zugzbot-sdd 1.5.0

package/skills/sdd-dependency-cooldown/SKILL.md

@@ -0,0 +1,40 @@
+# Skill: Dependency Cooldown Checker
+
+Verifica que las dependencias tengan al menos **3 días** de publicadas antes de ser importadas.
+
+## Trigger
+
+Cuando se requiera agregar una nueva dependencia npm, antes de cualquier `import` o `require`.
+
+## Uso
+
+```bash
+npx -y npm-check-updates <package-name> --dep prod
+# o verificar en https://www.npmjs.com/package/<package-name>
+```
+
+## Regla SDD Cooldown
+
+| Tipo | Tiempo mínimo |
+|:---|:---|
+| Dependencias nuevas | 3 días desde publicación |
+| Updates mayores (major) | 7 días |
+| Dependencias критични (security) | Sin cooldown |
+
+## Verificación Manual
+
+1. Ir a https://www.npmjs.com/package/<nombre-paquete>
+2. Buscar "Published" en la sección de metadata
+3. Calcular días desde publicación
+4. Si >= 3 días, APPROVED
+5. Si < 3 días, WAIT con fecha de aprobación
+
+## Criterios de Bloqueo
+
+- ❌ Paquetes con < 3 días
+- ❌ Paquetes sin downloads recientes (posible abandonware)
+- ❌ Paquetes con vulnerabilities conocidas sin fix
+
+## Tags
+
+#sdd #dependency #npm #cooldown

package/skills/sdd-tree-generator/SKILL.md

@@ -0,0 +1,40 @@
+# Skill: SDD Tree Generator
+
+Genera un árbol de estructura del proyecto en milisegundos sin costo de tokens.
+
+## Trigger
+
+Cuando se requiera visualizar la estructura de archivos del proyecto.
+
+## Uso
+
+```bash
+node .opencode/tools/sdd_generate_tree.js
+```
+
+O desde OpenCode usando la herramienta `sdd_generate_tree`.
+
+## Output
+
+```
+proyecto/
+├── src/
+│   ├── components/
+│   │   └── Button.tsx
+│   └── index.ts
+├── tests/
+│   └── unit/
+├── package.json
+└── README.md
+```
+
+## Características
+
+- Profundidad máxima: 3 niveles
+- Ignora: node_modules, .git, archivos ocultos
+- Muestra tamaño de archivos
+- Ejecución en < 100ms
+
+## Tags
+
+#sdd #tooling #tree #structure

package/skills-lock.json

@@ -0,0 +1,35 @@
+{
+  "version": 1,
+  "skills": {
+    "accessibility": {
+      "source": "addyosmani/web-quality-skills",
+      "sourceType": "autoskills-registry",
+      "computedHash": "bffe3d08cfe92ebad63699f74ce29e35c19850ebfbf474c1463183cfe34d6a09"
+    },
+    "bash-defensive-patterns": {
+      "source": "wshobson/agents",
+      "sourceType": "autoskills-registry",
+      "computedHash": "1f566c2d9c3b50a784b05d08f6b08ebfeb31f038e4d4173f2d488484edb058a6"
+    },
+    "bun": {
+      "source": "midudev/autoskills",
+      "sourceType": "autoskills-registry",
+      "computedHash": "1386ed5490ed278e38312a416c9aa074dbe3849f32ae7f841e4142fef5d4df94"
+    },
+    "frontend-design": {
+      "source": "anthropics/skills",
+      "sourceType": "autoskills-registry",
+      "computedHash": "82fb11a63fb1e35ee2469516ed02d54695f783115b1540c0e783197af4240a3a"
+    },
+    "seo": {
+      "source": "addyosmani/web-quality-skills",
+      "sourceType": "autoskills-registry",
+      "computedHash": "c184da724d1c61ad077f27418ea8e7e88fd54bcdf98165e18be7e4681cbd5e20"
+    },
+    "typescript-advanced-types": {
+      "source": "wshobson/agents",
+      "sourceType": "autoskills-registry",
+      "computedHash": "5ca0e177c6aaaba1889255691224daafdb7d71f317cc70bede1590d3907ded42"
+    }
+  }
+}

