@tanagram/cli 0.5.62 → 0.5.63

package/install.js

@@ -6,6 +6,7 @@ const os = require('os');
 const https = require('https');
 const crypto = require('crypto');
 const pkg = require('./package.json');
+const { SKILLS } = require('./skills.config');
 
 const POSTHOG_KEY = 'phc_sMsUvf0nK50rZdztSlX9rDJqIreLcXj4dyGS0tORQpQ';
 const POSTHOG_HOST = 'phe.tanagram.ai';
@@ -124,21 +125,10 @@ function isCIEnvironment() {
   );
 }
 
-function installClaudeSkill() {
-  if (process.env.TANAGRAM_SKIP_SKILL === '1' || process.env.TANAGRAM_SKIP_SKILL === 'true') {
-    console.error('Skipping Tanagram skill installation (TANAGRAM_SKIP_SKILL set).');
-    return;
-  }
-  if (isCIEnvironment()) {
-    console.error('Skipping Tanagram skill installation (CI environment).');
-    return;
-  }
-
-  console.error('Installing Tanagram skill...');
-
+function installSkill(skillName) {
   try {
-    const skillsSourceDir = path.join(__dirname, 'skills', 'tanagram');
-    const skillsTargetDir = path.join(os.homedir(), '.claude', 'skills', 'tanagram');
+    const skillsSourceDir = path.join(__dirname, 'skills', skillName);
+    const skillsTargetDir = path.join(os.homedir(), '.claude', 'skills', skillName);
 
     const isFirstTime = !fs.existsSync(path.join(skillsTargetDir, 'SKILL.md'));
 
@@ -162,11 +152,29 @@ function installClaudeSkill() {
       }
     }
 
-    console.error(`✓ Tanagram skill installed to ${skillsTargetDir}`);
-    track('cli.skill.install.success', { first_time: isFirstTime });
+    console.error(`✓ ${skillName} skill installed to ${skillsTargetDir}`);
+    track('cli.skill.install.success', { skill: skillName, first_time: isFirstTime });
   } catch (err) {
-    console.error('Warning: Failed to install Claude skill:', err.message);
-    track('cli.skill.install.failure', { error: err.message });
+    console.error(`Warning: Failed to install ${skillName} skill:`, err.message);
+    track('cli.skill.install.failure', { skill: skillName, error: err.message });
+    throw err;
+  }
+}
+
+function installClaudeSkills() {
+  if (process.env.TANAGRAM_SKIP_SKILL === '1' || process.env.TANAGRAM_SKIP_SKILL === 'true') {
+    console.error('Skipping Tanagram skill installation (TANAGRAM_SKIP_SKILL set).');
+    return;
+  }
+  if (isCIEnvironment()) {
+    console.error('Skipping Tanagram skill installation (CI environment).');
+    return;
+  }
+
+  console.error('Installing Tanagram skills...');
+
+  for (const skill of SKILLS) {
+    installSkill(skill);
   }
 }
 
@@ -269,8 +277,8 @@ function ensureOpenCode() {
     const prebuiltPath = findPrebuiltBinary();
     installPrebuiltBinary(prebuiltPath);
 
-    // Install Claude skill
-    installClaudeSkill();
+    // Install Claude skills
+    installClaudeSkills();
 
     // Install Stop hook for Claude Code
     installStopHook();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanagram/cli",
-  "version": "0.5.62",
+  "version": "0.5.63",
   "description": "Tanagram - Catch sloppy code before it ships",
   "main": "index.js",
   "bin": {

