avorelo 0.1.0

package/scripts/lib/orchestration/provider-discovery/opencode.js

@@ -0,0 +1,47 @@
+"use strict";
+
+const path = require("path");
+const { inferModelRecord } = require("../model-profiler");
+const { buildBaseToolRecord, envPresence, pathExists, safeReadJsonFile, findFirstModelValue } = require("./common");
+
+function discover(cwd, context = {}) {
+  const env = context.env || process.env;
+  const exists = context.commandExists;
+  const configJson = safeReadJsonFile(path.join(cwd, ".opencode", "config.json"));
+  const activeModel = env.OPENCODE_MODEL || findFirstModelValue(configJson) || null;
+  const installStatus = exists("opencode", env) || envPresence(env, "OPENCODE_MODEL") || pathExists(path.join(cwd, ".opencode")) ? "configured" : "not_installed";
+  const availability = installStatus === "configured" ? "configured" : "unavailable";
+  const models = activeModel ? [
+    inferModelRecord({
+      toolId: "opencode",
+      providerId: env.OPENCODE_PROVIDER || "opencode",
+      modelId: activeModel,
+      availability: "configured",
+      source: env.OPENCODE_MODEL ? "env" : (configJson ? "config" : "inferred"),
+      trustTier: "external",
+      privacyTier: "external_remote",
+      confidence: "low",
+    }),
+  ] : [];
+  return buildBaseToolRecord({
+    toolId: "opencode",
+    label: "OpenCode",
+    providerId: env.OPENCODE_PROVIDER || "opencode",
+    installStatus,
+    availability,
+    activeModel,
+    configuredModelSource: env.OPENCODE_MODEL ? "env:OPENCODE_MODEL" : (configJson ? ".opencode/config.json" : null),
+    models,
+    supportedRoles: ["planning", "implementation", "docs", "tests", "ui", "cli"],
+    costTier: "medium",
+    qualityTier: "high",
+    trustTier: "external",
+    privacyTier: "external_remote",
+    latencyTier: "medium",
+    details: {
+      opencodeProvider: env.OPENCODE_PROVIDER || null,
+    },
+  });
+}
+
+module.exports = { discover };

package/scripts/lib/orchestration/provider-discovery/openrouter.js

@@ -0,0 +1,44 @@
+"use strict";
+
+const { inferModelRecord } = require("../model-profiler");
+const { buildBaseToolRecord, envPresence } = require("./common");
+
+function discover(cwd, context = {}) {
+  const env = context.env || process.env;
+  const activeModel = env.OPENROUTER_MODEL || null;
+  const installStatus = envPresence(env, "OPENROUTER_API_KEY") ? "configured" : "not_installed";
+  const availability = installStatus === "configured" ? "configured" : "unavailable";
+  const models = activeModel ? [
+    inferModelRecord({
+      toolId: "openrouter_api",
+      providerId: "openrouter",
+      modelId: activeModel,
+      availability: "configured",
+      source: env.OPENROUTER_MODEL ? "env" : "inferred",
+      trustTier: "external",
+      privacyTier: "external_remote",
+      confidence: "low",
+    }),
+  ] : [];
+  return buildBaseToolRecord({
+    toolId: "openrouter_api",
+    label: "OpenRouter",
+    providerId: "openrouter",
+    installStatus,
+    availability,
+    activeModel,
+    configuredModelSource: env.OPENROUTER_MODEL ? "env:OPENROUTER_MODEL" : null,
+    models,
+    supportedRoles: ["planning", "docs", "tests", "implementation"],
+    costTier: "low",
+    qualityTier: "medium",
+    trustTier: "external",
+    privacyTier: "external_remote",
+    latencyTier: "medium",
+    details: {
+      openRouterApiKeyPresent: installStatus === "configured",
+    },
+  });
+}
+
+module.exports = { discover };

