npm - golem-cc - Versions diffs - 2.1.2 → 3.0.0 - Mend

golem-cc 2.1.2 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (84) hide show

package/.claude/commands/golem/build.md +18 -0
package/.claude/commands/golem/config.md +39 -0
package/.claude/commands/golem/continue.md +73 -0
package/.claude/commands/golem/doctor.md +46 -0
package/.claude/commands/golem/document.md +138 -0
package/.claude/commands/golem/help.md +58 -0
package/.claude/commands/golem/pause.md +130 -0
package/.claude/commands/golem/plan.md +111 -0
package/.claude/commands/golem/review.md +166 -0
package/.claude/commands/golem/security.md +186 -0
package/.claude/commands/golem/simplify.md +76 -0
package/.claude/commands/golem/spec.md +105 -0
package/.claude/commands/golem/status.md +33 -0
package/.golem/agents/code-simplifier.md +54 -0
package/.golem/agents/review-architecture.md +59 -0
package/.golem/agents/review-logic.md +50 -0
package/.golem/agents/review-security.md +50 -0
package/.golem/agents/review-style.md +48 -0
package/.golem/agents/review-tests.md +48 -0
package/.golem/agents/spec-builder.md +60 -0
package/.golem/bin/golem.mjs +270 -0
package/.golem/lib/build.mjs +557 -0
package/.golem/lib/claude.mjs +95 -0
package/.golem/lib/config.mjs +421 -0
package/.golem/lib/display.mjs +191 -0
package/.golem/lib/doctor.mjs +197 -0
package/.golem/lib/document.mjs +792 -0
package/.golem/lib/gates.mjs +78 -0
package/.golem/lib/init.mjs +166 -0
package/.golem/lib/output.mjs +40 -0
package/.golem/lib/ratelimit.mjs +86 -0
package/.golem/lib/security.mjs +603 -0
package/.golem/lib/simplify.mjs +101 -0
package/.golem/lib/tui.mjs +368 -0
package/.golem/lib/usage.mjs +119 -0
package/.golem/lib/worktree.mjs +509 -0
package/.golem/prompts/build.md +23 -0
package/.golem/prompts/document-inline.md +66 -0
package/.golem/prompts/document-markdown.md +80 -0
package/.golem/prompts/simplify.md +35 -0
package/README.md +141 -142
package/bin/golem-shim.mjs +36 -0
package/bin/install.mjs +193 -0
package/package.json +27 -32
package/.env.example +0 -17
package/bin/golem +0 -1040
package/commands/golem/build.md +0 -235
package/commands/golem/config.md +0 -55
package/commands/golem/doctor.md +0 -137
package/commands/golem/help.md +0 -212
package/commands/golem/plan.md +0 -214
package/commands/golem/review.md +0 -376
package/commands/golem/security.md +0 -204
package/commands/golem/simplify.md +0 -94
package/commands/golem/spec.md +0 -226
package/commands/golem/status.md +0 -60
package/dist/api/freshworks.d.ts +0 -61
package/dist/api/freshworks.d.ts.map +0 -1
package/dist/api/freshworks.js +0 -119
package/dist/api/freshworks.js.map +0 -1
package/dist/api/gitea.d.ts +0 -96
package/dist/api/gitea.d.ts.map +0 -1
package/dist/api/gitea.js +0 -154
package/dist/api/gitea.js.map +0 -1
package/dist/cli/index.d.ts +0 -9
package/dist/cli/index.d.ts.map +0 -1
package/dist/cli/index.js +0 -352
package/dist/cli/index.js.map +0 -1
package/dist/sync/ticket-sync.d.ts +0 -53
package/dist/sync/ticket-sync.d.ts.map +0 -1
package/dist/sync/ticket-sync.js +0 -226
package/dist/sync/ticket-sync.js.map +0 -1
package/dist/types.d.ts +0 -125
package/dist/types.d.ts.map +0 -1
package/dist/types.js +0 -5
package/dist/types.js.map +0 -1
package/dist/worktree/manager.d.ts +0 -54
package/dist/worktree/manager.d.ts.map +0 -1
package/dist/worktree/manager.js +0 -190
package/dist/worktree/manager.js.map +0 -1
package/golem/agents/code-simplifier.md +0 -81
package/golem/agents/spec-builder.md +0 -90
package/golem/prompts/PROMPT_build.md +0 -71
package/golem/prompts/PROMPT_plan.md +0 -102

