npm - @codacy/gate-cli - Versions diffs - 0.1.0 → 0.3.0 - Mend

@codacy/gate-cli 0.1.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/bin/gate.js +132 -1
package/data/skills/gate-analyze/SKILL.md +214 -0
package/data/skills/gate-feedback/SKILL.md +12 -0
package/data/skills/gate-setup/SKILL.md +402 -0
package/data/skills/gate-setup/patterns-reference.yaml +586 -0
package/data/skills/gate-setup/standard-template.yaml +141 -0
package/data/skills/gate-status/SKILL.md +45 -0
package/package.json +2 -1

package/data/skills/gate-setup/standard-template.yaml ADDED Viewed

@@ -0,0 +1,141 @@
+# GATE.md — Standard Template
+# YAML skeleton used by /gate-setup to generate .gate/standard.yaml
+# All fields with empty values are populated during synthesis.
+# See STANDARDS-SPEC.md section 2 for the full schema.
+version: "1.0.0"
+created_by: ""
+# Project metadata — populated from codebase analysis
+knowledge_spec:
+  project_name: ""
+  languages: []
+  frameworks: []
+  architecture: ""     # monorepo | monolith | microservices
+  build_system: ""     # npm | yarn | pnpm | pip | go | maven | gradle
+  test_framework: ""   # vitest | jest | pytest | go test | junit
+# Quality assessment dimensions (always 4)
+# Thresholds from patterns-reference.yaml, adjusted per codebase
+quality_dimensions:
+  - id: comprehensibility
+    description: "Code readable in one context load"
+    signals:
+      - metric: file_length
+        threshold: 300
+        unit: lines
+        rationale: "AI context windows degrade on large files"
+      - metric: cyclomatic_complexity
+        threshold: 15
+        unit: per_function
+        rationale: "Complexity-aware feedback improves AI performance by 35.71%"
+      - metric: function_length
+        threshold: 50
+        unit: lines
+        rationale: "Short functions are easier for agents to modify safely"
+      - metric: naming_quality
+        tool: ai
+        rationale: "Descriptive names improve AI comprehension by 2x"
+  - id: modularity
+    description: "Modify one concern without touching 3+ files"
+    signals:
+      - metric: single_responsibility
+        tool: ai
+        rationale: "AI performance drops sharply at 3+ files per change"
+      - metric: shallow_abstractions
+        tool: ai
+        rationale: "LLMs struggle with deep inheritance hierarchies"
+  - id: type_safety
+    description: "Type system catches errors before runtime"
+    signals: []  # Populated per-language during synthesis
+  - id: test_adequacy
+    description: "Tests define expected behavior for agents"
+    signals:
+      - metric: test_coverage
+        threshold: 80
+        unit: percent
+        ai_threshold: 90
+        rationale: "90% recommended for AI-generated code"
+      - metric: test_quality
+        tool: ai
+        rationale: "Tests are the primary safety net for AI agents"
+# Security patterns (CWE-mapped, always all 7)
+security_patterns:
+  - id: no-hardcoded-secrets
+    description: "No secrets, API keys, passwords, or tokens in source code"
+    severity: critical
+    cwe: [CWE-798]
+    enforced_by: []  # Populated with Trivy/Semgrep during synthesis
+  - id: input-sanitization
+    description: "All user input validated and sanitized before use"
+    severity: critical
+    cwe: [CWE-20, CWE-80, CWE-89, CWE-117]
+    enforced_by: []
+  - id: parameterized-queries
+    description: "Database queries use parameters, never string concatenation"
+    severity: critical
+    cwe: [CWE-89]
+    enforced_by: []
+  - id: dependency-verification
+    description: "No known-vulnerable dependencies"
+    severity: high
+    cwe: [CWE-1395]
+    enforced_by: []
+  - id: no-unsafe-deserialization
+    description: "No unsafe deserialization of untrusted data"
+    severity: high
+    cwe: [CWE-502]
+    enforced_by: []
+  - id: access-control-checks
+    description: "Authorization verified on all sensitive operations"
+    severity: high
+    cwe: [CWE-639]
+    enforced_by: []  # AI-only — requires business context
+  - id: config-file-integrity
+    description: "Configuration files not manipulable by untrusted input"
+    severity: high
+    cwe: [CWE-15]
+    enforced_by: []  # AI-only
+# Project-specific patterns (2-5, synthesized during setup)
+custom_patterns: []
+# Example:
+#   - id: auth-middleware-required
+#     description: "All API routes must use authentication middleware"
+#     severity: high
+#     enforced_by: []
+#     rationale: "Project uses express with JWT auth"
+# Process constraints
+process_constraints:
+  self_healing_limit: 2    # Max fix-recheck iterations (research: degradation after 2)
+  analysis_mode: balanced  # lightweight | balanced | thorough
+  exclude_paths:
+    - node_modules
+    - dist
+    - build
+    - .git
+    - vendor
+    - __pycache__
+    - .next
+    - coverage
+# Tool configuration (populated during synthesis based on detected languages)
+tool_configuration: {}
+# Example:
+#   eslint:
+#     enabled: true
+#     config_file: ".gate/tools/eslint.config.mjs"
+#   semgrep:
+#     enabled: true
+#     rulesets: ["p/security-audit", "p/typescript"]

package/data/skills/gate-status/SKILL.md ADDED Viewed

@@ -0,0 +1,45 @@
+# /gate-status — Show GATE.md quality status
+You are showing the current GATE.md quality status for this project. This gives a quick overview of project health without running a new analysis.
+---
+## Step 1: Check configuration
+Verify `gate` CLI is available: `which gate`. If not: "Re-run the GATE.md installer."
+---
+## Step 2: Fetch and display status
+Run:
+```bash
+gate status --history
+```
+This fetches the project memory context (standard info, last run, trends, pending items) and recent run history, then displays a formatted summary.
+**If the service is unreachable**: the CLI falls back to showing local data with an offline note.
+**If not configured**: the CLI prints "GATE.md is not configured for this project. Run /gate-setup."
+---
+## Step 3: Interpret for the user
+After showing the raw status output, provide a brief interpretation:
+- If **declining trend**: "Quality is trending down. Consider running `/gate-analyze` to identify issues."
+- If **pending items exist**: "There are N pending items to address."
+- If **no runs**: "No analyses recorded yet. The hook will run automatically on your next stop, or use `/gate-analyze`."
+- If **PASS with improving trend**: "Project quality is good and improving."
+---
+## For JSON output (programmatic use)
+```bash
+gate status --history --json
+```
+Returns structured JSON with `memory` and `runs` fields.

package/package.json CHANGED Viewed

@@ -1,12 +1,13 @@
 {
   "name": "@codacy/gate-cli",
-  "version": "0.1.0",
+  "version": "0.3.0",
   "description": "CLI for GATE.md quality gate service",
   "bin": {
     "gate": "./bin/gate.js"
   },
   "files": [
     "bin/gate.js",
+    "data/skills/",
     "package.json",
     "README.md"
   ],