diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7c6179c..b7735bb 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,13 +1,27 @@ version: 2 updates: - - package-ecosystem: "npm" - directory: "/" + - package-ecosystem: npm + directory: / schedule: - interval: "daily" - open-pull-requests-limit: 5 - reviewers: - - "donny-devops" + interval: daily + open-pull-requests-limit: 10 allow: - - dependency-type: "direct" - commit-message: - prefix: "chore(deps)" + - dependency-type: direct + groups: + production: + patterns: + - '*' + dev: + dependency-type: development + patterns: + - '*' + - package-ecosystem: pip + directory: / + schedule: + interval: daily + allow: + - dependency-type: direct + groups: + pip-group: + patterns: + - '*' diff --git a/.github/workflows/auto-docs-build.yml b/.github/workflows/auto-docs-build.yml new file mode 100644 index 0000000..64c80a0 --- /dev/null +++ b/.github/workflows/auto-docs-build.yml @@ -0,0 +1,11 @@ +name: auto-docs-build.yml +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo 'auto-docs-build.yml workflow placeholder' diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..dfe6125 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,33 @@ +name: CI +on: [push, pull_request] +jobs: + validate: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + - working-directory: tools/loop-audit + run: npm ci + - working-directory: tools/loop-audit + run: node dist/cli.js .. --level L2 + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + - working-directory: tools/loop-audit + run: npm ci + - working-directory: tools/loop-audit + run: npm run build + + diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..bdfbc6b --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,20 @@ +name: CodeQL +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] + schedule: + - cron: '0 3 * * 1' +jobs: + analyze: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - uses: actions/checkout@v4 + - uses: github/codeql-action/init@v3 + with: + languages: javascript + - uses: github/codeql-action/autobuild@v3 + - uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/compliance-audit.yml b/.github/workflows/compliance-audit.yml new file mode 100644 index 0000000..49d0e68 --- /dev/null +++ b/.github/workflows/compliance-audit.yml @@ -0,0 +1,11 @@ +name: compliance-audit.yml +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo 'compliance-audit.yml workflow placeholder' diff --git a/.github/workflows/cost-report.yml b/.github/workflows/cost-report.yml new file mode 100644 index 0000000..de7f4c2 --- /dev/null +++ b/.github/workflows/cost-report.yml @@ -0,0 +1,11 @@ +name: cost-report.yml +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo 'cost-report.yml workflow placeholder' diff --git a/.github/workflows/expire-stale-issues.yml b/.github/workflows/expire-stale-issues.yml new file mode 100644 index 0000000..db607ca --- /dev/null +++ b/.github/workflows/expire-stale-issues.yml @@ -0,0 +1,11 @@ +name: expire-stale-issues.yml +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo 'expire-stale-issues.yml workflow placeholder' diff --git a/.github/workflows/gitleaks.yml b/.github/workflows/gitleaks.yml new file mode 100644 index 0000000..65ef167 --- /dev/null +++ b/.github/workflows/gitleaks.yml @@ -0,0 +1,16 @@ +name: Gitleaks +on: + push: + branches: [main, master] + pull_request: + branches: [main, master] +jobs: + scan: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + - uses: gitleaks/gitleaks-action@v2 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/secret-scan.yml b/.github/workflows/secret-scan.yml index a9a1e51..861d07d 100644 --- a/.github/workflows/secret-scan.yml +++ b/.github/workflows/secret-scan.yml @@ -6,14 +6,15 @@ on: branches: [ main, master ] schedule: - cron: "0 2 * * 1" + workflow_dispatch: jobs: gitleaks: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 + with: + fetch-depth: 0 - uses: gitleaks/gitleaks-action@v2 env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - with: - report-only: true - fail-on-detect: false + GITHUB_TOKEN: *** secrets.