package/skills/tanagram-mine/SKILL.md

@@ -0,0 +1,238 @@
+---
+name: tanagram-mine
+description: Mine PR comments from any GitHub repo to discover anti-patterns and code review feedback, then create Tanagram rules from the findings. Use when the user says "mine rules", "mine PRs", "extract rules from PRs", "learn from code reviews", or wants to turn a repo's review history into enforceable rules.
+argument-hint: <owner/repo> [--limit N] [--repos repo-slug]
+allowed-tools: Bash, Read, Glob, Grep, Agent
+---
+
+# Tanagram Mine — PR Comment Rule Mining
+
+Mines human code review comments from any GitHub repository's PR history, identifies recurring anti-patterns and code conventions, and creates Tanagram rules so the team never has to give the same feedback twice.
+
+## Prerequisites
+
+- `gh` CLI authenticated and able to access the target repo
+- `tanagram` CLI installed and authenticated (`tanagram login`)
+
+## Arguments
+
+- **First argument**: `owner/repo` (e.g., `tanagram/monorepo`, `facebook/react`). If omitted, detect from the current git repo's remote.
+- **`--limit N`**: Number of PRs to scan (default: 50)
+- **`--repos slug`**: Tanagram repo slug to scope rules to (default: same as `owner/repo`)
+
+## Procedure
+
+### Step 0: Verify tooling
+
+Before doing anything, confirm both CLIs are available and authenticated:
+
+```bash
+# Check gh is authenticated and can reach GitHub
+gh auth status
+
+# Check tanagram is installed
+which tanagram
+
+# Check tanagram is authenticated (will show rules or auth error)
+tanagram rules list --json
+```
+
+If `tanagram` is not installed, tell the user to run `npm install -g @tanagram/cli && tanagram login`.
+If `tanagram rules list` returns an auth error, tell the user to run `tanagram login`.
+
+### Step 1: Resolve the target repo
+
+```bash
+# If argument provided, use it directly
+REPO="owner/repo"
+
+# If no argument, detect from current git repo
+REPO=$(gh repo view --json nameWithOwner --jq '.nameWithOwner')
+```
+
+Verify access:
+```bash
+gh repo view "$REPO" --json nameWithOwner --jq '.nameWithOwner'
+```
+
+### Step 2: Fetch PR list
+
+```bash
+gh pr list --repo "$REPO" --state all --limit 50 --json number,title,state,author
+```
+
+### Step 3: Mine human review comments
+
+For each PR, fetch three types of comments and **filter out bots**:
+
+#### 3a. Inline review comments (code-level feedback)
+```bash
+gh api "repos/$REPO/pulls/$PR_NUMBER/comments" \
+  --jq '.[] | select(.user.type != "Bot") | select(.body | test("BUGBOT|bugbot|TANAGRAM-COMMENTS|<!-- ") | not) | "\(.user.login): \(.body[0:500])"'
+```
+
+#### 3b. General PR comments
+```bash
+gh pr view $PR_NUMBER --repo "$REPO" --json comments \
+  --jq '.comments[] | select(.author.login | test("bot$|\\[bot\\]") | not) | select(.body | test("BUGBOT|bugbot|TANAGRAM-COMMENTS|<!-- |linear-linkback") | not) | "\(.author.login): \(.body[0:500])"'
+```
+
+#### 3c. Review bodies
+```bash
+gh pr view $PR_NUMBER --repo "$REPO" --json reviews \
+  --jq '.reviews[] | select(.body != "" and (.body | test("BUGBOT|bugbot|<!-- ") | not) and (.author.login | test("bot$|\\[bot\\]") | not)) | "\(.author.login): \(.body[0:500])"'
+```
+
+**Important filters:**
+- Exclude bot users (`.user.type == "Bot"`, login ending in `bot` or `[bot]`)
+- Exclude automated comments (Bugbot, Tanagram, Linear linkbacks, HTML comments)
+- Only keep comments with actionable code review feedback
+
+### Step 4: Identify patterns
+
+Analyze all collected human comments and look for:
+
+1. **Repeated corrections** — The same reviewer giving similar feedback across multiple PRs
+2. **Anti-patterns called out** — "Don't do X", "use Y instead", "this pattern is wrong"
+3. **Convention enforcement** — "We always...", "prefer...", "this should be in..."
+4. **Architecture guidance** — "This belongs in...", "separate this into..."
+5. **Bug patterns** — "This will cause...", "race condition", "memory leak"
+6. **Style/readability** — "Extract this", "rename to", "use named types"
+
+**Discard comments that are:**
+- Simple approvals ("LGTM", "+1", "looks good")
+- One-off contextual discussions not generalizable to rules
+- Questions without clear guidance ("why did you...?")
+- References to specific PRs/commits without a general principle
+
+### Step 5: Check for duplicates
+
+Before creating rules, fetch existing rules and compare:
+```bash
+tanagram rules list --json
+```
+
+The output is a JSON object with a `rules` array. Each rule has `id`, `name`, `status`, and `repos` fields. Compare each proposed rule's name and intent against this list. Skip any that substantially overlap with an existing rule.
+
+### Step 6: Present proposed rules to the user
+
+Before creating anything, show the user a table of proposed rules:
+
+```
+## Proposed Rules from PR Mining
+
+| # | Rule Name | Source | Reviewer | Why |
+|---|-----------|--------|----------|-----|
+| 1 | AwaitGoroutinesBeforeExit | PR #260 | @feifanzhou | goroutine leak in CLI |
+```
+
+Ask: "Want me to create all of these, or pick specific ones?"
+
+If the user says "go ahead" or "all", proceed. If they pick specific ones, only create those.
+
+### Step 7: Create rules via `tanagram rules create`
+
+The Tanagram CLI has a `rules` subcommand with full CRUD. To create a rule:
+
+```bash
+tanagram rules create \
+  --name "RuleName" \
+  --description "What the rule catches and why it matters. Include the anti-pattern and the correct pattern." \
+  --repos "owner/repo"
+```
+
+**Required flags:**
+- `--name` — The rule name (PascalCase, specific, self-explanatory)
+- `--repos` — Comma-separated repo slugs like `owner/name` (e.g., `tanagram/monorepo`) or raw repo IDs
+
+**Optional flags:**
+- `--description` — What the rule catches, why, anti-pattern, correct pattern
+- `--substrate tql` — The rule engine (defaults to `tql`, don't change this)
+- `--json` — Get structured JSON output (useful for verifying success)
+
+**How it works under the hood:**
+1. The CLI authenticates via the stored JWT at `~/.tanagram/token`
+2. If `--repos` contains `/` (slug format), it calls `GET /api/repos/` to resolve the slug to an internal repo ID
+3. It `POST`s to `/api/policies/` with the name, description, and resolved repo IDs
+4. The backend creates the rule with status `being_rewritten` — the backend asynchronously compiles the natural-language description into a TQL policy (no action needed from us)
+5. On success, the response includes the created rule's `id`, `name`, and `policy_repositories`
+
+**Success looks like:**
+```json
+{
+  "success": true,
+  "rule": {
+    "id": "pol_abc123",
+    "name": "RuleName",
+    "enabled_status": "being_rewritten",
+    "policy_repositories": [{"id": "gitrepo_xyz", "name": "monorepo", "owner": "tanagram"}]
+  }
+}
+```
+
+**Failure modes and fixes:**
+- `"Not authenticated"` → Run `tanagram login` first
+- `"repository X not found"` → The repo slug doesn't match any repo the user has connected. Run `tanagram rules list --json` to see which repos are available in existing rules, or ask the user for the correct slug.
+- `"validation error"` → Usually means `--name` or `--repos` is missing
+
+**Other CRUD commands (for reference):**
+```bash
+tanagram rules list [--json] [--offline]      # List all rules
+tanagram rules get <rule-id> [--json] [--tql]  # Get rule details
+tanagram rules update <rule-id> --name "..."   # Update rule
+tanagram rules delete <rule-id>                # Delete rule
+```
+
+**Rule naming conventions:**
+- Use PascalCase (e.g., `AwaitGoroutinesBeforeExit`)
+- Be specific, not generic (e.g., `NoObjectLiteralsInUseEffectDeps` not `FixUseEffect`)
+- Name should be self-explanatory without reading the description
+
+**Rule description must include:**
+1. What the rule catches (the anti-pattern)
+2. Why it matters (the consequence)
+3. The correct alternative
+4. A concrete anti-pattern → correct-pattern example
+
+**Example of a well-formed create command:**
+```bash
+tanagram rules create \
+  --name "SelectThenInsertRequiresUpsert" \
+  --description "SELECT-then-INSERT patterns without concurrency protection cause race conditions. When two concurrent requests check for existence simultaneously, both find nothing and both attempt to INSERT, causing IntegrityError on unique constraints. Anti-pattern: record = SELECT ... WHERE user_id = X; if not record: INSERT INTO ...; — this has a TOCTOU race. Correct: use INSERT ... ON CONFLICT DO UPDATE (PostgreSQL upsert), or wrap the operation in a try/except IntegrityError with a retry." \
+  --repos "tanagram/monorepo"
+```
+
+### Step 8: Report results
+
+Present a summary table to the user:
+
+```
+## Mining Results for owner/repo
+
+Scanned: N PRs, M human review comments found
+Rules created: K
+
+| # | Rule | ID | Source PR | Reviewer |
+|---|------|----|----------|----------|
+| 1 | RuleName | pol_abc123 | #123 | @reviewer |
+
+Skipped (duplicates of existing rules): [list if any]
+```
+
+## Efficiency Tips
+
+- Use `Agent` tool to parallelize: one agent for PR comment mining, another to study the codebase
+- Process PRs in batches to avoid rate limiting
+- Focus on merged PRs first (they have the most complete review cycles)
+- Prioritize PRs with multiple reviewers (more signal)
+- Scan the most recent PRs first (conventions evolve)
+- Run all `tanagram rules create` commands in parallel (they're independent)
+
+## Example Usage
+
+```
+User: /tanagram-mine tanagram/monorepo
+User: /tanagram-mine facebook/react --limit 100
+User: /tanagram-mine                            # auto-detects from current repo
+User: mine rules from the last 20 PRs
+```

