@valentia-ai-skills/framework 1.0.7 → 1.0.9

package/bin/cli.js

@@ -26,6 +26,8 @@ const CONFIG_PATH = path.join(PROJECT_ROOT, ".ai-skills.json");
 // UPDATE THIS with your actual Supabase project URL
 const SUPABASE_FUNCTION_URL =
   process.env.AI_SKILLS_API_URL || "https://znshdhjquohrzvbnloki.supabase.co/functions/v1/lookup-team";
+const ANALYZE_FUNCTION_URL =
+  process.env.AI_SKILLS_ANALYZE_URL || "https://znshdhjquohrzvbnloki.supabase.co/functions/v1/analyze-commit";
 
 const TOOL_CONFIGS = {
   "claude-code": {
@@ -248,9 +250,15 @@ async function requestOtpForEmail(emailInput) {
 
     // OTP sent successfully
     console.log(c("green", `\n✓ Found: ${response.user_name}`));
-    console.log(c("dim", `  A verification code has been sent to ${email}\n`));
 
-    return email;
+    if (response.fallback_code) {
+      // Email delivery not configured — show code in terminal
+      console.log(c("yellow", `\n  Your verification code: ${c("bold", response.fallback_code)}\n`));
+    } else {
+      console.log(c("dim", `  A verification code has been sent to ${email}\n`));
+    }
+
+    return { email, fallbackCode: response.fallback_code || null };
   }
 }
 
@@ -301,7 +309,8 @@ async function cmdSetup() {
 
   try {
     // 3. Request OTP (with 1 retry for wrong email)
-    email = await requestOtpForEmail(email);
+    const otpResult = await requestOtpForEmail(email);
+    email = otpResult.email;
 
     // 4. Verify OTP and get skills
     const response = await verifyOtp(email);
@@ -360,14 +369,26 @@ async function cmdSetup() {
     email,
     team: teamName,
     source: "supabase",
+    analyzeUrl: ANALYZE_FUNCTION_URL,
     tools,
     skills: skills.map((s) => ({ name: s.name, scope: s.scope, version: s.version })),
     installedAt: new Date().toISOString(),
   };
   saveConfig(config);
 
-  // 7. Summary
-  console.log(c("blue", "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"));
+  // 7. Install post-commit analysis hook
+  try {
+    const { installHook } = require(path.join(__dirname, "..", "hooks", "install-hook.js"));
+    const hookResult = installHook(PROJECT_ROOT);
+    if (hookResult.installed) {
+      console.log(`${c("green", "✓")} Post-commit analysis hook installed`);
+    }
+  } catch {
+    // Hook installation is optional — don't fail setup
+  }
+
+  // 8. Summary
+  console.log(c("blue", "\n━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"));
   console.log(c("green", "✅ Setup complete!"));
   console.log(`   ${skills.length} skills installed for ${tools.length} tool(s)`);
   if (teamName) console.log(`   Team: ${teamName}`);
@@ -392,7 +413,8 @@ async function cmdUpdate() {
 
   try {
     // Request OTP for the saved email
-    await requestOtpForEmail(email);
+    const otpResult = await requestOtpForEmail(email);
+    email = otpResult.email;
 
     // Verify OTP
     const response = await verifyOtp(email);
@@ -543,6 +565,142 @@ function cmdDoctor() {
   }
 }
 
