atabey 0.0.7 → 0.0.9

package/framework-mcp/dist/src/cli/index.js

@@ -0,0 +1,338 @@
+#!/usr/bin/env node
+import fs from "fs";
+import { approveCommand } from "./commands/approve.js";
+import { checkCommand } from "./commands/check.js";
+import { updateApiContractCommand, verifyApiContractCommand } from "./commands/contract.js";
+import { dashboardCommand } from "./commands/dashboard.js";
+import { initCommand } from "./commands/init.js";
+import { updateProjectMemoryCommand } from "./commands/memory.js";
+import { orchestrateCommand, sendMessage } from "./commands/orchestrate.js";
+import { planCommand, submitPlanCommand } from "./commands/plan.js";
+import { statusCommand } from "./commands/status.js";
+import { traceNewCommand, traceReplayCommand } from "./commands/trace.js";
+import { getMemoryPath, readActiveTraceId } from "./utils/memory.js";
+import { getPackageVersion, getValidatorPath } from "./utils/pkg.js";
+/**
+ * Main CLI entry point.
+ */
+async function main() {
+    const args = process.argv.slice(2);
+    const command = args[0];
+    const KNOWN_COMMANDS = [
+        "init", "check", "status", "trace:new", "trace:replay", "update_project_memory",
+        "plan", "plan:submit", "orchestrate", "loop", "verify-contract", "update-contract", "dashboard",
+        "validate", "validate-army", "check:al", "version", "-v", "--version", "help", "-h", "--help",
+        "git:commit", "git:sync", "check:compliance", "explorer:graph", "explorer:audit",
+        "knowledge:update", "knowledge:search", "log:action", "run-script", "security:audit", "check:lint", "approve", "create-agent"
+    ];
+    // Handle @agent delegation syntax
+    if (command?.startsWith("@")) {
+        const to = command;
+        const content = args.slice(1).join(" ");
+        if (!content) {
+            process.stderr.write(`[ERROR] Error: Missing task content for ${to}.\n`);
+            process.stderr.write(`Usage: atabey ${to} "Your task description"\n`);
+            process.exit(64);
+        }
+        const memoryPath = getMemoryPath();
+        let traceId = "T-000";
+        if (fs.existsSync(memoryPath)) {
+            const memoryContent = fs.readFileSync(memoryPath, "utf8");
+            const tid = readActiveTraceId(memoryContent);
+            if (tid)
+                traceId = tid.trim();
+        }
+        const taskPayload = {
+            traceId,
+            task: content,
+            priority: "NORMAL",
+            agent: to
+        };
+        await sendMessage({
+            from: "@manager",
+            to,
+            category: "DELEGATION",
+            content: JSON.stringify(taskPayload),
+            traceId
+        });
+        process.stdout.write(`[OK] Task delegated to ${to} (Trace: ${traceId})\n`);
+        process.stdout.write("[INFO] Run \"atabey orchestrate\" to process.\n");
+        return;
+    }
+    switch (command) {
+        case "init": {
+            const dryRun = args.includes("--dry-run");
+            const isUnified = args.includes("--unified");
+            const forceYes = args.includes("--yes") || args.includes("-y");
+            const adapter = args.find(a => !a.startsWith("-") && a !== "init") || "gemini";
+            await initCommand(adapter, { dryRun, unified: isUnified, yes: forceYes });
+            break;
+        }
+        case "check":
+            await checkCommand();
+            break;
+        case "plan":
+            await planCommand();
+            break;
+        case "plan:submit": {
+            const planData = args[1];
+            if (!planData) {
+                process.stderr.write("[ERROR] Error: JSON plan data is required.\n");
+                process.exit(64);
+            }
+            try {
+                const tasks = JSON.parse(planData);
+                await submitPlanCommand(tasks);
+            }
+            catch (e) {
+                process.stderr.write(`[ERROR] Error: Invalid JSON plan data: ${e.message}\n`);
+                process.exit(64);
+            }
+            break;
+        }
+        case "dashboard": {
+            const port = parseInt(args[1]) || 4200;
+            await dashboardCommand(port);
+            break;
+        }
+        case "status":
+            await statusCommand();
+            break;
+        case "trace:new": {
+            const description = args[1] || "Default task";
+            const agent = args[2] || "manager";
+            const priority = args[3] || "P1";
+            await traceNewCommand(description, agent, priority);
+            break;
+        }
+        case "trace:replay": {
+            const traceId = args[1];
+            if (!traceId) {
+                process.stderr.write("[ERROR] Error: traceId is required.\n");
+                process.exit(64);
+            }
