npm - skillstore-cli - Versions diffs - 1.0.0 - Mend

skillstore-cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (231) hide show

package/data/shared/framework/commands/git/cm.md ADDED Viewed

@@ -0,0 +1,37 @@
+---
+description: Generate commit message from staged changes and commit
+argument-hint: [optional context about the changes]
+---
+## Your Mission
+Create a commit for current staged changes.
+<context>
+$ARGUMENTS
+</context>
+## Process
+1. Run `git diff --staged` to see all changes
+2. Analyze changes — what was done and why
+3. Generate commit message:
+   - Subject: imperative mood, < 72 chars, describes WHAT
+   - Body (if needed): explains WHY
+4. Security check: scan staged files for secrets
+5. Show commit message to user for approval
+6. Commit on approval
+## Commit Message Format
+```
+<type>: <subject>
+<optional body explaining why>
+```
+Types: feat, fix, refactor, test, docs, chore, style, perf
+## Rules
+- ALWAYS show message and ask before committing
+- NEVER commit if secrets detected
+- If no staged changes: report and suggest `git add`

package/data/shared/framework/commands/git/pr.md ADDED Viewed

@@ -0,0 +1,40 @@
+---
+description: Create a pull request with auto-generated title and description
+argument-hint: [optional PR context]
+---
+## Your Mission
+Create a PR for current branch.
+<context>
+$ARGUMENTS
+</context>
+## Process
+1. Check current branch and base branch
+2. Run `git log base..HEAD` to see all commits
+3. Run `git diff base...HEAD` to see all changes
+4. Generate PR:
+   - Title: < 70 chars, describes the feature/fix
+   - Body: Summary (bullets), Changes (list), Test plan (checklist)
+5. Show to user for approval
+6. Create PR using `gh pr create`
+## PR Body Format
+```markdown
+## Summary
+- [1-3 bullet points]
+## Changes
+- [File/component level changes]
+## Test Plan
+- [ ] [Test scenarios]
+```
+## Rules
+- ALWAYS show PR content before creating
+- Push branch to remote first if needed
+- Include test plan even for small changes

package/data/shared/framework/config/CLAUDE.md.template ADDED Viewed

@@ -0,0 +1,26 @@
+# Project Configuration — DevFlow by SkillStore
+## Workflows (MUST READ & FOLLOW)
+- `.claude/workflows/primary-workflow.md` — Mandatory 5-step dev process
+- `.claude/workflows/documentation-management.md` — Docs update triggers
+- `.claude/rules/development-rules.md` — Code quality standards
+- `.claude/protocols/orchestration-protocol.md` — Agent coordination
+- `.claude/protocols/error-recovery.md` — Error handling & retry policy
+## Quality
+- `.claude/quality/verification-protocol.md` — Completion verification
+- `.claude/quality/review-protocol.md` — Code review standards
+## Configuration
+- `.claude/config/skillstore.config.json` — Thresholds, models, strictness
+## Key Rules
+1. **Plan before implement** — Use `planner` agent for non-trivial tasks
+2. **Test before claim done** — Use `tester` agent to verify
+3. **Review before merge** — Use `code-reviewer` agent for quality gate
+4. **Fix root cause, not symptoms** — Use `debugger` agent when stuck
+5. **Keep docs current** — Use `docs-manager` agent when code changes significantly

package/data/shared/framework/config/settings.json ADDED Viewed

@@ -0,0 +1,41 @@
+{
+  "hooks": {
+    "PreToolUse": [
+      {
+        "matcher": "Bash",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/scout-block.js"
+          }
+        ]
+      }
+    ],
+    "PostToolUse": [
+      {
+        "matcher": "Write|Edit",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "node \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/modularization-hook.js"
+          }
+        ]
+      }
+    ],
+    "Stop": [
+      {
+        "matcher": "",
+        "hooks": [
+          {
+            "type": "command",
+            "command": "bash \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/discord-notify.sh"
+          },
+          {
+            "type": "command",
+            "command": "bash \"$CLAUDE_PROJECT_DIR\"/.claude/hooks/telegram-notify.sh"
+          }
+        ]
+      }
+    ]
+  }
+}

