@lucasi/vibes 0.1.0

package/tools/git-summary.ts

@@ -0,0 +1,56 @@
+/**
+ * ECC Custom Tool: Git Summary
+ *
+ * Returns branch/status/log/diff details for the active repository.
+ */
+
+import { tool, type ToolDefinition } from "@opencode-ai/plugin/tool"
+import { execSync } from "child_process"
+
+const gitSummaryTool: ToolDefinition = tool({
+  description:
+    "Generate git summary with branch, status, recent commits, and optional diff stats.",
+  args: {
+    depth: tool.schema
+      .number()
+      .optional()
+      .describe("Number of recent commits to include (default: 5)"),
+    includeDiff: tool.schema
+      .boolean()
+      .optional()
+      .describe("Include diff stats against base branch (default: true)"),
+    baseBranch: tool.schema
+      .string()
+      .optional()
+      .describe("Base branch for diff comparison (default: main)"),
+  },
+  async execute(args, context) {
+    const cwd = context.worktree || context.directory
+    const depth = args.depth ?? 5
+    const includeDiff = args.includeDiff ?? true
+    const baseBranch = args.baseBranch ?? "main"
+
+    const result: Record<string, string> = {
+      branch: run("git branch --show-current", cwd) || "unknown",
+      status: run("git status --short", cwd) || "clean",
+      log: run(`git log --oneline -${depth}`, cwd) || "no commits found",
+    }
+
+    if (includeDiff) {
+      result.stagedDiff = run("git diff --cached --stat", cwd) || ""
+      result.branchDiff = run(`git diff ${baseBranch}...HEAD --stat`, cwd) || `unable to diff against ${baseBranch}`
+    }
+
+    return JSON.stringify(result)
+  },
+})
+
+export default gitSummaryTool
+
+function run(command: string, cwd: string): string {
+  try {
+    return execSync(command, { cwd, encoding: "utf-8", stdio: ["ignore", "pipe", "pipe"] }).trim()
+  } catch {
+    return ""
+  }
+}

package/tools/index.ts

@@ -0,0 +1,14 @@
+/**
+ * ECC Custom Tools for OpenCode
+ *
+ * These tools extend OpenCode with additional capabilities.
+ */
+
+// Re-export all tools
+export { default as runTests } from "./run-tests.js"
+export { default as checkCoverage } from "./check-coverage.js"
+export { default as securityAudit } from "./security-audit.js"
+export { default as formatCode } from "./format-code.js"
+export { default as lintCheck } from "./lint-check.js"
+export { default as gitSummary } from "./git-summary.js"
+export { default as changedFiles } from "./changed-files.js"