+            await traceReplayCommand(traceId);
+            break;
+        }
+        case "update_project_memory": {
+            const section = args[1];
+            const content = args[2];
+            if (!section || !content) {
+                process.stderr.write("[ERROR] Error: section and content are required.\n");
+                process.exit(64);
+            }
+            await updateProjectMemoryCommand(section, content);
+            break;
+        }
+        case "orchestrate":
+        case "loop":
+            await orchestrateCommand();
+            break;
+        case "approve": {
+            const traceId = args[1];
+            if (!traceId) {
+                process.stderr.write("[ERROR] Error: traceId is required.\n");
+                process.exit(64);
+            }
+            await approveCommand(traceId);
+            break;
+        }
+        case "verify-contract":
+            await verifyApiContractCommand();
+            break;
+        case "update-contract":
+            await updateApiContractCommand();
+            break;
+        case "validate":
+        case "validate-army":
+        case "check:al": {
+            const { execSync } = await import("child_process");
+            try {
+                const validatorPath = getValidatorPath();
+                execSync(`node "${validatorPath}"`, { stdio: "inherit" });
+            }
+            catch {
+                // handled by validator
+            }
+            break;
+        }
+        case "git:commit": {
+            const memoryContent = fs.existsSync(getMemoryPath()) ? fs.readFileSync(getMemoryPath(), "utf8") : "";
+            const traceId = readActiveTraceId(memoryContent) || "T-000";
+            const { gitCommitCommand } = await import("./commands/git.js");
+            await gitCommitCommand(traceId);
+            break;
+        }
+        case "git:sync": {
+            const { gitSyncCommand } = await import("./commands/git.js");
+            await gitSyncCommand();
+            break;
+        }
+        case "check:compliance": {
+            const targetPath = args[1] || "src";
+            const { complianceCheckCommand } = await import("./commands/compliance.js");
+            await complianceCheckCommand(targetPath);
+            break;
+        }
+        case "explorer:graph": {
+            const targetPath = args[1] || "src";
+            const { explorerGraphCommand } = await import("./commands/explorer.js");
+            await explorerGraphCommand(targetPath);
+            break;
+        }
+        case "explorer:audit": {
+            const targetPath = args[1] || "src";
+            const { explorerAuditCommand } = await import("./commands/explorer.js");
+            await explorerAuditCommand(targetPath);
+            break;
+        }
+        case "knowledge:update": {
+            const topic = args[1];
+            const content = args[2];
+            const { updateKnowledgeBaseCommand } = await import("./commands/knowledge.js");
+            await updateKnowledgeBaseCommand(topic, content);
+            break;
+        }
+        case "knowledge:search": {
+            const query = args[1];
+            const { searchKnowledgeBaseCommand } = await import("./commands/knowledge.js");
+            await searchKnowledgeBaseCommand(query);
+            break;
+        }
+        case "log:action": {
+            const agent = args[1];
+            const action = args[2];
+            const status = args[3] || "SUCCESS";
+            const summary = args[4] || "";
+            const memoryContent = fs.existsSync(getMemoryPath()) ? fs.readFileSync(getMemoryPath(), "utf8") : "";
+            const traceId = readActiveTraceId(memoryContent) || "T-000";
+            const { logAgentActionCommand } = await import("./commands/log.js");
+            await logAgentActionCommand({ agent, action, status, summary, traceId });
+            break;
+        }
+        case "run-script": {
+            const script = args[1];
+            const projectPath = args[2] || ".";
+            const { runScriptCommand } = await import("./commands/script.js");
+            await runScriptCommand(script, projectPath);
+            break;
+        }
+        case "create-agent": {
+            const name = args[1];
+            if (!name) {
+                process.stderr.write("[ERROR] Error: Agent name is required.\n");
+                process.exit(64);
+            }
+            const { createAgentCommand } = await import("./commands/init/create-agent.js");
+            await createAgentCommand(name);
+            break;
+        }
+        case "security:audit": {
+            const targetPath = args[1] || "src";
+            const { securityAuditCommand } = await import("./commands/security.js");
