octocode-cli 1.3.1 → 1.5.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +193 -34
- package/out/chunks/chunk-7476PETK.js +309 -0
- package/out/chunks/chunk-CVNNNSMQ.js +26 -0
- package/out/chunks/chunk-OQBJTZWK.js +60 -0
- package/out/chunks/chunk-UCZCF3BQ.js +9 -0
- package/out/chunks/command-help-specs-JZXVSLZ5.js +8 -0
- package/out/chunks/commands-XBFPLHSQ.js +8 -0
- package/out/chunks/help-P7TCOYAJ.js +10 -0
- package/out/chunks/main-help-ULF5PAQY.js +10 -0
- package/out/chunks/prompts-5E6VKRX5.js +8 -0
- package/out/chunks/spinner-URV2OX6O.js +8 -0
- package/out/chunks/tool-command-M6VA7P2F.js +8 -0
- package/out/octocode-cli.js +1 -1
- package/package.json +5 -3
- package/skills/README.md +13 -1
- package/skills/agentic-flow-best-practices/SKILL.md +280 -0
- package/skills/agentic-flow-best-practices/references/agent-collaboration-patterns.md +75 -0
- package/skills/agentic-flow-best-practices/references/pr-review-agent-example.md +47 -0
- package/skills/agentic-flow-best-practices/references/resources.md +112 -0
- package/skills/octocode-chrome-devtools/README.md +541 -0
- package/skills/octocode-chrome-devtools/SKILL.md +197 -0
- package/skills/octocode-chrome-devtools/agents/openai.yaml +7 -0
- package/skills/octocode-chrome-devtools/references/CDP_AGENT_REFERENCE.md +401 -0
- package/skills/octocode-chrome-devtools/references/CHROME_FLAGS.md +234 -0
- package/skills/octocode-chrome-devtools/references/INTENTS.md +108 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTH.md +179 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_AUTOMATION.md +214 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_DEBUG.md +329 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_ENVIRONMENT.md +237 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_INSPECT.md +263 -0
- package/skills/octocode-chrome-devtools/references/INTENTS_STORAGE_CONSENT.md +214 -0
- package/skills/octocode-chrome-devtools/references/RECOVERY.md +39 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS.md +43 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_ASYNC_WORKERS.md +345 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_BROWSER.md +403 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_OBSERVE.md +275 -0
- package/skills/octocode-chrome-devtools/references/SCRIPT_PATTERNS_SPECIAL.md +18 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-runner.mjs +503 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-sandbox.mjs +123 -0
- package/skills/octocode-chrome-devtools/scripts/cdp-template.mjs +81 -0
- package/skills/octocode-chrome-devtools/scripts/octocode-chrome-devtools.vpn.example.json +8 -0
- package/skills/octocode-chrome-devtools/scripts/open-browser.mjs +362 -0
- package/skills/octocode-chrome-devtools/scripts/sourcemap-resolver.mjs +193 -0
- package/skills/octocode-chrome-devtools/scripts/undercover.mjs +226 -0
- package/skills/octocode-design/README.md +2 -2
- package/skills/octocode-documentation-writer/README.md +1 -1
- package/skills/octocode-engineer/README.md +1 -1
- package/skills/octocode-engineer/SKILL.md +4 -2
- package/skills/octocode-engineer/references/output-files.md +3 -3
- package/skills/octocode-engineer/scripts/run.js +136 -136
- package/skills/octocode-engineer/src/reporting/summary-md.test.ts +48 -0
- package/skills/octocode-engineer/src/reporting/summary-md.ts +43 -2
- package/skills/octocode-install/SKILL.md +1 -1
