aidevops 2.52.1 → 2.53.1

package/.agent/tools/git/opencode-gitlab.md

@@ -1,252 +0,0 @@
----
-description: OpenCode GitLab integration for AI-powered issue/MR automation
-mode: subagent
-tools:
-  read: true
-  write: false
-  edit: false
-  bash: true
-  glob: true
-  grep: true
-  webfetch: true
-  task: true
----
-
-# OpenCode GitLab Integration
-
-<!-- AI-CONTEXT-START -->
-
-## Quick Reference
-
-- **Trigger**: `@opencode` in any issue/MR comment
-- **Runs on**: Your GitLab CI runners (secure)
-- **Docs**: https://opencode.ai/docs/gitlab/
-
-**What It Does**:
-
-| Command | Result |
-|---------|--------|
-| `@opencode explain this` | AI analyzes issue/MR and replies |
-| `@opencode fix this` | Creates branch, implements fix, opens MR |
-| `@opencode review this MR` | Reviews code, suggests improvements |
-
-**Requirements**:
-- GitLab CI/CD pipeline configured
-- CI/CD Variables: `ANTHROPIC_API_KEY`, `GITLAB_TOKEN_OPENCODE`, `GITLAB_HOST`
-- Service account for git operations
-
-<!-- AI-CONTEXT-END -->
-
-## Overview
-
-OpenCode's GitLab integration enables AI-powered automation directly from GitLab issues and merge requests. When you comment `@opencode fix this` on an issue, OpenCode:
-
-1. Analyzes the issue context
-2. Creates a new branch
-3. Implements the fix
-4. Opens a merge request with the changes
-
-All execution happens securely on YOUR GitLab CI runners.
-
-## Installation
-
-### Prerequisites
-
-1. GitLab repository with CI/CD enabled
-2. AI provider API key (Anthropic, OpenAI, etc.)
-3. GitLab access token for the service account
-4. `glab` CLI available in your CI image
-
-### Step 1: Create Service Account
-
-Create a GitLab user or use a project access token for OpenCode operations.
-
-Required scopes:
-- `api` - Full API access
-- `read_repository` - Read repository
-- `write_repository` - Write repository
-
-### Step 2: Configure CI/CD Variables
-
-Go to: Settings → CI/CD → Variables
-
-Add these variables:
-
-| Variable | Value | Protected | Masked |
-|----------|-------|-----------|--------|
-| `ANTHROPIC_API_KEY` | Your API key | Yes | Yes |
-| `GITLAB_TOKEN_OPENCODE` | Service account token | Yes | Yes |
-| `GITLAB_HOST` | `gitlab.com` or your instance | No | No |
-
-### Step 3: Create CI/CD Pipeline
-
-Create `.gitlab-ci.yml` or add to existing:
-
-```yaml
-stages:
-  - opencode
-
-opencode:
-  stage: opencode
-  image: node:22-slim
-  rules:
-    # Trigger on issue/MR comments containing @opencode
-    - if: '$CI_PIPELINE_SOURCE == "trigger"'
-      when: always
-  before_script:
-    - npm install --global opencode-ai
-    - apt-get update && apt-get install -y git
-    # Install glab CLI
-    - |
-      curl -sL https://github.com/profclems/glab/releases/latest/download/glab_Linux_x86_64.tar.gz | tar xz
-      mv glab /usr/local/bin/
-    # Configure git
-    - git config --global user.email "opencode@gitlab.com"
-    - git config --global user.name "OpenCode"
-    # Setup OpenCode auth
-    - mkdir -p ~/.local/share/opencode
-    - |
-      cat > ~/.local/share/opencode/auth.json << EOF
-      { "anthropic": { "apiKey": "$ANTHROPIC_API_KEY" } }
-      EOF
-  script:
-    # Run OpenCode with the trigger context
-    - opencode run "$AI_FLOW_INPUT"
-    # Commit and push any changes
-    - |
-      if [ -n "$(git status --porcelain)" ]; then
-        git add -A
-        git commit -m "OpenCode changes"
-        git push origin HEAD:"$CI_WORKLOAD_REF"
-      fi
-  variables:
-    GIT_STRATEGY: clone
-    GIT_DEPTH: 1
-```
-
-### Step 4: Configure Webhook (Optional)
-
-For automatic triggering on comments, configure a webhook:
-
-1. Go to: Settings → Webhooks
-2. URL: Your pipeline trigger URL
-3. Trigger: Note events (issues and MRs)
-
-## Usage
-
-### In Issues
-
-Comment on any issue:
-
-```text
-@opencode explain this issue
-```
-
-OpenCode reads the issue and replies with an explanation.
