@codacy/gate-cli 0.2.0 → 0.3.0

package/bin/gate.js

@@ -12093,8 +12093,138 @@ async function runReview(opts, globals) {
   process.exit(0);
 }
 
+// src/commands/init.ts
+var import_node_fs9 = require("node:fs");
+var import_promises8 = require("node:fs/promises");
+var import_node_path6 = require("node:path");
+var import_node_child_process5 = require("node:child_process");
+function resolveDataDir() {
+  const candidates = [
+    (0, import_node_path6.join)(__dirname, "..", "data"),
+    // installed: node_modules/@codacy/gate-cli/data
+    (0, import_node_path6.join)(__dirname, "..", "..", "data"),
+    // edge case: nested resolution
+    (0, import_node_path6.join)(process.cwd(), "cli", "data")
+    // local dev: running from repo root
+  ];
+  for (const candidate of candidates) {
+    if ((0, import_node_fs9.existsSync)((0, import_node_path6.join)(candidate, "skills"))) {
+      return candidate;
+    }
+  }
+  throw new Error(
+    "Could not find GATE.md skill data. Reinstall: npm install -g @codacy/gate-cli"
+  );
+}
+async function copyDir(src, dest) {
+  await (0, import_promises8.mkdir)(dest, { recursive: true });
+  await (0, import_promises8.cp)(src, dest, { recursive: true, force: true });
+}
+function registerInitCommand(program2) {
+  program2.command("init").description("Initialize GATE.md in the current project").option("--force", "Overwrite existing skills and hooks").action(async (opts) => {
+    const force = opts.force ?? false;
+    const projectMarkers = [".git", "package.json", "pyproject.toml", "go.mod", "Cargo.toml", "Gemfile", "pom.xml", "build.gradle"];
+    const isProject = projectMarkers.some((m) => (0, import_node_fs9.existsSync)(m));
+    if (!isProject) {
+      printError("No project detected in the current directory.");
+      printInfo('Run "gate init" from your project root.');
+      process.exit(1);
+    }
+    console.log("");
+    printInfo("Initializing GATE.md in this project...");
+    console.log("");
+    printInfo("Checking prerequisites...");
+    const nodeVersion = process.version;
+    const nodeMajor = parseInt(nodeVersion.slice(1), 10);
+    if (nodeMajor < 20) {
+      printError(`Node.js 20+ required (found ${nodeVersion}). Update from https://nodejs.org`);
+      process.exit(1);
+    }
+    printInfo(`  Node.js ${nodeVersion} \u2713`);
+    try {
+      const gitVersion = (0, import_node_child_process5.execSync)("git --version", { encoding: "utf-8" }).trim();
+      printInfo(`  ${gitVersion} \u2713`);
+    } catch {
+      printError("git is required but not installed. Install from https://git-scm.com");
+      process.exit(1);
+    }
+    try {
+      (0, import_node_child_process5.execSync)("which claude", { encoding: "utf-8" });
+      printInfo("  Claude Code \u2713");
+    } catch {
+      printWarn("  Claude Code not found \u2014 hooks will be configured but need Claude Code to run.");
+    }
+    try {
+      (0, import_node_child_process5.execSync)("which codacy-analysis", { encoding: "utf-8" });
+      printInfo("  @codacy/analysis-cli \u2713");
+    } catch {
+      printWarn("  @codacy/analysis-cli not found \u2014 static analysis will be unavailable.");
+      printWarn("  Install: npm install -g @codacy/analysis-cli");
+    }
+    console.log("");
+    printInfo("Installing skills...");
+    const dataDir = resolveDataDir();
+    const skillsSource = (0, import_node_path6.join)(dataDir, "skills");
+    const skillsDest = ".claude/skills";
