@kodrunhq/opencode-autopilot 0.1.0

package/src/review/severity.ts

@@ -0,0 +1,71 @@
+import type { Severity } from "./types";
+
+interface SeverityDefinition {
+	readonly criteria: readonly string[];
+	readonly action: string;
+}
+
+export const SEVERITY_DEFINITIONS: Readonly<Record<Severity, SeverityDefinition>> = Object.freeze({
+	CRITICAL: Object.freeze({
+		criteria: Object.freeze([
+			"Runtime error on a common code path (null dereference, missing import, type mismatch)",
+			"Data loss or corruption (wrong delete, missing transaction, race condition on write)",
+			"Security vulnerability (injection, auth bypass, exposed secrets)",
+			"API contract broken (frontend and backend disagree on shape/method/URL)",
+			"Feature fundamentally does not work (CRUD missing a letter, broken wiring)",
+		]),
+		action: "Must fix before push. Blocks PR.",
+	}),
+	HIGH: Object.freeze({
+		criteria: Object.freeze([
+			"Edge case not handled (null input, empty list, boundary value)",
+			"Test exists but does not actually verify behavior (no assertions, mocked too broadly)",
+			"Partial implementation (feature half-built, TODO left in production code)",
+			"Error handling missing or swallows errors silently",
+			"Performance issue on a hot path",
+		]),
+		action: "Should fix before push. Does not block but strongly recommended.",
+	}),
+	MEDIUM: Object.freeze({
+		criteria: Object.freeze([
+			"Edge case potentially unhandled",
+			"Incomplete error context",
+			"Minor performance concern",
+			"Missing input validation on non-critical path",
+			"Inconsistent error handling pattern",
+		]),
+		action: "Fix when convenient. Noted in report.",
+	}),
+	LOW: Object.freeze({
+		criteria: Object.freeze([
+			"Naming inconsistency with codebase conventions",
+			"Unused import or dead code",
+			"Console.log or debug statement left in",
+			"Comment is outdated or misleading",
+			"Code style does not match surrounding code",
+		]),
+		action: "Fix if convenient. Will not block or flag.",
+	}),
+});
+
+const SEVERITY_RANK: Readonly<Record<Severity, number>> = Object.freeze({
+	CRITICAL: 0,
+	HIGH: 1,
+	MEDIUM: 2,
+	LOW: 3,
+});
+
+/**
+ * Compare two severities for sorting. Returns negative if a is higher severity,
+ * positive if b is higher, zero if equal.
+ */
+export function compareSeverity(a: Severity, b: Severity): number {
+	return SEVERITY_RANK[a] - SEVERITY_RANK[b];
+}
+
+/**
+ * Returns true if the severity blocks a PR (only CRITICAL blocks).
+ */
+export function isBlockingSeverity(severity: Severity): boolean {
+	return severity === "CRITICAL";
+}

