@syntesseraai/opencode-feature-factory 0.2.3 → 0.2.4

package/src/stop-quality-gate.ts

@@ -1,450 +0,0 @@
-import type { PluginInput, Hooks } from '@opencode-ai/plugin';
-
-const SERVICE_NAME = 'feature-factory';
-const IDLE_DEBOUNCE_MS = 500;
-const CI_TIMEOUT_MS = 300000; // 5 minutes
-const SESSION_TTL_MS = 3600000; // 1 hour
-const CLEANUP_INTERVAL_MS = 600000; // 10 minutes
-
-export const SECRET_PATTERNS: Array<{ pattern: RegExp; replacement: string }> = [
-  // AWS Access Key IDs
-  { pattern: /AKIA[0-9A-Z]{16}/g, replacement: '[REDACTED_AWS_KEY]' },
-  // GitHub Personal Access Tokens (classic)
-  { pattern: /ghp_[A-Za-z0-9]{36}/g, replacement: '[REDACTED_GH_TOKEN]' },
-  // GitHub Personal Access Tokens (fine-grained)
-  { pattern: /github_pat_[A-Za-z0-9_]{22,}/g, replacement: '[REDACTED_GH_TOKEN]' },
-  // GitHub OAuth tokens
-  { pattern: /gho_[A-Za-z0-9]{36}/g, replacement: '[REDACTED_GH_TOKEN]' },
-  // GitHub App tokens (user-to-server and server-to-server)
-  { pattern: /ghu_[A-Za-z0-9]{36}/g, replacement: '[REDACTED_GH_TOKEN]' },
-  { pattern: /ghs_[A-Za-z0-9]{36}/g, replacement: '[REDACTED_GH_TOKEN]' },
-  // GitLab Personal Access Tokens
-  { pattern: /glpat-[A-Za-z0-9-]{20,}/g, replacement: '[REDACTED_GITLAB_TOKEN]' },
-  // npm tokens
-  { pattern: /npm_[A-Za-z0-9]{36}/g, replacement: '[REDACTED_NPM_TOKEN]' },
-  // Slack bot tokens
-  { pattern: /xoxb-[0-9A-Za-z-]+/g, replacement: '[REDACTED_SLACK_TOKEN]' },
-  // Slack user tokens
-  { pattern: /xoxp-[0-9A-Za-z-]+/g, replacement: '[REDACTED_SLACK_TOKEN]' },
-  // Slack app tokens
-  { pattern: /xapp-[0-9A-Za-z-]+/g, replacement: '[REDACTED_SLACK_TOKEN]' },
-  // Slack webhook URLs
-  { pattern: /hooks\.slack\.com\/services\/[A-Z0-9/]+/g, replacement: '[REDACTED_SLACK_WEBHOOK]' },
-  // Stripe live secret keys
-  { pattern: /sk_live_[0-9a-zA-Z]{24,}/g, replacement: '[REDACTED_STRIPE_KEY]' },
-  // Stripe test secret keys
-  { pattern: /sk_test_[0-9a-zA-Z]{24,}/g, replacement: '[REDACTED_STRIPE_KEY]' },
-  // Stripe live restricted keys
-  { pattern: /rk_live_[0-9a-zA-Z]{24,}/g, replacement: '[REDACTED_STRIPE_KEY]' },
-  // Stripe test restricted keys
-  { pattern: /rk_test_[0-9a-zA-Z]{24,}/g, replacement: '[REDACTED_STRIPE_KEY]' },
-  // Bearer tokens
-  { pattern: /Bearer\s+[\w\-.]+/gi, replacement: 'Bearer [REDACTED]' },
-  // API keys (api_key, api-key, apikey, apikeys, etc.)
