opencode-codegraph 0.1.0 → 0.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +92 -0
- package/package.json +1 -1
package/README.md
ADDED
|
@@ -0,0 +1,92 @@
|
|
|
1
|
+
# opencode-codegraph
|
|
2
|
+
|
|
3
|
+
OpenCode plugin for [CodeGraph](https://codegraph.ru) CPG-powered code analysis.
|
|
4
|
+
|
|
5
|
+
Automatically enriches AI conversations with Code Property Graph data -- security findings, call graphs, complexity metrics, and taint analysis -- without manual tool invocation.
|
|
6
|
+
|
|
7
|
+
## Install
|
|
8
|
+
|
|
9
|
+
```json
|
|
10
|
+
// opencode.json
|
|
11
|
+
{
|
|
12
|
+
"plugin": ["opencode-codegraph"]
|
|
13
|
+
}
|
|
14
|
+
```
|
|
15
|
+
|
|
16
|
+
## Prerequisites
|
|
17
|
+
|
|
18
|
+
- [CodeGraph](https://codegraph.ru) installed with CPG database built
|
|
19
|
+
- CodeGraph API running (`uvicorn src.api.main:app --port 8000`)
|
|
20
|
+
- CodeGraph MCP server configured in `opencode.json`
|
|
21
|
+
|
|
22
|
+
## Features
|
|
23
|
+
|
|
24
|
+
### Auto-Enrichment
|
|
25
|
+
|
|
26
|
+
When you mention a file in chat, the plugin adds CPG context automatically:
|
|
27
|
+
|
|
28
|
+
```
|
|
29
|
+
You: "Refactor src/api/routers/webhook.py"
|
|
30
|
+
|
|
31
|
+
Plugin injects:
|
|
32
|
+
### CPG context: src/api/routers/webhook.py
|
|
33
|
+
**12 methods** in file:
|
|
34
|
+
- `receive_github_webhook` CC=5 fan_in=0 fan_out=3 [entry]
|
|
35
|
+
- `_handle_push` CC=2 fan_in=4 fan_out=2
|
|
36
|
+
**2 security findings:**
|
|
37
|
+
- CWE-89 L42: SQL injection in query parameter
|
|
38
|
+
```
|
|
39
|
+
|
|
40
|
+
### System Prompt
|
|
41
|
+
|
|
42
|
+
Every conversation includes a project summary with file count, top complexity hotspots, and open security findings.
|
|
43
|
+
|
|
44
|
+
### Post-Commit Updates
|
|
45
|
+
|
|
46
|
+
After `git commit`, the plugin triggers incremental CPG re-parsing via GoCPG and syncs the ChromaDB vector store.
|
|
47
|
+
|
|
48
|
+
### Custom Tools
|
|
49
|
+
|
|
50
|
+
| Tool | Description |
|
|
51
|
+
|------|-------------|
|
|
52
|
+
| `codegraph_review` | Security + impact analysis on current diff |
|
|
53
|
+
| `codegraph_explain_function` | Deep function analysis with call graph |
|
|
54
|
+
|
|
55
|
+
### Permissions
|
|
56
|
+
|
|
57
|
+
All `codegraph_*` MCP tools are auto-allowed -- no confirmation prompts.
|
|
58
|
+
|
|
59
|
+
## Custom Commands
|
|
60
|
+
|
|
61
|
+
Place in `.opencode/commands/`:
|
|
62
|
+
|
|
63
|
+
| Command | Description |
|
|
64
|
+
|---------|-------------|
|
|
65
|
+
| `/review` | CPG-powered code review |
|
|
66
|
+
| `/audit` | Full codebase audit (12 dimensions) |
|
|
67
|
+
| `/explain` | Function analysis with call graph |
|
|
68
|
+
| `/onboard` | Codebase understanding |
|
|
69
|
+
|
|
70
|
+
## Custom Agent
|
|
71
|
+
|
|
72
|
+
`.opencode/agents/codegraph.md` -- CPG-focused analysis agent. Switch with `/agent codegraph`.
|
|
73
|
+
|
|
74
|
+
## Configuration
|
|
75
|
+
|
|
76
|
+
| Variable | Default | Description |
|
|
77
|
+
|----------|---------|-------------|
|
|
78
|
+
| `CODEGRAPH_API_URL` | `http://localhost:8000` | CodeGraph API base URL |
|
|
79
|
+
| `CODEGRAPH_PROJECT` | (empty) | Default project ID |
|
|
80
|
+
|
|
81
|
+
## Hooks
|
|
82
|
+
|
|
83
|
+
| Hook | Purpose |
|
|
84
|
+
|------|---------|
|
|
85
|
+
| `experimental.chat.system.transform` | Inject project summary into system prompt |
|
|
86
|
+
| `chat.message` | Add CPG context for mentioned files |
|
|
87
|
+
| `tool.execute.after` | Trigger CPG update after git commit |
|
|
88
|
+
| `permission.ask` | Auto-allow `codegraph_*` tools |
|
|
89
|
+
|
|
90
|
+
## License
|
|
91
|
+
|
|
92
|
+
MIT
|