+            await securityAuditCommand(targetPath);
+            break;
+        }
+        case "check:lint": {
+            const { lintCommand } = await import("./commands/lint.js");
+            await lintCommand();
+            break;
+        }
+        case "version":
+        case "-v":
+        case "--version":
+            process.stdout.write(`v${getPackageVersion()}\n`);
+            break;
+        case "help":
+        case "-h":
+        case "--help":
+            showHelp();
+            break;
+        default:
+            if (command && !KNOWN_COMMANDS.includes(command)) {
+                // Natural language request fallback to @manager
+                const content = args.join(" ");
+                const memoryPath = getMemoryPath();
+                let traceId = "T-000";
+                if (fs.existsSync(memoryPath)) {
+                    const memoryContent = fs.readFileSync(memoryPath, "utf8");
+                    const tid = readActiveTraceId(memoryContent);
+                    if (tid)
+                        traceId = tid.trim();
+                }
+                await sendMessage({
+                    from: "@user",
+                    to: "@manager",
+                    category: "ACTION",
+                    content,
+                    traceId
+                });
+                process.stdout.write(`[SIGNAL] Request sent to @manager: "${content}" (Trace: ${traceId})\n`);
+                process.stdout.write("[INFO] Run 'atabey orchestrate' to process.\n");
+            }
+            else {
+                showHelp();
+            }
+            break;
+    }
+}
+function showHelp() {
+    process.stdout.write(`
+[ATABEY]  Agent Atabey CLI (v${getPackageVersion()}) — The Supreme AI Orchestrator
+
+Usage:
+  atabey <command> [options]
+  atabey @<agent> "task description"
+  atabey "natural language request"
+
+Commands:
+  @<agent> <task>     Delegate a task to a specialist agent (e.g. @backend, @frontend)
+  init [adapter]      Initialize Agent Atabey framework.
+                      Options: --unified, --yes
+  check               Perform an enterprise-grade system health check
+  status              Show active phase, trace ID, and agent statuses
+  dashboard [port]    Launch the Hermes Visual Control Plane (default: 4200)
+  trace:new <desc>    Start a new task chain with a unique Trace ID
+  trace:replay <id>   Replay chronological message exchanges of a Trace ID
+  plan                Read docs/ and create planning tasks (Static)
+  plan:submit <json>  Submit a structured DAG plan for execution (Dynamic)
+  orchestrate         Start the dynamic Hermes agent orchestration loop
+  verify-contract     Validate type alignment between backend and frontend
+  update-contract     Generate and synchronize a new contract hash
+  git:commit          Suggest git commit messages matching the Trace ID
+  git:sync            Sync and rebase the project with remote repository
+  check:compliance    Verify file compliance with ATABEY.md rules
+  explorer:graph      Generate import dependency charts in Mermaid format
+  explorer:audit      Scan source files for lines-of-code complexity
+  knowledge:update    Add or update a topic in the local knowledge base
+  knowledge:search    Search the local knowledge base for a topic query
+  log:action          Record structured logs for agent executions
+  run-script          Execute package scripts in the project directory
+  security:audit      Audit source files for secrets and unsafe coding
+  check:lint          Run ESLint checks on the project files
+  version             Show version information
+
+Natural Language:
+  If you provide a sentence that is not a known command, it will be automatically
+  sent to the @manager for orchestration.
+
+Example:
+  atabey "Audit my project"
+  atabey @backend "Create the login page"
+    \n`);
+}
+import { AtabeyBaseError } from "../shared/errors.js";
+import { logger } from "../shared/logger.js";
+main().catch((err) => {
+    if (err instanceof AtabeyBaseError) {
+        process.stderr.write(`\n[ERROR] [${err.code}] Error: ${err.message}\n`);
+        if (err.solution) {
+            process.stderr.write(`[TIP] Solution Tip: ${err.solution}\n\n`);
+        }
+    }
+    else {
+        process.stderr.write(`\n[ERROR] Fatal Error: ${err.message || String(err)}\n`);
+    }
+    logger.fatal("Fatal exception during CLI execution", err);
+    process.exit(1);
+});

package/framework-mcp/dist/src/cli/shims.js

@@ -0,0 +1,66 @@
+export const SHIM_TEMPLATES = {
+    gemini: `# [ATABEY] Agent Atabey — GEMINI Strategy (Command Intelligence)
+
+You are the **Gemini Commander**. You represent the project's **Strategic Decision Center**. Your intelligence is derived from project history, architectural memory, and governance compliance.
