npm - opencodecommit - Versions diffs - 1.2.1 → 1.3.2 - Mend

opencodecommit 1.2.1 → 1.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (8) hide show

package/README.md +65 -95
package/package.json +3 -2
package/platforms/darwin-arm64/occ +0 -0
package/platforms/darwin-x64/occ +0 -0
package/platforms/linux-arm64/occ +0 -0
package/platforms/linux-x64/occ +0 -0
package/platforms/win32-x64/occ.exe +0 -0
package/scripts/sync-readme.js +29 -0

package/README.md CHANGED Viewed

@@ -1,123 +1,93 @@
 # OpenCodeCommit
-AI commit messages via terminal AI agents. VSCodium / VS Code extension + standalone Rust / npm CLI.
+AI commit, branch, PR, and changelog generation through terminal AI CLIs.
-**Security scanning built in** — diffs are scanned locally for secrets, source maps, and private keys before anything leaves your machine.
+OpenCodeCommit works as:
+- a Rust / npm CLI (`occ`)
+- a terminal TUI
+- a VS Code / VSCodium extension
-[VSCodium Open VSX registry](https://open-vsx.org/extension/Nevaberry/opencodecommit)<br>
-[VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=Nevaberry.opencodecommit) · [npm](https://www.npmjs.com/package/opencodecommit) · [scoped npm](https://www.npmjs.com/package/@nevaberry/opencodecommit) · [crates.io](https://crates.io/crates/opencodecommit) · [GitHub](https://github.com/Nevaberry/opencodecommit)
+Before any prompt leaves your machine, OpenCodeCommit scans the diff locally for secrets, credential files, source maps, private keys, and other sensitive artifacts.
-## Install
-**Extension:** Search "OpenCodeCommit" in VSCodium / VS Code, or `ext install Nevaberry.opencodecommit`
-**CLI:** `cargo install opencodecommit` or `npm i -g opencodecommit` (official unscoped alias: `@nevaberry/opencodecommit`)
-**Prerequisite:** At least one CLI backend:
-| Backend | Install |
-|---------|---------|
-| [Codex CLI](https://github.com/openai/codex) | `npm i -g @openai/codex` |
-| [OpenCode](https://github.com/nicepkg/opencode) | `npm i -g opencode` |
-| [Gemini CLI](https://github.com/google-gemini/gemini-cli) | `npm i -g @google/gemini-cli` |
-| [Claude Code](https://docs.anthropic.com/en/docs/claude-code) | `npm i -g @anthropic-ai/claude-code` |
-## VSCodium / VS Code Usage
+[Open VSX](https://open-vsx.org/extension/Nevaberry/opencodecommit) · [VS Code Marketplace](https://marketplace.visualstudio.com/items?itemName=Nevaberry.opencodecommit) · [npm](https://www.npmjs.com/package/opencodecommit) · [scoped npm alias](https://www.npmjs.com/package/@nevaberry/opencodecommit) · [crates.io](https://crates.io/crates/opencodecommit) · [GitHub](https://github.com/Nevaberry/opencodecommit)
-1. Stage changes (or leave unstaged — auto-detected)
-2. Click the **sparkle button** in Source Control
-3. Commit message appears in the input box
-Dropdown menu: mode-specific generation, refine, branch name generation, switch language, diagnose.
-## CLI Usage
-```bash
-occ tui                            # launch the minimal interactive TUI
-occ commit                         # generate message + commit
-occ commit --dry-run               # preview only, don't commit
-occ commit --language Suomi        # generate in Finnish
-occ branch                         # generate branch name + checkout
-occ branch --mode adaptive         # match existing branch naming style
-occ pr                             # generate PR title + body
-occ changelog                      # generate changelog entry
-# JSON output (default), or --text for human readable plain text
-occ commit --text
-occ commit --allow-sensitive       # skip secret scanning
-```
-`occ tui` is a small launcher over the existing commands, not a full git dashboard. It lets you generate, shorten, and commit messages, plus preview branch / PR / changelog output from one screen.
-`occ` is the short form. `opencodecommit` also works if `occ` clashes with something on your system.
+## Install
-Exit codes: 0 success, 1 no changes, 2 backend error, 3 config error, 5 sensitive content detected
+Extension:
+- Search for `OpenCodeCommit` in VS Code or VSCodium
+- Or run `ext install Nevaberry.opencodecommit`
-## Transparent Git Guard
+CLI:
+- `cargo install opencodecommit`
+- `npm i -g opencodecommit`
-Use OpenCodeCommit as a background safety layer for normal `git commit` usage:
+Backends:
+- `npm i -g @openai/codex`
+- `npm i -g opencode`
+- `npm i -g @anthropic-ai/claude-code`
+- `npm i -g @google/gemini-cli`
-```bash
-occ guard install --global         # install a machine-wide commit guard
-occ guard uninstall --global       # remove the machine-wide guard
-```
+## Highlights
-This installs a managed global hooks directory via `core.hooksPath`. `pre-commit` scans the staged diff for sensitive content, and other hook names are chained through so existing repo hooks still run.
+- Backend fallback across Codex, OpenCode, Claude Code, and Gemini, plus one-shot backend picks in the TUI and extension.
