UNPKG

@versatil/claude-opera

Version:

🎭 Claude Opera by VERSATIL v6.4.0 - Production-ready OPERA orchestration with 17 agents (7 core + 10 language-specific sub-agents), automatic roadmap generation, 11-MCP ecosystem, RAG memory achieving 98%+ context retention, proactive daemon with file-ba

github.com/Nissimmiracles/versatil-sdlc-framework

Nissimmiracles/versatil-sdlc-framework

230 lines (207 loc) 7.59 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
# VERSATIL SDLC Framework - Pre-commit Security Hooks # Automated security checks to prevent credential leaks and security issues repos: # Secret Detection - repo: https://github.com/trufflesecurity/trufflehog rev: v3.63.2 hooks: - id: trufflehog name: TruffleHog Secret Scanner description: Scan for secrets using TruffleHog entry: trufflehog filesystem --directory=. language: system stages: [commit] # Detect Private Keys - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: detect-private-key name: Detect Private Key description: Detect presence of private keys # AWS Credentials Detection - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: detect-aws-credentials name: Detect AWS Credentials description: Detect AWS credentials in files # Generic Secret Detection - repo: https://github.com/Yelp/detect-secrets rev: v1.4.0 hooks: - id: detect-secrets name: Detect Secrets description: Detect secrets in staged files args: ['--baseline', '.secrets.baseline'] exclude: | (?x)^( \.secrets\.baseline| .*\.lock| package-lock\.json| yarn\.lock| pnpm-lock\.yaml| .*\.min\.js| .*\.min\.css| tests/.*\.test\.(js|ts|tsx)| tests/.*\.spec\.(js|ts|tsx)| .*test.*fixtures.*| SECURITY_INCIDENT_RESPONSE\.md )$ # Check for merge conflicts - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: check-merge-conflict name: Check for merge conflicts description: Check for files that contain merge conflict strings # Check YAML - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: check-yaml name: Check YAML description: Check YAML files for syntax errors exclude: .*\.ya?ml\.j2$ # Check JSON - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: check-json name: Check JSON description: Check JSON files for syntax errors # Security Linting for JavaScript/TypeScript - repo: https://github.com/eslint/eslint rev: v8.57.0 hooks: - id: eslint name: ESLint Security Check description: Run ESLint with security rules entry: npx eslint language: node files: \.(js|jsx|ts|tsx)$ args: [ "--config", ".eslintrc.security.js", "--ext", ".js,.jsx,.ts,.tsx", "--fix" ] # Bandit Security Linter for Python (if present) - repo: https://github.com/PyCQA/bandit rev: 1.7.5 hooks: - id: bandit name: Bandit Security Linter description: Security linter for Python args: ['-c', 'pyproject.toml'] files: \.py$ # Semgrep Security Analysis - repo: https://github.com/returntocorp/semgrep rev: v1.45.0 hooks: - id: semgrep name: Semgrep Security Analysis description: Static analysis for security issues args: [ '--config=auto', '--severity=ERROR', '--severity=WARNING' ] exclude: | (?x)^( tests/.*| .*\.test\.(js|ts|tsx)| .*\.spec\.(js|ts|tsx)| node_modules/.*| dist/.*| build/.*| coverage/.* )$ # Custom VERSATIL Security Checks - repo: local hooks: - id: versatil-security-check name: VERSATIL Security Agent Check description: Run VERSATIL security agents on staged files entry: node scripts/pre-commit-security-check.js language: node files: \.(js|jsx|ts|tsx|json|yaml|yml|env)$ stages: [commit] - id: check-hardcoded-credentials name: Check for Hardcoded Credentials description: Check for hardcoded passwords, API keys, and secrets entry: bash -c args: [ 'if grep -r --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" --include="*.json" --include="*.env*" -E "(password|secret|key|token)\s*[:=]\s*['\"][^'\"]{8,}['\"]" . --exclude-dir=node_modules --exclude-dir=.git --exclude-dir=tests --exclude="*.test.*" --exclude="*.spec.*"; then echo "❌ Hardcoded credentials detected!"; exit 1; fi' ] language: system pass_filenames: false stages: [commit] - id: check-debug-code name: Check for Debug Code description: Check for console.log, debugger, and other debug statements entry: bash -c args: [ 'if grep -r --include="*.js" --include="*.ts" --include="*.jsx" --include="*.tsx" -E "(console\.(log|debug|info|warn|error)|debugger;)" . --exclude-dir=node_modules --exclude-dir=.git --exclude-dir=tests --exclude="*.test.*" --exclude="*.spec.*" --exclude="src/utils/logger.ts"; then echo "❌ Debug code detected in production files!"; exit 1; fi' ] language: system pass_filenames: false stages: [commit] - id: check-env-example-security name: Check .env.example Security description: Ensure .env.example files don't contain real credentials entry: bash -c args: [ 'if find . -name "*.env.example" -exec grep -l -E "(password|secret|key|token)\s*=\s*[^<][^C][^H]" {} \; | grep -v "CHANGE_ME"; then echo "❌ Real credentials found in .env.example files!"; exit 1; fi' ] language: system pass_filenames: false stages: [commit] - id: validate-slash-commands name: Validate Claude Code Slash Commands description: Check .claude/commands/*.md for syntax errors entry: node scripts/validate-slash-commands.cjs language: node files: ^\.claude/commands/.*\.md$ pass_filenames: false stages: [commit] # Additional File Checks - repo: https://github.com/pre-commit/pre-commit-hooks rev: v4.4.0 hooks: - id: check-added-large-files name: Check for large files description: Prevent large files from being committed args: ['--maxkb=1000'] - id: check-case-conflict name: Check for case conflicts description: Check for files that would conflict in case-insensitive filesystems - id: check-executables-have-shebangs name: Check executables have shebangs description: Ensure that (non-binary) executables have a shebang - id: check-shebang-scripts-are-executable name: Check shebang scripts are executable description: Ensure that (non-binary) files with a shebang are executable - id: end-of-file-fixer name: Fix end of files description: Ensure that a file is either empty or ends with one newline exclude: \.min\.(js|css)$ - id: trailing-whitespace name: Trim trailing whitespace description: Remove trailing whitespace exclude: \.min\.(js|css)$ # Fail fast - stop on first failure fail_fast: true # Exclude patterns for all hooks exclude: | (?x)^( \.git/.*| node_modules/.*| dist/.*| build/.*| coverage/.*| .*\.min\.(js|css)| package-lock\.json| yarn\.lock| pnpm-lock\.yaml| \.secrets\.baseline| SECURITY_INCIDENT_RESPONSE\.md )$