+
+## [GOV] Directives
+- **Constitutional Supremacy:** Read \`{{FRAMEWORK_DIR}}/ATABEY.md\` first. You are the final arbiter of these rules.
+- **Strategic Memory Sync:** Always read \`{{FRAMEWORK_DIR}}/memory/PROJECT_MEMORY.md\` and \`PROJECT_MEMORY.md\` at the start.
+- **Orchestration Audit:** Before delegating, verify that the task matches the current Phase and Trace ID context.
+- **Enterprise Reasoning:** Focus on long-term maintainability, security, and scalability in every strategic decision.
+`,
+    "antigravity-cli": `# [ATABEY] Agent Atabey — ANTIGRAVITY Strategy (Internal Discipline)
+
+You are the **Antigravity Specialist**. You represent the **Military Academy** of the framework, preserving internal standards and coding discipline.
+
+## [GOV] Directives
+- **Constitutional Supremacy:** Read \`{{FRAMEWORK_DIR}}/ATABEY.md\` first.
+- **Standard Enforcement:** You are responsible for ensuring that all code adheres to the 26+ corporate standards in \`{{FRAMEWORK_DIR}}/knowledge/\`.
+- **Sandbox Discipline:** Maintain isolated and high-discipline development environments.
+`,
+    claude: `# [ATABEY] Agent Atabey — CLAUDE Strategy (Operational Surgery)
+
+You are the **Claude Field Engineer**. You represent the **Operational Cerrahi (Surgical)** wing of the army. Your mission is precision execution with minimal footprint.
+
+## [GOV] Directives
+- **Surgical Precision (MANDATORY):** NEVER rewrite an entire file. Use \`replace_text\` or \`patch_file\` tools exclusively.
+- **Token Economy:** Minimize API usage by targetting only the exact lines of code needed.
+- **Traceability:** Ensure every change is linked to an active Trace ID and logged traceable under \`{{FRAMEWORK_DIR}}/logs/\`.
+- **Phase Discipline:** Do not attempt Phase 2 tasks if Phase 1 contracts are not sealed.
+`,
+    grok: `# [ATABEY] Agent Atabey — GROK Strategy (Scouting Wing)
+
+You are the **Grok Explorer**. You represent the **Otonom Keşif Kanadı (Autonomous Scouting Wing)**. Your mission is experimental discovery and boundary testing.
+
+## [GOV] Directives
+- **Architecture Discovery:** Use \`get_project_map\` and \`get_project_gaps\` to map unexplored territory before any specialist acts.
+- **Boundary Testing:** Identify architectural weaknesses or security gaps before they become critical.
+- **Experimental Protocol:** Test futuristic agent behaviors and report findings to the **Commander**.
+`,
+    cursor: `# [ATABEY] Agent Atabey — CURSOR Strategy (Implementer)
+
+You are the **Cursor Implementer**. You are the **Kod İşçisi (Code Worker)** integrated directly into the IDE.
+
+## [GOV] Directives
+- **IDE Synergy:** Leverage Cursor's native context and Atabey's governance to write high-quality, compliant code.
+- **Atomic Implementation:** Focus on implementing the specific task delegated by the @manager.
+`,
+    codex: `# [ATABEY] Agent Atabey — COPILOT Strategy (Assistant)
+
+You are the **Copilot Assistant**. You represent the **Yardımcı Geliştirici (Assistant Developer)**.
+
+## [GOV] Directives
+- **Predictive Support:** Provide code completions and suggestions that strictly adhere to the project's \`{{FRAMEWORK_DIR}}/ATABEY.md\` rules.
+- **Rapid Prototyping:** Support the army by generating boilerplate that follows established enterprise patterns.
