@fro.bot/systematic 2.11.0 → 2.12.0

package/dist/index.js

@@ -1,18 +1,19 @@
 // @bun
 import {
+  AgentOverlaySchema,
+  CategoryOverlaySchema,
+  assertSourceCategoryModelDefaults,
   convertFileWithCache,
   extractAgentFrontmatter,
   extractCommandFrontmatter,
   findAgentsInDir,
   findCommandsInDir,
   findSkillsInDir,
-  isAgentMode,
-  isPermissionSetting,
   isRecord,
   loadConfig,
   loadConfigWithSources,
   parseFrontmatter
-} from "./index-mfy9dbdx.js";
+} from "./index-g602hys2.js";
 
 // src/index.ts
 import fs4 from "fs";
@@ -88,19 +89,6 @@ var SOURCE_CATEGORY_MODEL_DEFAULTS = {
   review: ["anthropic/claude-opus-4.7", "openai/gpt-5.5"],
   workflow: ["openai/gpt-5.4-mini", "anthropic/claude-haiku-4-5"]
 };
-var ALLOWED_OVERLAY_FIELDS = new Set([
-  "model",
-  "variant",
-  "temperature",
-  "top_p",
-  "permission",
-  "mode",
-  "color",
-  "steps",
-  "hidden",
-  "disable",
-  "skills"
-]);
 function buildBundledAgentInventory(agentsDir, disabledAgents) {
   const categories = readCategoryDirs(agentsDir);
   const agentsByQualifiedId = {};
@@ -221,17 +209,7 @@ function assertSourceCategoryModelCoverage(categories) {
   }
 }
 function validateSourceCategoryModelDefaults(defaults = SOURCE_CATEGORY_MODEL_DEFAULTS) {
-  for (const [category, value] of Object.entries(defaults)) {
-    if (!Array.isArray(value)) {
-      throw new Error(`Source category model defaults: ${category} must be a non-empty array of provider/model strings`);
-    }
-    if (value.length === 0) {
-      throw new Error(`Source category model defaults: ${category} must be a non-empty array of provider/model strings`);
-    }
-    for (const [index, model] of value.entries()) {
-      validateModel("source category model defaults", `source category model defaults.${category}[${index}]`, model);
-    }
-  }
+  assertSourceCategoryModelDefaults(defaults);
 }
 function validateExactAgentOverlays(inventory, overlays, nativeAgents, enabledSkills) {
   const result = [];
@@ -281,150 +259,35 @@ function validateCategoryOverlays(inventory, overlays, enabledSkills) {
   }
   return result;
 }
-function validateOverlayFields(overlay, targetType, enabledSkills) {
-  if (Object.hasOwn(overlay.value, "skills") && hasPermissionSkill(overlay.value.permission)) {
-    throwConfigError(overlay.sourcePath, overlay.keyPath, "cannot set both skills and permission.skill in the same overlay object");
-  }
-  for (const [field, value] of Object.entries(overlay.value)) {
-    const keyPath = `${overlay.keyPath}.${field}`;
-    if (!ALLOWED_OVERLAY_FIELDS.has(field)) {
-      throwConfigError(overlay.sourcePath, keyPath, `unsupported agent overlay field "${field}"`);
-    }
-    if (targetType === "category" && field === "disable") {
-      throwConfigError(overlay.sourcePath, keyPath, "disable is only valid for exact agent overlays");
-    }
-    validateOverlayFieldValue(overlay.sourcePath, keyPath, field, value, enabledSkills);
-  }
-}
 function hasPermissionSkill(permission) {
   return isRecord(permission) && Object.hasOwn(permission, "skill");
 }
-function validateOverlayFieldValue(sourcePath, keyPath, field, value, enabledSkills) {
-  switch (field) {
-    case "model":
-      if (value === null)
-        return;
-      validateModel(sourcePath, keyPath, value);
-      return;
-    case "variant":
-      validateNonEmptyString(sourcePath, keyPath, value);
-      return;
-    case "temperature":
-      validateTemperature(sourcePath, keyPath, value);
-      return;
-    case "top_p":
-      validateTopP(sourcePath, keyPath, value);
-      return;
-    case "permission":
-      validatePermission(sourcePath, keyPath, value);
-      return;
-    case "mode":
-      validateMode(sourcePath, keyPath, value);
-      return;
-    case "color":
-      validateColor(sourcePath, keyPath, value);
-      return;
-    case "steps":
-      validatePositiveInteger(sourcePath, keyPath, value);
-      return;
-    case "hidden":
-    case "disable":
-      validateBoolean(sourcePath, keyPath, value);
-      return;
-    case "skills":
-      validateSkills(sourcePath, keyPath, value, enabledSkills);
-      return;
-  }
-}
-function validateModel(sourcePath, keyPath, value) {
-  if (typeof value !== "string") {
-    throwConfigError(sourcePath, keyPath, "must be a provider/model string");
-  }
-  if (value !== value.trim() || /\s/.test(value)) {
-    throwConfigError(sourcePath, keyPath, "must be a provider/model string");
-  }
-  const slashIndex = value.indexOf("/");
-  if (value === "" || slashIndex <= 0 || slashIndex === value.length - 1) {
