solo-cto-agent 1.0.0 → 1.1.0

package/CHANGELOG

@@ -1,5 +1,59 @@
 # Changelog
 
+## 1.1.0 — Tier-aware reviews, security signals, plugins & telegram
+
+**Theme**: closing the last gaps around signal quality and agent
+extensibility. The review loop now reasons about Haiku/Sonnet/Opus
+tier-appropriately, surfaces live CVE/GHSA advisories via OSV.dev,
+captures screenshots without Playwright, and gains a first-cut
+plugin system + experimental telegram setup wizard.
+
+### External signals (PR-G4)
+* **T2 Security Advisories (OSV.dev)** — CVE + GHSA scan across
+  `dependencies` + `devDependencies`. Severity normalized (DB-specific
+  > CVSS numeric > UNKNOWN) and merged into the external-knowledge
+  context block. Gate: `COWORK_EXTERNAL_KNOWLEDGE_SECURITY=0` to skip.
+
+### Review tiering (PR-G2)
+* **Per-tier Claude model resolution** — Haiku (cheap triage) / Sonnet
+  (default) / Opus (deep review) selected automatically based on watch
+  tier. Overridable via `ANTHROPIC_MODEL_HAIKU|SONNET|OPUS`.
+
+### UI/UX loop (PR-G5)
+* **Playwright-free screenshot capture** — `uiux vision-review --url`
+  and `uiux capture --url` now fall back to thum.io when Playwright is
+  unavailable. Viewports: mobile 375x812 / tablet 768x1024 / desktop
+  1280x800.
+
+### Plugins & integrations (PR-G6 / G7)
+* **`docs/plugin-api-v2.md`** — capability manifest spec
+  (env/net/fs/cli/hook/schedule prefixes), contribution points, agent
+  targeting (`claude` / `codex` / `cowork` / `headless`).
+* **`plugin` subcommand** — filesystem-only manager:
+  `solo-cto-agent plugin list|show|add --path <dir>|remove`. Records
+  metadata only; does NOT execute plugin code. Runtime loader lands
+  in a follow-up behind the capability gate.
+* **`telegram wizard`** (experimental — `SOLO_CTO_EXPERIMENTAL=1`)
+  — one-command bot token + chat_id capture + `.env` / shell profile
+  / GitHub secret writeback + live sendMessage verification.
+* **`docs/telegram-wizard-spec.md`** — full spec including failure
+  modes and i18n hooks.
+
+### Developer experience
+* **375 tests** (up from 247 in 1.0.0) across 28 files — all offline,
+  all network calls stubbed via injected `fetchImpl`.
+* **Shared `prompt-utils.js`** — `ask` / `askYesNo` / `askChoice` /
+  `isTTY` / `createRl` extracted from `wizard.js` for future wizards.
+* **npm publish automation** — tag `v*` now triggers full CI +
+  `npm publish` + GitHub Release in one workflow.
+
+### Upgrade notes
+* No breaking changes. All new features are additive and gated on
+  env vars (`COWORK_EXTERNAL_KNOWLEDGE_SECURITY`,
+  `SOLO_CTO_EXPERIMENTAL`).
+* `solo-cto-agent plugin` and `solo-cto-agent telegram` are new
+  commands — existing commands are unchanged.
+
 ## 1.0.0 — First stable release
 
 **Why 1.0**: the loop is now closable end-to-end. Previous 0.x releases were

package/README.md

@@ -313,10 +313,13 @@ Run a Claude-powered code review directly from your terminal, no GitHub Actions
 ANTHROPIC_API_KEY=sk-xxx solo-cto-agent review
 
 # Review a branch diff (dry-run: see the prompt without calling API)
-solo-cto-agent review --diff main..feature --dry-run
+solo-cto-agent review --branch --dry-run
 
