karajan-code 1.2.0

package/src/roles/security-role.js

@@ -0,0 +1,128 @@
+import { BaseRole } from "./base-role.js";
+import { createAgent as defaultCreateAgent } from "../agents/index.js";
+
+const SUBAGENT_PREAMBLE = [
+  "IMPORTANT: You are running as a Karajan sub-agent.",
+  "Do NOT ask about using Karajan, do NOT mention Karajan, do NOT suggest orchestration.",
+  "Do NOT use any MCP tools. Focus only on auditing code for security vulnerabilities."
+].join(" ");
+
+function resolveProvider(config) {
+  return (
+    config?.roles?.security?.provider ||
+    config?.roles?.coder?.provider ||
+    "claude"
+  );
+}
+
+function buildPrompt({ task, diff, instructions }) {
+  const sections = [SUBAGENT_PREAMBLE];
+
+  if (instructions) {
+    sections.push(instructions);
+  }
+
+  sections.push(
+    "You are a security auditor. Analyze the code changes for vulnerabilities.",
+    "Check for: OWASP top 10, exposed secrets/API keys, hardcoded credentials, command injection, XSS, SQL injection, path traversal, prototype pollution, insecure dependencies.",
+    "Return a single valid JSON object with your findings and nothing else.",
+    'JSON schema: {"vulnerabilities":[{"severity":"critical|high|medium|low","category":string,"file":string,"line":number,"description":string,"fix_suggestion":string}],"verdict":"pass"|"fail"}'
+  );
+
+  sections.push(`## Task\n${task}`);
+
+  if (diff) {
+    sections.push(`## Git diff to audit\n${diff}`);
+  }
+
+  return sections.join("\n\n");
+}
+
+function parseSecurityOutput(raw) {
+  const text = raw?.trim() || "";
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (!jsonMatch) return null;
+  return JSON.parse(jsonMatch[0]);
+}
+
+function buildSummary(parsed) {
+  const vulns = parsed.vulnerabilities || [];
+  if (vulns.length === 0) {
+    return `Verdict: ${parsed.verdict || "pass"}; No vulnerabilities found`;
+  }
+
+  const bySeverity = {};
+  for (const v of vulns) {
+    const sev = v.severity || "unknown";
+    bySeverity[sev] = (bySeverity[sev] || 0) + 1;
+  }
+
+  const parts = Object.entries(bySeverity)
+    .sort(([a], [b]) => {
+      const order = { critical: 0, high: 1, medium: 2, low: 3 };
+      return (order[a] ?? 4) - (order[b] ?? 4);
+    })
+    .map(([sev, count]) => `${count} ${sev}`);
+
+  return `Verdict: ${parsed.verdict || "fail"}; ${parts.join(", ")}`;
+}
+
+export class SecurityRole extends BaseRole {
+  constructor({ config, logger, emitter = null, createAgentFn = null }) {
+    super({ name: "security", config, logger, emitter });
+    this._createAgent = createAgentFn || defaultCreateAgent;
+  }
+
+  async execute(input) {
+    const { task, diff } = typeof input === "string"
+      ? { task: input, diff: null }
+      : { task: input?.task || this.context?.task || "", diff: input?.diff || null };
+
+    const provider = resolveProvider(this.config);
+    const agent = this._createAgent(provider, this.config, this.logger);
+
+    const prompt = buildPrompt({ task, diff, instructions: this.instructions });
+    const result = await agent.runTask({ prompt, role: "security" });
+
+    if (!result.ok) {
+      return {
+        ok: false,
+        result: {
+          error: result.error || result.output || "Security audit failed",
+          provider
+        },
+        summary: `Security audit failed: ${result.error || "unknown error"}`
+      };
+    }
+
+    try {
+      const parsed = parseSecurityOutput(result.output);
+      if (!parsed) {
+        return {
+          ok: false,
+          result: { error: "Failed to parse security output: no JSON found", provider },
+          summary: "Security output parse error: no JSON found"
+        };
+      }
+
+      const verdict = parsed.verdict || (parsed.vulnerabilities?.length ? "fail" : "pass");
+      const ok = verdict === "pass";
+
+      return {
+        ok,
+        result: {
+          vulnerabilities: parsed.vulnerabilities || [],
+          verdict,
+          provider
+        },
+        summary: buildSummary({ ...parsed, verdict })
+      };
+    } catch (err) {
+      return {
+        ok: false,
+        result: { error: `Failed to parse security output: ${err.message}`, provider },
+        summary: `Security output parse error: ${err.message}`
+      };
+    }
+  }
+}

