npm - antigravity-ai-kit - Versions diffs - 2.1.0 → 3.0.1 - Mend

antigravity-ai-kit 2.1.0 → 3.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (114) hide show

package/.agent/README.md +4 -4
package/.agent/agents/README.md +16 -12
package/.agent/agents/architect.md +1 -0
package/.agent/agents/backend-specialist.md +11 -0
package/.agent/agents/code-reviewer.md +1 -0
package/.agent/agents/database-architect.md +11 -0
package/.agent/agents/devops-engineer.md +11 -0
package/.agent/agents/e2e-runner.md +1 -0
package/.agent/agents/explorer-agent.md +11 -0
package/.agent/agents/frontend-specialist.md +11 -0
package/.agent/agents/mobile-developer.md +11 -0
package/.agent/agents/performance-optimizer.md +11 -0
package/.agent/agents/planner.md +1 -0
package/.agent/agents/refactor-cleaner.md +1 -0
package/.agent/agents/reliability-engineer.md +11 -0
package/.agent/agents/security-reviewer.md +1 -0
package/.agent/agents/sprint-orchestrator.md +10 -0
package/.agent/agents/tdd-guide.md +1 -0
package/.agent/commands/code-review.md +1 -0
package/.agent/commands/debug.md +1 -0
package/.agent/commands/deploy.md +1 -0
package/.agent/commands/help.md +252 -31
package/.agent/commands/plan.md +1 -0
package/.agent/commands/status.md +1 -0
package/.agent/commands/tdd.md +1 -0
package/.agent/contexts/brainstorm.md +26 -0
package/.agent/contexts/debug.md +28 -0
package/.agent/contexts/implement.md +29 -0
package/.agent/contexts/review.md +27 -0
package/.agent/contexts/ship.md +28 -0
package/.agent/engine/identity.json +13 -0
package/.agent/engine/loading-rules.json +23 -1
package/.agent/engine/marketplace-index.json +29 -0
package/.agent/engine/reliability-config.json +14 -0
package/.agent/engine/sdlc-map.json +44 -0
package/.agent/engine/workflow-state.json +28 -2
package/.agent/hooks/hooks.json +27 -25
package/.agent/manifest.json +12 -4
package/.agent/rules.md +2 -1
package/.agent/skills/README.md +10 -5
package/.agent/skills/i18n-localization/SKILL.md +191 -0
package/.agent/skills/mcp-integration/SKILL.md +224 -0
package/.agent/skills/parallel-agents/SKILL.md +1 -1
package/.agent/skills/shell-conventions/SKILL.md +92 -0
package/.agent/skills/ui-ux-pro-max/SKILL.md +557 -0
package/.agent/skills/ui-ux-pro-max/data/charts.csv +26 -0
package/.agent/skills/ui-ux-pro-max/data/colors.csv +97 -0
package/.agent/skills/ui-ux-pro-max/data/icons.csv +101 -0
package/.agent/skills/ui-ux-pro-max/data/landing.csv +31 -0
package/.agent/skills/ui-ux-pro-max/data/products.csv +97 -0
package/.agent/skills/ui-ux-pro-max/data/react-performance.csv +45 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/astro.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/flutter.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/html-tailwind.csv +56 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/jetpack-compose.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nextjs.csv +53 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxt-ui.csv +51 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/nuxtjs.csv +59 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/react-native.csv +52 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/react.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/shadcn.csv +61 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/svelte.csv +54 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/swiftui.csv +51 -0
package/.agent/skills/ui-ux-pro-max/data/stacks/vue.csv +50 -0
package/.agent/skills/ui-ux-pro-max/data/styles.csv +68 -0
package/.agent/skills/ui-ux-pro-max/data/typography.csv +58 -0
package/.agent/skills/ui-ux-pro-max/data/ui-reasoning.csv +101 -0
package/.agent/skills/ui-ux-pro-max/data/ux-guidelines.csv +100 -0
package/.agent/skills/ui-ux-pro-max/data/web-interface.csv +31 -0
package/.agent/skills/ui-ux-pro-max/scripts/core.py +253 -0
package/.agent/skills/ui-ux-pro-max/scripts/design_system.py +1067 -0
package/.agent/skills/ui-ux-pro-max/scripts/search.py +114 -0
package/.agent/templates/adr-template.md +32 -0
package/.agent/templates/bug-report.md +37 -0
package/.agent/templates/feature-request.md +32 -0
package/.agent/workflows/README.md +92 -78
package/.agent/workflows/brainstorm.md +154 -100
package/.agent/workflows/create.md +142 -75
package/.agent/workflows/debug.md +157 -98
package/.agent/workflows/deploy.md +195 -144