-  { pattern: /api[_-]?keys?[=:\s]+['"]?[\w-]+['"]?/gi, replacement: 'api_key=[REDACTED]' },
-  // Tokens (token, tokens) - require minimum 8 char value to reduce false positives
-  { pattern: /tokens?[=:\s]+['"]?([A-Za-z0-9_-]{8,})['"]?/gi, replacement: 'token=[REDACTED]' },
-  // Passwords
-  { pattern: /passwords?[=:\s]+['"]?[^\s'"]+['"]?/gi, replacement: 'password=[REDACTED]' },
-  // Generic secrets
-  { pattern: /secrets?[=:\s]+['"]?[^\s'"]+['"]?/gi, replacement: 'secret=[REDACTED]' },
-  // Base64-encoded long strings that look like secrets (40-500 chars to prevent ReDoS)
-  { pattern: /[A-Za-z0-9+/]{40,500}={0,2}/g, replacement: '[REDACTED_BASE64]' },
-  // Private keys (RSA, DSA, EC, OpenSSH, etc.)
-  {
-    pattern: /-----BEGIN[\s\w]+PRIVATE KEY-----[\s\S]*?-----END[\s\w]+PRIVATE KEY-----/g,
-    replacement: '[REDACTED_PRIVATE_KEY]',
-  },
-  // Database connection strings with credentials (postgres, postgresql, mysql, mongodb, redis)
-  // Password portion handles URL-encoded characters like %40 (for @) and %23 (for #)
-  {
-    pattern:
-      /(postgres|postgresql|mysql|mongodb(\+srv)?|rediss?):\/\/[^\s/:]+:(?:[^@\s]|%[0-9A-Fa-f]{2})+@[^\s]+/gi,
-    replacement: '[REDACTED_CONNECTION_STRING]',
-  },
-  // GCP API keys
-  { pattern: /AIza[0-9A-Za-z_-]{35}/g, replacement: '[REDACTED_GCP_KEY]' },
-  // GCP OAuth tokens
-  { pattern: /ya29\.[0-9A-Za-z_-]+/g, replacement: '[REDACTED_GCP_TOKEN]' },
-];
-
-/**
- * Sanitizes CI output by redacting common secret patterns before sending to the LLM.
- * This helps prevent accidental exposure of sensitive information in prompts.
- */
-export function sanitizeOutput(output: string): string {
-  let sanitized = output;
-  for (const { pattern, replacement } of SECRET_PATTERNS) {
-    sanitized = sanitized.replace(pattern, replacement);
-  }
-  return sanitized;
-}
-
-/**
- * Truncates CI output to the last N lines to reduce prompt size and focus on relevant errors.
- * Adds a header indicating truncation if the output was longer than the limit.
- */
-export function truncateOutput(output: string, maxLines: number = 20): string {
-  const lines = output.split('\n');
-  if (lines.length <= maxLines) {
-    return output;
-  }
-  const truncatedLines = lines.slice(-maxLines);
-  const omittedCount = lines.length - maxLines;
-  return `... (${omittedCount} lines omitted)\n${truncatedLines.join('\n')}`;
-}
-
-interface SessionState {
-  lastRunAt: number;
-  dirty: boolean;
-  qualityGatePassed: boolean;
-  idleDebounce: ReturnType<typeof setTimeout> | null;
-  running: boolean;
-  parentID?: string;
-  isReadOnly?: boolean;
-  lastAccess: number;
-}
-
-const sessions = new Map<string, SessionState>();
-let cleanupIntervalId: ReturnType<typeof setInterval> | null = null;
-
-/**
- * Removes sessions that haven't been accessed within the TTL period.
- * Skips sessions that are currently running a quality gate check.
