golem-cc 2.1.2 → 3.0.0

package/commands/golem/security.md

@@ -1,204 +0,0 @@
----
-name: golem:security
-description: Run automated security scans
-allowed-tools: [Read, Bash, Write]
----
-
-<objective>
-Run automated security tooling to detect vulnerabilities before code review. Uses gitleaks (secrets), semgrep (SAST), pnpm audit (dependencies), and trivy (containers).
-</objective>
-
-<context>
-Current ticket:
-```bash
-TICKET_ID=$(basename "$(pwd)" | grep -oE '(INC|SR)-[0-9]+' || echo "")
-echo "Ticket: ${TICKET_ID:-none}"
-```
-
-Check available tools:
-```bash
-echo "Checking security tools..."
-which gitleaks && gitleaks version || echo "gitleaks: NOT INSTALLED"
-which semgrep && semgrep --version || echo "semgrep: NOT INSTALLED"
-which trivy && trivy --version || echo "trivy: NOT INSTALLED"
-pnpm --version && echo "pnpm: OK" || echo "pnpm: NOT INSTALLED"
-```
-</context>
-
-<process>
-
-## Phase 1: Pre-flight
-
-Check which security tools are available. Not all are required - run what's available.
-
-Required tools and install commands:
-- **gitleaks**: `brew install gitleaks` or `go install github.com/gitleaks/gitleaks/v8@latest`
-- **semgrep**: `brew install semgrep` or `pip install semgrep`
-- **trivy**: `brew install trivy` or `curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh`
-- **pnpm**: `npm install -g pnpm`
-
-## Phase 2: Run Security Scans
-
-Run each available tool and capture results:
-
-### 2.1 Secrets Scan (gitleaks)
-```bash
-if command -v gitleaks &> /dev/null; then
-  echo "=== SECRETS SCAN (gitleaks) ==="
-  if [ -f .gitleaks.toml ]; then
-    gitleaks detect --config .gitleaks.toml --no-git -v 2>&1
-  else
-    gitleaks detect --no-git -v 2>&1
-  fi
-  echo "Exit code: $?"
-fi
-```
-
-Scans for:
-- API keys (AWS, GCP, Azure, Stripe, etc.)
-- Private keys (RSA, SSH, PGP)
-- Database connection strings with passwords
-- OAuth/JWT tokens
-- Hardcoded credentials
-
-### 2.2 SAST Scan (semgrep)
-```bash
-if command -v semgrep &> /dev/null; then
-  echo "=== SAST SCAN (semgrep) ==="
-  semgrep scan --config auto --json 2>&1 | head -200
-  echo "Exit code: $?"
-fi
-```
-
-Scans for OWASP Top 10:
-- A01: Broken Access Control
-- A02: Cryptographic Failures
-- A03: Injection (SQL, XSS, Command)
-- A04: Insecure Design
-- A05: Security Misconfiguration
-- A06: Vulnerable Components
-- A07: Authentication Failures
-- A08: Data Integrity Failures
-- A09: Logging Failures
-- A10: SSRF
-
-### 2.3 Dependency Scan (pnpm audit)
-```bash
-if [ -f package.json ]; then
-  echo "=== DEPENDENCY SCAN (pnpm audit) ==="
-  pnpm audit --json 2>&1 | head -100
-  echo "Exit code: $?"
-fi
-```
-
-Checks against:
-- National Vulnerability Database (NVD/CVE)
-- GitHub Advisory Database
-- npm Security Advisories
-
-### 2.4 Container Scan (trivy)
-```bash
-if command -v trivy &> /dev/null && command -v docker &> /dev/null; then
-  # Check for local image or Dockerfile
-  if docker images --format "{{.Repository}}" 2>/dev/null | head -1 | grep -q .; then
-    echo "=== CONTAINER SCAN (trivy) ==="
-    IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" 2>/dev/null | head -1)
-    trivy image --severity HIGH,CRITICAL "$IMAGE" 2>&1 | head -100
-    echo "Exit code: $?"
-  elif [ -f Dockerfile ]; then
-    echo "=== DOCKERFILE SCAN (trivy) ==="
-    trivy config Dockerfile 2>&1
-    echo "Exit code: $?"
-  else
-    echo "=== CONTAINER SCAN: SKIPPED (no image or Dockerfile) ==="
-  fi
-fi
-```
-
-Scans for:
-- OS package vulnerabilities
-- Application dependencies in image
-- Dockerfile misconfigurations
-
-## Phase 3: Generate Report
-
-Write `.golem/SECURITY_REPORT.md`:
-
-```markdown
-# Security Scan Report
-
-**Generated:** {ISO timestamp}
-**Ticket:** {TICKET_ID}
-
-## Summary
-
-| Scan | Status | Findings |
-|------|--------|----------|
-| Secrets (gitleaks) | {PASS/FAIL/SKIPPED} | {count} |
-| SAST (semgrep) | {PASS/FAIL/SKIPPED} | {count} |
-| Dependencies (pnpm) | {PASS/FAIL/SKIPPED} | {high}/{critical} |
-| Container (trivy) | {PASS/FAIL/SKIPPED} | {count} |
-
-## Verdict
-
-{PASS | FAIL | PARTIAL}
-
----
-
-## Findings
-
-### Secrets
-{details or "No secrets detected"}
-
-### SAST
-{details or "No vulnerabilities detected"}
-
-### Dependencies
-{details or "No vulnerable dependencies"}
-
-### Container
-{details or "No container vulnerabilities"}
-
----
-
-## Next Steps
-
-{If FAIL: list what needs to be fixed}
-{If PASS: "Ready for code review - run /golem:review"}
-```
-
-## Phase 4: Verdict
-
-**PASS**: All scans passed (or skipped due to missing tools)
-- Announce ready for review
-- Suggest running `/golem:review`
-
-**FAIL**: Any scan found issues
-- List critical findings
-- Block until fixed
-- Do NOT proceed to review
-
-**PARTIAL**: Some tools missing
-- Warn about missing coverage
-- Suggest installing missing tools
-- Allow proceeding with caution
-
-</process>
-
-<success_criteria>
-- [ ] Available security tools identified
-- [ ] Secrets scan completed (if gitleaks available)
-- [ ] SAST scan completed (if semgrep available)
-- [ ] Dependency scan completed (if package.json exists)
-- [ ] Container scan completed (if applicable)
-- [ ] Report generated at .golem/SECURITY_REPORT.md
-- [ ] Clear verdict provided
-</success_criteria>
-
-<important>
-- This is READ-ONLY - do not fix issues, just report them
-- Any secrets found are CRITICAL - must be rotated immediately
-- High/Critical dependency vulns should block merge
-- Missing tools should trigger a warning, not a failure
-- Container scan only runs if image exists or Dockerfile present
-</important>