- package/skills/octocode-pull-request-reviewer/README.md +5 -5
- package/skills/octocode-pull-request-reviewer/SKILL.md +1 -1
- package/skills/octocode-research/AGENTS.md +1 -1
- package/skills/octocode-research/README.md +2 -2
- package/skills/octocode-research/docs/ARCHITECTURE.md +1 -1
- package/skills/octocode-research/scripts/server.js +191 -246
- package/skills/octocode-research/src/routes/github.ts +4 -21
- package/skills/octocode-research/src/routes/local.ts +4 -21
- package/skills/octocode-research/src/utils/fileContentTransform.ts +44 -0
- package/skills/octocode-search-skill/SKILL.md +245 -229
- package/skills/octocode-search-skill/references/agent-skills-guide.md +177 -0
- package/skills/octocode-search-skill/references/discovery-surfaces.md +162 -0
- package/skills/octocode-search-skill/references/fetch-and-create-locally.md +57 -0
- package/skills/octocode-search-skill/references/install-reference.md +130 -0
- package/skills/octocode-search-skill/references/references-template.md +27 -0
- package/skills/octocode-search-skill/references/references.md +62 -0
- package/skills/octocode-slides/README.md +307 -0
- package/skills/octocode-slides/SKILL.md +410 -0
- package/skills/octocode-slides/references/01-brief.md +156 -0
- package/skills/octocode-slides/references/02-research.md +149 -0
- package/skills/octocode-slides/references/03-outline.md +172 -0
- package/skills/octocode-slides/references/04-design.md +301 -0
- package/skills/octocode-slides/references/05-implementation.md +213 -0
- package/skills/octocode-slides/references/06-review.md +258 -0
- package/skills/octocode-slides/references/animation.md +281 -0
- package/skills/octocode-slides/references/design-system.md +316 -0
- package/skills/octocode-slides/references/html-templates.md +673 -0
- package/skills/octocode-slides/references/image-generation.md +448 -0
- package/skills/octocode-slides/references/resources.md +840 -0
- package/skills/octocode-slides/references/slide-rules.md +541 -0
- package/skills/octocode-slides/references/wireframes.md +727 -0
- package/skills/octocode-slides/scripts/animation.js +182 -0
- package/skills/octocode-slides/scripts/base.css +353 -0
- package/skills/octocode-slides/scripts/base.html +655 -0
- package/skills/octocode-slides/scripts/generate_image.py +221 -0
- package/skills/octocode-slides/scripts/navbridge.js +79 -0
- package/skills/octocode-slides/scripts/presenter.js +316 -0
- package/skills/octocode-slides/scripts/slide.html +248 -0
- package/skills/octocode-stats/SKILL.md +73 -0
- package/skills/octocode-stats/assets/template.html +1332 -0
- package/skills/octocode-stats/scripts/build_dashboard.mjs +407 -0
- package/assets/example.png +0 -0
- package/out/chunks/chunk-QCY7Q7YW.js +0 -389
- package/out/chunks/command-help-specs-CQ3RBLP6.js +0 -8
- package/out/chunks/commands-OCTZP2TO.js +0 -51
- package/out/chunks/help-XPXP46ZT.js +0 -10
- package/out/chunks/main-help-35HX2UDQ.js +0 -10
- package/out/chunks/tool-command-HOSMVLNK.js +0 -8
- package/skills/octocode-search-skill/INSTALL_REFERENCE.md +0 -112
|
@@ -0,0 +1,226 @@
|
|
|
1
|
+
// Drop-in stealth patches for public sites likely to fingerprint headless Chrome.
|
|
2
|
+
// Import from generated scripts before Page.navigate.
|
|
3
|
+
export async function applyStealthPatches(cdp, opts = {}) {
|
|
4
|
+
const ua = opts.userAgent ??