- */
-function cleanupStaleSessions(): void {
-  const now = Date.now();
-  for (const [sessionId, state] of sessions) {
-    if (state.running) continue; // Don't evict active sessions
-    if (now - state.lastAccess > SESSION_TTL_MS) {
-      if (state.idleDebounce) {
-        clearTimeout(state.idleDebounce);
-      }
-      sessions.delete(sessionId);
-    }
-  }
-}
-
-function startCleanupInterval(): void {
-  if (cleanupIntervalId) return;
-  cleanupIntervalId = setInterval(cleanupStaleSessions, CLEANUP_INTERVAL_MS);
-  // Allow the process to exit even if the interval is running
-  if (cleanupIntervalId.unref) {
-    cleanupIntervalId.unref();
-  }
-}
-
-function getSessionState(sessionId: string): SessionState {
-  const existing = sessions.get(sessionId);
-  if (existing) {
-    existing.lastAccess = Date.now();
-    return existing;
-  }
-
-  startCleanupInterval();
-
-  const now = Date.now();
-  const state: SessionState = {
-    lastRunAt: 0,
-    dirty: true,
-    qualityGatePassed: false,
-    idleDebounce: null,
-    running: false,
-    lastAccess: now,
-  };
-  sessions.set(sessionId, state);
-  return state;
-}
-
-interface PermissionRule {
-  permission: string;
-  pattern: string;
-  action: 'allow' | 'deny' | 'ask';
-}
-
-function isSessionReadOnly(permission?: PermissionRule[]): boolean {
-  if (!permission) return false;
-  return permission.some(
-    (rule) => (rule.permission === 'edit' || rule.permission === 'bash') && rule.action === 'deny'
-  );
-}
-
-type Client = PluginInput['client'];
-
-async function log(
-  client: Client,
-  level: 'debug' | 'info' | 'warn' | 'error',
-  message: string,
-  extra?: Record<string, unknown>
-): Promise<void> {
-  try {
-    await client.app.log({
-      body: {
-        service: SERVICE_NAME,
-        level,
-        message,
-        extra,
-      },
-    });
-  } catch {
-    return undefined;
-  }
-}
-
-export async function createQualityGateHooks(input: PluginInput): Promise<Partial<Hooks>> {
-  const { client, $, directory } = input;
-
-  async function ciShExists(): Promise<boolean> {
-    try {
-      await $`test -f ${directory}/management/ci.sh`.quiet();
-      return true;
-    } catch {
-      return false;
-    }
-  }
-
-  async function _ensureSessionMetadata(sessionId: string, state: SessionState): Promise<void> {
-    if (state.isReadOnly !== undefined) return;
-
-    try {
-      const response = await client.session.get({ path: { id: sessionId } });
-      if (response.data) {
-        state.parentID = response.data.parentID;
-        const permission = (response.data as { permission?: PermissionRule[] }).permission;
-        state.isReadOnly = isSessionReadOnly(permission);
-        await log(client, 'debug', 'session.metadata-fetched', {
-          sessionId,
-          parentID: state.parentID,
-          isReadOnly: state.isReadOnly,
-        });
-      }
-    } catch {
-      state.isReadOnly = false;
-      await log(client, 'warn', 'session.metadata-fetch-failed', { sessionId });
-    }
-  }
-
-  async function runQualityGate(sessionId: string): Promise<void> {
-    const state = getSessionState(sessionId);
-
-    if (!sessions.has(sessionId)) {
-      await log(client, 'debug', 'quality-gate.skipped (session deleted)', { sessionId });
-      return;
-    }
-
-    if (state.running) {
-      await log(client, 'debug', 'quality-gate.skipped (already running)', { sessionId });
-      return;
-    }
-
-    const now = Date.now();
-    const cacheExpired = now - state.lastRunAt > 30 * 1000;
-
-    if (state.qualityGatePassed && !state.dirty && !cacheExpired) {
-      await log(client, 'debug', 'quality-gate.skipped (cached pass)', { sessionId });
-      return;
-    }
-
-    const hasCiSh = await ciShExists();
-
-    if (!hasCiSh) {
-      await log(client, 'debug', 'quality-gate.skipped (no ci.sh)', { sessionId });
-      return;
-    }
-
-    state.running = true;
-
-    try {
-      await log(client, 'info', 'quality-gate.started', { sessionId, directory });
-
-      let ciOutput = '';
-      let ciPassed = false;
-      let timedOut = false;
-
-      const ciPath = `${directory}/management/ci.sh`;
-      // eslint-disable-next-line no-undef
-      const proc = Bun.spawn(['bash', ciPath], {