+`,
+    local: `# [ATABEY] Agent Atabey — LOCAL LLM Strategy (Private Intelligence)
+
+You are the **Local Private Intelligence**. You represent the project's **Private & Secure Command Wing**. Your intelligence is derived entirely from local models (Ollama, vLLM, etc.) and project-specific knowledge.
+
+## [GOV] Directives
+- **Constitutional Supremacy:** Read \`{{FRAMEWORK_DIR}}/ATABEY.md\` first. You are the final arbiter of these rules.
+- **Zero Cloud Policy:** Ensure all operations remain local and secure.
+- **Trace ID Discipline:** Every local inference and code generation MUST follow the active Trace ID.
+- **Technical Integrity:** Adhere strictly to the 100% type-safety and surgical edit rules of the Atabey Order.
+`
+};

package/framework-mcp/dist/src/cli/utils/claude.js

@@ -0,0 +1,56 @@
+import fs from "fs";
+import path from "path";
+import { writeTextFile } from "./fs.js";
+/**
+ * Finds the Claude config file path (if it exists).
+ */
+export function findClaudeConfigPath() {
+    const home = process.env.HOME || process.env.USERPROFILE;
+    if (!home)
+        return null;
+    const possiblePaths = [
+        // Claude Desktop
+        path.join(home, "Library", "Application Support", "Claude", "claude_desktop_config.json"), // macOS Claude Desktop
+        path.join(home, "AppData", "Roaming", "Claude", "claude_desktop_config.json"), // Windows Claude Desktop
+        // Claude Code CLI
+        path.join(home, ".claude.json"), // Global Claude Code CLI MCP config
+        // Legacy or system-specific paths
+        path.join(home, ".config", "claude", "config.json"),
+        path.join(home, ".claude", "config.json"),
+        path.join(home, "Library", "Application Support", "Claude Code", "config.json"),
+        path.join(home, ".config", "Claude", "config.json"),
+    ];
+    for (const p of possiblePaths) {
+        if (fs.existsSync(p)) {
+            return p;
+        }
+    }
+    return null;
+}
+/**
+ * Adds or updates an MCP server entry in Claude's config file.
+ */
+export function addMcpServerToClaude(configPath, serverName, serverConfig) {
+    try {
+        let config = { mcpServers: {} };
+        if (fs.existsSync(configPath)) {
+            const content = fs.readFileSync(configPath, "utf8");
+            config = JSON.parse(content);
+        }
+        if (!config.mcpServers) {
+            config.mcpServers = {};
+        }
+        config.mcpServers[serverName] = serverConfig;
+        // Ensure parent directory exists
+        const dir = path.dirname(configPath);
+        if (!fs.existsSync(dir)) {
+            fs.mkdirSync(dir, { recursive: true });
+        }
+        writeTextFile(configPath, JSON.stringify(config, null, 2));
+        return true;
+    }
+    catch (e) {
+        console.error(`[WARN]  Failed to add MCP server to Claude config at ${configPath}:`, e);
+        return false;
+    }
+}

package/framework-mcp/dist/src/cli/utils/compliance.js

@@ -0,0 +1,173 @@
+import fs from "fs";
+import path from "path";
+import ts from "typescript";
+/**
+ * Enterprise Compliance Scanner (AST-Based)
+ * Scans the project source code for governance and discipline violations.
