@kody-ade/kody-engine-lite 0.1.0

package/package.json

@@ -0,0 +1,35 @@
+{
+  "name": "@kody-ade/kody-engine-lite",
+  "version": "0.1.0",
+  "description": "Autonomous SDLC pipeline: Kody orchestration + Claude Code + LiteLLM",
+  "license": "MIT",
+  "type": "module",
+  "bin": {
+    "kody-engine-lite": "./dist/bin/cli.js"
+  },
+  "files": [
+    "dist",
+    "prompts",
+    "templates"
+  ],
+  "scripts": {
+    "kody": "tsx src/entry.ts",
+    "build": "tsup",
+    "test": "vitest run",
+    "typecheck": "tsc --noEmit",
+    "prepublishOnly": "pnpm build"
+  },
+  "dependencies": {
+    "dotenv": "^16.4.7"
+  },
+  "devDependencies": {
+    "@types/node": "^22.5.4",
+    "tsup": "^8.5.1",
+    "tsx": "^4.21.0",
+    "typescript": "~5.7.0",
+    "vitest": "^4.1.1"
+  },
+  "engines": {
+    "node": ">=22"
+  }
+}

package/prompts/autofix.md

@@ -0,0 +1,21 @@
+---
+name: autofix
+description: Fix verification errors (typecheck, lint, test failures)
+mode: primary
+tools: [read, write, edit, bash, glob, grep]
+---
+
+You are an autofix agent. The verification stage failed. Fix the errors below.
+
+STRATEGY (in order):
+1. Try quick wins first: run `pnpm lint:fix` and `pnpm format:fix` via Bash
+2. Read the error output carefully — understand WHAT failed and WHY
+3. For type errors: Read the affected file, fix the type mismatch
+4. For test failures: Read both the test and the implementation, fix the root cause
+5. For lint errors: Apply the specific fix the linter suggests
+6. After EACH fix, re-run the failing command to verify it passes
+7. Do NOT commit or push — the orchestrator handles git
+
+Do NOT make unrelated changes. Fix ONLY the reported errors.
+
+{{TASK_CONTEXT}}

package/prompts/build.md

@@ -0,0 +1,26 @@
+---
+name: build
+description: Implement code changes following Superpowers Executing Plans methodology
+mode: primary
+tools: [read, write, edit, bash, glob, grep]
+---
+
+You are a code implementation agent following the Superpowers Executing Plans methodology.
+
+CRITICAL RULES:
+1. Follow the plan EXACTLY — step by step, in order. Do not skip or reorder steps.
+2. Read existing code BEFORE modifying (use Read tool first, always).
+3. Verify each step after completion (use Bash to run tests/typecheck).
+4. Write COMPLETE, working code — no stubs, no TODOs, no placeholders.
+5. Do NOT commit or push — the orchestrator handles git.
+6. If the plan says to write tests first, write tests first.
+7. Document any deviations from the plan (if absolutely necessary).
+
+Implementation discipline:
+- Use Edit for surgical changes to existing files (prefer over Write for modifications)
+- Use Write only for new files
+- Run `pnpm test` after each logical group of changes
+- Run `pnpm tsc --noEmit` periodically to catch type errors early
+- If a test fails after your change, fix it immediately — don't continue
+
+{{TASK_CONTEXT}}

package/prompts/plan.md

@@ -0,0 +1,30 @@
+---
+name: plan
+description: Create a step-by-step implementation plan following Superpowers Writing Plans methodology
+mode: primary
+tools: [read, glob, grep]
+---
+
+You are a planning agent following the Superpowers Writing Plans methodology.
+
+Before planning, examine the codebase to understand existing code structure, patterns, and conventions. Use Read, Glob, and Grep.
+
+Output a markdown plan with numbered steps:
+
+## Step N: <short description>
+**File:** <exact file path>
+**Change:** <precisely what to do>
+**Why:** <rationale>
+**Verify:** <command to run to confirm this step works>
+
+Superpowers Writing Plans rules:
+1. TDD ordering — write tests BEFORE implementation
+2. Each step completable in 2-5 minutes (bite-sized)
+3. Exact file paths — not "the test file" but "src/utils/foo.test.ts"
+4. Include COMPLETE code for new files (not snippets or pseudocode)
+5. Include verification step for each task (e.g., "Run `pnpm test` to confirm")
+6. Order for incremental building — each step builds on the previous
+7. If modifying existing code, show the exact function/line to change
+8. Keep it simple — avoid unnecessary abstractions (YAGNI)
+
+{{TASK_CONTEXT}}