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 }} + diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml new file mode 100644 index 0000000..08263e2 --- /dev/null +++ b/.github/workflows/security-scan.yml @@ -0,0 +1,17 @@ +name: Security Scan +on: + schedule: + - cron: '0 4 * * 1' + workflow_dispatch: +jobs: + audit: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: actions/setup-node@v4 + with: + node-version: 20 + cache: npm + - run: npm ci + - run: npm audit --omit=dev || true + - run: python tools/secret-scanner/secret_scanner.py || true diff --git a/.github/workflows/stale-branch-cleanup.yml b/.github/workflows/stale-branch-cleanup.yml new file mode 100644 index 0000000..334e04d --- /dev/null +++ b/.github/workflows/stale-branch-cleanup.yml @@ -0,0 +1,11 @@ +name: stale-branch-cleanup.yml +on: + schedule: + - cron: '0 6 * * *' + workflow_dispatch: +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - run: echo 'stale-branch-cleanup.yml workflow placeholder' diff --git a/.grok/agents/au-business-consultant/SKILL.md b/.grok/agents/au-business-consultant/SKILL.md new file mode 100644 index 0000000..74ccd07 --- /dev/null +++ b/.grok/agents/au-business-consultant/SKILL.md @@ -0,0 +1,10 @@ +# AU Business Consultant Agent +Organizations upload financials, KPIs, CRM, and ops data. +Hermes produces: +- Risk assessment / analysis +- Executive summaries +- SWOT analysis/reports +- Strategic roadmaps +- Runbooks / playbooks +- Dashboards +McKinsey-in-a-box delivery. diff --git a/.grok/agents/compliance-auditor.md b/.grok/agents/compliance-auditor.md new file mode 100644 index 0000000..9a9267b --- /dev/null +++ b/.grok/agents/compliance-auditor.md @@ -0,0 +1,4 @@ +# Compliance Auditor Agent +- Verify required docs and governance files +- Cross-reference with org policy and standards +- Produce compliance score and gaps list diff --git a/.grok/agents/compliance-officer/SKILL.md b/.grok/agents/compliance-officer/SKILL.md new file mode 100644 index 0000000..7c569e4 --- /dev/null +++ b/.grok/agents/compliance-officer/SKILL.md @@ -0,0 +1,7 @@ +# Compliance Officer Agent +SOC 2, ISO 27001, CIS Controls, NIST CSF, HIPAA, PCI DSS. +Automatically collects evidence from: +- GitHub audit logs, workflow runs, access logs +- SECURITY.md, CODEOWNERS, dependabot config +- CI/CD pipeline history +Produces audit-ready packages with timestamps and checksums. diff --git a/.grok/agents/cost-actuator.md b/.grok/agents/cost-actuator.md new file mode 100644 index 0000000..fdc4796 --- /dev/null +++ b/.grok/agents/cost-actuator.md @@ -0,0 +1,4 @@ +# Cost Actuator Agent +- Execute approved cost optimizations: enable Actions caching, reduce minutes +- Validate safety checks before merging dependency PRs +- Emit before/after savings evidence diff --git a/.grok/agents/cost-optimizer.md b/.grok/agents/cost-optimizer.md new file mode 100644 index 0000000..715a05e --- /dev/null +++ b/.grok/agents/cost-optimizer.md @@ -0,0 +1,4 @@ +# Cost Optimizer Agent +- Collect Actions minutes and Dependabot PR load +- Prioritize changes by estimated savings and risk +- Emit roadmap of optimization steps diff --git a/.grok/agents/dependabot-shepherd.md b/.grok/agents/dependabot-shepherd.md new file mode 100644 index 0000000..5d2cf7a --- /dev/null +++ b/.grok/agents/dependabot-shepherd.md @@ -0,0 +1,4 @@ +# Dependabot Shepherd Agent +- Approve safe patch PRs when tests pass +- Block update PRs that fail CI +- Track Dependabot PR age and merge backlog diff --git a/.grok/agents/devops-automator.md b/.grok/agents/devops-automator.md new file mode 100644 index 0000000..9aca7b9 --- /dev/null +++ b/.grok/agents/devops-automator.md @@ -0,0 +1,4 @@ +# Devops Automator Agent +- Maintain CI workflows and secret-scan pipelines +- Automate branch hygiene and deployment checks +- Escalate failures that require human review diff --git a/.grok/agents/incident-responder.md