|
|
5
|
+
'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36';
|
|
6
|
+
|
|
7
|
+
await cdp.send('Network.setUserAgentOverride', {
|
|
8
|
+
userAgent: ua,
|
|
9
|
+
platform: 'Win32',
|
|
10
|
+
userAgentMetadata: {
|
|
11
|
+
brands: [
|
|
12
|
+
{ brand: 'Chromium', version: '124' },
|
|
13
|
+
{ brand: 'Google Chrome', version: '124' },
|
|
14
|
+
{ brand: 'Not-A.Brand', version: '99' },
|
|
15
|
+
],
|
|
16
|
+
fullVersion: '124.0.0.0',
|
|
17
|
+
platform: 'Windows',
|
|
18
|
+
platformVersion: '10.0.0',
|
|
19
|
+
architecture: 'x86',
|
|
20
|
+
model: '',
|
|
21
|
+
mobile: false,
|
|
22
|
+
},
|
|
23
|
+
});
|
|
24
|
+
|
|
25
|
+
await cdp.send('Emulation.setDeviceMetricsOverride', {
|
|
26
|
+
width: 1920, height: 1080,
|
|
27
|
+
deviceScaleFactor: 1,
|
|
28
|
+
mobile: false,
|
|
29
|
+
screenWidth: 1920, screenHeight: 1080,
|
|
30
|
+
positionX: 0, positionY: 0,
|
|
31
|
+
});
|
|
32
|
+
|
|
33
|
+
await cdp.send('Emulation.setTimezoneOverride', { timezoneId: opts.timezone ?? 'America/New_York' });
|
|
34
|
+
await cdp.send('Emulation.setLocaleOverride', { locale: opts.locale ?? 'en-US' });
|
|
35
|
+
|
|
36
|
+
await cdp.send('Emulation.setGeolocationOverride', {
|
|
37
|
+
latitude: opts.lat ?? 40.7128,
|
|
38
|
+
longitude: opts.lon ?? -74.0060,
|
|
39
|
+
accuracy: 100,
|
|
40
|
+
});
|
|
41
|
+
|
|
42
|
+
await cdp.send('Browser.grantPermissions', {
|
|
43
|
+
permissions: ['geolocation', 'notifications', 'camera', 'microphone'],
|
|
44
|
+
origin: opts.origin ?? undefined,
|
|
45
|
+
});
|
|
46
|
+
|
|
47
|
+
await cdp.send('Network.setExtraHTTPHeaders', {
|
|
48
|
+
headers: {
|
|
49
|
+
'Accept-Language': 'en-US,en;q=0.9',
|
|
50
|
+
'Accept-Encoding': 'gzip, deflate, br',
|
|
51
|
+
'sec-ch-ua': '"Chromium";v="124", "Google Chrome";v="124", "Not-A.Brand";v="99"',
|
|
52
|
+
'sec-ch-ua-mobile': '?0',
|
|
53
|
+
'sec-ch-ua-platform': '"Windows"',
|
|
54
|
+
},
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
await cdp.send('Page.addScriptToEvaluateOnNewDocument', { source: `(function(){
|
|
58
|
+
const _patchedFns = new WeakSet();
|
|
59
|
+
const _nativeToString = Function.prototype.toString;
|
|
60
|
+
Function.prototype.toString = new Proxy(_nativeToString, {
|
|
61
|
+
apply(t, obj, a) { return _patchedFns.has(obj) ? 'function () { [native code] }' : Reflect.apply(t, obj, a); },
|
|
62
|
+
});
|
|
63
|
+
function def(obj, prop, fn) {
|
|
64
|
+
_patchedFns.add(fn);
|
|
65
|
+
try { Object.defineProperty(obj, prop, { get: fn, configurable: true, enumerable: true }); } catch (_) {}
|
|
66
|
+
}
|
|
67
|
+
|
|
68
|
+
def(navigator, 'webdriver', () => undefined);
|
|
69
|
+
def(navigator, 'vendor', () => 'Google Inc.');
|
|
70
|
+
def(navigator, 'platform', () => 'Win32');
|
|
71
|
+
def(navigator, 'maxTouchPoints', () => 0);
|
|
72
|
+
def(navigator, 'hardwareConcurrency', () => 8);
|
|
73
|
+
def(navigator, 'deviceMemory', () => 8);
|
|
74
|
+
def(navigator, 'cookieEnabled', () => true);
|
|
75
|
+
def(navigator, 'languages', () => ['en-US', 'en']);
|
|
76
|
+
|
|
77
|
+
if (!window.chrome) window.chrome = {
