npm - agentic-loop - Versions diffs - 1.0.0 - Mend

agentic-loop 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (162) hide show

package/.claude/commands/explain.md +114 -0
package/.claude/commands/idea.md +398 -0
package/.claude/commands/my-dna.md +122 -0
package/.claude/commands/prd.md +286 -0
package/.claude/commands/review.md +167 -0
package/.claude/commands/sign.md +32 -0
package/.claude/commands/styleguide.md +450 -0
package/.claude/commands/tour.md +301 -0
package/.claude/commands/vibe-check.md +116 -0
package/.claude/commands/vibe-help.md +47 -0
package/.claude/commands/vibe-list.md +203 -0
package/.pre-commit-hooks.yaml +102 -0
package/LICENSE +21 -0
package/README.md +238 -0
package/bin/agentic-loop.sh +24 -0
package/bin/postinstall.sh +29 -0
package/bin/ralph.sh +171 -0
package/bin/vibe-check.js +19 -0
package/dist/checks/check-any-types.d.ts +6 -0
package/dist/checks/check-any-types.d.ts.map +1 -0
package/dist/checks/check-any-types.js +73 -0
package/dist/checks/check-any-types.js.map +1 -0
package/dist/checks/check-commented-code.d.ts +6 -0
package/dist/checks/check-commented-code.d.ts.map +1 -0
package/dist/checks/check-commented-code.js +81 -0
package/dist/checks/check-commented-code.js.map +1 -0
package/dist/checks/check-console-error.d.ts +6 -0
package/dist/checks/check-console-error.d.ts.map +1 -0
package/dist/checks/check-console-error.js +41 -0
package/dist/checks/check-console-error.js.map +1 -0
package/dist/checks/check-debug-statements.d.ts +6 -0
package/dist/checks/check-debug-statements.d.ts.map +1 -0
package/dist/checks/check-debug-statements.js +120 -0
package/dist/checks/check-debug-statements.js.map +1 -0
package/dist/checks/check-deep-nesting.d.ts +6 -0
package/dist/checks/check-deep-nesting.d.ts.map +1 -0
package/dist/checks/check-deep-nesting.js +116 -0
package/dist/checks/check-deep-nesting.js.map +1 -0
package/dist/checks/check-docker-platform.d.ts +6 -0
package/dist/checks/check-docker-platform.d.ts.map +1 -0
package/dist/checks/check-docker-platform.js +42 -0
package/dist/checks/check-docker-platform.js.map +1 -0
package/dist/checks/check-dry-violations.d.ts +6 -0
package/dist/checks/check-dry-violations.d.ts.map +1 -0
package/dist/checks/check-dry-violations.js +124 -0
package/dist/checks/check-dry-violations.js.map +1 -0
package/dist/checks/check-empty-catch.d.ts +6 -0
package/dist/checks/check-empty-catch.d.ts.map +1 -0
package/dist/checks/check-empty-catch.js +111 -0
package/dist/checks/check-empty-catch.js.map +1 -0
package/dist/checks/check-function-length.d.ts +6 -0
package/dist/checks/check-function-length.d.ts.map +1 -0
package/dist/checks/check-function-length.js +152 -0
package/dist/checks/check-function-length.js.map +1 -0
package/dist/checks/check-hardcoded-ai-models.d.ts +10 -0
package/dist/checks/check-hardcoded-ai-models.d.ts.map +1 -0
package/dist/checks/check-hardcoded-ai-models.js +102 -0
package/dist/checks/check-hardcoded-ai-models.js.map +1 -0
package/dist/checks/check-hardcoded-urls.d.ts +6 -0
package/dist/checks/check-hardcoded-urls.d.ts.map +1 -0