package/tests/static/dom_structure.test.js

@@ -0,0 +1,57 @@
+import { describe, test, expect } from 'vitest';
+import fs from 'fs';
+import path from 'path';
+
+function getFilesRecursively(dir, extensions) {
+  let results = [];
+  if (!fs.existsSync(dir)) return results;
+  const list = fs.readdirSync(dir);
+  list.forEach(file => {
+    const fullPath = path.join(dir, file);
+    const stat = fs.statSync(fullPath);
+    if (stat && stat.isDirectory()) {
+      results = results.concat(getFilesRecursively(fullPath, extensions));
+    } else {
+      if (extensions.some(ext => file.endsWith(ext))) {
+        results.push(fullPath);
+      }
+    }
+  });
+  return results;
+}
+
+function findDuplicateIds(content) {
+  const cleaned = content.replace(/<!--[\s\S]*?-->/g, '');
+  const idRegex = /id=["']([^"']+)["']/g;
+  const ids = [];
+  let match;
+  while ((match = idRegex.exec(cleaned)) !== null) {
+    ids.push(match[1]);
+  }
+  
+  const seen = new Set();
+  const duplicates = [];
+  ids.forEach(id => {
+    if (seen.has(id)) {
+      duplicates.push(id);
+    } else {
+      seen.add(id);
+    }
+  });
+  
+  return duplicates;
+}
+
+describe('DOM Structure Validator', () => {
+  test('Plugin UI files should not contain duplicate IDs', () => {
+    const pluginDir = path.resolve(process.cwd(), '.opencode', 'plugins');
+    if (!fs.existsSync(pluginDir)) return;
+    
+    const files = getFilesRecursively(pluginDir, ['.tsx', '.jsx', '.html']);
+    files.forEach(file => {
+      const content = fs.readFileSync(file, 'utf-8');
+      const duplicates = findDuplicateIds(content);
+      expect(duplicates.length, `${path.basename(file)} has duplicate IDs: ${duplicates.join(', ')}`).toBe(0);
+    });
+  });
+});

package/tests/static/tag_balance.test.js

@@ -0,0 +1,74 @@
+import { describe, test, expect } from 'vitest';
+import fs from 'fs';
+import path from 'path';
+
+function getFilesRecursively(dir, extensions) {
+  let results = [];
+  if (!fs.existsSync(dir)) return results;
+  const list = fs.readdirSync(dir);
+  list.forEach(file => {
+    const fullPath = path.join(dir, file);
+    const stat = fs.statSync(fullPath);
+    if (stat && stat.isDirectory()) {
+      results = results.concat(getFilesRecursively(fullPath, extensions));
+    } else {
+      if (extensions.some(ext => file.endsWith(ext))) {
+        results.push(fullPath);
+      }
+    }
+  });
+  return results;
+}
+
+function checkTagBalance(content) {
+  let cleaned = content.replace(/<!--[\s\S]*?-->/g, '');
+  cleaned = cleaned.replace(/<script[\s\S]*?>[\s\S]*?<\/script>/gi, '');
+  cleaned = cleaned.replace(/<style[\s\S]*?>[\s\S]*?<\/style>/gi, '');
+  
+  const tagRegex = /<(\/?[a-zA-Z0-9:-]+)(?:\s+[^>]*?)?>/g;
+  const stack = [];
+  const selfClosingTags = new Set(['area', 'base', 'br', 'col', 'embed', 'hr', 'img', 'input', 'link', 'meta', 'param', 'source', 'track', 'wbr']);
+  
+  let match;
+  while ((match = tagRegex.exec(cleaned)) !== null) {
+    const fullTag = match[0];
+    const tagName = match[1].toLowerCase();
+    
+    if (fullTag.endsWith('/>')) continue;
+    if (selfClosingTags.has(tagName)) continue;
+    if (fullTag.startsWith('<?') || fullTag.endsWith('?>')) continue;
+    if (fullTag.startsWith('<!')) continue;
+    
+    if (tagName.startsWith('/')) {
+      const closingName = tagName.substring(1);
+      if (stack.length === 0) {
+        return { balanced: false, error: `Closing tag without opener: </${closingName}>` };
+      }
+      const lastOpen = stack.pop();
+      if (lastOpen !== closingName) {
+        return { balanced: false, error: `Mismatched: expected </${lastOpen}> but found </${closingName}>` };
+      }
+    } else {
+      stack.push(tagName);
+    }
+  }
+  
+  if (stack.length > 0) {
+    return { balanced: false, error: `Unclosed tags: <${stack.join('>, <')}> `};
+  }
+  return { balanced: true };
+}
+
+describe('Tag Balance Validator', () => {
+  test('Plugin UI files should have balanced tags', () => {
+    const pluginDir = path.resolve(process.cwd(), '.opencode', 'plugins');
+    if (!fs.existsSync(pluginDir)) return;
+    
+    const files = getFilesRecursively(pluginDir, ['.tsx', '.jsx', '.ts', '.js']);
+    files.forEach(file => {
+      const content = fs.readFileSync(file, 'utf-8');
+      const result = checkTagBalance(content);
+      expect(result.balanced, `${path.basename(file)}: ${result.error}`).toBe(true);
+    });
+  });
+});