-    throwConfigError(sourcePath, keyPath, "must be a provider/model string");
-  }
-}
-function validateNonEmptyString(sourcePath, keyPath, value) {
-  if (typeof value !== "string" || value === "" || value !== value.trim()) {
-    throwConfigError(sourcePath, keyPath, "must be a non-empty string");
-  }
-}
-function validateTemperature(sourcePath, keyPath, value) {
-  if (typeof value !== "number" || !Number.isFinite(value) || value < 0) {
-    throwConfigError(sourcePath, keyPath, "must be a non-negative finite number");
-  }
-}
-function validateTopP(sourcePath, keyPath, value) {
-  if (typeof value !== "number" || !Number.isFinite(value) || value < 0 || value > 1) {
-    throwConfigError(sourcePath, keyPath, "must be a number from 0 to 1");
-  }
-}
-function validatePositiveInteger(sourcePath, keyPath, value) {
-  if (typeof value !== "number" || !Number.isInteger(value) || value < 1) {
-    throwConfigError(sourcePath, keyPath, "must be a positive integer");
-  }
-}
-function validateBoolean(sourcePath, keyPath, value) {
-  if (typeof value !== "boolean") {
-    throwConfigError(sourcePath, keyPath, "must be a boolean");
-  }
-}
-function validateMode(sourcePath, keyPath, value) {
-  if (!isAgentMode(value)) {
-    throwConfigError(sourcePath, keyPath, "must be one of: subagent, primary, all");
+function validateOverlayFields(overlay, targetType, enabledSkills) {
+  if (Object.hasOwn(overlay.value, "skills") && hasPermissionSkill(overlay.value.permission)) {
+    throwConfigError(overlay.sourcePath, overlay.keyPath, "cannot set both skills and permission.skill in the same overlay object");
   }
+  const result = parseOverlayShape(overlay, targetType);
+  validateOverlaySkills(overlay, result.skills, enabledSkills);
 }
-function validateColor(sourcePath, keyPath, value) {
-  if (typeof value !== "string" || value !== value.trim() || !isOpenCodeColor(value)) {
-    throwConfigError(sourcePath, keyPath, "must be an OpenCode-compatible color string");
+function parseOverlayShape(overlay, targetType) {
+  const schema = targetType === "agent" ? AgentOverlaySchema : CategoryOverlaySchema;
+  const result = schema.safeParse(overlay.value);
+  if (!result.success) {
+    throwOverlaySchemaError(overlay, result.error.issues[0]);
   }
+  return { skills: result.data.skills };
 }
-function isOpenCodeColor(value) {
-  if (value === "")
-    return false;
-  if (/^#(?:[0-9a-fA-F]{3}|[0-9a-fA-F]{6})$/.test(value))
-    return true;
-  return /^[a-zA-Z][a-zA-Z0-9-]*$/.test(value);
+function throwOverlaySchemaError(overlay, issue) {
+  const zodPath = issue.code === "unrecognized_keys" ? issue.message.match(/"([^"]+)"/)?.[1] ?? issue.path.join(".") : issue.path.join(".");
+  const fullPath = zodPath ? `${overlay.keyPath}.${zodPath}` : overlay.keyPath;
+  throwConfigError(overlay.sourcePath, fullPath, issue.message);
 }
-function validateSkills(sourcePath, keyPath, value, enabledSkills) {
-  if (!Array.isArray(value) || !value.every((skill) => typeof skill === "string" && skill !== "" && skill === skill.trim())) {
-    throwConfigError(sourcePath, keyPath, "must be an array of non-empty strings");
-  }
-  if (!enabledSkills)
+function validateOverlaySkills(overlay, skills, enabledSkills) {
+  if (!enabledSkills || !skills)
     return;
-  for (const skill of value) {
+  for (const skill of skills) {
     if (!enabledSkills.has(skill)) {
-      throwConfigError(sourcePath, keyPath, `unknown or disabled skill "${skill}"`);
-    }
-  }
-}
-function validatePermission(sourcePath, keyPath, value) {
-  if (!isRecord(value)) {
-    throwConfigError(sourcePath, keyPath, "must be an object");
-  }
-  for (const [toolKey, rule] of Object.entries(value)) {
-    if (toolKey.trim() === "") {
-      throwConfigError(sourcePath, `${keyPath}.${toolKey}`, "must use a non-empty tool key");
-    }
-    validatePermissionRule(sourcePath, `${keyPath}.${toolKey}`, rule);
-  }
-}
-function validatePermissionRule(sourcePath, keyPath, value) {
-  if (isPermissionSetting(value))
-    return;
-  if (!isRecord(value)) {
-    throwConfigError(sourcePath, keyPath, "must be ask, allow, deny, or an object of pattern rules");
-  }
-  for (const [pattern, setting] of Object.entries(value)) {
-    if (pattern.trim() === "") {
-      throwConfigError(sourcePath, `${keyPath}.${pattern}`, "must use a non-empty permission pattern");
-    }
-    if (!isPermissionSetting(setting)) {
-      throwConfigError(sourcePath, `${keyPath}.${pattern}`, "must be ask, allow, or deny");
+      throwConfigError(overlay.sourcePath, `${overlay.keyPath}.skills`, `unknown or disabled skill "${skill}"`);
     }
   }
 }

