npm - @codemcp/ade - Versions diffs - 0.2.5 → 0.3.0 - Mend

@codemcp/ade 0.2.5 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (45) hide show

package/.agentskills/skills/conventional-commits/SKILL.md +36 -0
package/.beads/issues.jsonl +6 -0
package/.beads/last-touched +1 -1
package/.kiro/agents/ade.json +9 -2
package/.opencode/agents/ade.md +9 -18
package/.vibe/beads-state-ade-fix-no-git-k396xs.json +34 -0
package/.vibe/development-plan-fix-no-git.md +76 -0
package/AGENTS.md +27 -0
package/config.lock.yaml +33 -9
package/config.yaml +3 -0
package/package.json +1 -1
package/packages/cli/dist/index.js +404 -343
package/packages/cli/package.json +1 -1
package/packages/cli/src/commands/conventions.integration.spec.ts +7 -1
package/packages/cli/src/commands/install.ts +19 -1
package/packages/cli/src/commands/setup.ts +19 -1
package/packages/core/package.json +1 -1
package/packages/core/src/catalog/catalog.spec.ts +1 -10
package/packages/core/src/catalog/facets/autonomy.ts +4 -62
package/packages/core/src/index.ts +1 -4
package/packages/core/src/resolver.spec.ts +4 -22
package/packages/core/src/resolver.ts +1 -5
package/packages/core/src/types.ts +0 -20
package/packages/harnesses/package.json +2 -1
package/packages/harnesses/src/permission-policy.ts +1 -165
package/packages/harnesses/src/util.spec.ts +97 -0
package/packages/harnesses/src/util.ts +32 -4
package/packages/harnesses/src/writers/claude-code.spec.ts +14 -46
package/packages/harnesses/src/writers/claude-code.ts +33 -16
package/packages/harnesses/src/writers/cline.spec.ts +1 -41
package/packages/harnesses/src/writers/copilot.spec.ts +2 -42
package/packages/harnesses/src/writers/copilot.ts +19 -32
package/packages/harnesses/src/writers/cursor.spec.ts +1 -41
package/packages/harnesses/src/writers/cursor.ts +28 -40
package/packages/harnesses/src/writers/kiro.spec.ts +1 -41
package/packages/harnesses/src/writers/kiro.ts +23 -24
package/packages/harnesses/src/writers/opencode.spec.ts +5 -47
package/packages/harnesses/src/writers/opencode.ts +153 -10
package/packages/harnesses/src/writers/roo-code.spec.ts +2 -42
package/packages/harnesses/src/writers/roo-code.ts +25 -10
package/packages/harnesses/src/writers/universal.spec.ts +1 -41
package/packages/harnesses/src/writers/universal.ts +45 -31
package/packages/harnesses/src/writers/windsurf.spec.ts +5 -42
package/packages/harnesses/src/writers/windsurf.ts +30 -47
package/skills-lock.json +6 -1

package/packages/harnesses/src/writers/opencode.spec.ts CHANGED Viewed

@@ -11,47 +11,7 @@ import { parse as parseYaml } from "yaml";
 import { opencodeWriter } from "./opencode.js";
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 describe("opencodeWriter", () => {
@@ -142,17 +102,16 @@ describe("opencodeWriter", () => {
     expect(defaultsAgent).toContain('grep: "allow"');
     expect(defaultsAgent).toContain('list: "allow"');
     expect(defaultsAgent).toContain('lsp: "allow"');
-    expect(defaultsAgent).toContain('task: "allow"');
+    expect(defaultsAgent).toContain('task: "deny"');
     expect(defaultsAgent).toContain('skill: "deny"');
     expect(defaultsAgent).toContain('todoread: "deny"');
     expect(defaultsAgent).toContain('todowrite: "deny"');
     expect(defaultsAgent).toContain('webfetch: "ask"');
     expect(defaultsAgent).toContain('websearch: "ask"');
     expect(defaultsAgent).toContain('codesearch: "ask"');
-    expect(defaultsAgent).toContain('external_directory: "deny"');
+    expect(defaultsAgent).toContain('external_directory: "ask"');
     expect(defaultsAgent).toContain('doom_loop: "deny"');
     expect(defaultsAgent).toContain('"grep *": "allow"');
-    expect(defaultsAgent).toContain('"cp *": "ask"');
     expect(defaultsAgent).toContain('"rm *": "deny"');
     expect(defaultsFrontmatter.permission).toMatchObject({
       edit: "allow",
@@ -160,21 +119,20 @@ describe("opencodeWriter", () => {
       grep: "allow",
       list: "allow",
       lsp: "allow",
-      task: "allow",
+      task: "deny",
       skill: "deny",
       todoread: "deny",
       todowrite: "deny",
       webfetch: "ask",
       websearch: "ask",
       codesearch: "ask",
-      external_directory: "deny",
+      external_directory: "ask",
       doom_loop: "deny"
     });
     const defaultsPermission = defaultsFrontmatter.permission as {
       bash: Record<string, string>;
     };
     expect(defaultsPermission.bash["grep *"]).toBe("allow");
-    expect(defaultsPermission.bash["cp *"]).toBe("ask");
     expect(defaultsPermission.bash["rm *"]).toBe("deny");
     expect(maxAgent).toContain('"*": "allow"');

