npm - pi-cicd - Versions diffs - 1.0.12 → 1.0.14 - Mend

pi-cicd 1.0.12 → 1.0.14

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +1 -1
package/skills/master/agent-integration/SKILL.md +100 -0
package/skills/master/cross-extension/SKILL.md +416 -0
package/src/config.ts +30 -27

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "pi-cicd",
-  "version": "1.0.12",
+  "version": "1.0.14",
   "description": "Extension for Pi coding agent",
   "type": "module",
   "main": "./index.ts",

package/skills/master/agent-integration/SKILL.md ADDED Viewed

@@ -0,0 +1,100 @@
+---
+name: agent-integration
+description: Master guide for all extensions working together. Explains how to use pi-recollect, pi-debug, pi-audit, pi-browse, and other extensions to minimize token waste and maximize efficiency.
+triggers:
+  - memory
+  - integrate
+  - token optimization
+  - efficiency
+  - extension
+  - work together
+  - remember
+  - previous
+  - similar
+  - found before
+requirements:
+  tools: [memory_store, memory_search, memory_recall, memory_status]
+  context: [any task that involves repeated work]
+---
+# Agent Integration Master Skill
+## Overview
+All 9 extensions are designed to work **together**, with **pi-recollect** as the central memory hub.
+## Golden Rule
+```
+"Store in memory, search before doing"
+BEFORE: Do something (find bug, research, audit)
+AFTER:  Store result in memory
+NEXT:   Search memory before doing same thing
+```
+## Extension Integration
+| Extension | Integrates with Memory | Purpose |
+|-----------|----------------------|---------|
+| pi-debug | ✅ Store bug fixes | Remember bugs found |
+| pi-audit | ✅ Store security issues | Remember vulnerabilities |
+| pi-browse | ✅ Store research | Remember API patterns |
+| pi-pipeline | ✅ Store failures | Remember quality issues |
+| pi-cicd | ✅ Store deploy issues | Remember deployment problems |
+| pi-smart | ✅ Store patterns | Remember code patterns |
+| pi-render | ✅ Store decisions | Remember design decisions |
+| pi-langsrv | ✅ Store definitions | Remember code structure |
+## Token Optimization
+Without memory:
+- Session 1: Debug bug (2000 tokens)
+- Session 2: Debug same bug again (2000 tokens)
+- Total: 4000 tokens
+With memory:
+- Session 1: Debug bug (2000 tokens) + store
+- Session 2: Search memory → Found! (50 tokens)
+- Total: 2050 tokens
+**Savings: ~50% per session!**
+## Workflow
+```
+1. About to do work?
+   → memory_search first!
+2. Found/Solved something?
+   → memory_store immediately!
+3. Store categories:
+   - gotcha: Common mistakes
+   - decision: Architectural choices
+   - pattern: Code patterns
+   - solution: Fixed problems
+   - bug: Bug fixes
+   - security: Security findings
+```
+## Quick Reference
+```typescript
+// Search before doing
+memory_search({ query: "related topic" })
+// Store after finding
+memory_store({
+  category: "bug",
+  title: "Brief description",
+  content: "What was fixed/found"
+})
+```
+## Remember
+- **Store after solving** - Don't lose discovered knowledge
+- **Search before starting** - Don't repeat work
+- **Use categories** - Keep memory organized
+- **Be concise** - Store insights, not raw data

