npm - @lousy-agents/cli - Versions diffs - 2.10.1 → 3.0.0 - Mend

@lousy-agents/cli 2.10.1 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -32630,6 +32630,15 @@ const RulesetSchema = schemas_object({
     enforcement: schemas_string(),
     rules: schemas_array(RulesetRuleSchema).optional()
 });
+const RepoSecuritySchema = schemas_object({
+    // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+    security_and_analysis: schemas_object({
+        // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+        advanced_security: schemas_object({
+            status: schemas_string()
+        })
+    }).optional()
+});
 /**
  * Parses a GitHub remote URL to extract owner and repo name
  */ function parseRepoFromRemoteUrl(remoteUrl) {
@@ -32704,6 +32713,24 @@ function defaultExec(command, args, options) {
             return null;
         }
     }
+    async hasAdvancedSecurity(owner, repo) {
+        if (!this.octokit) {
+            return false;
+        }
+        try {
+            const { data } = await this.octokit.rest.repos.get({
+                owner,
+                repo
+            });
+            const parsed = RepoSecuritySchema.safeParse(data);
+            if (!parsed.success) {
+                return false;
+            }
+            return parsed.data.security_and_analysis?.advanced_security?.status === "enabled";
+        } catch  {
+            return false;
+        }
+    }
     async listRulesets(owner, repo) {
         if (!this.octokit) {
             throw new Error("Not authenticated");
@@ -33671,8 +33698,44 @@ function isCopilotCodeScanningRule(rule) {
     return findCopilotRuleset(rulesets) !== undefined;
 }
 /**
- * Builds a ruleset payload for enabling Copilot code review
- */ function buildCopilotReviewRulesetPayload() {
+ * Builds a ruleset payload for enabling Copilot code review.
+ * Includes code_scanning rules configured with CodeQL and Copilot Autofix when GitHub Advanced Security is enabled.
+ */ function buildCopilotReviewRulesetPayload(options) {
+    const rules = [
+        {
+            type: "copilot_code_review",
+            parameters: {
+                // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                review_on_push: true,
+                // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                review_draft_pull_requests: true
+            }
+        }
+    ];
+    if (options.advancedSecurityEnabled) {
+        rules.push({
+            type: "code_scanning",
+            parameters: {
+                // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                code_scanning_tools: [
+                    {
+                        tool: "CodeQL",
+                        // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                        security_alerts_threshold: "high_or_higher",
+                        // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                        alerts_threshold: "errors"
+                    },
+                    {
+                        tool: "Copilot Autofix",
+                        // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                        security_alerts_threshold: "high_or_higher",
+                        // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
+                        alerts_threshold: "errors"
+                    }
+                ]
+            }
+        });
+    }
     return {
         name: "Copilot Code Review",
         enforcement: "active",
@@ -33688,32 +33751,7 @@ function isCopilotCodeScanningRule(rule) {
                 exclude: []
             }
         },
-        rules: [
-            {
-                type: "copilot_code_review",
-                parameters: {
-                    // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
-                    review_on_push: true,
-                    // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
-                    review_draft_pull_requests: true
-                }
-            },
-            {
-                type: "code_scanning",
-                parameters: {
-                    // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
-                    code_scanning_tools: [
-                        {
-                            tool: "Copilot Autofix",
-                            // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
-                            security_alerts_threshold: "high_or_higher",
-                            // biome-ignore lint/style/useNamingConvention: GitHub API schema requires snake_case
-                            alerts_threshold: "errors"
-                        }
-                    ]
-                }
-            }
-        ]
+        rules
     };
 }
 /**
@@ -34683,7 +34721,10 @@ async function checkAndPromptRuleset(rulesetGateway, targetDir, prompt) {
         return;
     }
     try {
-        const payload = buildCopilotReviewRulesetPayload();
+        const advancedSecurityEnabled = await rulesetGateway.hasAdvancedSecurity(repoInfo.owner, repoInfo.repo);
+        const payload = buildCopilotReviewRulesetPayload({
+            advancedSecurityEnabled
+        });
         await rulesetGateway.createRuleset(repoInfo.owner, repoInfo.repo, payload);
         consola.success(`Created Copilot PR review ruleset: "${payload.name}"`);
     } catch (error) {
@@ -55118,6 +55159,102 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     return new RemarkMarkdownAstGateway();
 }
+;// CONCATENATED MODULE: ./src/entities/lint-rules.ts
+/**
+ * Lint rule registry entity.
+ * Defines all known lint rule IDs with their default severities, organized by target.