package/tools/lint-check.ts

@@ -0,0 +1,87 @@
+/**
+ * ECC Custom Tool: Lint Check
+ *
+ * Detects the appropriate linter and returns a runnable lint command.
+ */
+
+import { tool, type ToolDefinition } from "@opencode-ai/plugin/tool"
+import * as path from "path"
+import * as fs from "fs"
+
+type Linter = "biome" | "eslint" | "ruff" | "pylint" | "golangci-lint"
+
+const lintCheckTool: ToolDefinition = tool({
+  description:
+    "Detect linter for a target path and return command for check/fix runs.",
+  args: {
+    target: tool.schema
+      .string()
+      .optional()
+      .describe("File or directory to lint (default: current directory)"),
+    fix: tool.schema
+      .boolean()
+      .optional()
+      .describe("Enable auto-fix mode"),
+    linter: tool.schema
+      .enum(["biome", "eslint", "ruff", "pylint", "golangci-lint"])
+      .optional()
+      .describe("Optional linter override"),
+  },
+  async execute(args, context) {
+    const cwd = context.worktree || context.directory
+    const target = args.target || "."
+    const fix = args.fix ?? false
+    const detected = args.linter || detectLinter(cwd)
+
+    const command = buildLintCommand(detected, target, fix)
+    return JSON.stringify({
+      success: true,
+      linter: detected,
+      command,
+      instructions: `Run this command:\n\n${command}`,
+    })
+  },
+})
+
+export default lintCheckTool
+
+function detectLinter(cwd: string): Linter {
+  if (fs.existsSync(path.join(cwd, "biome.json")) || fs.existsSync(path.join(cwd, "biome.jsonc"))) {
+    return "biome"
+  }
+
+  const eslintConfigs = [
+    ".eslintrc.json",
+    ".eslintrc.js",
+    ".eslintrc.cjs",
+    "eslint.config.js",
+    "eslint.config.mjs",
+  ]
+  if (eslintConfigs.some((name) => fs.existsSync(path.join(cwd, name)))) {
+    return "eslint"
+  }
+
+  const pyprojectPath = path.join(cwd, "pyproject.toml")
+  if (fs.existsSync(pyprojectPath)) {
+    try {
+      const content = fs.readFileSync(pyprojectPath, "utf-8")
+      if (content.includes("ruff")) return "ruff"
+    } catch {
+      // ignore read errors and keep fallback logic
+    }
+  }
+
+  if (fs.existsSync(path.join(cwd, ".golangci.yml")) || fs.existsSync(path.join(cwd, ".golangci.yaml"))) {
+    return "golangci-lint"
+  }
+
+  return "eslint"
+}
+
+function buildLintCommand(linter: Linter, target: string, fix: boolean): string {
+  if (linter === "biome") return `npx @biomejs/biome lint${fix ? " --write" : ""} ${target}`
+  if (linter === "eslint") return `npx eslint${fix ? " --fix" : ""} ${target}`
+  if (linter === "ruff") return `ruff check${fix ? " --fix" : ""} ${target}`
+  if (linter === "pylint") return `pylint ${target}`
+  return `golangci-lint run ${target}`
+}

package/tools/run-tests.ts

@@ -0,0 +1,141 @@
+/**
+ * Run Tests Tool
+ *
+ * Custom OpenCode tool to run test suites with various options.
+ * Automatically detects the package manager and test framework.
+ */
+
+import { tool, type ToolDefinition } from "@opencode-ai/plugin/tool"
+import * as path from "path"
+import * as fs from "fs"
+
+const runTestsTool: ToolDefinition = tool({
+  description:
+    "Run the test suite with optional coverage, watch mode, or specific test patterns. Automatically detects package manager (npm, pnpm, yarn, bun) and test framework.",