+// ── Analyze Command ──
+
+async function cmdAnalyze() {
+  console.log(c("blue", "\n━━━ AI Skills Framework — Analyze ━━━\n"));
+
+  const config = loadConfig();
+  if (!config || !config.email) {
+    console.log(c("yellow", "No .ai-skills.json found. Run 'npx ai-skills setup' first."));
+    process.exit(1);
+  }
+
+  const skillNames = (config.skills || []).map((s) => s.name);
+  if (skillNames.length === 0) {
+    console.log(c("yellow", "No skills configured. Run 'npx ai-skills setup' first."));
+    process.exit(1);
+  }
+
+  const analyzeUrl = config.analyzeUrl || ANALYZE_FUNCTION_URL;
+
+  // Check if we're in a git repo
+  try {
+    require("child_process").execSync("git rev-parse --git-dir", { stdio: "ignore", cwd: PROJECT_ROOT });
+  } catch {
+    console.log(c("red", "Not a git repository."));
+    process.exit(1);
+  }
+
+  const execOpt = { cwd: PROJECT_ROOT, encoding: "utf-8", timeout: 10000 };
+
+  // Collect git data
+  const useLastCommit = process.argv.includes("--last");
+  let diff, commitHash, commitMessage, branch, filesChanged;
+
+  try {
+    if (useLastCommit) {
+      diff = require("child_process").execSync("git diff HEAD~1 HEAD", execOpt).trim();
+      commitHash = require("child_process").execSync("git rev-parse HEAD", execOpt).trim();
+      commitMessage = require("child_process").execSync('git log -1 --format="%s"', execOpt).trim();
+      filesChanged = require("child_process").execSync("git diff --name-only HEAD~1 HEAD", execOpt).trim().split("\n").filter(Boolean);
+    } else {
+      // Analyze staged changes or last commit
+      diff = require("child_process").execSync("git diff --cached", execOpt).trim();
+      if (!diff) {
+        diff = require("child_process").execSync("git diff HEAD~1 HEAD", execOpt).trim();
+        commitHash = require("child_process").execSync("git rev-parse HEAD", execOpt).trim();
+        commitMessage = require("child_process").execSync('git log -1 --format="%s"', execOpt).trim();
+        filesChanged = require("child_process").execSync("git diff --name-only HEAD~1 HEAD", execOpt).trim().split("\n").filter(Boolean);
+      } else {
+        commitHash = "(staged)";
+        commitMessage = "(staged changes)";
+        filesChanged = require("child_process").execSync("git diff --cached --name-only", execOpt).trim().split("\n").filter(Boolean);
+      }
+    }
+    branch = require("child_process").execSync("git branch --show-current", execOpt).trim();
+  } catch (err) {
+    console.log(c("red", `Failed to collect git data: ${err.message}`));
+    process.exit(1);
+  }
+
+  if (!diff) {
+    console.log(c("yellow", "No changes to analyze."));
+    process.exit(0);
+  }
+
+  // Truncate diff if needed
+  if (diff.length > 10000) {
+    diff = diff.slice(0, 4000) + "\n\n[...truncated...]\n\n" + diff.slice(-4000);
+  }
+
+  console.log(`Analyzing ${c("bold", filesChanged.length)} file(s) against ${c("bold", skillNames.length)} skill(s)...`);
+  console.log(c("dim", `Commit: ${commitHash?.slice(0, 8)} — ${commitMessage}`));
+  console.log(c("dim", `Branch: ${branch}\n`));
+
+  // Get project name
+  let projectName = null;
+  try {
+    const pkgPath = path.join(PROJECT_ROOT, "package.json");
+    if (fs.existsSync(pkgPath)) {
+      projectName = JSON.parse(fs.readFileSync(pkgPath, "utf-8")).name || null;
+    }
+  } catch { /* ignore */ }
+
+  try {
+    console.log(c("dim", "Sending to AI for analysis (this may take 10-30 seconds)...\n"));
+
+    const result = await fetchJSON(analyzeUrl, {
+      email: config.email,
+      commit_hash: commitHash,
+      commit_message: commitMessage,
+      branch,
+      project_name: projectName,
+      files_changed: filesChanged,
+      diff,
+      skill_names: skillNames,
+    });
+
+    if (result.error) {
+      throw new Error(result.error);
+    }
+
+    // Display results
+    console.log(c("blue", "━━━ Analysis Results ━━━\n"));
+    const score = result.overall_score || 0;
+    const scoreColor = score >= 80 ? "green" : score >= 50 ? "yellow" : "red";
+    console.log(`Overall Score: ${c(scoreColor, `${score}/100`)}\n`);
+
+    if (result.skill_scores) {
+      for (const [skillName, data] of Object.entries(result.skill_scores)) {
+        const s = data;
+        const sColor = s.score >= 80 ? "green" : s.score >= 50 ? "yellow" : "red";
+        console.log(`${c("bold", skillName)}: ${c(sColor, `${s.score}/100`)}`);
+        if (s.passed?.length) {
+          for (const p of s.passed) console.log(`  ${c("green", "✓")} ${p}`);
+        }
+        if (s.failed?.length) {
+          for (const f of s.failed) console.log(`  ${c("red", "✗")} ${f}`);
+        }
+        if (s.suggestions?.length) {
+          for (const sg of s.suggestions) console.log(`  ${c("yellow", "→")} ${sg}`);
+        }
+        console.log("");
+      }
+    }
+
+    if (result.summary) {
+      console.log(c("dim", `Summary: ${result.summary}`));
+    }
+
+    console.log(c("dim", `\nTokens used: ${result.tokens_used || "?"} | Duration: ${result.duration_ms || "?"}ms\n`));
+
+  } catch (err) {
+    console.log(c("red", `\n✗ Analysis failed: ${err.message}`));
+    process.exit(1);
+  }
+}
+
 // ── Main ──
 
 const command = process.argv[2] || "setup";
@@ -553,6 +711,7 @@ switch (command) {
   case "status": cmdStatus(); break;
   case "list": cmdList(); break;
   case "doctor": cmdDoctor(); break;
+  case "analyze": cmdAnalyze(); break;
   case "help": case "--help": case "-h":
     console.log(`
 ${c("blue", "AI Skills Framework")} — @valentia-ai-skills/framework
@@ -562,8 +721,12 @@ Usage:
   npx ai-skills update   Re-fetch and update skills for your team
   npx ai-skills status   Show installed skills, team, and tools
   npx ai-skills list     List locally bundled skills
+  npx ai-skills analyze  Analyze last commit against active skills
   npx ai-skills doctor   Health check (config + API + tools)
 
