npm - opencode-codegraph - Versions diffs - 0.1.0 → 0.1.2 - Mend

opencode-codegraph 0.1.0 → 0.1.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,92 @@
+# opencode-codegraph
+OpenCode plugin for [CodeGraph](https://codegraph.ru) CPG-powered code analysis.
+Automatically enriches AI conversations with Code Property Graph data -- security findings, call graphs, complexity metrics, and taint analysis -- without manual tool invocation.
+## Install
+```json
+// opencode.json
+{
+  "plugin": ["opencode-codegraph"]
+}
+```
+## Prerequisites
+- [CodeGraph](https://codegraph.ru) installed with CPG database built
+- CodeGraph API running (`uvicorn src.api.main:app --port 8000`)
+- CodeGraph MCP server configured in `opencode.json`
+## Features
+### Auto-Enrichment
+When you mention a file in chat, the plugin adds CPG context automatically:
+```
+You: "Refactor src/api/routers/webhook.py"
+Plugin injects:
+  ### CPG context: src/api/routers/webhook.py
+  **12 methods** in file:
+  - `receive_github_webhook` CC=5 fan_in=0 fan_out=3 [entry]
+  - `_handle_push` CC=2 fan_in=4 fan_out=2
+  **2 security findings:**
+  - CWE-89 L42: SQL injection in query parameter
+```
+### System Prompt
+Every conversation includes a project summary with file count, top complexity hotspots, and open security findings.
+### Post-Commit Updates
+After `git commit`, the plugin triggers incremental CPG re-parsing via GoCPG and syncs the ChromaDB vector store.
+### Custom Tools
+| Tool | Description |
+|------|-------------|
+| `codegraph_review` | Security + impact analysis on current diff |
+| `codegraph_explain_function` | Deep function analysis with call graph |
+### Permissions
+All `codegraph_*` MCP tools are auto-allowed -- no confirmation prompts.
+## Custom Commands
+Place in `.opencode/commands/`:
+| Command | Description |
+|---------|-------------|
+| `/review` | CPG-powered code review |
+| `/audit` | Full codebase audit (12 dimensions) |
+| `/explain` | Function analysis with call graph |
+| `/onboard` | Codebase understanding |
+## Custom Agent
+`.opencode/agents/codegraph.md` -- CPG-focused analysis agent. Switch with `/agent codegraph`.
+## Configuration
+| Variable | Default | Description |
+|----------|---------|-------------|
+| `CODEGRAPH_API_URL` | `http://localhost:8000` | CodeGraph API base URL |
+| `CODEGRAPH_PROJECT` | (empty) | Default project ID |
+## Hooks
+| Hook | Purpose |
+|------|---------|
+| `experimental.chat.system.transform` | Inject project summary into system prompt |
+| `chat.message` | Add CPG context for mentioned files |
+| `tool.execute.after` | Trigger CPG update after git commit |
+| `permission.ask` | Auto-allow `codegraph_*` tools |
+## License
+MIT

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencode-codegraph",
-  "version": "0.1.0",
+  "version": "0.1.2",
   "description": "OpenCode plugin for CodeGraph CPG-powered code analysis",
   "type": "module",
   "main": "src/index.ts",