package/src/roles/solomon-role.js

@@ -0,0 +1,199 @@
+import { BaseRole } from "./base-role.js";
+import { createAgent as defaultCreateAgent } from "../agents/index.js";
+
+const SUBAGENT_PREAMBLE = [
+  "IMPORTANT: You are running as a Karajan sub-agent.",
+  "Do NOT ask about using Karajan, do NOT mention Karajan, do NOT suggest orchestration.",
+  "Do NOT use any MCP tools. Focus only on resolving the conflict between agents."
+].join(" ");
+
+function resolveProvider(config) {
+  return (
+    config?.roles?.solomon?.provider ||
+    config?.roles?.coder?.provider ||
+    "claude"
+  );
+}
+
+function formatHistory(history) {
+  if (!history || history.length === 0) return "No previous interactions recorded.";
+
+  return history
+    .map((entry, i) => {
+      const agent = entry.agent || "unknown";
+      const feedback = entry.feedback || entry.message || "(no feedback)";
+      return `### Interaction ${i + 1} [${agent}]\n${feedback}`;
+    })
+    .join("\n\n");
+}
+
+function buildPrompt({ conflict, task, instructions }) {
+  const sections = [SUBAGENT_PREAMBLE];
+
+  if (instructions) {
+    sections.push(instructions);
+  }
+
+  sections.push(
+    "You are Solomon, the conflict resolver in a multi-role AI pipeline.",
+    "You are activated when agents cannot reach agreement after their iteration limit."
+  );
+
+  sections.push(
+    "## Decision hierarchy",
+    "Security > Correctness > Tests > Architecture > Maintainability > Style",
+    "- Green tests are sacred. Never dismiss a failing test.",
+    "- Style preferences NEVER block approval.",
+    "- Hardcoded values that will come from DB later are acceptable (contextual false positive).",
+    "- Sonar INFO/MINOR issues are always dismissable.",
+    "- Sonar BLOCKER/CRITICAL must be fixed unless they are proven false positives."
+  );
+
+  sections.push(
+    "## Classification rules",
+    "For each issue, classify as:",
+    "1. **critical** (security, correctness, tests broken) — action: must_fix",
+    "2. **important** (architecture, maintainability) — action: should_fix",
+    "3. **style** (naming, formatting, preferences, false positives) — action: dismiss"
+  );
+
+  sections.push(
+    "## Your decision options",
+    '1. **approve** — All pending issues are style/false positives. Pipeline continues.',
+    '2. **approve_with_conditions** — Important issues exist but are fixable. Give exact instructions to Coder for one more attempt.',
+    '3. **escalate_human** — Critical issues that cannot be resolved, ambiguous requirements, architecture decisions, or business logic decisions.',
+    '4. **create_subtask** — A prerequisite task must be completed first to resolve the conflict. The current task will pause, the subtask runs, then the current task resumes.'
+  );
+
+  sections.push(
+    "Return a single valid JSON object with your ruling and nothing else.",
+    'JSON schema: {"ruling":"approve"|"approve_with_conditions"|"escalate_human"|"create_subtask","classification":[{"issue":string,"category":"critical"|"important"|"style","action":"must_fix"|"should_fix"|"dismiss"}],"conditions":[string],"dismissed":[string],"escalate":boolean,"escalate_reason":string|null,"subtask":{"title":string,"description":string,"reason":string}|null}'
+  );
+
+  const stage = conflict?.stage || "unknown";
+  const iterationCount = conflict?.iterationCount ?? "?";
+  const maxIterations = conflict?.maxIterations ?? "?";
+
+  sections.push(
+    `## Conflict context`,
+    `Stage: ${stage}`,
+    `Iterations exhausted: ${iterationCount}/${maxIterations}`
+  );
+
+  if (task) {
+    sections.push(`## Original task\n${task}`);
+  }
+
+  if (conflict?.diff) {
+    sections.push(`## Current diff\n${conflict.diff}`);
+  }
+
+  sections.push(`## Agent interaction history\n${formatHistory(conflict?.history)}`);
+
+  return sections.join("\n\n");
+}
+
+function parseSolomonOutput(raw) {
+  const text = raw?.trim() || "";
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (!jsonMatch) return null;
+  return JSON.parse(jsonMatch[0]);
+}
+
+function buildSummary(parsed) {
+  const ruling = parsed.ruling || "unknown";
+  const conditions = parsed.conditions || [];
+  const dismissed = parsed.dismissed || [];
+  const subtask = parsed.subtask || null;
+
+  if (ruling === "approve") {
+    const parts = ["Approved"];
+    if (dismissed.length > 0) parts.push(`${dismissed.length} dismissed`);
+    return parts.join("; ");
+  }
+
+  if (ruling === "approve_with_conditions") {
+    const parts = [`Approved with ${conditions.length} condition${conditions.length !== 1 ? "s" : ""}`];
+    if (dismissed.length > 0) parts.push(`${dismissed.length} dismissed`);
+    return parts.join("; ");
+  }
+
+  if (ruling === "escalate_human") {
+    return `Escalated to human: ${parsed.escalate_reason || "ambiguous conflict"}`;
+  }
+
+  if (ruling === "create_subtask") {
+    return `Subtask created: ${subtask?.title || "unnamed subtask"}`;
+  }
+
+  return `Solomon ruling: ${ruling}`;
+}
+
+export class SolomonRole extends BaseRole {
+  constructor({ config, logger, emitter = null, createAgentFn = null }) {
+    super({ name: "solomon", config, logger, emitter });
+    this._createAgent = createAgentFn || defaultCreateAgent;
+  }
+
+  async execute(input) {
+    const conflict = input?.conflict || {};
+
+    const provider = resolveProvider(this.config);
+    const agent = this._createAgent(provider, this.config, this.logger);
+
+    const prompt = buildPrompt({
+      conflict,
+      task: this.context?.task || "",
+      instructions: this.instructions
+    });
+
+    const result = await agent.runTask({ prompt, role: "solomon" });
+
+    if (!result.ok) {
+      return {
+        ok: false,
+        result: {
+          error: result.error || result.output || "Solomon arbitration failed",
+          provider
+        },
+        summary: `Solomon failed: ${result.error || "unknown error"}`
+      };
+    }
+
+    try {
+      const parsed = parseSolomonOutput(result.output);
+      if (!parsed) {
+        return {
+          ok: false,
+          result: { error: "Failed to parse Solomon output: no JSON found", provider },
+          summary: "Solomon output parse error: no JSON found"
+        };
+      }
+
+      const ruling = parsed.ruling || "approve";
+      const escalate = Boolean(parsed.escalate);
+      const ok = ruling !== "escalate_human";
+
+      return {
+        ok,
+        result: {
+          ruling,
+          classification: parsed.classification || [],
+          conditions: parsed.conditions || [],
+          dismissed: parsed.dismissed || [],
+          escalate,
+          escalate_reason: parsed.escalate_reason || null,
+          subtask: parsed.subtask || null,
+          provider
+        },
+        summary: buildSummary(parsed)
+      };
+    } catch (err) {
+      return {
+        ok: false,
+        result: { error: `Failed to parse Solomon output: ${err.message}`, provider },
+        summary: `Solomon output parse error: ${err.message}`
+      };
+    }
+  }
+}

