@jfrog/opencode-jfrog-plugin 0.0.3 → 0.0.4

package/skills/jfrog/references/jfrog-url-references.md

@@ -0,0 +1,51 @@
+# JFrog Documentation URLs
+
+## CLI and Integrations
+
+- JFrog CLI: https://docs.jfrog.com/integrations/docs/jfrog-cli
+- JFrog CLI Quick Start: https://docs.jfrog.com/integrations/docs/quick-start
+- JFrog CLI Install: https://docs.jfrog.com/integrations/docs/install-jfrog-cli
+- JFrog CLI Configuration: https://docs.jfrog.com/integrations/docs/cli-configuration
+- JFrog CLI Command Reference: https://docs.jfrog.com/integrations/docs/jfrog-cli-command-reference
+- JFrog API Overview: https://docs.jfrog.com/integrations/docs/jfrog-api
+- JFrog OneModel GraphQL: https://docs.jfrog.com/integrations/docs/jfrog-one-model-graphql
+- JFrog Integrations: https://docs.jfrog.com/integrations/docs
+
+## API References (interactive OpenAPI)
+
+- Artifactory API Reference: https://docs.jfrog.com/artifactory/reference
+- Security/Xray API Reference: https://docs.jfrog.com/security/reference
+- Governance/Lifecycle API Reference: https://docs.jfrog.com/governance/reference
+- Administration API Reference: https://docs.jfrog.com/administration/reference
+- Projects API Reference: https://docs.jfrog.com/projects/reference
+
+## Product Documentation (Guides)
+
+- Binary Management (Artifactory): https://docs.jfrog.com/artifactory/docs
+- Security (Xray, Curation, Advanced Security): https://docs.jfrog.com/security/docs
+- Security CLI: https://docs.jfrog.com/security/docs/cli
+- Security APIs: https://docs.jfrog.com/security/docs/apis
+- Governance and Lifecycle: https://docs.jfrog.com/governance/docs
+- AI/ML: https://docs.jfrog.com/ai-ml/docs
+- User Management: https://docs.jfrog.com/user-management/docs
+- Projects: https://docs.jfrog.com/projects/docs
+- Basic Projects Terminology: https://docs.jfrog.com/projects/docs/basic-projects-terminology
+- Administration: https://docs.jfrog.com/administration/docs
+- Environments (Administration): https://docs.jfrog.com/administration/docs/environments
+
+## Brand and legal
+
+- JFrog Brand Guidelines: https://jfrog.com/brand-guidelines/
+
+## Specific Topics
+
+- Artifactory AQL: https://docs.jfrog.com/artifactory/docs/artifactory-query-language
+- Repository Management: https://docs.jfrog.com/artifactory/docs/get-started-with-repositories
+- Build Integration: https://docs.jfrog.com/integrations/docs/about-build-info
+- Xray Watches: https://docs.jfrog.com/security/docs/watches-in-jfrog-xray
+- Xray Policies: https://docs.jfrog.com/security/docs/create-policies
+- Evidence Management: https://docs.jfrog.com/governance/docs/evidence-management
+- Release Lifecycle: https://docs.jfrog.com/governance/docs/release-lifecycle-management
+- AppTrust: https://docs.jfrog.com/governance/docs/apptrust-overview
+- Access Tokens: https://docs.jfrog.com/administration/docs/access-tokens
+- Permissions: https://docs.jfrog.com/administration/docs/permissions

package/skills/jfrog/references/onemodel-common-patterns.md

@@ -0,0 +1,323 @@
+# OneModel GraphQL common patterns
+
+General GraphQL patterns and conventions that apply across OneModel domains.
+Concrete field names and filter arguments **always** come from the resolved
+schema at `GET /onemodel/api/v1/supergraph/schema`.
+
+**When to read this file:** Pagination, filtering, ordering, variables, date
+formatting, or interpreting OneModel JSON responses. For the end-to-end
+workflow, read `onemodel-graphql.md`.