b/.grok/agents/incident-responder.md new file mode 100644 index 0000000..44331f3 --- /dev/null +++ b/.grok/agents/incident-responder.md @@ -0,0 +1,4 @@ +# Incident Responder Agent +- Triage failed CI runs and broken deploys +- Auto-relabel issues, assign owners, and draft incident summaries +- Escalate P0/P1 to human teams within 15 minutes diff --git a/.grok/agents/loop-engineer.md b/.grok/agents/loop-engineer.md new file mode 100644 index 0000000..9248ace --- /dev/null +++ b/.grok/agents/loop-engineer.md @@ -0,0 +1,4 @@ +# Loop Engineer Agent +- Maintain loop-engineering scaffolding and standards +- Keep STATE.md and patterns/registry.yaml consistent +- Run loop-verifier before any change is promoted diff --git a/.grok/agents/multi-repo-orchestrator.md b/.grok/agents/multi-repo-orchestrator.md new file mode 100644 index 0000000..61b8834 --- /dev/null +++ b/.grok/agents/multi-repo-orchestrator.md @@ -0,0 +1,4 @@ +# Multi-Repo Orchestrator Agent +- Coordinate cross-repo security baselines across donny-devops, mr-adonis-jimenez, and mr-adonisjimenez +- Ensure SECURITY.md, CODEOWNERS, CONTRIBUTING present in all non-fork repos +- Produce org-wide compliance score and remediation queue diff --git a/.grok/agents/sales-intelligence.md b/.grok/agents/sales-intelligence.md new file mode 100644 index 0000000..a4f8498 --- /dev/null +++ b/.grok/agents/sales-intelligence.md @@ -0,0 +1,3 @@ +# Sales Intelligence Agent +Coordinates lead generation and pipeline acceleration. +Subagents: lead-finder, company-researcher, decision-maker-finder, competitor-analyzer, outreach-writer, follow-up-scheduler diff --git a/.grok/agents/security-auditor.md b/.grok/agents/security-auditor.md new file mode 100644 index 0000000..a9523f4 --- /dev/null +++ b/.grok/agents/security-auditor.md @@ -0,0 +1,17 @@ +--- +name: security-auditor +description: Scans for secrets, vulns, and policy drift. +model: inherit +tools: [terminal, file, github] +--- + +# security-auditor + +## Role +Runs gitleaks, npm audit, and license checks. + +## Output +- Secret hits (if any) +- Vulnerability counts by severity +- Policy violations +- Recommended remediation diff --git a/.grok/agents/security-ops.md b/.grok/agents/security-ops.md new file mode 100644 index 0000000..a86d871 --- /dev/null +++ b/.grok/agents/security-ops.md @@ -0,0 +1,4 @@ +# Security Ops Agent +- Scan recent commits for secrets and dependency CVEs +- Triage by severity and propose PR or issue +- Do not apply fixes without loop-verifier + human review diff --git a/.grok/skills/backup-orchestrator/SKILL.md b/.grok/skills/backup-orchestrator/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/branch-janitor/SKILL.md b/.grok/skills/branch-janitor/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/cache-tuner/SKILL.md b/.grok/skills/cache-tuner/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/ci-cache-optimizer/SKILL.md b/.grok/skills/ci-cache-optimizer/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/compliance-checker/SKILL.md b/.grok/skills/compliance-checker/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/compliance-enforcer/SKILL.md b/.grok/skills/compliance-enforcer/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/cost-optimizer/SKILL.md b/.grok/skills/cost-optimizer/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/cost-tracker/SKILL.md b/.grok/skills/cost-tracker/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/dependabot-manager/SKILL.md b/.grok/skills/dependabot-manager/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/deployment-verifier/SKILL.md b/.grok/skills/deployment-verifier/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/devsecops-platform/SKILL.md b/.grok/skills/devsecops-platform/SKILL.md new file mode 100644 index 0000000..71c9631 --- /dev/null +++ b/.grok/skills/devsecops-platform/SKILL.md @@ -0,0 +1,10 @@ +# DevSecOps Platform +Unified security pipeline aggregating: +- CodeQL (SAST) +- Secret scanning (gitleaks/trufflehog) +- SEOM (static analysis) +- CVE monitoring (Dependabot, OSV) +- License audit (FOSSA / scan) +- Dependency review (renovate/dependabot) +- Container scanning (Trivy, Grype) +Output: monthly scorecard + prioritized remediation diff --git a/.grok/skills/devsecops-platform/codeql-runner.sh b/.grok/skills/devsecops-platform/codeql-runner.sh new file mode 100644 index 0000000..86ae2b3 --- /dev/null +++ b/.grok/skills/devsecops-platform/codeql-runner.