package/scripts/lib/orchestration/risk-classifier.js

@@ -0,0 +1,130 @@
+"use strict";
+
+const HIGH_RISK_KEYWORDS = [
+  "security",
+  "auth",
+  "authentication",
+  "authorization",
+  "secret",
+  "secrets",
+  "token",
+  "tokens",
+  "key",
+  "keys",
+  "credential",
+  "credentials",
+  "permission",
+  "permissions",
+  "policy",
+  "policies",
+  "mcp",
+  "browser automation",
+  "runtime enforcement",
+  "payment",
+  "billing",
+  "deploy",
+  "deployment",
+  "ci/cd",
+  "destructive",
+  "customer data",
+  "user data",
+  "exfiltration",
+];
+
+const LOW_RISK_KEYWORDS = [
+  "docs",
+  "documentation",
+  "readme",
+  "copy",
+  "typo",
+  "format",
+  "tests only",
+  "test only",
+  "ui text",
+  "status text",
+];
+
+function includesAny(text, patterns) {
+  const value = String(text || "").toLowerCase();
+  return patterns.some((pattern) => value.includes(pattern));
+}
+
+function detectTaskType(taskText, filePaths = []) {
+  const text = String(taskText || "").toLowerCase();
+  const files = (filePaths || []).join(" ").toLowerCase();
+  if (includesAny(text, ["docs", "documentation", "readme"]) || /\.(md|mdx|txt)$/i.test(files)) return "docs";
+  if (includesAny(text, ["test", "coverage"])) return "tests";
+  if (includesAny(text, ["ui", "ux", "page", "screen", "css", "copy"]) || /(panel|landing|component|tsx|jsx|css|scss)/i.test(files)) return "ui";
+  if (includesAny(text, ["cli", "command", "terminal"])) return "cli";
+  if (includesAny(text, ["refactor", "rename", "cleanup"])) return "refactor";
+  if (includesAny(text, ["security", "auth", "permission", "token", "secret"])) return "security";
+  if (includesAny(text, ["infra", "terraform", "docker", "environment"])) return "infra";
+  if (includesAny(text, ["build", "compile", "bundle"])) return "build";
+  if (includesAny(text, ["deploy", "release", "ship"])) return "deploy";
+  if (includesAny(text, ["dependency", "package", "upgrade", "version bump"])) return "dependency";
+  if (text.trim()) return "implementation";
+  return "unknown";
+}
+
+function detectSensitivity(taskText, filePaths = []) {
+  const text = `${String(taskText || "")} ${(filePaths || []).join(" ")}`.toLowerCase();
+  if (includesAny(text, ["customer data", "customer", "pii", "personal data"])) return "customer_data_risk";
+  if (includesAny(text, ["secret", "token", "credential", "key"])) return "secret_risk";
+  if (includesAny(text, ["security", "auth", "permission", "policy", "mcp"])) return "security_sensitive";
+  if (includesAny(text, ["config", ".env", "private"])) return "repo_sensitive";
+  return "public_or_low";
+}
+
+function classifyRisk(taskType, taskText, filePaths = []) {
+  const text = `${String(taskText || "")} ${(filePaths || []).join(" ")}`.toLowerCase();
+  if (includesAny(text, HIGH_RISK_KEYWORDS)) return "high";
+  if (taskType === "security" || taskType === "deploy") return "high";
+  if (includesAny(text, LOW_RISK_KEYWORDS)) return "low";
+  const fileList = (filePaths || []).map((entry) => String(entry || "").toLowerCase());
+  const onlyTestsOrDocs = fileList.length > 0 && fileList.every((entry) => {
+    return /(^tests?\/|\.test\.|\.spec\.|\.md$|readme|docs\/)/i.test(entry);
+  });
+  if (taskType === "tests" && onlyTestsOrDocs) return "low";
+  if (taskType === "docs") return "low";
+  if (taskType === "refactor" && fileList.some((entry) => /(auth|security|payment|billing)/i.test(entry))) return "high";
+  return "medium";
+}
+
+function summarizeSignals(taskText, taskType, risk, sensitivity, filePaths) {
+  const signals = [];
+  signals.push(`task:${taskType}`);
+  signals.push(`risk:${risk}`);
+  signals.push(`sensitivity:${sensitivity}`);
+  if (includesAny(taskText, HIGH_RISK_KEYWORDS)) signals.push("keyword:high-risk");
+  if (includesAny(taskText, LOW_RISK_KEYWORDS)) signals.push("keyword:low-risk");
+  (filePaths || []).forEach((filePath) => {
+    if (/(auth|security|secret|token|billing|deploy|permission)/i.test(filePath)) signals.push(`file:${filePath}`);
+  });
+  return [...new Set(signals)];
+}
+
+function classifyTask(taskText, options = {}) {
+  const filePaths = []
+    .concat(options.changedFiles || [])
+    .concat(options.selectedFiles || [])
+    .filter(Boolean);
+  const taskType = detectTaskType(taskText, filePaths);
+  const sensitivity = detectSensitivity(taskText, filePaths);
+  const risk = classifyRisk(taskType, taskText, filePaths);
+  return {
+    taskType,
+    risk,
+    sensitivity,
+    changedFiles: filePaths,
+    signals: summarizeSignals(taskText, taskType, risk, sensitivity, filePaths),
+  };
+}
+
+module.exports = {
+  HIGH_RISK_KEYWORDS,
+  LOW_RISK_KEYWORDS,
+  detectTaskType,
+  detectSensitivity,
+  classifyRisk,
+  classifyTask,
+};