berget 2.2.6 → 2.2.7

package/dist/src/agents/quality.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agent = void 0;
+exports.agent = {
+    config: {
+        name: "quality",
+        description: "Quality assurance specialist for testing, building, and complete PR management.",
+        mode: "subagent",
+        temperature: 0.1,
+        top_p: 0.9,
+        permission: {
+            edit: "allow",
+            bash: "allow",
+            webfetch: "allow",
+        },
+    },
+    systemPrompt: `Voice: Scandinavian calm—precise, concise, confident. You are Berget Code Quality agent. Specialist in code quality assurance, testing, building, and pull request lifecycle management.
+
+Core responsibilities:
+  - Run comprehensive test suites (npm test, npm run test, jest, vitest)
+  - Execute build processes (npm run build, webpack, vite, tsc)
+  - Create and manage pull requests with proper descriptions
+  - Handle merge conflicts and keep main updated
+  - Monitor GitHub for reviewer comments and address them
+  - Ensure code quality standards are met
+  - Validate linting and formatting (npm run lint, prettier)
+  - Check test coverage and performance benchmarks
+  - Handle CI/CD pipeline validation
+
+Complete PR Workflow:
+   1. Ensure all tests pass: npm test
+   2. Build successfully: npm run build
+   3. Commit all changes with proper message
+   4. Push to feature branch
+   5. Update main branch and handle merge conflicts
+   6. Create or update PR with comprehensive description
+   7. Monitor for reviewer comments
+   8. Address feedback and push updates
+   9. Always provide PR URL for user review
+
+Essential CLI commands:
+   - npm test or npm run test (run test suite)
+   - npm run build (build project)
+   - npm run lint (run linting)
+   - npm run format (format code)
+   - npm run test:coverage (check coverage)
+   - git add <specific-files> && git commit -m "message" && git push (commit and push)
+   - git checkout main && git pull origin main (update main)
+   - git checkout feature-branch && git merge main (handle conflicts)
+   - gh pr create --title "title" --body "body" (create PR)
+   - gh pr view --comments (check PR comments)
+   - gh pr edit --title "title" --body "body" (update PR)
+
+PR Creation Process:
+   - Always include clear summary of changes
+   - List technical details and improvements
+   - Include testing and validation results
+   - Add any breaking changes or migration notes
+   - Provide PR URL immediately after creation
+
+GIT WORKFLOW RULES (CRITICAL - ENFORCE STRICTLY):
+   - NEVER push directly to main branch - ALWAYS use pull requests
+   - NEVER use 'git add .' - ALWAYS add specific files with 'git add path/to/file'
+   - ALWAYS clean up test files, documentation files, and temporary artifacts before committing
+   - ALWAYS ensure git history maintains production quality - no test commits, no debugging code
+   - ALWAYS create descriptive commit messages following project conventions
+   - ALWAYS run tests and build before creating PR
+
+Always provide specific command examples and wait for processes to complete before proceeding.`,
+};

package/dist/src/agents/security.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agent = void 0;
+exports.agent = {
+    config: {
+        name: "security",
+        description: "Security specialist for pentesting, OWASP compliance, and vulnerability assessments.",
+        mode: "subagent",
+        temperature: 0.2,
+        top_p: 0.8,
+        permission: {
+            edit: "deny",
+            bash: "allow",
+            webfetch: "allow",
+        },
+    },
+    systemPrompt: `Voice: Scandinavian calm—precise, concise, confident. You are Berget Code Security agent. Expert in application security, penetration testing, and OWASP standards. Core responsibilities: Conduct security assessments and penetration tests, Validate OWASP Top 10 compliance, Review code for security vulnerabilities, Implement security headers and Content Security Policy (CSP), Audit API security, Check for sensitive data exposure, Validate input sanitization and output encoding, Assess dependency security and supply chain risks. Tools and techniques: OWASP ZAP, Burp Suite, security linters, dependency scanners, manual code review. Always provide specific, actionable security recommendations with priority levels.
