/g" \
+      -e "s/${NEW_LC}-build\//${OLD_LC}-build\//g" \
+      "$file"
+  fi
+
+done < /tmp/${NEW_LC}-cc-rebrand-files.txt
+
+rm -f /tmp/${NEW_LC}-cc-rebrand-files.txt
+echo "  Done."
+
+# ─── STEP 4: Fix package.json ───────────────────────────────────────────────
+echo ""
+echo "[4/5] Updating package.json..."
+
+if [ -f "package.json" ]; then
+  # Fix package name and bin
+  sed -i \
+    -e 's/"name": *"[^"]*"/"name": "@bhargavvc\/sdd-cc"/' \
+    -e 's/"sdd-cc-cc"/"sdd-cc"/' \
+    -e "s/\"${OLD_DIR}-cc\"/\"${NEW_LC}-cc\"/g" \
+    package.json
+
+  # Fix bin entry: the key might already be partially renamed
+  # Ensure bin is exactly: "sdd-cc": "bin/install.js"
+  node -e "
+    const pkg = require('./package.json');
+    const fs = require('fs');
+    pkg.name = '@bhargavvc/sdd-cc';
+    pkg.bin = { 'sdd-cc': 'bin/install.js' };
+    pkg.description = pkg.description
+      .replace(/Get Shit Done/gi, 'Spec-Driven Development')
+      .replace(/GSD/g, 'SDD')
+      .replace(/gsd/g, 'sdd');
+    pkg.repository = { type: 'git', url: 'git+https://github.com/bhargavvc/sdd-cc.git' };
+    pkg.homepage = 'https://github.com/bhargavvc/sdd-cc';
+    pkg.bugs = { url: 'https://github.com/bhargavvc/sdd-cc/issues' };
+    pkg.publishConfig = { access: 'public' };
+    fs.writeFileSync('package.json', JSON.stringify(pkg, null, 2) + '\n');
+  "
+  echo "  package.json updated."
+fi
+
+echo "  Done."
+
+# ─── STEP 5: Verify ─────────────────────────────────────────────────────────
+echo ""
+echo "[5/5] Verifying..."
+
+STALE_COUNT=0
+
+echo "  Checking for stale references..."
+# Check markdown and source files for remaining gsd (excluding @gsd-build and this script)
+STALE=$(grep -rn "${OLD_LC}\|${OLD_DIR}" \
+  --include="*.md" --include="*.js" --include="*.cjs" \
+  . 2>/dev/null \
+  | grep -v '\.git/' | grep -v 'node_modules/' \
+  | grep -v "$SELF_NAME" \
+  | grep -v "@${OLD_LC}-build" \
+  | grep -v "REBRAND" \
+  | head -20 || true)
+
+if [ -n "$STALE" ]; then
+  echo "  WARNING: Stale references found:"
+  echo "$STALE"
+  STALE_COUNT=$(echo "$STALE" | wc -l)
+else
+  echo "  No stale references found."
+fi
+
+echo ""
+echo "=== Rebrand complete ==="
+echo "  Stale references: $STALE_COUNT"
+echo ""
+echo "  Next steps:"
+echo "  1. Review changes: git diff --stat"
+echo "  2. Test installer:  node bin/install.js --cursor --local"
+echo "  3. Commit:          git add -A && git commit -m 'rebrand: GSD → SDD'"
+echo "  4. Publish:         npm publish --access public"

package/scripts/run-tests.cjs

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+// Cross-platform test runner — resolves test file globs via Node
+// instead of relying on shell expansion (which fails on Windows PowerShell/cmd).
+// Propagates NODE_V8_COVERAGE so c8 collects coverage from the child process.
+'use strict';
+
+const { readdirSync } = require('fs');
+const { join } = require('path');
+const { execFileSync } = require('child_process');
+
+const testDir = join(__dirname, '..', 'tests');
+const files = readdirSync(testDir)
+  .filter(f => f.endsWith('.test.cjs'))
+  .sort()
+  .map(f => join('tests', f));
+
+if (files.length === 0) {
+  console.error('No test files found in tests/');
+  process.exit(1);
+}
+
+try {
+  execFileSync(process.execPath, ['--test', ...files], {
+    stdio: 'inherit',
+    env: { ...process.env },
+  });
+} catch (err) {
+  process.exit(err.status || 1);
+}