package/dist/lib/agent-colors.d.ts

@@ -0,0 +1,16 @@
+/**
+ * Canonical OpenCode-accepted agent color tokens.
+ *
+ * These values are validated by OpenCode's `/config` HttpApi schema;
+ * any other value is rejected and surfaces to the user as
+ * `400: (empty response body)` on TUI launch.
+ *
+ * See anomalyco/opencode commits 2793502db / 96a534d8c for the
+ * server-side schema (PR #346 / v2.9.2 history).
+ */
+export declare const OPENCODE_AGENT_COLOR_TOKENS: readonly ["primary", "secondary", "accent", "success", "warning", "error", "info"];
+/**
+ * Check whether a value is a valid agent color — either a hex literal
+ * (`#RRGGBB`) or a named token from `OPENCODE_AGENT_COLOR_TOKENS`.
+ */
+export declare function isValidAgentColor(value: string): boolean;

package/dist/lib/config-schema.d.ts

@@ -0,0 +1,179 @@
+/**
+ * Zod schema for the user-facing `systematic.json` / `systematic.jsonc` config.
+ *
+ * ## Zod 4 API notes (verified against zod@4.4.3 during implementation)
+ *
+ * - `z.toJSONSchema(schema, { target: 'draft-7' })` produces draft-07 JSON Schema.
+ * - `.default(value)` DOES round-trip into JSON Schema `default`.
+ * - `.meta({ description, examples })` attaches documentation metadata visible in
+ *   JSON Schema output and via `schema.description`.
+ * - `z.object().strict()` rejects unknown keys with `unrecognized_keys` issues that
+ *   include the offending key names and the path to the containing object.
+ * - `z.record(keySchema, valueSchema)` is the canonical 2-arg form (Zod 4 types
+ *   require both key and value schemas). A single-arg overload works at runtime
+ *   but is not reflected in the type declarations for this Zod 4 minor.
+ */
+import { z } from 'zod';
+export declare const AgentOverlaySchema: z.ZodObject<{
+    model: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    variant: z.ZodOptional<z.ZodString>;
+    temperature: z.ZodOptional<z.ZodNumber>;
+    top_p: z.ZodOptional<z.ZodNumber>;
+    mode: z.ZodOptional<z.ZodEnum<{
+        subagent: "subagent";
+        primary: "primary";
+        all: "all";
+    }>>;
+    color: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+        primary: "primary";
+        secondary: "secondary";
+        accent: "accent";
+        success: "success";
+        warning: "warning";
+        error: "error";
+        info: "info";
+    }>, z.ZodString]>>;
+    steps: z.ZodOptional<z.ZodNumber>;
+    hidden: z.ZodOptional<z.ZodBoolean>;
+    disable: z.ZodOptional<z.ZodBoolean>;
+    skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    permission: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodEnum<{
+        ask: "ask";
+        allow: "allow";
+        deny: "deny";
+    }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
+        ask: "ask";
+        allow: "allow";
+        deny: "deny";
+    }>>]>>>;
+}, z.core.$strict>;
+export declare const CategoryOverlaySchema: z.ZodObject<{
+    model: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+    variant: z.ZodOptional<z.ZodString>;
+    temperature: z.ZodOptional<z.ZodNumber>;
+    top_p: z.ZodOptional<z.ZodNumber>;
+    mode: z.ZodOptional<z.ZodEnum<{
+        subagent: "subagent";
+        primary: "primary";
+        all: "all";
+    }>>;
+    color: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+        primary: "primary";
+        secondary: "secondary";
+        accent: "accent";
+        success: "success";
+        warning: "warning";
+        error: "error";
+        info: "info";
+    }>, z.ZodString]>>;
+    steps: z.ZodOptional<z.ZodNumber>;
+    hidden: z.ZodOptional<z.ZodBoolean>;
+    skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+    permission: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodEnum<{
+        ask: "ask";
+        allow: "allow";
+        deny: "deny";
+    }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
+        ask: "ask";
+        allow: "allow";
+        deny: "deny";
+    }>>]>>>;
+}, z.core.$strict>;
+export declare const BootstrapSchema: z.ZodObject<{
