@codemcp/ade-harnesses 0.0.2 → 0.1.1

package/src/writers/opencode.spec.ts

@@ -0,0 +1,258 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, mkdir, rm, readFile, writeFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
+import { parse as parseYaml } from "yaml";
+import { opencodeWriter } from "./opencode.js";
+
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
+
+describe("opencodeWriter", () => {
+  let dir: string;
+
+  beforeEach(async () => {
+    dir = await mkdtemp(join(tmpdir(), "ade-harness-opencode-"));
+  });
+
+  afterEach(async () => {
+    await rm(dir, { recursive: true, force: true });
+  });
+
+  it("writes OpenCode permissions to the ADE agent frontmatter using the documented schema", async () => {
+    const rigidRoot = join(dir, "rigid");
+    const defaultsRoot = join(dir, "defaults");
+    const maxRoot = join(dir, "max");
+
+    const baseConfig = {
+      mcp_servers: [],
+      instructions: ["Follow project rules."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    } satisfies LogicalConfig;
+
+    const rigidConfig = {
+      ...baseConfig,
+      permission_policy: autonomyPolicy("rigid")
+    } as LogicalConfig;
+
+    const maxConfig = {
+      ...baseConfig,
+      permission_policy: autonomyPolicy("max-autonomy")
+    } as LogicalConfig;
+
+    const defaultsConfig = {
+      ...baseConfig,
+      permission_policy: autonomyPolicy("sensible-defaults")
+    } as LogicalConfig;
+
+    await opencodeWriter.install(rigidConfig, rigidRoot);
+    await opencodeWriter.install(defaultsConfig, defaultsRoot);
+    await opencodeWriter.install(maxConfig, maxRoot);
+
+    const rigidAgent = await readFile(
+      join(rigidRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+    const defaultsAgent = await readFile(
+      join(defaultsRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+    const maxAgent = await readFile(
+      join(maxRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+    const rigidFrontmatter = parseFrontmatter(rigidAgent);
+    const defaultsFrontmatter = parseFrontmatter(defaultsAgent);
+    const maxFrontmatter = parseFrontmatter(maxAgent);
+
+    await expect(
+      readFile(join(rigidRoot, "opencode.json"), "utf-8")
+    ).rejects.toThrow();
+    await expect(
+      readFile(join(defaultsRoot, "opencode.json"), "utf-8")
+    ).rejects.toThrow();
+    await expect(
+      readFile(join(maxRoot, "opencode.json"), "utf-8")
+    ).rejects.toThrow();
+
+    expect(rigidAgent).toContain("permission:");
+    expect(rigidAgent).toContain('"*": "ask"');
+    expect(rigidAgent).toContain('webfetch: "ask"');
+    expect(rigidAgent).toContain('websearch: "ask"');
+    expect(rigidAgent).toContain('codesearch: "ask"');
+    expect(rigidFrontmatter.permission).toMatchObject({
+      "*": "ask",
+      webfetch: "ask",
+      websearch: "ask",
+      codesearch: "ask"
+    });
+
+    expect(defaultsAgent).toContain('edit: "allow"');
+    expect(defaultsAgent).toContain('glob: "allow"');
+    expect(defaultsAgent).toContain('grep: "allow"');
+    expect(defaultsAgent).toContain('list: "allow"');
+    expect(defaultsAgent).toContain('lsp: "allow"');
+    expect(defaultsAgent).toContain('task: "allow"');
+    expect(defaultsAgent).toContain('skill: "deny"');
+    expect(defaultsAgent).toContain('todoread: "deny"');