package/.agent/workflows/enhance.md +157 -65
package/.agent/workflows/orchestrate.md +171 -114
package/.agent/workflows/plan.md +147 -72
package/.agent/workflows/preview.md +140 -83
package/.agent/workflows/quality-gate.md +196 -0
package/.agent/workflows/retrospective.md +197 -0
package/.agent/workflows/review.md +188 -0
package/.agent/workflows/status.md +142 -91
package/.agent/workflows/test.md +168 -95
package/.agent/workflows/ui-ux-pro-max.md +181 -127
package/README.md +215 -78
package/bin/ag-kit.js +344 -10
package/lib/agent-registry.js +214 -0
package/lib/agent-reputation.js +351 -0
package/lib/cli-commands.js +235 -0
package/lib/conflict-detector.js +245 -0
package/lib/engineering-manager.js +354 -0
package/lib/error-budget.js +294 -0
package/lib/hook-system.js +252 -0
package/lib/identity.js +245 -0
package/lib/loading-engine.js +208 -0
package/lib/marketplace.js +298 -0
package/lib/plugin-system.js +604 -0
package/lib/security-scanner.js +309 -0
package/lib/self-healing.js +434 -0
package/lib/session-manager.js +261 -0
package/lib/skill-sandbox.js +244 -0
package/lib/task-governance.js +523 -0
package/lib/task-model.js +317 -0
package/lib/updater.js +201 -0
package/lib/verify.js +240 -0
package/lib/workflow-engine.js +353 -0
package/lib/workflow-persistence.js +160 -0
package/package.json +7 -3

package/lib/skill-sandbox.js ADDED Viewed

@@ -0,0 +1,244 @@
+/**
+ * Antigravity AI Kit — Skill Sandboxing
+ *
+ * Enforces allowed-tools declarations from skill SKILL.md frontmatter.
+ * Validates that skills only reference tools within their permission set.
+ *
+ * @module lib/skill-sandbox
+ * @author Emre Dursun
+ * @since v3.0.0
+ */
+'use strict';
+const fs = require('fs');
+const path = require('path');
+const AGENT_DIR = '.agent';
+const SKILLS_DIR = 'skills';
+/** Valid permission levels (ordered from least to most privileged) */
+const PERMISSION_LEVELS = ['read-only', 'read-write', 'execute', 'network'];
+/** Tool patterns that indicate permission level requirements */
+const TOOL_PERMISSION_MAP = {
+  'network': [
+    /\bfetch\b/i, /\bhttp\b/i, /\bapi\b/i, /\bcurl\b/i, /\brequest\b/i,
+    /\bwebhook\b/i, /\bsocket\b/i, /\bdownload\b/i, /\bupload\b/i,
+  ],
+  'execute': [
+    /\bexec\b/i, /\bspawn\b/i, /\bchild_process\b/i, /\bshell\b/i,
+    /\brun_command\b/i, /\bterminal\b/i, /\bscript\b/i,
+  ],
+  'read-write': [
+    /\bwrite\b/i, /\bcreate\b/i, /\bdelete\b/i, /\bmodify\b/i,
+    /\bedit\b/i, /\bsave\b/i, /\bremove\b/i, /\bupdate\b/i,
+  ],
+};
+/**
+ * @typedef {object} SkillPermissions
+ * @property {string} skillName - Name of the skill
+ * @property {string[]} allowedTools - Declared allowed tools
+ * @property {string} permissionLevel - Highest permission level
+ * @property {boolean} hasFrontmatter - Whether frontmatter was found
+ */
+/**
+ * @typedef {object} SandboxViolation
+ * @property {string} skillName - Skill that violated
+ * @property {string} violation - Description of violation
+ * @property {'critical' | 'high' | 'medium' | 'low'} severity - Violation severity
+ * @property {string} file - File where violation was found
+ * @property {number} [line] - Line number (if applicable)
+ */
+/**
+ * Extracts permissions from a SKILL.md frontmatter.
+ *
+ * @param {string} content - Raw SKILL.md content
+ * @returns {{ allowedTools: string[], permissionLevel: string }}
+ */
+function extractPermissionsFromFrontmatter(content) {
+  const frontmatterMatch = content.match(/^---\n([\s\S]*?)\n---/);
+  if (!frontmatterMatch) {
+    return { allowedTools: [], permissionLevel: 'read-only' };
+  }
+  const frontmatter = frontmatterMatch[1];
+  /** @type {string[]} */
+  const allowedTools = [];
+  let permissionLevel = 'read-only';
+  // Parse allowed-tools from frontmatter
+  const toolsMatch = frontmatter.match(/allowed-tools:\s*\[(.*?)\]/);
+  if (toolsMatch) {
+    const toolsList = toolsMatch[1].split(',').map((t) => t.trim().replace(/['"]/g, '')).filter(Boolean);
+    allowedTools.push(...toolsList);
+  }
+  // Parse permission-level from frontmatter
+  const permMatch = frontmatter.match(/permission-level:\s*(\S+)/);
+  if (permMatch && PERMISSION_LEVELS.includes(permMatch[1])) {
+    permissionLevel = permMatch[1];
+  }
+  return { allowedTools, permissionLevel };
+}
+/**
+ * Gets the permissions declared by a specific skill.