package/src/roles/sonar-role.js

@@ -0,0 +1,65 @@
+import { BaseRole } from "./base-role.js";
+import { runSonarScan } from "../sonar/scanner.js";
+import { getQualityGateStatus, getOpenIssues } from "../sonar/api.js";
+import { shouldBlockByProfile, summarizeIssues } from "../sonar/enforcer.js";
+
+function normalizeIssues(rawIssues) {
+  return rawIssues.map((issue) => ({
+    severity: issue.severity || "UNKNOWN",
+    type: issue.type || "UNKNOWN",
+    file: issue.component || "",
+    line: issue.line || 0,
+    rule: issue.rule || "",
+    message: issue.message || ""
+  }));
+}
+
+export class SonarRole extends BaseRole {
+  constructor({ config, logger, emitter = null }) {
+    super({ name: "sonar", config, logger, emitter });
+  }
+
+  async execute(_input) {
+    const scan = await runSonarScan(this.config);
+
+    if (!scan.ok) {
+      return {
+        ok: false,
+        result: {
+          projectKey: scan.projectKey || null,
+          gateStatus: null,
+          issues: [],
+          openIssuesTotal: 0,
+          issuesSummary: "",
+          blocking: false,
+          error: scan.stderr || scan.stdout || "Scan failed"
+        },
+        summary: `Sonar scan failed: ${scan.stderr || scan.stdout || "unknown error"}`
+      };
+    }
+
+    const gate = await getQualityGateStatus(this.config, scan.projectKey);
+    const openIssues = await getOpenIssues(this.config, scan.projectKey);
+    const issues = normalizeIssues(openIssues.issues || []);
+    const issuesSummary = summarizeIssues(openIssues.issues || []);
+
+    const profile = this.config.sonarqube?.enforcement_profile || "pragmatic";
+    const blocking = shouldBlockByProfile({
+      gateStatus: gate.status,
+      profile
+    });
+
+    return {
+      ok: !blocking,
+      result: {
+        projectKey: scan.projectKey,
+        gateStatus: gate.status,
+        issues,
+        openIssuesTotal: openIssues.total || 0,
+        issuesSummary,
+        blocking
+      },
+      summary: `Quality gate: ${gate.status}; Issues: ${openIssues.total || 0}${issuesSummary ? ` (${issuesSummary})` : ""}${blocking ? " [BLOCKING]" : ""}`
+    };
+  }
+}

