npm - @devran-ai/kit - Versions diffs - 4.1.0 - Mend

@devran-ai/kit 4.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/.agent/CheatSheet.md +350 -0
package/.agent/README.md +76 -0
package/.agent/agents/README.md +155 -0
package/.agent/agents/architect.md +185 -0
package/.agent/agents/backend-specialist.md +276 -0
package/.agent/agents/build-error-resolver.md +207 -0
package/.agent/agents/code-reviewer.md +162 -0
package/.agent/agents/database-architect.md +138 -0
package/.agent/agents/devops-engineer.md +144 -0
package/.agent/agents/doc-updater.md +229 -0
package/.agent/agents/e2e-runner.md +145 -0
package/.agent/agents/explorer-agent.md +143 -0
package/.agent/agents/frontend-specialist.md +144 -0
package/.agent/agents/go-reviewer.md +128 -0
package/.agent/agents/knowledge-agent.md +197 -0
package/.agent/agents/mobile-developer.md +150 -0
package/.agent/agents/performance-optimizer.md +175 -0
package/.agent/agents/planner.md +133 -0
package/.agent/agents/pr-reviewer.md +148 -0
package/.agent/agents/python-reviewer.md +123 -0
package/.agent/agents/refactor-cleaner.md +201 -0
package/.agent/agents/reliability-engineer.md +156 -0
package/.agent/agents/security-reviewer.md +141 -0
package/.agent/agents/sprint-orchestrator.md +124 -0
package/.agent/agents/tdd-guide.md +179 -0
package/.agent/agents/typescript-reviewer.md +110 -0
package/.agent/checklists/README.md +102 -0
package/.agent/checklists/pre-commit.md +93 -0
package/.agent/checklists/session-end.md +99 -0
package/.agent/checklists/session-start.md +102 -0
package/.agent/checklists/task-complete.md +81 -0
package/.agent/commands/README.md +130 -0
package/.agent/commands/adr.md +29 -0
package/.agent/commands/ask.md +28 -0
package/.agent/commands/build.md +30 -0
package/.agent/commands/changelog.md +40 -0
package/.agent/commands/checkpoint.md +28 -0
package/.agent/commands/code-review.md +65 -0
package/.agent/commands/compact.md +28 -0
package/.agent/commands/cook.md +30 -0
package/.agent/commands/db.md +30 -0
package/.agent/commands/debug.md +31 -0
package/.agent/commands/deploy.md +37 -0
package/.agent/commands/design.md +29 -0
package/.agent/commands/doc.md +30 -0
package/.agent/commands/eval.md +30 -0
package/.agent/commands/fix.md +32 -0
package/.agent/commands/git.md +32 -0
package/.agent/commands/help.md +273 -0
package/.agent/commands/implement.md +30 -0
package/.agent/commands/integrate.md +32 -0
package/.agent/commands/learn.md +29 -0
package/.agent/commands/perf.md +31 -0
package/.agent/commands/plan.md +56 -0
package/.agent/commands/pr-describe.md +65 -0
package/.agent/commands/pr-fix.md +45 -0
package/.agent/commands/pr-merge.md +45 -0
package/.agent/commands/pr-review.md +50 -0
package/.agent/commands/pr-split.md +54 -0
package/.agent/commands/pr-status.md +56 -0
package/.agent/commands/pr.md +58 -0
package/.agent/commands/refactor.md +32 -0
package/.agent/commands/research.md +28 -0
package/.agent/commands/scout.md +30 -0
package/.agent/commands/security-scan.md +33 -0
package/.agent/commands/setup.md +31 -0
package/.agent/commands/status.md +59 -0
package/.agent/commands/tdd.md +73 -0
package/.agent/commands/verify.md +58 -0
package/.agent/contexts/brainstorm.md +26 -0
package/.agent/contexts/debug.md +28 -0
package/.agent/contexts/implement.md +29 -0
package/.agent/contexts/plan-quality-log.md +30 -0
package/.agent/contexts/review.md +27 -0
package/.agent/contexts/ship.md +28 -0
package/.agent/decisions/001-trust-grade-governance.md +46 -0
package/.agent/decisions/002-cross-ide-generation.md +15 -0
package/.agent/engine/identity.json +4 -0
package/.agent/engine/loading-rules.json +193 -0
package/.agent/engine/marketplace-index.json +29 -0
package/.agent/engine/mcp-servers/filesystem.json +9 -0
package/.agent/engine/mcp-servers/github.json +11 -0
package/.agent/engine/mcp-servers/postgres.json +11 -0
package/.agent/engine/mcp-servers/supabase.json +11 -0
package/.agent/engine/mcp-servers/vercel.json +11 -0