|
|
78
|
+
runtime: { id: undefined, connect: () => {}, sendMessage: () => {}, onMessage: { addListener: () => {}, removeListener: () => {} } },
|
|
79
|
+
app: { isInstalled: false }, csi: () => {}, loadTimes: () => ({}),
|
|
80
|
+
};
|
|
81
|
+
|
|
82
|
+
def(navigator, 'plugins', () => Object.assign(
|
|
83
|
+
[{ name: 'Chrome PDF Plugin', filename: 'internal-pdf-viewer', description: 'Portable Document Format', length: 1 },
|
|
84
|
+
{ name: 'Chrome PDF Viewer', filename: 'mhjfbmdgcfjbbpaeojofohoefgiehjai', description: '', length: 1 },
|
|
85
|
+
{ name: 'Native Client', filename: 'internal-nacl-plugin', description: '', length: 2 }],
|
|
86
|
+
{ namedItem: () => null, refresh: () => {}, item: () => null }
|
|
87
|
+
));
|
|
88
|
+
def(navigator, 'mimeTypes', () => Object.assign(
|
|
89
|
+
[{ type: 'application/pdf', suffixes: 'pdf', description: '', enabledPlugin: null }],
|
|
90
|
+
{ namedItem: () => null, item: () => null }
|
|
91
|
+
));
|
|
92
|
+
|
|
93
|
+
const _origQuery = navigator.permissions.query.bind(navigator.permissions);
|
|
94
|
+
navigator.permissions.query = function(p) {
|
|
95
|
+
if (['notifications','camera','microphone'].includes(p.name)) return Promise.resolve({ state: 'prompt', onchange: null });
|
|
96
|
+
return _origQuery(p);
|
|
97
|
+
};
|
|
98
|
+
_patchedFns.add(navigator.permissions.query);
|
|
99
|
+
|
|
100
|
+
if (navigator.connection) {
|
|
101
|
+
def(navigator.connection, 'rtt', () => 50);
|
|
102
|
+
def(navigator.connection, 'downlink', () => 10);
|
|
103
|
+
def(navigator.connection, 'effectiveType',() => '4g');
|
|
104
|
+
def(navigator.connection, 'saveData', () => false);
|
|
105
|
+
}
|
|
106
|
+
|
|
107
|
+
document.hasFocus = function() { return true; };
|
|
108
|
+
_patchedFns.add(document.hasFocus);
|
|
109
|
+
|
|
110
|
+
def(window, 'outerWidth', () => 1920); def(window, 'outerHeight', () => 1080);
|
|
111
|
+
def(window, 'screenX', () => 20); def(window, 'screenY', () => 40);
|
|
112
|
+
def(screen, 'width', () => 1920); def(screen, 'height', () => 1080);
|
|
113
|
+
def(screen, 'availWidth', () => 1920); def(screen, 'availHeight', () => 1040);
|
|
114
|
+
def(screen, 'colorDepth', () => 24); def(screen, 'pixelDepth', () => 24);
|
|
115
|
+
|
|
116
|
+
const patchWebGL = ctx => {
|
|
117
|
+
const o = ctx.prototype.getParameter;
|
|
118
|
+
ctx.prototype.getParameter = function(p) {
|
|
119
|
+
if (p === 37445) return 'Intel Inc.';
|
|
120
|
+
if (p === 37446) return 'Intel Iris OpenGL Engine';
|
|
121
|
+
return o.call(this, p);
|
|
122
|
+
};
|
|
123
|
+
_patchedFns.add(ctx.prototype.getParameter);
|
|
124
|
+
};
|
|
125
|
+
patchWebGL(WebGLRenderingContext);
|
|
126
|
+
if (typeof WebGL2RenderingContext !== 'undefined') patchWebGL(WebGL2RenderingContext);
|
|
127
|
+
|
|
128
|
+
const _origToDU = HTMLCanvasElement.prototype.toDataURL;
|
|
129
|
+
HTMLCanvasElement.prototype.toDataURL = function(...a) {
|
|
130
|
+
const c = this.getContext('2d');
|
|
131
|
+
if (c && this.width > 0 && this.height > 0) { const i = c.getImageData(0,0,1,1); i.data[0]^=1; c.putImageData(i,0,0); }