package/scripts/secret-scan.sh

@@ -0,0 +1,227 @@
+#!/usr/bin/env bash
+# secret-scan.sh — Check files for accidentally committed secrets/credentials
+#
+# Usage:
+#   scripts/secret-scan.sh --diff origin/main   # CI mode: scan changed files
+#   scripts/secret-scan.sh --file path/to/file   # Scan a single file
+#   scripts/secret-scan.sh --dir agents/          # Scan all files in a directory
+#
+# Exit codes:
+#   0 = clean
+#   1 = findings detected
+#   2 = usage error
+set -euo pipefail
+
+# ─── Secret Patterns ─────────────────────────────────────────────────────────
+# Format: "LABEL:::REGEX"
+# Each entry is a human label paired with a POSIX extended regex.
+
+SECRET_PATTERNS=(
+  # AWS
+  "AWS Access Key:::AKIA[0-9A-Z]{16}"
+  "AWS Secret Key:::aws_secret_access_key[[:space:]]*=[[:space:]]*[A-Za-z0-9/+=]{40}"
+
+  # OpenAI / Anthropic / AI providers
+  "OpenAI API Key:::sk-[A-Za-z0-9]{20,}"
+  "Anthropic API Key:::sk-ant-[A-Za-z0-9_-]{20,}"
+
+  # GitHub
+  "GitHub PAT:::ghp_[A-Za-z0-9]{36}"
+  "GitHub OAuth:::gho_[A-Za-z0-9]{36}"
+  "GitHub App Token:::ghs_[A-Za-z0-9]{36}"
+  "GitHub Fine-grained PAT:::github_pat_[A-Za-z0-9_]{20,}"
+
+  # Stripe
+  "Stripe Secret Key:::sk_live_[A-Za-z0-9]{24,}"
+  "Stripe Publishable Key:::pk_live_[A-Za-z0-9]{24,}"
+
+  # Generic patterns
+  "Private Key Header:::-----BEGIN[[:space:]]+(RSA|EC|DSA|OPENSSH)?[[:space:]]*PRIVATE[[:space:]]+KEY-----"
+  "Generic API Key Assignment:::api[_-]?key[[:space:]]*[:=][[:space:]]*['\"][A-Za-z0-9_-]{20,}['\"]"
+  "Generic Secret Assignment:::secret[[:space:]]*[:=][[:space:]]*['\"][A-Za-z0-9_-]{20,}['\"]"
+  "Generic Token Assignment:::token[[:space:]]*[:=][[:space:]]*['\"][A-Za-z0-9_-]{20,}['\"]"
+  "Generic Password Assignment:::password[[:space:]]*[:=][[:space:]]*['\"][^'\"]{8,}['\"]"
+
+  # Slack
+  "Slack Bot Token:::xoxb-[0-9]{10,}-[A-Za-z0-9]{20,}"
+  "Slack Webhook:::hooks\.slack\.com/services/T[A-Z0-9]{8,}/B[A-Z0-9]{8,}/[A-Za-z0-9]{24}"
+
+  # Google
+  "Google API Key:::AIza[A-Za-z0-9_-]{35}"
+
+  # NPM
+  "NPM Token:::npm_[A-Za-z0-9]{36}"
+
+  # .env file content (key=value with sensitive-looking keys)
+  "Env Variable Leak:::(DATABASE_URL|DB_PASSWORD|REDIS_URL|MONGO_URI|JWT_SECRET|SESSION_SECRET|ENCRYPTION_KEY)[[:space:]]*=[[:space:]]*[^[:space:]]{8,}"
+)
+
+# ─── Ignorelist ──────────────────────────────────────────────────────────────
+
+IGNOREFILE=".secretscanignore"
+IGNORED_FILES=()
+
+load_ignorelist() {
+  if [[ -f "$IGNOREFILE" ]]; then
+    while IFS= read -r line; do
+      [[ "$line" =~ ^[[:space:]]*# ]] && continue
+      [[ -z "${line// }" ]] && continue
+      IGNORED_FILES+=("$line")
+    done < "$IGNOREFILE"
+  fi
+}
+
+is_ignored() {
+  local file="$1"
+  if [[ ${#IGNORED_FILES[@]} -eq 0 ]]; then
+    return 1
+  fi
+  for pattern in "${IGNORED_FILES[@]}"; do
+    # Support glob-style matching
+    # shellcheck disable=SC2254
+    case "$file" in
+      $pattern) return 0 ;;
+    esac
+  done
+  return 1
+}
+
+# ─── Skip Rules ──────────────────────────────────────────────────────────────
+
+should_skip_file() {
+  local file="$1"
+  # Skip binary files
+  case "$file" in
+    *.png|*.jpg|*.jpeg|*.gif|*.ico|*.woff|*.woff2|*.ttf|*.eot|*.otf) return 0 ;;
+    *.zip|*.tar|*.gz|*.bz2|*.xz|*.7z) return 0 ;;
+    *.pdf|*.doc|*.docx|*.xls|*.xlsx) return 0 ;;
+  esac
+  # Skip lockfiles and node_modules
+  case "$file" in
+    */node_modules/*) return 0 ;;
+    */package-lock.json) return 0 ;;
+    */yarn.lock) return 0 ;;
+    */pnpm-lock.yaml) return 0 ;;
+  esac
+  # Skip the scan scripts themselves and test files
+  case "$file" in
+    */secret-scan.sh) return 0 ;;
+    */security-scan.test.cjs) return 0 ;;
+  esac
+  return 1
+}
+
+# ─── File Collection ─────────────────────────────────────────────────────────
+
+collect_files() {
+  local mode="$1"
+  shift
+
+  case "$mode" in
+    --diff)
+      local base="${1:-origin/main}"
+      git diff --name-only --diff-filter=ACMR "$base"...HEAD 2>/dev/null \
+        | grep -vE '\.(png|jpg|jpeg|gif|ico|woff|woff2|ttf|eot|otf|zip|tar|gz|pdf)$' || true
+      ;;
+    --file)
+      if [[ -f "$1" ]]; then
+        echo "$1"
+      else
+        echo "Error: file not found: $1" >&2
+        exit 2
+      fi
+      ;;
+    --dir)
+      local dir="$1"
+      if [[ ! -d "$dir" ]]; then
+        echo "Error: directory not found: $dir" >&2
+        exit 2
+      fi
+      find "$dir" -type f ! -path '*/node_modules/*' ! -path '*/.git/*' ! -path '*/dist/*' \
+        ! -name '*.png' ! -name '*.jpg' ! -name '*.gif' ! -name '*.woff*' 2>/dev/null || true
+      ;;
+    --stdin)
+      cat
+      ;;
+    *)
+      echo "Usage: $0 --diff [base] | --file <path> | --dir <path> | --stdin" >&2
+      exit 2
+      ;;
+  esac
+}
+
+# ─── Scanner ─────────────────────────────────────────────────────────────────
+
+scan_file() {
+  local file="$1"
+  local found=0
+
+  if is_ignored "$file"; then
+    return 0
+  fi
+
+  for entry in "${SECRET_PATTERNS[@]}"; do
+    local label="${entry%%:::*}"
+    local pattern="${entry#*:::}"
+
+    local matches
+    matches=$(grep -nE -e "$pattern" "$file" 2>/dev/null || true)
+    if [[ -n "$matches" ]]; then
+      if [[ $found -eq 0 ]]; then
+        echo "FAIL: $file"
+        found=1
+      fi
+      echo "$matches" | while IFS= read -r line; do
+        echo "  [$label] $line"
+      done
+    fi
+  done
+
+  return $found
+}
+
+# ─── Main ────────────────────────────────────────────────────────────────────
+
+main() {
+  if [[ $# -eq 0 ]]; then
+    echo "Usage: $0 --diff [base] | --file <path> | --dir <path>" >&2
+    exit 2
+  fi
+
+  load_ignorelist
+
+  local mode="$1"
+  shift
+
+  local files
+  files=$(collect_files "$mode" "$@")
+
+  if [[ -z "$files" ]]; then
+    echo "secret-scan: no files to scan"
+    exit 0
+  fi
+
+  local total=0
+  local failed=0
+
+  while IFS= read -r file; do
+    [[ -z "$file" ]] && continue
+    if should_skip_file "$file"; then
+      continue
+    fi
+    total=$((total + 1))
+    if ! scan_file "$file"; then
+      failed=$((failed + 1))
+    fi
+  done <<< "$files"
+
+  echo ""
+  echo "secret-scan: scanned $total files, $failed with findings"
+
+  if [[ $failed -gt 0 ]]; then
+    exit 1
+  fi
+  exit 0
+}
+
+main "$@"