+ *
+ * @param {string} skillName - Name of the skill
+ * @param {string} projectRoot - Root directory of the project
+ * @returns {SkillPermissions}
+ */
+function getSkillPermissions(skillName, projectRoot) {
+  const skillPath = path.join(projectRoot, AGENT_DIR, SKILLS_DIR, skillName, 'SKILL.md');
+  if (!fs.existsSync(skillPath)) {
+    return {
+      skillName,
+      allowedTools: [],
+      permissionLevel: 'read-only',
+      hasFrontmatter: false,
+    };
+  }
+  const content = fs.readFileSync(skillPath, 'utf-8');
+  const { allowedTools, permissionLevel } = extractPermissionsFromFrontmatter(content);
+  const hasFrontmatter = content.startsWith('---');
+  return { skillName, allowedTools, permissionLevel, hasFrontmatter };
+}
+/**
+ * Scans a skill's content for tool usage that exceeds its declared permissions.
+ *
+ * @param {string} skillName - Name of the skill
+ * @param {string} projectRoot - Root directory of the project
+ * @returns {SandboxViolation[]}
+ */
+function validateSkillPermissions(skillName, projectRoot) {
+  const permissions = getSkillPermissions(skillName, projectRoot);
+  const skillDir = path.join(projectRoot, AGENT_DIR, SKILLS_DIR, skillName);
+  /** @type {SandboxViolation[]} */
+  const violations = [];
+  if (!fs.existsSync(skillDir)) {
+    violations.push({
+      skillName,
+      violation: `Skill directory not found: ${skillName}`,
+      severity: 'critical',
+      file: skillDir,
+    });
+    return violations;
+  }
+  // Get the permission level index for comparison
+  const declaredLevelIndex = PERMISSION_LEVELS.indexOf(permissions.permissionLevel);
+  // Scan all files in the skill directory
+  const files = scanSkillFiles(skillDir);
+  for (const file of files) {
+    const content = fs.readFileSync(file, 'utf-8');
+    const lines = content.split('\n');
+    for (let lineIndex = 0; lineIndex < lines.length; lineIndex++) {
+      const line = lines[lineIndex];
+      // Check each permission level higher than declared
+      for (const [level, patterns] of Object.entries(TOOL_PERMISSION_MAP)) {
+        const levelIndex = PERMISSION_LEVELS.indexOf(level);
+        if (levelIndex > declaredLevelIndex) {
+          for (const pattern of patterns) {
+            if (pattern.test(line)) {
+              violations.push({
+                skillName,
+                violation: `Uses ${level}-level tool pattern "${pattern.source}" but declared permission is "${permissions.permissionLevel}"`,
+                severity: levelIndex - declaredLevelIndex >= 2 ? 'critical' : 'high',
+                file: path.relative(projectRoot, file),
+                line: lineIndex + 1,
+              });
+            }
+          }
+        }
+      }
+    }
+  }
+  return violations;
+}
+/**
+ * Recursively scans a skill directory for readable files.
+ *
+ * @param {string} dirPath - Directory to scan
+ * @returns {string[]} Array of file paths
+ */
+function scanSkillFiles(dirPath) {
+  /** @type {string[]} */
+  const files = [];
+  if (!fs.existsSync(dirPath)) {
+    return files;
+  }
+  const entries = fs.readdirSync(dirPath, { withFileTypes: true });
+  for (const entry of entries) {
+    const fullPath = path.join(dirPath, entry.name);
+    if (entry.isDirectory()) {
+      files.push(...scanSkillFiles(fullPath));
+    } else if (entry.isFile() && (entry.name.endsWith('.md') || entry.name.endsWith('.json') || entry.name.endsWith('.js'))) {
+      files.push(fullPath);
+    }
+  }
+  return files;
+}
+/**
+ * Enforces allowed-tools compliance across all skills.
+ *
+ * @param {string} projectRoot - Root directory of the project
+ * @returns {{ total: number, compliant: number, violations: SandboxViolation[] }}
+ */
+function enforceAllowedTools(projectRoot) {
+  const skillsDir = path.join(projectRoot, AGENT_DIR, SKILLS_DIR);
+  if (!fs.existsSync(skillsDir)) {
+    return { total: 0, compliant: 0, violations: [] };
+  }
+  const skillDirs = fs.readdirSync(skillsDir, { withFileTypes: true })
+    .filter((d) => d.isDirectory())
+    .map((d) => d.name);
+  /** @type {SandboxViolation[]} */
+  const allViolations = [];
+  for (const skillName of skillDirs) {
+    const violations = validateSkillPermissions(skillName, projectRoot);
+    allViolations.push(...violations);
+  }
+  const violatedSkills = new Set(allViolations.map((v) => v.skillName));
+  return {
+    total: skillDirs.length,
+    compliant: skillDirs.length - violatedSkills.size,
+    violations: allViolations,
+  };
+}
+module.exports = {
+  getSkillPermissions,
+  validateSkillPermissions,
+  enforceAllowedTools,
+  extractPermissionsFromFrontmatter,
+};