berget 2.2.6 → 2.2.8

package/dist/src/agents/quality.js

@@ -0,0 +1,70 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agent = void 0;
+exports.agent = {
+    config: {
+        description: 'Quality assurance specialist for testing, building, and complete PR management.',
+        mode: 'subagent',
+        name: 'quality',
+        permission: {
+            bash: 'allow',
+            edit: 'allow',
+            webfetch: 'allow',
+        },
+        temperature: 0.1,
+        top_p: 0.9,
+    },
+    systemPrompt: `Voice: Scandinavian calm—precise, concise, confident. You are Berget Code Quality agent. Specialist in code quality assurance, testing, building, and pull request lifecycle management.
+
+Core responsibilities:
+  - Run comprehensive test suites (npm test, npm run test, jest, vitest)
+  - Execute build processes (npm run build, webpack, vite, tsc)
+  - Create and manage pull requests with proper descriptions
+  - Handle merge conflicts and keep main updated
+  - Monitor GitHub for reviewer comments and address them
+  - Ensure code quality standards are met
+  - Validate linting and formatting (npm run lint, prettier)
+  - Check test coverage and performance benchmarks
+  - Handle CI/CD pipeline validation
+
+Complete PR Workflow:
+   1. Ensure all tests pass: npm test
+   2. Build successfully: npm run build
+   3. Commit all changes with proper message
+   4. Push to feature branch
+   5. Update main branch and handle merge conflicts
+   6. Create or update PR with comprehensive description
+   7. Monitor for reviewer comments
+   8. Address feedback and push updates
+   9. Always provide PR URL for user review
+
+Essential CLI commands:
+   - npm test or npm run test (run test suite)
+   - npm run build (build project)
+   - npm run lint (run linting)
+   - npm run format (format code)
+   - npm run test:coverage (check coverage)
+   - git add <specific-files> && git commit -m "message" && git push (commit and push)
+   - git checkout main && git pull origin main (update main)
+   - git checkout feature-branch && git merge main (handle conflicts)
+   - gh pr create --title "title" --body "body" (create PR)
+   - gh pr view --comments (check PR comments)
+   - gh pr edit --title "title" --body "body" (update PR)
+
+PR Creation Process:
+   - Always include clear summary of changes
+   - List technical details and improvements
+   - Include testing and validation results
+   - Add any breaking changes or migration notes
+   - Provide PR URL immediately after creation
+
+GIT WORKFLOW RULES (CRITICAL - ENFORCE STRICTLY):
+   - NEVER push directly to main branch - ALWAYS use pull requests
+   - NEVER use 'git add .' - ALWAYS add specific files with 'git add path/to/file'
+   - ALWAYS clean up test files, documentation files, and temporary artifacts before committing
+   - ALWAYS ensure git history maintains production quality - no test commits, no debugging code
+   - ALWAYS create descriptive commit messages following project conventions
+   - ALWAYS run tests and build before creating PR
+
+Always provide specific command examples and wait for processes to complete before proceeding.`,
+};

package/dist/src/agents/security.js

@@ -0,0 +1,26 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.agent = void 0;
+exports.agent = {
+    config: {
+        description: 'Security specialist for pentesting, OWASP compliance, and vulnerability assessments.',
+        mode: 'subagent',
+        name: 'security',
+        permission: {
+            bash: 'allow',
+            edit: 'deny',
+            webfetch: 'allow',
+        },
+        temperature: 0.2,
+        top_p: 0.8,
+    },
+    systemPrompt: `Voice: Scandinavian calm—precise, concise, confident. You are Berget Code Security agent. Expert in application security, penetration testing, and OWASP standards. Core responsibilities: Conduct security assessments and penetration tests, Validate OWASP Top 10 compliance, Review code for security vulnerabilities, Implement security headers and Content Security Policy (CSP), Audit API security, Check for sensitive data exposure, Validate input sanitization and output encoding, Assess dependency security and supply chain risks. Tools and techniques: OWASP ZAP, Burp Suite, security linters, dependency scanners, manual code review. Always provide specific, actionable security recommendations with priority levels.
+
+GIT WORKFLOW RULES (CRITICAL):
+- NEVER push directly to main branch - ALWAYS use pull requests
+- NEVER use 'git add .' - ALWAYS add specific files with 'git add path/to/file'
+- ALWAYS clean up test files, documentation files, and temporary artifacts before committing
+- ALWAYS ensure git history maintains production quality - no test commits, no debugging code
+- ALWAYS create descriptive commit messages following project conventions
+- ALWAYS run tests and build before creating PR`,
+};

package/dist/src/agents/types.js

@@ -0,0 +1,2 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });

package/dist/src/client.js

@@ -1,31 +1,24 @@
 "use strict";
-var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
-    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
-    return new (P || (P = Promise))(function (resolve, reject) {
-        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
-        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
-        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
-        step((generator = generator.apply(thisArg, _arguments || [])).next());
-    });
-};
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.createAuthenticatedClient = exports.clearAuthToken = exports.saveAuthToken = exports.getAuthToken = exports.apiClient = exports.API_BASE_URL = void 0;
-const openapi_fetch_1 = __importDefault(require("openapi-fetch"));
 const chalk_1 = __importDefault(require("chalk"));
-const token_manager_1 = require("./utils/token-manager");
+const openapi_fetch_1 = __importDefault(require("openapi-fetch"));
 const logger_1 = require("./utils/logger");
+const token_manager_1 = require("./utils/token-manager");
 // API Base URL
 // Use --local flag to test against local API
 // Use --stage flag to test against stage API
 const isLocalMode = process.argv.includes('--local');
 const isStageMode = process.argv.includes('--stage');
 exports.API_BASE_URL = process.env.BERGET_API_URL ||
-    (isLocalMode ? 'http://localhost:3000' :
-        isStageMode ? 'https://api.stage.berget.ai' :
-            'https://api.berget.ai'); // production default
+    (isLocalMode
+        ? 'http://localhost:3000'
+        : isStageMode
+            ? 'https://api.stage.berget.ai'
+            : 'https://api.berget.ai'); // production default
 if (isLocalMode && !process.env.BERGET_API_URL) {
     logger_1.logger.debug('Using local API endpoint: http://localhost:3000');
 }
@@ -36,8 +29,8 @@ else if (isStageMode && !process.env.BERGET_API_URL) {
 exports.apiClient = (0, openapi_fetch_1.default)({
     baseUrl: exports.API_BASE_URL,
     headers: {
-        'Content-Type': 'application/json',
         Accept: 'application/json',
+        'Content-Type': 'application/json',
     },
 });
 // Authentication functions
@@ -67,50 +60,44 @@ const createAuthenticatedClient = () => {
         baseUrl: exports.API_BASE_URL,
         headers: tokenManager.getAccessToken()
             ? {
+                Accept: 'application/json',
                 Authorization: `Bearer ${tokenManager.getAccessToken()}`,
                 'Content-Type': 'application/json',
-                Accept: 'application/json',
             }
             : {
-                'Content-Type': 'application/json',
                 Accept: 'application/json',
+                'Content-Type': 'application/json',
             },
     });
     // Wrap the client to handle token refresh
     return new Proxy(client, {
-        get(target, prop) {
+        get(target, property) {
             // For HTTP methods (GET, POST, etc.), add token refresh logic
-            if (typeof target[prop] === 'function' &&
-                ['GET', 'POST', 'PUT', 'DELETE', 'PATCH'].includes(String(prop))) {
-                return (...args) => __awaiter(this, void 0, void 0, function* () {
-                    var _a, _b, _c, _d;
+            if (typeof target[property] === 'function' &&
+                ['DELETE', 'GET', 'PATCH', 'POST', 'PUT'].includes(String(property))) {
+                return async (...arguments_) => {
                     // Check if token is expired before making the request
                     if (tokenManager.isTokenExpired() && tokenManager.getRefreshToken()) {
-                        yield refreshAccessToken(tokenManager);
+                        await refreshAccessToken(tokenManager);
                     }
                     // Update the Authorization header with the current token
-                    if (!((_b = (_a = args[1]) === null || _a === void 0 ? void 0 : _a.headers) === null || _b === void 0 ? void 0 : _b.Authorization) &&
-                        tokenManager.getAccessToken()) {
-                        if (!args[1])
-                            args[1] = {};
-                        if (!args[1].headers)
-                            args[1].headers = {};
-                        args[1].headers.Authorization = `Bearer ${tokenManager.getAccessToken()}`;
+                    if (!arguments_[1]?.headers?.Authorization && tokenManager.getAccessToken()) {
+                        if (!arguments_[1])
+                            arguments_[1] = {};
+                        if (!arguments_[1].headers)
+                            arguments_[1].headers = {};
+                        arguments_[1].headers.Authorization = `Bearer ${tokenManager.getAccessToken()}`;
                     }
                     // Make the original request
                     let result;
                     try {
-                        result = yield target[prop](...args);
+                        result = await target[property](...arguments_);
                     }
                     catch (requestError) {
-                        logger_1.logger.debug(`Request error: ${requestError instanceof Error
-                            ? requestError.message
-                            : String(requestError)}`);
+                        logger_1.logger.debug(`Request error: ${requestError instanceof Error ? requestError.message : String(requestError)}`);
                         return {
                             error: {
-                                message: `Request failed: ${requestError instanceof Error
-                                    ? requestError.message
-                                    : String(requestError)}`,
+                                message: `Request failed: ${requestError instanceof Error ? requestError.message : String(requestError)}`,
                             },
                         };
                     }