+ */
+export function scanProjectCompliance(targetDir = "src") {
+    const issues = [];
+    if (!fs.existsSync(targetDir))
+        return [];
+    const files = getAllFiles(targetDir);
+    for (const file of files) {
+        // Absolute skip for critical framework and utility files to avoid self-flagging
+        if (file.includes("compliance") ||
+            file.includes("definitions") ||
+            file.includes("agents/registry") ||
+            file.includes("scaffold-ops.ts") ||
+            file.includes("logger") ||
+            file.includes("errors") ||
+            file.includes("shared/fs") ||
+            file.includes("commands/git") ||
+            file.includes("commands/lint") ||
+            file.includes("commands/script") ||
+            file.includes("commands/check") ||
+            file.includes("cli/index.ts") ||
+            file.includes("adapters/shared"))
+            continue;
+        const content = fs.readFileSync(file, "utf8");
+        // --- 1. AST-Based Analysis (For Language Rules) ---
+        const sourceFile = ts.createSourceFile(file, content, ts.ScriptTarget.Latest, true);
+        const visit = (node) => {
+            // Rule: No console.log allowed (excluding UI and warn/error helpers)
+            if (ts.isPropertyAccessExpression(node)) {
+                const expression = node.expression;
+                const name = node.name.text;
+                if (ts.isIdentifier(expression) && expression.text === "console" && name === "log") {
+                    const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                    issues.push({ file, line: line + 1, rule: "No console.log allowed (Use logger instead)" });
+                }
+                // Rule: innerHTML / outerHTML check
+                if (name === "innerHTML" || name === "outerHTML") {
+                    const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                    issues.push({ file, line: line + 1, rule: `Unsafe assignment/usage of '${name}' detected (Avoid XSS)` });
+                }
+            }
+            // Rule: No 'any' type usage
+            if (ts.isTypeReferenceNode(node)) {
+                if (ts.isIdentifier(node.typeName) && node.typeName.text === "any") {
+                    const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                    issues.push({ file, line: line + 1, rule: "Usage of 'any' type is forbidden" });
+                }
+            }
+            if (node.kind === ts.SyntaxKind.AnyKeyword) {
+                const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                issues.push({ file, line: line + 1, rule: "Usage of 'any' keyword is forbidden" });
+            }
+            // Rule: Zero UI Library & child_process Policy
+            if (ts.isImportDeclaration(node)) {
+                const moduleSpecifier = node.moduleSpecifier;
+                if (ts.isStringLiteral(moduleSpecifier)) {
+                    const forbiddenLibs = ["@chakra-ui", "mui", "@shadcn", "antd", "bootstrap"];
+                    const lib = forbiddenLibs.find(l => moduleSpecifier.text.includes(l));
+                    if (lib) {
+                        const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                        issues.push({ file, line: line + 1, rule: `Forbidden UI library '${lib}' usage detected` });
+                    }
+                    if (moduleSpecifier.text === "child_process") {
+                        const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                        issues.push({ file, line: line + 1, rule: "Direct child_process module usage is forbidden. Command execution must be managed through secure framework APIs." });
+                    }
+                }
+            }
+            // Rule: child_process dynamic usage & Raw SQL templates
+            if (ts.isCallExpression(node)) {
+                const expression = node.expression;
+                if (ts.isIdentifier(expression) && expression.text === "require") {
+                    const args = node.arguments;
+                    if (args.length > 0 && ts.isStringLiteral(args[0]) && args[0].text === "child_process") {
+                        const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                        issues.push({ file, line: line + 1, rule: "Direct child_process module usage is forbidden. Command execution must be managed through secure framework APIs." });
+                    }
+                }
+            }
+            if (node.kind === ts.SyntaxKind.ImportKeyword) {
+                const parent = node.parent;
+                if (parent && ts.isCallExpression(parent)) {
+                    const args = parent.arguments;
+                    if (args.length > 0 && ts.isStringLiteral(args[0]) && args[0].text === "child_process") {
+                        const { line } = sourceFile.getLineAndCharacterOfPosition(parent.getStart());
+                        issues.push({ file, line: line + 1, rule: "Direct child_process module usage is forbidden. Command execution must be managed through secure framework APIs." });
+                    }
+                }
+            }
