agent-plugins/mise.toml at main · rsmets/agent-plugins

155 lines (127 loc) · 5.46 KB
# mise.toml - Tool versions and tasks for Agent Plugins for AWS
# See: https://mise.jdx.dev
min_version = "2026.2.4"
uv = "0.10"
node = "24"
"npm:markdownlint-cli2" = "0.17"
"npm:ajv-cli" = "5"
"npm:dprint" = "0.51"
"pipx:pre-commit" = "4"
"pipx:bandit[sarif]" = "1"
"pipx:checkov" = "3"
"pipx:semgrep" = "1.151.0"
"grype" = "0.107.1"
"gitleaks" = "8.30.0"
# ==================
# ROOT LEVEL TASKS
# ==================
[tasks.pre-commit]
description = "Run pre-commit"
  "pre-commit run --all-files"
# ======================
# LINTING & FORMATTING
# ======================
[tasks.fmt]
description = "Format all files"
run = "dprint fmt"
[tasks."fmt:check"]
description = "Check formatting (CI)"
run = "dprint check"
[tasks."lint:md"]
description = "Lint Markdown files (includes SKILL.md validation)"
run = "markdownlint-cli2 '**/*.md' '#node_modules' '#.git'"
[tasks."lint:md:fix"]
description = "Lint Markdown files (includes SKILL.md validation)"
run = "markdownlint-cli2 '**/*.md' '#node_modules' --fix"
[tasks."lint:manifests"]
description = "Validate JSON manifests"
  "ajv validate -s schemas/marketplace.schema.json -d '.claude-plugin/marketplace.json' --all-errors --errors=text",
  "ajv validate -s schemas/plugin.schema.json -d 'plugins/**/.claude-plugin/plugin.json' --all-errors --errors=text",
  "ajv validate -s schemas/mcp.schema.json -d 'plugins/**/.mcp.json' --all-errors --errors=text",
[tasks."lint:cross-refs"]
description = "Validate cross-references between manifests"
run = "node tools/validate-cross-refs.cjs"
[tasks.lint]
description = "Run all linters"
    { task = "lint:md" },
    { task = "lint:manifests" },
    { task = "lint:cross-refs"}
# =============
# VALIDATION
# =============
[tasks."validate:refs"]
description = "Detect broken links and orphaned reference files"
run = "uv run tools/validate-references.py"
[tasks."validate:size"]
description = "Check SKILL.md sizes and flag extraction candidates"
run = "uv run tools/validate-size.py"
[tasks."validate:urls"]
description = "Check HTTPS URLs in markdown files return 200 (network-dependent, not in build)"
run = "uv run tools/validate-urls.py"
[tasks.validate]
description = "Run all validation checks"
    { task = "validate:refs" },
    { task = "validate:size" }
# =============
# SCAFFOLDING
# =============
[tasks."init:skill"]
description = "Scaffold a new skill directory"
run = "uv run tools/init-skill.py"
# =========
# =========
[tasks."security:bandit"]
description = "Run Bandit"
  "bandit -r ."
[tasks."security:semgrep"]
description = "Run SemGrepOSS"
 "semgrep scan --quiet --oss-only --metrics=off --config=r/all --max-log-list-entries=0 --exclude-rule='ai.generic.detect-generic-ai-anthprop.detect-generic-ai-anthprop' --exclude-rule='generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key' --exclude-rule='apex.lang.best-practice.ncino.accessmodifiers.globalaccessmodifiers.global-access-modifiers' --exclude-rule='apex.lang.best-practice.ncino.urls.absoluteurls.absolute-urls' --exclude-rule='apex.lang.security.ncino.dml.apexcsrfconstructor.apex-csrf-constructor' --exclude-rule='apex.lang.security.ncino.dml.dmlnativestatements.dml-native-statements' --exclude-rule='apex.lang.security.ncino.encryption.badcrypto.bad-crypto' --exclude-rule='apex.lang.security.ncino.endpoints.insecurehttprequest.insecure-http-request' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsconstantmatch.named-credentials-constant-match' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsstringmatch.named-credentials-string-match' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionfromunescapedurlparam.soql-injection-unescaped-url-param' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionunescapedparam.soql-injection-unescaped-param' --exclude-rule='apex.lang.security.ncino.sharing.specifysharinglevel.specify-sharing-level' --exclude-rule='apex.lang.security.ncino.system.systemdebug.system-debug' --exclude-rule='elixir.lang.best-practice.deprecated-bnot-operator.deprecated_bnot_operator' --exclude-rule='elixir.lang.best-practice.deprecated-bxor-operator.deprecated_bxor_operator' --exclude-rule='elixir.lang.best-practice.deprecated-calendar-iso-day-of-week-3.deprecated_calendar_iso_day_of_week_3' --exclude-rule='elixir.lang.best-practice.deprecated-use-bitwise.deprecated_use_bitwise' --exclude-rule='elixir.lang.best-practice.enum-map-into.enum_map_into' --exclude-rule='elixir.lang.best-practice.enum-map-join.enum_map_join' --exclude-rule='elixir.lang.correctness.atom-exhaustion.atom_exhaustion' --exclude-rule='ai.generic.detect-generic-ai-oai.detect-generic-ai-oai'"
[tasks."security:checkov"]
description = "Run Checkov"
  "checkov --quiet --directory . "
[tasks."security:gitleaks"]
description = "Run GitLeaks"
  "gitleaks git --config=.gitleaks.toml --baseline-path=.gitleaks-baseline.json"
[tasks."security:grype"]
description = "Run Grype"
  "grype ."
[tasks.security]
description = "Run security scans"
    { task = "security:bandit" },
    { task = "security:semgrep" },
    { task = "security:gitleaks" },
    { task = "security:checkov" },
    { task = "security:grype" },
# ===============
# BUILD PROCESS
# ===============
[tasks.build]
description = "Complete build: lint, format, validate, security scans"
    { task = "lint" },
    { task = "fmt:check" },
    { task = "validate" },
    { task = "security"}
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

FilesExpand file tree

mise.toml

Latest commit

History

mise.toml

File metadata and controls