package/data/shared/framework/config/skillstore.config.json ADDED Viewed

@@ -0,0 +1,29 @@
+{
+  "models": {
+    "primary": "sonnet",
+    "lightweight": "haiku",
+    "fallback": "haiku",
+    "external": null
+  },
+  "thresholds": {
+    "maxFileLines": 200,
+    "maxRetries": 3,
+    "agentTimeoutMs": 180000,
+    "commitMessageMaxChars": 72,
+    "maxAgentReportLines": 150
+  },
+  "strictness": "balanced",
+  "team": {
+    "mode": "individual",
+    "roles": []
+  },
+  "hooks": {
+    "qualityGate": true,
+    "docsSync": true,
+    "notifications": {
+      "enabled": false,
+      "discord": null,
+      "telegram": null
+    }
+  }
+}

package/data/shared/framework/hooks/discord-notify.sh ADDED Viewed

@@ -0,0 +1,85 @@
+#!/bin/bash
+# Discord Notification Hook (Stop/SubagentStop)
+#
+# Sends rich embed notifications to Discord when sessions complete.
+# Requires: DISCORD_WEBHOOK_URL in environment or .claude/.env
+#
+# Non-blocking: always exits 0.
+set -e
+# Load environment
+load_env() {
+  local env_files=(
+    "$CLAUDE_PROJECT_DIR/.claude/hooks/.env"
+    "$CLAUDE_PROJECT_DIR/.claude/.env"
+  )
+  for f in "${env_files[@]}"; do
+    if [ -f "$f" ]; then
+      set -a
+      source "$f"
+      set +a
+    fi
+  done
+}
+load_env
+# Check webhook URL
+if [ -z "$DISCORD_WEBHOOK_URL" ]; then
+  exit 0
+fi
+# Read stdin
+INPUT=$(cat /dev/stdin)
+# Parse event data
+EVENT_TYPE=$(echo "$INPUT" | node -e "
+  const d=JSON.parse(require('fs').readFileSync('/dev/stdin','utf-8'));
+  console.log(d.event || 'unknown');
+" 2>/dev/null || echo "unknown")
+TIMESTAMP=$(TZ='Asia/Ho_Chi_Minh' date '+%Y-%m-%d %H:%M:%S')
+SESSION_ID=$(echo "$INPUT" | node -e "
+  const d=JSON.parse(require('fs').readFileSync('/dev/stdin','utf-8'));
+  console.log(d.session_id || 'N/A');
+" 2>/dev/null || echo "N/A")
+# Build embed based on event type
+case "$EVENT_TYPE" in
+  "Stop")
+    TITLE="Session Completed"
+    COLOR=65280  # Green
+    ;;
+  "SubagentStop")
+    TITLE="Agent Completed"
+    COLOR=3447003  # Blue
+    ;;
+  *)
+    TITLE="Event: $EVENT_TYPE"
+    COLOR=16776960  # Yellow
+    ;;
+esac
+DESCRIPTION="**Time:** $TIMESTAMP\n**Session:** $SESSION_ID\n**Event:** $EVENT_TYPE"
+# Send Discord embed
+PAYLOAD=$(cat <<ENDJSON
+{
+  "embeds": [{
+    "title": "$TITLE",
+    "description": "$DESCRIPTION",
+    "color": $COLOR,
+    "footer": {"text": "SkillStore DevFlow"},
+    "timestamp": "$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+  }]
+}
+ENDJSON
+)
+curl -s -H "Content-Type: application/json" \
+  -d "$PAYLOAD" \
+  "$DISCORD_WEBHOOK_URL" > /dev/null 2>&1 || true
+exit 0

package/data/shared/framework/hooks/docs-sync.sh ADDED Viewed

@@ -0,0 +1,53 @@
+#!/bin/bash
+# Docs Sync Hook (PostToolUse — Bash with git commit)
+#
+# After git commits, checks if documentation might be stale.
+# Compares code change timestamps with docs/ timestamps.
+# Non-blocking: always exits 0.
+set -e
+# Read stdin for tool input
+INPUT=$(cat /dev/stdin)
+TOOL_NAME=$(echo "$INPUT" | node -e "const d=JSON.parse(require('fs').readFileSync('/dev/stdin','utf-8')); console.log(d.tool_name || '')")
+COMMAND=$(echo "$INPUT" | node -e "const d=JSON.parse(require('fs').readFileSync('/dev/stdin','utf-8')); console.log(d.tool_params?.command || '')")
+# Only trigger on Bash tool with git commit
+if [ "$TOOL_NAME" != "Bash" ]; then
+  exit 0
+fi
+if ! echo "$COMMAND" | grep -q "git commit"; then
+  exit 0
+fi
+# Check if docs/ directory exists
+DOCS_DIR="./docs"
+if [ ! -d "$DOCS_DIR" ]; then
+  exit 0
+fi
+# Find recently changed source files (last commit)
+CHANGED_FILES=$(git diff --name-only HEAD~1 HEAD 2>/dev/null || echo "")
+if [ -z "$CHANGED_FILES" ]; then
+  exit 0
+fi
+# Check if any source files changed but docs didn't
+SOURCE_CHANGED=false
+DOCS_CHANGED=false
+for f in $CHANGED_FILES; do
+  case "$f" in
+    docs/*) DOCS_CHANGED=true ;;
+    *.ts|*.js|*.tsx|*.jsx|*.py|*.go|*.rs|*.java) SOURCE_CHANGED=true ;;
+  esac
+done
+if [ "$SOURCE_CHANGED" = true ] && [ "$DOCS_CHANGED" = false ]; then
+  # Output warning as additional context
+  echo "{\"additionalContext\": \"Docs Sync: Source files changed but docs/ was not updated. Consider updating documentation.\"}"
+fi
+exit 0