package/src/review/stack-gate.ts

@@ -0,0 +1,127 @@
+import { basename } from "node:path";
+import type { AgentDefinition } from "./types";
+
+/**
+ * Maps gated agent names to their required stack tags.
+ * If the agent is not in this map, it is ungated (always allowed).
+ * If listed, at least ONE of the required tags must be present in the project.
+ */
+export const STACK_GATE_RULES: Readonly<Record<string, readonly string[]>> = Object.freeze({
+	"react-patterns-auditor": Object.freeze(["react", "nextjs"]),
+	"go-idioms-auditor": Object.freeze(["go"]),
+	"python-django-auditor": Object.freeze(["django", "fastapi"]),
+	"rust-safety-auditor": Object.freeze(["rust"]),
+	"state-mgmt-auditor": Object.freeze(["react", "vue", "svelte", "angular"]),
+	"type-soundness": Object.freeze(["typescript", "kotlin", "rust", "go"]),
+});
+
+/**
+ * Filters agents based on detected project stack tags.
+ * Agents not in STACK_GATE_RULES are always kept (ungated).
+ * Gated agents are kept only if at least one required tag matches.
+ */
+export function applyStackGate(
+	agents: readonly AgentDefinition[],
+	tags: readonly string[],
+): readonly AgentDefinition[] {
+	const tagSet = new Set(tags);
+
+	return agents.filter((agent) => {
+		const requiredTags = STACK_GATE_RULES[agent.name];
+
+		// Ungated agent: always allow
+		if (requiredTags === undefined) {
+			return true;
+		}
+
+		// Gated agent: allow if any required tag matches
+		return requiredTags.some((tag) => tagSet.has(tag));
+	});
+}
+
+/**
+ * Extension-to-tag mappings for stack detection from file paths.
+ */
+const EXTENSION_TAGS: Readonly<Record<string, readonly string[]>> = Object.freeze({
+	".ts": Object.freeze(["typescript"]),
+	".tsx": Object.freeze(["typescript", "react"]),
+	".js": Object.freeze(["javascript"]),
+	".jsx": Object.freeze(["javascript", "react"]),
+	".go": Object.freeze(["go"]),
+	".py": Object.freeze(["python"]),
+	".rs": Object.freeze(["rust"]),
+	".vue": Object.freeze(["vue", "javascript"]),
+	".svelte": Object.freeze(["svelte", "javascript"]),
+	".kt": Object.freeze(["kotlin"]),
+	".kts": Object.freeze(["kotlin"]),
+});
+
+/**
+ * Django-specific file patterns that indicate the Django framework.
+ */
+const DJANGO_INDICATORS = Object.freeze([
+	"manage.py",
+	"wsgi.py",
+	"asgi.py",
+	"settings.py",
+	"urls.py",
+	"admin.py",
+]);
+
+/**
+ * Framework-specific filename patterns for detection beyond extensions.
+ * Maps filename (or pattern) to the tags it indicates.
+ */
+const FRAMEWORK_INDICATORS: Readonly<Record<string, readonly string[]>> = Object.freeze({
+	"next.config.js": Object.freeze(["nextjs", "react", "javascript"]),
+	"next.config.ts": Object.freeze(["nextjs", "react", "typescript"]),
+	"next.config.mjs": Object.freeze(["nextjs", "react", "javascript"]),
+	"angular.json": Object.freeze(["angular", "typescript"]),
+	"nuxt.config.ts": Object.freeze(["vue", "typescript"]),
+	"nuxt.config.js": Object.freeze(["vue", "javascript"]),
+	"svelte.config.js": Object.freeze(["svelte", "javascript"]),
+});
+
+/**
+ * Detect stack tags from a list of file paths by examining extensions
+ * and framework-specific filenames.
+ */
+export function detectStackTags(filePaths: readonly string[]): readonly string[] {
+	const tags = new Set<string>();
+
+	for (const filePath of filePaths) {
+		const fileName = basename(filePath);
+
+		// Check extension-based tags
+		for (const [ext, extTags] of Object.entries(EXTENSION_TAGS)) {
+			if (filePath.endsWith(ext)) {
+				for (const tag of extTags) {
+					tags.add(tag);
+				}
+				break;
+			}
+		}
+
+		// Check Django indicators
+		if (DJANGO_INDICATORS.includes(fileName)) {
+			tags.add("python");
+			tags.add("django");
+		}
+
+		// Check framework indicators (Next.js, Angular, Nuxt, Svelte)
+		const frameworkTags = FRAMEWORK_INDICATORS[fileName];
+		if (frameworkTags) {
+			for (const tag of frameworkTags) {
+				tags.add(tag);
+			}
+		}
+
+		// FastAPI indicator — any .py file with "fastapi" in path
+		if (filePath.endsWith(".py") && filePath.includes("fastapi")) {
+			tags.add("python");
+			tags.add("fastapi");
+		}
+	}
+
+	return [...tags];
+}