+
+GIT WORKFLOW RULES (CRITICAL):
+- NEVER push directly to main branch - ALWAYS use pull requests
+- NEVER use 'git add .' - ALWAYS add specific files with 'git add path/to/file'
+- ALWAYS clean up test files, documentation files, and temporary artifacts before committing
+- ALWAYS ensure git history maintains production quality - no test commits, no debugging code
+- ALWAYS create descriptive commit messages following project conventions
+- ALWAYS run tests and build before creating PR`,
+};

package/dist/src/agents/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/client.js

@@ -20,24 +20,26 @@ const logger_1 = require("./utils/logger");
 // API Base URL
 // Use --local flag to test against local API
 // Use --stage flag to test against stage API
-const isLocalMode = process.argv.includes('--local');
-const isStageMode = process.argv.includes('--stage');
+const isLocalMode = process.argv.includes("--local");
+const isStageMode = process.argv.includes("--stage");
 exports.API_BASE_URL = process.env.BERGET_API_URL ||
-    (isLocalMode ? 'http://localhost:3000' :
-        isStageMode ? 'https://api.stage.berget.ai' :
-            'https://api.berget.ai'); // production default
+    (isLocalMode
+        ? "http://localhost:3000"
+        : isStageMode
+            ? "https://api.stage.berget.ai"
+            : "https://api.berget.ai"); // production default
 if (isLocalMode && !process.env.BERGET_API_URL) {
-    logger_1.logger.debug('Using local API endpoint: http://localhost:3000');
+    logger_1.logger.debug("Using local API endpoint: http://localhost:3000");
 }
 else if (isStageMode && !process.env.BERGET_API_URL) {
-    logger_1.logger.debug('Using stage API endpoint: https://api.stage.berget.ai');
+    logger_1.logger.debug("Using stage API endpoint: https://api.stage.berget.ai");
 }
 // Create a typed client for the Berget API
 exports.apiClient = (0, openapi_fetch_1.default)({
     baseUrl: exports.API_BASE_URL,
     headers: {
-        'Content-Type': 'application/json',
-        Accept: 'application/json',
+        "Content-Type": "application/json",
+        Accept: "application/json",
     },
 });
 // Authentication functions
@@ -60,7 +62,7 @@ exports.clearAuthToken = clearAuthToken;
 const createAuthenticatedClient = () => {
     const tokenManager = token_manager_1.TokenManager.getInstance();
     if (!tokenManager.getAccessToken()) {
-        logger_1.logger.debug('No authentication token found. Please run `berget auth login` first.');
+        logger_1.logger.debug("No authentication token found. Please run `berget auth login` first.");
     }
     // Create the base client
     const client = (0, openapi_fetch_1.default)({
@@ -68,20 +70,20 @@ const createAuthenticatedClient = () => {
         headers: tokenManager.getAccessToken()
             ? {
                 Authorization: `Bearer ${tokenManager.getAccessToken()}`,
-                'Content-Type': 'application/json',
-                Accept: 'application/json',
+                "Content-Type": "application/json",
+                Accept: "application/json",
             }
             : {
-                'Content-Type': 'application/json',
-                Accept: 'application/json',
+                "Content-Type": "application/json",
+                Accept: "application/json",
             },
     });
     // Wrap the client to handle token refresh
     return new Proxy(client, {
         get(target, prop) {
             // For HTTP methods (GET, POST, etc.), add token refresh logic
-            if (typeof target[prop] === 'function' &&
-                ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'].includes(String(prop))) {
+            if (typeof target[prop] === "function" &&
+                ["GET", "POST", "PUT", "DELETE", "PATCH"].includes(String(prop))) {
                 return (...args) => __awaiter(this, void 0, void 0, function* () {
                     var _a, _b, _c, _d;
                     // Check if token is expired before making the request
@@ -89,8 +91,7 @@ const createAuthenticatedClient = () => {
                         yield refreshAccessToken(tokenManager);
                     }
                     // Update the Authorization header with the current token
-                    if (!((_b = (_a = args[1]) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.Authorization) &&
-                        tokenManager.getAccessToken()) {
+                    if (!((_b = (_a = args[1]) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.Authorization) && tokenManager.getAccessToken()) {
                         if (!args[1])
                             args[1] = {};
                         if (!args[1].headers)
@@ -103,14 +104,10 @@ const createAuthenticatedClient = () => {
                         result = yield target[prop](...args);
                     }
                     catch (requestError) {
-                        logger_1.logger.debug(`Request error: ${requestError instanceof Error
-                            ? requestError.message
-                            : String(requestError)}`);
+                        logger_1.logger.debug(`Request error: ${requestError instanceof Error ? requestError.message : String(requestError)}`);
                         return {
                             error: {