@@ -120,8 +107,7 @@ const createAuthenticatedClient = () => {
                         let isAuthError = false;
                         try {
                             // Standard 401 Unauthorized
-                            if (typeof result.error === 'object' &&
-                                result.error.status === 401) {
+                            if (typeof result.error === 'object' && result.error.status === 401) {
                                 isAuthError = true;
                             }
                             // OAuth specific errors
@@ -129,8 +115,8 @@ const createAuthenticatedClient = () => {
                                 (result.error.error.code === 'invalid_token' ||
                                     result.error.error.code === 'token_expired' ||
                                     result.error.error.message === 'Invalid API key' ||
-                                    ((_c = result.error.error.message) === null || _c === void 0 ? void 0 : _c.toLowerCase().includes('token')) ||
-                                    ((_d = result.error.error.message) === null || _d === void 0 ? void 0 : _d.toLowerCase().includes('unauthorized')))) {
+                                    result.error.error.message?.toLowerCase().includes('token') ||
+                                    result.error.error.message?.toLowerCase().includes('unauthorized'))) {
                                 isAuthError = true;
                             }
                             // Message-based detection as fallback
@@ -141,29 +127,29 @@ const createAuthenticatedClient = () => {
                                 isAuthError = true;
                             }
                         }
-                        catch (parseError) {
+                        catch {
                             // If we can't parse the error structure, do a simple string check
-                            const errorStr = String(result.error);
-                            if (errorStr.toLowerCase().includes('unauthorized') ||
-                                errorStr.toLowerCase().includes('token') ||
-                                errorStr.toLowerCase().includes('auth')) {
+                            const errorString = String(result.error);
+                            if (errorString.toLowerCase().includes('unauthorized') ||
+                                errorString.toLowerCase().includes('token') ||
+                                errorString.toLowerCase().includes('auth')) {
                                 isAuthError = true;
                             }
                         }
                         if (isAuthError && tokenManager.getRefreshToken()) {
                             logger_1.logger.debug('Auth error detected, attempting token refresh');
                             logger_1.logger.debug(`Error details: ${JSON.stringify(result.error, null, 2)}`);
-                            const refreshed = yield refreshAccessToken(tokenManager);
+                            const refreshed = await refreshAccessToken(tokenManager);
                             if (refreshed) {
                                 logger_1.logger.debug('Token refreshed successfully, retrying request');
                                 // Update the Authorization header with the new token
-                                if (!args[1])
-                                    args[1] = {};
-                                if (!args[1].headers)
-                                    args[1].headers = {};
-                                args[1].headers.Authorization = `Bearer ${tokenManager.getAccessToken()}`;
+                                if (!arguments_[1])
+                                    arguments_[1] = {};
+                                if (!arguments_[1].headers)
+                                    arguments_[1].headers = {};
+                                arguments_[1].headers.Authorization = `Bearer ${tokenManager.getAccessToken()}`;
                                 // Retry the request
-                                return yield target[prop](...args);
+                                return await target[property](...arguments_);
                             }
                             else {
                                 logger_1.logger.debug('Token refresh failed');
@@ -176,87 +162,81 @@ const createAuthenticatedClient = () => {
                         }
                     }
                     return result;
-                });
+                };
             }
             // For other properties, just return the original
-            return target[prop];
+            return target[property];
         },
     });
 };
 exports.createAuthenticatedClient = createAuthenticatedClient;
 // Keycloak configuration for token refresh (must match auth-service.ts)
-const KEYCLOAK_URL = (isStageMode || isLocalMode)
-    ? 'https://keycloak.stage.berget.ai'
-    : 'https://keycloak.berget.ai';
+const KEYCLOAK_URL = isStageMode || isLocalMode ? 'https://keycloak.stage.berget.ai' : 'https://keycloak.berget.ai';
 const KEYCLOAK_REALM = 'berget';
 const KEYCLOAK_CLIENT_ID = 'berget-code';
 // Helper function to refresh the access token
-function refreshAccessToken(tokenManager) {
-    return __awaiter(this, void 0, void 0, function* () {
+async function refreshAccessToken(tokenManager) {
+    try {
+        const refreshToken = tokenManager.getRefreshToken();
+        if (!refreshToken)
+            return false;
+        logger_1.logger.debug('Attempting to refresh access token');
+        // Refresh directly against Keycloak (berget-code is a public PKCE client)
         try {
-            const refreshToken = tokenManager.getRefreshToken();
-            if (!refreshToken)
-                return false;
-            logger_1.logger.debug('Attempting to refresh access token');
-            // Refresh directly against Keycloak (berget-code is a public PKCE client)
