@codemcp/ade 0.2.6 → 0.4.0

package/packages/core/src/catalog/facets/autonomy.ts

@@ -9,26 +9,26 @@ export const autonomyFacet: Facet = {
   multiSelect: false,
   options: [
     {
-      id: "rigid",
-      label: "Rigid",
+      id: "sensible-defaults",
+      label: "Sensible defaults",
       description:
-        "Keep built-in capabilities approval-gated and require confirmation before acting",
+        "Allow a curated built-in capabilities set while keeping potentially risky actions approval-gated",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "rigid" }
+          config: { profile: "sensible-defaults" }
         }
       ]
     },
     {
-      id: "sensible-defaults",
-      label: "Sensible defaults",
+      id: "rigid",
+      label: "Rigid",
       description:
-        "Allow a curated low-risk built-in capability set while keeping web access approval-gated",
+        "Keep built-in capabilities approval-gated and require confirmation before acting",
       recipe: [
         {
           writer: "permission-policy",
-          config: { profile: "sensible-defaults" }
+          config: { profile: "rigid" }
         }
       ]
     },
@@ -36,7 +36,7 @@ export const autonomyFacet: Facet = {
       id: "max-autonomy",
       label: "Max autonomy",
       description:
-        "Allow broad local built-in autonomy while keeping web access approval-gated",
+        "Allow broad local built-in autonomy. Recommended for sandboxed environments only",
       recipe: [
         {
           writer: "permission-policy",

package/packages/core/src/catalog/facets/backpressure.ts

@@ -89,7 +89,7 @@ export const backpressureFacet: Facet = {
   id: "backpressure",
   label: "Backpressure",
   description:
-    "Install git hooks that enforce quality gates — silent on success, surface only relevant failures",
+    "Which automated quality gates to put in place. Translates to git hooks",
   required: false,
   multiSelect: true,
   dependsOn: ["architecture"],

package/packages/core/src/catalog/facets/practices.ts

@@ -3,8 +3,7 @@ import type { Facet } from "../../types.js";
 export const practicesFacet: Facet = {
   id: "practices",
   label: "Practices",
-  description:
-    "Composable development practices — mix and match regardless of stack",
+  description: "Development practices — mix and match regardless of stack",
   required: false,
   multiSelect: true,
   options: [

package/packages/core/src/catalog/facets/process.ts

@@ -3,7 +3,7 @@ import type { Facet } from "../../types.js";
 export const processFacet: Facet = {
   id: "process",
   label: "Process",
-  description: "How your AI agent receives and executes tasks",
+  description: "How will you guide your agent",
   required: true,
   options: [
     {

package/packages/harnesses/package.json

@@ -28,6 +28,7 @@
     "typecheck": "tsc --noEmit"
   },
   "dependencies": {
+    "@clack/prompts": "^1.1.0",
     "@codemcp/ade-core": "workspace:*",
     "@codemcp/skills": "^2.3.0"
   },
@@ -39,5 +40,5 @@
     "typescript": "catalog:",
     "vitest": "catalog:"
   },
-  "version": "0.2.6"
+  "version": "0.4.0"
 }

package/packages/harnesses/src/util.spec.ts

@@ -0,0 +1,97 @@
+import { describe, it, expect, beforeEach, afterEach, vi } from "vitest";
+import { mkdtemp, rm, mkdir, readFile, stat } from "node:fs/promises";
+import { tmpdir } from "node:os";
+import { join } from "node:path";
+import * as clack from "@clack/prompts";
+import type { GitHook } from "@codemcp/ade-core";
+import { writeGitHooks } from "./util.js";
+
+describe("writeGitHooks", () => {
+  let dir: string;
+
+  beforeEach(async () => {
+    dir = await mkdtemp(join(tmpdir(), "ade-util-git-hooks-"));
+    vi.spyOn(clack.log, "warn").mockImplementation(() => undefined);
+  });
+
+  afterEach(async () => {
+    await rm(dir, { recursive: true, force: true });
+    vi.restoreAllMocks();
+  });
+
+  it("is a no-op when hooks is undefined", async () => {
+    await expect(writeGitHooks(undefined, dir)).resolves.toBeUndefined();
+    expect(clack.log.warn).not.toHaveBeenCalled();
+  });
+
+  it("is a no-op when hooks array is empty", async () => {
+    await expect(writeGitHooks([], dir)).resolves.toBeUndefined();
+    expect(clack.log.warn).not.toHaveBeenCalled();
+  });
+
+  it("warns and skips gracefully when .git directory does not exist", async () => {
+    const hooks: GitHook[] = [
+      { phase: "pre-commit", script: "#!/bin/sh\nnpx lint-staged" }
+    ];
+
+    await expect(writeGitHooks(hooks, dir)).resolves.toBeUndefined();
+
+    expect(clack.log.warn).toHaveBeenCalledOnce();
+    expect(clack.log.warn).toHaveBeenCalledWith(
+      expect.stringContaining("not a git repository")
+    );
+
+    // No .git/hooks directory should have been created
+    await expect(stat(join(dir, ".git"))).rejects.toThrow();
+  });
+
+  it("writes hook files when .git exists", async () => {
+    await mkdir(join(dir, ".git"), { recursive: true });
+
+    const script = "#!/bin/sh\nnpx lint-staged\n";
+    const hooks: GitHook[] = [{ phase: "pre-commit", script }];
+
+    await writeGitHooks(hooks, dir);
+
+    expect(clack.log.warn).not.toHaveBeenCalled();
+
+    const written = await readFile(
+      join(dir, ".git", "hooks", "pre-commit"),
+      "utf-8"
+    );
+    expect(written).toBe(script);
+  });
+
+  it("creates .git/hooks directory if it does not exist yet", async () => {
+    // .git exists but no hooks subdir
+    await mkdir(join(dir, ".git"), { recursive: true });
+
+    const hooks: GitHook[] = [{ phase: "pre-commit", script: "#!/bin/sh\n" }];
+    await writeGitHooks(hooks, dir);
+
+    const hookStat = await stat(join(dir, ".git", "hooks"));
+    expect(hookStat.isDirectory()).toBe(true);
+  });
+
+  it("writes multiple hooks", async () => {
+    await mkdir(join(dir, ".git"), { recursive: true });
+
+    const hooks: GitHook[] = [
+      { phase: "pre-commit", script: "#!/bin/sh\necho pre-commit\n" },
+      { phase: "pre-push", script: "#!/bin/sh\necho pre-push\n" }
+    ];
+
+    await writeGitHooks(hooks, dir);
+
+    const preCommit = await readFile(
+      join(dir, ".git", "hooks", "pre-commit"),
+      "utf-8"
+    );
+    const prePush = await readFile(
+      join(dir, ".git", "hooks", "pre-push"),
+      "utf-8"
+    );
+    expect(preCommit).toBe(hooks[0].script);
+    expect(prePush).toBe(hooks[1].script);
+  });
+});