package/src/review/types.ts

@@ -0,0 +1,43 @@
+import type { z } from "zod";
+import type {
+	agentResultSchema,
+	falsePositiveSchema,
+	reviewConfigSchema,
+	reviewFindingSchema,
+	reviewMemorySchema,
+	reviewReportSchema,
+	reviewStateSchema,
+	severitySchema,
+	verdictSchema,
+} from "./schemas";
+
+export type Severity = z.infer<typeof severitySchema>;
+export type Verdict = z.infer<typeof verdictSchema>;
+export type ReviewFinding = z.infer<typeof reviewFindingSchema>;
+export type AgentResult = z.infer<typeof agentResultSchema>;
+export type ReviewReport = z.infer<typeof reviewReportSchema>;
+export type ReviewConfig = z.infer<typeof reviewConfigSchema>;
+export type FalsePositive = z.infer<typeof falsePositiveSchema>;
+export type ReviewMemory = z.infer<typeof reviewMemorySchema>;
+export type ReviewState = z.infer<typeof reviewStateSchema>;
+
+export type AgentCategory = "core" | "parallel" | "sequenced";
+
+export interface AgentDefinition {
+	readonly name: string;
+	readonly category: AgentCategory;
+	readonly domain: string;
+	readonly catches: readonly string[];
+	readonly triggerSignals: readonly string[];
+	readonly stackAffinity: readonly string[];
+	readonly hardGatesSummary: string;
+}
+
+/** Shared interface for review agents used in the pipeline. */
+export interface ReviewAgent {
+	readonly name: string;
+	readonly description: string;
+	readonly relevantStacks: readonly string[];
+	readonly severityFocus: readonly Severity[];
+	readonly prompt: string;
+}

package/src/templates/agent-template.ts

@@ -0,0 +1,47 @@
+import { stringify } from "yaml";
+
+export interface AgentTemplateInput {
+	readonly name: string;
+	readonly description: string;
+	readonly mode: "primary" | "subagent" | "all";
+	readonly model?: string;
+	readonly temperature?: number;
+	readonly permission?: Record<string, string>;
+}
+
+const DEFAULT_PERMISSION: Readonly<Record<string, string>> = Object.freeze({
+	read: "allow",
+	edit: "deny",
+	bash: "deny",
+	webfetch: "deny",
+	task: "deny",
+});
+
+export function generateAgentMarkdown(input: AgentTemplateInput): string {
+	const frontmatter: Record<string, unknown> = {
+		description: input.description,
+		mode: input.mode,
+		...(input.model !== undefined && { model: input.model }),
+		...(input.temperature !== undefined && { temperature: input.temperature }),
+		permission: input.permission ?? DEFAULT_PERMISSION,
+	};
+
+	return `---
+${stringify(frontmatter).trim()}
+---
+You are ${input.name}, an AI agent.
+
+<!-- TODO: Replace this placeholder prompt with specific instructions for your agent. -->
+<!-- Consider: What is this agent's specialty? What tools should it use? What should it avoid? -->
+
+## Role
+
+Describe your agent's primary role and expertise here.
+
+## Instructions
+
+1. Add specific behavioral instructions
+2. Define constraints and guardrails
+3. Specify output format preferences
+`;
+}

package/src/templates/command-template.ts

@@ -0,0 +1,29 @@
+import { stringify } from "yaml";
+
+export interface CommandTemplateInput {
+	readonly name: string;
+	readonly description: string;
+	readonly agent?: string;
+	readonly model?: string;
+}
+
+export function generateCommandMarkdown(input: CommandTemplateInput): string {
+	const frontmatter: Record<string, unknown> = {
+		description: input.description,
+		...(input.agent !== undefined && { agent: input.agent }),
+		...(input.model !== undefined && { model: input.model }),
+	};
+
+	return `---
+${stringify(frontmatter).trim()}
+---
+The user wants to run the "${input.name}" command.
+
+$ARGUMENTS
+
+<!-- TODO: Replace this placeholder with specific instructions for what the command should do. -->
+<!-- Use $ARGUMENTS to reference user-provided arguments. -->
+<!-- Use $1, $2, $3 for individual positional arguments. -->
+<!-- Use @filename to include file content. -->
+`;
+}