+  args: {
+    pattern: tool.schema
+      .string()
+      .optional()
+      .describe("Test file pattern or specific test name to run"),
+    coverage: tool.schema
+      .boolean()
+      .optional()
+      .describe("Run with coverage reporting (default: false)"),
+    watch: tool.schema
+      .boolean()
+      .optional()
+      .describe("Run in watch mode for continuous testing (default: false)"),
+    updateSnapshots: tool.schema
+      .boolean()
+      .optional()
+      .describe("Update Jest/Vitest snapshots (default: false)"),
+  },
+  async execute(args, context) {
+    const { pattern, coverage, watch, updateSnapshots } = args
+    const cwd = context.worktree || context.directory
+
+    // Detect package manager
+    const packageManager = await detectPackageManager(cwd)
+
+    // Detect test framework
+    const testFramework = await detectTestFramework(cwd)
+
+    // Build command
+    let cmd: string[] = [packageManager]
+
+    if (packageManager === "npm") {
+      cmd.push("run", "test")
+    } else {
+      cmd.push("test")
+    }
+
+    // Add options based on framework
+    const testArgs: string[] = []
+
+    if (coverage) {
+      testArgs.push("--coverage")
+    }
+
+    if (watch) {
+      testArgs.push("--watch")
+    }
+
+    if (updateSnapshots) {
+      testArgs.push("-u")
+    }
+
+    if (pattern) {
+      if (testFramework === "jest" || testFramework === "vitest") {
+        testArgs.push("--testPathPattern", pattern)
+      } else {
+        testArgs.push(pattern)
+      }
+    }
+
+    // Add -- separator for npm
+    if (testArgs.length > 0) {
+      if (packageManager === "npm") {
+        cmd.push("--")
+      }
+      cmd.push(...testArgs)
+    }
+
+    const command = cmd.join(" ")
+
+    return JSON.stringify({
+      command,
+      packageManager,
+      testFramework,
+      options: {
+        pattern: pattern || "all tests",
+        coverage: coverage || false,
+        watch: watch || false,
+        updateSnapshots: updateSnapshots || false,
+      },
+      instructions: `Run this command to execute tests:\n\n${command}`,
+    })
+  },
+})
+
+export default runTestsTool
+
+async function detectPackageManager(cwd: string): Promise<string> {
+  const lockFiles: Record<string, string> = {
+    "bun.lockb": "bun",
+    "pnpm-lock.yaml": "pnpm",
+    "yarn.lock": "yarn",
+    "package-lock.json": "npm",
+  }
+
+  for (const [lockFile, pm] of Object.entries(lockFiles)) {
+    if (fs.existsSync(path.join(cwd, lockFile))) {
+      return pm
+    }
+  }
+
+  return "npm"
+}
+
+async function detectTestFramework(cwd: string): Promise<string> {
+  const packageJsonPath = path.join(cwd, "package.json")
+
+  if (fs.existsSync(packageJsonPath)) {
+    try {
+      const packageJson = JSON.parse(fs.readFileSync(packageJsonPath, "utf-8"))
+      const deps = {
+        ...packageJson.dependencies,
+        ...packageJson.devDependencies,
+      }
+
+      if (deps.vitest) return "vitest"
+      if (deps.jest) return "jest"
+      if (deps.mocha) return "mocha"
+      if (deps.ava) return "ava"
+      if (deps.tap) return "tap"
+    } catch {
+      // Ignore parse errors
+    }
+  }
+
+  return "unknown"
+}