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail +# Placeholder: trigger CodeQL workflow or local analysis +echo "CodeQL analysis stub" diff --git a/.grok/skills/devsecops-platform/container-scan-runner.sh b/.grok/skills/devsecops-platform/container-scan-runner.sh new file mode 100644 index 0000000..ec34935 --- /dev/null +++ b/.grok/skills/devsecops-platform/container-scan-runner.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail +# Placeholder: run Trivy or Grype on image +echo "Container scan stub" diff --git a/.grok/skills/devsecops-platform/secret-scan-runner.sh b/.grok/skills/devsecops-platform/secret-scan-runner.sh new file mode 100644 index 0000000..4740c3c --- /dev/null +++ b/.grok/skills/devsecops-platform/secret-scan-runner.sh @@ -0,0 +1,4 @@ +#!/bin/bash +set -euo pipefail +# Placeholder: run gitleaks or trufflehog +echo "Secret scan stub" diff --git a/.grok/skills/evidence-collector/collector.py b/.grok/skills/evidence-collector/collector.py new file mode 100644 index 0000000..c1b4cba --- /dev/null +++ b/.grok/skills/evidence-collector/collector.py @@ -0,0 +1,21 @@ +"""Evidence collector for compliance audits.""" +import json, pathlib, datetime + +def collect(repo_root="."): + root = pathlib.Path(repo_root) + evidence = { + "timestamp": datetime.datetime.utcnow().isoformat() + "Z", + "repo": str(root), + "files": { + "security_md": (root / "SECURITY.md").exists(), + "codeowners": (root / "CODEOWNERS.md").exists(), + "dependabot": (root / ".github/dependabot.yml").exists(), + "workflows": len(list((root / ".github/workflows").glob("*.yml"))) if (root / ".github/workflows").exists() else 0, + }, + "ci_runs": [], + } + pathlib.Path("compliance-evidence.json").write_text(json.dumps(evidence, indent=2)) + print("Evidence collected: compliance-evidence.json") + +if __name__ == "__main__": + collect() diff --git a/.grok/skills/evidence-collector/report-generator.py b/.grok/skills/evidence-collector/report-generator.py new file mode 100644 index 0000000..13a351e --- /dev/null +++ b/.grok/skills/evidence-collector/report-generator.py @@ -0,0 +1,21 @@ +"""Generate compliance report from evidence.""" +import json, pathlib + +def generate(): + p = pathlib.Path("compliance-evidence.json") + if not p.exists(): + print("No evidence found. Run collector first.") + return + data = json.loads(p.read_text()) + score = sum(1 for v in data["files"].values() if v is True or (isinstance(v, int) and v > 0)) + total = len(data["files"]) + report = { + "compliance_score": f"{score}/{total}", + "evidence": data["files"], + "recommendations": [], + } + pathlib.Path("compliance-report.json").write_text(__import__('json').dumps(report, indent=2)) + print("Compliance report: compliance-report.json") + +if __name__ == "__main__": + generate() diff --git a/.grok/skills/incident-responder/SKILL.md b/.grok/skills/incident-responder/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/multi-repo-sync/SKILL.md b/.grok/skills/multi-repo-sync/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/pr-merge-guard/SKILL.md b/.grok/skills/pr-merge-guard/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/secret-scan-tuner/SKILL.md b/.grok/skills/secret-scan-tuner/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/secrets-rotator/SKILL.md b/.grok/skills/secrets-rotator/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/security-responder/SKILL.md b/.grok/skills/security-responder/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/skills/sprint-reporter/SKILL.md b/.grok/skills/sprint-reporter/SKILL.