package/commands/golem/simplify.md

@@ -1,94 +0,0 @@
----
-name: golem:simplify
-description: Run code simplifier on specified files or recent changes
-allowed-tools: [Read, Write, Edit, Glob, Grep, Bash]
----
-
-<objective>
-Simplify code by removing AI artifacts, reducing complexity, and improving clarity while preserving ALL behavior.
-</objective>
-
-<execution_context>
-@~/.golem/agents/code-simplifier.md
-</execution_context>
-
-<context>
-Get files to simplify (staged, modified, or specified):
-```bash
-# Staged files
-git diff --cached --name-only 2>/dev/null | head -20
-
-# Modified files
-git diff --name-only 2>/dev/null | head -20
-```
-
-Test command:
-```bash
-grep -A1 "### Testing" .golem/AGENTS.md 2>/dev/null | tail -1
-```
-</context>
-
-<process>
-
-## 1. Identify Target Files
-
-If user specified files, use those.
-Otherwise, check for staged/modified files.
-Skip:
-- Test files (`*.test.ts`, `*.spec.ts`)
-- Type definitions (`*.d.ts`)
-- Config files (`*.config.*`)
-- Generated files
-
-## 2. Simplify Each File
-
-For each source file:
-
-### Priority 1: Remove AI Artifacts
-- Unnecessary comments explaining obvious code
-- Defensive checks that can never trigger
-- Type casts to `any` without need
-- Commented-out code blocks
-- TODO comments for completed work
-
-### Priority 2: Reduce Complexity
-- Flatten nested conditionals (use early returns)
-- Replace nested ternaries with if/else
-- Extract complex boolean expressions to named variables
-- Consolidate duplicate code paths
-
-### Priority 3: Improve Clarity
-- Rename unclear variables (single letters, abbreviations)
-- Rename functions to describe what they do
-- Remove dead/unreachable code
-- Simplify over-engineered abstractions
-
-### Priority 4: Structural
-- Extract large functions into focused helpers
-- Inline trivial one-use functions
-- Simplify data structures
-
-## 3. Validate
-
-Run tests to confirm no regressions:
-```bash
-{test_command from .golem/AGENTS.md}
-```
-
-If tests fail: revert simplifications that caused failures.
-
-## 4. Report
-
-Summarize what was simplified:
-- Files modified
-- Changes made
-- Tests still passing
-
-</process>
-
-<important>
-- NEVER change behavior - only improve clarity
-- Run tests after EVERY file simplification
-- If unsure whether a change affects behavior, don't make it
-- This is cosmetic surgery, not functional changes
-</important>