package/dist/checks/check-hardcoded-urls.js +124 -0
package/dist/checks/check-hardcoded-urls.js.map +1 -0
package/dist/checks/check-magic-numbers.d.ts +6 -0
package/dist/checks/check-magic-numbers.d.ts.map +1 -0
package/dist/checks/check-magic-numbers.js +116 -0
package/dist/checks/check-magic-numbers.js.map +1 -0
package/dist/checks/check-secrets.d.ts +6 -0
package/dist/checks/check-secrets.d.ts.map +1 -0
package/dist/checks/check-secrets.js +138 -0
package/dist/checks/check-secrets.js.map +1 -0
package/dist/checks/check-snake-case-ts.d.ts +6 -0
package/dist/checks/check-snake-case-ts.d.ts.map +1 -0
package/dist/checks/check-snake-case-ts.js +78 -0
package/dist/checks/check-snake-case-ts.js.map +1 -0
package/dist/checks/check-todo-fixme.d.ts +6 -0
package/dist/checks/check-todo-fixme.d.ts.map +1 -0
package/dist/checks/check-todo-fixme.js +41 -0
package/dist/checks/check-todo-fixme.js.map +1 -0
package/dist/checks/check-unsafe-html.d.ts +6 -0
package/dist/checks/check-unsafe-html.d.ts.map +1 -0
package/dist/checks/check-unsafe-html.js +101 -0
package/dist/checks/check-unsafe-html.js.map +1 -0
package/dist/checks/index.d.ts +30 -0
package/dist/checks/index.d.ts.map +1 -0
package/dist/checks/index.js +57 -0
package/dist/checks/index.js.map +1 -0
package/dist/cli.d.ts +13 -0
package/dist/cli.d.ts.map +1 -0
package/dist/cli.js +208 -0
package/dist/cli.js.map +1 -0
package/dist/index.d.ts +9 -0
package/dist/index.d.ts.map +1 -0
package/dist/index.js +10 -0
package/dist/index.js.map +1 -0
package/dist/utils/file-reader.d.ts +24 -0
package/dist/utils/file-reader.d.ts.map +1 -0
package/dist/utils/file-reader.js +146 -0
package/dist/utils/file-reader.js.map +1 -0
package/dist/utils/patterns.d.ts +27 -0
package/dist/utils/patterns.d.ts.map +1 -0
package/dist/utils/patterns.js +84 -0
package/dist/utils/patterns.js.map +1 -0
package/dist/utils/reporters.d.ts +21 -0
package/dist/utils/reporters.d.ts.map +1 -0
package/dist/utils/reporters.js +115 -0
package/dist/utils/reporters.js.map +1 -0
package/dist/utils/types.d.ts +71 -0
package/dist/utils/types.d.ts.map +1 -0
package/dist/utils/types.js +5 -0
package/dist/utils/types.js.map +1 -0
package/package.json +83 -0
package/ralph/api.sh +216 -0
package/ralph/backup.sh +838 -0
package/ralph/browser-verify/README.md +135 -0
package/ralph/browser-verify/verify.ts +450 -0
package/ralph/checks/check-fastapi-responses.py +155 -0
package/ralph/hooks/hooks-config.json +72 -0
package/ralph/hooks/inject-context.sh +44 -0
package/ralph/hooks/install.sh +207 -0
package/ralph/hooks/log-tools.sh +45 -0
package/ralph/hooks/protect-prd.sh +27 -0
package/ralph/hooks/save-learnings.sh +36 -0
package/ralph/hooks/warn-debug.sh +54 -0
package/ralph/hooks/warn-empty-catch.sh +63 -0
package/ralph/hooks/warn-secrets.sh +89 -0
package/ralph/hooks/warn-urls.sh +77 -0
package/ralph/init.sh +515 -0
package/ralph/loop.sh +730 -0
package/ralph/playwright.sh +238 -0
package/ralph/prd.sh +295 -0
package/ralph/setup/feature-tour.sh +155 -0