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/architecture-reviewer/SKILL.md b/.grok/subagents/architecture-reviewer/SKILL.md new file mode 100644 index 0000000..9aa978e --- /dev/null +++ b/.grok/subagents/architecture-reviewer/SKILL.md @@ -0,0 +1,4 @@ +# Architecture Reviewer Subagent +- Validate layering, dependency direction, interface contracts +- Flag circular deps and god-modules +- Propose refactor roadmap with risk/benefit diff --git a/.grok/subagents/changelog-generator/SKILL.md b/.grok/subagents/changelog-generator/SKILL.md new file mode 100644 index 0000000..10991b9 --- /dev/null +++ b/.grok/subagents/changelog-generator/SKILL.md @@ -0,0 +1,4 @@ +# Changelog Generator Subagent +- Parse conventional commits since last tag +- Emit categorized changelog with migration notes +- Link PRs and issues diff --git a/.grok/subagents/company-researcher/SKILL.md b/.grok/subagents/company-researcher/SKILL.md new file mode 100644 index 0000000..2f84796 --- /dev/null +++ b/.grok/subagents/company-researcher/SKILL.md @@ -0,0 +1,3 @@ +# Company Researcher +Deep-dive public data sources ( filings, press, tech stack, growth signals ) +Compile 1-page account briefs for sales outreach. diff --git a/.grok/subagents/competitor-analyzer/SKILL.md b/.grok/subagents/competitor-analyzer/SKILL.md new file mode 100644 index 0000000..f2ae1d4 --- /dev/null +++ b/.grok/subagents/competitor-analyzer/SKILL.md @@ -0,0 +1,3 @@ +# Competitor Analyzer +Track competitor pricing, features, and positioning. +Produce win/loss insights and battle-card updates. diff --git a/.grok/subagents/compliance-worker.md b/.grok/subagents/compliance-worker.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/cost-worker.md b/.grok/subagents/cost-worker.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/cross-repo-worker.md b/.grok/subagents/cross-repo-worker.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/decision-maker-finder/SKILL.md b/.grok/subagents/decision-maker-finder/SKILL.md new file mode 100644 index 0000000..e732e2d --- /dev/null +++ b/.grok/subagents/decision-maker-finder/SKILL.md @@ -0,0 +1,4 @@ +# Decision Maker Finder +Map org charts and reporting lines. +Identify economic buyers and technical approvers. +Respect GDPR, CAN-SPAM, and platform TOS boundaries. diff --git a/.grok/subagents/deploy-guard.md b/.grok/subagents/deploy-guard.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/doc-writer/SKILL.md b/.grok/subagents/doc-writer/SKILL.md new file mode 100644 index 0000000..792164f --- /dev/null +++ b/.grok/subagents/doc-writer/SKILL.md @@ -0,0 +1,4 @@ +# Doc Writer Subagent +- Generate README, API docs, runbooks from code and comments +- Keep examples executable and tested +- Enforce consistent tone and structure diff --git a/.grok/subagents/follow-up-scheduler/SKILL.md b/.grok/subagents/follow-up-scheduler/SKILL.md new file mode 100644 index 0000000..e6a20f1 --- /dev/null +++ b/.grok/subagents/follow-up-scheduler/SKILL.md @@ -0,0 +1,4 @@ +# Follow-up Scheduler +Queue outreach touches based on engagement signals. +Avoid spam patterns and respect opt-outs. +Measure conversion through funnel stages. diff --git a/.grok/subagents/issue-labeler.md b/.grok/subagents/issue-labeler.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/issue-prioritizer/SKILL.md b/.grok/subagents/issue-prioritizer/SKILL.md new file mode 100644 index 0000000..63afd8a --- /dev/null +++ b/.grok/subagents/issue-prioritizer/SKILL.md @@ -0,0 +1,4 @@ +# Issue Prioritizer Subagent +- Score by severity, reach, effort, and business value +- Auto-label and assign to epics +- Produce weekly prioritization report diff --git a/.grok/subagents/lead-finder/SKILL.md b/.grok/subagents/lead-finder/SKILL.md new file mode 100644 index 0000000..f6aaaa2 --- /dev/null +++ b/.grok/subagents/lead-finder/SKILL.md @@ -0,0 +1,3 @@ +# Lead Finder +Scrape ICP signals from GitHub, job postings, and public filings. +Score leads by fit and intent. Enrich with company/contact