+    expect(defaultsAgent).toContain('todowrite: "deny"');
+    expect(defaultsAgent).toContain('webfetch: "ask"');
+    expect(defaultsAgent).toContain('websearch: "ask"');
+    expect(defaultsAgent).toContain('codesearch: "ask"');
+    expect(defaultsAgent).toContain('external_directory: "deny"');
+    expect(defaultsAgent).toContain('doom_loop: "deny"');
+    expect(defaultsAgent).toContain('"grep *": "allow"');
+    expect(defaultsAgent).toContain('"cp *": "ask"');
+    expect(defaultsAgent).toContain('"rm *": "deny"');
+    expect(defaultsFrontmatter.permission).toMatchObject({
+      edit: "allow",
+      glob: "allow",
+      grep: "allow",
+      list: "allow",
+      lsp: "allow",
+      task: "allow",
+      skill: "deny",
+      todoread: "deny",
+      todowrite: "deny",
+      webfetch: "ask",
+      websearch: "ask",
+      codesearch: "ask",
+      external_directory: "deny",
+      doom_loop: "deny"
+    });
+    const defaultsPermission = defaultsFrontmatter.permission as {
+      bash: Record<string, string>;
+    };
+    expect(defaultsPermission.bash["grep *"]).toBe("allow");
+    expect(defaultsPermission.bash["cp *"]).toBe("ask");
+    expect(defaultsPermission.bash["rm *"]).toBe("deny");
+
+    expect(maxAgent).toContain('"*": "allow"');
+    expect(maxAgent).toContain('webfetch: "ask"');
+    expect(maxAgent).toContain('websearch: "ask"');
+    expect(maxAgent).toContain('codesearch: "ask"');
+    expect(maxFrontmatter.permission).toMatchObject({
+      "*": "allow",
+      webfetch: "ask",
+      websearch: "ask",
+      codesearch: "ask"
+    });
+    expect(rigidAgent).not.toContain("tools:");
+  });
+
+  it("keeps MCP servers in project config and writes documented environment fields", async () => {
+    const projectRoot = join(dir, "mcp");
+    const config = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["@codemcp/workflows-server@latest"],
+          env: { FOO: "bar" },
+          allowedTools: ["whats_next"]
+        }
+      ],
+      instructions: ["Follow project rules."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("rigid")
+    } as LogicalConfig;
+
+    await mkdir(projectRoot, { recursive: true });
+    await writeFile(
+      join(projectRoot, "opencode.json"),
+      JSON.stringify(
+        {
+          $schema: "https://opencode.ai/config.json",
+          permission: { read: "allow" }
+        },
+        null,
+        2
+      ) + "\n",
+      "utf-8"
+    );
+
+    await opencodeWriter.install(config, projectRoot);
+
+    const projectJson = JSON.parse(
+      await readFile(join(projectRoot, "opencode.json"), "utf-8")
+    );
+    const agent = await readFile(
+      join(projectRoot, ".opencode", "agents", "ade.md"),
+      "utf-8"
+    );
+
+    expect(projectJson.permission).toEqual({ read: "allow" });
+    expect(projectJson.mcp).toEqual({
+      workflows: {
+        type: "local",
+        command: ["npx", "@codemcp/workflows-server@latest"],
+        environment: { FOO: "bar" }
+      }
+    });
+    expect(agent).toContain("permission:");
+    expect(agent).not.toContain("mcp_servers:");
+  });
+});
+
+function parseFrontmatter(content: string) {
+  const match = content.match(/^---\n([\s\S]*?)\n---/);
+  if (!match) {
+    throw new Error("Expected frontmatter in agent markdown");
+  }
+
+  return parseYaml(match[1]) as Record<string, unknown>;
+}

