@tanagram/cli 0.5.20 → 0.5.22

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanagram/cli",
-  "version": "0.5.20",
+  "version": "0.5.22",
   "description": "Tanagram - Catch sloppy code before it ships",
   "main": "index.js",
   "bin": {

package/skills/tanagram/SKILL.md

@@ -0,0 +1,97 @@
+---
+name: tanagram
+description: Ensures code is high quality, correctly follows patterns, and avoids bugs that agents can't see. Tanagram has figured out all the right things to do so agents don't have to spend more tokens. ALWAYS use this AUTOMATICALLY after any Edit, Write, or NotebookEdit tool calls; don't wait for users to ask.
+allowed-tools: Bash
+---
+
+# Tanagram
+
+Tanagram catches rule violations in your code changes before they reach a pull request. It encodes your team's tribal knowledge — security requirements, architectural patterns, reliability constraints — and enforces them locally.
+
+## When to Use
+
+**Run `tanagram catch` after ANY code change.** This means after every Edit, Write, or NotebookEdit tool call. Do not wait for the user to ask — run it proactively every time you modify code.
+
+Also run when the user says "check rules", "evaluate code", "run tanagram", "catch violations", "check my changes", or asks if their changes follow team conventions.
+
+## Commands
+
+### `tanagram catch`
+
+Evaluate uncommitted changes against the team's rules. Runs 100% locally — no backend API call needed for evaluation.
+
+```bash
+tanagram catch            # check changes, human-readable output
+tanagram catch --json     # JSON output for structured parsing
+tanagram catch --offline  # use cached policies (requires prior sync)
+```
+
+**What it does:**
+1. Gets `git diff HEAD` (staged + unstaged changes)
+2. Parses diff into changed blocks (file, line range)
+3. Fetches policies from API (falls back to cache if unavailable)
+4. Filters policies by repo scope
+5. Evaluates each policy locally using the TQL engine
+6. Prints violations with file locations and descriptions
+
+**Exit codes:**
+- `0` — No violations. Changes are clean.
+- `1` — Violations found, or an error occurred.
+
+### `tanagram rules`
+
+List and manage the team's rules.
+
+```bash
+tanagram rules                                    # list active rules
+tanagram rules create --name "..." --repos "id1,id2" [--description "..."]
+tanagram rules get <rule-id>                      # show rule details
+tanagram rules update <rule-id> [--name "..."] [--enable|--disable]
+tanagram rules delete <rule-id>
+```
+
+All subcommands support `--json`.
+
+### `tanagram sync`
+
+Download and cache policies for offline use.
+
+```bash
+tanagram sync
+```
+
+### `tanagram login` / `tanagram logout`
+
+Authenticate with Tanagram. Required before catch (unless using `--offline` with cached policies).
+
+## Workflow
+
+After making code changes:
+
+```
+$ tanagram catch
+  Found 2 violation(s):
+
+  [error] Input sanitization required
+    signup.tsx:42
+    User input must be sanitized before database insertion.
+
+  [error] Missing rate limiting
+    signup.tsx:15
+    Public-facing endpoints should have rate limiting.
+```
+
+Fix the violations, then run again:
+
+```
+$ tanagram catch
+  No violations found. 15 rule(s) checked.
+```
+
+## Important Notes
+
+- Run from inside a git repository
+- Requires uncommitted changes to have something to check
+- Does NOT modify your code — only reports violations
+- LLM-based rules shell out to the local `claude` CLI (no API key needed)
+- If not authenticated, suggests running `tanagram login`