|
|
132
|
+
return _origToDU.apply(this, a);
|
|
133
|
+
};
|
|
134
|
+
_patchedFns.add(HTMLCanvasElement.prototype.toDataURL);
|
|
135
|
+
|
|
136
|
+
if (window.AudioBuffer) {
|
|
137
|
+
const _origGCD = AudioBuffer.prototype.getChannelData;
|
|
138
|
+
AudioBuffer.prototype.getChannelData = function(ch) {
|
|
139
|
+
const d = _origGCD.call(this, ch);
|
|
140
|
+
if (d.length > 0) d[0] += 1e-7 * Math.random();
|
|
141
|
+
return d;
|
|
142
|
+
};
|
|
143
|
+
_patchedFns.add(AudioBuffer.prototype.getChannelData);
|
|
144
|
+
}
|
|
145
|
+
|
|
146
|
+
if (navigator.mediaDevices?.enumerateDevices) {
|
|
147
|
+
const _origEnum = navigator.mediaDevices.enumerateDevices.bind(navigator.mediaDevices);
|
|
148
|
+
navigator.mediaDevices.enumerateDevices = function() {
|
|
149
|
+
return _origEnum().then(r => r.length > 0 ? r : [
|
|
150
|
+
{ deviceId: 'default', kind: 'audioinput', label: '', groupId: 'default' },
|
|
151
|
+
{ deviceId: 'default', kind: 'audiooutput', label: '', groupId: 'default' },
|
|
152
|
+
{ deviceId: 'default', kind: 'videoinput', label: '', groupId: 'default' },
|
|
153
|
+
]);
|
|
154
|
+
};
|
|
155
|
+
_patchedFns.add(navigator.mediaDevices.enumerateDevices);
|
|
156
|
+
}
|
|
157
|
+
|
|
158
|
+
const _ifd = Object.getOwnPropertyDescriptor(HTMLIFrameElement.prototype, 'contentWindow');
|
|
159
|
+
if (_ifd?.get) {
|
|
160
|
+
const _og = _ifd.get;
|
|
161
|
+
Object.defineProperty(HTMLIFrameElement.prototype, 'contentWindow', {
|
|
162
|
+
get: function() {
|
|
163
|
+
const w = _og.call(this);
|
|
164
|
+
if (w) { try { Object.defineProperty(w.navigator, 'webdriver', { get: () => undefined }); } catch(_){} }
|
|
165
|
+
return w;
|
|
166
|
+
},
|
|
167
|
+
configurable: true,
|
|
168
|
+
});
|
|
169
|
+
}
|
|
170
|
+
})();` });
|
|
171
|
+
|
|
172
|
+
console.log('[INJECT] Stealth patches applied (25 techniques)');
|
|
173
|
+
}
|
|
174
|
+
|
|
175
|
+
export async function verifyStealth(cdp) {
|
|
176
|
+
const { result } = await cdp.send('Runtime.evaluate', {
|
|
177
|
+
expression: `JSON.stringify({
|
|
178
|
+
webdriver: navigator.webdriver,
|
|
179
|
+
vendor: navigator.vendor,
|
|
180
|
+
platform: navigator.platform,
|
|
181
|
+
pluginCount: navigator.plugins.length,
|
|
182
|
+
hardwareConcurrency: navigator.hardwareConcurrency,
|
|
183
|
+
deviceMemory: navigator.deviceMemory,
|
|
184
|
+
lang0: navigator.languages?.[0],
|
|
185
|
+
outerWidth: window.outerWidth,
|
|
186
|
+
screenWidth: screen.width,
|
|
187
|
+
hasFocus: document.hasFocus(),
|
|
188
|
+
chromeRuntime: typeof window.chrome?.runtime,
|
|
189
|
+
webglVendor: (() => {
|
|
190
|
+
try {
|
|
191
|
+
const c = document.createElement('canvas');
|
|
192
|
+
const g = c.getContext('webgl');
|
|
193
|
+
const e = g?.getExtension('WEBGL_debug_renderer_info');
|
|
194
|
+
return e ? g.getParameter(e.UNMASKED_VENDOR_WEBGL) : null;
|
|
195
|
+
} catch(_) { return null; }
|
|
196
|
+
})(),
|
|
197
|
+
toStringSpoof: Function.prototype.toString.call(navigator.__defineGetter__),
|
|
198
|
+
})`,
|
|
199
|
+