-                                message: `Request failed: ${requestError instanceof Error
-                                    ? requestError.message
-                                    : String(requestError)}`,
+                                message: `Request failed: ${requestError instanceof Error ? requestError.message : String(requestError)}`,
                             },
                         };
                     }
@@ -120,42 +117,41 @@ const createAuthenticatedClient = () => {
                         let isAuthError = false;
                         try {
                             // Standard 401 Unauthorized
-                            if (typeof result.error === 'object' &&
-                                result.error.status === 401) {
+                            if (typeof result.error === "object" && result.error.status === 401) {
                                 isAuthError = true;
                             }
                             // OAuth specific errors
                             else if (result.error.error &&
-                                (result.error.error.code === 'invalid_token' ||
-                                    result.error.error.code === 'token_expired' ||
-                                    result.error.error.message === 'Invalid API key' ||
-                                    ((_c = result.error.error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes('token')) ||
-                                    ((_d = result.error.error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('unauthorized')))) {
+                                (result.error.error.code === "invalid_token" ||
+                                    result.error.error.code === "token_expired" ||
+                                    result.error.error.message === "Invalid API key" ||
+                                    ((_c = result.error.error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes("token")) ||
+                                    ((_d = result.error.error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes("unauthorized")))) {
                                 isAuthError = true;
                             }
                             // Message-based detection as fallback
-                            else if (typeof result.error === 'string' &&
-                                (result.error.toLowerCase().includes('unauthorized') ||
-                                    result.error.toLowerCase().includes('token') ||
-                                    result.error.toLowerCase().includes('auth'))) {
+                            else if (typeof result.error === "string" &&
+                                (result.error.toLowerCase().includes("unauthorized") ||
+                                    result.error.toLowerCase().includes("token") ||
+                                    result.error.toLowerCase().includes("auth"))) {
                                 isAuthError = true;
                             }
                         }
-                        catch (parseError) {
+                        catch (_e) {
                             // If we can't parse the error structure, do a simple string check
                             const errorStr = String(result.error);
-                            if (errorStr.toLowerCase().includes('unauthorized') ||
-                                errorStr.toLowerCase().includes('token') ||
-                                errorStr.toLowerCase().includes('auth')) {
+                            if (errorStr.toLowerCase().includes("unauthorized") ||
+                                errorStr.toLowerCase().includes("token") ||
+                                errorStr.toLowerCase().includes("auth")) {
                                 isAuthError = true;
                             }
                         }
                         if (isAuthError && tokenManager.getRefreshToken()) {
-                            logger_1.logger.debug('Auth error detected, attempting token refresh');
+                            logger_1.logger.debug("Auth error detected, attempting token refresh");
                             logger_1.logger.debug(`Error details: ${JSON.stringify(result.error, null, 2)}`);
                             const refreshed = yield refreshAccessToken(tokenManager);
                             if (refreshed) {
-                                logger_1.logger.debug('Token refreshed successfully, retrying request');
+                                logger_1.logger.debug("Token refreshed successfully, retrying request");
                                 // Update the Authorization header with the new token
                                 if (!args[1])
                                     args[1] = {};
@@ -166,11 +162,11 @@ const createAuthenticatedClient = () => {
                                 return yield target[prop](...args);
                             }
                             else {
-                                logger_1.logger.debug('Token refresh failed');
+                                logger_1.logger.debug("Token refresh failed");
                                 // Add a more helpful error message for users
-                                if (typeof result.error === 'object') {