package/data/shared/framework/hooks/modularization-hook.js ADDED Viewed

@@ -0,0 +1,103 @@
+#!/usr/bin/env node
+/**
+ * Modularization Hook (PostToolUse — Write/Edit)
+ *
+ * After file write/edit, checks if file exceeds LOC threshold.
+ * Provides actionable suggestions for splitting files.
+ * Non-blocking: always exits 0.
+ *
+ * Reads threshold from skillstore.config.json if available.
+ */
+import { readFileSync, existsSync } from 'fs';
+import { join, relative, basename } from 'path';
+function loadConfig() {
+  const configPaths = [
+    join(process.cwd(), '.claude', 'config', 'skillstore.config.json'),
+    join(process.cwd(), 'skillstore.config.json'),
+  ];
+  for (const p of configPaths) {
+    if (existsSync(p)) {
+      try { return JSON.parse(readFileSync(p, 'utf-8')); } catch { /* ignore */ }
+    }
+  }
+  return { thresholds: { maxFileLines: 200 } };
+}
+function analyzeFile(filePath, content) {
+  const lines = content.split('\n');
+  const lineCount = lines.length;
+  const config = loadConfig();
+  const threshold = config.thresholds?.maxFileLines || 200;
+  if (lineCount <= threshold) return null;
+  // Count functions/classes/exports for split suggestions
+  const functionCount = (content.match(/(?:function\s+\w+|const\s+\w+\s*=\s*(?:async\s*)?\(|(?:export\s+)?class\s+\w+)/g) || []).length;
+  const exportCount = (content.match(/export\s+(?:default\s+)?(?:function|class|const|interface|type)/g) || []).length;
+  const suggestions = [
+    `File ${relative(process.cwd(), filePath)} has ${lineCount} LOC (threshold: ${threshold}).`,
+    'Consider modularization:',
+  ];
+  if (functionCount > 5) {
+    suggestions.push(`- ${functionCount} functions detected. Group related functions into separate modules.`);
+  }
+  if (exportCount > 3) {
+    suggestions.push(`- ${exportCount} exports detected. Consider splitting by export responsibility.`);
+  }
+  suggestions.push(
+    '- Use kebab-case naming with descriptive names (e.g., user-auth-service.ts)',
+    '- Ensure file names are self-documenting for LLM Grep/Glob tools',
+    '- Extract utility functions, types, and constants into separate files',
+    '- After modularization, continue with main task'
+  );
+  return suggestions;
+}
+function main() {
+  try {
+    const input = JSON.parse(readFileSync('/dev/stdin', 'utf-8'));
+    const toolName = input.tool_name;
+    if (!['Write', 'Edit'].includes(toolName)) {
+      process.exit(0);
+    }
+    const filePath = input.tool_params?.file_path || input.tool_params?.path;
+    if (!filePath || !existsSync(filePath)) {
+      process.exit(0);
+    }
+    // Skip non-text files
+    if (/\.(png|jpg|jpeg|gif|svg|ico|woff|ttf|eot|pdf|zip|tar|gz|lock)$/i.test(filePath)) {
+      process.exit(0);
+    }
+    // Skip markdown/config files
+    if (/\.(md|json|yaml|yml|toml|ini|cfg)$/i.test(filePath)) {
+      process.exit(0);
+    }
+    const content = readFileSync(filePath, 'utf-8');
+    const suggestions = analyzeFile(filePath, content);
+    if (suggestions) {
+      const output = {
+        additionalContext: suggestions.join('\n')
+      };
+      process.stdout.write(JSON.stringify(output));
+    }
+  } catch {
+    // Non-blocking: always exit 0
+  }
+  process.exit(0);
+}
+main();