package/.golem/lib/security.mjs ADDED Viewed

@@ -0,0 +1,603 @@
+import { execFile, exec } from 'node:child_process';
+import { promisify } from 'node:util';
+import { readFile, writeFile, access, chmod, stat } from 'node:fs/promises';
+import { join, relative } from 'node:path';
+import { header, success, fail, warn, info, spinner, table } from './output.mjs';
+import { detectFramework } from './config.mjs';
+const execFileAsync = promisify(execFile);
+const execAsync = promisify(exec);
+async function which(tool) {
+  try {
+    const { stdout } = await execFileAsync('which', [tool]);
+    return stdout.trim();
+  } catch {
+    return null;
+  }
+}
+async function detectTools() {
+  const tools = {};
+  for (const name of ['gitleaks', 'semgrep', 'trivy']) {
+    tools[name] = await which(name);
+  }
+  return tools;
+}
+async function installTool(name) {
+  const cmds = {
+    gitleaks: 'brew install gitleaks',
+    semgrep: 'brew install semgrep',
+    trivy: 'brew install trivy',
+  };
+  const cmd = cmds[name];
+  if (!cmd) return false;
+  const s = spinner(`Installing ${name}...`);
+  try {
+    await execAsync(cmd, { timeout: 120000 });
+    s.succeed(`Installed ${name}`);
+    return true;
+  } catch (e) {
+    s.fail(`Failed to install ${name}: ${e.message}`);
+    return false;
+  }
+}
+async function runGitleaks(fullHistory) {
+  const findings = [];
+  const args = ['detect', '-v', '--report-format', 'json', '--report-path', '/dev/stdout'];
+  if (!fullHistory) args.push('--no-git');
+  const s = spinner(fullHistory ? 'gitleaks (full history)' : 'gitleaks (current files)');
+  try {
+    await execFileAsync('gitleaks', args, { cwd: process.cwd(), maxBuffer: 10 * 1024 * 1024 });
+    s.succeed('gitleaks: no secrets found');
+  } catch (e) {
+    if (e.stdout) {
+      try {
+        const results = JSON.parse(e.stdout);
+        if (Array.isArray(results)) {
+          for (const r of results) {
+            findings.push({
+              tool: 'gitleaks',
+              severity: 'CRITICAL',
+              file: r.File || r.file || '',
+              line: r.StartLine || r.line || 0,
+              message: r.Description || r.RuleID || 'Secret detected',
+              detail: r.Match ? `Match: ${r.Match.slice(0, 40)}...` : '',
+            });
+          }
+        }
+      } catch {}
+      s.fail(`gitleaks: ${findings.length} secret(s) found`);
+    } else {
+      s.warn('gitleaks: scan error');
+    }
+  }
+  return findings;
+}
+function parseSemgrepResults(json) {
+  const data = JSON.parse(json);
+  return (data.results || []).map(r => ({
+    tool: 'semgrep',
+    severity: mapSemgrepSeverity(r.extra?.severity || 'WARNING'),
+    file: relative(process.cwd(), r.path || ''),
+    line: r.start?.line || 0,
+    message: r.check_id || 'Finding',
+    detail: r.extra?.message || '',
+  }));
+}
+async function runSemgrep(framework) {
+  const configs = ['auto', 'p/nodejs', 'p/typescript'];
+  if (framework === 'next') configs.push('p/nextjs', 'p/react');
+  if (framework === 'nuxt') configs.push('p/react');
+  const args = ['scan', '--json'];
+  for (const c of configs) {
+    args.push('--config', c);
+  }
+  const s = spinner('semgrep SAST scan');
+  let findings = [];
+  try {
+    const { stdout } = await execAsync(`semgrep ${args.slice(1).join(' ')}`, {
+      cwd: process.cwd(),
+      maxBuffer: 10 * 1024 * 1024,
+      timeout: 120000,
+    });
+    findings = parseSemgrepResults(stdout);
+    s.succeed(`semgrep: ${findings.length} finding(s)`);
+  } catch (e) {
+    if (e.stdout) {
+      try {
