awesome-slash 2.4.4 → 2.5.1

package/plugins/project-review/lib/schemas/validator.js

@@ -0,0 +1,247 @@
+/**
+ * JSON Schema Validator
+ * Validates plugin manifests against JSON Schema
+ *
+ * @module lib/schemas/validator
+ * @author Avi Fenesh
+ * @license MIT
+ */
+
+const fs = require('fs');
+const path = require('path');
+
+/**
+ * Simple JSON Schema validator (minimal implementation)
+ * For production use, consider using a library like ajv
+ */
+class SchemaValidator {
+  /**
+   * Load a JSON Schema from file
+   * @param {string} schemaPath - Path to schema file
+   * @returns {Object} Loaded schema
+   */
+  static loadSchema(schemaPath) {
+    const content = fs.readFileSync(schemaPath, 'utf8');
+    return JSON.parse(content);
+  }
+
+  /**
+   * Validate data against a schema
+   * @param {Object} data - Data to validate
+   * @param {Object} schema - JSON Schema
+   * @returns {{valid: boolean, errors: string[]}} Validation result
+   */
+  static validate(data, schema) {
+    const errors = [];
+
+    // Check type (handle arrays correctly and null separately)
+    if (schema.type) {
+      let actualType;
+      if (data === null) {
+        actualType = 'null';
+      } else if (Array.isArray(data)) {
+        actualType = 'array';
+      } else {
+        actualType = typeof data;
+      }
+
+      if (actualType !== schema.type) {
+        errors.push(`Expected type ${schema.type}, got ${actualType}`);
+        return { valid: false, errors };
+      }
+    }
+
+    // String validations (for primitive string values)
+    if (schema.type === 'string' && typeof data === 'string') {
+      if (schema.minLength && data.length < schema.minLength) {
+        errors.push(`String too short (min ${schema.minLength})`);
+      }
+      if (schema.maxLength && data.length > schema.maxLength) {
+        errors.push(`String too long (max ${schema.maxLength})`);
+      }
+      if (schema.pattern && !new RegExp(schema.pattern).test(data)) {
+        errors.push(`String does not match pattern ${schema.pattern}`);
+      }
+    }
+
+    // Array validations (for primitive array values)
+    if (schema.type === 'array' && Array.isArray(data)) {
+      if (schema.minItems && data.length < schema.minItems) {
+        errors.push(`Array too short (min ${schema.minItems})`);
+      }
+      if (schema.maxItems && data.length > schema.maxItems) {
+        errors.push(`Array too long (max ${schema.maxItems})`);
+      }
+      if (schema.uniqueItems) {
+        const seen = new Set();
+        for (const item of data) {
+          const key = JSON.stringify(item);
+          if (seen.has(key)) {
+            errors.push(`Array contains duplicate items`);
+            break;
+          }
+          seen.add(key);
+        }
+      }
+    }
+
+    // Check required properties
+    if (schema.required && Array.isArray(schema.required)) {
+      for (const required of schema.required) {
+        if (!(required in data)) {
+          errors.push(`Missing required property: ${required}`);
+        }
+      }
+    }
+
+    // Check properties (guard against null)
+    if (schema.properties && typeof data === 'object' && data !== null) {
+      for (const [key, propSchema] of Object.entries(schema.properties)) {
+        if (key in data) {
+          const propResult = this.validateProperty(data[key], propSchema, key);
+          errors.push(...propResult.errors);
+        }
+      }
+    }
+
+    // Check additional properties (guard against null, honor patternProperties)
+    if (schema.additionalProperties === false && typeof data === 'object' && data !== null) {
+      const allowedKeys = new Set(Object.keys(schema.properties || {}));
+
+      // Honor patternProperties - don't reject keys that match patterns
+      const patternProps = schema.patternProperties || {};
+      const patternRegexes = Object.keys(patternProps).map(p => new RegExp(p));
+
+      for (const key of Object.keys(data)) {
+        const matchesPattern = patternRegexes.some(regex => regex.test(key));
+        if (!allowedKeys.has(key) && !matchesPattern) {
+          errors.push(`Unexpected property: ${key}`);
+        }
+      }
+    }
+
+    return { valid: errors.length === 0, errors };