-
-```text
-@opencode fix this
-```
-
-OpenCode creates a branch, implements a fix, and opens an MR.
-
-### In Merge Requests
-
-Comment on an MR:
-
-```text
-@opencode review this merge request
-```
-
-OpenCode analyzes the changes and provides feedback.
-
-## Configuration
-
-### Using Different AI Providers
-
-Update the auth.json creation in your pipeline:
-
-```yaml
-# For OpenAI
-- |
-  cat > ~/.local/share/opencode/auth.json << EOF
-  { "openai": { "apiKey": "$OPENAI_API_KEY" } }
-  EOF
-
-# For multiple providers
-- |
-  cat > ~/.local/share/opencode/auth.json << EOF
-  {
-    "anthropic": { "apiKey": "$ANTHROPIC_API_KEY" },
-    "openai": { "apiKey": "$OPENAI_API_KEY" }
-  }
-  EOF
-```
-
-### Custom Model
-
-Specify model in the opencode run command:
-
-```yaml
-script:
-  - opencode run --model anthropic/claude-sonnet-4-20250514 "$AI_FLOW_INPUT"
-```
-
-### Self-Hosted GitLab
-
-Set `GITLAB_HOST` to your instance URL:
-
-```yaml
-variables:
-  GITLAB_HOST: gitlab.company.com
-```
-
-## Security
-
-- **Runs on YOUR runners**: Code never leaves your GitLab CI environment
-- **Secrets in CI/CD Variables**: API keys stored securely
-- **Service account isolation**: Dedicated account for OpenCode operations
-- **Audit trail**: All pipeline runs visible in CI/CD → Pipelines
-
-## Troubleshooting
-
-### Pipeline Not Triggering
-
-1. Check webhook configuration
-2. Verify trigger rules in `.gitlab-ci.yml`
-3. Check CI/CD is enabled for the project
-
-### Authentication Errors
-
-1. Verify `GITLAB_TOKEN_OPENCODE` has correct scopes
-2. Check token hasn't expired
-3. Verify `GITLAB_HOST` is correct
-
-### OpenCode Errors
-
-1. Check `ANTHROPIC_API_KEY` is set correctly
-2. Verify auth.json is created properly
-3. Check pipeline logs for specific errors
-
-## Integration with aidevops
-
-When using aidevops workflows:
-
-1. **Branch naming**: Configure OpenCode to use aidevops conventions
-2. **MR format**: Use custom prompts for aidevops-style MR descriptions
-3. **Quality checks**: OpenCode MRs trigger your existing CI pipelines
-
-## Comparison with GitHub Integration
-
-| Feature | GitHub | GitLab |
-|---------|--------|--------|
-| Trigger command | `/oc` or `/opencode` | `@opencode` |
-| Setup method | GitHub App + workflow | CI/CD pipeline |
-| Line-specific reviews | Yes (Files tab) | Limited |
-| Auto-setup | `opencode github install` | Manual |
-
-## Related
-
-- **GitHub integration**: `git/opencode-github.md`
-- **GitLab CLI**: `git/gitlab-cli.md`
-- **Git workflow**: `workflows/git-workflow.md`

package/.agent/tools/git/security.md

@@ -1,196 +0,0 @@
----
-description: Git security practices and secret scanning
-mode: subagent
-tools:
-  read: true
-  write: false
-  edit: false
-  bash: true
-  glob: true
-  grep: true
-  webfetch: false
-  task: true
----
-
-# Git Security Practices
-
-<!-- AI-CONTEXT-START -->
-
-## Quick Reference
-
-- **Token storage**: `~/.config/aidevops/` (600 permissions)
-- **Never commit**: API keys, tokens, passwords, secrets
-- **Branch protection**: Enable for `main` branch
-- **Signed commits**: Use GPG signing for verification
-- **2FA**: Enable on all Git platforms
-
-**Pre-commit check**:
-
-```bash
-git diff --cached | grep -iE "(api_key|token|password|secret)" && echo "WARNING: Possible secret!"
-```
-
-<!-- AI-CONTEXT-END -->
-
-## Authentication Security
-
-### Use CLI Authentication
-
-```bash
-# Stores tokens in system keyring (secure)
-gh auth login
-glab auth login
-tea login add
-```
-
-Avoid environment variables when possible - CLI auth is more secure.