+    const skills = ["gate-setup", "gate-analyze", "gate-status", "gate-feedback"];
+    let skillsInstalled = 0;
+    for (const skill of skills) {
+      const src = (0, import_node_path6.join)(skillsSource, skill);
+      const dest = (0, import_node_path6.join)(skillsDest, skill);
+      if (!(0, import_node_fs9.existsSync)(src)) {
+        printWarn(`  Skill data not found: ${skill}`);
+        continue;
+      }
+      if ((0, import_node_fs9.existsSync)(dest) && !force) {
+        const srcSkill = (0, import_node_path6.join)(src, "SKILL.md");
+        const destSkill = (0, import_node_path6.join)(dest, "SKILL.md");
+        if ((0, import_node_fs9.existsSync)(destSkill)) {
+          try {
+            const srcContent = await (0, import_promises8.readFile)(srcSkill, "utf-8");
+            const destContent = await (0, import_promises8.readFile)(destSkill, "utf-8");
+            if (srcContent === destContent) {
+              skillsInstalled++;
+              continue;
+            }
+          } catch {
+          }
+        }
+      }
+      await copyDir(src, dest);
+      skillsInstalled++;
+    }
+    printInfo(`  ${skillsInstalled}/${skills.length} skills installed to .claude/skills/ \u2713`);
+    printInfo("Wiring Claude Code hooks...");
+    const settings = await readSettings();
+    const hookResult = installGateHooks(settings, force);
+    if (hookResult.ok) {
+      await writeSettings(hookResult.data);
+      printInfo("  Stop hook: gate analyze \u2713");
+      printInfo("  Intent hook: gate intent capture \u2713");
+    } else {
+      printWarn(`  ${hookResult.error}`);
+      printInfo('  Run "gate hooks install --force" to overwrite.');
+    }
+    await (0, import_promises8.mkdir)(GATE_DIR, { recursive: true });
+    const globalGateDir = (0, import_node_path6.join)(process.env.HOME ?? "", ".gate");
+    await (0, import_promises8.mkdir)(globalGateDir, { recursive: true });
+    console.log("");
+    printInfo("GATE.md initialized!");
+    console.log("");
+    console.log("  Installed:");
+    console.log("    .claude/skills/gate-setup/     \u2014 project configuration");
+    console.log("    .claude/skills/gate-analyze/   \u2014 on-demand analysis");
+    console.log("    .claude/skills/gate-status/    \u2014 project health");
+    console.log("    .claude/skills/gate-feedback/  \u2014 beta feedback");
+    console.log("    .claude/settings.json          \u2014 hooks (gate analyze + intent capture)");
+    console.log("");
+    console.log("  Next step: open this project in Claude Code and run /gate-setup");
+    console.log("");
+  });
+}
+
 // src/cli.ts
-program.name("gate").description("CLI for GATE.md quality gate service").version("0.1.0").option("--token <token>", "Override authentication token").option("--service-url <url>", "Override service URL").option("--verbose", "Log HTTP requests/responses to stderr");
+program.name("gate").description("CLI for GATE.md quality gate service").version("0.3.0").option("--token <token>", "Override authentication token").option("--service-url <url>", "Override service URL").option("--verbose", "Log HTTP requests/responses to stderr");
 registerAuthCommands(program);
 registerHooksCommands(program);
 registerIntentCommands(program);
@@ -12104,4 +12234,5 @@ registerStatusCommand(program);
 registerFeedbackCommand(program);
 registerAnalyzeCommand(program);
 registerReviewCommand(program);
+registerInitCommand(program);
 program.parse();