-# Review specific directory
-solo-cto-agent review --path ./src --diff HEAD~3
+# Review a branch diff against a specific base (e.g., master)
+solo-cto-agent review --branch --target master
+
+# Review specific file
+solo-cto-agent review --file src/app/page.tsx
 ```
 
 The review checks your diff against the local failure catalog (known error patterns), then sends it to Claude for security, performance, correctness, and style analysis. Results are saved as markdown reports in `~/.claude/skills/solo-cto-agent/reviews/`. This is the same review quality as the CI/CD pipeline, but runs entirely locally — useful for private repos, offline work, or pre-push checks.

package/bin/cli.js

@@ -8,6 +8,7 @@ const { execSync } = require("child_process");
 
 const { syncCommand } = require("./sync");
 const { runWizard, hasWizardFlag } = require("./wizard");
+const i18n = require("./i18n");
 const { localReview, knowledgeCapture, dualReview, detectMode, sessionSave, sessionRestore, sessionList, recordFeedback, setLogChannel } = require("./cowork-engine");
 // Lazy-load optional modules so missing files don't break older installs.
 let uiux, rework, watch, notify, inboundFeedback;
@@ -16,6 +17,10 @@ try { rework = require("./rework"); } catch (_) { rework = null; }
 try { watch = require("./watch"); } catch (_) { watch = null; }
 try { notify = require("./notify"); } catch (_) { notify = null; }
 try { inboundFeedback = require("./inbound-feedback"); } catch (_) { inboundFeedback = null; }
+let pluginManager;
+try { pluginManager = require("./plugin-manager"); } catch (_) { pluginManager = null; }
+let telegramWizard;
+try { telegramWizard = require("./telegram-wizard"); } catch (_) { telegramWizard = null; }
 
 const ROOT = path.resolve(__dirname, "..");
 const DEFAULT_CATALOG = path.join(ROOT, "failure-catalog.json");
@@ -34,7 +39,7 @@ const DEFAULT_PRESET = "builder";
 // ─── Helpers ────────────────────────────────────────────────
 
 function printHelp() {
-  console.log(`solo-cto-agent — Dual-Agent CI/CD Orchestrator
+  console.log(`solo-cto-agent — ${i18n.t("cli.tagline")}
 
 Usage:
   solo-cto-agent init [--force] [--preset maker|builder|cto] [--wizard]
@@ -50,6 +55,7 @@ Usage:
   solo-cto-agent lint [path]
   solo-cto-agent doctor
   solo-cto-agent --help
+  solo-cto-agent --lang <en|ko> <command>      # override CLI locale (or SOLO_CTO_LANG env)
 
 Commands:
   init              Install skills to ~/.claude/skills/ (add --wizard for interactive setup)
@@ -1064,6 +1070,7 @@ function doctorCommand() {
       const hasLocalReview = typeof engine.localReview === "function";
       const hasKnowledge = typeof engine.knowledgeCapture === "function";
       const hasDualReview = typeof engine.dualReview === "function";
+      const hasDetectDefaultBranch = typeof engine.detectDefaultBranch === "function";
       const sessionSave = typeof engine.sessionSave === "function";
       const sessionRestore = typeof engine.sessionRestore === "function";
       const sessionList = typeof engine.sessionList === "function";
@@ -1081,6 +1088,19 @@ function doctorCommand() {
         console.log("   ⚠️  Session functions not available");
         issues.push({ level: "warn", msg: "Engine missing session functions" });
       }
+
+      const isGitRepo = fs.existsSync(path.join(process.cwd(), ".git"));
+      if (hasDetectDefaultBranch && isGitRepo) {
+        try {
+          const base = engine.detectDefaultBranch({ cwd: process.cwd() });
+          console.log(`   ℹ️  Default branch: ${base}`);
+        } catch (err) {
+          console.log(`   ⚠️  Default branch detection failed: ${err.message}`);
+          issues.push({ level: "warn", msg: "Default branch detection failed" });
+        }
+      } else if (!isGitRepo) {
+        console.log("   ℹ️  Default branch: N/A (not a git repo)");
+      }
     } catch (err) {
       console.log(`   ⚠️  Engine load failed: ${err.message}`);
       issues.push({ level: "warn", msg: `Engine load failed: ${err.message}` });
@@ -1364,6 +1384,11 @@ function upgradeCommand(org, repos, orchName) {
 
 async function main() {
   const args = process.argv.slice(2);
+
+  // i18n: resolve locale from --lang flag, env, or default. Must happen before
+  // any user-facing output so printHelp() and error messages respect the choice.
+  i18n.setLocale(i18n.parseLangFlag(args));
+
   const cmd = args[0];
 
   if (!cmd || cmd === "--help" || cmd === "-h" || cmd === "help") {
@@ -1570,13 +1595,26 @@ async function main() {
       } else if (sub === "vision") {
         await uiux.uiuxVisionReview({
           screenshotPath: get("--screenshot"),
+          url: get("--url"),
           viewport: get("--viewport") || "desktop",
           projectSlug: get("--project") || path.basename(process.cwd()),
         });
+      } else if (sub === "capture") {
+        // PR-G5 — standalone URL→screenshot capture (no Playwright)
+        const url = get("--url");
+        if (!url) { console.error("❌ --url required for 'uiux capture'"); process.exit(1); }