package/tools/security-audit.ts

@@ -0,0 +1,279 @@
+/**
+ * Security Audit Tool
+ *
+ * Custom OpenCode tool to run security audits on dependencies and code.
+ * Combines npm audit, secret scanning, and OWASP checks.
+ *
+ * NOTE: This tool SCANS for security anti-patterns - it does not introduce them.
+ * The regex patterns below are used to DETECT potential issues in user code.
+ */
+
+import { tool, type ToolDefinition } from "@opencode-ai/plugin/tool"
+import * as path from "path"
+import * as fs from "fs"
+
+const securityAuditTool: ToolDefinition = tool({
+  description:
+    "Run a comprehensive security audit including dependency vulnerabilities, secret scanning, and common security issues.",
+  args: {
+    type: tool.schema
+      .enum(["all", "dependencies", "secrets", "code"])
+      .optional()
+      .describe("Type of audit to run (default: all)"),
+    fix: tool.schema
+      .boolean()
+      .optional()
+      .describe("Attempt to auto-fix dependency vulnerabilities (default: false)"),
+    severity: tool.schema
+      .enum(["low", "moderate", "high", "critical"])
+      .optional()
+      .describe("Minimum severity level to report (default: moderate)"),
+  },
+  async execute(args, context) {
+    const auditType = args.type ?? "all"
+    const fix = args.fix ?? false
+    const severity = args.severity ?? "moderate"
+    const cwd = context.worktree || context.directory
+
+    const results: AuditResults = {
+      timestamp: new Date().toISOString(),
+      directory: cwd,
+      checks: [],
+      summary: {
+        passed: 0,
+        failed: 0,
+        warnings: 0,
+      },
+    }
+
+    // Check for dependencies audit
+    if (auditType === "all" || auditType === "dependencies") {
+      results.checks.push({
+        name: "Dependency Vulnerabilities",
+        description: "Check for known vulnerabilities in dependencies",
+        command: fix ? "npm audit fix" : "npm audit",
+        severityFilter: severity,
+        status: "pending",
+      })
+    }
+
+    // Check for secrets
+    if (auditType === "all" || auditType === "secrets") {
+      const secretPatterns = await scanForSecrets(cwd)
+      if (secretPatterns.length > 0) {
+        results.checks.push({
+          name: "Secret Detection",
+          description: "Scan for hardcoded secrets and API keys",
+          status: "failed",
+          findings: secretPatterns,
+        })
+        results.summary.failed++
+      } else {
+        results.checks.push({
+          name: "Secret Detection",
+          description: "Scan for hardcoded secrets and API keys",
+          status: "passed",
+        })
+        results.summary.passed++
+      }
+    }
+
+    // Check for common code security issues
+    if (auditType === "all" || auditType === "code") {
+      const codeIssues = await scanCodeSecurity(cwd)
+      if (codeIssues.length > 0) {
+        results.checks.push({
+          name: "Code Security",
+          description: "Check for common security anti-patterns",
+          status: "warning",
+          findings: codeIssues,
+        })
+        results.summary.warnings++
+      } else {
+        results.checks.push({
+          name: "Code Security",
+          description: "Check for common security anti-patterns",
+          status: "passed",
+        })
+        results.summary.passed++
+      }
+    }
+
+    // Generate recommendations
+    results.recommendations = generateRecommendations(results)
+
+    return JSON.stringify(results)
+  },
+})
+
+export default securityAuditTool
+
+interface AuditCheck {
+  name: string
+  description: string
+  command?: string
+  severityFilter?: string
+  status: "pending" | "passed" | "failed" | "warning"
+  findings?: Array<{ file: string; issue: string; line?: number }>
+}
+
+interface AuditResults {
+  timestamp: string
+  directory: string
+  checks: AuditCheck[]
+  summary: {
+    passed: number
+    failed: number
+    warnings: number
+  }
+  recommendations?: string[]
+}
+
+async function scanForSecrets(
+  cwd: string
+): Promise<Array<{ file: string; issue: string; line?: number }>> {
+  const findings: Array<{ file: string; issue: string; line?: number }> = []
+
+  // Patterns to DETECT potential secrets (security scanning)
+  const secretPatterns = [
+    { pattern: /api[_-]?key\s*[:=]\s*['"][^'"]{20,}['"]/gi, name: "API Key" },
+    { pattern: /password\s*[:=]\s*['"][^'"]+['"]/gi, name: "Password" },
+    { pattern: /secret\s*[:=]\s*['"][^'"]{10,}['"]/gi, name: "Secret" },
+    { pattern: /Bearer\s+[A-Za-z0-9\-_]+\.[A-Za-z0-9\-_]+/g, name: "JWT Token" },