package/data/skills/gate-analyze/SKILL.md

@@ -0,0 +1,214 @@
+# /gate-analyze — Run GATE.md analysis on demand
+
+You are running an on-demand GATE.md analysis. This is like a "second opinion" — the user (or you) can invoke it at any point to get a quality and security review with rich context.
+
+**Usage:**
+- `/gate-analyze` — Curate files, write intent, select specs autonomously (deep review)
+- `/gate-analyze src/api/routes.ts src/db.ts` — Analyze specific files (quick check)
+- `/gate-analyze src/api/` — Analyze a directory and related files
+- `/gate-analyze --full` — Sample the full codebase (20 most recently modified files)
+- `/gate-analyze --intent "Implementing OAuth2 PKCE flow per spec/AUTH.md"` — User provides intent
+
+---
+
+## Step 1: Check configuration
+
+1. Verify `.gate/standard.yaml` exists. If not: "Run `/gate-setup` first."
+2. Verify `gate` CLI is available: `which gate`. If not: "Re-run the GATE.md installer: `curl -fsSL https://raw.githubusercontent.com/codacy/gatemd/main/install.sh | bash`"
+3. Run `gate auth verify` to check token is valid. If it fails: "GATE.md not configured. Run `/gate-setup` first."
+
+---
+
+## Step 2: Determine files to analyze
+
+### Quick mode (specific files or `--full`)
+
+**Specific files** (paths or directories provided):
+- Use the provided file paths directly. If a directory is given, include all analyzable files under it.
+- Verify each file exists.
+
+**`--full` flag** (full codebase sample):
+```bash
+FILES=$(git ls-files | grep -E '\.(ts|tsx|js|jsx|mjs|cjs|py|go|java|kt|rb|rs|c|cpp|h|hpp|cs|php)$')
+```
+If more than 20 files, select the 20 most recently modified:
+```bash
+echo "$FILES" | xargs ls -t | head -20
+```
+
+In quick mode, skip Steps 3 and 4 — go straight to Step 5.
+
+### Deep mode (no arguments, or directory hints)
+
+When no specific files are given, curate a comprehensive review scope:
+
+#### 2a. Start with changed files
+
+```bash
+CHANGED=$(git diff --name-only HEAD 2>/dev/null; git diff --name-only --cached 2>/dev/null; git ls-files --others --exclude-standard 2>/dev/null)
+CHANGED_CODE=$(echo "$CHANGED" | sort -u | grep -E '\.(ts|tsx|js|jsx|mjs|cjs|py|go|java|kt|rb|rs|c|cpp|h|hpp|cs|php)$')
+```
+
+Also check if the agent just committed (clean tree but recent HEAD):
+```bash
+# If working tree is clean, check what the last commit changed
+git diff --name-only HEAD~1..HEAD 2>/dev/null
+```
+
+If the user provided directory hints (e.g., `/gate-analyze src/api/`), also include all files under those directories.
+
+#### 2b. Add related files
+
+For each changed file, identify and add:
+
+1. **Direct dependencies** — files that the changed file imports. Read the import/require statements and resolve the paths.
+2. **Reverse dependencies** — files that import the changed file. Grep for the module name across the codebase.
+3. **Type/interface files** — shared type definitions, interfaces, or schemas referenced by the changes.
+4. **Test files** — corresponding test files for changed modules (e.g., `foo.test.ts` for `foo.ts`, `test_foo.py` for `foo.py`).
+
+#### 2c. Prioritize and cap
+
+Rank files by relevance:
+1. Changed files (always included first)
+2. Direct dependencies that define interfaces/types being used
+3. Test files for changed code
+4. Reverse dependencies (consumers that might break)
+
+**Cap at 20 files total.** If you need to cut, drop reverse dependencies first, then tests.
+
+#### 2d. Track changed vs context
+
+Keep two lists:
+- **`changed_files`** — the files that were actually modified (git dirty or recently committed)
+- **`all_files`** — all files to include in the analysis (changed + context)
+
+If no analyzable files found: "No analyzable files found."
+
+---
+
+## Step 3: Write the intent description
+
+Synthesize the conversation context into a clear intent description. This is NOT the raw user prompt — it's your understanding of what the work is trying to achieve.
+
+**Template:**
+
+```
+I am [adding/modifying/fixing/refactoring] [feature/component name].
+
+Goal: [What the user asked for, or the problem being solved.]
+
+Approach: [Key architectural decisions. What patterns are being used?]
+
+Trade-offs: [Anything you chose deliberately that could be questioned.]
+
+Review focus: [Specific concerns you want the reviewer to evaluate.]
+```
+
+**Guidelines:**
+- Cap at 2000 characters