package/skills/master/cross-extension/SKILL.md ADDED Viewed

@@ -0,0 +1,416 @@
+---
+name: cross-extension
+description: Master guide for all extensions working together. Complete integration patterns between pi-langsrv, pi-smart, pi-recollect, pi-debug, pi-audit, pi-browse, pi-pipeline, pi-render, and pi-cicd.
+triggers:
+  - integrate
+  - extension
+  - work together
+  - combine
+  - chain
+  - workflow
+  - cross
+  - lsp + debug
+  - audit + browse
+  - pipeline + render
+requirements:
+  tools: [ALL]
+  context: [any task requiring multiple capabilities]
+---
+# Cross-Extension Integration Master Skill
+## Overview
+All 9 extensions are designed to work **together** in powerful combinations.
+## Extension Purposes
+| Extension | Primary Role | Key Tools |
+|-----------|-------------|-----------|
+| pi-langsrv | Code Navigation | lsp_hover, lsp_find_refs, lsp_goto_def |
+| pi-smart | Context Optimization | analyze, smart_config |
+| pi-recollect | Memory | memory_store, memory_search |
+| pi-debug | Runtime Debug | debug_start, debug_variables |
+| pi-audit | Security Review | review_diff, review_file |
+| pi-browse | Web Research | web_search, web_fetch |
+| pi-pipeline | Workflow | pipeline_verify, pipeline_status |
+| pi-render | Visual UI | visual_update_plan, visual_show_findings |
+| pi-cicd | CI/CD | /ci command |
+## Cross-Extension Workflows
+### Workflow 1: Security Audit + Web Research
+**Extensions:** pi-audit + pi-browse + pi-recollect
+```typescript
+// 1. Find potential vulnerability
+review_diff({ base: "HEAD~1", head: "HEAD" })
+// 2. Research CVE for this vulnerability
+web_search({
+  query: "SQL injection express CVE 2024"
+})
+// 3. Get fix details
+web_fetch({
+  url: "https://owasp.org/www-community/attacks/SQL_Injection"
+})
+// 4. Store for future reference
+memory_store({
+  category: "security",
+  title: "SQL Injection prevention",
+  content: "Fix: Use parameterized queries. Tools: mysql2.escape(), SQL.stringify()"
+})
+```
+### Workflow 2: Code Navigation + Debugging
+**Extensions:** pi-langsrv + pi-debug
+```typescript
+// 1. Find all usages of a function
+lsp_find_refs({
+  file: "src/auth.ts",
+  line: 42
+})
+// → Found 5 call sites
+// 2. See code issues
+lsp_diagnostics({ file: "src/auth.ts" })
+// 3. Debug at the problematic call site
+debug_start({ program: "src/app.ts" })
+debug_breakpoint({ file: "src/auth.ts", line: 42 })
+// 4. Inspect state
+debug_variables({ scope: "locals" })
+debug_stack()
+```
+### Workflow 3: Code Navigation + Security Audit
+**Extensions:** pi-langsrv + pi-audit
+```typescript
+// 1. Find all input handling code
+lsp_find_refs({
+  file: "src/validation.ts",
+  line: 10
+})
+// → Found 12 input fields
+// 2. Audit each for security
+for (const ref of references) {
+  review_file({
+    file: ref.file,
+    context: "full",
+    perspectives: ["security"]
+  })
+}
+// 3. Generate report
+review_report({
+  format: "markdown",
+  groupBy: "severity"
+})
+```
+### Workflow 4: Context Analysis + Pipeline
+**Extensions:** pi-smart + pi-pipeline
+```typescript
+// 1. Analyze codebase complexity
+analyze({
+  files: "src/**/*.ts",
+  intent: "complexity"
+})
+// 2. Optimize context for pipeline
+smart_config({
+  action: "set",
+  key: "focus",
+  value: "src/complex/*"
+})
+// 3. Run pipeline with optimized context
+pipeline_verify({
+  testCommand: "npm test"
+})
+// 4. Monitor status
+pipeline_status()
+```
+### Workflow 5: Security + Debug Verification
+**Extensions:** pi-audit + pi-debug + pi-recollect
+```typescript
+// 1. Find vulnerability
+review_diff({ base: "HEAD~1", head: "HEAD" })
+// → Found: SQL injection at db.ts:42
+// 2. Debug to verify exploitability
+debug_start({ program: "src/app.ts" })
+debug_breakpoint({ file: "src/db.ts", line: 42 })
+// 3. Test the exploit
+debug_evaluate({
+  expression: "userInput + query"
+})
+// → Confirmed: SQL injection possible
+// 4. Store the finding
+memory_store({
+  category: "security",
+  title: "SQL Injection db.ts:42",
+  content: "Verified exploitable. Fix: Use db.query('SELECT * FROM ? WHERE id = ?', [table, id])"
+})
+```
+### Workflow 6: Pipeline + Visual Feedback
+**Extensions:** pi-pipeline + pi-render
+```typescript
+// 1. Show pipeline plan
+visual_update_plan({
+  title: "Security Review Pipeline",
+  status: "DRAFT",
+  tasks: [
+    { id: "1", description: "Review diff", status: "pending" },
+    { id: "2", description: "Audit code", status: "pending" },
+    { id: "3", description: "Generate report", status: "pending" }
+  ]
+})
+// 2. Run verification
+pipeline_verify({ testCommand: "npm test" })
+// 3. Show progress
+visual_update_progress({
+  phase: "audit",
+  completed: 1,
+  total: 3,
+  currentTask: "Auditing authentication"
+})
+// 4. Show findings
+visual_show_findings({
+  findings: [
+    { file: "src/auth.ts", severity: "high", message: "Missing rate limiting" }
+  ]
+})
+```
+### Workflow 7: CI/CD + Debug
+**Extensions:** pi-cicd + pi-debug + pi-recollect
+```typescript
+// 1. Run CI tests
+// /ci run --stage=test
+// 2. If failed: debug the failing test
+debug_start({ program: "test/auth.test.ts" })
+debug_breakpoint({ file: "test/auth.test.ts", line: 42 })
+// 3. Find root cause
+debug_variables({ scope: "locals" })
+debug_evaluate({ expression: "expected" })
+// 4. Store the fix
+memory_store({
+  category: "bug",
+  title: "Auth test fix",
+  content: "Test expected 'admin' but got 'user'. Fix: Check user.role instead of user.name"
+})
+```
+### Workflow 8: Web Research + Memory
+**Extensions:** pi-browse + pi-recollect
+```typescript
+// 1. Research API
+web_search({ query: "Stripe subscription API 2024" })
+web_fetch({ url: "https://stripe.com/docs/api/subscriptions" })