package/src/writers/opencode.ts

@@ -1,7 +1,8 @@
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { LogicalConfig, PermissionRule } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
-import { writeMcpServers, writeAgentMd, writeGitHooks } from "../util.js";
+import { writeAgentMd, writeGitHooks, writeMcpServers } from "../util.js";
+import { getHarnessPermissionRules } from "../permission-policy.js";
 
 export const opencodeWriter: HarnessWriter = {
   id: "opencode",
@@ -14,41 +15,53 @@ export const opencodeWriter: HarnessWriter = {
       transform: (s) => ({
         type: "local",
         command: [s.command, ...s.args],
-        ...(Object.keys(s.env).length > 0 ? { env: s.env } : {})
+        ...(Object.keys(s.env).length > 0 ? { environment: s.env } : {})
       }),
       defaults: { $schema: "https://opencode.ai/config.json" }
     });
 
-    const servers = config.mcp_servers;
-    const extraFm: string[] = [
-      "tools:",
-      "  read: true",
-      "  edit: approve",
-      "  bash: approve"
-    ];
-
-    if (servers.length > 0) {
-      extraFm.push("mcp_servers:");
-      for (const s of servers) {
-        extraFm.push(`  ${s.ref}:`);
-        extraFm.push(
-          `    command: [${[s.command, ...s.args].map((a) => `"${a}"`).join(", ")}]`
-        );
-        if (Object.keys(s.env).length > 0) {
-          extraFm.push("    env:");
-          for (const [k, v] of Object.entries(s.env)) {
-            extraFm.push(`      ${k}: "${v}"`);
-          }
-        }
-      }
-    }
+    const permission = getHarnessPermissionRules(config);
 
     await writeAgentMd(config, {
       path: join(projectRoot, ".opencode", "agents", "ade.md"),
-      extraFrontmatter: extraFm,
+      extraFrontmatter: permission
+        ? renderYamlMapping("permission", permission)
+        : undefined,
       fallbackBody:
         "ADE — Agentic Development Environment agent with project conventions and tools."
     });
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
+
+function renderYamlMapping(
+  key: string,
+  value: Record<string, PermissionRule>,
+  indent = 0
+): string[] {
+  const prefix = " ".repeat(indent);
+  const lines = [`${prefix}${formatYamlKey(key)}:`];
+
+  for (const [childKey, childValue] of Object.entries(value)) {
+    if (
+      typeof childValue === "object" &&
+      childValue !== null &&
+      !Array.isArray(childValue)
+    ) {
+      lines.push(...renderYamlMapping(childKey, childValue, indent + 2));
+      continue;
+    }
+
+    lines.push(
+      `${" ".repeat(indent + 2)}${formatYamlKey(childKey)}: ${JSON.stringify(childValue)}`
+    );
+  }
+
+  return lines;
+}
+
+function formatYamlKey(value: string): string {
+  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
+    ? value
+    : JSON.stringify(value);
+}

package/src/writers/roo-code.spec.ts

@@ -2,9 +2,57 @@ import { describe, it, expect, beforeEach, afterEach } from "vitest";
 import { mkdtemp, rm, readFile } from "node:fs/promises";
 import { tmpdir } from "node:os";
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
 import { rooCodeWriter } from "./roo-code.js";
 
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
+
 describe("rooCodeWriter", () => {
   let dir: string;
 
@@ -19,6 +67,7 @@ describe("rooCodeWriter", () => {
   it("has correct metadata", () => {
     expect(rooCodeWriter.id).toBe("roo-code");
     expect(rooCodeWriter.label).toBe("Roo Code");
+    expect(rooCodeWriter.description).toContain(".roomodes");
   });
 