+ */ /** Valid severity values for rule configuration */ /** Default severity levels for all known lint rules */ const DEFAULT_LINT_RULES = {
+    agents: {
+        "agent/missing-frontmatter": "error",
+        "agent/invalid-frontmatter": "error",
+        "agent/missing-name": "error",
+        "agent/invalid-name-format": "error",
+        "agent/name-mismatch": "error",
+        "agent/missing-description": "error",
+        "agent/invalid-description": "error",
+        "agent/invalid-field": "warn"
+    },
+    instructions: {
+        "instruction/parse-error": "warn",
+        "instruction/command-not-in-code-block": "warn",
+        "instruction/command-outside-section": "warn",
+        "instruction/missing-error-handling": "warn"
+    },
+    skills: {
+        "skill/invalid-frontmatter": "error",
+        "skill/missing-frontmatter": "error",
+        "skill/missing-name": "error",
+        "skill/invalid-name-format": "error",
+        "skill/name-mismatch": "error",
+        "skill/missing-description": "error",
+        "skill/invalid-description": "error",
+        "skill/missing-allowed-tools": "warn"
+    }
+};
+;// CONCATENATED MODULE: ./src/lib/lint-config.ts
+/**
+ * Lint configuration loader.
+ * Loads lint rule severity overrides from c12 config and merges with defaults.
+ */
+/** Zod schema for a rule config map: rule IDs validated with regex to prevent prototype pollution */ const RuleConfigMapSchema = record(schemas_string().regex(/^[a-z]+\/[a-z]+(?:-[a-z]+)*$/), schemas_enum([
+    "error",
+    "warn",
+    "off"
+]));
+/** Zod schema for the lint.rules section of the config */ const LintRulesConfigSchema = schemas_object({
+    agents: RuleConfigMapSchema.optional(),
+    instructions: RuleConfigMapSchema.optional(),
+    skills: RuleConfigMapSchema.optional()
+});
+/** Zod schema for the lint section of the config */ const LintConfigSchema = schemas_object({
+    lint: schemas_object({
+        rules: LintRulesConfigSchema.optional()
+    }).optional()
+});
+/**
+ * Merges user overrides with defaults for a single target.
+ * Only known rule IDs (present in defaults) are applied; unknown IDs are discarded.
+ */ function mergeTargetRules(defaults, overrides) {
+    if (!overrides) {
+        return defaults;
+    }
+    const merged = {
+        ...defaults
+    };
+    for (const [ruleId, severity] of Object.entries(overrides)){
+        if (Object.hasOwn(defaults, ruleId)) {
+            merged[ruleId] = severity;
+        }
+    }
+    return merged;
+}
+/**
+ * Loads lint configuration from the target directory using c12.
+ * Merges user overrides with default rule severities.
+ * Throws on config load failures (syntax errors, permission denied, validation errors).
+ */ async function loadLintConfig(targetDir) {
+    const { config } = await loadConfig({
+        name: "lousy-agents",
+        cwd: targetDir
+    });
+    if (!config) {
+        return DEFAULT_LINT_RULES;
+    }
+    const parsed = LintConfigSchema.parse(config);
+    const rules = parsed.lint?.rules;
+    if (!rules) {
+        return DEFAULT_LINT_RULES;
+    }
+    return {
+        agents: mergeTargetRules(DEFAULT_LINT_RULES.agents, rules.agents),
+        instructions: mergeTargetRules(DEFAULT_LINT_RULES.instructions, rules.instructions),
+        skills: mergeTargetRules(DEFAULT_LINT_RULES.skills, rules.skills)
+    };
+}
 ;// CONCATENATED MODULE: ./src/entities/instruction-quality.ts
 /**
  * Core domain entities for instruction quality analysis.
