From 448e6a5e4486f646047d396da593611e8f008873 Mon Sep 17 00:00:00 2001 From: marcusquinn <6428977+marcusquinn@users.noreply.github.com> Date: Tue, 13 Jan 2026 22:54:23 +0000 Subject: [PATCH 1/2] fix(secretlint): add rule installation validation and better error handling - Add check_rules_installed() to detect missing rule presets - Add validate_secretlint_setup() for comprehensive validation - Handle exit code 2 (configuration error) separately from secrets found - Add rule validation in show_status() command - Document Failed to load rule module error and fix in secretlint.md - Add system-reminder to markdownlint allowed HTML tags - Fix markdown code block syntax (use text/bash instead of bare blocks) - Update dspyground dependency to ^0.2.0 --- .agent/scripts/secretlint-helper.sh | 82 ++++++++++++++++++++++++++ .agent/tools/code-review/secretlint.md | 34 ++++++++++- .markdownlint.json | 3 +- .opencode/MCP-TESTING-GUIDE.md | 4 +- package.json | 2 +- templates/home/.agent/README.md | 2 +- templates/home/git/.agent/README.md | 18 ++++-- tests/toon-test-documents/sample.md | 4 +- todo/PLANS.md | 2 +- 9 files changed, 137 insertions(+), 14 deletions(-) diff --git a/.agent/scripts/secretlint-helper.sh b/.agent/scripts/secretlint-helper.sh index 2d38bb20..4c10dc95 100755 --- a/.agent/scripts/secretlint-helper.sh +++ b/.agent/scripts/secretlint-helper.sh @@ -92,6 +92,67 @@ check_secretlint_installed() { fi } +# Check if required rule presets are installed +# Returns: 0=all rules installed, 1=missing rules, 2=no config +check_rules_installed() { + local config_file="${1:-$SECRETLINT_CONFIG_FILE}" + + if [[ ! -f "$config_file" ]]; then + return 2 + fi + + # Extract rule IDs from config + local missing_rules=() + + # Check for preset-recommend (most common) + if grep -q "secretlint-rule-preset-recommend" "$config_file"; then + if ! npm list @secretlint/secretlint-rule-preset-recommend &>/dev/null; then + if ! npm list -g @secretlint/secretlint-rule-preset-recommend &>/dev/null; then + missing_rules+=("@secretlint/secretlint-rule-preset-recommend") + fi + fi + fi + + # Check for pattern rule + if grep -q "secretlint-rule-pattern" "$config_file"; then + if ! npm list @secretlint/secretlint-rule-pattern &>/dev/null; then + if ! npm list -g @secretlint/secretlint-rule-pattern &>/dev/null; then + missing_rules+=("@secretlint/secretlint-rule-pattern") + fi + fi + fi + + if [[ ${#missing_rules[@]} -gt 0 ]]; then + print_error "Missing required secretlint rules:" + for rule in "${missing_rules[@]}"; do + echo " - $rule" + done + print_info "Install with: npm install --save-dev ${missing_rules[*]}" + return 1 + fi + + return 0 +} + +# Validate secretlint installation (binary + rules) +validate_secretlint_setup() { + local has_issues=0 + + # Check binary + if ! check_secretlint_installed; then + has_issues=1 + fi + + # Check rules if config exists + if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then + if ! check_rules_installed; then + has_issues=1 + fi + fi + + return $has_issues +} + # Check if Docker is available check_docker_available() { if command -v docker &> /dev/null; then @@ -406,6 +467,12 @@ run_secretlint_scan() { init_secretlint_config fi + # Validate that required rules are installed + if ! check_rules_installed "$SECRETLINT_CONFIG_FILE"; then + print_error "Secretlint rules not properly installed. Run: $0 install" + return 2 + fi + # Build command array for safe execution local -a cmd_array read -ra cmd_array <<< "$cmd" @@ -436,6 +503,10 @@ run_secretlint_scan() { elif [[ $exit_code -eq 1 ]]; then print_error "Secrets detected! Please review and remove/rotate exposed credentials." print_info "Tip: Use 'secretlint-disable-line' comments to ignore false positives" + elif [[ $exit_code -eq 2 ]]; then + print_error "Scan failed - configuration or installation error" + print_info "Run: $0 status (to diagnose)" + print_info "Run: $0 