package/commands/golem/spec.md

@@ -1,226 +0,0 @@
----
-name: golem:spec
-description: Build project specs through guided conversation
-allowed-tools: [Read, Write, Glob, Grep, Bash, AskUserQuestion, Task]
----
-
-<objective>
-Spawn an agent team to explore requirements from multiple angles, challenge assumptions, and generate robust specs. The team synthesizes findings into spec files that form the foundation for planning and building.
-</objective>
-
-<execution_context>
-@~/.golem/agents/spec-builder.md
-</execution_context>
-
-<context>
-Current ticket (if any):
-```bash
-TICKET_ID=$(basename "$(pwd)" | grep -oE '(INC|SR)-[0-9]+' || echo "")
-if [ -n "$TICKET_ID" ]; then
-  cat .golem/tickets/$TICKET_ID.yaml 2>/dev/null || echo "No ticket state found"
-else
-  echo "Not in a ticket worktree"
-fi
-```
-
-Current specs:
-```bash
-ls -la .golem/specs/ 2>/dev/null || echo "No specs directory yet"
-```
-
-Project structure:
-```bash
-if [ -f package.json ]; then echo "Node/TypeScript project"; head -30 package.json; fi
-if [ -f pyproject.toml ]; then echo "Python project"; head -30 pyproject.toml; fi
-if [ -f Cargo.toml ]; then echo "Rust project"; head -30 Cargo.toml; fi
-```
-</context>
-
-<process>
-
-## Phase 1: Gather Initial Context
-
-Before spawning the team, gather baseline information:
-
-1. If in a ticket worktree: read the ticket description
-2. If NOT in a ticket worktree: ask what we're building
-3. Get a rough sense of scope and purpose
-
-## Phase 2: Spawn Spec Team
-
-Create an agent team with three specialized teammates:
-
-```
-Create an agent team to explore requirements for this feature/fix.
-Spawn three teammates:
-
-1. **UX Advocate** - Focuses on user experience and usability:
-   - Who are the users?
-   - What's their workflow?
-   - What's the simplest interface that solves the problem?
-   - Where will users get confused or frustrated?
-
-2. **Architect** - Focuses on technical design:
-   - What's the system architecture?
-   - How does this fit into existing code?
-   - What are the technical constraints?
-   - What are the integration points?
-
-3. **Devil's Advocate** - Actively challenges assumptions:
-   - "Do we actually need this?"
-   - "What's the simplest thing that could work?"
-   - "What happens when X fails?"
-   - "Why not use existing solution Y?"
-
-   Rules for Devil's Advocate:
-   - Must articulate WHY something is problematic
-   - Must propose a concrete alternative
-   - Must back down when concern is adequately addressed
-   - Goal is better thinking, not blocking progress
-
-Have them explore the problem space simultaneously, share findings,
-and challenge each other's assumptions. The debate should surface
-requirements we'd otherwise miss.
-```
-
-## Phase 3: Team Exploration
-
-Let the team explore these questions:
-
-### UX Advocate investigates:
-- What's the actual problem users face?
-- What's the minimum viable solution?
-- What edge cases will users encounter?
-- What error states need handling?
-
-### Architect investigates:
-- What existing code/patterns can we reuse?
-- What new components are needed?
-- What are the dependencies?
-- What technical constraints exist?
-
-### Devil's Advocate challenges:
-- Is this feature actually necessary?
-- Are we overengineering?
-- What's the cost of NOT doing this?
-- What simpler alternatives exist?
-
-## Phase 4: Synthesize Findings
-
-After team exploration, synthesize into topics:
-
-1. Review findings from all three perspectives
-2. Identify 1-5 distinct topics of concern
-3. Each topic should pass the "no AND test"
-4. Resolve any conflicts between teammates
-
-## Phase 5: Generate Spec Files
-
-For each topic, write to `.golem/specs/{topic-name}.md`:
-
-```markdown
-# {Topic Name}
-
-Ticket: {INC-XXXX} (if applicable)
-
-## Purpose
-{One paragraph explaining what this covers and why}
-
-## Requirements
-
-### Must Have
-- {Requirement 1}
-- {Requirement 2}
-
-### Should Have
-- {Optional requirement}
-
-### Must Not
-- {Anti-requirement / constraint}
-
-## Acceptance Criteria
-- [ ] {Testable criterion 1}
-- [ ] {Testable criterion 2}
-
-## Tests
-- {Test description} → expects {outcome}
-
-## Technical Notes
-{Implementation hints, constraints, decisions}
-
-## Considered Alternatives
-{What the Devil's Advocate proposed and why we did/didn't take it}
-```
-
-## Phase 6: Operational Setup
-
-After specs are written:
-
-1. Create `.golem/specs/` directory if needed
-2. Write each spec file
-3. Detect or ask for test/build/lint commands
-4. Write `.golem/AGENTS.md`:
-
-```markdown
-# Operational Guide
-
-Ticket: {INC-XXXX}
-Branch: {branch-name}
-
-## Commands
-
-### Testing
-\`\`\`bash
-{test command}
-\`\`\`
-
-### Type Checking
-\`\`\`bash
-{typecheck command}
-\`\`\`
-
-### Linting
-\`\`\`bash
-{lint command}
-\`\`\`
-
-## Learnings
-<!-- Updated during build iterations -->
-```
-
-## Phase 7: Cleanup & Completion
-
-1. Clean up the agent team
-2. Update ticket status:
-   ```bash
-   golem-api ticket:status $TICKET_ID spec --note "Specs complete"
-   ```
-3. Summarize what was created
-4. Show next steps:
-   ```
-   Specs complete! Next steps:
-   1. Review .golem/specs/ and adjust if needed
-   2. Run /golem:plan to create implementation plan
-   3. Run /golem:build to start building
-   ```
-
-</process>
-
-<success_criteria>
-- [ ] Agent team explored requirements from 3 perspectives
-- [ ] Devil's advocate challenged assumptions
-- [ ] Conflicts resolved through discussion
-- [ ] Each topic has a separate spec file
-- [ ] Tests defined in each spec
-- [ ] Alternatives considered and documented
-- [ ] AGENTS.md exists with operational commands
-- [ ] Team cleaned up
-- [ ] Ticket status synced
-</success_criteria>
-
-<important>
-- The Devil's Advocate must be ACTIVE, not passive criticism
-- All three perspectives should contribute to final specs
-- Document "Considered Alternatives" so we remember why we chose this path
-- Clean up the team when done
-</important>