package/packages/harnesses/src/writers/opencode.ts CHANGED Viewed

@@ -1,8 +1,157 @@
 import { join } from "node:path";
-import type { LogicalConfig, PermissionRule } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
-import { writeAgentMd, writeGitHooks, writeMcpServers } from "../util.js";
-import { getHarnessPermissionRules } from "../permission-policy.js";
+import {
+  writeAgentMd,
+  writeGitHooks,
+  writeMcpServers,
+  formatYamlKey
+} from "../util.js";
+import { getAutonomyProfile } from "../permission-policy.js";
+type PermissionDecision = "ask" | "allow" | "deny";
+type PermissionRule = PermissionDecision | Record<string, PermissionDecision>;
+const APPLICABLE_TO_ALL: Record<string, PermissionRule> = {
+  read: {
+    "*": "allow",
+    "*.env": "deny",
+    "*.env.*": "deny",
+    "*.env.example": "allow"
+  },
+  skill: "deny", //we're using an own skills-mcp
+  todoread: "deny", //no agent-proprieatry todo tools
+  todowrite: "deny",
+  task: "deny",
+  lsp: "allow",
+  glob: "allow",
+  grep: "allow",
+  list: "allow",
+  external_directory: "ask"
+};
+const RIGID_RULES: Record<string, PermissionRule> = {
+  ...APPLICABLE_TO_ALL,
+  "*": "ask",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  external_directory: "deny",
+  doom_loop: "deny"
+};
+const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
+  ...APPLICABLE_TO_ALL,
+  edit: "allow",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  bash: {
+    "*": "ask",
+    "grep *": "allow",
+    "rg *": "allow",
+    "find *": "allow",
+    "fd *": "allow",
+    "ls *": "allow",
+    "cat *": "allow",
+    "head *": "allow",
+    "tail *": "allow",
+    "wc *": "allow",
+    "sort *": "allow",
+    "uniq *": "allow",
+    "diff *": "allow",
+    "echo *": "allow",
+    "printf *": "allow",
+    pwd: "allow",
+    "which *": "allow",
+    "type *": "allow",
+    whoami: "allow",
+    date: "allow",
+    "date *": "allow",
+    env: "allow",
+    "tree *": "allow",
+    "file *": "allow",
+    "stat *": "allow",
+    "readlink *": "allow",
+    "realpath *": "allow",
+    "dirname *": "allow",
+    "basename *": "allow",
+    "sed *": "allow",
+    "awk *": "allow",
+    "cut *": "allow",
+    "tr *": "allow",
+    "tee *": "allow",
+    "xargs *": "allow",
+    "jq *": "allow",
+    "yq *": "allow",
+    "mkdir *": "allow",
+    "touch *": "allow",
+    "kill *": "ask",
+    "rm *": "deny",
+    "rmdir *": "deny",
+    "curl *": "deny",
+    "wget *": "deny",
+    "chmod *": "deny",
+    "chown *": "deny",
+    "sudo *": "deny",
+    "su *": "deny",
+    "sh *": "deny",
+    "bash *": "deny",
+    "zsh *": "deny",
+    "eval *": "deny",
+    "exec *": "deny",
+    "source *": "deny",
+    ". *": "deny",
+    "nohup *": "deny",
+    "dd *": "deny",
+    "mkfs *": "deny",
+    "mount *": "deny",
+    "umount *": "deny",
+    "killall *": "deny",
+    "pkill *": "deny",
+    "nc *": "deny",
+    "ncat *": "deny",
+    "ssh *": "deny",
+    "scp *": "deny",
+    "rsync *": "deny",
+    "docker *": "deny",
+    "kubectl *": "deny",
+    "systemctl *": "deny",
+    "service *": "deny",
+    "crontab *": "deny",
+    reboot: "deny",
+    "shutdown *": "deny",
+    "passwd *": "deny",
+    "useradd *": "deny",
+    "userdel *": "deny",
+    "iptables *": "deny"
+  },
+  doom_loop: "deny"
+};
+const MAX_AUTONOMY_RULES: Record<string, PermissionRule> = {
+  ...APPLICABLE_TO_ALL,
+  "*": "allow",
+  webfetch: "ask",
+  websearch: "ask",
+  codesearch: "ask",
+  doom_loop: "deny"
+};
+function getPermissionRules(
+  profile: AutonomyProfile | undefined
+): Record<string, PermissionRule> | undefined {
+  switch (profile) {
+    case "rigid":
+      return RIGID_RULES;
+    case "sensible-defaults":
+      return SENSIBLE_DEFAULTS_RULES;
+    case "max-autonomy":
+      return MAX_AUTONOMY_RULES;
+    default:
+      return undefined;
+  }
+}
 export const opencodeWriter: HarnessWriter = {
   id: "opencode",
@@ -20,7 +169,7 @@ export const opencodeWriter: HarnessWriter = {
       defaults: { $schema: "https://opencode.ai/config.json" }
     });
-    const permission = getHarnessPermissionRules(config);
+    const permission = getPermissionRules(getAutonomyProfile(config));
     await writeAgentMd(config, {
       path: join(projectRoot, ".opencode", "agents", "ade.md"),
@@ -59,9 +208,3 @@ function renderYamlMapping(
   return lines;
 }
-function formatYamlKey(value: string): string {
-  return /^[A-Za-z_][A-Za-z0-9_-]*$/.test(value)
-    ? value
-    : JSON.stringify(value);
-}