+        findings = parseSemgrepResults(e.stdout);
+        s.succeed(`semgrep: ${findings.length} finding(s)`);
+      } catch {
+        s.fail('semgrep: parse error');
+      }
+    } else {
+      s.fail('semgrep: scan error');
+    }
+  }
+  return findings;
+}
+function mapSemgrepSeverity(sev) {
+  return { ERROR: 'HIGH', WARNING: 'MEDIUM', INFO: 'LOW' }[sev] || 'MEDIUM';
+}
+async function runPnpmAudit() {
+  const findings = [];
+  const s = spinner('pnpm audit');
+  try {
+    const { stdout } = await execAsync('pnpm audit --json', {
+      cwd: process.cwd(),
+      maxBuffer: 5 * 1024 * 1024,
+    });
+    const data = JSON.parse(stdout);
+    if (data.advisories) {
+      for (const [, adv] of Object.entries(data.advisories)) {
+        findings.push({
+          tool: 'pnpm-audit',
+          severity: (adv.severity || 'moderate').toUpperCase(),
+          file: 'package.json',
+          line: 0,
+          message: `${adv.module_name}: ${adv.title}`,
+          detail: adv.url || '',
+        });
+      }
+    }
+    s.succeed(`pnpm audit: ${findings.length} advisory(ies)`);
+  } catch (e) {
+    if (e.stdout) {
+      try {
+        const data = JSON.parse(e.stdout);
+        const meta = data.metadata;
+        if (meta && meta.vulnerabilities) {
+          for (const [sev, count] of Object.entries(meta.vulnerabilities)) {
+            if (count > 0) {
+              findings.push({
+                tool: 'pnpm-audit',
+                severity: sev.toUpperCase(),
+                file: 'package.json',
+                line: 0,
+                message: `${count} ${sev} vulnerability(ies)`,
+                detail: '',
+              });
+            }
+          }
+        }
+        s.succeed(`pnpm audit: ${findings.length} finding(s)`);
+      } catch {
+        s.succeed('pnpm audit: clean');
+      }
+    } else {
+      s.succeed('pnpm audit: clean');
+    }
+  }
+  return findings;
+}
+async function checkEnvGitignore() {
+  const findings = [];
+  const s = spinner('.env / .gitignore validation');
+  try {
+    const gitignore = await readFile(join(process.cwd(), '.gitignore'), 'utf-8');
+    const lines = gitignore.split('\n').map(l => l.trim());
+    if (!lines.some(l => l === '.env' || l === '.env*' || l === '*.env')) {
+      findings.push({
+        tool: 'env-check',
+        severity: 'CRITICAL',
+        file: '.gitignore',
+        line: 0,
+        message: '.env is NOT in .gitignore',
+        detail: 'Add .env to .gitignore immediately',
+      });
+    }
+  } catch {
+    findings.push({
+      tool: 'env-check',
+      severity: 'HIGH',
+      file: '.gitignore',
+      line: 0,
+      message: 'No .gitignore file found',
+      detail: 'Create .gitignore with .env entry',
+    });
+  }
+  try {
+    await access(join(process.cwd(), '.env'));
+    try {
+      await execAsync('git ls-files --error-unmatch .env', { cwd: process.cwd() });
+      findings.push({
+        tool: 'env-check',
+        severity: 'CRITICAL',
+        file: '.env',
+        line: 0,
+        message: '.env file is tracked by git',
+        detail: 'Run: git rm --cached .env',
+      });
+    } catch {}
+  } catch {}
+  if (findings.length === 0) {
+    s.succeed('.env validation: clean');
+  } else {
+    s.fail(`.env validation: ${findings.length} issue(s)`);
+  }
+  return findings;
+}
+async function grepHardcodedSecrets() {
+  const findings = [];
+  const patterns = [
+    { regex: /(?:password|passwd|pwd)\s*[:=]\s*['"][^'"]{4,}/gi, label: 'hardcoded password' },