package/tests/unit/harness_structure.test.js

@@ -0,0 +1,65 @@
+import fs from 'fs';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import { describe, test, expect } from 'vitest';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+const rootDir = path.resolve(__dirname, '..', '..');
+
+describe('Tool Scripts Existence', () => {
+  const tools = [
+    'sdd_generate_tree.js',
+    'sdd_install_autoskills.js',
+    'sdd_transition.js',
+    'sdd_checkpoint.js',
+    'sdd_ui_auditor.js',
+    'sdd_archive_and_commit.js',
+    'sdd_brain_sync.js'
+  ];
+
+  tools.forEach(tool => {
+    test(`${tool} should exist`, () => {
+      const toolPath = path.join(rootDir, '.opencode', 'tools', tool);
+      expect(fs.existsSync(toolPath), `${tool} should exist at ${toolPath}`).toBe(true);
+    });
+  });
+});
+
+describe('Agent Files Existence', () => {
+  const agents = [
+    'zugzbot.md',
+    'sdd-explorer.md',
+    'sdd-planner.md',
+    'sdd-builder.md',
+    'sdd-tester.md',
+    'sdd-archiver.md',
+    'aux-handyman.md',
+    'aux-oracle.md'
+  ];
+
+  agents.forEach(agent => {
+    test(`${agent} should exist`, () => {
+      const agentPath = path.join(rootDir, 'agents', agent);
+      expect(fs.existsSync(agentPath), `${agent} should exist`).toBe(true);
+    });
+  });
+});
+
+describe('Config Files', () => {
+  test('package.json should exist', () => {
+    expect(fs.existsSync(path.join(rootDir, 'package.json'))).toBe(true);
+  });
+
+  test('plugin.json should exist', () => {
+    expect(fs.existsSync(path.join(rootDir, 'plugin.json'))).toBe(true);
+  });
+
+  test('eslint.config.js should exist', () => {
+    expect(fs.existsSync(path.join(rootDir, 'eslint.config.js'))).toBe(true);
+  });
+
+  test('zugz-models.json should exist', () => {
+    expect(fs.existsSync(path.join(rootDir, 'zugz-models.json'))).toBe(true);
+  });
+});