package/.agent/engine/reliability-config.json +14 -0
package/.agent/engine/sdlc-map.json +50 -0
package/.agent/engine/workflow-state.json +167 -0
package/.agent/hooks/README.md +101 -0
package/.agent/hooks/hooks.json +104 -0
package/.agent/hooks/templates/session-end.md +110 -0
package/.agent/hooks/templates/session-start.md +95 -0
package/.agent/manifest.json +466 -0
package/.agent/rules/agent-upgrade-policy.md +56 -0
package/.agent/rules/architecture.md +111 -0
package/.agent/rules/coding-style.md +75 -0
package/.agent/rules/documentation.md +74 -0
package/.agent/rules/git-workflow.md +140 -0
package/.agent/rules/quality-gate.md +117 -0
package/.agent/rules/security.md +67 -0
package/.agent/rules/sprint-tracking.md +103 -0
package/.agent/rules/testing.md +80 -0
package/.agent/rules/workflow-standards.md +30 -0
package/.agent/rules.md +293 -0
package/.agent/session-context.md +69 -0
package/.agent/session-state.json +27 -0
package/.agent/skills/README.md +135 -0
package/.agent/skills/api-patterns/SKILL.md +117 -0
package/.agent/skills/app-builder/SKILL.md +202 -0
package/.agent/skills/architecture/SKILL.md +101 -0
package/.agent/skills/behavioral-modes/SKILL.md +295 -0
package/.agent/skills/brainstorming/SKILL.md +156 -0
package/.agent/skills/clean-code/SKILL.md +142 -0
package/.agent/skills/context-budget/SKILL.md +78 -0
package/.agent/skills/continuous-learning/SKILL.md +145 -0
package/.agent/skills/database-design/SKILL.md +303 -0
package/.agent/skills/debugging-strategies/SKILL.md +158 -0
package/.agent/skills/deployment-procedures/SKILL.md +191 -0
package/.agent/skills/docker-patterns/SKILL.md +161 -0
package/.agent/skills/eval-harness/SKILL.md +89 -0
package/.agent/skills/frontend-patterns/SKILL.md +141 -0
package/.agent/skills/git-workflow/SKILL.md +159 -0
package/.agent/skills/i18n-localization/SKILL.md +191 -0
package/.agent/skills/intelligent-routing/SKILL.md +180 -0
package/.agent/skills/mcp-integration/SKILL.md +240 -0
package/.agent/skills/mobile-design/SKILL.md +191 -0
package/.agent/skills/nodejs-patterns/SKILL.md +164 -0
package/.agent/skills/parallel-agents/SKILL.md +200 -0
package/.agent/skills/performance-profiling/SKILL.md +134 -0
package/.agent/skills/plan-validation/SKILL.md +192 -0
package/.agent/skills/plan-writing/SKILL.md +183 -0
package/.agent/skills/plan-writing/domain-enhancers.md +184 -0
package/.agent/skills/plan-writing/plan-retrospective.md +116 -0
package/.agent/skills/plan-writing/plan-schema.md +119 -0
package/.agent/skills/pr-toolkit/SKILL.md +174 -0
package/.agent/skills/production-readiness/SKILL.md +126 -0
package/.agent/skills/security-practices/SKILL.md +109 -0
package/.agent/skills/shell-conventions/SKILL.md +92 -0
package/.agent/skills/strategic-compact/SKILL.md +62 -0
package/.agent/skills/testing-patterns/SKILL.md +141 -0
package/.agent/skills/typescript-expert/SKILL.md +160 -0
package/.agent/skills/ui-ux-pro-max/SKILL.md +137 -0
package/.agent/skills/ui-ux-pro-max/data/charts.csv +26 -0
package/.agent/skills/ui-ux-pro-max/data/colors.csv +97 -0
package/.agent/skills/ui-ux-pro-max/data/icons.csv +101 -0
package/.agent/skills/ui-ux-pro-max/data/landing.csv +31 -0
package/.agent/skills/ui-ux-pro-max/data/products.csv +97 -0
package/.agent/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
package/.agent/skills/ui-ux-pro-max/data/styles.csv +68 -0
package/.agent/skills/ui-ux-pro-max/data/typography.csv +58 -0
package/.agent/skills/ui-ux-pro-max/data/ui-reasoning.csv +101 -0
package/.agent/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
package/.agent/skills/ui-ux-pro-max/data/web-interface.csv +31 -0
package/.agent/skills/ui-ux-pro-max/scripts/core.py +253 -0
package/.agent/skills/ui-ux-pro-max/scripts/design_system.py +1067 -0
package/.agent/skills/ui-ux-pro-max/scripts/search.py +114 -0
package/.agent/skills/verification-loop/SKILL.md +89 -0
package/.agent/skills/webapp-testing/SKILL.md +175 -0
package/.agent/templates/adr-template.md +32 -0