returnByValue: true,
|
|
200
|
+
});
|
|
201
|
+
|
|
202
|
+
const v = JSON.parse(result.value ?? '{}');
|
|
203
|
+
const checks = [
|
|
204
|
+
['navigator.webdriver', v.webdriver === undefined, `expected undefined, got ${v.webdriver}`],
|
|
205
|
+
['navigator.vendor', v.vendor === 'Google Inc.', `expected "Google Inc.", got "${v.vendor}"`],
|
|
206
|
+
['navigator.platform', v.platform === 'Win32', `expected "Win32", got "${v.platform}"`],
|
|
207
|
+
['navigator.plugins >= 3', v.pluginCount >= 3, `expected >=3, got ${v.pluginCount}`],
|
|
208
|
+
['hardwareConcurrency', v.hardwareConcurrency === 8, `expected 8, got ${v.hardwareConcurrency}`],
|
|
209
|
+
['deviceMemory', v.deviceMemory === 8, `expected 8, got ${v.deviceMemory}`],
|
|
210
|
+
['languages[0]', v.lang0 === 'en-US', `expected "en-US", got "${v.lang0}"`],
|
|
211
|
+
['outerWidth', v.outerWidth === 1920, `expected 1920, got ${v.outerWidth}`],
|
|
212
|
+
['screen.width', v.screenWidth === 1920, `expected 1920, got ${v.screenWidth}`],
|
|
213
|
+
['document.hasFocus()', v.hasFocus === true, `expected true, got ${v.hasFocus}`],
|
|
214
|
+
['window.chrome.runtime', v.chromeRuntime === 'object', `expected object, got ${v.chromeRuntime}`],
|
|
215
|
+
['WebGL vendor', v.webglVendor === 'Intel Inc.', `expected "Intel Inc.", got "${v.webglVendor}"`],
|
|
216
|
+
['toString native spoof', (v.toStringSpoof ?? '').includes('[native code]'), `toString not spoofed`],
|
|
217
|
+
];
|
|
218
|
+
|
|
219
|
+
let passed = 0, failed = 0;
|
|
220
|
+
for (const [name, ok, msg] of checks) {
|
|
221
|
+
if (ok) { console.log(`[INJECT] PASS: ${name}`); passed++; }
|
|
222
|
+
else { console.log(`[FINDING] STEALTH_FAIL: ${name} - ${msg}`); failed++; }
|
|
223
|
+
}
|
|
224
|
+
console.log(`[INJECT] Stealth self-test: ${passed}/${checks.length} passed${failed > 0 ? ` - ${failed} FAILED` : ' - all clear'}`);
|
|
225
|
+
return { passed, failed, total: checks.length };
|
|
226
|
+
}
|
|
@@ -37,8 +37,8 @@ The skill is system-level, not only visual. It covers:
|
|
|
37
37
|
- Local tools enabled (`ENABLE_LOCAL=true`) for project-level analysis.
|
|
38
38
|
|
|
39
39
|
See:
|
|
40
|
-
- [Authentication Setup](https://github.com/bgauryy/octocode-mcp/blob/main/
|
|
41
|
-
- [Configuration Reference](https://github.com/bgauryy/octocode-mcp/blob/main/docs/CONFIGURATION_REFERENCE.md)
|
|
40
|
+
- [Authentication Setup](https://github.com/bgauryy/octocode-mcp/blob/main/docs/configuration/providers/AUTHENTICATION_SETUP.md)
|
|
41
|
+
- [Configuration Reference](https://github.com/bgauryy/octocode-mcp/blob/main/docs/configuration/CONFIGURATION_REFERENCE.md)
|
|
42
42
|
|
|
43
43
|
---
|
|
44
44
|
|
|
@@ -56,7 +56,7 @@ Install via the CLI or add to your MCP config:
|
|
|
56
56
|
}
|
|
57
57
|
```
|
|
58
58
|
|
|
59
|
-
For authentication and full setup, see the [Octocode MCP docs](https://github.com/bgauryy/octocode-mcp/blob/main/
|
|
59
|
+
For authentication and full setup, see the [Octocode MCP docs](https://github.com/bgauryy/octocode-mcp/blob/main/docs/configuration/providers/AUTHENTICATION_SETUP.md).