+- Commit, PR, branch, and changelog generation from the same config surface.
+- Built-in languages: English, Finnish, Japanese, Chinese, Spanish, Portuguese, French, Korean, Russian, Vietnamese, and German.
+- Terminal TUI with a file sidebar that merges staged, unstaged, and untracked files and lets you stage or unstage the selected file with `Space`.
+- Transparent git guard for normal `git commit` flows.
-## Sensitive Content Detection
+## Quick Start
-Diffs are scanned locally before being sent to any AI backend. `occ commit` blocks with exit code 5, and the global guard blocks normal `git commit` before the commit is created.
+Extension:
+1. Open Source Control.
+2. Click the sparkle action.
+3. Use the dropdown for refine, branch, PR, language, backend, or diagnose actions.
-Guard warnings include the file, line number when available, rule, and a redacted snippet preview. If a hook-mode block is an intentional false positive, bypass only OpenCodeCommit for that one command:
+CLI:
 ```bash
-OCC_ALLOW_SENSITIVE=1 git commit ...
+occ tui
+occ commit
+occ commit --backend gemini --dry-run --text
+occ commit --language Japanese
+occ branch --dry-run
+occ pr --text
+occ changelog --text
+occ guard install --global
+occ update
 ```
-**Flagged file names:**
+## Security Scanner
-| Category | Patterns |
-|----------|----------|
-| Environment / secrets | `.env*`, `credentials.json`, `secret.*`, `secrets.*`, `.netrc`, `service-account*.json` |
-| Source maps | `*.js.map`, `*.css.map`, `*.map` — [can expose full source code](https://arstechnica.com/ai/2026/03/entire-claude-code-cli-source-code-leaks-thanks-to-exposed-map-file/) |
-| Private keys / certs | `*.pem`, `*.key`, `*.p12`, `*.pfx`, `*.keystore`, `*.jks` |
-| SSH keys | `id_rsa`, `id_ed25519`, `id_ecdsa`, `id_dsa`, `.ssh/*` |
-| Auth files | `.htpasswd` |
+The local scanner now checks for:
+- provider tokens and webhook URLs for OpenAI, Anthropic, GitHub, GitLab, AWS, Slack, Stripe, SendGrid, npm, PyPI, Docker, Vault, Discord, Teams, and more
+- bearer tokens, JWTs, Docker auth blobs, kube auth fields, and credential-bearing connection strings
+- `.env*`, `.npmrc`, `.git-credentials`, `.kube/config`, Terraform state and vars, service-account JSON, key stores, SSH keys, and private key material
+- exposed source maps such as `*.js.map` and `*.css.map`
-| Category | Patterns |
-|----------|----------|
-| Generic secrets | `API_KEY`, `SECRET_KEY`, `ACCESS_TOKEN`, `AUTH_TOKEN`, `PRIVATE_KEY`, `PASSWORD`, `DB_PASSWORD`, `DATABASE_URL`, `CLIENT_SECRET`, `CREDENTIALS` |
-| Service-specific | `AWS_SECRET`, `GH_TOKEN`, `NPM_TOKEN`, `SLACK_TOKEN`, `STRIPE_SECRET`, `SENDGRID_KEY`, `TWILIO_AUTH` |
-| Token patterns | `Bearer <20+ chars>`, `sk-<20+ chars>`, `ghp_<20+ chars>`, `AKIA<12+ chars>` |
+Enforcement modes:
+- `warn`
+- `block-high`
+- `block-all`
+- `strict-high`
+- `strict-all`
-## Configuration
+Use `occ guard profile human` for warnings-first local use, or `occ guard profile strict-agent` when you want non-bypassable blocking behavior for autonomous tooling.
-All VSCodium / VS Code settings are prefixed with `opencodecommit.`. Key settings:
+## Config
-| Setting | Default | Description |
-|---------|---------|-------------|
-| `backendOrder` | `["codex","opencode","claude","gemini"]` | Backend fallback order |
-| `commitMode` | `adaptive` | `adaptive`, `adaptive-oneliner`, `conventional`, `conventional-oneliner` |
-| `branchMode` | `conventional` | `conventional` or `adaptive` (matches existing branch names) |
-| `diffSource` | `auto` | `auto`, `staged`, or `all` |
-| `languages` | English, Suomi | Array of language configs with custom prompt modules |
-| `commitTemplate` | `{{type}}: {{message}}` | Supports `{{type}}`, `{{emoji}}`, `{{message}}` |
+VS Code / VSCodium settings live under `opencodecommit.*`.
-CLI config: `~/.config/opencodecommit/config.toml` (TOML with the same fields in kebab-case).
+CLI config lives at `~/.config/opencodecommit/config.toml`.
+On first CLI use, OpenCodeCommit writes the full default config there so the available settings are visible in one file.
-## Languages
-Built-in: **English** (default), **Suomi** (Finnish), **Custom (example)** (template for your own).
-Each language defines full prompt modules (base, adaptive, conventional, length, sensitive note). Missing modules fall back to English. CLI: `--language Suomi`. Extension: dropdown menu or `opencodecommit.activeLanguage` setting.
-Add custom languages in config — only `label` and `instruction` are required:
-```toml
-[[languages]]
-label = "Deutsch"
-instruction = "Schreibe die Commit-Nachricht auf Deutsch."
-```
+Useful settings:
+- `backendOrder`
+- `commitMode`
+- `branchMode`
+- `diffSource`
+- `activeLanguage`
+- `sensitive.enforcement`
+- `sensitive.allowlist`
 ## License