package/packages/harnesses/src/util.ts

@@ -1,5 +1,6 @@
-import { mkdir, readFile, writeFile } from "node:fs/promises";
+import { access, mkdir, readFile, writeFile } from "node:fs/promises";
 import { dirname, join } from "node:path";
+import * as clack from "@clack/prompts";
 import type { GitHook, LogicalConfig, McpServerEntry } from "@codemcp/ade-core";
 
 // ---------------------------------------------------------------------------
@@ -169,15 +170,31 @@ export async function writeAgentMd(
 /**
  * Write git hook scripts to `.git/hooks/<phase>`.
  * Files are created with executable permissions (0o755).
- * No-op when the hooks array is empty.
+ * No-op when the hooks array is empty or undefined.
+ * Emits a warning and skips gracefully when the project root is not a git repository.
  */
 export async function writeGitHooks(
   hooks: GitHook[] | undefined,
   projectRoot: string
 ): Promise<void> {
-  if (!hooks) return;
+  if (!hooks || hooks.length === 0) return;
+
+  const gitDir = join(projectRoot, ".git");
+  try {
+    await access(gitDir);
+  } catch {
+    clack.log.warn(
+      "Git hooks were configured but could not be installed: the project is not a git repository.\n" +
+        "Run `git init` and re-run setup to install the hooks."
+    );
+    return;
+  }
+
+  const hooksDir = join(gitDir, "hooks");
+  await mkdir(hooksDir, { recursive: true });
+
   for (const hook of hooks) {
-    const hookPath = join(projectRoot, ".git", "hooks", hook.phase);
+    const hookPath = join(hooksDir, hook.phase);
     await writeFile(hookPath, hook.script, { mode: 0o755 });
   }
 }

package/packages/harnesses/src/writers/opencode.spec.ts

@@ -102,17 +102,16 @@ describe("opencodeWriter", () => {
     expect(defaultsAgent).toContain('grep: "allow"');
     expect(defaultsAgent).toContain('list: "allow"');
     expect(defaultsAgent).toContain('lsp: "allow"');
-    expect(defaultsAgent).toContain('task: "allow"');
+    expect(defaultsAgent).toContain('task: "deny"');
     expect(defaultsAgent).toContain('skill: "deny"');
     expect(defaultsAgent).toContain('todoread: "deny"');
     expect(defaultsAgent).toContain('todowrite: "deny"');
     expect(defaultsAgent).toContain('webfetch: "ask"');
     expect(defaultsAgent).toContain('websearch: "ask"');
     expect(defaultsAgent).toContain('codesearch: "ask"');
-    expect(defaultsAgent).toContain('external_directory: "deny"');
+    expect(defaultsAgent).toContain('external_directory: "ask"');
     expect(defaultsAgent).toContain('doom_loop: "deny"');
     expect(defaultsAgent).toContain('"grep *": "allow"');
-    expect(defaultsAgent).toContain('"cp *": "ask"');
     expect(defaultsAgent).toContain('"rm *": "deny"');
     expect(defaultsFrontmatter.permission).toMatchObject({
       edit: "allow",
@@ -120,21 +119,20 @@ describe("opencodeWriter", () => {
       grep: "allow",
       list: "allow",
       lsp: "allow",
-      task: "allow",
+      task: "deny",
       skill: "deny",
       todoread: "deny",
       todowrite: "deny",
       webfetch: "ask",
       websearch: "ask",
       codesearch: "ask",
-      external_directory: "deny",
+      external_directory: "ask",
       doom_loop: "deny"
     });
     const defaultsPermission = defaultsFrontmatter.permission as {
       bash: Record<string, string>;
     };
     expect(defaultsPermission.bash["grep *"]).toBe("allow");
-    expect(defaultsPermission.bash["cp *"]).toBe("ask");
     expect(defaultsPermission.bash["rm *"]).toBe("deny");
 