install (to fix installation)" else print_error "Scan failed with error code: $exit_code" fi @@ -584,6 +655,17 @@ show_status() { fi echo "" + # Validate rule installation + print_info "Rule Installation:" + if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then + if check_rules_installed "$SECRETLINT_CONFIG_FILE" 2>/dev/null; then + print_success "All configured rules are installed" + fi + else + print_warning "No config file - cannot validate rules" + fi + echo "" + # Show available rules in preset print_info "Recommended Rules (preset-recommend):" echo " - AWS credentials (Access Key, Secret Key, Account ID)" diff --git a/.agent/tools/code-review/secretlint.md b/.agent/tools/code-review/secretlint.md index c68d3dd7..cc47b004 100644 --- a/.agent/tools/code-review/secretlint.md +++ b/.agent/tools/code-review/secretlint.md @@ -513,6 +513,21 @@ Secretlint integrates with the framework's quality pipeline: ### Common Issues +**"Failed to load rule module: @secretlint/secretlint-rule-preset-recommend is not found"** + +This error means secretlint is installed but the required rule preset is missing. The config file references rules that aren't installed. + +```bash +# Fix: Install the preset alongside secretlint +npm install --save-dev secretlint @secretlint/secretlint-rule-preset-recommend + +# Or globally +npm install -g secretlint @secretlint/secretlint-rule-preset-recommend + +# Verify installation +./.agent/scripts/secretlint-helper.sh status +``` + **"No configuration file found"** ```bash @@ -524,10 +539,27 @@ Secretlint integrates with the framework's quality pipeline: ```bash # Use npx npx secretlint "**/*" -# Or install globally +# Or install globally (include the preset!) npm install -g secretlint @secretlint/secretlint-rule-preset-recommend ``` +**Scan fails with exit code 2** + +Exit code 2 indicates a configuration or installation error (not secrets found). Check: + +```bash +# Diagnose the issue +./.agent/scripts/secretlint-helper.sh status + +# Common fixes: +# 1. Missing rules - reinstall +./.agent/scripts/secretlint-helper.sh install + +# 2. Invalid config - reinitialize +rm .secretlintrc.json +./.agent/scripts/secretlint-helper.sh init +``` + **Performance issues with large repos** ```bash diff --git a/.markdownlint.json b/.markdownlint.json index efaf86d5..587454bb 100644 --- a/.markdownlint.json +++ b/.markdownlint.json @@ -24,7 +24,8 @@ "sub", "sup", "div", - "span" + "span", + "system-reminder" ] }, "MD034": false, diff --git a/.opencode/MCP-TESTING-GUIDE.md b/.opencode/MCP-TESTING-GUIDE.md index 9128cfd1..877bf0e4 100644 --- a/.opencode/MCP-TESTING-GUIDE.md +++ b/.opencode/MCP-TESTING-GUIDE.md @@ -173,7 +173,7 @@ ws.onmessage = (e) => console.log(JSON.parse(e.data)) ### Config File Location -``` +```text .opencode/server/mcp-test-config.json ``` @@ -287,7 +287,7 @@ const data = await response.json() ## Files Reference -``` +```text .opencode/ ├── server/ │ ├── api-gateway.ts # Main API gateway diff --git a/package.json b/package.json index bee54fd4..051f9e8e 100644 --- a/package.json +++ b/package.json @@ -33,7 +33,7 @@ "author": "AI DevOps Framework", "license": "MIT", "dependencies": { - "dspyground": "^0.1.0", + "dspyground": "^0.2.0", "elysia": "^1.1.0" }, "devDependencies": { diff --git a/templates/home/.agent/README.md b/templates/home/.agent/README.md index e06818f0..f78cd417 100644 --- a/templates/home/.agent/README.md +++ b/templates/home/.agent/README.md @@ -6,7 +6,7 @@ The aidevops framework now uses `~/.aidevops/` for all working files. ## New Structure -``` +```text ~/.aidevops/ ├── agents/ # Agent files (deployed from repo) ├── .agent-workspace/ # Your working files diff --git a/templates/home/git/.agent/README.md b/templates/home/git/.agent/README.md index 87298a5d..900a05fc 100644 --- a/templates/home/git/.agent/README.md +++ b/templates/home/git/.agent/README.md @@ -1,26 +1,31 @@ # AI Assistant Directory - Home Level -**🔒 SECURITY NOTICE: This directory contains minimal configuration only. All detailed instructions are maintained in the authoritative repository.