|
|
60
60
|
|
|
61
61
|
---
|
|
62
62
|
|
|
@@ -36,7 +36,7 @@ The skill runs a scan + validation workflow:
|
|
|
36
36
|
- **Security checks**: secrets, injection risks, traversal risks, unsafe sinks.
|
|
37
37
|
- **Test quality checks**: assertion density, mocking hygiene, cleanup issues.
|
|
38
38
|
- **AST tools**: 35 structural search presets (22 JS/TS + 13 Python) and AST tree exploration.
|
|
39
|
-
- **Hybrid quality ratings** (AI + structure): Architecture & Structure, Folder Topology, Naming Quality, Common/Shared Layer Health, Maintainability & Evolvability, Codebase Consistency.
|
|
39
|
+
- **Hybrid quality ratings** (AI + structure): Architecture & Structure, Folder Topology/Structure Health, Naming Quality, Common/Shared Layer Health, Maintainability & Evolvability, Codebase Consistency.
|
|
40
40
|
- **Output format template**: standardized finding presentation with evidence chains, confidence levels, and impact assessment.
|
|
41
41
|
|
|
42
42
|
## Rating model behavior
|
|
@@ -12,7 +12,7 @@ Understand, change, and verify a codebase with system awareness. Single-file rea
|
|
|
12
12
|
A structured **understanding artifact**, grounded in evidence, every claim cited `file:line`:
|
|
13
13
|
|
|
14
14
|
- **System summary** (what/who/invariants) · **Control flows** (numbered call paths) · **Data flows** (writers/readers/txn/cache per entity) · **Types & protocols** (DTOs, schemas, wire contracts, compat)
|
|
15
|
-
- **Boundaries & ownership** (owners, ports, contract tests) · **Duplication inventory** (near-clones, missing abstraction) · **Execution profile** (hot paths, async/sync, retries/timeouts/lifecycles)
|
|
15
|
+
- **Boundaries & ownership** (owners, ports, contract tests) · **Structure health** (folder bloat, file/folder naming, project-fit) · **Duplication inventory** (near-clones, missing abstraction) · **Execution profile** (hot paths, async/sync, retries/timeouts/lifecycles)
|
|
16
16
|
- **Architecture health** (per-principle + per-dimension, `confirmed|likely|uncertain`) · **Clean-code hotspots** · **Next step** (1 sentence)
|
|
17
17
|
|
|
18
18
|
For a change: change flow, data-flow impact, contract impact, blast radius, risk vector. **Safety built in** — hard gates stop for your decision before public-contract changes, cross-layer edits, destructive actions, or large blast radius.
|
|
@@ -34,6 +34,7 @@ Use this first to pick the cheapest proof path. Every LSP call needs a `lineHint
|
|
|
34
34
|
| Is this pattern duplicated? | `scripts/ast/search.js --pattern` → scanner `duplicate-*` findings |
|
|
35
35
|
| Is this shape an antipattern? | `scripts/ast/search.js --preset <name>` (list: `--list-presets`) |
|
|
36
36
|
| Is this module structurally unhealthy? | `scripts/run.js --graph --scope=<path>` → read `scan.json` |
|
|
37
|
+
| Is the project structure healthy? | `localViewStructure` + `localFindFiles` → `scripts/run.js --scope=<path> --graph` → inspect `qualityRating` folder/naming/consistency signals + `mega-folder` findings |
|
|
37
38
|
| Which layer/boundary does this cross? | Scanner layer output + `lspGotoDefinition` across packages |
|
|
38
39
|
| What breaks if I change Y? | `lspFindReferences(Y)` → label consumers by layer |
|
|
39
40
|
| Find files by name / churn / size | `localFindFiles` |
|
|
@@ -154,7 +155,7 @@ If the task involves a change, also include:
|
|
|
154
155
|
|
|
155
156
|
#### Artifact self-check — before closing
|
|
156
157
|
|
|
157
|
-
A good artifact answers all of: ownership/boundary; blast radius (consumers, layers); contract safety (types/schemas/protocols); local vs structural vs architectural; build/config involvement; reliability under failure/retry/concurrency; observability sufficiency; rollout/migration reversibility; modularity trajectory; documented assumptions; safest next move. If the answer only explains one file, it is usually incomplete.