package/tools/brain-utils.ts

@@ -0,0 +1,122 @@
+export interface BrainEntry {
+  id: string
+  category: string
+  tag: string
+  problem: string
+  solution: string
+  date: string
+}
+
+import fs from "fs"
+import path from "path"
+
+export function today(): string {
+  return new Date().toISOString().split("T")[0]
+}
+
+export function nextId(entries: BrainEntry[]): string {
+  let max = 0
+  for (const e of entries) {
+    const num = parseInt(e.id.substring(1), 10)
+    if (!isNaN(num) && num > max) max = num
+  }
+  return `L${String(max + 1).padStart(3, "0")}`
+}
+
+export function parseEntries(content: string): BrainEntry[] {
+  const entries: BrainEntry[] = []
+  const blocks = content.split("\n### ")
+  for (const block of blocks) {
+    if (!block.trim()) continue
+    const lines = block.split("\n")
+    const header = lines[0].trim()
+    const colonIdx = header.indexOf(": ")
+    if (colonIdx === -1) continue
+    const id = header.substring(0, colonIdx).trim()
+    if (!id || !/^L\d{3}$/.test(id)) continue
+    const tag = header.substring(colonIdx + 2).trim()
+    if (!tag) continue
+
+    let category = ""
+    let problem = ""
+    let solution = ""
+    let date = ""
+
+    for (const line of lines) {
+      const t = line.trim()
+      if (t.startsWith("- **Tags**:")) {
+        const m = t.match(/#(\w+)/)
+        if (m) category = m[1]
+      } else if (t.startsWith("- **Problema**:")) {
+        problem = t.substring("- **Problema**: ".length).trim()
+      } else if (t.startsWith("- **Solución**:")) {
+        solution = t.substring("- **Solución**: ".length).trim()
+      } else if (t.startsWith("- **Fecha**:")) {
+        date = t.substring("- **Fecha**: ".length).trim()
+      }
+    }
+
+    if (id && problem) {
+      entries.push({ id, category, tag, problem, solution, date: date || today() })
+    }
+  }
+  return entries
+}
+
+export function buildIndex(entries: BrainEntry[]): string {
+  if (entries.length === 0) return "_No hay lecciones registradas todavía._"
+  const header = "| ID | Categoría | Tag | Problema |\n| :--- | :--- | :--- | :--- |\n"
+  const rows = entries.map(e => {
+    const problemTrunc = e.problem.length > 55 ? e.problem.slice(0, 52) + "..." : e.problem
+    return `| ${e.id} | ${e.category || "-"} | ${e.tag} | ${problemTrunc} |`
+  }).join("\n")
+  return header + rows
+}
+
+export function buildEntryBlock(e: BrainEntry): string {
+  const tags = `#${e.category || "general"} #${e.tag.replace(/[-\s]/g, "_")}`
+  return [
+    `### ${e.id}: ${e.tag}`,
+    `- **Tags**: ${tags}`,
+    `- **Problema**: ${e.problem}`,
+    `- **Solución**: ${e.solution}`,
+    `- **Fecha**: ${e.date}`,
+  ].join("\n") + "\n"
+}
+
+export function buildFullBrain(entries: BrainEntry[]): string {
+  const lines: string[] = [
+    "# 🧠 Cerebro del Proyecto",
+    "",
+    "> Base de conocimiento técnico a largo plazo. Solo registra aprendizajes de alto valor y no triviales.",
+    "",
+    "## Índice",
+    "",
+    buildIndex(entries),
+    "",
+    "## Lecciones",
+    "",
+  ]
+  for (const e of entries) {
+    lines.push(buildEntryBlock(e))
+  }
+  return lines.join("\n")
+}
+
+export function readBrainFile(brainPath: string): { entries: BrainEntry[] } {
+  if (!fs.existsSync(brainPath)) {
+    return { entries: [] }
+  }
+  const content = fs.readFileSync(brainPath, "utf-8")
+  const leccionesIdx = content.indexOf("## Lecciones")
+  const leccionesContent = leccionesIdx >= 0
+    ? content.substring(leccionesIdx)
+    : content
+  const entries = parseEntries(leccionesContent)
+  return { entries }
+}
+
+export function writeBrainFile(brainPath: string, entries: BrainEntry[]) {
+  fs.mkdirSync(path.dirname(brainPath), { recursive: true })
+  fs.writeFileSync(brainPath, buildFullBrain(entries), "utf-8")
+}