+
+In shell examples below, `<skill_path>` is this skill's directory.
+
+## Pagination
+
+OneModel uses cursor-based pagination following the Relay specification.
+
+### Forward pagination
+
+Use `first` (page size) and `after` (cursor):
+
+```graphql
+query {
+  evidence {
+    searchEvidence(
+      first: 20
+      after: "<endCursor-from-previous-page>"
+      where: { hasSubjectWith: { repositoryKey: "my-repo-local" } }
+    ) {
+      edges {
+        node {
+          predicateSlug
+          verified
+        }
+        cursor
+      }
+      pageInfo {
+        hasNextPage
+        endCursor
+      }
+    }
+  }
+}
+```
+
+**To fetch all pages:**
+
+1. First request: omit `after` for the first page.
+2. If `pageInfo.hasNextPage` is true, pass `pageInfo.endCursor` as `after`.
+3. Repeat until `hasNextPage` is false.
+
+### Backward pagination
+
+Some connections support `last` and `before` (for example `publicPackages.searchPackages`). **`evidence.searchEvidence` does not** — it only accepts `first` and `after`; use forward pagination for evidence.
+
+Example (public catalog):
+
+```graphql
+query {
+  publicPackages {
+    searchPackages(last: 10, before: "<cursor>", where: { type: "npm" }) {
+      pageInfo {
+        hasPreviousPage
+        startCursor
+      }
+      edges {
+        node {
+          name
+          type
+        }
+      }
+    }
+  }
+}
+```
+
+**Rules:**
+
+- `first/after` and `last/before` are mutually exclusive on the same field when both are supported.
+- If no pagination args are provided, the first page is returned (server default
+  page size applies).
+- Always confirm pagination arguments on the specific field in the supergraph schema.
+
+## Filtering
+
+Use `where` arguments to narrow results. Look up each query's `WhereInput` type
+in the schema for available fields.
+
+### Evidence domain
+
+```graphql
+searchEvidence(
+  where: {
+    hasSubjectWith: {
+      repositoryKey: "my-repo-local"
+      path: "path/to"
+      name: "file.ext"
+    }
+  }
+) { ... }
+```
+
+### Applications domain
+
+```graphql
+searchApplications(
+  where: {
+    projectKey: "my-project"
+    nameContains: "store"
+    criticality: "high"
+  }
+  first: 25
+) { ... }
+```
+
+### Stored packages domain
+
+`type` is often required; add `name`, `projectKey`, etc. per schema:
+
+```graphql
+searchPackages(
+  where: { type: "docker", name: "my-image" }
+  first: 20
+) { ... }
+```
+
+To search **versions** of a package, use `searchPackageVersions` with package criteria under `hasPackageWith` (not top-level `type` / `name` on the version filter):
+
+```graphql
+searchPackageVersions(
+  where: { hasPackageWith: [{ type: "npm", name: "@scope/pkg" }] }
+  first: 20
+) { ... }
+```
+
+### Public packages domain
+
+```graphql
+searchPackages(
+  where: { type: "npm", nameContains: "lodash" }
+  first: 20
+) { ... }
+```
+
+### Release lifecycle domain
+
+Some filters apply on connection fields:
+
+```graphql
+artifactsConnection(
+  first: 50
+  where: { hasEvidence: true }
+) { ... }
+```
+
+## Ordering
+
+Use `orderBy` only where the schema defines it. **`evidence.searchEvidence` has no `orderBy` argument.**
+
+Example (applications):
+
+```graphql
+query {
+  applications {
+    searchApplications(
+      first: 20
+      orderBy: { field: NAME, direction: DESC }
+      where: { projectKey: "my-project" }
+    ) {
+      edges {
+        node {
+          key
+          displayName
+        }
+      }
+    }
+  }
+}
+```
+
+- `field` — sort field (enum or type per schema)
+- `direction` — `ASC` or `DESC`
+
+Not every query supports `orderBy` — verify in the schema.