+    { pattern: /sk-[a-zA-Z0-9]{32,}/g, name: "OpenAI API Key" },
+    { pattern: /ghp_[a-zA-Z0-9]{36}/g, name: "GitHub Token" },
+    { pattern: /aws[_-]?secret[_-]?access[_-]?key/gi, name: "AWS Secret" },
+  ]
+
+  const ignorePatterns = [
+    "node_modules",
+    ".git",
+    "dist",
+    "build",
+    ".env.example",
+    ".env.template",
+  ]
+
+  const srcDir = path.join(cwd, "src")
+  if (fs.existsSync(srcDir)) {
+    await scanDirectory(srcDir, secretPatterns, ignorePatterns, findings)
+  }
+
+  // Also check root config files
+  const configFiles = ["config.js", "config.ts", "settings.js", "settings.ts"]
+  for (const configFile of configFiles) {
+    const filePath = path.join(cwd, configFile)
+    if (fs.existsSync(filePath)) {
+      await scanFile(filePath, secretPatterns, findings)
+    }
+  }
+
+  return findings
+}
+
+async function scanDirectory(
+  dir: string,
+  patterns: Array<{ pattern: RegExp; name: string }>,
+  ignorePatterns: string[],
+  findings: Array<{ file: string; issue: string; line?: number }>
+): Promise<void> {
+  if (!fs.existsSync(dir)) return
+
+  const entries = fs.readdirSync(dir, { withFileTypes: true })
+
+  for (const entry of entries) {
+    const fullPath = path.join(dir, entry.name)
+
+    if (ignorePatterns.some((p) => fullPath.includes(p))) continue
+
+    if (entry.isDirectory()) {
+      await scanDirectory(fullPath, patterns, ignorePatterns, findings)
+    } else if (entry.isFile() && entry.name.match(/\.(ts|tsx|js|jsx|json)$/)) {
+      await scanFile(fullPath, patterns, findings)
+    }
+  }
+}
+
+async function scanFile(
+  filePath: string,
+  patterns: Array<{ pattern: RegExp; name: string }>,
+  findings: Array<{ file: string; issue: string; line?: number }>
+): Promise<void> {
+  try {
+    const content = fs.readFileSync(filePath, "utf-8")
+    const lines = content.split("\n")
+
+    for (let i = 0; i < lines.length; i++) {
+      const line = lines[i]
+      for (const { pattern, name } of patterns) {
+        // Reset regex state
+        pattern.lastIndex = 0
+        if (pattern.test(line)) {
+          findings.push({
+            file: filePath,
+            issue: `Potential ${name} found`,
+            line: i + 1,
+          })
+        }
+      }
+    }
+  } catch {
+    // Ignore read errors
+  }
+}
+
+async function scanCodeSecurity(
+  cwd: string
+): Promise<Array<{ file: string; issue: string; line?: number }>> {
+  const findings: Array<{ file: string; issue: string; line?: number }> = []
+
+  // Patterns to DETECT security anti-patterns (this tool scans for issues)
+  // These are detection patterns, not code that uses these anti-patterns
+  const securityPatterns = [
+    { pattern: /\beval\s*\(/g, name: "eval() usage - potential code injection" },
+    { pattern: /innerHTML\s*=/g, name: "innerHTML assignment - potential XSS" },
+    { pattern: /dangerouslySetInnerHTML/g, name: "dangerouslySetInnerHTML - potential XSS" },
+    { pattern: /document\.write/g, name: "document.write - potential XSS" },
+    { pattern: /\$\{.*\}.*sql/gi, name: "Potential SQL injection" },
+  ]
+
+  const srcDir = path.join(cwd, "src")
+  if (fs.existsSync(srcDir)) {
+    await scanDirectory(srcDir, securityPatterns, ["node_modules", ".git", "dist"], findings)
+  }
+
+  return findings
+}
+
+function generateRecommendations(results: AuditResults): string[] {
+  const recommendations: string[] = []
+
+  for (const check of results.checks) {
+    if (check.status === "failed" && check.name === "Secret Detection") {
+      recommendations.push(
+        "CRITICAL: Remove hardcoded secrets and use environment variables instead"
+      )
+      recommendations.push("Add a .env file (gitignored) for local development")
+      recommendations.push("Use a secrets manager for production deployments")
+    }
+
+    if (check.status === "warning" && check.name === "Code Security") {
+      recommendations.push(
+        "Review flagged code patterns for potential security vulnerabilities"
+      )
+      recommendations.push("Consider using DOMPurify for HTML sanitization")
+      recommendations.push("Use parameterized queries for database operations")
+    }
+
+    if (check.status === "pending" && check.name === "Dependency Vulnerabilities") {
+      recommendations.push("Run 'npm audit' to check for dependency vulnerabilities")
+      recommendations.push("Consider using 'npm audit fix' to auto-fix issues")
+    }
+  }
+
+  if (recommendations.length === 0) {
+    recommendations.push("No critical security issues found. Continue following security best practices.")
+  }
+
+  return recommendations
+}