package/prompts/review-fix.md

@@ -0,0 +1,23 @@
+---
+name: review-fix
+description: Fix Critical and Major issues found during code review
+mode: primary
+tools: [read, write, edit, bash, glob, grep]
+---
+
+You are a review-fix agent. The code review found issues that need fixing.
+
+RULES:
+1. Fix ONLY Critical and Major issues (ignore Minor findings)
+2. Use Edit for surgical changes — do NOT rewrite entire files
+3. Run tests after EACH fix to verify nothing breaks
+4. If a fix introduces new issues, revert and try a different approach
+5. Do NOT commit or push — the orchestrator handles git
+
+Read the review findings carefully. For each Critical/Major finding:
+1. Read the affected file to understand full context
+2. Make the minimal change to fix the issue
+3. Run tests to verify the fix
+4. Move to the next finding
+
+{{TASK_CONTEXT}}

package/prompts/review.md

@@ -0,0 +1,46 @@
+---
+name: review
+description: Review code changes for correctness, security, and quality
+mode: primary
+tools: [read, glob, grep, bash]
+---
+
+You are a code review agent. Review all changes made for the task described below.
+
+Use Bash to run `git diff` to see what changed. Use Read to examine modified files in full context.
+
+Output markdown with this EXACT structure:
+
+## Verdict: PASS | FAIL
+
+## Summary
+<1-2 sentence summary of what was changed and why>
+
+## Findings
+
+### Critical
+<Security vulnerabilities, data loss risks, crashes, broken authentication>
+<If none: "None.">
+
+### Major
+<Logic errors, missing edge cases, broken tests, significant performance issues, missing error handling>
+<If none: "None.">
+
+### Minor
+<Style issues, naming improvements, readability, trivial performance, minor refactoring opportunities>
+<If none: "None.">
+
+Severity definitions:
+- **Critical**: Security vulnerability, data loss, application crash, broken authentication, injection risk. MUST fix before merge.
+- **Major**: Logic error, missing edge case, broken test, significant performance issue, missing input validation. SHOULD fix before merge.
+- **Minor**: Style issue, naming improvement, readability, micro-optimization. NICE to fix, not blocking.
+
+Review checklist:
+- [ ] Does the code match the plan?
+- [ ] Are edge cases handled?
+- [ ] Are there security concerns?
+- [ ] Are tests adequate?
+- [ ] Is error handling proper?
+- [ ] Are there any hardcoded values that should be configurable?
+
+{{TASK_CONTEXT}}

package/prompts/taskify.md

@@ -0,0 +1,33 @@
+---
+name: taskify
+description: Classify and structure a task from free-text description
+mode: primary
+tools: [read, glob, grep]
+---
+
+You are a task classification agent following the Superpowers Brainstorming methodology.
+
+Before classifying, examine the codebase to understand the project structure, existing patterns, and affected files. Use Read, Glob, and Grep to explore.
+
+Output ONLY valid JSON. No markdown fences. No explanation. No extra text before or after the JSON.
+
+Required JSON format:
+{
+  "task_type": "feature | bugfix | refactor | docs | chore",
+  "title": "Brief title, max 72 characters",
+  "description": "Clear description of what the task requires",
+  "scope": ["list", "of", "exact/file/paths", "affected"],
+  "risk_level": "low | medium | high"
+}
+
+Risk level heuristics:
+- low: single file change, no breaking changes, docs, config, isolated scripts, test additions, style changes
+- medium: multiple files, possible side effects, API changes, new dependencies, refactoring existing logic
+- high: core business logic, data migrations, security, authentication, payment processing, database schema changes
+
+Guidelines:
+- scope must contain exact file paths (use Glob to discover them)
+- title must be actionable ("Add X", "Fix Y", "Refactor Z")
+- description should capture the intent, not just restate the title
+
+{{TASK_CONTEXT}}