+Flags:
+  analyze --last         Analyze the most recent commit
+
 Environment:
   AI_SKILLS_API_URL      Override the Supabase Edge Function URL
 `); break;

package/hooks/do-analysis.js

@@ -0,0 +1,125 @@
+#!/usr/bin/env node
+
+/**
+ * Background commit analyzer.
+ * Collects git diff + metadata, sends to the analyze-commit Edge Function.
+ * Runs as a detached process — never shows output to the developer.
+ * Everything is wrapped in try/catch — fails silently on any error.
+ */
+
+const fs = require("fs");
+const path = require("path");
+const { execSync } = require("child_process");
+const https = require("https");
+const http = require("http");
+
+const PROJECT_ROOT = process.env.AI_SKILLS_CWD || process.cwd();
+const CONFIG_PATH = path.join(PROJECT_ROOT, ".ai-skills.json");
+
+// Default Edge Function URL (can be overridden in .ai-skills.json)
+const DEFAULT_API_URL =
+  "https://znshdhjquohrzvbnloki.supabase.co/functions/v1/analyze-commit";
+
+function loadConfig() {
+  try {
+    if (fs.existsSync(CONFIG_PATH)) {
+      return JSON.parse(fs.readFileSync(CONFIG_PATH, "utf-8"));
+    }
+  } catch {
+    // ignore
+  }
+  return null;
+}
+
+function git(cmd) {
+  try {
+    return execSync(cmd, { cwd: PROJECT_ROOT, encoding: "utf-8", timeout: 10000 }).trim();
+  } catch {
+    return "";
+  }
+}
+
+function truncateDiff(diff, maxLen = 10000) {
+  if (diff.length <= maxLen) return diff;
+  const half = Math.floor(maxLen / 2);
+  return diff.slice(0, half) + "\n\n[...truncated...]\n\n" + diff.slice(-half);
+}
+
+function postJSON(url, body) {
+  return new Promise((resolve, reject) => {
+    const parsed = new URL(url);
+    const mod = parsed.protocol === "https:" ? https : http;
+    const postData = JSON.stringify(body);
+
+    const req = mod.request(
+      {
+        hostname: parsed.hostname,
+        port: parsed.port,
+        path: parsed.pathname + parsed.search,
+        method: "POST",
+        headers: {
+          "Content-Type": "application/json",
+          "Content-Length": Buffer.byteLength(postData),
+        },
+        timeout: 60000, // 60s timeout for AI analysis
+      },
+      (res) => {
+        let data = "";
+        res.on("data", (chunk) => (data += chunk));
+        res.on("end", () => resolve(data));
+      }
+    );
+    req.on("error", reject);
+    req.on("timeout", () => { req.destroy(); reject(new Error("timeout")); });
+    req.write(postData);
+    req.end();
+  });
+}
+
+async function main() {
+  // 1. Read config
+  const config = loadConfig();
+  if (!config || !config.email) return; // No config = not set up, silently exit
+
+  const email = config.email;
+  const skillNames = (config.skills || []).map((s) => s.name);
+  if (skillNames.length === 0) return; // No skills to check against
+
+  const apiUrl = config.analyzeUrl || process.env.AI_SKILLS_ANALYZE_URL || DEFAULT_API_URL;
+
+  // 2. Collect git data
+  const diff = git("git diff HEAD~1 HEAD");
+  if (!diff) return; // No diff = nothing to analyze
+
+  const commitHash = git("git rev-parse HEAD");
+  const commitMessage = git('git log -1 --format="%s"');
+  const branch = git("git branch --show-current");
+  const filesChangedRaw = git("git diff --name-only HEAD~1 HEAD");
+  const filesChanged = filesChangedRaw ? filesChangedRaw.split("\n").filter(Boolean) : [];
+
+  // Try to get project name from package.json
+  let projectName = null;
+  try {
+    const pkgPath = path.join(PROJECT_ROOT, "package.json");
+    if (fs.existsSync(pkgPath)) {
+      projectName = JSON.parse(fs.readFileSync(pkgPath, "utf-8")).name || null;
+    }
+  } catch {
+    // ignore
+  }
+
+  // 3. Send to Edge Function
+  await postJSON(apiUrl, {
+    email,
+    commit_hash: commitHash,
+    commit_message: commitMessage,
+    branch,
+    project_name: projectName,
+    files_changed: filesChanged,
+    diff: truncateDiff(diff),
+    skill_names: skillNames,
+  });
+}
+
+// Run and exit silently regardless of outcome
+main().catch(() => {}).finally(() => process.exit(0));

