@jmylchreest/aide-plugin 0.0.45 → 0.0.47

package/bin/aide-wrapper.sh

@@ -126,9 +126,15 @@ if [[ "$NEEDS_DOWNLOAD" == "true" ]]; then
       log "Downloading binary..."
       log "Using downloader: $DOWNLOADER"
 
-      # Use tsx for .ts files (dev), node for .js files (npm install)
+      # Use bun/tsx for .ts files (dev), node for .js files (npm install)
       if [[ "$DOWNLOADER" == *.ts ]]; then
-        RUNNER="npx --yes tsx"
+        if command -v bun &>/dev/null; then
+          RUNNER="bun"
+        elif command -v tsx &>/dev/null; then
+          RUNNER="tsx"
+        else
+          RUNNER="npx --yes tsx"
+        fi
       else
         RUNNER="node"
       fi

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@jmylchreest/aide-plugin",
-  "version": "0.0.45",
+  "version": "0.0.47",
   "description": "aide plugin for OpenCode — multi-agent orchestration, memory, skills, and persistence",
   "type": "module",
   "main": "./src/opencode/index.ts",

package/skills/semgrep/SKILL.md

@@ -0,0 +1,70 @@
+---
+name: semgrep
+description: Run Semgrep security and code quality analysis
+triggers:
+  - semgrep
+  - security scan
+  - sast scan
+  - vulnerability scan
+  - code security
+  - security audit
+requires_binary:
+  - semgrep
+---
+
+# Semgrep Security Analysis
+
+Run Semgrep to detect security vulnerabilities and code quality issues in the codebase.
+
+## Workflow
+
+### 1. Run Semgrep scan
+
+```bash
+# Auto-detect rules for the project's languages
+semgrep scan --config auto --json --quiet 2>/dev/null | head -c 50000
+```
+
+If JSON output is too large, use text output:
+
+```bash
+semgrep scan --config auto --quiet 2>/dev/null
+```
+
+### 2. For specific rule sets
+
+```bash
+# Security-focused rules only
+semgrep scan --config "p/security-audit" --json --quiet
+
+# OWASP Top 10
+semgrep scan --config "p/owasp-top-ten" --json --quiet
+
+# Language-specific
+semgrep scan --config "p/golang" --json --quiet
+semgrep scan --config "p/python" --json --quiet
+semgrep scan --config "p/typescript" --json --quiet
+```
+
+### 3. Triage results
+
+For each finding:
+
+1. Read the file and surrounding context
+2. Assess whether the finding is a true positive or false positive
+3. For true positives, fix the issue following the suggestion in the finding
+4. For false positives, consider adding a `# nosemgrep` inline comment with justification
+
+### 4. Scan specific files
+
+```bash
+# Scan only changed files
+semgrep scan --config auto --json --quiet -- path/to/file.py
+```
+
+## Common Issues
+
+- **Too many findings**: Use `--severity ERROR` to focus on critical issues first
+- **Slow scan**: Use `--config auto` instead of multiple rule packs to avoid re-scanning
+- **Missing rules**: Install additional rules with `semgrep registry`
+- **False positives**: Add `# nosemgrep: rule-id` with a comment explaining why

package/src/core/skill-matcher.ts

@@ -8,8 +8,35 @@
 import { existsSync, readFileSync, readdirSync } from "fs";
 import { join, basename, extname } from "path";
 import { homedir } from "os";
+import { execSync } from "child_process";
 import type { Skill, SkillMatchResult } from "./types.js";
 
+/**
+ * Cache of binary existence checks to avoid repeated shell invocations.
+ * Maps binary name to boolean (exists on PATH).
+ */
+const binaryExistsCache = new Map<string, boolean>();
+
+/**
+ * Check if a binary exists on PATH.
+ * Results are cached for the lifetime of the process.
+ */
+function binaryExists(name: string): boolean {
+  const cached = binaryExistsCache.get(name);
+  if (cached !== undefined) return cached;
+
+  try {
+    const cmd =
+      process.platform === "win32" ? `where ${name}` : `command -v ${name}`;
+    execSync(cmd, { stdio: "ignore", timeout: 2000 });
+    binaryExistsCache.set(name, true);
+    return true;
+  } catch {
+    binaryExistsCache.set(name, false);
+    return false;
+  }
+}
+
 // Skill search locations relative to cwd
 const SKILL_LOCATIONS = [".aide/skills", "skills"];
 
@@ -129,6 +156,22 @@ export function parseSkillFrontmatter(
     meta.platforms = platforms;
   }
 
+  // Parse requires_binary array (e.g. "requires_binary:\n  - semgrep")
+  const requiresBinary: string[] = [];
+  const binaryMatch = yamlContent.match(
+    /requires_binary:\s*\n((?:\s+-\s*.+\n?)*)/,
+  );
+  if (binaryMatch) {
+    const blines = binaryMatch[1].split("\n");
+    for (const line of blines) {
+      const itemMatch = line.match(/^\s+-\s*["']?([^"'\n]+)["']?\s*$/);
+      if (itemMatch) requiresBinary.push(itemMatch[1].trim());
+    }
+  }
+  if (requiresBinary.length > 0) {
+    meta.requires_binary = requiresBinary;
+  }
+
   return { meta, body };
 }
 
@@ -176,6 +219,7 @@ export function loadSkill(path: string): Skill | null {
       triggers,
       description: meta.description as string | undefined,
       platforms: meta.platforms as string[] | undefined,
+      requires_binary: meta.requires_binary as string[] | undefined,
       content: body,
     };
   } catch {
@@ -253,6 +297,14 @@ export function matchSkills(
       if (!skill.platforms.includes(platform)) continue;
     }
 
+    // Binary gate: skip skills that require binaries not on PATH
+    if (skill.requires_binary && skill.requires_binary.length > 0) {
+      const allPresent = skill.requires_binary.every((bin) =>
+        binaryExists(bin),
+      );
+      if (!allPresent) continue;
+    }
+
     let score = 0;
 
     for (const trigger of skill.triggers) {

package/src/core/types.ts

@@ -113,6 +113,8 @@ export interface Skill {
   description?: string;
   /** Optional platform restriction. If set, only matched on listed platforms ("opencode", "claude-code"). */
   platforms?: string[];
+  /** Optional binary requirement. If set, skill is only matched when all listed binaries exist on PATH. */
+  requires_binary?: string[];
   content: string;
 }
 

package/src/opencode/hooks.ts

@@ -25,7 +25,7 @@
  *   Stop (blocking)            → session.idle re-prompts via session.prompt() for persistence
  */
 
-import { execFileSync } from "child_process";
+import { execFileSync, execSync } from "child_process";
 import { join } from "path";
 import { findAideBinary } from "../core/aide-client.js";
 import {
@@ -224,6 +224,22 @@ function createConfigHandler(
         ) {
           continue;
         }
+        // Skip skills requiring binaries not on PATH
+        if (skill.requires_binary && skill.requires_binary.length > 0) {
+          const allPresent = skill.requires_binary.every((bin) => {
+            try {
+              const cmd =
+                process.platform === "win32"
+                  ? `where ${bin}`
+                  : `command -v ${bin}`;
+              execSync(cmd, { stdio: "ignore", timeout: 2000 });
+              return true;
+            } catch {
+              return false;
+            }
+          });
+          if (!allPresent) continue;
+        }
         const commandName = `aide:${skill.name}`;
         // Only register if not already defined (user config takes priority)
         if (!input.command[commandName]) {