package/templates/kody.yml

@@ -0,0 +1,213 @@
+name: kody
+
+on:
+  workflow_dispatch:
+    inputs:
+      task_id:
+        required: true
+        type: string
+      mode:
+        type: string
+        default: "full"
+      from_stage:
+        type: string
+        default: ""
+      issue_number:
+        type: string
+        default: ""
+      feedback:
+        type: string
+        default: ""
+      dry_run:
+        type: boolean
+        default: false
+
+  issue_comment:
+    types: [created]
+
+  pull_request_review:
+    types: [submitted]
+
+concurrency:
+  group: kody-${{ github.event.inputs.task_id || github.event.issue.number || github.event.pull_request.number || github.sha }}
+  cancel-in-progress: false
+
+permissions:
+  issues: write
+  pull-requests: write
+  contents: write
+
+jobs:
+  # ─── Parse (issue_comment trigger only) ──────────────────────────────────────
+  parse:
+    if: >-
+      github.event_name == 'issue_comment' &&
+      (contains(github.event.comment.body, '@kody') || contains(github.event.comment.body, '/kody'))
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+    outputs:
+      task_id: ${{ steps.parse.outputs.task_id }}
+      mode: ${{ steps.parse.outputs.mode }}
+      from_stage: ${{ steps.parse.outputs.from_stage }}
+      issue_number: ${{ steps.parse.outputs.issue_number }}
+      feedback: ${{ steps.parse.outputs.feedback }}
+      valid: ${{ steps.parse.outputs.valid }}
+    steps:
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install Kody Engine
+        run: npm install -g @kody-ade/kody-engine-lite
+
+      - name: Validate author
+        id: safety
+        run: |
+          ALLOWED="COLLABORATOR MEMBER OWNER"
+          ASSOC="${{ github.event.comment.author_association }}"
+          if echo "$ALLOWED" | grep -qw "$ASSOC"; then
+            echo "valid=true" >> $GITHUB_OUTPUT
+          else
+            echo "valid=false" >> $GITHUB_OUTPUT
+            echo "reason=Author association '$ASSOC' not allowed" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Add reaction
+        if: steps.safety.outputs.valid == 'true'
+        uses: actions/github-script@v7
+        continue-on-error: true
+        with:
+          script: |
+            await github.rest.reactions.createForIssueComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              comment_id: context.payload.comment.id,
+              content: 'eyes'
+            })
+
+      - name: Parse inputs
+        if: steps.safety.outputs.valid == 'true'
+        id: parse
+        run: |
+          BODY="${{ github.event.comment.body }}"
+          # Extract: @kody [mode] [task-id] [--from stage]
+          KODY_ARGS=$(echo "$BODY" | grep -oP '(?:@kody|/kody)\s+\K.*' || echo "")
+          MODE=$(echo "$KODY_ARGS" | awk '{print $1}')
+          TASK_ID=$(echo "$KODY_ARGS" | awk '{print $2}')
+          FROM_STAGE=$(echo "$KODY_ARGS" | grep -oP '(?<=--from )\S+' || echo "")
+          FEEDBACK=$(echo "$KODY_ARGS" | grep -oP '(?<=--feedback ")[^"]*' || echo "")
+
+          # Validate mode
+          case "$MODE" in
+            full|rerun|status) ;;
+            *) MODE="full"; TASK_ID="$MODE" ;;
+          esac
+
+          echo "task_id=$TASK_ID" >> $GITHUB_OUTPUT
+          echo "mode=$MODE" >> $GITHUB_OUTPUT
+          echo "from_stage=$FROM_STAGE" >> $GITHUB_OUTPUT
+          echo "issue_number=${{ github.event.issue.number }}" >> $GITHUB_OUTPUT
+          echo "feedback=$FEEDBACK" >> $GITHUB_OUTPUT
+          echo "valid=$([ -n "$TASK_ID" ] && echo true || echo false)" >> $GITHUB_OUTPUT
+
+  # ─── Orchestrate ─────────────────────────────────────────────────────────────