package/tools/check_dependency_cooldown.ts

@@ -0,0 +1,134 @@
+import { tool } from "@opencode-ai/plugin"
+
+export default tool({
+  description: "Audita programáticamente si una dependencia de terceros cumple con la regla de estabilidad y seguridad de cooldown (mínimo 3 días / 4320 minutos de antigüedad). Consulta APIs reales de NPM y PyPI.",
+  args: {
+    package: tool.schema.string().describe("Nombre del paquete o dependencia (ej: 'lodash', 'fastapi')"),
+    version: tool.schema.string().optional().describe("Versión del paquete a auditar. Si no se especifica, audita la última versión."),
+    ecosystem: tool.schema.enum(["npm", "pypi"]).optional().describe("El ecosistema del paquete. Por defecto se infiere del stack.")
+  },
+  async execute(args) {
+    const pkg = args.package;
+    let targetVersion = args.version;
+    let eco = args.ecosystem;
+
+    // Inferir ecosistema si no está presente
+    if (!eco) {
+      if (pkg.startsWith("@") || pkg.includes("/") || pkg === "lodash" || pkg === "axios" || pkg === "express") {
+        eco = "npm";
+      } else {
+        // Enfoque por defecto: intentar NPM primero, luego PyPI
+        eco = "npm";
+      }
+    }
+
+    try {
+      if (eco === "npm") {
+        const url = `https://registry.npmjs.org/${encodeURIComponent(pkg)}`;
+        const res = await fetch(url);
+        if (!res.ok) {
+          // Si falla NPM, chequear si es PyPI
+          if (!args.ecosystem) {
+            return await checkPyPI(pkg, targetVersion);
+          }
+          return `[Cooldown Blocked] Error: No se encontró el paquete '${pkg}' en NPM.`;
+        }
+
+        const data: any = await res.json();
+        
+        // Obtener última versión si no se provee
+        if (!targetVersion) {
+          targetVersion = data["dist-tags"]?.latest;
+        }
+
+        if (!targetVersion) {
+          return `[Cooldown Blocked] Error: No se pudo resolver la versión para el paquete '${pkg}' en NPM.`;
+        }
+
+        const publishTimeString = data.time?.[targetVersion];
+        if (!publishTimeString) {
+          return `[Cooldown Blocked] Error: No se encontró la versión '${targetVersion}' para '${pkg}' en NPM.`;
+        }
+
+        return evaluateCooldown(pkg, targetVersion, publishTimeString, "NPM");
+      } else {
+        return await checkPyPI(pkg, targetVersion);
+      }
+    } catch (e: any) {
+      return `[Cooldown Warning] Error al consultar la API de dependencias: ${e.message || e}. Por seguridad, verifica manualmente.`;
+    }
+  }
+})
+
+async function checkPyPI(pkg: string, targetVersion?: string) {
+  try {
+    const url = `https://pypi.org/pypi/${encodeURIComponent(pkg)}/json`;
+    const res = await fetch(url);
+    if (!res.ok) {
+      return `[Cooldown Blocked] Error: No se encontró el paquete '${pkg}' en NPM ni PyPI.`;
+    }
+
+    const data: any = await res.json();
+    
+    // Resolver versión
+    const version = targetVersion || data.info?.version;
+    if (!version) {
+      return `[Cooldown Blocked] Error: No se pudo resolver la versión para '${pkg}' en PyPI.`;
+    }
+
+    const releases = data.releases?.[version];
+    if (!releases || releases.length === 0) {
+      return `[Cooldown Blocked] Error: No se encontró la versión '${version}' para '${pkg}' en PyPI.`;
+    }
+
+    // PyPI expone fecha de subida del primer archivo