package/src/templates/skill-template.ts

@@ -0,0 +1,42 @@
+import { stringify } from "yaml";
+
+export interface SkillTemplateInput {
+	readonly name: string;
+	readonly description: string;
+	readonly license?: string;
+	readonly compatibility?: string;
+}
+
+export function generateSkillMarkdown(input: SkillTemplateInput): string {
+	const frontmatter: Record<string, unknown> = {
+		name: input.name,
+		description: input.description,
+		...(input.license !== undefined && { license: input.license }),
+		...(input.compatibility !== undefined && { compatibility: input.compatibility }),
+	};
+
+	return `---
+${stringify(frontmatter).trim()}
+---
+
+## What I do
+
+Describe what this skill provides to the AI agent. Be specific about the domain knowledge, patterns, or capabilities it adds.
+
+## Rules
+
+1. Add rules the AI should follow when this skill is active
+2. Define constraints and boundaries
+3. Specify when this skill should and should not be applied
+
+## Examples
+
+### Example 1
+
+Provide concrete examples of how this skill should be used in practice.
+
+### Example 2
+
+Add more examples to cover different scenarios and edge cases.
+`;
+}

package/src/tools/confidence.ts

@@ -0,0 +1,93 @@
+import { tool } from "@opencode-ai/plugin";
+import { appendConfidence, filterByPhase, summarizeConfidence } from "../orchestrator/confidence";
+import { phaseSchema } from "../orchestrator/schemas";
+import { loadState, saveState } from "../orchestrator/state";
+import { getProjectArtifactDir } from "../utils/paths";
+
+interface ConfidenceArgs {
+	readonly subcommand: string;
+	readonly phase?: string;
+	readonly agent?: string;
+	readonly area?: string;
+	readonly level?: string;
+	readonly rationale?: string;
+}
+
+export async function confidenceCore(args: ConfidenceArgs, artifactDir: string): Promise<string> {
+	try {
+		switch (args.subcommand) {
+			case "append": {
+				if (!args.phase || !args.agent || !args.area || !args.level || !args.rationale) {
+					return JSON.stringify({
+						error: "phase, agent, area, level, and rationale are required",
+					});
+				}
+				const state = await loadState(artifactDir);
+				if (state === null) {
+					return JSON.stringify({ error: "no_state" });
+				}
+				const updated = appendConfidence(state, {
+					phase: args.phase,
+					agent: args.agent,
+					area: args.area,
+					level: args.level as "HIGH" | "MEDIUM" | "LOW",
+					rationale: args.rationale,
+				});
+				await saveState(updated, artifactDir);
+				return JSON.stringify({
+					ok: true,
+					entries: updated.confidence.length,
+				});
+			}
+
+			case "summary": {
+				const state = await loadState(artifactDir);
+				if (state === null) {
+					return JSON.stringify({ error: "no_state" });
+				}
+				const summary = summarizeConfidence(state.confidence);
+				return JSON.stringify(summary);
+			}
+
+			case "filter": {
+				if (!args.phase) {
+					return JSON.stringify({ error: "phase required for filter" });
+				}
+				const state = await loadState(artifactDir);
+				if (state === null) {
+					return JSON.stringify({ error: "no_state" });
+				}
+				const validPhase = phaseSchema.parse(args.phase);
+				const filtered = filterByPhase(state.confidence, validPhase);
+				return JSON.stringify({ entries: filtered });
+			}
+
+			default:
+				return JSON.stringify({
+					error: `unknown subcommand: ${args.subcommand}`,
+				});
+		}
+	} catch (error: unknown) {
+		const message = error instanceof Error ? error.message : String(error);
+		return JSON.stringify({ error: message });
+	}
+}
+
+export const ocConfidence = tool({
+	description:
+		"Manage orchestrator confidence ledger. Subcommands: append (add entry), summary (aggregate counts), filter (entries by phase).",
+	args: {
+		subcommand: tool.schema.enum(["append", "summary", "filter"]).describe("Operation to perform"),
+		phase: tool.schema.string().optional().describe("Phase name for append/filter"),
+		agent: tool.schema.string().optional().describe("Agent name for append"),
+		area: tool.schema.string().optional().describe("Area of confidence for append"),
+		level: tool.schema
+			.enum(["HIGH", "MEDIUM", "LOW"])
+			.optional()
+			.describe("Confidence level for append"),
+		rationale: tool.schema.string().optional().describe("Rationale text for append"),
+	},
+	async execute(args) {
+		return confidenceCore(args, getProjectArtifactDir(process.cwd()));
+	},
+});

