forked from awslabs/agent-plugins
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathmise.toml
More file actions
121 lines (100 loc) · 4.61 KB
/
mise.toml
File metadata and controls
121 lines (100 loc) · 4.61 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
# mise.toml - Tool versions and tasks for Agent Plugins for AWS
# See: https://mise.jdx.dev
min_version = "2026.2.4"
[tools]
node = "24"
"npm:markdownlint-cli2" = "0.17"
"npm:ajv-cli" = "5"
"pipx:pre-commit" = "4"
"pipx:bandit[sarif]" = "1"
"pipx:checkov" = "3"
"pipx:semgrep" = "1.151.0"
"grype" = "0.107.1"
"gitleaks" = "8.30.0"
# ==================
# ROOT LEVEL TASKS
# ==================
[tasks.pre-commit]
description = "Run pre-commit"
run = [
"pre-commit run --all-files"
]
# ======================
# LINTING & FORMATTING
# ======================
[tasks.fmt]
description = "Format all files"
run = "npx dprint fmt"
[tasks."fmt:check"]
description = "Check formatting (CI)"
run = "npx dprint check"
[tasks."lint:md"]
description = "Lint Markdown files (includes SKILL.md validation)"
run = "markdownlint-cli2 '**/*.md' '#node_modules' '#.git'"
[tasks."lint:md:fix"]
description = "Lint Markdown files (includes SKILL.md validation)"
run = "markdownlint-cli2 '**/*.md' '#node_modules' --fix"
[tasks."lint:manifests"]
description = "Validate JSON manifests"
run = [
"ajv validate -s schemas/marketplace.schema.json -d '.claude-plugin/marketplace.json' --all-errors --errors=text",
"ajv validate -s schemas/plugin.schema.json -d 'plugins/**/.claude-plugin/plugin.json' --all-errors --errors=text",
"ajv validate -s schemas/mcp.schema.json -d 'plugins/**/.mcp.json' --all-errors --errors=text",
]
[tasks."lint:cross-refs"]
description = "Validate cross-references between manifests"
run = "node tools/validate-cross-refs.cjs"
[tasks.lint]
description = "Run all linters"
run = [
{ task = "lint:md" },
{ task = "lint:manifests" },
{ task = "lint:cross-refs"}
]
# =========
# SECURITY
# =========
[tasks."security:bandit"]
description = "Run Bandit"
run = [
"bandit -r ."
]
[tasks."security:semgrep"]
description = "Run SemGrepOSS"
run = [
"semgrep scan --quiet --oss-only --metrics=off --config=r/all --max-log-list-entries=0 --exclude-rule='ai.generic.detect-generic-ai-anthprop.detect-generic-ai-anthprop' --exclude-rule='generic.secrets.security.detected-sonarqube-docs-api-key.detected-sonarqube-docs-api-key' --exclude-rule='apex.lang.best-practice.ncino.accessmodifiers.globalaccessmodifiers.global-access-modifiers' --exclude-rule='apex.lang.best-practice.ncino.urls.absoluteurls.absolute-urls' --exclude-rule='apex.lang.security.ncino.dml.apexcsrfconstructor.apex-csrf-constructor' --exclude-rule='apex.lang.security.ncino.dml.dmlnativestatements.dml-native-statements' --exclude-rule='apex.lang.security.ncino.encryption.badcrypto.bad-crypto' --exclude-rule='apex.lang.security.ncino.endpoints.insecurehttprequest.insecure-http-request' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsconstantmatch.named-credentials-constant-match' --exclude-rule='apex.lang.security.ncino.endpoints.namedcredentialsstringmatch.named-credentials-string-match' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionfromunescapedurlparam.soql-injection-unescaped-url-param' --exclude-rule='apex.lang.security.ncino.injection.apexsoqlinjectionunescapedparam.soql-injection-unescaped-param' --exclude-rule='apex.lang.security.ncino.sharing.specifysharinglevel.specify-sharing-level' --exclude-rule='apex.lang.security.ncino.system.systemdebug.system-debug' --exclude-rule='elixir.lang.best-practice.deprecated-bnot-operator.deprecated_bnot_operator' --exclude-rule='elixir.lang.best-practice.deprecated-bxor-operator.deprecated_bxor_operator' --exclude-rule='elixir.lang.best-practice.deprecated-calendar-iso-day-of-week-3.deprecated_calendar_iso_day_of_week_3' --exclude-rule='elixir.lang.best-practice.deprecated-use-bitwise.deprecated_use_bitwise' --exclude-rule='elixir.lang.best-practice.enum-map-into.enum_map_into' --exclude-rule='elixir.lang.best-practice.enum-map-join.enum_map_join' --exclude-rule='elixir.lang.correctness.atom-exhaustion.atom_exhaustion'"
]
[tasks."security:checkov"]
description = "Run Checkov"
run = [
"checkov --quiet --directory . "
]
[tasks."security:gitleaks"]
description = "Run GitLeaks"
run = [
"gitleaks git --config=.gitleaks.toml --baseline-path=.gitleaks-baseline.json"
]
[tasks."security:grype"]
description = "Run Grype"
run = [
"grype ."
]
[tasks.security]
description = "Run security scans"
run = [
{ task = "security:bandit" },
{ task = "security:semgrep" },
{ task = "security:gitleaks" },
{ task = "security:checkov" },
{ task = "security:grype" },
]
# ===============
# BUILD PROCESS
# ===============
[tasks.build]
description = "Complete build: lint, format, security scans"
run = [
{ task = "lint" },
{ task = "fmt:check" },
{ task = "security"}
]