+    { regex: /(?:api[_-]?key|apikey)\s*[:=]\s*['"][^'"]{8,}/gi, label: 'hardcoded API key' },
+    { regex: /(?:secret|token)\s*[:=]\s*['"][^'"]{8,}/gi, label: 'hardcoded secret/token' },
+    { regex: /(?:aws_access_key_id|aws_secret_access_key)\s*[:=]\s*['"][^'"]+/gi, label: 'AWS credentials' },
+  ];
+  const s = spinner('Hardcoded secrets grep');
+  try {
+    const { stdout } = await execAsync(
+      "git ls-files --cached --others --exclude-standard | grep -E '\\.(js|ts|mjs|cjs|jsx|tsx|vue|json|yaml|yml|toml)$'",
+      { cwd: process.cwd(), maxBuffer: 5 * 1024 * 1024 },
+    );
+    const files = stdout.trim().split('\n').filter(Boolean);
+    for (const file of files) {
+      if (file.includes('node_modules') || file.includes('lock') || file.includes('.example')) continue;
+      try {
+        const content = await readFile(join(process.cwd(), file), 'utf-8');
+        const lines = content.split('\n');
+        for (let i = 0; i < lines.length; i++) {
+          for (const { regex, label } of patterns) {
+            regex.lastIndex = 0;
+            if (regex.test(lines[i])) {
+              // Skip if it looks like env reference or placeholder
+              if (/process\.env|import\.meta\.env|\$\{|<[A-Z_]+>|YOUR_|CHANGE_ME|example/i.test(lines[i])) continue;
+              findings.push({
+                tool: 'secret-grep',
+                severity: 'HIGH',
+                file,
+                line: i + 1,
+                message: label,
+                detail: lines[i].trim().slice(0, 80),
+              });
+            }
+          }
+        }
+      } catch {}
+    }
+    s.succeed(`Secret grep: ${findings.length} finding(s)`);
+  } catch {
+    s.succeed('Secret grep: no source files');
+  }
+  return findings;
+}
+async function runTrivy() {
+  const findings = [];
+  const s = spinner('trivy scan');
+  try {
+    await access(join(process.cwd(), 'Dockerfile'));
+  } catch {
+    s.succeed('trivy: no Dockerfile found, skipping');
+    return findings;
+  }
+  try {
+    const { stdout } = await execAsync('trivy fs --format json .', {
+      cwd: process.cwd(),
+      maxBuffer: 10 * 1024 * 1024,
+      timeout: 120000,
+    });
+    const data = JSON.parse(stdout);
+    if (data.Results) {
+      for (const result of data.Results) {
+        for (const vuln of result.Vulnerabilities || []) {
+          findings.push({
+            tool: 'trivy',
+            severity: (vuln.Severity || 'MEDIUM').toUpperCase(),
+            file: result.Target || '',
+            line: 0,
+            message: `${vuln.VulnerabilityID}: ${vuln.PkgName}`,
+            detail: vuln.Title || '',
+          });
+        }
+      }
+    }
+    s.succeed(`trivy: ${findings.length} finding(s)`);
+  } catch {
+    s.fail('trivy: scan error');
+  }
+  return findings;
+}
+async function checkPnpmOutdated() {
+  const findings = [];
+  const s = spinner('pnpm outdated');
+  try {
+    await execAsync('pnpm outdated --json', {
+      cwd: process.cwd(),
+      maxBuffer: 5 * 1024 * 1024,
+    });
+    s.succeed('pnpm outdated: all up to date');
+  } catch (e) {
+    if (e.stdout) {
+      try {
+        const data = JSON.parse(e.stdout);
+        const count = Object.keys(data).length;
+        if (count > 0) {
+          findings.push({
+            tool: 'pnpm-outdated',
+            severity: 'LOW',
+            file: 'package.json',
+            line: 0,
+            message: `${count} outdated package(s)`,
+            detail: 'Run: pnpm update',
+          });
+        }
+      } catch {}
+    }
+    s.succeed(`pnpm outdated: ${findings.length} finding(s)`);