-        cwd: directory,
-        stdout: 'pipe',
-        stderr: 'pipe',
-      });
-
-      let timeoutId: ReturnType<typeof setTimeout> | null = null;
-      let forceKillTimeoutId: ReturnType<typeof setTimeout> | null = null;
-      const timeoutPromise = new Promise<void>((resolve) => {
-        timeoutId = setTimeout(() => {
-          timedOut = true;
-          // Graceful termination: SIGTERM first, then SIGKILL after grace period
-          proc.kill('SIGTERM');
-          forceKillTimeoutId = setTimeout(() => {
-            // Force kill if still running after grace period
-            try {
-              proc.kill('SIGKILL');
-            } catch {
-              // Process already terminated
-            }
-          }, 5000);
-          resolve();
-        }, CI_TIMEOUT_MS);
-      });
-
-      // Race the process completion against the timeout
-      await Promise.race([proc.exited, timeoutPromise]);
-
-      // Clear timeouts if process completed before timeout
-      if (timeoutId) {
-        clearTimeout(timeoutId);
-      }
-      if (forceKillTimeoutId) {
-        clearTimeout(forceKillTimeoutId);
-      }
-
-      const exitCode = proc.exitCode;
-      const stdout = await new Response(proc.stdout).text();
-      const stderr = await new Response(proc.stderr).text();
-
-      if (timedOut) {
-        await log(client, 'warn', 'quality-gate.timeout', {
-          sessionId,
-          timeoutMs: CI_TIMEOUT_MS,
-        });
-        ciOutput =
-          `CI execution timed out after ${CI_TIMEOUT_MS / 1000} seconds\n\n${stdout}\n${stderr}`.trim();
-        ciPassed = false;
-      } else {
-        ciOutput = stdout + (stderr ? `\n${stderr}` : '');
-        ciPassed = exitCode === 0;
-      }
-
-      state.lastRunAt = Date.now();
-      state.dirty = false;
-      state.qualityGatePassed = ciPassed;
-
-      if (!ciPassed) {
-        // Sanitize secrets first, then truncate to last 20 lines to reduce prompt size
-        const sanitizedOutput = truncateOutput(sanitizeOutput(ciOutput), 20);
-        const instructions = `
-
-**Important:** Do not interrupt your current task. Add "Fix quality gate failures" to your todo list and continue with what you were doing. Address the quality gate issues after completing your current task.
-
-If the failure details are missing or truncated, run "management/ci.sh" to get the full output.`;
-        const message = timedOut
-          ? `⏱️ Quality gate timed out\n\nThe CI execution exceeded the ${CI_TIMEOUT_MS / 1000} second timeout. The build may be hanging or taking too long.\n\n\`\`\`\n${sanitizedOutput}\n\`\`\`${instructions}`
-          : `❌ Quality gate failed\n\nThe CI checks did not pass. Please review the output below and fix the issues:\n\n\`\`\`\n${sanitizedOutput}\n\`\`\`${instructions}`;
-        await client.session.prompt({
-          path: { id: sessionId },
-          body: {
-            parts: [
-              {
-                type: 'text',
-                text: message,
-              },
-            ],
-          },
-        });
-        await log(
-          client,
-          'debug',
-          timedOut ? 'quality-gate.timeout-reported' : 'quality-gate.failed',
-          { sessionId }
-        );
-      }
-    } finally {
-      state.running = false;
-    }
-  }
-
-  return {
-    event: async ({ event }) => {
-      const eventProps = (event as { properties?: { sessionID?: string } }).properties;
-      const sessionId = eventProps?.sessionID;
-
-      if (event.type === 'session.created') {
-        const sessionInfo = (
-          event as {
-            properties?: {
-              info?: { id: string; parentID?: string; permission?: PermissionRule[] };
-            };
-          }
-        ).properties?.info;
-        const id = sessionInfo?.id;
-        if (id) {
-          startCleanupInterval();
-          const isReadOnly = isSessionReadOnly(sessionInfo?.permission);
-          sessions.set(id, {
-            lastRunAt: 0,
-            dirty: true,
-            qualityGatePassed: false,
-            idleDebounce: null,
-            running: false,
-            parentID: sessionInfo?.parentID,
-            isReadOnly,
-            lastAccess: Date.now(),
-          });
-          await log(client, 'debug', 'session.created', {