package/uninstall.js

@@ -6,6 +6,7 @@ const os = require('os');
 const https = require('https');
 const crypto = require('crypto');
 const pkg = require('./package.json');
+const { SKILLS } = require('./skills.config');
 
 const POSTHOG_KEY = 'phc_sMsUvf0nK50rZdztSlX9rDJqIreLcXj4dyGS0tORQpQ';
 const POSTHOG_HOST = 'phe.tanagram.ai';
@@ -58,18 +59,15 @@ function isCIEnvironment() {
   );
 }
 
-function removeClaudeSkill() {
-  const skillsDir = path.join(os.homedir(), '.claude', 'skills', 'tanagram');
+function removeClaudeSkills() {
+  for (const skill of SKILLS) {
+    const skillsDir = path.join(os.homedir(), '.claude', 'skills', skill);
 
-  try {
     if (fs.existsSync(skillsDir)) {
       fs.rmSync(skillsDir, { recursive: true });
-      console.error('✓ Tanagram skill removed');
-      track('cli.skill.uninstall.success');
+      console.error(`✓ ${skill} skill removed`);
+      track('cli.skill.uninstall.success', { skill });
     }
-  } catch (err) {
-    console.error('Warning: Failed to remove Tanagram skill:', err.message);
-    track('cli.skill.uninstall.failure', { error: err.message });
   }
 }
 
@@ -134,7 +132,7 @@ function removeOpenCode() {
 // Main uninstall flow
 track('cli.uninstall.start');
 
-removeClaudeSkill();
+removeClaudeSkills();
 removeStopHook();
 removeOpenCode();