+  }
+  return findings;
+}
+async function checkFilePermissions() {
+  const findings = [];
+  const s = spinner('File permission audit');
+  const sensitive = ['.env', '.env.local', '.env.production', 'id_rsa', 'id_ed25519', '*.pem', '*.key'];
+  for (const pattern of sensitive) {
+    try {
+      const { stdout } = await execAsync(`git ls-files --cached --others --exclude-standard '${pattern}'`, {
+        cwd: process.cwd(),
+      });
+      for (const file of stdout.trim().split('\n').filter(Boolean)) {
+        try {
+          const st = await stat(join(process.cwd(), file));
+          const mode = (st.mode & 0o777).toString(8);
+          if (mode.endsWith('7') || mode.endsWith('6')) {
+            findings.push({
+              tool: 'file-perms',
+              severity: 'MEDIUM',
+              file,
+              line: 0,
+              message: `World-readable file (${mode})`,
+              detail: `Run: chmod 600 ${file}`,
+            });
+          }
+        } catch {}
+      }
+    } catch {}
+  }
+  s.succeed(`File perms: ${findings.length} finding(s)`);
+  return findings;
+}
+async function checkSecurityHeaders(framework) {
+  const findings = [];
+  if (!framework) return findings;
+  const s = spinner('Security headers check');
+  const configFiles = framework === 'nuxt'
+    ? ['nuxt.config.ts', 'nuxt.config.js']
+    : ['next.config.ts', 'next.config.js', 'next.config.mjs'];
+  let configContent = '';
+  for (const f of configFiles) {
+    try {
+      configContent = await readFile(join(process.cwd(), f), 'utf-8');
+      break;
+    } catch {}
+  }
+  if (!configContent) {
+    s.succeed('Security headers: no config found');
+    return findings;
+  }
+  const checks = [
+    { pattern: /csp|content-security-policy/i, name: 'Content-Security-Policy' },
+    { pattern: /hsts|strict-transport-security/i, name: 'Strict-Transport-Security' },
+    { pattern: /x-frame-options|frameOptions/i, name: 'X-Frame-Options' },
+    { pattern: /x-content-type-options/i, name: 'X-Content-Type-Options' },
+  ];
+  for (const { pattern, name } of checks) {
+    if (!pattern.test(configContent)) {
+      findings.push({
+        tool: 'headers',
+        severity: 'MEDIUM',
+        file: configFiles[0],
+        line: 0,
+        message: `Missing ${name} header configuration`,
+        detail: `Add ${name} to your ${framework} config`,
+      });
+    }
+  }
+  s.succeed(`Security headers: ${findings.length} finding(s)`);
+  return findings;
+}
+function computeVerdict(findings) {
+  if (findings.some(f => f.severity === 'CRITICAL' || f.severity === 'HIGH')) return 'FAIL';
+  if (findings.length === 0) return 'PASS';
+  return 'PARTIAL';
+}
+async function generateReport(findings, tools, scanType) {
+  const verdict = computeVerdict(findings);
+  const now = new Date().toISOString().split('T')[0];
+  let md = `# Security Report\n\nDate: ${now}\nScan: ${scanType}\nVerdict: **${verdict}**\n\n`;
+  // Summary table
+  md += '## Summary\n\n';
+  md += '| Tool | Status | Findings |\n|------|--------|----------|\n';
+  const toolNames = ['gitleaks', 'semgrep', 'pnpm-audit', 'env-check', 'secret-grep'];
+  if (scanType === 'full') toolNames.push('trivy', 'pnpm-outdated', 'file-perms', 'headers');
+  for (const tool of toolNames) {
+    const installed = tools[tool] !== false;
+    const count = findings.filter(f => f.tool === tool).length;
+    const status = !installed ? 'SKIPPED' : count === 0 ? 'PASS' : 'FINDINGS';
+    md += `| ${tool} | ${status} | ${count} |\n`;
+  }