+    enabled: z.ZodDefault<z.ZodBoolean>;
+    file: z.ZodOptional<z.ZodString>;
+}, z.core.$strict>;
+export declare const SystematicConfigSchema: z.ZodObject<{
+    $schema: z.ZodOptional<z.ZodString>;
+    agents: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        model: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        variant: z.ZodOptional<z.ZodString>;
+        temperature: z.ZodOptional<z.ZodNumber>;
+        top_p: z.ZodOptional<z.ZodNumber>;
+        mode: z.ZodOptional<z.ZodEnum<{
+            subagent: "subagent";
+            primary: "primary";
+            all: "all";
+        }>>;
+        color: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            primary: "primary";
+            secondary: "secondary";
+            accent: "accent";
+            success: "success";
+            warning: "warning";
+            error: "error";
+            info: "info";
+        }>, z.ZodString]>>;
+        steps: z.ZodOptional<z.ZodNumber>;
+        hidden: z.ZodOptional<z.ZodBoolean>;
+        disable: z.ZodOptional<z.ZodBoolean>;
+        skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        permission: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodEnum<{
+            ask: "ask";
+            allow: "allow";
+            deny: "deny";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
+            ask: "ask";
+            allow: "allow";
+            deny: "deny";
+        }>>]>>>;
+    }, z.core.$strict>>>;
+    categories: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodObject<{
+        model: z.ZodOptional<z.ZodNullable<z.ZodString>>;
+        variant: z.ZodOptional<z.ZodString>;
+        temperature: z.ZodOptional<z.ZodNumber>;
+        top_p: z.ZodOptional<z.ZodNumber>;
+        mode: z.ZodOptional<z.ZodEnum<{
+            subagent: "subagent";
+            primary: "primary";
+            all: "all";
+        }>>;
+        color: z.ZodOptional<z.ZodUnion<readonly [z.ZodEnum<{
+            primary: "primary";
+            secondary: "secondary";
+            accent: "accent";
+            success: "success";
+            warning: "warning";
+            error: "error";
+            info: "info";
+        }>, z.ZodString]>>;
+        steps: z.ZodOptional<z.ZodNumber>;
+        hidden: z.ZodOptional<z.ZodBoolean>;
+        skills: z.ZodOptional<z.ZodArray<z.ZodString>>;
+        permission: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodUnion<readonly [z.ZodEnum<{
+            ask: "ask";
+            allow: "allow";
+            deny: "deny";
+        }>, z.ZodRecord<z.ZodString, z.ZodEnum<{
+            ask: "ask";
+            allow: "allow";
+            deny: "deny";
+        }>>]>>>;
+    }, z.core.$strict>>>;
+    disabled_skills: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    disabled_agents: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    disabled_commands: z.ZodDefault<z.ZodArray<z.ZodString>>;
+    bootstrap: z.ZodDefault<z.ZodObject<{
+        enabled: z.ZodDefault<z.ZodBoolean>;
+        file: z.ZodOptional<z.ZodString>;
+    }, z.core.$strict>>;
+}, z.core.$strict>;
+export interface ValidationResult {
+    success: boolean;
+    data?: z.infer<typeof SystematicConfigSchema>;
+    errors?: readonly z.ZodIssue[];
+}
+export declare function validateConfig(input: unknown): ValidationResult;
+export declare function assertSourceCategoryModelDefaults(defaults: Record<string, unknown>): void;
+/**
+ * Overlay fields that require a project-or-higher trust source.
+ *
+ * This list is co-located with the schema definitions above so that any
+ * future field additions that need trust protection are added here at the
+ * same time. The regression tests in tests/unit/config-schema.test.ts
+ * assert that this list agrees with every field tagged `.meta({ trust:
+ * 'project-or-higher' })` in AgentOverlaySchema — preventing silent drift.
+ *
+ * Matches the hand-coded `SECURITY_OVERLAY_FIELDS` set in `src/lib/config.ts`.
+ */
+export declare const SECURITY_OVERLAY_FIELDS: readonly string[];