+                                if (typeof result.error === "object") {
                                     result.error.userMessage =
-                                        'Your session has expired. Please run `berget auth login` to log in again.';
+                                        "Your session has expired. Please run `berget auth login` to log in again.";
                                 }
                             }
                         }
@@ -185,11 +181,9 @@ const createAuthenticatedClient = () => {
 };
 exports.createAuthenticatedClient = createAuthenticatedClient;
 // Keycloak configuration for token refresh (must match auth-service.ts)
-const KEYCLOAK_URL = (isStageMode || isLocalMode)
-    ? 'https://keycloak.stage.berget.ai'
-    : 'https://keycloak.berget.ai';
-const KEYCLOAK_REALM = 'berget';
-const KEYCLOAK_CLIENT_ID = 'berget-code';
+const KEYCLOAK_URL = isStageMode || isLocalMode ? "https://keycloak.stage.berget.ai" : "https://keycloak.berget.ai";
+const KEYCLOAK_REALM = "berget";
+const KEYCLOAK_CLIENT_ID = "berget-code";
 // Helper function to refresh the access token
 function refreshAccessToken(tokenManager) {
     return __awaiter(this, void 0, void 0, function* () {
@@ -197,16 +191,16 @@ function refreshAccessToken(tokenManager) {
             const refreshToken = tokenManager.getRefreshToken();
             if (!refreshToken)
                 return false;
-            logger_1.logger.debug('Attempting to refresh access token');
+            logger_1.logger.debug("Attempting to refresh access token");
             // Refresh directly against Keycloak (berget-code is a public PKCE client)
             try {
                 const response = yield fetch(`${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token`, {
-                    method: 'POST',
+                    method: "POST",
                     headers: {
-                        'Content-Type': 'application/x-www-form-urlencoded',
+                        "Content-Type": "application/x-www-form-urlencoded",
                     },
                     body: new URLSearchParams({
-                        grant_type: 'refresh_token',
+                        grant_type: "refresh_token",
                         client_id: KEYCLOAK_CLIENT_ID,
                         refresh_token: refreshToken,
                     }),
@@ -216,7 +210,7 @@ function refreshAccessToken(tokenManager) {
                     logger_1.logger.debug(`Token refresh error: HTTP ${response.status} ${response.statusText}`);
                     // Check if the refresh token itself is expired or invalid
                     if (response.status === 401 || response.status === 403) {
-                        console.warn(chalk_1.default.yellow('Your refresh token has expired. Please run `berget auth login` again.'));
+                        console.warn(chalk_1.default.yellow("Your refresh token has expired. Please run `berget auth login` again."));
                         // Clear tokens if unauthorized - they're invalid
                         tokenManager.clearTokens();
                     }
@@ -226,30 +220,28 @@ function refreshAccessToken(tokenManager) {
                     return false;
                 }
                 // Parse the response
-                const contentType = response.headers.get('content-type');
-                if (!contentType || !contentType.includes('application/json')) {
+                const contentType = response.headers.get("content-type");
+                if (!contentType || !contentType.includes("application/json")) {
                     console.warn(chalk_1.default.yellow(`Unexpected content type in response: ${contentType}`));
                     return false;
                 }
                 const data = yield response.json();
                 // Validate the response data
                 if (!data || !data.token) {
-                    console.warn(chalk_1.default.yellow('Invalid token response. Please run `berget auth login` again.'));
+                    console.warn(chalk_1.default.yellow("Invalid token response. Please run `berget auth login` again."));
                     return false;
                 }
-                logger_1.logger.debug('Token refreshed successfully');
+                logger_1.logger.debug("Token refreshed successfully");
                 // Update the token
                 tokenManager.updateAccessToken(data.token, data.expires_in || 3600);
                 // If a new refresh token was provided, update that too
                 if (data.refresh_token) {
                     tokenManager.setTokens(data.token, data.refresh_token, data.expires_in || 3600);
-                    logger_1.logger.debug('Refresh token also updated');
+                    logger_1.logger.debug("Refresh token also updated");
                 }
             }
             catch (fetchError) {
-                console.warn(chalk_1.default.yellow(`Failed to refresh token: ${fetchError instanceof Error
-                    ? fetchError.message
-                    : String(fetchError)}`));
+                console.warn(chalk_1.default.yellow(`Failed to refresh token: ${fetchError instanceof Error ? fetchError.message : String(fetchError)}`));
                 return false;
             }
             return true;