+        const out = get("--out") || null;
+        const cap = await uiux.captureScreenshotFromUrl(url, {
+          viewport: get("--viewport") || "desktop",
+          outPath: out,
+        });
+        if (!cap.ok) { console.error(`❌ capture failed: ${cap.error}`); process.exit(1); }
+        console.log(`✓ captured ${(cap.bytes / 1024).toFixed(1)} KB via ${cap.source} → ${cap.path}`);
       } else if (sub === "cross-verify") {
         await uiux.uiuxCrossVerify({
           diffSource: args.includes("--branch") ? "branch" : "staged",
           screenshotPath: get("--screenshot"),
+          url: get("--url"),
           viewport: get("--viewport") || "desktop",
           projectSlug: get("--project") || path.basename(process.cwd()),
           projectDir: get("--cwd") || process.cwd(),
@@ -1782,6 +1820,116 @@ async function main() {
     return;
   }
 
+  if (cmd === "telegram") {
+    if (!telegramWizard) {
+      console.error("❌ telegram-wizard module not available in this install.");
+      process.exit(1);
+    }
+    const sub = args[1] || "wizard";
+    if (sub !== "wizard") {
+      console.error(`❌ Unknown telegram subcommand: ${sub}`);
+      console.error(`   Use: solo-cto-agent telegram wizard`);
+      process.exit(1);
+    }
+    const opts = {};
+    const tokIdx = args.indexOf("--token");      if (tokIdx >= 0) opts.token = args[tokIdx + 1];
+    const chatIdx = args.indexOf("--chat");      if (chatIdx >= 0) opts.chat = args[chatIdx + 1];
+    const stoIdx = args.indexOf("--storage");    if (stoIdx >= 0) opts.storage = parseInt(args[stoIdx + 1], 10);
+    const toutIdx = args.indexOf("--timeout");   if (toutIdx >= 0) opts.timeout = parseInt(args[toutIdx + 1], 10);
+    if (args.includes("--non-interactive")) opts.nonInteractive = true;
+    if (args.includes("--force")) opts.force = true;
+    telegramWizard.runWizard(opts).then((res) => {
+      if (!res || !res.ok) process.exit(1);
+    }).catch((e) => {
+      console.error(`❌ ${e.message}`);
+      process.exit(1);
+    });
+    return;
+  }
+
+  if (cmd === "plugin") {
+    if (!pluginManager) {
+      console.error("❌ plugin-manager module not available in this install.");
+      process.exit(1);
+    }
+    const sub = args[1] || "list";
+
+    if (sub === "list") {
+      const plugins = pluginManager.listPlugins();
+      if (args.includes("--json")) {
+        console.log(JSON.stringify(plugins, null, 2));
+      } else {
+        console.log(pluginManager.formatPluginListText(plugins));
+      }
+      return;
+    }
+
+    if (sub === "show") {
+      const name = args[2];
+      if (!name) {
+        console.error("❌ Usage: solo-cto-agent plugin show <name>");
+        process.exit(1);
+      }
+      const manifest = pluginManager.readManifest();
+      const plugin = pluginManager.findPlugin(manifest, name);
+      if (!plugin) {
+        console.error(`❌ Plugin not found: ${name}`);
+        process.exit(1);
+      }
+      console.log(JSON.stringify(plugin, null, 2));
+      return;
+    }
+
+    if (sub === "add") {
+      const pathIdx = args.indexOf("--path");
+      const nameIdx = args.indexOf("--name");
+      if (pathIdx < 0) {
+        console.error("❌ Usage: solo-cto-agent plugin add --path <dir> [--name <override>]");
+        console.error("   (npm install coming in a later release; use --path for local dirs.)");
+        process.exit(1);
+      }
+      const dir = path.resolve(args[pathIdx + 1]);
+      const read = pluginManager.readPackageJsonFromPath(dir);
+      if (!read.ok) {
+        console.error(`❌ ${read.error}`);
+        process.exit(1);
+      }
+      const pkg = nameIdx >= 0 ? { ...read.pkg, name: args[nameIdx + 1] } : read.pkg;
+      const source = `path:${dir}`;
+      const res = pluginManager.addPlugin({ pkg, source });
+      if (!res.ok) {
+        console.error("❌ Plugin validation failed:");
+        for (const e of res.errors) console.error(`   - ${e}`);
+        process.exit(1);
+      }
+      console.log(`✓ ${res.replaced ? "Updated" : "Added"} ${res.plugin.name}@${res.plugin.version} (${source})`);
+      console.log(`  agents: ${res.plugin.agents.join(", ")}`);
+      if (res.plugin.capabilities.length) {
+        console.log(`  capabilities: ${res.plugin.capabilities.join(", ")}`);
+      }
+      return;
+    }
+
+    if (sub === "remove" || sub === "rm") {
+      const name = args[2];
+      if (!name) {
+        console.error("❌ Usage: solo-cto-agent plugin remove <name>");
+        process.exit(1);
+      }
+      const res = pluginManager.removePlugin(name);
+      if (!res.removed) {
+        console.error(`❌ Plugin not found: ${name}`);
+        process.exit(1);
+      }
+      console.log(`✓ Removed ${name}`);
+      return;
+    }
+
+    console.error(`❌ Unknown plugin subcommand: ${sub}`);
+    console.error(`   Use: solo-cto-agent plugin list|show|add|remove`);
+    process.exit(1);
+  }
+
   printHelp();
   process.exit(1);
 }