+    const uploadTime = releases[0]?.upload_time_iso_8601 || releases[0]?.upload_time;
+    if (!uploadTime) {
+      return `[Cooldown Blocked] Error: No se encontró fecha de publicación para '${pkg}@${version}' en PyPI.`;
+    }
+
+    return evaluateCooldown(pkg, version, uploadTime, "PyPI");
+  } catch (e: any) {
+    return `[Cooldown Blocked] Error de conexión con PyPI: ${e.message || e}`;
+  }
+}
+
+function evaluateCooldown(pkg: string, version: string, publishTimeStr: string, registryName: string) {
+  const publishTime = new Date(publishTimeStr);
+  const now = new Date();
+  const diffMs = now.getTime() - publishTime.getTime();
+  const diffMinutes = Math.floor(diffMs / (1000 * 60));
+  const cooldownRequired = 4320; // 3 días en minutos
+
+  const publishDateStr = publishTime.toISOString().split('T')[0];
+
+  if (diffMinutes < cooldownRequired) {
+    const remainingMinutes = cooldownRequired - diffMinutes;
+    const remainingHours = Math.ceil(remainingMinutes / 60);
+    const remainingDays = (remainingMinutes / 1440).toFixed(1);
+
+    return JSON.stringify({
+      status: "BLOCKED",
+      package: pkg,
+      version: version,
+      registry: registryName,
+      publishDate: publishDateStr,
+      ageMinutes: diffMinutes,
+      ageDays: (diffMinutes / 1440).toFixed(1),
+      cooldownMinutesRequired: cooldownRequired,
+      message: `❌ COOLDOWN BLOQUEADO: El paquete '${pkg}@${version}' fue publicado hace solo ${(diffMinutes / 1440).toFixed(1)} días (${diffMinutes} minutos) el ${publishDateStr}. Requiere superar los 3 días de estabilidad. Faltan aproximadamente ${remainingDays} días (${remainingHours} horas) para que expire el cooldown.`
+    }, null, 2);
+  } else {
+    return JSON.stringify({
+      status: "APPROVED",
+      package: pkg,
+      version: version,
+      registry: registryName,
+      publishDate: publishDateStr,
+      ageMinutes: diffMinutes,
+      ageDays: (diffMinutes / 1440).toFixed(1),
+      cooldownMinutesRequired: cooldownRequired,
+      message: `✅ COOLDOWN APROBADO: El paquete '${pkg}@${version}' fue publicado el ${publishDateStr} (hace ${(diffMinutes / 1440).toFixed(1)} días). Cumple plenamente con la regla de estabilidad mínima de 3 días.`
+    }, null, 2);
+  }
+}

package/tools/index.ts

@@ -0,0 +1,14 @@
+export { default as sdd_transition } from './sdd_transition.js';
+export { default as sdd_archive_and_commit } from './sdd_archive_and_commit.js';
+export { default as sdd_brain_sync } from './sdd_brain_sync.js';
+export { default as sdd_checkpoint } from './sdd_checkpoint.js';
+export { default as sdd_ui_auditor } from './sdd_ui_auditor.js';
+export { default as sdd_install_autoskills } from './sdd_install_autoskills.js';
+export { default as sdd_generate_tree } from './sdd_generate_tree.js';
+export { default as sdd_spec_validator } from './sdd_spec_validator.js';
+export { default as sdd_regression_detector } from './sdd_regression_detector.js';
+export { default as sdd_secret_scanner } from './sdd_secret_scanner.js';
+export { default as sdd_requirement_tracker } from './sdd_requirement_tracker.js';
+export { default as sdd_bdd_tester } from './sdd_bdd_tester.js';
+export { default as sdd_compact_context } from './sdd_compact_context.js';
+export { default as check_dependency_cooldown } from './check_dependency_cooldown.js';