+// 2. Store findings
+memory_store({
+  category: "api",
+  title: "Stripe Subscription API",
+  content: `POST /v1/subscriptions
+Body: { customer, items: [{price, quantity}] }
+Response: { id, status, customer }`
+})
+// 3. Next time: just search
+memory_search({ query: "Stripe subscription" })
+```
+### Workflow 9: Code Structure + Analysis
+**Extensions:** pi-langsrv + pi-smart
+```typescript
+// 1. Get code structure
+lsp_symbols({ file: "src/**/*.ts" })
+// → Get all classes and functions
+// 2. Analyze for refactoring
+analyze({
+  files: "src/**/*.ts",
+  intent: "refactor-candidates"
+})
+// 3. Get details on complex ones
+for (const symbol of complexSymbols) {
+  lsp_find_refs({ file: symbol.file, line: symbol.line })
+  // → Find all usages
+}
+```
+## Integration Decision Tree
+```
+┌─────────────────────────────────────────────────────────────┐
+│                    WHAT ARE YOU DOING?                       │
+└─────────────────────────────────────────────────────────────┘
+                            │
+                            ▼
+          ┌─────────────────────────────────────────┐
+          │ Security Audit?                        │
+          │ → Use pi-audit                          │
+          │ → Combine with:                         │
+          │   - pi-browse (CVE research)           │
+          │   - pi-debug (verify exploit)           │
+          │   - pi-recollect (store findings)       │
+          └─────────────────────────────────────────┘
+                            │
+          ┌─────────────────────────────────────────┐
+          │ Debugging Issue?                         │
+          │ → Use pi-debug                          │
+          │ → Combine with:                         │
+          │   - pi-langsrv (find call sites)        │
+          │   - pi-recollect (past bugs)            │
+          └─────────────────────────────────────────┘
+                            │
+          ┌─────────────────────────────────────────┐
+          │ Understanding Code?                     │
+          │ → Use pi-langsrv                       │
+          │ → Combine with:                         │
+          │   - pi-smart (complexity analysis)     │
+          │   - pi-audit (security review)         │
+          └─────────────────────────────────────────┘
+                            │
+          ┌─────────────────────────────────────────┐
+          │ CI/CD Issue?                            │
+          │ → Use pi-cicd                          │
+          │ → Combine with:                         │
+          │   - pi-debug (debug failing tests)     │
+          │   - pi-pipeline (orchestrate)           │
+          │   - pi-render (show progress)           │
+          └─────────────────────────────────────────┘
+                            │
+          ┌─────────────────────────────────────────┐
+          │ Pipeline Run?                           │
+          │ → Use pi-pipeline                       │
+          │ → Combine with:                         │
+          │   - pi-render (visual feedback)         │
+          │   - pi-audit (security gate)            │
+          │   - pi-smart (optimize context)         │
+          └─────────────────────────────────────────┘
+```
+## Golden Rules
+### Rule 1: Combine Understanding + Action
+```
+pi-langsrv (where is this?) → pi-debug (run it)
+pi-langsrv (what calls this?) → pi-audit (is it secure?)
+```
+### Rule 2: Combine Analysis + Memory
+```
+pi-browse (research) → pi-recollect (remember)
+pi-debug (find bug) → pi-recollect (remember)
+pi-audit (find vuln) → pi-recollect (remember)
+```
+### Rule 3: Combine Execution + Feedback
+```
+pi-pipeline (run) → pi-render (show progress)
+pi-cicd (run) → pi-render (show results)
+```
+## Common Patterns
+### Pattern: Research → Store → Apply
+```typescript
+// Research
+web_search({ query: "best practices React hooks" })
+// Store
+memory_store({ category: "pattern", title: "React hooks", content: "..." })
+// Apply next time
+memory_search({ query: "React hooks" })
+```
+### Pattern: Find → Verify → Fix → Remember
+```typescript
+// Find issue
+review_diff({ base: "HEAD~1", head: "HEAD" })
+// Verify with runtime
+debug_start({ program: "src/app.ts" })
+// Fix code...
+// Remember
+memory_store({ category: "bug", title: "Fixed issue", content: "..." })
+```
+### Pattern: Understand → Analyze → Refactor
+```typescript
+// Understand structure
+lsp_symbols({ file: "src/**/*.ts" })
+// Analyze complexity
+analyze({ files: "src/**/*.ts", intent: "refactor" })
+// Refactor
+// ... make changes ...
+```
+## Token Optimization Matrix
+| Workflow | Without Integration | With Integration | Savings |
+|----------|-------------------|------------------|---------|
+| Security Audit | 3000 tokens | 1500 tokens | 50% |
+| Debug Issue | 2000 tokens | 1000 tokens | 50% |
+| CI/CD Debug | 4000 tokens | 2000 tokens | 50% |
+| Research API | 5000 tokens | 2500 tokens | 50% |
+## When to Combine Extensions
+| Task | Required Extensions |
+|------|-------------------|
+| Security review | pi-audit + pi-browse + pi-recollect |
+| Debug issue | pi-debug + pi-langsrv + pi-recollect |
+| CI/CD failure | pi-cicd + pi-debug + pi-recollect |
+| Security gate in pipeline | pi-pipeline + pi-audit + pi-render |
+| Code analysis | pi-langsrv + pi-smart + pi-recollect |
+| Web research | pi-browse + pi-recollect |
+## Remember
+1. **No extension works alone** - Always consider combinations
+2. **Store findings** - Use pi-recollect to remember
+3. **Use navigation** - pi-langsrv helps find what to debug/audit
+4. **Visual feedback** - Use pi-render for progress
+5. **Chain workflows** - One output feeds into the next