-
-### Token Management
-
-```bash
-# Store tokens securely
-mkdir -p ~/.config/aidevops
-chmod 700 ~/.config/aidevops
-echo "GITHUB_TOKEN=xxx" >> ~/.config/aidevops/mcp-env.sh
-chmod 600 ~/.config/aidevops/mcp-env.sh
-```
-
-### Token Rotation
-
-- Rotate tokens every 6-12 months
-- Immediately rotate if exposed
-- Use short-lived tokens for CI/CD
-
-## Repository Security
-
-### Branch Protection
-
-Enable for `main` branch:
-
-```bash
-# Via GitHub CLI
-gh api repos/{owner}/{repo}/branches/main/protection -X PUT \
-  -f required_status_checks='{"strict":true,"contexts":[]}' \
-  -f enforce_admins=true \
-  -f required_pull_request_reviews='{"required_approving_review_count":1}'
-```
-
-Or via web UI:
-1. Settings → Branches → Add rule
-2. Branch name pattern: `main`
-3. Enable:
-   - Require pull request reviews
-   - Require status checks
-   - Require signed commits (optional)
-
-### Required Reviews
-
-- Require at least 1 approval before merge
-- Dismiss stale reviews on new commits
-- Require review from code owners
-
-### Status Checks
-
-- Require CI to pass before merge
-- Include security scanning
-- Include linting/tests
-
-## Commit Security
-
-### Signed Commits
-
-```bash
-# Generate GPG key
-gpg --full-generate-key
-
-# Get key ID
-gpg --list-secret-keys --keyid-format=long
-
-# Configure git
-git config --global user.signingkey YOUR_KEY_ID
-git config --global commit.gpgsign true
-
-# Sign commits
-git commit -S -m "Signed commit"
-```
-
-### Pre-commit Hooks
-
-Prevent accidental secret commits:
-
-```bash
-# .git/hooks/pre-commit
-#!/bin/bash
-if git diff --cached | grep -iE "(api_key|token|password|secret|private_key)" > /dev/null; then
-    echo "ERROR: Possible secret detected in commit!"
-    echo "Review your changes before committing."
-    exit 1
-fi
-```
-
-## Secret Detection
-
-### Tools
-
-- **secretlint**: `.agent/scripts/secretlint-helper.sh`
-- **git-secrets**: AWS secret detection
-- **trufflehog**: Historical secret scanning
-
-### Scanning
-
-```bash
-# Scan for secrets
-./.agent/scripts/secretlint-helper.sh scan
-
-# Scan git history
-trufflehog git file://. --only-verified
-```
-
-## Access Control
-
-### Team Permissions
-
-| Role | Permissions |
-|------|-------------|
-| Read | View code, issues |
-| Triage | Manage issues, no code push |
-| Write | Push to non-protected branches |
-| Maintain | Push to protected, manage settings |
-| Admin | Full access |
-
-### Principle of Least Privilege
-
-- Grant minimum necessary permissions
-- Review access quarterly
-- Remove inactive collaborators
-- Use teams for group permissions
-
-## Incident Response
-
-### If Token Exposed
-
-1. **Immediately revoke** the token
-2. Generate new token
-3. Update all systems using it
-4. Audit for unauthorized access
-5. Review how exposure happened
-
-### If Secrets Committed
-
-1. **Rotate the secret immediately**
-2. Remove from git history:
-
-   ```bash
-   git filter-branch --force --index-filter \
-     "git rm --cached --ignore-unmatch path/to/secret" \
-     --prune-empty --tag-name-filter cat -- --all
-   git push origin --force --all
-   ```
-
-3. Force-push to all remotes
-4. Notify affected parties
-
-## Related
-
-- **Token setup**: `git/authentication.md`
-- **CLI tools**: `tools/git.md`

package/.agent/tools/git.md

@@ -1,207 +0,0 @@
----
-description: Git platform tools for GitHub, GitLab, and Gitea
-mode: subagent
-tools:
-  read: true
-  write: false
-  edit: false
-  bash: true
-  glob: true
-  grep: true
-  webfetch: false
-  task: true
----
-
-# Git Tools
-
-<!-- AI-CONTEXT-START -->
-
-## Quick Reference
-
-- **Platforms**: GitHub, GitLab, Gitea
-- **CLIs**: `gh` (GitHub), `glab` (GitLab), `tea` (Gitea)
-- **Branching**: See `workflows/branch.md`
-
-| Platform | CLI | Install | Auth |
-|----------|-----|---------|------|
-| GitHub | `gh` | `brew install gh` | `gh auth login` |
-| GitLab | `glab` | `brew install glab` | `glab auth login` |
-| Gitea | `tea` | `brew install tea` | `tea login add` |
-
-**Subagents**:
-- `git/github-cli.md` - GitHub CLI details
-- `git/gitlab-cli.md` - GitLab CLI details
-- `git/gitea-cli.md` - Gitea CLI details
-- `git/github-actions.md` - CI/CD workflows
-- `git/authentication.md` - Token setup
-- `git/security.md` - Security practices
-- `git/opencode-github.md` - OpenCode GitHub App integration
-- `git/opencode-gitlab.md` - OpenCode GitLab CI integration
-
-<!-- AI-CONTEXT-END -->
-
-## Overview
-
-Use official CLI tools for each Git platform. They handle authentication securely via system keyring and are actively maintained.