+  }
+
+  /**
+   * Validate a single property
+   * @param {*} value - Property value
+   * @param {Object} schema - Property schema
+   * @param {string} path - Property path for error messages
+   * @returns {{valid: boolean, errors: string[]}} Validation result
+   */
+  static validateProperty(value, schema, path) {
+    const errors = [];
+
+    // Type check
+    if (schema.type) {
+      const actualType = Array.isArray(value) ? 'array' : typeof value;
+      if (actualType !== schema.type) {
+        errors.push(`${path}: expected type ${schema.type}, got ${actualType}`);
+        return { valid: false, errors };
+      }
+    }
+
+    // String validations
+    if (schema.type === 'string' && typeof value === 'string') {
+      if (schema.minLength && value.length < schema.minLength) {
+        errors.push(`${path}: string too short (min ${schema.minLength})`);
+      }
+      if (schema.maxLength && value.length > schema.maxLength) {
+        errors.push(`${path}: string too long (max ${schema.maxLength})`);
+      }
+      if (schema.pattern && !new RegExp(schema.pattern).test(value)) {
+        errors.push(`${path}: does not match pattern ${schema.pattern}`);
+      }
+    }
+
+    // Array validations
+    if (schema.type === 'array' && Array.isArray(value)) {
+      if (schema.minItems && value.length < schema.minItems) {
+        errors.push(`${path}: array too short (min ${schema.minItems})`);
+      }
+      if (schema.maxItems && value.length > schema.maxItems) {
+        errors.push(`${path}: array too long (max ${schema.maxItems})`);
+      }
+      if (schema.uniqueItems) {
+        const seen = new Set();
+        for (const item of value) {
+          const key = JSON.stringify(item);
+          if (seen.has(key)) {
+            errors.push(`${path}: duplicate items not allowed`);
+            break;
+          }
+          seen.add(key);
+        }
+      }
+    }
+
+    // Object validations
+    if (schema.type === 'object' && typeof value === 'object' && value !== null) {
+      const result = this.validate(value, schema);
+      for (const error of result.errors) {
+        errors.push(`${path}.${error}`);
+      }
+    }
+
+    return { valid: errors.length === 0, errors };
+  }
+
+  /**
+   * Validate a plugin manifest
+   * @param {Object} manifest - Plugin manifest to validate
+   * @returns {{valid: boolean, errors: string[]}} Validation result
+   */
+  static validatePluginManifest(manifest) {
+    const schemaPath = path.join(__dirname, 'plugin-manifest.schema.json');
+    const schema = this.loadSchema(schemaPath);
+    return this.validate(manifest, schema);
+  }
+}
+
+/**
+ * Validate a plugin manifest file
+ * @param {string} manifestPath - Path to plugin.json
+ * @returns {{valid: boolean, errors: string[], manifest?: Object}} Validation result
+ */
+function validateManifestFile(manifestPath) {
+  try {
+    const content = fs.readFileSync(manifestPath, 'utf8');
+    const manifest = JSON.parse(content);
+    const result = SchemaValidator.validatePluginManifest(manifest);
+    return { ...result, manifest };
+  } catch (error) {
+    return {
+      valid: false,
+      errors: [`Failed to load manifest: ${error.message}`]
+    };
+  }
+}
+
+module.exports = {
+  SchemaValidator,
+  validateManifestFile
+};
+
+// CLI usage
+if (require.main === module) {
+  const manifestPath = process.argv[2] || '.claude-plugin/plugin.json';
+
+  console.log(`Validating: ${manifestPath}`);
+  const result = validateManifestFile(manifestPath);
+
+  if (result.valid) {
+    console.log('✓ Manifest is valid');
+    if (result.manifest) {
+      console.log(`  Plugin: ${result.manifest.name} v${result.manifest.version}`);
+      console.log(`  Author: ${result.manifest.author.name}`);
+    }
+    process.exit(0);
+  } else {
+    console.error('✗ Manifest is invalid:');
+    for (const error of result.errors) {
+      console.error(`  - ${error}`);
+    }
+    process.exit(1);
+  }
+}

package/plugins/project-review/lib/sources/custom-handler.js

@@ -0,0 +1,199 @@
+/**
+ * Custom Source Handler
+ * Handles follow-up questions and tool probing for custom sources
+ *
+ * @module lib/sources/custom-handler