package/ralph/setup/quick-setup.sh +239 -0
package/ralph/setup/tutorial.sh +159 -0
package/ralph/setup/ui.sh +136 -0
package/ralph/setup.sh +401 -0
package/ralph/signs.sh +150 -0
package/ralph/utils.sh +682 -0
package/ralph/verify/browser.sh +324 -0
package/ralph/verify/lint.sh +363 -0
package/ralph/verify/review.sh +152 -0
package/ralph/verify/tests.sh +81 -0
package/ralph/verify.sh +268 -0
package/templates/PROMPT.md +235 -0
package/templates/config/fullstack.json +86 -0
package/templates/config/go.json +81 -0
package/templates/config/minimal.json +76 -0
package/templates/config/node.json +81 -0
package/templates/config/python.json +81 -0
package/templates/config/rust.json +81 -0
package/templates/examples/CLAUDE-django.md +174 -0
package/templates/examples/CLAUDE-fastapi.md +270 -0
package/templates/examples/CLAUDE-fastmcp.md +352 -0
package/templates/examples/CLAUDE-fullstack.md +256 -0
package/templates/examples/CLAUDE-node.md +246 -0
package/templates/examples/CLAUDE-react.md +138 -0
package/templates/optional/cursorrules.template +147 -0
package/templates/optional/eslint.config.js +34 -0
package/templates/optional/lint-staged.config.js +34 -0
package/templates/optional/ruff.toml +125 -0
package/templates/optional/vibe-check.yml +116 -0
package/templates/optional/vscode-settings.json +127 -0
package/templates/signs.json +46 -0

package/ralph/hooks/warn-empty-catch.sh ADDED Viewed

@@ -0,0 +1,63 @@
+#!/usr/bin/env bash
+# warn-empty-catch.sh - Warn about empty catch blocks that silently swallow errors
+# Hook: PostToolUse matcher: "Edit|Write"
+set -euo pipefail
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
+# Only check code files
+case "$FILE_PATH" in
+  *.ts|*.tsx|*.js|*.jsx|*.py)
+    ;;
+  *)
+    echo '{"continue": true}'
+    exit 0
+    ;;
+esac
+# Get the content that was written
+NEW_CONTENT=""
+if [[ "$TOOL_NAME" == "Write" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // ""')
+elif [[ "$TOOL_NAME" == "Edit" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // ""')
+fi
+WARNINGS=""
+# JavaScript/TypeScript: catch (e) { } or catch { }
+if echo "$NEW_CONTENT" | grep -qE 'catch\s*\([^)]*\)\s*\{\s*\}'; then
+  WARNINGS="⚠️  Empty catch block detected. Handle the error or add a comment explaining why it's ignored."
+fi
+# Also check for catch with only a comment (no actual handling)
+if echo "$NEW_CONTENT" | grep -qE 'catch\s*\([^)]*\)\s*\{\s*(//[^\n]*)?\s*\}'; then
+  if [[ -z "$WARNINGS" ]]; then
+    WARNINGS="⚠️  Catch block with no error handling. Consider logging or rethrowing the error."
+  fi
+fi
+# Python: except: pass or except Exception: pass
+if echo "$NEW_CONTENT" | grep -qE 'except.*:\s*pass\s*$'; then
+  WARNINGS="⚠️  Empty except block (pass). Handle the exception or add logging."
+fi
+# Python: bare except with just pass on next line
+if echo "$NEW_CONTENT" | grep -qE 'except.*:\s*$' && echo "$NEW_CONTENT" | grep -qE '^\s*pass\s*$'; then
+  if [[ -z "$WARNINGS" ]]; then
+    WARNINGS="⚠️  Except block with only 'pass'. Consider logging or reraising the exception."