+
+## Variables
+
+Use GraphQL variables instead of string interpolation in the query text.
+
+### Query definition
+
+```graphql
+query GetEvidence($repoKey: String!, $path: String!, $name: String!) {
+  evidence {
+    getEvidence(
+      repositoryKey: $repoKey
+      path: $path
+      name: $name
+    ) {
+      evidenceId
+      verified
+    }
+  }
+}
+```
+
+### `jf api` with variables
+
+Build the JSON body with `jq -n` into a **file**, then pass the file to
+`jf api` with `--input` — do not hand-escape quotes inside the query:
+
+```bash
+QUERY='query GetEvidence($repoKey: String!, $path: String!, $name: String!) { evidence { getEvidence(repositoryKey: $repoKey, path: $path, name: $name) { evidenceId verified } } }'
+
+PAYLOAD_FILE="/tmp/onemodel-payload-$$.json"
+RESPONSE_FILE="/tmp/onemodel-response-$$.json"
+
+jq -n \
+  --arg q "$QUERY" \
+  --arg repoKey "example-repo-local" \
+  --arg path "path/to" \
+  --arg name "file.ext" \
+  '{"query": $q, "variables": {"repoKey": $repoKey, "path": $path, "name": $name}}' \
+  > "$PAYLOAD_FILE"
+
+jf api /onemodel/api/v1/graphql \
+  -X POST -H "Content-Type: application/json" \
+  --input "$PAYLOAD_FILE" \
+  > "$RESPONSE_FILE"
+
+jq . "$RESPONSE_FILE"
+```
+
+Pass `--server-id <id>` to `jf api` when targeting a non-default server
+(see `onemodel-graphql.md` step 1).
+
+Echo `$RESPONSE_FILE` if a follow-up Shell call must read it (see SKILL.md
+*Preserving command output*).
+
+## Date formatting
+
+Fields ending in `...At` (e.g. `createdAt`) default to ISO-8601 UTC:
+`2024-11-05T13:15:30.972Z`
+
+Use the `@dateFormat` directive where supported:
+
+```graphql
+query {
+  evidence {
+    searchEvidence(
+      first: 5
+      where: { hasSubjectWith: { repositoryKey: "my-repo-local" } }
+    ) {
+      edges {
+        node {
+          createdAt @dateFormat(format: DD_MMM_YYYY)
+        }
+      }
+    }
+  }
+}
+```
+
+Common formats (verify enum values in schema):
+
+- Default: ISO-8601 UTC
+- `DD_MMM_YYYY` — e.g. `05 Nov 2024`
+- `ISO8601_DATE_ONLY` — e.g. `2024-11-05`
+
+## Response structure
+
+### Successful response
+
+```json
+{
+  "data": {
+    "<namespace>": {
+      "<queryName>": {
+        "edges": [
+          {
+            "node": {},
+            "cursor": "abc123"
+          }
+        ],
+        "pageInfo": {
+          "hasNextPage": true,
+          "endCursor": "abc123"
+        },
+        "totalCount": 42
+      }
+    }
+  }
+}
+```
+
+- `edges` — each item has `node` and optional `cursor`
+- `pageInfo` — pagination metadata
+- `totalCount` — not every connection exposes it; if validation fails, omit it
+  and use `pageInfo` only
+
+### Error response
+
+```json
+{
+  "errors": [
+    {
+      "message": "description of what went wrong",
+      "path": ["evidence", "searchEvidence"],
+      "extensions": {
+        "code": "GRAPHQL_VALIDATION_FAILED"
+      }
+    }
+  ]
+}
+```
+
+Errors and `data` can coexist — partial success is possible.
+
+## Experimental and deprecated fields
+
+- `@experimental` — may change; use with caution.
+- `@deprecated` — migrate to replacements listed in the schema.
+
+Check directives when exploring the supergraph schema file.