+ */
+
+const { execFileSync } = require('child_process');
+const sourceCache = require('./source-cache');
+
+/**
+ * Validate tool name to prevent command injection
+ * Only allows alphanumeric, hyphens, and underscores
+ * @param {string} toolName - Tool name to validate
+ * @returns {boolean} True if valid
+ */
+function isValidToolName(toolName) {
+  return /^[a-zA-Z0-9_-]+$/.test(toolName);
+}
+
+/**
+ * Source types for custom selection
+ */
+const SOURCE_TYPES = {
+  MCP: 'mcp',
+  CLI: 'cli',
+  SKILL: 'skill',
+  FILE: 'file'
+};
+
+/**
+ * Build follow-up questions for custom source
+ * Returns AskUserQuestion-compatible structure
+ * @returns {Object} Questions object for AskUserQuestion tool
+ */
+function getCustomTypeQuestion() {
+  return {
+    header: 'Source Type',
+    question: 'What type of source is this?',
+    options: [
+      { label: 'CLI Tool', description: 'Command-line tool (e.g., tea, glab, jira-cli)' },
+      { label: 'MCP Server', description: 'Model Context Protocol server' },
+      { label: 'Skill/Plugin', description: 'Claude Code skill or plugin' },
+      { label: 'File Path', description: 'Local file with tasks (markdown, JSON, etc.)' }
+    ],
+    multiSelect: false
+  };
+}
+
+/**
+ * Build name/path question based on type
+ * @param {string} type - Source type (mcp, cli, skill, file)
+ * @returns {Object} Questions object for AskUserQuestion tool
+ */
+function getCustomNameQuestion(type) {
+  const prompts = {
+    cli: { header: 'CLI Tool', question: 'What is the CLI tool name?', hint: 'e.g., tea, glab, jira' },
+    mcp: { header: 'MCP Server', question: 'What is the MCP server name?', hint: 'e.g., gitea-mcp, linear-mcp' },
+    skill: { header: 'Skill Name', question: 'What is the skill name?', hint: 'e.g., linear:list-issues' },
+    file: { header: 'File Path', question: 'What is the file path?', hint: 'e.g., ./backlog.md, /docs/tasks.json' }
+  };
+  return prompts[type] || prompts.cli;
+}
+
+/**
+ * Map user's type selection to internal type
+ * @param {string} selection - User's selection label
+ * @returns {string} Internal type (mcp, cli, skill, file)
+ */
+function mapTypeSelection(selection) {
+  const map = {
+    'CLI Tool': SOURCE_TYPES.CLI,
+    'MCP Server': SOURCE_TYPES.MCP,
+    'Skill/Plugin': SOURCE_TYPES.SKILL,
+    'File Path': SOURCE_TYPES.FILE
+  };
+  return map[selection] || SOURCE_TYPES.CLI;
+}
+
+/**
+ * Probe CLI tool for available commands
+ * @param {string} toolName - CLI tool name
+ * @returns {Object} Discovered capabilities
+ */
+function probeCLI(toolName) {
+  const capabilities = {
+    type: 'cli',
+    tool: toolName,
+    available: false,
+    features: [],
+    commands: {}
+  };
+
+  // Validate tool name to prevent command injection
+  if (!isValidToolName(toolName)) {
+    console.error(`Invalid tool name: ${toolName}`);
+    return capabilities;
+  }
+
+  try {
+    // Check if tool exists using execFileSync (prevents command injection)
+    execFileSync(toolName, ['--version'], { encoding: 'utf8', stdio: 'pipe' });
+    capabilities.available = true;
+  } catch {
+    return capabilities;
+  }
+
+  // Known CLI patterns
+  const knownPatterns = {
+    tea: {
+      features: ['issues', 'prs', 'reviews'],
+      commands: {
+        list_issues: 'tea issues list',
+        get_issue: 'tea issues view {id}',
+        create_pr: 'tea pulls create --title {title} --base {base} --head {head}',
+        list_prs: 'tea pulls list',
+        get_pr: 'tea pr {id}'
+      }
+    },
+    glab: {
+      features: ['issues', 'prs', 'ci'],
+      commands: {
+        list_issues: 'glab issue list',
+        get_issue: 'glab issue view {id}',
+        create_pr: 'glab mr create --title {title} --target-branch {base} --source-branch {head}',
+        list_prs: 'glab mr list',
+        get_pr: 'glab mr view {id}',
+        ci_status: 'glab ci status'
+      }
+    },
+    gh: {
+      features: ['issues', 'prs', 'ci'],
+      commands: {
+        list_issues: 'gh issue list',
+        get_issue: 'gh issue view {id}',
+        create_pr: 'gh pr create --title {title} --base {base} --head {head}',
+        list_prs: 'gh pr list',