package/data/shared/framework/hooks/notification.js ADDED Viewed

@@ -0,0 +1,94 @@
+#!/usr/bin/env node
+/**
+ * Notification Hook (Stop/SubagentStop)
+ *
+ * Sends notifications to Discord/Telegram when sessions complete.
+ * Reads config from skillstore.config.json.
+ * Non-blocking: always exits 0.
+ */
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+function loadConfig() {
+  const configPaths = [
+    join(process.cwd(), '.claude', 'config', 'skillstore.config.json'),
+    join(process.cwd(), 'skillstore.config.json'),
+  ];
+  for (const p of configPaths) {
+    if (existsSync(p)) {
+      try { return JSON.parse(readFileSync(p, 'utf-8')); } catch { /* ignore */ }
+    }
+  }
+  return null;
+}
+async function sendDiscord(webhookUrl, message) {
+  const payload = {
+    embeds: [{
+      title: message.title,
+      description: message.body,
+      color: message.success ? 0x00ff00 : 0xff0000,
+      timestamp: new Date().toISOString(),
+      footer: { text: 'SkillStore DevFlow' }
+    }]
+  };
+  await fetch(webhookUrl, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(payload),
+  });
+}
+async function sendTelegram(botToken, chatId, message) {
+  const text = `*${message.title}*\n\n${message.body}`;
+  const url = `https://api.telegram.org/bot${botToken}/sendMessage`;
+  await fetch(url, {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({
+      chat_id: chatId,
+      text,
+      parse_mode: 'Markdown',
+    }),
+  });
+}
+async function main() {
+  const config = loadConfig();
+  if (!config?.hooks?.notifications?.enabled) {
+    process.exit(0);
+  }
+  const input = JSON.parse(readFileSync('/dev/stdin', 'utf-8'));
+  const eventType = input.event || 'unknown';
+  const message = {
+    title: `Session ${eventType === 'Stop' ? 'Completed' : 'Agent Completed'}`,
+    body: [
+      `Event: ${eventType}`,
+      `Time: ${new Date().toLocaleString('vi-VN', { timeZone: 'Asia/Ho_Chi_Minh' })}`,
+      `Tools used: ${input.tool_uses || 'N/A'}`,
+    ].join('\n'),
+    success: true,
+  };
+  const { discord, telegram } = config.hooks.notifications;
+  const promises = [];
+  if (discord) {
+    promises.push(sendDiscord(discord, message).catch(() => {}));
+  }
+  if (telegram?.botToken && telegram?.chatId) {
+    promises.push(sendTelegram(telegram.botToken, telegram.chatId, message).catch(() => {}));
+  }
+  await Promise.allSettled(promises);
+  process.exit(0);
+}
+main().catch(() => process.exit(0));