|
|
158
|
+
A good artifact answers all of: ownership/boundary; blast radius (consumers, layers); contract safety (types/schemas/protocols); local vs structural vs architectural; build/config involvement; reliability under failure/retry/concurrency; observability sufficiency; rollout/migration reversibility; folder bloat and file/folder naming fitness; modularity trajectory; documented assumptions; safest next move. If the answer only explains one file, it is usually incomplete.
|
|
158
159
|
|
|
159
160
|
## Tool Families And Their Jobs
|
|
160
161
|
|
|
@@ -238,6 +239,7 @@ The Clean-Architecture principles and the six analytic dimensions already cover
|
|
|
238
239
|
| Observability & operability | logging quality, metric/tracing coverage, diagnosability, alert/runbook readiness |
|
|
239
240
|
| Rollout & migration | feature flags, backward-compatibility windows, rollback path, migration sequencing |
|
|
240
241
|
| Build & config | ESM/CJS mismatch, module resolution, script wiring, runtime assumptions |
|
|
242
|
+
| Structure health | leaf-folder bloat, vague shared/helper buckets, depth balance, source spread, file and folder naming consistency for the project |
|
|
241
243
|
| Docs | whether critical assumptions, contracts, flows, setup, migrations, and risks are documented |
|
|
242
244
|
| CSS hygiene | selector scope, token reuse, naming clarity, dead styles (when frontend styling is touched) |
|
|
243
245
|
| `knip` | unused exports, files, dependencies, dead integration edges (run on refactors) |
|
|
@@ -40,7 +40,7 @@ Use `summary.json` to drive the first decision:
|
|
|
40
40
|
|
|
41
41
|
- Use `agentOutput.topRecommendations[]` and `filesWithIssues[]` to decide where to drill in first
|
|
42
42
|
- Use `featureScores[]` to rank worst categories across the currently active feature set
|
|
43
|
-
- Use `qualityRating.aspects[]` for non-rigid repo-shape scoring (architecture/folder/naming/common/shared/maintainability/consistency)
|
|
43
|
+
- Use `qualityRating.aspects[]` for non-rigid repo-shape scoring (architecture/folder structure health/naming/common/shared/maintainability/consistency)
|
|
44
44
|
- Use `summary.md` or `architecture.json` for graph-specific detail such as `cycles`, `criticalPaths`, and hotspots
|
|
45
45
|
- If top recommendations are mostly complexity, duplication, or side-effect findings, switch to AST-first investigation
|
|
46
46
|
- If graph-heavy recommendations and AST-heavy recommendations appear together, plan a combined investigation before proposing refactors
|
|
@@ -53,11 +53,11 @@ Use `summary.json` to drive the first decision:
|
|
|
53
53
|
- Feature context penalties: hotspot overlap lowers category scores (`hotspotHits`, `hotspotMaxRisk`, `contextPenalty`)
|
|
54
54
|
- Hybrid quality model (`qualityRating`): weighted soft-signal scoring, not rigid checks:
|
|
55
55
|
- Architecture & Structure (30%)
|
|
56
|
-
- Folder Topology (15%)
|
|
56
|
+
- Folder Topology / Structure Health (15%): depth balance, source spread, vague buckets, and leaf-folder bloat
|
|
57
57
|
- Naming Quality (15%)
|
|
58
58
|
- Common/Shared Layer Health (15%)
|
|
59
59
|
- Maintainability & Evolvability (15%)
|
|
60
|
-
- Codebase Consistency (10%)
|
|
60
|
+
- Codebase Consistency (10%): file and folder naming style consistency, plus mixed TS/JS surface area
|
|
61
61
|
|
|
62
62
|
### `findings.json`
|
|
63
63
|
|