package/packages/harnesses/src/writers/roo-code.spec.ts CHANGED Viewed

@@ -10,47 +10,7 @@ import type {
 import { rooCodeWriter } from "./roo-code.js";
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 describe("rooCodeWriter", () => {
@@ -174,7 +134,7 @@ describe("rooCodeWriter", () => {
       await readFile(join(rigidRoot, ".roo", "mcp.json"), "utf-8")
     );
-    expect(rigidModes.customModes.ade.groups).toEqual(["mcp"]);
+    expect(rigidModes.customModes.ade.groups).toEqual(["read", "mcp"]);
     expect(defaultsModes.customModes.ade.groups).toEqual([
       "read",
       "edit",

package/packages/harnesses/src/writers/roo-code.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 import { join } from "node:path";
-import type { LogicalConfig } from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import {
   readJsonOrEmpty,
@@ -9,7 +9,10 @@ import {
   writeGitHooks,
   writeJson
 } from "../util.js";
-import { allowsCapability, hasPermissionPolicy } from "../permission-policy.js";
+import {
+  getAutonomyProfile,
+  hasPermissionPolicy
+} from "../permission-policy.js";
 export const rooCodeWriter: HarnessWriter = {
   id: "roo-code",
@@ -48,7 +51,10 @@ async function writeRooModes(
         name: "ADE",
         roleDefinition:
           "ADE — Agentic Development Environment mode generated by ADE.",
-        groups: getRooModeGroups(config),
+        groups: getRooModeGroups(
+          getAutonomyProfile(config),
+          config.mcp_servers.length > 0
+        ),
         source: "project"
       }
     }
@@ -61,11 +67,20 @@ function asRecord(value: unknown): Record<string, unknown> {
     : {};
 }
-function getRooModeGroups(config: LogicalConfig): string[] {
-  return [
-    ...(allowsCapability(config, "read") ? ["read"] : []),
-    ...(allowsCapability(config, "edit_write") ? ["edit"] : []),
-    ...(allowsCapability(config, "bash_unsafe") ? ["command"] : []),
-    ...(config.mcp_servers.length > 0 ? ["mcp"] : [])
-  ];
+function getRooModeGroups(
+  profile: AutonomyProfile | undefined,
+  hasMcpServers: boolean
+): string[] {
+  const mcpGroup = hasMcpServers ? ["mcp"] : [];
+  switch (profile) {
+    case "rigid":
+      return ["read", ...mcpGroup];
+    case "sensible-defaults":
+      return ["read", "edit", ...mcpGroup];
+    case "max-autonomy":
+      return ["read", "edit", "command", ...mcpGroup];
+    default:
+      return ["read", "edit", "command", ...mcpGroup];
+  }
 }

package/packages/harnesses/src/writers/universal.spec.ts CHANGED Viewed

@@ -10,47 +10,7 @@ import type {
 import { universalWriter } from "./universal.js";
 function autonomyPolicy(profile: AutonomyProfile): PermissionPolicy {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }
 describe("universalWriter", () => {

