opencodekit 0.16.2 → 0.16.3

package/dist/index.js

@@ -750,9 +750,16 @@ var cac = (name = "") => new CAC(name);
 // package.json
 var package_default = {
   name: "opencodekit",
-  version: "0.16.2",
+  version: "0.16.3",
   description: "CLI tool for bootstrapping and managing OpenCodeKit projects",
-  keywords: ["agents", "cli", "mcp", "opencode", "opencodekit", "template"],
+  keywords: [
+    "agents",
+    "cli",
+    "mcp",
+    "opencode",
+    "opencodekit",
+    "template"
+  ],
   license: "MIT",
   author: "OpenCodeKit",
   repository: {
@@ -762,7 +769,10 @@ var package_default = {
   bin: {
     ock: "dist/index.js"
   },
-  files: ["dist", "README.md"],
+  files: [
+    "dist",
+    "README.md"
+  ],
   type: "module",
   publishConfig: {
     access: "public",
@@ -808,7 +818,9 @@ var package_default = {
   engines: {
     bun: ">=1.3.2"
   },
-  trustedDependencies: ["@beads/bd"]
+  trustedDependencies: [
+    "@beads/bd"
+  ]
 };
 
 // src/commands/agent.ts

package/dist/template/.opencode/agent/scout.md

@@ -130,15 +130,61 @@ To construct a permalink: use `grepsearch` to find code, then build the URL from
 | Priority | Tool          | Use Case                                  | Speed   |
 | -------- | ------------- | ----------------------------------------- | ------- |
 | 1        | memory-search | Past research findings                    | Instant |
-| 2        | context7      | Official library docs                     | Fast    |
-| 3        | codesearch    | Exa Code API for SDK/library patterns     | Fast    |
-| 4        | grepsearch    | Cross-repo GitHub code search (1M+ repos) | Medium  |
-| 5        | webfetch      | Specific doc URLs, READMEs, changelogs    | Medium  |
-| 6        | opensrc + LSP | Clone & analyze source code               | Slow    |
-| 7        | websearch     | Tutorials, blog posts, recent news        | Slow    |
+| 2        | v1-run        | npm package health, vulns, comparisons    | Fast    |
+| 3        | context7      | Official library docs                     | Fast    |
+| 4        | codesearch    | Exa Code API for SDK/library patterns     | Fast    |
+| 5        | grepsearch    | Cross-repo GitHub code search (1M+ repos) | Medium  |
+| 6        | webfetch      | Specific doc URLs, READMEs, changelogs    | Medium  |
+| 7        | opensrc + LSP | Clone & analyze source code               | Slow    |
+| 8        | websearch     | Tutorials, blog posts, recent news        | Slow    |
 
 **Rule:** Exhaust faster tools before slower ones. Run tools in parallel when independent.
 
+## v1-run MCP (npm Package Intelligence)
+
+Use for npm package evaluation before adding dependencies. Load the skill first:
+
+```typescript
+skill({ name: "v1-run" });
+```
+
+### Primary Tool: get_package_health
+
+```typescript
+// Comprehensive health check (use this first)
+skill_mcp({ skill_name: "v1-run", tool_name: "get_package_health", arguments: '{"name": "zod"}' });
+```
+
+Returns: version, vulnerabilities, health score (0-100), downloads, TypeScript support, maintenance status, AI recommendation.
+
+### Compare Packages
+
+```typescript
+// Side-by-side comparison (2-5 packages)
+skill_mcp({
+  skill_name: "v1-run",
+  tool_name: "compare_packages",
+  arguments: '{"packages": ["zod", "yup", "joi"]}',
+});
+```
+
+### Other Tools
+
+| Tool                    | Use Case                              |
+| ----------------------- | ------------------------------------- |
+| `check_vulnerabilities` | Security audit for specific version   |
+| `check_deprecated`      | Check if package is deprecated        |
+| `find_alternatives`     | Discover better options for a package |
+| `check_types`           | Verify TypeScript support             |
+| `get_package_version`   | Get latest version only               |
+
+**When to use v1-run:**
+
+- Choosing between npm packages → `compare_packages`
+- Before adding a dependency → `get_package_health`
+- Security audit → `check_vulnerabilities`
+- Package seems abandoned → `find_alternatives`
+
 ## context7 Tools
 
 Use to access up-to-date library documentation (37.6k+ libraries).

package/dist/template/.opencode/command/research.md

@@ -23,6 +23,9 @@ if (thorough) {
   skill({ name: "deep-research" });
 }
 
+// For npm package evaluation
+skill({ name: "v1-run" });
+
 // For source code analysis
 skill({ name: "source-code-research" });
 
@@ -149,10 +152,11 @@ If memory search fails (Ollama not running), continue to external sources.
 
