feat: Terraform and CI/CD pipeline detection plugins#39
Open
neilwashere wants to merge 9 commits intoHouseofmvps:mainfrom
Open
feat: Terraform and CI/CD pipeline detection plugins#39neilwashere wants to merge 9 commits intoHouseofmvps:mainfrom
neilwashere wants to merge 9 commits intoHouseofmvps:mainfrom
Conversation
* feat: add customSections to plugin API for first-class plugin output Plugins could previously only return routes, schemas, components, and middleware — they had no way to contribute new types of content to CODESIGHT.md. This meant plugin-generated insights were invisible to agents unless they knew to look for a separate file. Add customSections to PluginDetectorResult and ScanResult so plugins can return arbitrary markdown sections that get rendered into CODESIGHT.md alongside built-in sections, written as individual .md files, and referenced in AI config files (CLAUDE.md, .cursorrules, etc). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * feat: add terraform infrastructure plugin (AWS-focused) Add a plugin that scans Terraform/HCL files and generates infrastructure.md with deployment context for AI agents — where a service runs, what env vars and SSM secrets it receives, whether it's public-facing, what it depends on, and per-environment overrides. Supports two modes: in-project (terraform/ subdir alongside code) and external path (separate infrastructure repo, default ../infrastructure). Uses regex + brace-counting for zero-dependency HCL parsing, following the same approach as the Go extractor. The HCL parser and service matcher are provider-agnostic, but the infrastructure extractor currently targets AWS patterns (ECS, SSM Parameter Store, ALB, Route53, CloudWatch). Azure and GCP extraction would require additional provider-specific logic in the extractor — the parser and matcher layers would not need changes. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address PR review comments - formatter.ts: sanitise customSections names to safe basenames and reject collisions with built-in section names - hcl-parser.ts: skip comment stripping inside heredoc bodies to avoid corrupting literal content - extractor.ts: fix IAM statement extraction to read action/actions instead of falling back to effect - package.json: add dist/* wildcard export to preserve deep imports, update test script to run all test files Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address review findings — reserved name bypass, name mismatch, regex safety - Fix reserved name "CODESIGHT" casing mismatch in formatter.ts (was uppercase, safeName is always lowercased so the guard never matched) - Sanitize section names in ai-config.ts to match filenames written by formatter.ts - Move BLOCK_HEADER regex inside function body to prevent shared mutable state under concurrent use - Add string-aware bracket counting in multi-line list parser - Remove dead TF_EXTENSIONS constant - Add informational TODOs for parallel file reads, parseTfvars multiline limitation, and custom section name collision Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add a new plugin under src/plugins/cicd/ that scans CI/CD configuration files and produces a cicd.md section via the customSections plugin API. Follows the same architecture as the existing Terraform plugin. Supports GitHub Actions (.github/workflows/*.yml) and CircleCI (.circleci/config.yml) with extraction of triggers, jobs, secrets, deploy targets, reusable workflows, environments, and concurrency groups. Includes a purpose-built YAML parser for the CI/CD config subset (array-of-objects, block scalars, flow sequences) since the existing parseMinimalYAML cannot handle these constructs. 28 tests covering YAML parser, GHA extraction, CircleCI extraction, and full plugin integration. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- github-actions.ts: use extname() to strip both .yml and .yaml from fallback names - github-actions.ts: fix dead code — move string/array config checks outside object branch so schedule triggers are extracted - formatter.ts: use runner === "approval-gate" instead of stepCount === 0 to identify approval gates - yaml-parser.ts: fix operator precedence in numeric detection so 0.1 parses as number - yaml-parser.ts: handle escaped quotes in double-quoted strings in stripComment() Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Fix CircleCI extractTriggers dropping boolean parameters after the first - Add markdown table cell escaping to prevent pipe character corruption - Fix YAML number parsing for negative zero-prefixed strings like -01 - Add nested bracket depth tracking in parseFlowSequence - Support config.yaml in addition to config.yml for CircleCI - Add tags field to CICDTrigger type, fix tag filter using wrong field - Use Object.create(null) for parsed YAML mappings - Handle escaped quotes in findKeyColon Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Tests dynamically create fixtures via writeFixture() — no need to track them. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Remove duplicate scan() from index.ts (now lives in core.ts since upstream refactor) - Port customSections plugin API into core.ts scan() to preserve the feature - Narrow .gitignore pattern from tests/fixtures/ to only ignore generated .codesight/ output - Restore terraform fixture files deleted by the overly-broad gitignore commit Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Skills plugin scans .claude/commands and .claude/skills for project-local slash commands, surfacing name + description so agents can discover and use available tools before reaching for generic solutions. Git hooks plugin detects lefthook, husky, and raw git hooks and surfaces which lifecycle triggers what command, with an explicit agent warning that hook failures block the operation. Managed tool hooks suppress the underlying raw hook to avoid duplication. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The ../infrastructure sibling scan was specific to a particular monorepo layout. The general case is terraform co-located in the project; users with a separate infra repo should set infraPath explicitly. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
neilwashere
changed the title
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Two new plugins for surfacing infrastructure and pipeline context to AI agents.
Terraform plugin
Scans
.tffiles co-located in the project and generates an infrastructure section inCODESIGHT.md.Discovery order (zero-config):
terraform/,infra/,infrastructure/,deploy/,iac/subdirs.tffiles at project rootinfraPathoverride for a separate infrastructure repoSurfaces: ECS/Lambda/RDS/S3/API Gateway resources, env vars and secrets (SSM/Secrets Manager), DNS and public-facing status, per-environment
.tfvarsoverrides, IAM permissions, observability config.Service matching uses the project name from
package.json/pyproject.tomlwith optionalserviceNameandserviceAliasesoverrides.CI/CD plugin
Scans GitHub Actions workflows and CircleCI config, extracting pipeline structure.
Surfaces: triggers, jobs with step counts and runners, deploy targets, actions used, deployment environments, concurrency groups, secrets, reusable workflows.
Zero-config — discovers
.github/workflows/*.ymland.circleci/config.ymlautomatically. Configurable via{ systems: ["github-actions"] }to restrict to one CI system.Test plan
pnpm test— all terraform and CI/CD tests pass.tfvars🤖 Generated with Claude Code