package/src/api.ts CHANGED Viewed

@@ -6,24 +6,31 @@
  */
 export class CodeGraphAPI {
-  private baseUrl: string
-  constructor(baseUrl: string) {
-    this.baseUrl = baseUrl.replace(/\/+$/, "")
+  private baseUrl: string
+  constructor(baseUrl: string) {
+    const trimmed = baseUrl.replace(/\/+$/, "")
+    this.baseUrl = trimmed.replace(/\/api\/v1$/i, "")
   }
   /**
    * Get project summary for system prompt injection.
    * Returns a markdown block with file count, top hotspots, and open security findings.
    */
-  async getProjectSummary(projectId: string): Promise<string | null> {
-    const params = projectId ? `?project_id=${encodeURIComponent(projectId)}` : ""
-    // Fetch multiple endpoints in parallel
-    const [statsRes, findingsRes] = await Promise.allSettled([
-      this.fetch(`/api/v1/cpg/stats${params}`),
-      this.fetch(`/api/v1/cpg/pattern-results${params}&category=security&limit=10`),
-    ])
+  async getProjectSummary(projectId: string): Promise<string | null> {
+    const params = new URLSearchParams()
+    if (projectId) params.set("project_id", projectId)
+    const statsPath = params.toString() ? `/api/v1/cpg/stats?${params}` : "/api/v1/cpg/stats"
+    const findingsParams = new URLSearchParams(params)
+    findingsParams.set("category", "security")
+    findingsParams.set("limit", "10")
+    const findingsPath = `/api/v1/cpg/pattern-results?${findingsParams}`
+    // Fetch multiple endpoints in parallel
+    const [statsRes, findingsRes] = await Promise.allSettled([
+      this.fetch(statsPath),
+      this.fetch(findingsPath),
+    ])
     const stats =
       statsRes.status === "fulfilled" ? statsRes.value : null
@@ -66,14 +73,16 @@ export class CodeGraphAPI {
    * Returns markdown with methods, callers, complexity, and security findings.
    */
   async getFileCPGContext(projectId: string, filePath: string): Promise<string | null> {
-    const params = new URLSearchParams()
-    if (projectId) params.set("project_id", projectId)
-    params.set("filename", filePath)
-    const [methodsRes, findingsRes] = await Promise.allSettled([
-      this.fetch(`/api/v1/cpg/methods?${params}`),
-      this.fetch(`/api/v1/cpg/pattern-results?${params}&category=security`),
-    ])
+    const params = new URLSearchParams()
+    if (projectId) params.set("project_id", projectId)
+    params.set("filename", filePath)
+    const findingsParams = new URLSearchParams(params)
+    findingsParams.set("category", "security")
+    const [methodsRes, findingsRes] = await Promise.allSettled([
+      this.fetch(`/api/v1/cpg/methods?${params}`),
+      this.fetch(`/api/v1/cpg/pattern-results?${findingsParams.toString()}`),
+    ])
     const methods =
       methodsRes.status === "fulfilled" ? methodsRes.value : null
@@ -161,14 +170,18 @@ export class CodeGraphAPI {
         lines.push("")
       }
-      if (result.complexity_changes?.length) {
-        lines.push("### Complexity Changes")
-        for (const c of result.complexity_changes) {
-          const delta = c.new_cc - c.old_cc
-          const sign = delta > 0 ? "+" : ""
-          lines.push(`- \`${c.method}\`: ${c.old_cc} -> ${c.new_cc} (${sign}${delta})`)
-        }
-      }
+      if (result.complexity_changes?.length) {
+        lines.push("### Complexity Changes")
+        for (const c of result.complexity_changes) {
+          if ((c.old_cc ?? 0) > 0) {
+            const delta = c.new_cc - c.old_cc
+            const sign = delta > 0 ? "+" : ""
+            lines.push(`- \`${c.method}\`: ${c.old_cc} -> ${c.new_cc} (${sign}${delta})`)
+          } else {
+            lines.push(`- \`${c.method}\`: current CC ${c.new_cc}`)
+          }
+        }
+      }
       return lines.length > 2 ? lines.join("\n") : "CodeGraph review: no issues found."
     } catch {
@@ -237,29 +250,60 @@ export class CodeGraphAPI {
     }
   }
-  // -------------------------------------------------------------------
-  // Private helpers
-  // -------------------------------------------------------------------
-  private async fetch(path: string, init?: RequestInit): Promise<any> {
-    const url = `${this.baseUrl}${path}`
-    const headers: Record<string, string> = {
-      "Content-Type": "application/json",
-      ...(init?.headers as Record<string, string> | undefined),
-    }
-    const response = await globalThis.fetch(url, {
-      ...init,
-      headers,
-    })
-    if (!response.ok) {
-      throw new Error(`CodeGraph API ${response.status}: ${response.statusText}`)
-    }
-    const text = await response.text()
-    if (!text) return null
-    return JSON.parse(text)
-  }
-}
+  // -------------------------------------------------------------------
+  // Private helpers
+  // -------------------------------------------------------------------
+  private resolveUrl(path: string): string {
+    const normalizedPath = path.startsWith("/") ? path : `/${path}`
+    return new URL(normalizedPath, `${this.baseUrl}/`).toString()
+  }
+  private async parseJsonBody(response: Response): Promise<any> {
+    const text = await response.text()
+    if (!text) return null
+    return JSON.parse(text)
+  }
+  private async fetch(path: string, init?: RequestInit): Promise<any> {
+    const headers: Record<string, string> = {
+      "Content-Type": "application/json",
+      ...(init?.headers as Record<string, string> | undefined),
+    }
+    const response = await globalThis.fetch(this.resolveUrl(path), {
+      ...init,
+      headers,
+    })
+    if (response.status === 404 && path.startsWith("/api/v1/cpg/pattern-results")) {
+      const fallbackPath = path.replace(
+        "/api/v1/cpg/pattern-results",
+        "/api/v1/patterns/findings",
+      )
+      const fallbackResponse = await globalThis.fetch(this.resolveUrl(fallbackPath), {
+        ...init,
+        headers,
+      })
+      if (fallbackResponse.ok) {
+        const payload = await this.parseJsonBody(fallbackResponse)
+        const findings = Array.isArray(payload?.findings) ? payload.findings : []
+        return {
+          results: findings.map((finding: any) => ({
+            ...finding,
+            line: finding.line ?? finding.line_number ?? 0,
+          })),
+        }
+      }
+      throw new Error(`CodeGraph API ${fallbackResponse.status}: ${fallbackResponse.statusText}`)
+    }
+    if (!response.ok) {
+      throw new Error(`CodeGraph API ${response.status}: ${response.statusText}`)
+    }
+    return this.parseJsonBody(response)
+  }
+}

