codacy
diff --git a/‎README.md‎
Lines changed: 80 additions & 0 deletions b/‎README.md‎
Lines changed: 80 additions & 0 deletions
diff --git a/‎SPECS/README.md‎
Lines changed: 5 additions & 0 deletions b/‎SPECS/README.md‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎SPECS/commands/tools-and-patterns.md‎
Lines changed: 140 additions & 0 deletions b/‎SPECS/commands/tools-and-patterns.md‎
Lines changed: 140 additions & 0 deletions
@@ -251,6 +251,86 @@ With `--issue <id>`: shows full detail for that issue (code context + pattern do
 
 With `--diff`: shows the annotated git diff — only blocks containing covered/uncovered lines or new issues, with 3 lines of context around each. Coverage is shown with ✓ (green, covered) and ✘ (red, uncovered) symbols; issues are annotated inline with severity, category, and message.
 
+#### `tools <provider> <organization> <repository>`
+
+List all analysis tools configured for a repository with their status.
+
+```bash
+codacy tools gh my-org my-repo
+codacy tools gh my-org my-repo --output json
+```
+
+Displays tools grouped into **Enabled** and **Disabled** sections. For each tool:
+- **Config File** — `Applied` (config file detected and in use), `Available` (detected but not used), or `Not Available`
+- **Via Standard** — name of any Coding Standard that enabled the tool
+- **Notes** — `Client-side tool` for tools that run locally
+
+#### `tool <provider> <organization> <repository> <toolName>`
+
+Enable, disable, or configure an analysis tool for a repository.
+
+```bash
+codacy tool gh my-org my-repo eslint --enable
+codacy tool gh my-org my-repo eslint --disable
+codacy tool gh my-org my-repo eslint --configuration-file true
+codacy tool gh my-org my-repo eslint --enable --configuration-file true
+```
+
+| Argument | Description |
+|---|---|
+| `toolName` | Tool name (use hyphens for spaces, e.g. `eslint-(deprecated)`) |
+
+| Option | Description |
+|---|---|
+| `-e, --enable` | Enable the tool |
+| `-d, --disable` | Disable the tool |
+| `-c, --configuration-file <true/false>` | Set whether the tool uses a configuration file |
+
+Tool names are matched by best-fit: `eslint` matches "ESLint" but not "ESLint9" or "ESLint (deprecated)"; `eslint-(deprecated)` matches "ESLint (deprecated)".
+
+#### `patterns <provider> <organization> <repository> <toolName>`
+
+List all patterns for an analysis tool in a repository with their status and configuration.
+
+```bash
+codacy patterns gh my-org my-repo eslint
+codacy patterns gh my-org my-repo eslint --enabled --categories Security
+codacy patterns gh my-org my-repo eslint --severities Critical,High --search "sql injection"
+codacy patterns gh my-org my-repo eslint --output json
+```
+
+| Option | Description |
+|---|---|
+| `-l, --languages <languages>` | Comma-separated list of languages |
+| `-C, --categories <categories>` | Comma-separated list of categories |
+| `-s, --severities <severities>` | Comma-separated severity levels: `Critical`, `High`, `Medium`, `Minor` |
+| `-t, --tags <tags>` | Comma-separated list of tags |
+| `-q, --search <search>` | Search term to filter patterns |
+| `-e, --enabled` | Show only enabled patterns |
+| `-D, --disabled` | Show only disabled patterns |
+| `-r, --recommended` | Show only recommended patterns |
+
+Displays patterns as cards sorted by severity (Critical first), then recommended first, then alphabetically. Each card shows severity, category, description, rationale, solution, and active parameter values.
+
+#### `pattern <provider> <organization> <repository> <toolName> <patternId>`
+
+Enable, disable, or set parameters for a specific analysis pattern.
+
+```bash
+codacy pattern gh my-org my-repo eslint no-unused-vars --enable
+codacy pattern gh my-org my-repo eslint no-unused-vars --disable
+codacy pattern gh my-org my-repo eslint max-len --parameter max=120
+codacy pattern gh my-org my-repo eslint max-len --enable --parameter max=120 --parameter tabWidth=2
+```
+
+| Option | Description |
+|---|---|
+| `-e, --enable` | Enable the pattern |
+| `-d, --disable` | Disable the pattern |
+| `-p, --parameter <name=value>` | Set a parameter value (`name=value` format, repeatable) |
+
+When only `--parameter` is used (without `--enable` or `--disable`), the current enabled state of the pattern is preserved automatically.
+
 ## Development
 
 ```bash
 
@@ -20,6 +20,10 @@ _No pending tasks._
 | `issue` | `iss` | ✅ Done | [issue.md](commands/issue.md) |
 | `findings` | `fins` | ✅ Done | [findings.md](commands/findings.md) |
 | `finding` | `fin` | ✅ Done (CVE enrichment included) | [finding.md](commands/finding.md) |
+| `tools` | `tls` | ✅ Done | [tools-and-patterns.md](commands/tools-and-patterns.md) |
+| `tool` | `tl` | ✅ Done | [tools-and-patterns.md](commands/tools-and-patterns.md) |
+| `patterns` | `pats` | ✅ Done | [tools-and-patterns.md](commands/tools-and-patterns.md) |
+| `pattern` | `pat` | ✅ Done | [tools-and-patterns.md](commands/tools-and-patterns.md) |
 
 ## Other Specs
 
@@ -50,3 +54,4 @@ _No pending tasks._
 | 2026-02-24 | SPECS folder created — TODO.md split into `SPECS/README.md` + per-command specs + setup/deployment |
 | 2026-02-25 | `pull-request --diff` option + Diff Coverage Summary section (6 new tests, 108 total) |
 | 2026-02-25 | `repository` actions: `--add`, `--remove`, `--follow`, `--unfollow` (4 new tests, 112 total) |
+| 2026-02-25 | `tools`, `tool`, `patterns`, `pattern` commands + tests (35 new tests, 147 total); `findToolByName` helper added to `utils/formatting.ts` |
@@ -0,0 +1,140 @@
+# `tools` Command Spec
+
+## Purpose
+List all tools available for a repository and their status (enabled/disabled, using configuration file or not)
+
+
+## Usage
+```
+codacy tools <provider> <organization> <repository>
+codacy tools gh my-org my-repo --output json
+```
+
+## API Endpoints
+- [`listRepositoryTools`](https://api.codacy.com/api/api-docs#listrepositorytools)
+
+## Considerations
+- Tools can be enabled by users for that specific repository, or by an applied Coding Standard.