package/commands/golem/status.md

@@ -1,60 +0,0 @@
----
-name: golem:status
-description: Show current project status
-allowed-tools: [Read, Bash, Glob]
----
-
-<objective>
-Display current ticket status, spec progress, and implementation plan state.
-</objective>
-
-<context>
-Ticket info:
-```bash
-TICKET_ID=$(basename "$(pwd)" | grep -oE '(INC|SR)-[0-9]+' || echo "")
-if [ -n "$TICKET_ID" ]; then
-  echo "=== Ticket: $TICKET_ID ==="
-  cat .golem/tickets/$TICKET_ID.yaml 2>/dev/null || echo "No local state"
-else
-  echo "Not in a ticket worktree"
-  echo ""
-  echo "=== All Tickets ==="
-  golem-api ticket:list 2>/dev/null || echo "No tickets"
-fi
-```
-
-Specs:
-```bash
-echo "=== Specs ==="
-ls .golem/specs/*.md 2>/dev/null || echo "No specs yet"
-```
-
-Plan progress:
-```bash
-echo "=== Implementation Plan ==="
-if [ -f .golem/IMPLEMENTATION_PLAN.md ]; then
-  TOTAL=$(grep -c '^\- \[' .golem/IMPLEMENTATION_PLAN.md 2>/dev/null || echo 0)
-  DONE=$(grep -c '^\- \[x\]' .golem/IMPLEMENTATION_PLAN.md 2>/dev/null || echo 0)
-  echo "Tasks: $DONE / $TOTAL complete"
-  echo ""
-  echo "Current stage:"
-  grep -A5 '^## Stage' .golem/IMPLEMENTATION_PLAN.md | grep -E '(^## Stage|^\- \[)' | head -10
-else
-  echo "No plan yet - run /golem:plan"
-fi
-```
-
-Git status:
-```bash
-echo ""
-echo "=== Git Status ==="
-git branch --show-current 2>/dev/null
-git log --oneline -5 2>/dev/null
-```
-</context>
-
-<process>
-1. Display all context information
-2. Summarize current state
-3. Suggest next action if any
-</process>