+  // Findings by severity
+  for (const sev of ['CRITICAL', 'HIGH', 'MEDIUM', 'LOW']) {
+    const group = findings.filter(f => f.severity === sev);
+    if (group.length === 0) continue;
+    md += `\n## ${sev} (${group.length})\n\n`;
+    for (const f of group) {
+      md += `- **${f.message}** — ${f.file}${f.line ? `:${f.line}` : ''}\n`;
+      if (f.detail) md += `  ${f.detail}\n`;
+    }
+  }
+  // Skipped tools
+  const missing = Object.entries(tools).filter(([, v]) => !v);
+  if (missing.length > 0) {
+    md += '\n## Skipped Tools\n\n';
+    const installCmds = {
+      gitleaks: 'brew install gitleaks',
+      semgrep: 'brew install semgrep',
+      trivy: 'brew install trivy',
+    };
+    for (const [name] of missing) {
+      md += `- **${name}**: not installed. Install: \`${installCmds[name] || 'N/A'}\`\n`;
+    }
+  }
+  md += '\n';
+  await writeFile(join(process.cwd(), '.golem/SECURITY_REPORT.md'), md);
+  return verdict;
+}
+async function installPreCommitHook() {
+  const hookPath = join(process.cwd(), '.git/hooks/pre-commit');
+  const hookContent = `#!/bin/sh
+# golem security pre-commit hook
+gitleaks detect --staged --no-git -v
+if [ $? -ne 0 ]; then
+  echo "\\n❌ gitleaks found secrets in staged files. Commit blocked."
+  echo "Remove the secrets and try again."
+  exit 1
+fi
+`;
+  try {
+    await access(hookPath);
+    warn('Pre-commit hook already exists. Overwriting.');
+  } catch {}
+  await writeFile(hookPath, hookContent);
+  await chmod(hookPath, 0o755);
+  success('Pre-commit hook installed at .git/hooks/pre-commit');
+}
+export async function runSecurityScan() {
+  const tools = await detectTools();
+  const framework = await detectFramework();
+  const findings = [];
+  if (tools.gitleaks) findings.push(...await runGitleaks(false));
+  if (tools.semgrep) findings.push(...await runSemgrep(framework));
+  findings.push(...await runPnpmAudit());
+  findings.push(...await checkEnvGitignore());
+  findings.push(...await grepHardcodedSecrets());
+  const verdict = computeVerdict(findings);
+  return { verdict, findings };
+}
+export async function runSecurity(opts = {}) {
+  const scanType = opts.full ? 'full' : 'default';
+  header(`Security Scan (${scanType})`);
+  // Detect tools
+  const tools = await detectTools();
+  const missing = Object.entries(tools).filter(([, v]) => !v).map(([k]) => k);
+  if (missing.length > 0) {
+    for (const name of missing) {
+      warn(`${name} not installed`);
+    }
+    if (opts.fix) {
+      for (const name of missing) {
+        const ok = await installTool(name);
+        if (ok) tools[name] = true;
+      }
+    } else {
+      info('Run with --fix to auto-install missing tools');
+    }
+  }
+  // Pre-commit hook
+  if (opts.preCommit) {
+    if (!tools.gitleaks) {
+      fail('gitleaks required for pre-commit hook. Run with --fix first.');
+      process.exit(1);
+    }
+    await installPreCommitHook();
+    return;
+  }
+  const framework = await detectFramework();
+  let allFindings = [];
+  if (tools.gitleaks) {
+    allFindings.push(...await runGitleaks(opts.full));
+  }
+  if (tools.semgrep) {
+    allFindings.push(...await runSemgrep(framework));
+  }
+  allFindings.push(...await runPnpmAudit());
+  allFindings.push(...await checkEnvGitignore());
+  allFindings.push(...await grepHardcodedSecrets());
+  if (opts.full) {
+    if (tools.trivy) {
+      allFindings.push(...await runTrivy());
+    }
+    allFindings.push(...await checkPnpmOutdated());
+    allFindings.push(...await checkFilePermissions());
+    allFindings.push(...await checkSecurityHeaders(framework));