package/dist/lib/config.d.ts

@@ -1,3 +1,4 @@
+import type { z } from 'zod';
 export interface BootstrapConfig {
     enabled: boolean;
     file?: string;
@@ -26,6 +27,26 @@ export interface SystematicConfig {
     categories?: OverlayConfigMap;
 }
 export declare const DEFAULT_CONFIG: SystematicConfig;
+interface RawSystematicConfig extends Omit<Partial<SystematicConfig>, 'agents' | 'categories'> {
+    agents?: unknown;
+    categories?: unknown;
+}
+interface ConfigSource {
+    path: string;
+    config: RawSystematicConfig;
+    trust: 'user' | 'project' | 'custom';
+}
+/**
+ * Type guard for errors thrown by the top-level config schema validator.
+ * Use this to distinguish schema validation failures from JSONC parse errors
+ * or file read errors.
+ */
+export declare function isConfigSchemaError(err: unknown): err is Error & {
+    _tag: 'ConfigSchemaError';
+    filePath: string;
+    trust: ConfigSource['trust'];
+    issues: readonly z.core.$ZodIssue[];
+};
 export declare function loadConfig(projectDir: string): SystematicConfig;
 export declare function loadConfigWithSources(projectDir: string): SourceAwareConfigResult;
 export declare function getConfigPaths(projectDir: string): {
@@ -36,3 +57,4 @@ export declare function getConfigPaths(projectDir: string): {
     userDir: string;
     projectDir: string;
 };
+export {};