+        get_pr: 'gh pr view {id}',
+        ci_status: 'gh pr checks {id}'
+      }
+    }
+  };
+
+  // Use known pattern if available
+  if (knownPatterns[toolName]) {
+    capabilities.features = knownPatterns[toolName].features;
+    capabilities.commands = knownPatterns[toolName].commands;
+    capabilities.pattern = 'known';
+  } else {
+    // Unknown tool - try to discover via help
+    capabilities.pattern = 'discovered';
+    capabilities.features = ['unknown'];
+    capabilities.commands = {
+      help: `${toolName} --help`
+    };
+  }
+
+  return capabilities;
+}
+
+/**
+ * Build complete custom source config and cache it
+ * @param {string} type - Source type
+ * @param {string} name - Tool name or path
+ * @returns {Object} Complete source configuration
+ */
+function buildCustomConfig(type, name) {
+  const config = {
+    source: 'custom',
+    type: type,
+    tool: name
+  };
+
+  // Probe capabilities for CLI tools
+  if (type === SOURCE_TYPES.CLI) {
+    const capabilities = probeCLI(name);
+    config.capabilities = capabilities;
+
+    // Cache capabilities for fast access
+    if (capabilities.available) {
+      sourceCache.saveToolCapabilities(name, capabilities);
+    }
+  }
+
+  // Save preference
+  sourceCache.savePreference(config);
+
+  return config;
+}
+
+module.exports = {
+  SOURCE_TYPES,
+  getCustomTypeQuestion,
+  getCustomNameQuestion,
+  mapTypeSelection,
+  probeCLI,
+  buildCustomConfig,
+  isValidToolName
+};

package/plugins/project-review/lib/sources/policy-questions.js

@@ -0,0 +1,239 @@
+/**
+ * Policy Questions Builder
+ * Builds AskUserQuestion-ready structure with cache awareness
+ *
+ * @module lib/sources/policy-questions
+ */
+
+const sourceCache = require('./source-cache');
+const customHandler = require('./custom-handler');
+
+/**
+ * Source label mapping for proper casing
+ */
+const SOURCE_LABELS = {
+  github: 'GitHub',
+  gitlab: 'GitLab',
+  local: 'Local',
+  custom: 'Custom',
+  other: 'Other'
+};
+
+/**
+ * Get policy questions with cache-aware options
+ * Call this once - returns full question structure ready for AskUserQuestion
+ *
+ * @returns {Object} { questions: [...], cachedPreference: {...}|null }
+ */
+function getPolicyQuestions() {
+  const cached = sourceCache.getPreference();
+
+  // Build source options
+  const sourceOptions = [];
+
+  // If cached, add as first option
+  if (cached) {
+    const cachedLabel = cached.source === 'custom'
+      ? `${cached.tool} (${cached.type})`
+      : SOURCE_LABELS[cached.source] || (cached.source.charAt(0).toUpperCase() + cached.source.slice(1));
+
+    sourceOptions.push({
+      label: `${cachedLabel} (last used)`,
+      description: 'Use your previous choice'
+    });
+  }
+
+  // Standard options
+  sourceOptions.push(
+    { label: 'GitHub Issues', description: 'Use gh CLI to list issues' },
+    { label: 'GitLab Issues', description: 'Use glab CLI to list issues' },
+    { label: 'Local tasks.md', description: 'Read from PLAN.md, tasks.md, or TODO.md' },
+    { label: 'Custom', description: 'Specify your tool: CLI, MCP, Skill, or file path' },
+    { label: 'Other', description: 'Describe your source - agent figures it out' }
+  );
+
+  return {
+    questions: [
+      {
+        header: 'Source',
+        question: 'Where should I look for tasks?',
+        options: sourceOptions,
+        multiSelect: false
+      },
+      {
+        header: 'Priority',
+        question: 'What type of tasks to prioritize?',
+        options: [
+          { label: 'All', description: 'Consider all tasks, pick by score' },
+          { label: 'Bugs', description: 'Focus on bug fixes' },
+          { label: 'Security', description: 'Security issues first' },
+          { label: 'Features', description: 'New feature development' }
+        ],
+        multiSelect: false
+      },
+      {
+        header: 'Stop Point',
+        question: 'How far should I take this task?',
+        options: [
+          { label: 'Merged', description: 'Until PR is merged to main' },
+          { label: 'PR Created', description: 'Stop after creating PR' },
+          { label: 'Implemented', description: 'Stop after local implementation' },