+- Be specific — "adding JWT auth with RS256 to /api/users" not "adding authentication"
+- Include trade-offs and areas of uncertainty — the reviewer will focus there
+- If the user provided `--intent`, use it as the base and augment with your understanding
+- Skip this step entirely in quick mode (specific files or --full)
+
+---
+
+## Step 4: Select relevant specs
+
+Identify spec/documentation files that provide context:
+
+- Specs referenced in the user's request
+- Specs that define interfaces or APIs being implemented
+- Architecture docs relevant to the area being changed
+
+**Read each spec file and prepare for inclusion.** Limits: max 10 files, 10KB per file, 30KB total.
+
+Common spec locations to check:
+- `spec/*.md`, `docs/*.md`
+- `CLAUDE.md`, `AGENTS.md`, `CONTRIBUTING.md`
+
+If no specs are relevant, skip this step.
+
+---
+
+## Step 5: Run the analysis
+
+Use the `gate review` command with all the context you gathered:
+
+```bash
+gate review \
+  --files "src/auth/pkce.ts,src/auth/callback.ts,src/auth/types.ts,src/middleware/auth.ts" \
+  --changed "src/auth/pkce.ts,src/auth/callback.ts" \
+  --intent "I am adding OAuth2 PKCE authentication flow..." \
+  --specs "spec/AUTH.md,CLAUDE.md"
+```
+
+**Arguments:**
+- `--files` (required): Comma-separated list of ALL files to include (changed + context)
+- `--changed` (optional): Comma-separated list of actually-modified files (subset of --files). If omitted, all files are treated as changed.
+- `--intent` (optional): Your synthesized intent description. Quote it.
+- `--specs` (optional): Comma-separated list of spec file paths to include.
+
+The CLI handles static analysis, file reading with size limits, payload construction, and the API call.
+
+---
+
+## Step 6: Display results
+
+Parse the JSON response and format clearly:
+
+```
+=== GATE.md Analysis ===
+Gate Decision: WARN
+Quality: 7.5/10  |  Security: 8.0/10  |  Overall: 7.8/10
+Trend: stable
+
+--- Assessment ---
+[narrative from assessment.narrative]
+
+--- Findings (2) ---
+
+[HIGH] Service Role Client for Non-Admin Operations
+  File: supabase/functions/webhook/index.ts:25
+  Pattern: access-control-checks (CWE-639)
+  Fix: Limit SELECT fields to only what's needed for the notification.
+
+[MEDIUM] File Complexity Exceeds Threshold
+  File: supabase/functions/webhook/index.ts:1
+  Pattern: comprehensibility
+  Fix: Refactor into separate handler files per event type.
+
+--- Intent Alignment ---
+Score: 9/10 (aligned)
+Goal: "Add webhook handlers for Stripe events"
+Implementation matches intent. No gaps detected.
+
+--- Quality Dimensions ---
+Comprehensibility: 6.5/10 — webhook file is too large
+Modularity: 7.0/10 — good separation except webhook handler
+Type Safety: 9.0/10 — strict TypeScript throughout
+Test Adequacy: 5.0/10 — missing webhook handler tests
+
+--- Pending Items ---
+1. [HIGH] Add tests for webhook event handlers
+2. [MEDIUM] Refactor webhook into handler modules
+
+View full report: https://gatemd.lovable.app/runs/run-20260327-...?token=gateview_...
+```
+
+---
+
+## Step 7: Offer to fix
+
+- **If FAIL or findings exist**: "The analysis found N issues. Would you like me to fix them?" If yes, apply fixes from findings, then re-run (iteration 2 max). If iteration 2 still fails, report remaining issues for human review.
+- **If WARN**: "Non-blocking issues found. Would you like me to address them?"
+- **If PASS**: "Code meets the Standard. No issues found."
+
+---
+
+## Important notes
+
+- This does NOT replace the automatic stop hook. The hook still fires on every agent stop.
+- Runs are tagged with `trigger: "review"` in the database.
+- Size limits: 20 files max, 50KB per file, 200KB total code, 2000 char intent, 30KB specs.
+- If the service is unreachable, static analysis still runs locally.

package/data/skills/gate-feedback/SKILL.md

@@ -0,0 +1,12 @@
+# /gate-feedback — Send feedback to the GATE.md team
+
+If the user provided a message (e.g., `/gate-feedback the analysis is too slow`), use their **exact words** as the message. Do NOT rephrase, expand, add context, or editorialize. Send exactly what they typed, nothing more.
+
+If they just typed `/gate-feedback` with no message, ask: "What feedback would you like to share?"
+
+```bash
+gate feedback "<their exact message>"
+```
+
+On success: "Thanks, feedback sent!"
+On error: "Couldn't send feedback right now. Your message: [repeat it so it's not lost]."