** +**SECURITY NOTICE: This directory contains minimal configuration only. All detailed instructions are maintained in the authoritative repository.** + +## Authoritative Source -## 📍 **Authoritative Source** All AI assistant working directories and instructions are maintained at: **Repository**: `~/git/aidevops/.agent/` **Documentation**: `~/git/aidevops/AGENTS.md` -## 🎯 **Purpose** +## Purpose + This directory exists to: + 1. **Provide minimal local configuration** for AI assistants 2. **Reference the authoritative repository** for all operations 3. **Maintain security** by avoiding detailed instructions in user space -## 📁 **Working Directory Redirection** +## Working Directory Redirection + **DO NOT use this directory for AI operations.** Instead use: - **Temporary files**: `~/git/aidevops/.agent/tmp/` - **Persistent memory**: `~/git/aidevops/.agent/memory/` - **Development tools**: `~/git/aidevops/.agent/scripts/` -## 🔗 **Access Authoritative Tools** +## Access Authoritative Tools + ```bash # Navigate to authoritative AI tools cd ~/git/aidevops/.agent/ @@ -33,7 +38,8 @@ ls ~/git/aidevops/.agent/tmp/ ls ~/git/aidevops/.agent/memory/ ``` -## ⚠️ **Security Warning** +## Security Warning + **This directory should remain minimal.** All AI assistant operations should use the authoritative repository's .agent/ directory to prevent security vulnerabilities and maintain centralized control. --- diff --git a/tests/toon-test-documents/sample.md b/tests/toon-test-documents/sample.md index 49de3334..c861dc59 100644 --- a/tests/toon-test-documents/sample.md +++ b/tests/toon-test-documents/sample.md @@ -23,6 +23,8 @@ This is a **test document** to demonstrate the Pandoc conversion capabilities of ### Code Example - bash .agent/scripts/pandoc-helper.sh convert document.docx +```bash +bash .agent/scripts/pandoc-helper.sh convert document.docx +``` For more information, visit the [AI DevOps repository](https://github.com/marcusquinn/aidevops). diff --git a/todo/PLANS.md b/todo/PLANS.md index ad3b6e37..e1a506a2 100644 --- a/todo/PLANS.md +++ b/todo/PLANS.md @@ -682,7 +682,7 @@ Integrate Beads task management concepts and bi-directional sync into aidevops T **Sync architecture:** -``` +```text TODO.md ←→ beads-sync-helper.sh ←→ .beads/beads.db PLANS.md ←→ (command-led sync) ←→ .beads/issues.jsonl ``` From a4f62b58e0c7ca3a299214e5bec9717aa599edcf Mon Sep 17 00:00:00 2001 From: marcusquinn <6428977+marcusquinn@users.noreply.github.com> Date: Tue, 13 Jan 2026 22:57:08 +0000 Subject: [PATCH 2/2] fix: address review feedback from Gemini Code Assist - Remove 2>/dev/null from show_status to preserve diagnostic output - Simplify validate_secretlint_setup to handle exit codes properly --- .agent/scripts/secretlint-helper.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/.agent/scripts/secretlint-helper.sh b/.agent/scripts/secretlint-helper.sh index 4c10dc95..8a79abd6 100755 --- a/.agent/scripts/secretlint-helper.sh +++ b/.agent/scripts/secretlint-helper.sh @@ -143,11 +143,11 @@ validate_secretlint_setup() { has_issues=1 fi - # Check rules if config exists - if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then - if ! check_rules_installed; then - has_issues=1 - fi + # Check rules - exit code 1 means missing rules, exit code 2 means no config (ok) + check_rules_installed + local rules_exit=$? + if [[ $rules_exit -eq 1 ]]; then + has_issues=1 fi return $has_issues @@ -658,7 +658,7 @@ show_status() { # Validate rule installation print_info "Rule Installation:" if [[ -f "$SECRETLINT_CONFIG_FILE" ]]; then - if check_rules_installed "$SECRETLINT_CONFIG_FILE" 2>/dev/null; then + if check_rules_installed "$SECRETLINT_CONFIG_FILE"; then print_success "All configured rules are installed" fi else