package/dist/api/freshworks.d.ts

@@ -1,61 +0,0 @@
-/**
- * Freshservice API client
- *
- * API Docs: https://api.freshservice.com/
- */
-import type { FreshTicket, FreshTicketCreatePayload } from '../types.js';
-export interface FreshworksConfig {
-    domain: string;
-    apiKey: string;
-}
-export declare class FreshworksClient {
-    private baseUrl;
-    private headers;
-    constructor(config: FreshworksConfig);
-    private request;
-    /**
-     * Get a ticket by ID
-     */
-    getTicket(id: number): Promise<FreshTicket>;
-    /**
-     * Get tickets assigned to current user
-     */
-    getMyTickets(): Promise<FreshTicket[]>;
-    /**
-     * Create a new ticket
-     */
-    createTicket(payload: FreshTicketCreatePayload): Promise<FreshTicket>;
-    /**
-     * Update a ticket
-     */
-    updateTicket(id: number, updates: Partial<FreshTicketCreatePayload>): Promise<FreshTicket>;
-    /**
-     * Get current agent info
-     */
-    getCurrentAgent(): Promise<{
-        id: number;
-        email: string;
-    }>;
-    /**
-     * Add a note to a ticket
-     */
-    addNote(ticketId: number, body: string, isPrivate?: boolean): Promise<void>;
-    /**
-     * Close/resolve a ticket
-     * Note: Freshservice requires responder_id and resolution_notes when closing
-     */
-    closeTicket(id: number, resolution?: string): Promise<FreshTicket>;
-    /**
-     * Format ticket ID for display (e.g., "INC-1234")
-     */
-    static formatTicketId(id: number, type?: 'Incident' | 'Service Request'): string;
-    /**
-     * Parse ticket ID from string (e.g., "INC-1234" -> 1234)
-     */
-    static parseTicketId(idString: string): number;
-}
-/**
- * Create client from environment variables
- */
-export declare function createFreshworksClient(): FreshworksClient;
-//# sourceMappingURL=freshworks.d.ts.map

package/dist/api/freshworks.d.ts.map

@@ -1 +0,0 @@
-{"version":3,"file":"freshworks.d.ts","sourceRoot":"","sources":["../../src/api/freshworks.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,KAAK,EAAE,WAAW,EAAE,wBAAwB,EAAE,MAAM,aAAa,CAAC;AAEzE,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,qBAAa,gBAAgB;IAC3B,OAAO,CAAC,OAAO,CAAS;IACxB,OAAO,CAAC,OAAO,CAAU;gBAEb,MAAM,EAAE,gBAAgB;YAUtB,OAAO;IAmBrB;;OAEG;IACG,SAAS,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAKjD;;OAEG;IACG,YAAY,IAAI,OAAO,CAAC,WAAW,EAAE,CAAC;IAS5C;;OAEG;IACG,YAAY,CAAC,OAAO,EAAE,wBAAwB,GAAG,OAAO,CAAC,WAAW,CAAC;IAS3E;;OAEG;IACG,YAAY,CAChB,EAAE,EAAE,MAAM,EACV,OAAO,EAAE,OAAO,CAAC,wBAAwB,CAAC,GACzC,OAAO,CAAC,WAAW,CAAC;IASvB;;OAEG;IACG,eAAe,IAAI,OAAO,CAAC;QAAE,EAAE,EAAE,MAAM,CAAC;QAAC,KAAK,EAAE,MAAM,CAAA;KAAE,CAAC;IAK/D;;OAEG;IACG,OAAO,CACX,QAAQ,EAAE,MAAM,EAChB,IAAI,EAAE,MAAM,EACZ,SAAS,UAAO,GACf,OAAO,CAAC,IAAI,CAAC;IAOhB;;;OAGG;IACG,WAAW,CAAC,EAAE,EAAE,MAAM,EAAE,UAAU,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,WAAW,CAAC;IAexE;;OAEG;IACH,MAAM,CAAC,cAAc,CAAC,EAAE,EAAE,MAAM,EAAE,IAAI,GAAE,UAAU,GAAG,iBAA8B,GAAG,MAAM;IAK5F;;OAEG;IACH,MAAM,CAAC,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,MAAM;CAO/C;AAED;;GAEG;AACH,wBAAgB,sBAAsB,IAAI,gBAAgB,CASzD"}