-            try {
-                const response = yield fetch(`${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token`, {
-                    method: 'POST',
-                    headers: {
-                        'Content-Type': 'application/x-www-form-urlencoded',
-                    },
-                    body: new URLSearchParams({
-                        grant_type: 'refresh_token',
-                        client_id: KEYCLOAK_CLIENT_ID,
-                        refresh_token: refreshToken,
-                    }),
-                });
-                // Handle HTTP errors
-                if (!response.ok) {
-                    logger_1.logger.debug(`Token refresh error: HTTP ${response.status} ${response.statusText}`);
-                    // Check if the refresh token itself is expired or invalid
-                    if (response.status === 401 || response.status === 403) {
-                        console.warn(chalk_1.default.yellow('Your refresh token has expired. Please run `berget auth login` again.'));
-                        // Clear tokens if unauthorized - they're invalid
-                        tokenManager.clearTokens();
-                    }
-                    else {
-                        console.warn(chalk_1.default.yellow(`Failed to refresh token: ${response.status} ${response.statusText}`));
-                    }
-                    return false;
+            const response = await fetch(`${KEYCLOAK_URL}/realms/${KEYCLOAK_REALM}/protocol/openid-connect/token`, {
+                body: new URLSearchParams({
+                    client_id: KEYCLOAK_CLIENT_ID,
+                    grant_type: 'refresh_token',
+                    refresh_token: refreshToken,
+                }),
+                headers: {
+                    'Content-Type': 'application/x-www-form-urlencoded',
+                },
+                method: 'POST',
+            });
+            // Handle HTTP errors
+            if (!response.ok) {
+                logger_1.logger.debug(`Token refresh error: HTTP ${response.status} ${response.statusText}`);
+                // Check if the refresh token itself is expired or invalid
+                if (response.status === 401 || response.status === 403) {
+                    console.warn(chalk_1.default.yellow('Your refresh token has expired. Please run `berget auth login` again.'));
+                    // Clear tokens if unauthorized - they're invalid
+                    tokenManager.clearTokens();
                 }
-                // Parse the response
-                const contentType = response.headers.get('content-type');
-                if (!contentType || !contentType.includes('application/json')) {
-                    console.warn(chalk_1.default.yellow(`Unexpected content type in response: ${contentType}`));
-                    return false;
-                }
-                const data = yield response.json();
-                // Validate the response data
-                if (!data || !data.token) {
-                    console.warn(chalk_1.default.yellow('Invalid token response. Please run `berget auth login` again.'));
-                    return false;
-                }
-                logger_1.logger.debug('Token refreshed successfully');
-                // Update the token
-                tokenManager.updateAccessToken(data.token, data.expires_in || 3600);
-                // If a new refresh token was provided, update that too
-                if (data.refresh_token) {
-                    tokenManager.setTokens(data.token, data.refresh_token, data.expires_in || 3600);
-                    logger_1.logger.debug('Refresh token also updated');
+                else {
+                    console.warn(chalk_1.default.yellow(`Failed to refresh token: ${response.status} ${response.statusText}`));
                 }
+                return false;
             }
-            catch (fetchError) {
-                console.warn(chalk_1.default.yellow(`Failed to refresh token: ${fetchError instanceof Error
-                    ? fetchError.message
-                    : String(fetchError)}`));
+            // Parse the response
+            const contentType = response.headers.get('content-type');
+            if (!contentType || !contentType.includes('application/json')) {
+                console.warn(chalk_1.default.yellow(`Unexpected content type in response: ${contentType}`));
                 return false;
             }
-            return true;
+            const data = (await response.json());
+            // Validate the response data
+            if (!data || !data.token) {
+                console.warn(chalk_1.default.yellow('Invalid token response. Please run `berget auth login` again.'));
+                return false;
+            }
+            logger_1.logger.debug('Token refreshed successfully');
+            // Update the token
+            tokenManager.updateAccessToken(data.token, data.expires_in || 3600);
+            // If a new refresh token was provided, update that too
+            if (data.refresh_token) {
+                tokenManager.setTokens(data.token, data.refresh_token, data.expires_in || 3600);
+                logger_1.logger.debug('Refresh token also updated');
+            }
         }
-        catch (error) {
-            console.warn(chalk_1.default.yellow(`Failed to refresh authentication token: ${error instanceof Error ? error.message : String(error)}`));
+        catch (fetchError) {
+            console.warn(chalk_1.default.yellow(`Failed to refresh token: ${fetchError instanceof Error ? fetchError.message : String(fetchError)}`));
             return false;
         }
-    });
+        return true;
+    }
+    catch (error) {
+        console.warn(chalk_1.default.yellow(`Failed to refresh authentication token: ${error instanceof Error ? error.message : String(error)}`));
+        return false;
+    }
 }