package/src/roles/tester-role.js

@@ -0,0 +1,114 @@
+import { BaseRole } from "./base-role.js";
+import { createAgent as defaultCreateAgent } from "../agents/index.js";
+
+const SUBAGENT_PREAMBLE = [
+  "IMPORTANT: You are running as a Karajan sub-agent.",
+  "Do NOT ask about using Karajan, do NOT mention Karajan, do NOT suggest orchestration.",
+  "Do NOT use any MCP tools. Focus only on evaluating test quality."
+].join(" ");
+
+function resolveProvider(config) {
+  return (
+    config?.roles?.tester?.provider ||
+    config?.roles?.coder?.provider ||
+    "claude"
+  );
+}
+
+function buildPrompt({ task, diff, sonarIssues, instructions }) {
+  const sections = [SUBAGENT_PREAMBLE];
+
+  if (instructions) {
+    sections.push(instructions);
+  }
+
+  sections.push(
+    "You are a test quality gate. You do NOT write tests — you evaluate them.",
+    "Run the test suite, check coverage, identify missing scenarios, and evaluate assertion quality.",
+    "Return a single valid JSON object with your findings and nothing else.",
+    'JSON schema: {"tests_pass":boolean,"coverage":{"overall":number,"services":number,"utilities":number},"missing_scenarios":[string],"quality_issues":[string],"verdict":"pass"|"fail"}'
+  );
+
+  sections.push(`## Task\n${task}`);
+
+  if (diff) {
+    sections.push(`## Git diff\n${diff}`);
+  }
+
+  if (sonarIssues) {
+    sections.push(`## Sonar test issues\n${sonarIssues}`);
+  }
+
+  return sections.join("\n\n");
+}
+
+function parseTesterOutput(raw) {
+  const text = raw?.trim() || "";
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (!jsonMatch) return null;
+  return JSON.parse(jsonMatch[0]);
+}
+
+export class TesterRole extends BaseRole {
+  constructor({ config, logger, emitter = null, createAgentFn = null }) {
+    super({ name: "tester", config, logger, emitter });
+    this._createAgent = createAgentFn || defaultCreateAgent;
+  }
+
+  async execute(input) {
+    const { task, diff, sonarIssues } = typeof input === "string"
+      ? { task: input, diff: null, sonarIssues: null }
+      : { task: input?.task || this.context?.task || "", diff: input?.diff || null, sonarIssues: input?.sonarIssues || null };
+
+    const provider = resolveProvider(this.config);
+    const agent = this._createAgent(provider, this.config, this.logger);
+
+    const prompt = buildPrompt({ task, diff, sonarIssues, instructions: this.instructions });
+    const result = await agent.runTask({ prompt, role: "tester" });
+
+    if (!result.ok) {
+      return {
+        ok: false,
+        result: {
+          error: result.error || result.output || "Tester failed",
+          provider
+        },
+        summary: `Tester failed: ${result.error || "unknown error"}`
+      };
+    }
+
+    try {
+      const parsed = parseTesterOutput(result.output);
+      if (!parsed) {
+        return {
+          ok: false,
+          result: { error: "Failed to parse tester output: no JSON found", provider },
+          summary: "Tester output parse error: no JSON found"
+        };
+      }
+
+      const verdict = parsed.verdict || (parsed.tests_pass ? "pass" : "fail");
+      const ok = verdict === "pass";
+      const coverage = parsed.coverage || {};
+
+      return {
+        ok,
+        result: {
+          tests_pass: Boolean(parsed.tests_pass),
+          coverage,
+          missing_scenarios: parsed.missing_scenarios || [],
+          quality_issues: parsed.quality_issues || [],
+          verdict,
+          provider
+        },
+        summary: `Verdict: ${verdict}; Coverage: ${coverage.overall ?? "?"}%${parsed.missing_scenarios?.length ? `; ${parsed.missing_scenarios.length} missing scenario(s)` : ""}${parsed.quality_issues?.length ? `; ${parsed.quality_issues.length} quality issue(s)` : ""}`
+      };
+    } catch (err) {
+      return {
+        ok: false,
+        result: { error: `Failed to parse tester output: ${err.message}`, provider },
+        summary: `Tester output parse error: ${err.message}`
+      };
+    }
+  }
+}