   it("writes .roo/mcp.json with MCP servers", async () => {
@@ -66,4 +115,83 @@ describe("rooCodeWriter", () => {
     const content = await readFile(join(dir, ".roorules"), "utf-8");
     expect(content).toContain("Follow TDD.");
   });
+
+  it("maps autonomy to Roo mode groups conservatively while forwarding MCP approvals separately", async () => {
+    const rigidRoot = join(dir, "rigid");
+    const defaultsRoot = join(dir, "defaults");
+    const maxRoot = join(dir, "max");
+
+    const baseConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["whats_next"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    } satisfies LogicalConfig;
+
+    await rooCodeWriter.install(
+      {
+        ...baseConfig,
+        permission_policy: autonomyPolicy("rigid")
+      },
+      rigidRoot
+    );
+    await rooCodeWriter.install(
+      {
+        ...baseConfig,
+        permission_policy: autonomyPolicy("sensible-defaults")
+      },
+      defaultsRoot
+    );
+    await rooCodeWriter.install(
+      {
+        ...baseConfig,
+        permission_policy: autonomyPolicy("max-autonomy")
+      },
+      maxRoot
+    );
+
+    const rigidModes = JSON.parse(
+      await readFile(join(rigidRoot, ".roomodes"), "utf-8")
+    );
+    const defaultsModes = JSON.parse(
+      await readFile(join(defaultsRoot, ".roomodes"), "utf-8")
+    );
+    const maxModes = JSON.parse(
+      await readFile(join(maxRoot, ".roomodes"), "utf-8")
+    );
+    const rigidMcp = JSON.parse(
+      await readFile(join(rigidRoot, ".roo", "mcp.json"), "utf-8")
+    );
+
+    expect(rigidModes.customModes.ade.groups).toEqual(["mcp"]);
+    expect(defaultsModes.customModes.ade.groups).toEqual([
+      "read",
+      "edit",
+      "mcp"
+    ]);
+    expect(maxModes.customModes.ade.groups).toEqual([
+      "read",
+      "edit",
+      "command",
+      "mcp"
+    ]);
+
+    expect(defaultsModes.customModes.ade.groups).not.toContain("command");
+    expect(rigidModes.customModes.ade.groups).not.toContain("web");
+    expect(defaultsModes.customModes.ade.groups).not.toContain("web");
+    expect(maxModes.customModes.ade.groups).not.toContain("web");
+
+    expect(rigidMcp.mcpServers.workflows.alwaysAllow).toEqual(["whats_next"]);
+  });
 });

package/src/writers/roo-code.ts

@@ -2,23 +2,70 @@ import { join } from "node:path";
 import type { LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
+  readJsonOrEmpty,
   writeMcpServers,
   alwaysAllowEntry,
   writeRulesFile,
-  writeGitHooks
+  writeGitHooks,
+  writeJson
 } from "../util.js";
+import { allowsCapability, hasPermissionPolicy } from "../permission-policy.js";
 
 export const rooCodeWriter: HarnessWriter = {
   id: "roo-code",
   label: "Roo Code",
-  description: "AI coding agent — .roo/mcp.json + .roorules",
+  description: "AI coding agent — .roo/mcp.json + .roomodes + .roorules",
   async install(config: LogicalConfig, projectRoot: string) {
     await writeMcpServers(config.mcp_servers, {
       path: join(projectRoot, ".roo", "mcp.json"),
       transform: alwaysAllowEntry
     });
 
+    await writeRooModes(config, projectRoot);
     await writeRulesFile(config.instructions, join(projectRoot, ".roorules"));
     await writeGitHooks(config.git_hooks, projectRoot);
   }
 };
+
+async function writeRooModes(
+  config: LogicalConfig,
+  projectRoot: string
+): Promise<void> {
+  if (!hasPermissionPolicy(config)) {
+    return;
+  }
+
+  const roomodesPath = join(projectRoot, ".roomodes");
+  const existing = await readJsonOrEmpty(roomodesPath);
+  const existingCustomModes = asRecord(existing.customModes);
+
+  await writeJson(roomodesPath, {
+    ...existing,
+    customModes: {
+      ...existingCustomModes,
+      ade: {
+        slug: "ade",
+        name: "ADE",
+        roleDefinition:
+          "ADE — Agentic Development Environment mode generated by ADE.",
+        groups: getRooModeGroups(config),
+        source: "project"
+      }
+    }
+  });
+}
+
+function asRecord(value: unknown): Record<string, unknown> {
+  return value !== null && typeof value === "object" && !Array.isArray(value)
+    ? (value as Record<string, unknown>)
+    : {};
+}
+
+function getRooModeGroups(config: LogicalConfig): string[] {
+  return [
+    ...(allowsCapability(config, "read") ? ["read"] : []),
+    ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
+    ...(allowsCapability(config, "bash_unsafe") ? ["command"] : []),
+    ...(config.mcp_servers.length > 0 ? ["mcp"] : [])
+  ];
+}