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "opencodecommit",
-  "version": "1.2.1",
+  "version": "1.3.2",
   "description": "AI-powered git commit message generator that delegates to terminal AI agents",
   "license": "MIT",
   "repository": {
@@ -18,7 +18,8 @@
     "index.js"
   ],
   "scripts": {
-    "prepack": "cp ../../README.md . 2>/dev/null || true",
+    "prepack": "node scripts/sync-readme.js materialize",
+    "postpack": "node scripts/sync-readme.js relink",
     "postinstall": "node scripts/postinstall.js"
   },
   "keywords": [

package/platforms/darwin-arm64/occ CHANGED Viewed

Binary file

package/platforms/darwin-x64/occ CHANGED Viewed

Binary file

package/platforms/linux-arm64/occ CHANGED Viewed

Binary file

package/platforms/linux-x64/occ CHANGED Viewed

Binary file

package/platforms/win32-x64/occ.exe CHANGED Viewed

Binary file

package/scripts/sync-readme.js ADDED Viewed

@@ -0,0 +1,29 @@
+#!/usr/bin/env node
+const fs = require("fs")
+const path = require("path")
+const packageRoot = path.resolve(__dirname, "..")
+const repoReadme = path.resolve(packageRoot, "..", "..", "README.md")
+const packageReadme = path.join(packageRoot, "README.md")
+const relativeTarget = "../../README.md"
+const mode = process.argv[2]
+function removeIfExists(target) {
+  try {
+    fs.rmSync(target, { force: true })
+  } catch (error) {
+    if (error && error.code !== "ENOENT") throw error
+  }
+}
+if (mode === "materialize") {
+  removeIfExists(packageReadme)
+  fs.copyFileSync(repoReadme, packageReadme)
+} else if (mode === "relink") {
+  removeIfExists(packageReadme)
+  fs.symlinkSync(relativeTarget, packageReadme)
+} else {
+  console.error("usage: node scripts/sync-readme.js <materialize|relink>")
+  process.exit(1)
+}