metadata. diff --git a/.grok/subagents/outreach-writer/SKILL.md b/.grok/subagents/outreach-writer/SKILL.md new file mode 100644 index 0000000..d25424a --- /dev/null +++ b/.grok/subagents/outreach-writer/SKILL.md @@ -0,0 +1,4 @@ +# Outreach Writer +Draft personalized emails/LinkedIn sequences per segment. +A/B test subject lines and CTAs. +Track reply rates and iterate. diff --git a/.grok/subagents/pr-reviewer/SKILL.md b/.grok/subagents/pr-reviewer/SKILL.md new file mode 100644 index 0000000..070c0b7 --- /dev/null +++ b/.grok/subagents/pr-reviewer/SKILL.md @@ -0,0 +1,4 @@ +# PR Reviewer Subagent +- Enforce review checklist: tests, docs, breaking changes, security surface +- Output verdict: approve / request changes / comment +- Block merge on unresolved security findings diff --git a/.grok/subagents/release-manager/SKILL.md b/.grok/subagents/release-manager/SKILL.md new file mode 100644 index 0000000..827ee5a --- /dev/null +++ b/.grok/subagents/release-manager/SKILL.md @@ -0,0 +1,4 @@ +# Release Manager Subagent +- Coordinate version bump, changelog, artifact builds +- Verify CI green, approvals, and release notes +- Publish and tag only after verification diff --git a/.grok/subagents/scan-worker.md b/.grok/subagents/scan-worker.md new file mode 100644 index 0000000..ae77797 --- /dev/null +++ b/.grok/subagents/scan-worker.md @@ -0,0 +1,19 @@ +--- +name: scan-worker +description: Parallel repo scanner for secrets, vulns, and docs. +model: inherit +tools: [terminal, file] +max_concurrency: 3 +--- + +# scan-worker + +## Role +Runs lightweight scanners against a target directory. + +## Input +- Path to scan. + +## Output +- Findings JSON. +- Suggested fixes. diff --git a/.grok/subagents/security-reviewer/SKILL.md b/.grok/subagents/security-reviewer/SKILL.md new file mode 100644 index 0000000..d54a7a4 --- /dev/null +++ b/.grok/subagents/security-reviewer/SKILL.md @@ -0,0 +1,4 @@ +# Security Reviewer Subagent +- Scan diffs for injection, authz flaws, secret exposure +- Cross-check against SECURITY.md and threat model +- Emit severity-rated findings with remediation diff --git a/.grok/subagents/security-worker.md b/.grok/subagents/security-worker.md new file mode 100644 index 0000000..e69de29 diff --git a/.grok/subagents/technical-debt-tracker/SKILL.md b/.grok/subagents/technical-debt-tracker/SKILL.md new file mode 100644 index 0000000..ddf839c --- /dev/null +++ b/.grok/subagents/technical-debt-tracker/SKILL.md @@ -0,0 +1,4 @@ +# Technical Debt Tracker Subagent +- Inventory TODOs, deprecated patterns, and outdated deps +- Quantify debt by interest (time lost per sprint) +- Build repayment roadmap prioritized by ROI diff --git a/.grok/subagents/test-coverage-analyzer/SKILL.md b/.grok/subagents/test-coverage-analyzer/SKILL.md new file mode 100644 index 0000000..2925834 --- /dev/null +++ b/.grok/subagents/test-coverage-analyzer/SKILL.md @@ -0,0 +1,4 @@ +# Test Coverage Analyzer Subagent +- Collect coverage reports across workflows +- Gap-analysis by module and risk tier +- Recommend new tests for uncovered critical paths diff --git a/.grok/subagents/triage-worker.md b/.grok/subagents/triage-worker.md new file mode 100644 index 0000000..a34fb69 --- /dev/null +++ b/.grok/subagents/triage-worker.md @@ -0,0 +1,19 @@ +--- +name: triage-worker +description: Parallel issue/PR triage worker. +model: inherit +tools: [github, terminal] +max_concurrency: 5 +--- + +# triage-worker + +## Role +Categorizes items into NOW/WIP/DONE. + +## Input +- List of issue/PR numbers or `gh` query. + +## Output +- Categorized list. +- STATE.md patch. diff --git a/apps/ai-changelog/main.py b/apps/ai-changelog/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/ai-changelog/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/ai-code-reviewer/main.py b/apps/ai-code-reviewer/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/ai-code-reviewer/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/docker-optimizer/main.py