-
-## Platform CLIs
-
-### GitHub (`gh`)
-
-The official GitHub CLI. See `git/github-cli.md` for details.
-
-```bash
-brew install gh
-gh auth login
-gh repo list
-gh pr create
-gh release create v1.0.0 --generate-notes
-```
-
-### GitLab (`glab`)
-
-The official GitLab CLI. See `git/gitlab-cli.md` for details.
-
-```bash
-brew install glab
-glab auth login
-glab repo list
-glab mr create
-glab release create v1.0.0
-```
-
-### Gitea (`tea`)
-
-The official Gitea CLI. See `git/gitea-cli.md` for details.
-
-```bash
-brew install tea
-tea login add
-tea repos list
-tea pulls create
-tea releases create v1.0.0
-```
-
-## Multi-Platform Setup
-
-For repositories mirrored across platforms:
-
-```bash
-# Add multiple remotes
-git remote add github git@github.com:user/repo.git
-git remote add gitlab git@gitlab.com:user/repo.git
-
-# Push to specific remote
-git push github main
-git push gitlab main
-
-# Or create combined remote
-git remote add all git@github.com:user/repo.git
-git remote set-url --add --push all git@github.com:user/repo.git
-git remote set-url --add --push all git@gitlab.com:user/repo.git
-git push all main
-```
-
-## Authentication
-
-**Recommended**: Use CLI authentication (stores in keyring)
-
-```bash
-gh auth login    # GitHub
-glab auth login  # GitLab
-tea login add    # Gitea
-```
-
-**For scripts** that need tokens:
-
-```bash
-export GITHUB_TOKEN=$(gh auth token)
-export GITLAB_TOKEN=$(glab auth token)
-```
-
-See `git/authentication.md` for detailed token setup.
-
-## Common Operations
-
-### Repository Management
-
-```bash
-# Create
-gh repo create my-repo --public
-glab repo create my-repo --public
-
-# Clone
-gh repo clone owner/repo
-glab repo clone owner/repo
-
-# Fork
-gh repo fork owner/repo
-```
-
-### Pull/Merge Requests
-
-```bash
-# Create PR/MR
-gh pr create --fill
-glab mr create --fill
-
-# List
-gh pr list
-glab mr list
-
-# Merge
-gh pr merge 123 --squash
-glab mr merge 123 --squash
-```
-
-### Releases
-
-```bash
-# Create with auto-generated notes
-gh release create v1.0.0 --generate-notes
-glab release create v1.0.0 --notes "Release notes"
-
-# List
-gh release list
-glab release list
-```
-
-## OpenCode Integration
-
-Enable AI-powered issue/PR automation directly from GitHub or GitLab.
-
-### GitHub
-
-```bash
-# Check setup status
-~/.aidevops/agents/scripts/opencode-github-setup-helper.sh check
-
-# Automated setup
-opencode github install
-```
-
-Then use `/oc` or `/opencode` in any issue/PR comment:
-- `/oc explain this issue`
-- `/oc fix this bug`
-- `/opencode review this PR`
-
-See `git/opencode-github.md` for full details.
-
-### GitLab
-
-Add OpenCode to your `.gitlab-ci.yml` and use `@opencode` in comments:
-- `@opencode explain this issue`
-- `@opencode fix this`
-
-See `git/opencode-gitlab.md` for full details.
-
-## Related
-
-- **Branching workflows**: `workflows/branch.md`
-- **Pull requests**: `workflows/pr.md`
-- **Version management**: `workflows/version-bump.md`
-- **Releases**: `workflows/release.md`
-- **CI/CD**: `git/github-actions.md`
-- **Security**: `git/security.md`
-- **OpenCode GitHub**: `git/opencode-github.md`
-- **OpenCode GitLab**: `git/opencode-gitlab.md`