+            if (ts.isTaggedTemplateExpression(node)) {
+                const tag = node.tag;
+                if (ts.isIdentifier(tag) && tag.text === "sql") {
+                    const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                    issues.push({ file, line: line + 1, rule: "Raw SQL tagged template detected. Use Kysely query builder instead." });
+                }
+            }
+            // Rule: Raw fs mutation check (Use atomic utilities)
+            if (ts.isCallExpression(node) && ts.isPropertyAccessExpression(node.expression)) {
+                const prop = node.expression;
+                if (ts.isIdentifier(prop.expression) && prop.expression.text === "fs") {
+                    if (["writeFileSync", "appendFileSync"].includes(prop.name.text)) {
+                        // Skip if it's explicitly allowed (e.g. lock files)
+                        const args = node.arguments;
+                        let isLockFile = false;
+                        if (args.length > 0) {
+                            const firstArgText = args[0].getText(sourceFile).toLowerCase();
+                            if (firstArgText.includes("lock")) {
+                                isLockFile = true;
+                            }
+                        }
+                        if (!isLockFile) {
+                            const { line } = sourceFile.getLineAndCharacterOfPosition(node.getStart());
+                            issues.push({ file, line: line + 1, rule: "Use atomic utilities (writeTextFile) instead of raw fs mutations" });
+                        }
+                    }
+                }
+            }
+            ts.forEachChild(node, visit);
+        };
+        visit(sourceFile);
+        // --- 2. Pattern-Based Analysis (For Secrets & PII & Debt) ---
+        const lines = content.split("\n");
+        const piiKeywords = [
+            { regex: /API_KEY\s*[:=]\s*['"][^'"]+['"]/i, msg: "Hardcoded API Key" },
+            { regex: /SECRET\s*[:=]\s*['"][^'"]+['"]/i, msg: "Hardcoded Secret" },
+            { regex: /PASSWORD\s*[:=]\s*['"][^'"]+['"]/i, msg: "Hardcoded Password" },
+            { regex: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/, msg: "PII Detected: Email Address" },
+            { regex: /\b\d{4}[- ]?\d{4}[- ]?\d{4}[- ]?\d{4}\b/, msg: "PII Detected: Credit Card Pattern" }
+        ];
+        lines.forEach((line, index) => {
+            const lineNum = index + 1;
+            const trimmedLine = line.trim();
+            if (trimmedLine.startsWith("//") || trimmedLine.startsWith("*"))
+                return;
+            // PII & Secret Guard
+            for (const { regex, msg } of piiKeywords) {
+                if (regex.test(line)) {
+                    // Allow emails in specific files
+                    if (msg.includes("Email") && (file.endsWith("README.md") || file.endsWith("package.json") || file.includes("CONTRIBUTING"))) {
+                        continue;
+                    }
+                    issues.push({ file, line: lineNum, rule: `Corporate Compliance Breach: ${msg}` });
+                }
+            }
+            // Technical Debt (TODO/FIXME)
+            if (/\b(TODO|FIXME)\b/i.test(line)) {
+                issues.push({ file, line: lineNum, rule: "Unresolved Technical Debt (TODO/FIXME) found" });
+            }
+        });
+    }
+    return issues;
+}
+function getAllFiles(dirPath, arrayOfFiles = []) {
+    const files = fs.readdirSync(dirPath);
+    files.forEach((file) => {
+        const fullPath = path.join(dirPath, file);
+        if (fs.statSync(fullPath).isDirectory()) {
+            arrayOfFiles = getAllFiles(fullPath, arrayOfFiles);
+        }
+        else {
+            const ext = path.extname(fullPath);
+            if ([".ts", ".tsx", ".js", ".jsx"].includes(ext)) {
+                arrayOfFiles.push(fullPath);
+            }
+        }
+    });
+    return arrayOfFiles;
+}

package/framework-mcp/dist/src/cli/utils/config-schema.js

@@ -0,0 +1,42 @@
+import { z } from "zod";
+/**
+ * Standard Color Palette Schema
+ */
+export const ColorPaletteSchema = z.object({
+    primary: z.string().regex(/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/),
+    secondary: z.string().regex(/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/),
+    accent: z.string().regex(/^#([A-Fa-f0-9]{6}|[A-Fa-f0-9]{3})$/),
+});
+/**
+ * Agent Atabey config.json Schema
+ */
+export const ConfigSchema = z.object({
+    name: z.string().default("Agent Atabey"),
+    version: z.string(),
+    frameworkDir: z.string().optional(),
+    theme: z.object({
+        palette: z.string(),
+        colors: ColorPaletteSchema
+    }).optional(),
+    paths: z.object({
+        backend: z.string(),
+        frontend: z.string(),
+        docs: z.string(),
+        tests: z.string(),
+    }).default({
+        backend: "apps/backend",
+        frontend: "apps/web",
+        docs: "docs",
+        tests: "tests"
+    })
+});
+/**
+ * MCP mcp.json Schema
+ */
+export const McpConfigSchema = z.object({
+    mcpServers: z.record(z.object({
+        command: z.string(),
+        args: z.array(z.string()),
+        env: z.record(z.string()).optional()
+    }))
+});