+          { label: 'Deployed', description: 'Deploy to staging' },
+          { label: 'Production', description: 'Full production deployment' }
+        ],
+        multiSelect: false
+      }
+    ],
+    cachedPreference: cached
+  };
+}
+
+/**
+ * Get custom source follow-up questions
+ * Call after user selects "Custom"
+ *
+ * @returns {Object} Question structure for custom type selection
+ */
+function getCustomTypeQuestions() {
+  return {
+    questions: [customHandler.getCustomTypeQuestion()]
+  };
+}
+
+/**
+ * Get custom name question based on type
+ * @param {string} type - cli, mcp, skill, or file
+ * @returns {Object} Question structure for tool/path name
+ */
+function getCustomNameQuestion(type) {
+  const q = customHandler.getCustomNameQuestion(type);
+  return {
+    questions: [{
+      header: q.header,
+      question: q.question,
+      options: [], // Free text input via "Other"
+      multiSelect: false
+    }]
+  };
+}
+
+/**
+ * Parse policy responses and build policy object
+ * Also handles caching
+ *
+ * @param {Object} responses - User's answers
+ * @param {string} responses.source - Source selection
+ * @param {string} responses.priority - Priority selection
+ * @param {string} responses.stopPoint - Stop point selection
+ * @param {Object} [responses.custom] - Custom source details (if applicable)
+ * @returns {Object} Policy object ready for workflow state
+ */
+function parseAndCachePolicy(responses) {
+  const policy = {
+    taskSource: mapSource(responses.source, responses.custom),
+    priorityFilter: mapPriority(responses.priority),
+    stoppingPoint: mapStopPoint(responses.stopPoint)
+  };
+
+  // Cache source preference (unless "other" which is ad-hoc)
+  if (policy.taskSource.source !== 'other') {
+    sourceCache.savePreference(policy.taskSource);
+  }
+
+  return policy;
+}
+
+/**
+ * Map source selection to policy value
+ */
+function mapSource(selection, customDetails) {
+  // Check if user selected cached option
+  if (selection.includes('(last used)')) {
+    return sourceCache.getPreference();
+  }
+
+  const sourceMap = {
+    'GitHub Issues': { source: 'github' },
+    'GitLab Issues': { source: 'gitlab' },
+    'Local tasks.md': { source: 'local' },
+    'Custom': null, // Handled separately
+    'Other': null   // Handled separately
+  };
+
+  if (selection === 'Custom' && customDetails) {
+    // Normalize type label to internal value (e.g., "CLI Tool" -> "cli")
+    const normalizedType = customHandler.mapTypeSelection(customDetails.type);
+    const config = customHandler.buildCustomConfig(normalizedType, customDetails.name);
+    return config;
+  }
+
+  if (selection === 'Other') {
+    return { source: 'other', description: customDetails?.description || '' };
+  }
+
+  return sourceMap[selection] || { source: 'github' };
+}
+
+/**
+ * Map priority selection to policy value
+ */
+function mapPriority(selection) {
+  const map = {
+    'All': 'all',
+    'Bugs': 'bugs',
+    'Security': 'security',
+    'Features': 'features'
+  };
+  return map[selection] || 'all';
+}
+
+/**
+ * Map stop point selection to policy value
+ */
+function mapStopPoint(selection) {
+  const map = {
+    'Merged': 'merged',
+    'PR Created': 'pr-created',
+    'Implemented': 'implemented',
+    'Deployed': 'deployed',
+    'Production': 'production'
+  };
+  return map[selection] || 'merged';
+}
+
+/**
+ * Check if user selected cached preference
+ * @param {string} selection - User's source selection
+ * @returns {boolean}
+ */
+function isUsingCached(selection) {
+  return selection.includes('(last used)');
+}
+
+/**
+ * Check if custom follow-up is needed
+ * @param {string} selection - User's source selection
+ * @returns {boolean}
+ */
+function needsCustomFollowUp(selection) {
+  return selection === 'Custom';
+}
+
+/**
+ * Check if "other" description is needed
+ * @param {string} selection - User's source selection
+ * @returns {boolean}
+ */
+function needsOtherDescription(selection) {
+  return selection === 'Other';
+}
+
+module.exports = {
+  getPolicyQuestions,
+  getCustomTypeQuestions,
+  getCustomNameQuestion,
+  parseAndCachePolicy,
+  isUsingCached,
+  needsCustomFollowUp,
+  needsOtherDescription
+};