package/scripts/sync-upstream.sh

@@ -0,0 +1,56 @@
+#!/usr/bin/env bash
+##############################################################################
+# sync-upstream.sh
+#
+# Syncs the sdd-cc fork with upstream gsd-build/get-shit-done,
+# then runs the rebrand script.
+#
+# USAGE:  bash scripts/sync-upstream.sh
+##############################################################################
+
+set -euo pipefail
+
+REPO_ROOT="$(cd "$(dirname "$0")/.." && pwd)"
+cd "$REPO_ROOT"
+
+echo "=== SDD-CC Upstream Sync ==="
+echo ""
+
+# Step 1: Fetch upstream
+echo "[1/5] Fetching upstream..."
+git fetch upstream
+echo "  Done."
+
+# Step 2: Update upstream-sync branch
+echo ""
+echo "[2/5] Updating upstream-sync branch..."
+git checkout upstream-sync
+git merge upstream/main --no-edit
+echo "  Done."
+
+# Step 3: Merge into main
+echo ""
+echo "[3/5] Merging upstream-sync into main..."
+git checkout main
+git merge -X theirs upstream-sync --no-edit
+echo "  Done."
+
+# Step 4: Run rebrand
+echo ""
+echo "[4/5] Running rebrand..."
+bash scripts/rebrand-gsd-to-sdd.sh
+echo "  Done."
+
+# Step 5: Summary
+echo ""
+echo "[5/5] Summary"
+echo ""
+echo "  Upstream version: $(git log upstream/main --oneline -1)"
+echo "  Local version:    $(cat package.json | grep '"version"' | head -1)"
+echo ""
+echo "  Next steps:"
+echo "  1. Review:   git diff --stat"
+echo "  2. Test:     node bin/install.js --cursor --local"
+echo "  3. Commit:   git add -A && git commit -m 'sync: upstream vX.Y.Z + rebrand'"
+echo "  4. Push:     git push origin main upstream-sync"
+echo "  5. Publish:  npm publish --access public"