package/.agent/templates/bug-report.md +37 -0
package/.agent/templates/feature-request.md +32 -0
package/.agent/workflows/README.md +101 -0
package/.agent/workflows/brainstorm.md +86 -0
package/.agent/workflows/create.md +85 -0
package/.agent/workflows/debug.md +83 -0
package/.agent/workflows/deploy.md +114 -0
package/.agent/workflows/enhance.md +85 -0
package/.agent/workflows/orchestrate.md +106 -0
package/.agent/workflows/plan.md +105 -0
package/.agent/workflows/pr-fix.md +163 -0
package/.agent/workflows/pr-merge.md +117 -0
package/.agent/workflows/pr-review.md +178 -0
package/.agent/workflows/pr-split.md +118 -0
package/.agent/workflows/pr.md +184 -0
package/.agent/workflows/preflight.md +107 -0
package/.agent/workflows/preview.md +95 -0
package/.agent/workflows/quality-gate.md +103 -0
package/.agent/workflows/retrospective.md +100 -0
package/.agent/workflows/review.md +104 -0
package/.agent/workflows/status.md +89 -0
package/.agent/workflows/test.md +98 -0
package/.agent/workflows/ui-ux-pro-max.md +93 -0
package/.agent/workflows/upgrade.md +97 -0
package/LICENSE +21 -0
package/README.md +218 -0
package/bin/kit.js +773 -0
package/lib/agent-registry.js +228 -0
package/lib/agent-reputation.js +343 -0
package/lib/circuit-breaker.js +195 -0
package/lib/cli-commands.js +322 -0
package/lib/config-validator.js +274 -0
package/lib/conflict-detector.js +252 -0
package/lib/constants.js +47 -0
package/lib/engineering-manager.js +336 -0
package/lib/error-budget.js +370 -0
package/lib/hook-system.js +256 -0
package/lib/ide-generator.js +434 -0
package/lib/identity.js +240 -0
package/lib/io.js +146 -0
package/lib/learning-engine.js +163 -0
package/lib/loading-engine.js +421 -0
package/lib/logger.js +118 -0
package/lib/marketplace.js +321 -0
package/lib/plugin-system.js +604 -0
package/lib/plugin-verifier.js +197 -0
package/lib/rate-limiter.js +113 -0
package/lib/security-scanner.js +312 -0
package/lib/self-healing.js +468 -0
package/lib/session-manager.js +264 -0
package/lib/skill-sandbox.js +244 -0
package/lib/task-governance.js +522 -0
package/lib/task-model.js +332 -0
package/lib/updater.js +240 -0
package/lib/verify.js +279 -0
package/lib/workflow-engine.js +373 -0
package/lib/workflow-events.js +166 -0
package/lib/workflow-persistence.js +160 -0
package/package.json +57 -0

package/lib/marketplace.js ADDED Viewed

@@ -0,0 +1,321 @@
+/**
+ * Devran AI Kit — Skill Marketplace
+ *
+ * GitHub-based hybrid marketplace for discovering, installing,
+ * and managing community skills and plugins.
+ *
+ * @module lib/marketplace
+ * @author Emre Dursun
+ * @since v3.0.0
+ */
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const { execFileSync } = require('child_process');
+const { createCircuitBreaker } = require('./circuit-breaker');
+const { createRateLimiter } = require('./rate-limiter');
+const { AGENT_DIR, ENGINE_DIR } = require('./constants');
+const { writeJsonAtomic } = require('./io');
+const { createLogger } = require('./logger');
+const log = createLogger('marketplace');
+const INDEX_FILE = 'marketplace-index.json';
+/** Registry index TTL in milliseconds (24 hours) */
+const INDEX_TTL_MS = 24 * 60 * 60 * 1000;
+/** Git clone timeout in milliseconds */
+const GIT_CLONE_TIMEOUT_MS = 30000;
+/** Circuit breaker for git clone operations */
+const gitCloneBreaker = createCircuitBreaker('marketplace-git-clone', {
+  failureThreshold: 3,
+  resetTimeoutMs: 120000,
+});
+/** Rate limiter for marketplace install operations (5 per minute) */
+const installLimiter = createRateLimiter('marketplace-install', {
+  maxTokens: 5,
+  refillRateMs: 60000,
+});
+/**
+ * @typedef {object} MarketEntry
+ * @property {string} name - Plugin name
+ * @property {string} description - Plugin description
+ * @property {string} repository - GitHub repository URL
+ * @property {string} version - Latest version
+ * @property {string[]} tags - Discovery tags
+ * @property {string} author - Author name
+ */
+/**
+ * Resolves the marketplace index path.