package/hooks/install-hook.js

@@ -0,0 +1,75 @@
+#!/usr/bin/env node
+
+/**
+ * Installs the post-commit analysis hook into .git/hooks/post-commit.
+ * Called during `npx ai-skills setup`.
+ *
+ * The hook script delegates to the npm package's hooks/post-commit-analyze.js,
+ * so updates to the analysis logic are picked up automatically on npm update.
+ */
+
+const fs = require("fs");
+const path = require("path");
+
+function installHook(projectRoot) {
+  const gitHooksDir = path.join(projectRoot, ".git", "hooks");
+
+  // Check if this is a git repo
+  if (!fs.existsSync(path.join(projectRoot, ".git"))) {
+    return { installed: false, reason: "Not a git repository" };
+  }
+
+  // Ensure hooks directory exists
+  if (!fs.existsSync(gitHooksDir)) {
+    fs.mkdirSync(gitHooksDir, { recursive: true });
+  }
+
+  const hookPath = path.join(gitHooksDir, "post-commit");
+
+  // Find the path to the hook script in the npm package
+  // Works whether running from node_modules or directly
+  const hookScript = path.join(__dirname, "post-commit-analyze.js");
+
+  // Generate the hook content — delegates to the npm package script
+  const hookContent = `#!/bin/sh
+# AI Skills Framework — post-commit analysis hook
+# Auto-installed by npx ai-skills setup
+# Runs code analysis in the background after each commit (non-blocking)
+
+node "${hookScript}" &
+`;
+
+  // Check if an existing post-commit hook exists
+  if (fs.existsSync(hookPath)) {
+    const existing = fs.readFileSync(hookPath, "utf-8");
+    if (existing.includes("ai-skills")) {
+      // Already installed — update it
+      fs.writeFileSync(hookPath, hookContent);
+      fs.chmodSync(hookPath, "755");
+      return { installed: true, reason: "Updated existing hook" };
+    }
+
+    // There's a different post-commit hook — append our line
+    const appendLine = `\n# AI Skills Framework — post-commit analysis\nnode "${hookScript}" &\n`;
+    fs.appendFileSync(hookPath, appendLine);
+    fs.chmodSync(hookPath, "755");
+    return { installed: true, reason: "Appended to existing hook" };
+  }
+
+  // No existing hook — create new one
+  fs.writeFileSync(hookPath, hookContent);
+  fs.chmodSync(hookPath, "755");
+  return { installed: true, reason: "Hook installed" };
+}
+
+// If run directly (not required as module)
+if (require.main === module) {
+  const result = installHook(process.cwd());
+  if (result.installed) {
+    console.log(`✓ Post-commit hook: ${result.reason}`);
+  } else {
+    console.log(`⚠ Post-commit hook skipped: ${result.reason}`);
+  }
+}
+
+module.exports = { installHook };

package/hooks/post-commit-analyze.js

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+
+/**
+ * Post-commit hook entry point.
+ * Spawns the actual analysis as a detached background process so git returns immediately.
+ * This file is copied into .git/hooks/post-commit during `npx ai-skills setup`.
+ */
+
+const { spawn } = require("child_process");
+const path = require("path");
+
+try {
+  // Find do-analysis.js relative to this hook's location in the npm package
+  // When installed via npm, hooks/ is inside node_modules/@valentia-ai-skills/framework/hooks/
+  const analysisScript = path.join(__dirname, "do-analysis.js");
+
+  const child = spawn("node", [analysisScript], {
+    detached: true,
+    stdio: "ignore",
+    cwd: process.cwd(),
+    env: { ...process.env, AI_SKILLS_CWD: process.cwd() },
+  });
+
+  child.unref();
+} catch {
+  // Never block the developer — silently exit
+}
+
+process.exit(0);

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@valentia-ai-skills/framework",
-  "version": "1.0.7",
-  "description": "AI development skills framework — centralized coding standards, security patterns, and SOPs for AI-assisted development. Works with Claude Code, Cursor, Copilot, Windsurf, and any AI coding tool.",
+  "version": "1.0.9",
+  "description": "AI development skills framework — centralized coding standards, security patterns, and SOPs for AI-assisted development. Works with Claude Code, Cursor, Copilot, Windsurf, and any AI coding tool.",
   "keywords": [
     "ai-skills",
     "claude-code",
@@ -34,6 +34,7 @@
     "src/",
     "skills/",
     "scripts/",
+    "hooks/",
     "README.md"
   ],
   "engines": {