package/src/config.ts CHANGED Viewed

@@ -51,6 +51,29 @@ const DEFAULT_CONFIG: PiCiConfig = {
   },
 };
+/** Recursively merge `override` into `base`, handling nested objects.
+ * Does not mutate either argument.
+ */
+function deepMerge(base: Record<string, unknown>, override: Record<string, unknown>): Record<string, unknown> {
+	const result: Record<string, unknown> = { ...base };
+	for (const key of Object.keys(override)) {
+		const bv = base[key];
+		const ov = override[key];
+		if (
+			bv !== undefined && ov !== undefined &&
+			typeof bv === "object" && !Array.isArray(bv) &&
+			typeof ov === "object" && !Array.isArray(ov)
+		) {
+			result[key] = deepMerge(bv as Record<string, unknown>, ov as Record<string, unknown>);
+		} else {
+			result[key] = ov;
+		}
+	}
+	return result;
+}
+export { deepMerge };
 /**
  * Load pi-ci configuration from `.pi/pi-ci.json` (if present) merged with defaults.
  */
@@ -62,38 +85,18 @@ export async function loadCiConfig(cwd?: string): Promise<PiCiConfig> {
   try {
     text = await readFile(configPath, "utf-8");
   } catch {
-    return { ...DEFAULT_CONFIG };
+    return structuredClone(DEFAULT_CONFIG) as PiCiConfig;
   }
   const raw: unknown = JSON.parse(text);
   if (typeof raw !== "object" || raw === null || Array.isArray(raw)) {
-    return { ...DEFAULT_CONFIG };
+    return structuredClone(DEFAULT_CONFIG) as PiCiConfig;
   }
-  const user = raw as Record<string, unknown>;
-  return {
-    enabled: typeof user.enabled === "boolean" ? user.enabled : DEFAULT_CONFIG.enabled,
-    idleTimeoutMs:
-      typeof user.idleTimeoutMs === "number" ? user.idleTimeoutMs : DEFAULT_CONFIG.idleTimeoutMs,
-    maxRetries:
-      typeof user.maxRetries === "number" ? user.maxRetries : DEFAULT_CONFIG.maxRetries,
-    retryBackoffMaxMs:
-      typeof user.retryBackoffMaxMs === "number"
-        ? user.retryBackoffMaxMs
-        : DEFAULT_CONFIG.retryBackoffMaxMs,
-    exitCodes: {
-      ...DEFAULT_CONFIG.exitCodes,
-      ...(typeof user.exitCodes === "object" && user.exitCodes !== null
-        ? (user.exitCodes as Partial<PiCiExitCodeConfig>)
-        : {}),
-    },
-    report: {
-      ...DEFAULT_CONFIG.report,
-      ...(typeof user.report === "object" && user.report !== null
-        ? (user.report as Partial<PiCiReportConfig>)
-        : {}),
-    },
-  };
+  return deepMerge(
+    structuredClone(DEFAULT_CONFIG) as unknown as Record<string, unknown>,
+    raw as Record<string, unknown>,
+  ) as PiCiConfig;
 }
-export { DEFAULT_CONFIG };
+export { DEFAULT_CONFIG };