-            sessionId: id,
-            parentID: sessionInfo?.parentID,
-            isReadOnly,
-          });
-        }
-      }
-
-      if (event.type === 'session.deleted' && sessionId) {
-        const state = sessions.get(sessionId);
-        if (state?.idleDebounce) {
-          clearTimeout(state.idleDebounce);
-        }
-        sessions.delete(sessionId);
-        await log(client, 'debug', 'session.deleted', { sessionId });
-      }
-
-      if (event.type === 'session.idle' && sessionId) {
-        const state = getSessionState(sessionId);
-
-        if (state.parentID) {
-          await log(client, 'debug', 'quality-gate.skipped (sub-agent session)', {
-            sessionId,
-            parentID: state.parentID,
-          });
-          return;
-        }
-
-        if (state.isReadOnly) {
-          await log(client, 'debug', 'quality-gate.skipped (read-only session)', { sessionId });
-          return;
-        }
-
-        if (state.idleDebounce) {
-          clearTimeout(state.idleDebounce);
-        }
-
-        state.idleDebounce = setTimeout(async () => {
-          state.idleDebounce = null;
-          if (sessions.has(sessionId)) {
-            try {
-              await runQualityGate(sessionId);
-            } catch (err) {
-              await log(client, 'error', 'quality-gate.unhandled-error', {
-                sessionId,
-                error: String(err),
-              });
-            }
-          }
-        }, IDLE_DEBOUNCE_MS);
-      }
-    },
-
-    'tool.execute.before': async (input) => {
-      const sessionId = input.sessionID;
-      if (!sessionId) return;
-
-      const state = getSessionState(sessionId);
-
-      if (input.tool === 'edit' || input.tool === 'write' || input.tool === 'patch') {
-        state.dirty = true;
-        state.qualityGatePassed = false;
-        await log(client, 'debug', 'session.dirty', { sessionId, tool: input.tool });
-      }
-    },
-  };
-}

package/src/types.ts

@@ -1,72 +0,0 @@
-/**
- * Configuration for the StopQualityGate plugin.
- * Read from `qualityGate` in opencode.json or .opencode/opencode.json
- */
-export interface QualityGateConfig {
-  /** Custom lint command (e.g., "pnpm -s lint") */
-  lint?: string;
-  /** Custom build command (e.g., "pnpm -s build") */
-  build?: string;
-  /** Custom test command (e.g., "pnpm -s test") */
-  test?: string;
-  /** Working directory relative to repo root (default: ".") */
-  cwd?: string;
-  /** Order of steps to run (default: ["lint", "build", "test"]) */
-  steps?: ('lint' | 'build' | 'test')[];
-  /** Whether to use management/ci.sh: "auto" | "always" | "never" (default: "auto") */
-  useCiSh?: 'auto' | 'always' | 'never';
-  /** Package manager override: "auto" | "pnpm" | "bun" | "yarn" | "npm" (default: "auto") */
-  packageManager?: 'auto' | 'pnpm' | 'bun' | 'yarn' | 'npm';
-  /** Cache duration in seconds before re-running checks (default: 30) */
-  cacheSeconds?: number;
-  /** Max lines of output tail to include in failure prompt (default: 160) */
-  maxOutputLines?: number;
-  /** Max error lines to extract and show (default: 60) */
-  maxErrorLines?: number;
-  /** Feature flags for discovery */
-  include?: {
-    /** Include cargo clippy in Rust discovery (default: true) */
-    rustClippy?: boolean;
-  };
-}
-
-/**
- * A single command step to execute
- */
-export interface CommandStep {
-  /** Name of the step (e.g., "lint", "build", "test", "ci") */
-  step: string;
-  /** The shell command to run */
-  cmd: string;
-}
-
-/**
- * Result of executing a command step
- */
-export interface StepResult {
-  /** Name of the step */
-  step: string;
-  /** The command that was run */
-  cmd: string;
-  /** Exit code (0 = success) */
-  exitCode: number;
-  /** Combined stdout + stderr output */
-  output: string;
-}
-
-/**
- * Per-session state for caching and dirty tracking
- */
-export interface SessionState {
-  /** Timestamp of last quality gate run */
-  lastRunAt: number;
-  /** Results from last run */
-  lastResults: StepResult[];
-  /** Whether files have been edited since last run */
-  dirty: boolean;
-}
-
-/**
- * Package manager type for Node projects
- */
-export type PackageManager = 'pnpm' | 'bun' | 'yarn' | 'npm';