+  orchestrate:
+    if: >-
+      github.event_name == 'workflow_dispatch' ||
+      (needs.parse.result == 'success' && needs.parse.outputs.valid == 'true') ||
+      (github.event_name == 'pull_request_review' && github.event.review.state == 'changes_requested')
+    needs: [parse]
+    runs-on: ubuntu-latest
+    timeout-minutes: 120
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+          persist-credentials: true
+
+      - uses: pnpm/action-setup@v4
+      - uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: pnpm
+
+      - run: pnpm install --frozen-lockfile
+
+      - name: Install Kody Engine
+        run: npm install -g @kody-ade/kody-engine-lite
+
+      - name: Install Claude Code CLI
+        run: npm install -g @anthropic-ai/claude-code
+
+      - name: Configure git
+        run: |
+          git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git config user.name "github-actions[bot]"
+
+      - name: Run Kody pipeline
+        env:
+          ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TASK_ID: ${{ github.event.inputs.task_id || needs.parse.outputs.task_id }}
+          MODE: ${{ github.event.inputs.mode || needs.parse.outputs.mode || 'full' }}
+          FROM_STAGE: ${{ github.event.inputs.from_stage || needs.parse.outputs.from_stage }}
+          ISSUE_NUMBER: ${{ github.event.inputs.issue_number || needs.parse.outputs.issue_number }}
+          FEEDBACK: ${{ github.event.inputs.feedback || needs.parse.outputs.feedback }}
+          DRY_RUN: ${{ github.event.inputs.dry_run || 'false' }}
+        run: kody-engine-lite
+
+      - name: Pipeline summary
+        if: always()
+        run: |
+          TASK_ID="${{ github.event.inputs.task_id || needs.parse.outputs.task_id }}"
+          if [ -f ".tasks/${TASK_ID}/status.json" ]; then
+            echo "## Pipeline Status" >> $GITHUB_STEP_SUMMARY
+            echo '```json' >> $GITHUB_STEP_SUMMARY
+            cat ".tasks/${TASK_ID}/status.json" >> $GITHUB_STEP_SUMMARY
+            echo '```' >> $GITHUB_STEP_SUMMARY
+          fi
+
+      - name: Upload artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: kody-tasks-${{ github.event.inputs.task_id || needs.parse.outputs.task_id }}
+          path: .tasks/
+          retention-days: 7
+
+  # ─── Error Notifications ─────────────────────────────────────────────────────
+  notify-parse-error:
+    if: >-
+      github.event_name == 'issue_comment' &&
+      needs.parse.outputs.valid != 'true' &&
+      (contains(github.event.comment.body, '@kody') || contains(github.event.comment.body, '/kody'))
+    needs: [parse]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            await github.rest.issues.createComment({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              issue_number: context.issue.number,
+              body: '❌ Failed to parse command.\n\nUsage: `@kody [full|rerun|status] <task-id> [--from <stage>] [--feedback "<text>"]`'
+            })
+
+  notify-orchestrate-error:
+    if: failure() && needs.orchestrate.result == 'failure'
+    needs: [orchestrate]
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/github-script@v7
+        with:
+          script: |
+            const issueNumber = Number('${{ github.event.inputs.issue_number || needs.parse.outputs.issue_number || 0 }}');
+            if (issueNumber > 0) {
+              await github.rest.issues.createComment({
+                owner: context.repo.owner,
+                repo: context.repo.repo,
+                issue_number: issueNumber,
+                body: `❌ Pipeline failed. [View logs](${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId})`
+              });
+            }