package/src/tools/create-agent.ts

@@ -0,0 +1,81 @@
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { tool } from "@opencode-ai/plugin";
+import { generateAgentMarkdown } from "../templates/agent-template";
+import { ensureDir } from "../utils/fs-helpers";
+import { getGlobalConfigDir } from "../utils/paths";
+import { validateAssetName } from "../utils/validators";
+
+interface CreateAgentArgs {
+	readonly name: string;
+	readonly description: string;
+	readonly mode: "primary" | "subagent" | "all";
+	readonly model?: string;
+	readonly temperature?: number;
+}
+
+export async function createAgentCore(args: CreateAgentArgs, baseDir: string): Promise<string> {
+	const validation = validateAssetName(args.name);
+	if (!validation.valid) {
+		return `Error: ${validation.error}`;
+	}
+
+	const agentsDir = join(baseDir, "agents");
+	const filePath = join(agentsDir, `${args.name}.md`);
+
+	const markdown = generateAgentMarkdown({
+		name: args.name,
+		description: args.description,
+		mode: args.mode,
+		model: args.model,
+		temperature: args.temperature,
+	});
+
+	try {
+		await ensureDir(agentsDir);
+		await writeFile(filePath, markdown, { encoding: "utf-8", flag: "wx" });
+	} catch (error) {
+		if (
+			error instanceof Error &&
+			"code" in error &&
+			(error as NodeJS.ErrnoException).code === "EEXIST"
+		) {
+			return `Error: Agent '${args.name}' already exists at ${filePath}. Choose a different name or delete the existing file first.`;
+		}
+		const message = error instanceof Error ? error.message : String(error);
+		return `Error: Failed to write agent: ${message}`;
+	}
+
+	return `Agent '${args.name}' created at ${filePath}. Restart OpenCode to use it.`;
+}
+
+export const ocCreateAgent = tool({
+	description:
+		"Create a new OpenCode agent. Writes a properly-formatted agent markdown file to ~/.config/opencode/agents/.",
+	args: {
+		name: tool.schema
+			.string()
+			.min(1)
+			.max(64)
+			.describe("Agent name (e.g., 'code-reviewer'). Lowercase alphanumeric with hyphens."),
+		description: tool.schema.string().min(1).max(500).describe("What the agent does"),
+		mode: tool.schema
+			.enum(["primary", "subagent", "all"])
+			.default("subagent")
+			.describe("Agent mode: primary (main agent), subagent (invoked via @mention), or all (both)"),
+		model: tool.schema
+			.string()
+			.max(128)
+			.optional()
+			.describe("Model identifier (omit for model-agnostic)"),
+		temperature: tool.schema
+			.number()
+			.min(0)
+			.max(1)
+			.optional()
+			.describe("Temperature 0.0-1.0 (omit for default)"),
+	},
+	async execute(args) {
+		return createAgentCore(args, getGlobalConfigDir());
+	},
+});