+- Tools may support local configuration files; if so, they would indicate if a configuration file was detected and if it is being used.
+
+
+## Output
+
+List first all enabled tools for the repository (under a title "✅ Enabled tools"), then all disabled tools for the repository (under a title "❌ Disabled tools").
+
+For each tool, show the following information:
+- Tool name
+- If enabled in a Coding Standard, show the Coding Standard name
+- Tool configuration file status (Available, Not Available, Applied)
+- Notes
+  - if the tool is client-side, show 'Client-side tool'
+
+# `tool` Command Spec
+## Purpose
+Enable or disable a specific tool for a repository.
+
+## Usage
+```
+codacy tool <provider> <organization> <repository> <tool name> --enable
+codacy tool <provider> <organization> <repository> <tool name> --disable
+codacy tool <provider> <organization> <repository> <tool name> --configuration-file true
+```
+
+### Options
+- `--enable, -e`
+- `--disable, -d`
+- `--configuration-file, -cf <true/false>`
+
+### Output
+If successful, return a success message with the action taken ("Tool X enabled", "Tool X uses now a configuration file", etc). Otherwise, return an error message with the error details provided by the API.
+
+
+## API Endpoints
+- [`configureTool`](https://api.codacy.com/api/api-docs#configuretool)
+
+## Considerations
+The API expects a tool UUID, not the tool name, so we need to fetch the tool UUID first. We can do this by calling the [`listRepositoryTools`](https://api.codacy.com/api/api-docs#listrepositorytools) API endpoint. We should match the tool name by "best match" using the `name` field.
+
+e.g.
+- for `trivy`, we'll match the tool called "Trivy"
+- for `eslint`, we'll match the tool called "ESLint", but not the tool called "ESLint (deprecated)" nor the tool called "ESLint9"
+- for `jackson`, we'll match the tool called "Jackson Linter"
+- to match a tool with spaces in the name, the user needs to replace the spaces with a hyphen `-`; e.g. `eslint-(deprecated)` should match the tool called "ESLint (deprecated)"
+
+
+
+# `patterns` Command Spec
+
+## Purpose
+List all tool patterns for a repository and their status (enabled/disabled, parameters)
+
+## Options
+- `--languages <languages>`
+- `--categories <categories>`
+- `--severities <severities>`
+- `--tags <tags>`
+- `--search <search>`
+- `--enabled`
+- `--disabled`
+- `--recommended`
+
+## Usage
+```
+codacy patterns <provider> <organization> <repository> <tool name>
+codacy patterns gh my-org my-repo eslint
+codacy patterns gh my-org my-repo eslint ---categories security,errorprone --severities critical,high --search "sql injection" --disabled --recommended
+```
+
+## API Endpoints
+- [`listRepositoryTools`](https://api.codacy.com/api/api-docs#listrepositorytools)
+- [`listRepositoryToolPatterns`](https://api.codacy.com/api/api-docs#listrepositorytoolpatterns)
+
+## Considerations
+Have the same considerations described in the `tool` command spec about matching the tool name.
+
+
+## Output
+Instead of a table, show a card-style format for each pattern.
+```
+────────────────────────────────────────
+{✅/❌} {Title in white if enabled, gray if disabled} ({id in dark gray}) | {Recommended? in purple}
+   {Severity colored} | {Category} {SubCategory?} | {Languages} | {Tags}
+   {Description}
+
+   Why? {Rationale}
+   How to fix? {Solution}
+
+  <IF THERE ARE PARAMETERS SET AND PATTERN IS ENABLED>
+  Parameters:
+    - {Parameter name} = {Parameter value}
+    ...
+  </IF THERE ARE PARAMETERS SET AND PATTERN IS ENABLED>
+────────────────────────────────────────
+```
+
+- "Why?" and "How to fix?" should be in white; their content should be in dim gray
+- Sort the results by severity (Critical > High > Medium > Minor), then by recommended (true > false), then by title alphabetically
+- As with other commands, if the results return more than 100 items, show a pagination warning and suggest filters to use.
+
+
+#`pattern` Command Spec
+## Purpose
+Enable or disable a specific pattern for a repository, and set its parameters if available.
+
+## Usage
+```
+codacy pattern <provider> <organization> <repository> <tool name> <pattern id> --enable
+codacy pattern <provider> <organization> <repository> <tool name> <pattern id> --disable
+codacy pattern <provider> <organization> <repository> <tool name> <pattern id> --parameter <parameter name> <parameter value>
+```
+
+### Options
+- `--enable, -e`
+- `--disable, -d`
+- `--parameter, -p <parameter name> <parameter value>`
+
+## API Endpoints
+- [`configureTool`](https://api.codacy.com/api/api-docs#configuretool)
+
+## Considerations
+Have the same considerations described in the `tool` command spec about matching the tool name.