     expect(maxAgent).toContain('"*": "allow"');

package/packages/harnesses/src/writers/opencode.ts

@@ -12,7 +12,26 @@ import { getAutonomyProfile } from "../permission-policy.js";
 type PermissionDecision = "ask" | "allow" | "deny";
 type PermissionRule = PermissionDecision | Record<string, PermissionDecision>;
 
+const APPLICABLE_TO_ALL: Record<string, PermissionRule> = {
+  read: {
+    "*": "allow",
+    "*.env": "deny",
+    "*.env.*": "deny",
+    "*.env.example": "allow"
+  },
+  skill: "deny", //we're using an own skills-mcp
+  todoread: "deny", //no agent-proprieatry todo tools
+  todowrite: "deny",
+  task: "deny",
+  lsp: "allow",
+  glob: "allow",
+  grep: "allow",
+  list: "allow",
+  external_directory: "ask"
+};
+
 const RIGID_RULES: Record<string, PermissionRule> = {
+  ...APPLICABLE_TO_ALL,
   "*": "ask",
   webfetch: "ask",
   websearch: "ask",
@@ -22,31 +41,17 @@ const RIGID_RULES: Record<string, PermissionRule> = {
 };
 
 const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
-  read: {
-    "*": "allow",
-    "*.env": "deny",
-    "*.env.*": "deny",
-    "*.env.example": "allow"
-  },
+  ...APPLICABLE_TO_ALL,
   edit: "allow",
-  glob: "allow",
-  grep: "allow",
-  list: "allow",
-  lsp: "allow",
-  task: "allow",
-  todoread: "deny",
-  todowrite: "deny",
-  skill: "deny",
   webfetch: "ask",
   websearch: "ask",
   codesearch: "ask",
   bash: {
-    "*": "deny",
+    "*": "ask",
     "grep *": "allow",
     "rg *": "allow",
     "find *": "allow",
     "fd *": "allow",
-    ls: "allow",
     "ls *": "allow",
     "cat *": "allow",
     "head *": "allow",
@@ -81,14 +86,7 @@ const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
     "yq *": "allow",
     "mkdir *": "allow",
     "touch *": "allow",
-    "cp *": "ask",
-    "mv *": "ask",
-    "ln *": "ask",
-    "npm *": "ask",
-    "node *": "ask",
-    "pip *": "ask",
-    "python *": "ask",
-    "python3 *": "ask",
+    "kill *": "ask",
     "rm *": "deny",
     "rmdir *": "deny",
     "curl *": "deny",
@@ -109,7 +107,6 @@ const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
     "mkfs *": "deny",
     "mount *": "deny",
     "umount *": "deny",
-    "kill *": "deny",
     "killall *": "deny",
     "pkill *": "deny",
     "nc *": "deny",
@@ -129,16 +126,15 @@ const SENSIBLE_DEFAULTS_RULES: Record<string, PermissionRule> = {
     "userdel *": "deny",
     "iptables *": "deny"
   },
-  external_directory: "deny",
   doom_loop: "deny"
 };
 
 const MAX_AUTONOMY_RULES: Record<string, PermissionRule> = {
+  ...APPLICABLE_TO_ALL,
   "*": "allow",
   webfetch: "ask",
   websearch: "ask",
   codesearch: "ask",
-  external_directory: "deny",
   doom_loop: "deny"
 };
 

package/skills-lock.json

@@ -4,13 +4,18 @@
     "adr-nygard": {
       "source": "/Users/oliverjaegle/projects/privat/codemcp/ade/.ade/skills/adr-nygard",
       "sourceType": "local",
-      "computedHash": "13cd33eb604e9e090057cce458469b2a1b609a6db3313a03df88d91776095b19"
+      "computedHash": "d62ee4c175a38f91d98a0536f863396ceb48c7de4275787520b07870705b4367"
     },
     "commit": {
       "source": "mrsimpson/skills-coding",
       "sourceType": "github",
       "computedHash": "fc628c7d577d2d9cf3cb0a917d3c5e2e35b460fdc62c353595b7472b6f1c6548"
     },
+    "conventional-commits": {
+      "source": "/Users/oliverjaegle/projects/privat/codemcp/ade/.ade/skills/conventional-commits",
+      "sourceType": "local",
+      "computedHash": "49dd439dbd856412264fa345eaa9bbf2526095cb16457ffc7fb66a9d2f4d5f9d"
+    },
     "tdd": {
       "source": "mrsimpson/skills-coding",
       "sourceType": "github",