package/data/shared/framework/hooks/quality-gate.js ADDED Viewed

@@ -0,0 +1,109 @@
+#!/usr/bin/env node
+/**
+ * Quality Gate Hook (PostToolUse — Write/Edit)
+ *
+ * Non-blocking hook that checks file quality after write/edit operations.
+ * Reads thresholds from skillstore.config.json if available.
+ *
+ * Checks:
+ * - File size exceeds maxFileLines threshold
+ * - TODO/FIXME/HACK comments detected
+ * - Potential secrets patterns
+ */
+import { readFileSync, existsSync } from 'fs';
+import { join } from 'path';
+// Load config
+function loadConfig() {
+  const configPaths = [
+    join(process.cwd(), '.claude', 'config', 'skillstore.config.json'),
+    join(process.cwd(), 'skillstore.config.json'),
+  ];
+  for (const p of configPaths) {
+    if (existsSync(p)) {
+      try { return JSON.parse(readFileSync(p, 'utf-8')); } catch { /* ignore */ }
+    }
+  }
+  return { thresholds: { maxFileLines: 200 }, hooks: { qualityGate: true } };
+}
+function main() {
+  const input = JSON.parse(readFileSync('/dev/stdin', 'utf-8'));
+  const toolName = input.tool_name;
+  // Only check Write and Edit tools
+  if (!['Write', 'Edit'].includes(toolName)) {
+    process.exit(0);
+  }
+  const config = loadConfig();
+  if (!config.hooks?.qualityGate) {
+    process.exit(0);
+  }
+  const filePath = input.tool_params?.file_path || input.tool_params?.path;
+  if (!filePath || !existsSync(filePath)) {
+    process.exit(0);
+  }
+  // Skip non-text files
+  if (/\.(png|jpg|jpeg|gif|svg|ico|woff|ttf|eot|pdf|zip|tar|gz)$/i.test(filePath)) {
+    process.exit(0);
+  }
+  const content = readFileSync(filePath, 'utf-8');
+  const lines = content.split('\n');
+  const warnings = [];
+  // Check file size
+  const maxLines = config.thresholds?.maxFileLines || 200;
+  if (lines.length > maxLines) {
+    warnings.push(
+      `File has ${lines.length} lines (threshold: ${maxLines}). Consider splitting into smaller modules.`
+    );
+  }
+  // Check for TODO/FIXME/HACK
+  const todoPattern = /\b(TODO|FIXME|HACK|XXX|TEMP)\b/;
+  const todoLines = lines
+    .map((line, i) => ({ line: i + 1, match: line.match(todoPattern) }))
+    .filter(l => l.match);
+  if (todoLines.length > 0) {
+    warnings.push(
+      `Found ${todoLines.length} TODO/FIXME/HACK comment(s): lines ${todoLines.map(l => l.line).join(', ')}`
+    );
+  }
+  // Check for potential secrets (simple patterns)
+  const secretPatterns = [
+    /(?:password|passwd|secret|api_key|apikey|access_token)\s*[:=]\s*['"][^'"]{8,}['"]/i,
+    /(?:AKIA|AIza)[A-Za-z0-9]{16,}/,
+    /-----BEGIN (?:RSA )?PRIVATE KEY-----/,
+  ];
+  const hasSecrets = lines.some(line =>
+    secretPatterns.some(p => p.test(line))
+  );
+  if (hasSecrets) {
+    warnings.push('Potential secret/credential detected. Verify before committing.');
+  }
+  // Output warnings as additional context (non-blocking)
+  if (warnings.length > 0) {
+    const output = {
+      additionalContext: `Quality Gate: ${warnings.join(' | ')}`
+    };
+    process.stdout.write(JSON.stringify(output));
+  }
+  // Always exit 0 — non-blocking
+  process.exit(0);
+}
+main();

package/data/shared/framework/hooks/scout-block.js ADDED Viewed

@@ -0,0 +1,77 @@
+#!/usr/bin/env node
+/**
+ * Scout-Block Hook (PreToolUse — Bash)
+ *
+ * Blocks bash commands that access heavy/dangerous directories.
+ * Prevents: node_modules, .git, dist, build, __pycache__, .next, .nuxt
+ *
+ * Exit codes:
+ *   0 = allowed
+ *   2 = blocked
+ */
+import { readFileSync } from 'fs';
+const BLOCKED_PATTERNS = [
+  'node_modules',
+  '__pycache__',
+  '\\.git/',
+  '\\.git$',
+  'dist/',
+  'build/',
+  '\\.next/',
+  '\\.nuxt/',
+  '\\.venv/',
+  'vendor/',
+];
+const BLOCKED_REGEX = new RegExp(BLOCKED_PATTERNS.join('|'));
+// Whitelist: commands that are always safe
+const SAFE_COMMANDS = [
+  /^git\s/,           // git commands are fine
+  /^pnpm\s/,          // package manager
+  /^npm\s/,           // package manager
+  /^yarn\s/,          // package manager
+  /^node\s/,          // node execution
+  /^npx\s/,           // npx
+  /^which\s/,         // which
+  /^echo\s/,          // echo
+  /^pwd$/,            // pwd
+];
+function main() {
+  try {
+    const input = JSON.parse(readFileSync('/dev/stdin', 'utf-8'));
+    const toolName = input.tool_name;
+    if (toolName !== 'Bash') {
+      process.exit(0);
+    }
+    const command = input.tool_params?.command || '';
+    // Check if command is in safe list
+    if (SAFE_COMMANDS.some(pattern => pattern.test(command.trim()))) {
+      process.exit(0);
+    }
+    // Check for blocked patterns in command arguments
+    if (BLOCKED_REGEX.test(command)) {
+      const output = {
+        decision: 'block',
+        reason: `Blocked: command accesses restricted directory. Patterns blocked: ${BLOCKED_PATTERNS.join(', ')}`
+      };
+      process.stderr.write(JSON.stringify(output));
+      process.exit(2);
+    }
+    process.exit(0);
+  } catch {
+    // On error, allow the command (fail open)
+    process.exit(0);
+  }
+}
+main();