package/src/tools/create-command.ts

@@ -0,0 +1,74 @@
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { tool } from "@opencode-ai/plugin";
+import { generateCommandMarkdown } from "../templates/command-template";
+import { ensureDir } from "../utils/fs-helpers";
+import { getGlobalConfigDir } from "../utils/paths";
+import { validateCommandName } from "../utils/validators";
+
+interface CreateCommandArgs {
+	readonly name: string;
+	readonly description: string;
+	readonly agent?: string;
+	readonly model?: string;
+}
+
+export async function createCommandCore(args: CreateCommandArgs, baseDir: string): Promise<string> {
+	const validation = validateCommandName(args.name);
+	if (!validation.valid) {
+		return `Error: ${validation.error}`;
+	}
+
+	const commandsDir = join(baseDir, "commands");
+	const filePath = join(commandsDir, `${args.name}.md`);
+
+	const markdown = generateCommandMarkdown({
+		name: args.name,
+		description: args.description,
+		agent: args.agent,
+		model: args.model,
+	});
+
+	try {
+		await ensureDir(commandsDir);
+		await writeFile(filePath, markdown, { encoding: "utf-8", flag: "wx" });
+	} catch (error) {
+		if (
+			error instanceof Error &&
+			"code" in error &&
+			(error as NodeJS.ErrnoException).code === "EEXIST"
+		) {
+			return `Error: Command '${args.name}' already exists at ${filePath}. Choose a different name or delete the existing file first.`;
+		}
+		const message = error instanceof Error ? error.message : String(error);
+		return `Error: Failed to write command: ${message}`;
+	}
+
+	return `Command '${args.name}' created at ${filePath}. Restart OpenCode to use it.`;
+}
+
+export const ocCreateCommand = tool({
+	description:
+		"Create a new OpenCode command. Writes a command markdown file to ~/.config/opencode/commands/.",
+	args: {
+		name: tool.schema
+			.string()
+			.min(1)
+			.max(64)
+			.describe("Command name (e.g., 'review'). Lowercase alphanumeric with hyphens."),
+		description: tool.schema
+			.string()
+			.min(1)
+			.max(500)
+			.describe("What the command does when invoked"),
+		agent: tool.schema
+			.string()
+			.max(64)
+			.optional()
+			.describe("Agent to use when running this command (e.g., 'code-reviewer')"),
+		model: tool.schema.string().max(128).optional().describe("Model override for this command"),
+	},
+	async execute(args) {
+		return createCommandCore(args, getGlobalConfigDir());
+	},
+});

package/src/tools/create-skill.ts

@@ -0,0 +1,74 @@
+import { writeFile } from "node:fs/promises";
+import { join } from "node:path";
+import { tool } from "@opencode-ai/plugin";
+import { generateSkillMarkdown } from "../templates/skill-template";
+import { ensureDir } from "../utils/fs-helpers";
+import { getGlobalConfigDir } from "../utils/paths";
+import { validateAssetName } from "../utils/validators";
+
+interface CreateSkillArgs {
+	readonly name: string;
+	readonly description: string;
+	readonly license?: string;
+	readonly compatibility?: string;
+}
+
+export async function createSkillCore(args: CreateSkillArgs, baseDir: string): Promise<string> {
+	const validation = validateAssetName(args.name);
+	if (!validation.valid) {
+		return `Error: ${validation.error}`;
+	}
+
+	const skillDir = join(baseDir, "skills", args.name);
+	const filePath = join(skillDir, "SKILL.md");
+
+	const markdown = generateSkillMarkdown({
+		name: args.name,
+		description: args.description,
+		license: args.license,
+		compatibility: args.compatibility,
+	});
+
+	try {
+		await ensureDir(skillDir);
+		await writeFile(filePath, markdown, { encoding: "utf-8", flag: "wx" });
+	} catch (error) {
+		if (
+			error instanceof Error &&
+			"code" in error &&
+			(error as NodeJS.ErrnoException).code === "EEXIST"
+		) {
+			return `Error: Skill '${args.name}' already exists at ${filePath}. Choose a different name or delete the existing skill directory first.`;
+		}
+		const message = error instanceof Error ? error.message : String(error);
+		return `Error: Failed to write skill: ${message}`;
+	}
+
+	return `Skill '${args.name}' created at ${filePath}. Restart OpenCode to use it.`;
+}
+
+export const ocCreateSkill = tool({
+	description:
+		"Create a new OpenCode skill. Writes a SKILL.md file to ~/.config/opencode/skills/<name>/.",
+	args: {
+		name: tool.schema
+			.string()
+			.min(1)
+			.max(64)
+			.describe("Skill name (1-64 chars, lowercase with hyphens, e.g., 'typescript-patterns')"),
+		description: tool.schema
+			.string()
+			.min(1)
+			.max(1024)
+			.describe("What the skill provides to the AI agent"),
+		license: tool.schema.string().max(64).optional().describe("License (e.g., 'MIT')"),
+		compatibility: tool.schema
+			.string()
+			.max(64)
+			.optional()
+			.describe("Compatibility (e.g., 'opencode')"),
+	},
+	async execute(args) {
+		return createSkillCore(args, getGlobalConfigDir());
+	},
+});