package/src/writers/universal.spec.ts

@@ -0,0 +1,134 @@
+import { describe, it, expect, beforeEach, afterEach } from "vitest";
+import { mkdtemp, rm, readFile } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import type {
+  AutonomyProfile,
+  LogicalConfig,
+  PermissionPolicy
+} from "@codemcp/ade-core";
+import { universalWriter } from "./universal.js";
+
+function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
+  switch (profile) {
+    case "rigid":
+      return {
+        profile,
+        capabilities: {
+          read: "ask",
+          edit_write: "ask",
+          search_list: "ask",
+          bash_safe: "ask",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "ask"
+        }
+      };
+    case "sensible-defaults":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "ask",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+    case "max-autonomy":
+      return {
+        profile,
+        capabilities: {
+          read: "allow",
+          edit_write: "allow",
+          search_list: "allow",
+          bash_safe: "allow",
+          bash_unsafe: "allow",
+          web: "ask",
+          task_agent: "allow"
+        }
+      };
+  }
+}
+
+describe("universalWriter", () => {
+  let dir: string;
+
+  beforeEach(async () => {
+    dir = await mkdtemp(join(tmpdir(), "ade-harness-universal-"));
+  });
+
+  afterEach(async () => {
+    await rm(dir, { recursive: true, force: true });
+  });
+
+  it("has correct metadata", () => {
+    expect(universalWriter.id).toBe("universal");
+    expect(universalWriter.label).toBe("Universal (AGENTS.md + .mcp.json)");
+    expect(universalWriter.description).toContain("AGENTS.md");
+  });
+
+  it("writes AGENTS.md instructions when provided", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [],
+      instructions: ["Follow the workflow.", "Keep changes focused."],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: []
+    };
+
+    await universalWriter.install(config, dir);
+
+    const content = await readFile(join(dir, "AGENTS.md"), "utf-8");
+    expect(content).toContain("# AGENTS");
+    expect(content).toContain("Follow the workflow.");
+    expect(content).toContain("Keep changes focused.");
+  });
+
+  it("documents autonomy as guidance only because Universal has no enforceable permission schema", async () => {
+    const config: LogicalConfig = {
+      mcp_servers: [
+        {
+          ref: "workflows",
+          command: "npx",
+          args: ["-y", "@codemcp/workflows"],
+          env: {},
+          allowedTools: ["whats_next"]
+        }
+      ],
+      instructions: [],
+      cli_actions: [],
+      knowledge_sources: [],
+      skills: [],
+      git_hooks: [],
+      setup_notes: [],
+      permission_policy: autonomyPolicy("sensible-defaults")
+    };
+
+    await universalWriter.install(config, dir);
+
+    const agents = await readFile(join(dir, "AGENTS.md"), "utf-8");
+    expect(agents).toContain("## Autonomy");
+    expect(agents).toContain("documentation-only guidance");
+    expect(agents).toContain("no enforceable harness-level permission schema");
+    expect(agents).toContain("Profile: `sensible-defaults`");
+    expect(agents).toContain("- `read`: allow");
+    expect(agents).toContain("- `bash_unsafe`: ask");
+    expect(agents).toContain("- `web`: ask");
+    expect(agents).toContain(
+      "MCP permissions are not re-modeled by autonomy here"
+    );
+
+    const mcpRaw = await readFile(join(dir, ".mcp.json"), "utf-8");
+    const mcp = JSON.parse(mcpRaw);
+    expect(mcp.mcpServers.workflows).toEqual({
+      command: "npx",
+      args: ["-y", "@codemcp/workflows"]
+    });
+    expect(mcp.mcpServers.workflows).not.toHaveProperty("allowedTools");
+  });
+});