+  }
+  console.log();
+  const verdict = await generateReport(allFindings, tools, scanType);
+  if (opts.json) {
+    console.log(JSON.stringify({ verdict, findings: allFindings, tools }, null, 2));
+  } else {
+    header('Results');
+    if (allFindings.length === 0) {
+      success('No security issues found');
+    } else {
+      table(
+        ['Severity', 'Tool', 'Message', 'File'],
+        allFindings.map(f => [
+          f.severity,
+          f.tool,
+          f.message.slice(0, 50),
+          `${f.file}${f.line ? `:${f.line}` : ''}`,
+        ]),
+      );
+    }
+    console.log();
+    ({ PASS: success, PARTIAL: warn, FAIL: fail }[verdict] || fail)(`Verdict: ${verdict}`);
+    info('Report saved to .golem/SECURITY_REPORT.md');
+  }
+  process.exit(verdict === 'PASS' ? 0 : 1);
+}

package/.golem/lib/simplify.mjs ADDED Viewed

@@ -0,0 +1,101 @@
+import { readFile } from 'node:fs/promises';
+import { execSync } from 'node:child_process';
+import { join } from 'node:path';
+import { header, info, fail, warn } from './output.mjs';
+import { loadConfig } from './config.mjs';
+import { runClaude, checkClaudeCli } from './claude.mjs';
+import { attachDisplay } from './display.mjs';
+function getLastCommitFiles() {
+  try {
+    const output = execSync('git diff --name-only HEAD~1 HEAD', {
+      cwd: process.cwd(),
+      encoding: 'utf-8',
+    });
+    return output.trim().split('\n').filter(Boolean);
+  } catch {
+    return [];
+  }
+}
+const SKIP_PATTERNS = [
+  /\.test\.\w+$/,
+  /\.spec\.\w+$/,
+  /\.config\.\w+$/,
+  /\.d\.ts$/,
+  /lock\.\w+$/,
+  /\.lock$/,
+  /\.generated\./,
+  /node_modules\//,
+  /dist\//,
+  /\.min\.\w+$/,
+];
+function filterFiles(files) {
+  return files.filter(f => !SKIP_PATTERNS.some(p => p.test(f)));
+}
+async function buildPrompt(files) {
+  let prompt;
+  try {
+    prompt = await readFile(join(process.cwd(), '.golem/prompts/simplify.md'), 'utf-8');
+  } catch {
+    prompt = 'Simplify the given files. Run tests after each change. Revert on failure.';
+  }
+  const testCmd = await getTestCommand();
+  const fileList = files.map(f => `- ${f}`).join('\n');
+  return prompt.replace('{{FILES}}', fileList)
+    + `\n\n## Test Command\n\n\`${testCmd}\`\n`;
+}
+async function getTestCommand() {
+  try {
+    const agents = await readFile(join(process.cwd(), '.golem/AGENTS.md'), 'utf-8');
+    const match = agents.match(/## Testing\s+```\w*\n([\s\S]*?)```/);
+    if (match) return match[1].trim();
+  } catch { /* fall through */ }
+  return 'node --test';
+}
+export async function runSimplify(path) {
+  if (!checkClaudeCli()) {
+    fail('Claude CLI not found. Install it from https://docs.anthropic.com/en/docs/claude-code');
+    process.exit(1);
+  }
+  const config = await loadConfig();
+  let files;
+  if (path) {
+    files = [path];
+  } else {
+    files = getLastCommitFiles();
+    if (files.length === 0) {
+      warn('No files found from last commit.');
+      return;
+    }
+  }
+  files = filterFiles(files);
+  if (files.length === 0) {
+    warn('No simplifiable files (all matched skip patterns).');
+    return;
+  }
+  header('Golem Simplify');
+  info(`Targeting ${files.length} file(s): ${files.join(', ')}`);
+  const prompt = await buildPrompt(files);
+  const emitter = runClaude(prompt, { model: config.model });
+  attachDisplay(emitter);
+  await new Promise((resolve) => {
+    emitter.on('close', () => resolve());
+    emitter.on('error', (err) => {
+      fail(`Claude error: ${err.message}`);
+      resolve();
+    });
+  });
+}