+ *
+ * @param {string} projectRoot - Root directory
+ * @returns {string}
+ */
+function resolveIndexPath(projectRoot) {
+  return path.join(projectRoot, AGENT_DIR, ENGINE_DIR, INDEX_FILE);
+}
+/**
+ * Loads the marketplace index from disk.
+ *
+ * @param {string} projectRoot - Root directory
+ * @returns {{ entries: MarketEntry[], lastUpdated: string | null }}
+ */
+function loadIndex(projectRoot) {
+  const filePath = resolveIndexPath(projectRoot);
+  if (!fs.existsSync(filePath)) {
+    return { entries: [], lastUpdated: null };
+  }
+  try {
+    return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
+  } catch {
+    return { entries: [], lastUpdated: null };
+  }
+}
+/**
+ * Writes the marketplace index atomically.
+ *
+ * @param {string} projectRoot - Root directory
+ * @param {{ entries: MarketEntry[], lastUpdated: string | null }} data
+ * @returns {void}
+ */
+function writeIndex(projectRoot, data) {
+  const filePath = resolveIndexPath(projectRoot);
+  writeJsonAtomic(filePath, data);
+}
+/**
+ * Checks if the index is stale (older than TTL).
+ *
+ * @param {string | null} lastUpdated - ISO timestamp of last update
+ * @returns {boolean}
+ */
+function isIndexStale(lastUpdated) {
+  if (!lastUpdated) {
+    return true;
+  }
+  const age = Date.now() - new Date(lastUpdated).getTime();
+  return age > INDEX_TTL_MS;
+}
+/**
+ * Validates file paths in a plugin manifest for path traversal (D-6).
+ *
+ * @param {object} manifest - Plugin manifest (plugin.json)
+ * @returns {{ valid: boolean, violations: string[] }}
+ */
+function validateManifestPaths(manifest) {
+  const violations = [];
+  /** @type {string[]} */
+  const pathFields = [];
+  // Collect all file path references from manifest
+  if (manifest.file) {
+    pathFields.push(manifest.file);
+  }
+  if (manifest.files && Array.isArray(manifest.files)) {
+    pathFields.push(...manifest.files);
+  }
+  if (manifest.entry) {
+    pathFields.push(manifest.entry);
+  }
+  for (const filePath of pathFields) {
+    if (typeof filePath !== 'string') {
+      violations.push(`Invalid path type: ${typeof filePath}`);
+      continue;
+    }
+    // Reject absolute paths
+    if (path.isAbsolute(filePath)) {
+      violations.push(`Absolute path not allowed: ${filePath}`);
+      continue;
+    }
+    // Reject path traversal
+    if (filePath.includes('..')) {
+      violations.push(`Path traversal not allowed: ${filePath}`);
+      continue;
+    }
+    // Reject paths that escape .agent/
+    const normalized = path.normalize(filePath);
+    if (normalized.startsWith('..') || path.isAbsolute(normalized)) {
+      violations.push(`Path escapes sandbox: ${filePath}`);
+    }
+  }
+  return {
+    valid: violations.length === 0,
+    violations,
+  };
+}
+/**
+ * Searches the marketplace index.
+ *
+ * @param {string} projectRoot - Root directory
+ * @param {string} query - Search query
+ * @returns {MarketEntry[]}
+ */
+function searchMarket(projectRoot, query) {
+  const index = loadIndex(projectRoot);
+  const search = query.toLowerCase();
+  return index.entries.filter((entry) => {
+    const searchable = [
+      entry.name,
+      entry.description,
+      entry.author,
+      ...(entry.tags || []),
+    ].join(' ').toLowerCase();
+    return searchable.includes(search);
+  });
+}
+/**
+ * Gets detailed info for a specific marketplace entry.