 1. **Codebase patterns** (highest trust) - Delegate to @explore for LSP analysis
 2. **Official docs** (high trust) - What does the library documentation say?
-3. **Context7** (high trust) - API usage and examples
-4. **Source code** (high trust) - Library implementation (use `source-code-research` skill)
-5. **GitHub examples** (medium trust) - Real-world patterns via codesearch/grepsearch
-6. **Web search** (lower trust) - Only if tiers 1-5 don't answer
+3. **v1-run** (high trust) - npm package health, vulnerabilities, comparisons
+4. **Context7** (high trust) - API usage and examples
+5. **Source code** (high trust) - Library implementation (use `source-code-research` skill)
+6. **GitHub examples** (medium trust) - Real-world patterns via codesearch/grepsearch
+7. **Web search** (lower trust) - Only if tiers 1-6 don't answer
 
 ## Research
 

package/dist/template/.opencode/skill/v1-run/SKILL.md

@@ -0,0 +1,165 @@
+---
+name: v1-run
+description: npm package intelligence via MCP. Real-time versions, vulnerability data, health scores, and package comparisons. Use when selecting npm packages, checking for vulnerabilities, or comparing alternatives.
+---
+
+# v1.run MCP
+
+Fast, accurate npm package intelligence for AI agents via Model Context Protocol.
+
+## Overview
+
+v1.run is an MCP-first npm registry by Midday.ai that provides:
+
+- **Real-time version data** - No hallucinated packages
+- **Security vulnerabilities** - From OSV database
+- **Health scores** - Automated 0-100 scoring
+- **Package comparisons** - 50+ pre-built categories
+
+## MCP Endpoint
+
+**URL**: `https://api.v1.run/mcp`
+
+**Authentication**: None required (public API)
+
+## Configuration
+
+v1.run MCP is pre-configured as a skill. Load it with:
+
+```typescript
+skill({ name: "v1-run" });
+```
+
+### Manual Setup (if needed)
+
+```json
+{
+  "mcpServers": {
+    "v1": {
+      "url": "https://api.v1.run/mcp"
+    }
+  }
+}
+```
+
+## Available Tools
+
+| Tool                    | Description                                                                                                       |
+| ----------------------- | ----------------------------------------------------------------------------------------------------------------- |
+| `get_package_health`    | Comprehensive health assessment (primary tool) - version, vulns, score, downloads, TS support, AI recommendations |
+| `get_package_version`   | Get latest version of a package                                                                                   |
+| `check_deprecated`      | Check if package is deprecated + get alternatives                                                                 |
+| `check_types`           | Check TypeScript support (bundled or @types)                                                                      |
+| `check_vulnerabilities` | Security vulnerabilities from OSV database                                                                        |
+| `find_alternatives`     | Find alternative packages with recommendations                                                                    |
+| `compare_packages`      | Side-by-side comparison (2-5 packages)                                                                            |
+
+## Health Score System
+
+Packages are scored 0-100 based on:
+
+| Factor      | Weight | Measures                                |
+| ----------- | ------ | --------------------------------------- |
+| Downloads   | 20%    | Weekly downloads + trend direction      |
+| Bundle Size | 20%    | Smaller gzip = higher score             |
+| Freshness   | 25%    | Recent commits and releases             |