+  fi
+fi
+# Block if empty catch detected
+if [[ -n "$WARNINGS" ]]; then
+  jq -n --arg warn "$WARNINGS" '{
+    "continue": false,
+    "message": $warn
+  }'
+else
+  echo '{"continue": true}'
+fi

package/ralph/hooks/warn-secrets.sh ADDED Viewed

@@ -0,0 +1,89 @@
+#!/usr/bin/env bash
+# warn-secrets.sh - Warn about potential secrets in written code
+# Hook: PostToolUse matcher: "Edit|Write"
+#
+# Mirrors the pre-commit check-secrets patterns for consistency
+set -euo pipefail
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
+# Only check code files
+case "$FILE_PATH" in
+  *.ts|*.tsx|*.js|*.jsx|*.py|*.json|*.yaml|*.yml|*.env*)
+    ;;
+  *)
+    echo '{"continue": true}'
+    exit 0
+    ;;
+esac
+# Get the content that was written
+NEW_CONTENT=""
+if [[ "$TOOL_NAME" == "Write" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // ""')
+elif [[ "$TOOL_NAME" == "Edit" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // ""')
+fi
+WARNINGS=""
+# AWS Access Key (AKIA followed by 16 alphanumeric chars)
+if echo "$NEW_CONTENT" | grep -qE 'AKIA[0-9A-Z]{16}'; then
+  WARNINGS="🚨 SECURITY: Possible AWS Access Key detected! Use environment variables."
+fi
+# Stripe keys (sk_live_* or sk_test_*)
+if echo "$NEW_CONTENT" | grep -qE 'sk_(live|test)_[0-9a-zA-Z]{24,}'; then
+  WARNINGS="${WARNINGS}\n🚨 SECURITY: Stripe API key detected! Use environment variables."
+fi
+# GitHub tokens (ghp_, gho_, ghu_, ghs_, ghr_)
+if echo "$NEW_CONTENT" | grep -qE 'gh[pousr]_[A-Za-z0-9_]{36,}'; then
+  WARNINGS="${WARNINGS}\n🚨 SECURITY: GitHub token detected! Use environment variables."
+fi
+# Slack tokens (xoxb-, xoxp-, xoxa-, xoxr-, xoxs-)
+if echo "$NEW_CONTENT" | grep -qE 'xox[baprs]-[0-9]{10,}-[0-9a-zA-Z]{24,}'; then
+  WARNINGS="${WARNINGS}\n🚨 SECURITY: Slack token detected! Use environment variables."
+fi
+# SendGrid keys (SG.*)
+if echo "$NEW_CONTENT" | grep -qE 'SG\.[a-zA-Z0-9_-]{22}\.[a-zA-Z0-9_-]{43}'; then
+  WARNINGS="${WARNINGS}\n🚨 SECURITY: SendGrid API key detected! Use environment variables."
+fi
+# Private keys
+if echo "$NEW_CONTENT" | grep -qE '-----BEGIN (RSA |EC |DSA |OPENSSH )?PRIVATE KEY-----'; then
+  WARNINGS="${WARNINGS}\n🚨 SECURITY: Private key detected! Never commit private keys."
+fi
+# Generic API key patterns (api_key = "...", apikey: "...", etc.)
+if echo "$NEW_CONTENT" | grep -qiE '(api[_-]?key|api[_-]?secret)\s*[:=]\s*['"'"'"][a-zA-Z0-9_\-]{20,}['"'"'"]'; then
+  # Check it's not a placeholder
+  if ! echo "$NEW_CONTENT" | grep -qiE '(example|placeholder|your[_-]?key|xxx|test|dummy|fake|sample|demo)'; then
+    WARNINGS="${WARNINGS}\n⚠️  Possible hardcoded API key - use environment variables."
+  fi
+fi
+# Generic secrets (password = "...", token = "...", etc.)
+if echo "$NEW_CONTENT" | grep -qiE '(password|passwd|pwd|secret|token)\s*[:=]\s*['"'"'"][^'"'"'"]{8,}['"'"'"]'; then
+  # Check it's not a placeholder or type annotation
+  if ! echo "$NEW_CONTENT" | grep -qiE '(example|placeholder|xxx|test|dummy|type|interface|password:)'; then
+    WARNINGS="${WARNINGS}\n⚠️  Possible hardcoded secret - use environment variables."