package/src/roles/triage-role.js

@@ -0,0 +1,128 @@
+import { BaseRole } from "./base-role.js";
+import { createAgent as defaultCreateAgent } from "../agents/index.js";
+
+const SUBAGENT_PREAMBLE = [
+  "IMPORTANT: You are running as a Karajan sub-agent.",
+  "Do NOT ask about using Karajan, do NOT mention Karajan, do NOT suggest orchestration.",
+  "Do NOT use any MCP tools. Focus only on task complexity triage."
+].join(" ");
+
+const VALID_LEVELS = new Set(["trivial", "simple", "medium", "complex"]);
+const VALID_ROLES = new Set(["planner", "researcher", "refactorer", "reviewer", "tester", "security"]);
+
+function resolveProvider(config) {
+  return (
+    config?.roles?.triage?.provider ||
+    config?.roles?.coder?.provider ||
+    "claude"
+  );
+}
+
+function buildPrompt({ task, instructions }) {
+  const sections = [SUBAGENT_PREAMBLE];
+
+  if (instructions) {
+    sections.push(instructions);
+  }
+
+  sections.push(
+    "Classify the task complexity and recommend only the necessary pipeline roles.",
+    "Keep the reasoning short and practical.",
+    "Return a single valid JSON object and nothing else.",
+    'JSON schema: {"level":"trivial|simple|medium|complex","roles":["planner|researcher|refactorer|reviewer|tester|security"],"reasoning":string}'
+  );
+
+  sections.push(`## Task\n${task}`);
+
+  return sections.join("\n\n");
+}
+
+function parseTriageOutput(raw) {
+  const text = raw?.trim() || "";
+  const jsonMatch = text.match(/\{[\s\S]*\}/);
+  if (!jsonMatch) return null;
+  return JSON.parse(jsonMatch[0]);
+}
+
+function normalizeRoles(roles) {
+  if (!Array.isArray(roles)) return [];
+  return Array.from(new Set(roles.filter((role) => VALID_ROLES.has(role))));
+}
+
+export class TriageRole extends BaseRole {
+  constructor({ config, logger, emitter = null, createAgentFn = null }) {
+    super({ name: "triage", config, logger, emitter });
+    this._createAgent = createAgentFn || defaultCreateAgent;
+  }
+
+  async execute(input) {
+    const task = typeof input === "string"
+      ? input
+      : input?.task || this.context?.task || "";
+
+    const provider = resolveProvider(this.config);
+    const agent = this._createAgent(provider, this.config, this.logger);
+
+    const prompt = buildPrompt({ task, instructions: this.instructions });
+    const result = await agent.runTask({ prompt, role: "triage" });
+
+    if (!result.ok) {
+      return {
+        ok: false,
+        result: {
+          error: result.error || result.output || "Triage failed",
+          provider
+        },
+        summary: `Triage failed: ${result.error || "unknown error"}`,
+        usage: result.usage
+      };
+    }
+
+    try {
+      const parsed = parseTriageOutput(result.output);
+      if (!parsed) {
+        return {
+          ok: true,
+          result: {
+            level: "medium",
+            roles: ["reviewer"],
+            reasoning: "Unstructured output, using safe defaults.",
+            provider,
+            raw: result.output
+          },
+          summary: "Triage complete (fallback defaults)",
+          usage: result.usage
+        };
+      }
+
+      const level = VALID_LEVELS.has(parsed.level) ? parsed.level : "medium";
+      const roles = normalizeRoles(parsed.roles);
+      const reasoning = String(parsed.reasoning || "").trim() || "No reasoning provided.";
+
+      return {
+        ok: true,
+        result: {
+          level,
+          roles,
+          reasoning,
+          provider
+        },
+        summary: `Triage: ${level} (${roles.length} role${roles.length === 1 ? "" : "s"})`,
+        usage: result.usage
+      };
+    } catch {
+      return {
+        ok: true,
+        result: {
+          level: "medium",
+          roles: ["reviewer"],
+          reasoning: "Failed to parse triage output, using safe defaults.",
+          provider,
+          raw: result.output
+        },
+        summary: "Triage complete (fallback defaults)",
+        usage: result.usage
+      };
+    }
+  }
+}