@@ -55178,7 +55315,9 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
                     commandScores: [],
                     overallQualityScore: 0,
                     suggestions: [
-                        "No agent instruction files found. Supported formats: .github/copilot-instructions.md, .github/instructions/*.md, .github/agents/*.md, AGENTS.md, CLAUDE.md"
+                        {
+                            message: "No agent instruction files found. Supported formats: .github/copilot-instructions.md, .github/instructions/*.md, .github/agents/*.md, AGENTS.md, CLAUDE.md"
+                        }
                     ],
                     parsingErrors: []
                 },
@@ -55245,7 +55384,10 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
         const suggestions = this.generateSuggestions(commandScores);
         if (parsingErrors.length > 0) {
             const skippedFiles = parsingErrors.map((pe)=>pe.filePath).join(", ");
-            suggestions.push(`${parsingErrors.length} file(s) could not be parsed and were skipped: ${skippedFiles}. Analysis may be incomplete.`);
+            suggestions.push({
+                message: `${parsingErrors.length} file(s) could not be parsed and were skipped: ${skippedFiles}. Analysis may be incomplete.`,
+                ruleId: "instruction/parse-error"
+            });
         }
         return {
             result: {
@@ -55459,22 +55601,33 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
         const lowStructural = commandScores.filter((s)=>s.structuralContext === 0 && s.bestSourceFile !== "");
         if (lowStructural.length > 0) {
             const names = lowStructural.map((s)=>s.commandName).join(", ");
-            suggestions.push(`Commands not under a dedicated section: ${names}. Add a heading like "## Validation" or "## Feedback Loop" above these commands.`);
+            suggestions.push({
+                message: `Commands not under a dedicated section: ${names}. Add a heading like "## Validation" or "## Feedback Loop" above these commands.`,
+                ruleId: "instruction/command-outside-section"
+            });
         }
         const lowExecution = commandScores.filter((s)=>s.executionClarity === 0 && s.bestSourceFile !== "");
         if (lowExecution.length > 0) {
             const names = lowExecution.map((s)=>s.commandName).join(", ");
-            suggestions.push(`Commands not in code blocks: ${names}. Document these commands in fenced code blocks for clarity.`);
+            suggestions.push({
+                message: `Commands not in code blocks: ${names}. Document these commands in fenced code blocks for clarity.`,
+                ruleId: "instruction/command-not-in-code-block"
+            });
         }
         const lowLoop = commandScores.filter((s)=>s.loopCompleteness === 0 && s.executionClarity === 1 && s.bestSourceFile !== "");
         if (lowLoop.length > 0) {
             const names = lowLoop.map((s)=>s.commandName).join(", ");
-            suggestions.push(`Commands missing error handling guidance: ${names}. Add instructions for what to do if the command fails.`);
+            suggestions.push({
+                message: `Commands missing error handling guidance: ${names}. Add instructions for what to do if the command fails.`,
+                ruleId: "instruction/missing-error-handling"
+            });
         }
         const notFound = commandScores.filter((s)=>s.bestSourceFile === "");
         if (notFound.length > 0) {
             const names = notFound.map((s)=>s.commandName).join(", ");
-            suggestions.push(`Commands not found in any instruction file: ${names}. Document these feedback loop commands in your instruction files.`);
+            suggestions.push({
+                message: `Commands not found in any instruction file: ${names}. Document these feedback loop commands in your instruction files.`
+            });
         }
         return suggestions;
     }
@@ -55612,14 +55765,8 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
 }
 ;// CONCATENATED MODULE: ./src/use-cases/lint-skill-frontmatter.ts
-/**
- * Use case for linting GitHub Copilot Agent Skill frontmatter.
- * Validates required and recommended fields, name format, and directory naming.
- */
-/**
- * Zod schema for validating agent skill frontmatter.
- * Based on the agentskills.io specification.
- */ const AgentSkillFrontmatterSchema = schemas_object({
+const AgentSkillFrontmatterSchema = schemas_object({
     name: schemas_string().min(1, "Name is required").max(64, "Name must be 64 characters or fewer").regex(/^[a-z0-9]+(?:-[a-z0-9]+)*$/, "Name must contain only lowercase letters, numbers, and hyphens. It cannot start/end with a hyphen or contain consecutive hyphens."),
     description: schemas_string().min(1, "Description is required").max(1024, "Description must be 1024 characters or fewer").refine((s)=>s.trim().length > 0, {
         message: "Description cannot be empty or whitespace-only"
@@ -55629,14 +55776,13 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     metadata: record(schemas_string(), schemas_string()).optional(),
     "allowed-tools": schemas_string().optional()
 });
-/**
- * Recommended (optional) fields that produce warnings when missing.
- */ const RECOMMENDED_FIELDS = [
+const RECOMMENDED_FIELDS = [
     "allowed-tools"
 ];
-/**
- * Use case for linting skill frontmatter across a repository.