package/src/index.ts CHANGED Viewed

@@ -48,20 +48,20 @@ const codegraphPlugin: Plugin = async (input) => {
       const files = extractFileRefs(output.parts)
       if (files.length === 0) return
-      try {
-        for (const file of files.slice(0, 5)) {
-          const context = await api.getFileCPGContext(projectId, file)
-          if (context) {
-            output.parts.push({
-              type: "text",
-              text: context,
-            })
-          }
-        }
-      } catch {
-        // CodeGraph API not available — skip silently
-      }
-    },
+      try {
+        for (const file of files.slice(0, 5)) {
+          const context = await api.getFileCPGContext(projectId, file)
+          if (context) {
+            output.parts.push({
+              type: "text",
+              text: context,
+            } as any)
+          }
+        }
+      } catch {
+        // CodeGraph API not available — skip silently
+      }
+    },
     // -----------------------------------------------------------------
     // 3. Post-commit: trigger incremental CPG update
@@ -123,14 +123,15 @@ const codegraphPlugin: Plugin = async (input) => {
       }),
     },
-    // -----------------------------------------------------------------
-    // 5. Permissions: auto-allow codegraph_* MCP tools
-    // -----------------------------------------------------------------
-    "permission.ask": async (inp, output) => {
-      if (inp.tool?.startsWith("codegraph_")) {
-        output.status = "allow"
-      }
-    },
+    // -----------------------------------------------------------------
+    // 5. Permissions: auto-allow codegraph_* MCP tools
+    // -----------------------------------------------------------------
+    "permission.ask": async (inp, output) => {
+      const toolName = (inp as any)?.tool as string | undefined
+      if (toolName?.startsWith("codegraph_")) {
+        output.status = "allow"
+      }
+    },
   }
 }