b/apps/docker-optimizer/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/docker-optimizer/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/kubernetes-validator/main.py b/apps/kubernetes-validator/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/kubernetes-validator/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/readme-generator/main.py b/apps/readme-generator/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/readme-generator/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/release-automation/main.py b/apps/release-automation/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/release-automation/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/sbom-creator/main.py b/apps/sbom-creator/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/sbom-creator/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/apps/security-reporting/main.py b/apps/security-reporting/main.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/apps/security-reporting/main.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/bots/branch-bot/branch_bot.py b/bots/branch-bot/branch_bot.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/bots/branch-bot/branch_bot.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/bots/changelog-bot/changelog_bot.py b/bots/changelog-bot/changelog_bot.py new file mode 100644 index 0000000..a75b41d --- /dev/null +++ b/bots/changelog-bot/changelog_bot.py @@ -0,0 +1,28 @@ +#!/usr/bin/env python3 +"""changelog-bot: Auto-draft CHANGELOG entries from recent commits.""" +import subprocess, pathlib, re, sys + +def get_commits(n=20): + out = subprocess.check_output(["git", "log", f"-n", str(n), "--pretty=format:%h %s"] , text=True) + return out.splitlines() + +def categorize(c): + if c.startswith("fix") or c.startswith("Fix"): return "Fixed" + if c.startswith("feat"): return "Added" + if c.startswith("chore"): return "Changed" + if c.startswith("security"): return "Security" + return "Changed" + +def main(): + commits = get_commits() + sections = {} + for c in commits: + msg = c.split(" ", 1)[-1] + cat = categorize(msg) + sections.setdefault(cat, []).append(msg) + out = pathlib.Path("CHANGELOG.draft.md") + out.write_text("\n".join(f"## {cat}\n" + "\n".join(f"- {m}" for m in ms)) for cat, ms in sections.items()) + print("Draft written to CHANGELOG.draft.md") + +if __name__ == "__main__": + main() diff --git a/bots/compliance-bot/compliance_bot.py b/bots/compliance-bot/compliance_bot.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/bots/compliance-bot/compliance_bot.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/bots/cost-bot/cost_bot.py b/bots/cost-bot/cost_bot.py new file mode 100644 index 0000000..5151ad7 --- /dev/null +++ b/bots/cost-bot/cost_bot.py @@ -0,0 +1 @@ +def run(event, repo):\n print('Bot $_ triggered')\n diff --git a/bots/dep-bot/dep_bot.py b/bots/dep-bot/dep_bot.py new file mode 100644 index 0000000..3633b18 --- /dev/null +++ b/bots/dep-bot/dep_bot.py @@ -0,0 +1,12 @@ +#!/usr/bin/env python3 +"""dep-bot: Update dependencies with approval gate.""" +import json, pathlib, subprocess, sys + +def main(): + # Placeholder: in real use, call dependabot CLI or npm-check-updates + report = {"status": "approval-required", "updates": []} + pathlib.Path("dep-report.json").write_text(json.dumps(report)) + print("Dep scan complete — approval required") + +if __name__ == "__main__": + main() diff --git a/bots/issue-labeler/issue_labeler.py b/bots/issue-labeler/issue_labeler.py new file mode 100644 index 0000000..52c603f --- /dev/null +++ b/bots/issue-labeler/issue_labeler.py @@ -0,0 +1,22 @@ +#!/usr/bin/env python3 +"""issue-labeler: Auto-label issues based on content.""" +import sys, pathlib, re + +LABELS = { + "bug": re.compile(r"bug|error|fail|crash", re.I), + "enhancement": re.compile(r"enhance|improve|feature", re.I), + "security": re.compile(r"security|vuln|secret|leak", re.I), + "docs": re.compile(r"doc|readme|guide", re.I), +} + +def main(): + if len(sys.argv) < 2: + print("Usage: issue_labeler.py