- */ class LintSkillFrontmatterUseCase {
+const RECOMMENDED_FIELD_RULE_IDS = {
+    "allowed-tools": "skill/missing-allowed-tools"
+};
+class LintSkillFrontmatterUseCase {
     gateway;
     constructor(gateway){
         this.gateway = gateway;
@@ -55672,16 +55818,20 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
             diagnostics.push({
                 line: 1,
                 severity: "error",
-                message: errorMessage
+                message: errorMessage,
+                ruleId: "skill/invalid-frontmatter"
             });
         }
         if (!parsed) {
             if (diagnostics.length === 0) {
-                const message = hasFrontmatterDelimiters(content) ? "Invalid YAML frontmatter. The content between --- delimiters could not be parsed as valid YAML." : "Missing YAML frontmatter. Skill files must begin with --- delimited YAML frontmatter.";
+                const hasDelimiters = hasFrontmatterDelimiters(content);
+                const message = hasDelimiters ? "Invalid YAML frontmatter. The content between --- delimiters could not be parsed as valid YAML." : "Missing YAML frontmatter. Skill files must begin with --- delimited YAML frontmatter.";
+                const ruleId = hasDelimiters ? "skill/invalid-frontmatter" : "skill/missing-frontmatter";
                 diagnostics.push({
                     line: 1,
                     severity: "error",
-                    message
+                    message,
+                    ruleId
                 });
             }
             return {
@@ -55702,47 +55852,58 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     }
     validateFrontmatter(parsed, parentDirName) {
         const diagnostics = [];
-        // Validate against Zod schema
         const result = AgentSkillFrontmatterSchema.safeParse(parsed.data);
         if (!result.success) {
             for (const issue of result.error.issues){
                 const fieldName = issue.path[0]?.toString();
                 const line = fieldName ? parsed.fieldLines.get(fieldName) ?? parsed.frontmatterStartLine : parsed.frontmatterStartLine;
+                const ruleId = this.getRuleIdForField(fieldName, issue.code, parsed.data);
                 diagnostics.push({
                     line,
                     severity: "error",
                     message: issue.message,
-                    field: fieldName
+                    field: fieldName,
+                    ruleId
                 });
             }
         }
-        // Check name matches parent directory
         if (result.success && result.data.name !== parentDirName) {
             const nameLine = parsed.fieldLines.get("name") ?? parsed.frontmatterStartLine;
             diagnostics.push({
                 line: nameLine,
                 severity: "error",
                 message: `Frontmatter name '${result.data.name}' must match parent directory name '${parentDirName}'`,
-                field: "name"
+                field: "name",
+                ruleId: "skill/name-mismatch"
             });
         }
-        // Check recommended fields
         for (const field of RECOMMENDED_FIELDS){
             if (parsed.data[field] === undefined) {
                 diagnostics.push({
                     line: parsed.frontmatterStartLine,
                     severity: "warning",
                     message: `Recommended field '${field}' is missing`,
-                    field
+                    field,
+                    ruleId: RECOMMENDED_FIELD_RULE_IDS[field]
                 });
             }
         }
         return diagnostics;
     }
+    getRuleIdForField(fieldName, issueCode, inputData) {
+        // Check the actual input data for field presence rather than
+        // relying on Zod message text which can change across versions.
+        const isMissing = issueCode === "invalid_type" && (fieldName === undefined || !Object.hasOwn(inputData, fieldName));
+        if (fieldName === "name") {
+            return isMissing ? "skill/missing-name" : "skill/invalid-name-format";
+        }
+        if (fieldName === "description") {
+            return isMissing ? "skill/missing-description" : "skill/invalid-description";
+        }
+        return "skill/invalid-frontmatter";
+    }
 }
-/**
- * Checks whether content has opening and closing --- frontmatter delimiters.
- */ function hasFrontmatterDelimiters(content) {
+function hasFrontmatterDelimiters(content) {
     const lines = content.split("\n");
     if (lines[0]?.trim() !== "---") {
         return false;
@@ -55772,6 +55933,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
 /** Schema for validating target directory */ const TargetDirSchema = schemas_string().min(1, "Target directory is required");
 /**
  * Validates the target directory.
@@ -55796,6 +55958,7 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
                 severity: d.severity,
                 message: d.message,
                 field: d.field,
+                ruleId: d.ruleId,
                 target: "skill"
             });
         }
@@ -55932,8 +56095,80 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
         consola.info(`Overall instruction quality score: ${result.overallQualityScore}%`);
     }
     for (const suggestion of result.suggestions){
-        consola.warn(suggestion);
+        consola.warn(suggestion.message);
+    }
+}
+/** Maps a lint target to its config key */ const TARGET_TO_CONFIG_KEY = {
+    skill: "skills",
+    agent: "agents",
+    instruction: "instructions"
+};
+/**
+ * Maps config-facing severity to diagnostic-facing severity.
+ * "warn" → "warning", "error" → "error", "off" → null (drop).
+ */ function lint_mapSeverity(configSeverity) {
+    if (configSeverity === "off") {
+        return null;
+    }
+    if (configSeverity === "warn") {
+        return "warning";
     }
+    return configSeverity;
+}
+/**
+ * Filters instruction suggestions based on rule severity configuration.