+ *
+ * @param {string} projectRoot - Root directory
+ * @param {string} pluginName - Plugin name
+ * @returns {MarketEntry | null}
+ */
+function getMarketInfo(projectRoot, pluginName) {
+  const index = loadIndex(projectRoot);
+  return index.entries.find((e) => e.name === pluginName) || null;
+}
+/**
+ * Installs a plugin from the marketplace via git clone.
+ * Validates paths before installation.
+ *
+ * @param {string} projectRoot - Root directory
+ * @param {string} pluginName - Plugin name from the index
+ * @returns {{ success: boolean, message: string }}
+ */
+function installFromMarket(projectRoot, pluginName) {
+  const entry = getMarketInfo(projectRoot, pluginName);
+  if (!entry) {
+    return { success: false, message: `Plugin not found in marketplace: ${pluginName}` };
+  }
+  // Validate repository URL
+  if (!entry.repository || (!entry.repository.startsWith('https://') && !entry.repository.startsWith('git@'))) {
+    return { success: false, message: `Invalid repository URL: ${entry.repository}` };
+  }
+  // Rate limit check
+  const rateCheck = installLimiter.tryAcquire();
+  if (!rateCheck.allowed) {
+    return {
+      success: false,
+      message: `Rate limit exceeded — retry after ${Math.ceil(rateCheck.retryAfterMs / 1000)}s`,
+    };
+  }
+  // Create temp directory for clone
+  const tempDir = path.join(projectRoot, AGENT_DIR, ENGINE_DIR, `_temp_${Date.now()}`);
+  try {
+    fs.mkdirSync(tempDir, { recursive: true });
+    // Shallow clone with circuit breaker and timeout (uses execFileSync to prevent shell injection)
+    try {
+      gitCloneBreaker.execute(() => {
+        execFileSync(
+          'git',
+          ['clone', '--depth', '1', '--single-branch', entry.repository, tempDir],
+          { timeout: GIT_CLONE_TIMEOUT_MS, stdio: 'pipe' }
+        );
+      });
+    } catch (gitError) {
+      return { success: false, message: `Git clone failed: ${gitError.message || 'timeout or network error'}` };
+    }
+    // Validate plugin.json exists
+    const pluginJsonPath = path.join(tempDir, 'plugin.json');
+    if (!fs.existsSync(pluginJsonPath)) {
+      return { success: false, message: 'Plugin missing plugin.json manifest' };
+    }
+    // Parse and validate manifest paths (D-6)
+    let manifest;
+    try {
+      manifest = JSON.parse(fs.readFileSync(pluginJsonPath, 'utf-8'));
+    } catch {
+      return { success: false, message: 'Invalid plugin.json format' };
+    }
+    const pathValidation = validateManifestPaths(manifest);
+    if (!pathValidation.valid) {
+      return {
+        success: false,
+        message: `Security violation — path traversal detected: ${pathValidation.violations.join('; ')}`,
+      };
+    }
+    // Delegate to plugin system for actual installation
+    try {
+      const pluginSystem = require('./plugin-system');
+      const result = pluginSystem.installPlugin(tempDir, projectRoot);
+      const message = result.errors?.length > 0
+        ? result.errors.join('; ')
+        : 'Plugin installed successfully';
+      return { success: result.success, message };
+    } catch (installError) {
+      return { success: false, message: `Plugin installation failed: ${installError.message}` };
+    }
+  } finally {
+    // Always cleanup temp directory
+    try {
+      fs.rmSync(tempDir, { recursive: true, force: true });
+    } catch {
+      // Cleanup failure is non-critical
+    }
+  }
+}
+/**
+ * Updates the registry index from the bundled source.
+ *
+ * @param {string} projectRoot - Root directory
+ * @param {object} [options] - Update options
+ * @param {boolean} [options.force] - Force update regardless of TTL
+ * @returns {{ updated: boolean, entryCount: number }}
+ */
+function updateRegistryIndex(projectRoot, options = {}) {
+  const currentIndex = loadIndex(projectRoot);
+  if (!options.force && !isIndexStale(currentIndex.lastUpdated)) {
+    return { updated: false, entryCount: currentIndex.entries.length };
+  }
+  // For MVP, the index is bundled — just stamp the update time
+  currentIndex.lastUpdated = new Date().toISOString();
+  writeIndex(projectRoot, currentIndex);
+  return { updated: true, entryCount: currentIndex.entries.length };
+}
+module.exports = {
+  searchMarket,
+  getMarketInfo,
+  installFromMarket,
+  updateRegistryIndex,
+  // Exported for testing
+  validateManifestPaths,
+  isIndexStale,
+};