package/packages/harnesses/src/writers/universal.ts CHANGED Viewed

@@ -1,40 +1,16 @@
 import { join } from "node:path";
 import { writeFile } from "node:fs/promises";
-import type {
-  AutonomyCapability,
-  LogicalConfig,
-  PermissionDecision
-} from "@codemcp/ade-core";
+import type { AutonomyProfile, LogicalConfig } from "@codemcp/ade-core";
 import type { HarnessWriter } from "../types.js";
 import { writeMcpServers, writeGitHooks } from "../util.js";
-const CAPABILITY_ORDER: AutonomyCapability[] = [
-  "read",
-  "edit_write",
-  "search_list",
-  "bash_safe",
-  "bash_unsafe",
-  "web",
-  "task_agent"
-];
-function formatCapabilityGuidance(
-  capability: AutonomyCapability,
-  decision: PermissionDecision
-): string {
-  return `- \`${capability}\`: ${decision}`;
-}
+import { getAutonomyProfile } from "../permission-policy.js";
 function renderAutonomyGuidance(config: LogicalConfig): string | undefined {
-  const policy = config.permission_policy;
-  if (!policy) {
+  const profile = getAutonomyProfile(config);
+  if (!profile) {
     return undefined;
   }
-  const capabilityLines = CAPABILITY_ORDER.map((capability) =>
-    formatCapabilityGuidance(capability, policy.capabilities[capability])
-  );
   return [
     "## Autonomy",
     "",
@@ -42,15 +18,53 @@ function renderAutonomyGuidance(config: LogicalConfig): string | undefined {
     "",
     "Treat this autonomy profile as documentation-only guidance for built-in/basic operations.",
     "",
-    `Profile: \`${policy.profile}\``,
+    `Profile: \`${profile}\``,
     "",
-    "Built-in/basic capability guidance:",
-    ...capabilityLines,
+    ...getUniversalProfileGuidance(profile),
     "",
     "MCP permissions are not re-modeled by autonomy here; any MCP approvals must come from provisioning-aware consuming harnesses rather than the Universal writer."
   ].join("\n");
 }
+function getUniversalProfileGuidance(profile: AutonomyProfile): string[] {
+  const header = "Built-in/basic capability guidance:";
+  switch (profile) {
+    case "rigid":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: ask",
+        "- `search_list`: ask",
+        "- `bash_safe`: ask",
+        "- `bash_unsafe`: ask",
+        "- `web`: ask",
+        "- `task_agent`: ask"
+      ];
+    case "sensible-defaults":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: allow",
+        "- `search_list`: allow",
+        "- `bash_safe`: allow",
+        "- `bash_unsafe`: ask",
+        "- `web`: ask",
+        "- `task_agent`: allow"
+      ];
+    case "max-autonomy":
+      return [
+        header,
+        "- `read`: allow",
+        "- `edit_write`: allow",
+        "- `search_list`: allow",
+        "- `bash_safe`: allow",
+        "- `bash_unsafe`: allow",
+        "- `web`: ask",
+        "- `task_agent`: allow"
+      ];
+  }
+}
 export const universalWriter: HarnessWriter = {
   id: "universal",
   label: "Universal (AGENTS.md + .mcp.json)",

package/packages/harnesses/src/writers/windsurf.spec.ts CHANGED Viewed

@@ -95,7 +95,10 @@ describe("windsurfWriter", () => {
     expect(rigidRules).toContain("Windsurf limitation:");
     expect(rigidRules).toContain("advisory only");
     expect(rigidRules).toContain(
-      "Ask before: read files, edit and write files, search and list files, safe local shell commands, unsafe local shell commands, web and network access, task or agent delegation."
+      "May proceed without extra approval: read files."
+    );
+    expect(rigidRules).toContain(
+      "Ask before: edit and write files, search and list files, safe local shell commands, unsafe local shell commands, web and network access, task or agent delegation."
     );
     expect(sensibleRules).toContain("Windsurf limitation:");
@@ -134,45 +137,5 @@ describe("windsurfWriter", () => {
 function autonomyPolicy(
   profile: "rigid" | "sensible-defaults" | "max-autonomy"
 ): LogicalConfig["permission_policy"] {
-  switch (profile) {
-    case "rigid":
-      return {
-        profile,
-        capabilities: {
-          read: "ask",
-          edit_write: "ask",
-          search_list: "ask",
-          bash_safe: "ask",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "ask"
-        }
-      };
-    case "sensible-defaults":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "ask",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-    case "max-autonomy":
-      return {
-        profile,
-        capabilities: {
-          read: "allow",
-          edit_write: "allow",
-          search_list: "allow",
-          bash_safe: "allow",
-          bash_unsafe: "allow",
-          web: "ask",
-          task_agent: "allow"
-        }
-      };
-  }
+  return { profile };
 }