+| Community   | 10%    | Stars, contributors                     |
+| Quality     | 25%    | TypeScript, ESM, security, tree-shaking |
+
+## Usage Examples
+
+### Check Package Health
+
+```typescript
+// Get comprehensive health info for a package (primary tool)
+skill_mcp({ skill_name: "v1-run", tool_name: "get_package_health", arguments: '{"name": "zod"}' });
+```
+
+Response includes:
+
+- Latest version
+- Known vulnerabilities (CVEs)
+- Health score (0-100) with grade
+- Weekly downloads + trend
+- TypeScript support
+- Maintenance status
+- AI recommendation
+
+### Check for Deprecation
+
+```typescript
+// Check if package is deprecated and get alternatives
+skill_mcp({
+  skill_name: "v1-run",
+  tool_name: "check_deprecated",
+  arguments: '{"name": "request"}',
+});
+```
+
+### Check Vulnerabilities
+
+```typescript
+// Check specific version for security issues
+skill_mcp({
+  skill_name: "v1-run",
+  tool_name: "check_vulnerabilities",
+  arguments: '{"name": "lodash", "version": "4.17.20"}',
+});
+```
+
+### Find Alternatives
+
+```typescript
+// Find alternative packages
+skill_mcp({
+  skill_name: "v1-run",
+  tool_name: "find_alternatives",
+  arguments: '{"name": "moment"}',
+});
+```
+
+### Compare Packages
+
+```typescript
+// Compare similar packages (2-5 packages)
+skill_mcp({
+  skill_name: "v1-run",
+  tool_name: "compare_packages",
+  arguments: '{"packages": ["zod", "yup", "joi", "valibot"]}',
+});
+```
+
+## Pre-built Categories (50+)
+
+v1.run includes comparisons for popular package categories:
+
+- **HTTP clients**: axios, got, ky, node-fetch
+- **Date libraries**: moment, date-fns, dayjs, luxon
+- **Validation**: zod, yup, joi, ajv, valibot
+- **State management**: redux, zustand, jotai, recoil
+- **ORM**: prisma, drizzle, typeorm, sequelize
+- **Testing**: vitest, jest, mocha, ava
+- **Bundlers**: vite, esbuild, webpack, rollup
+- **Logging**: pino, winston, bunyan
+
+## When to Use
+
+Use v1.run MCP when:
+
+1. **Choosing between packages** - Get objective comparisons
+2. **Checking for vulnerabilities** - Before adding dependencies
+3. **Evaluating maintenance** - Is the package actively maintained?
+4. **Finding alternatives** - Discover better options for a package
+
+## Best Practices
+
+1. **Always check health** before adding new dependencies
+2. **Compare alternatives** when multiple packages solve the same problem
+3. **Verify TypeScript support** for TypeScript projects
+4. **Check bundle size** for frontend applications
+
+## Documentation
+
+- [v1.run](https://v1.run)
+- [GitHub: midday-ai/v1](https://github.com/midday-ai/v1)
+- [MCP Documentation](https://modelcontextprotocol.io)

package/dist/template/.opencode/skill/v1-run/mcp.json

@@ -0,0 +1,6 @@
+{
+	"v1": {
+		"command": "npx",
+		"args": ["-y", "mcp-remote", "https://api.v1.run/mcp"]
+	}
+}

package/package.json

@@ -1,8 +1,15 @@
 {
 	"name": "opencodekit",
-	"version": "0.16.2",
+	"version": "0.16.3",
 	"description": "CLI tool for bootstrapping and managing OpenCodeKit projects",
-	"keywords": ["agents", "cli", "mcp", "opencode", "opencodekit", "template"],
+	"keywords": [
+		"agents",
+		"cli",
+		"mcp",
+		"opencode",
+		"opencodekit",
+		"template"
+	],
 	"license": "MIT",
 	"author": "OpenCodeKit",
 	"repository": {
@@ -12,7 +19,10 @@
 	"bin": {
 		"ock": "dist/index.js"
 	},
-	"files": ["dist", "README.md"],
+	"files": [
+		"dist",
+		"README.md"
+	],
 	"type": "module",
 	"publishConfig": {
 		"access": "public",
@@ -58,5 +68,7 @@
 	"engines": {
 		"bun": ">=1.3.2"
 	},
-	"trustedDependencies": ["@beads/bd"]
+	"trustedDependencies": [
+		"@beads/bd"
+	]
 }