+  fi
+fi
+# Output warning as additional context (non-blocking)
+if [[ -n "$WARNINGS" ]]; then
+  jq -n --arg warn "$WARNINGS" '{
+    "continue": true,
+    "hookSpecificOutput": {
+      "additionalContext": $warn
+    }
+  }'
+else
+  echo '{"continue": true}'
+fi

package/ralph/hooks/warn-urls.sh ADDED Viewed

@@ -0,0 +1,77 @@
+#!/usr/bin/env bash
+# warn-urls.sh - Warn about hardcoded URLs in written code
+# Hook: PostToolUse matcher: "Edit|Write"
+#
+# Mirrors the pre-commit check-hardcoded-urls patterns for consistency
+set -euo pipefail
+INPUT=$(cat)
+TOOL_NAME=$(echo "$INPUT" | jq -r '.tool_name // ""')
+FILE_PATH=$(echo "$INPUT" | jq -r '.tool_input.file_path // .tool_input.path // ""')
+# Only check code files (skip test files)
+case "$FILE_PATH" in
+  *.test.*|*.spec.*|*/__tests__/*|*/test/*|*/fixtures/*)
+    echo '{"continue": true}'
+    exit 0
+    ;;
+  *.ts|*.tsx|*.js|*.jsx|*.py)
+    ;;
+  *)
+    echo '{"continue": true}'
+    exit 0
+    ;;
+esac
+# Get the content that was written
+NEW_CONTENT=""
+if [[ "$TOOL_NAME" == "Write" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.content // ""')
+elif [[ "$TOOL_NAME" == "Edit" ]]; then
+  NEW_CONTENT=$(echo "$INPUT" | jq -r '.tool_input.new_string // ""')
+fi
+WARNINGS=""
+# Check for localhost URLs
+if echo "$NEW_CONTENT" | grep -qE 'https?://localhost(:[0-9]+)?'; then
+  # Skip if it's in a fallback pattern (|| or ?? or default)
+  if ! echo "$NEW_CONTENT" | grep -qE '(\|\||\?\?|default|fallback).*localhost'; then
+    WARNINGS="⚠️  Hardcoded localhost URL detected - use environment variable (e.g., process.env.API_URL)"
+  fi
+fi
+# Check for 127.0.0.1 URLs
+if echo "$NEW_CONTENT" | grep -qE 'https?://127\.0\.0\.1(:[0-9]+)?'; then
+  if ! echo "$NEW_CONTENT" | grep -qE '(\|\||\?\?|default|fallback).*127\.0\.0\.1'; then
+    WARNINGS="${WARNINGS}\n⚠️  Hardcoded 127.0.0.1 URL detected - use environment variable"
+  fi
+fi
+# Check for hardcoded production-looking URLs (skip CDNs and common safe domains)
+SAFE_DOMAINS="cdn.jsdelivr.net|cdnjs.cloudflare.com|unpkg.com|fonts.googleapis.com|fonts.gstatic.com|api.github.com|raw.githubusercontent.com|registry.npmjs.org|schema.org|www.w3.org|example.com|example.org"
+# Look for https:// URLs that aren't safe domains
+PROD_URLS=$(echo "$NEW_CONTENT" | grep -oE 'https://[a-zA-Z0-9][a-zA-Z0-9.-]+\.[a-zA-Z]{2,}' | grep -vE "$SAFE_DOMAINS" || true)
+if [[ -n "$PROD_URLS" ]]; then
+  # Skip if they look like example/placeholder URLs
+  PROD_URLS=$(echo "$PROD_URLS" | grep -v -E '(example|placeholder|test|mock)' || true)
+  if [[ -n "$PROD_URLS" ]]; then
+    FIRST_URL=$(echo "$PROD_URLS" | head -1)
+    WARNINGS="${WARNINGS}\n⚠️  Hardcoded URL ($FIRST_URL) - consider using environment variable"
+  fi
+fi
+# Output warning as additional context (non-blocking)
+if [[ -n "$WARNINGS" ]]; then
+  jq -n --arg warn "$WARNINGS" '{
+    "continue": true,
+    "hookSpecificOutput": {
+      "additionalContext": $warn
+    }
+  }'
+else
+  echo '{"continue": true}'
+fi