+ * Drops suggestions whose corresponding rule is "off".
+ * Suggestions without a ruleId pass through unchanged.
+ */ function filterInstructionSuggestions(suggestions, rules) {
+    return suggestions.filter((suggestion)=>{
+        if (!suggestion.ruleId) {
+            return true;
+        }
+        return rules[suggestion.ruleId] !== "off";
+    });
+}
+/**
+ * Applies severity filtering to a LintOutput based on rule configuration.
+ * Drops diagnostics for "off" rules, remaps severity for "warn"/"error" rules.
+ * Diagnostics without a ruleId pass through unchanged.
+ * For instruction targets, also filters qualityResult.suggestions.
+ */ function applySeverityFilter(output, rulesConfig) {
+    const configKey = TARGET_TO_CONFIG_KEY[output.target];
+    const targetRules = rulesConfig[configKey];
+    const filteredDiagnostics = [];
+    for (const diagnostic of output.diagnostics){
+        const configuredSeverity = diagnostic.ruleId ? targetRules[diagnostic.ruleId] : undefined;
+        if (!configuredSeverity) {
+            filteredDiagnostics.push(diagnostic);
+            continue;
+        }
+        const mappedSeverity = lint_mapSeverity(configuredSeverity);
+        if (mappedSeverity === null) {
+            continue;
+        }
+        filteredDiagnostics.push({
+            ...diagnostic,
+            severity: mappedSeverity
+        });
+    }
+    const totalErrors = filteredDiagnostics.filter((d)=>d.severity === "error").length;
+    const totalWarnings = filteredDiagnostics.filter((d)=>d.severity === "warning").length;
+    const totalInfos = filteredDiagnostics.filter((d)=>d.severity === "info").length;
+    const filteredQualityResult = output.qualityResult && configKey === "instructions" ? {
+        ...output.qualityResult,
+        suggestions: filterInstructionSuggestions(output.qualityResult.suggestions, targetRules)
+    } : output.qualityResult;
+    return {
+        ...output,
+        diagnostics: filteredDiagnostics,
+        qualityResult: filteredQualityResult,
+        summary: {
+            ...output.summary,
+            totalErrors,
+            totalWarnings,
+            totalInfos
+        }
+    };
 }
 /**
  * The `lint` command for validating agent skills, custom agents, and instruction files.
@@ -55967,6 +56202,15 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
     run: async (context)=>{
         const rawTargetDir = typeof context.data?.targetDir === "string" ? context.data.targetDir : process.cwd();
         const targetDir = validateTargetDir(rawTargetDir);
+        let rulesConfig;
+        try {
+            rulesConfig = await loadLintConfig(targetDir);
+        } catch (error) {
+            const message = error instanceof Error ? error.message : String(error);
+            consola.error(`Failed to load lint configuration: ${message}`);
+            process.exitCode = 1;
+            return;
+        }
         const lintSkillsFlag = context.args?.skills === true || context.data?.skills === true;
         const lintAgentsFlag = context.args?.agents === true || context.data?.agents === true;
         const lintInstructionsFlag = context.args?.instructions === true || context.data?.instructions === true;
@@ -55981,19 +56225,22 @@ const remark = unified().use(remarkParse).use(remarkStringify).freeze()
         let totalWarnings = 0;
         const allOutputs = [];
         if (noFlagProvided || lintSkillsFlag) {
-            const skillOutput = await lintSkills(targetDir);
+            const rawOutput = await lintSkills(targetDir);
+            const skillOutput = applySeverityFilter(rawOutput, rulesConfig);
             allOutputs.push(skillOutput);
             totalErrors += skillOutput.summary.totalErrors;
             totalWarnings += skillOutput.summary.totalWarnings;
         }
         if (noFlagProvided || lintAgentsFlag) {
-            const agentOutput = await lintAgents(targetDir);
+            const rawOutput = await lintAgents(targetDir);
+            const agentOutput = applySeverityFilter(rawOutput, rulesConfig);
             allOutputs.push(agentOutput);
             totalErrors += agentOutput.summary.totalErrors;
             totalWarnings += agentOutput.summary.totalWarnings;
         }
         if (noFlagProvided || lintInstructionsFlag) {
-            const instructionOutput = await lintInstructions(targetDir);
+            const rawOutput = await lintInstructions(targetDir);
+            const instructionOutput = applySeverityFilter(rawOutput, rulesConfig);
             allOutputs.push(instructionOutput);
             totalErrors += instructionOutput.summary.totalErrors;
             totalWarnings += instructionOutput.summary.totalWarnings;