@axplusb/kepler 1.0.10 → 2.0.2

package/src/core/backend-url.mjs

@@ -9,8 +9,8 @@
 
 const BACKEND_URLS = {
     local:       'http://127.0.0.1:8000',
-    development: 'https://tarang-backend-development.up.railway.app',
-    production:  'https://tarang-backend-intl-web-app-production.up.railway.app',
+    development: 'https://codekepler-backend-dev.kindisland-9034322d.eastus.azurecontainerapps.io',
+    production:  'https://codekepler-backend-prod.redsky-6d31f3e5.eastus.azurecontainerapps.io',
 };
 
 // Aliases

package/src/core/headless.mjs

@@ -188,6 +188,11 @@ export async function runHeadless({ instruction, model, timeout = 300, maxCost,
         toolBreakdown[t.tool] = (toolBreakdown[t.tool] || 0) + 1;
     }
 
+    // Include sub-agent tool counts in the total
+    for (const sa of subAgents) {
+        toolCount += sa.tool_calls || 0;
+    }
+
     emit({
         type: 'complete',
         tools: toolCount,

package/src/core/risk-tier.mjs

@@ -0,0 +1,245 @@
+/**
+ * Risk tier classifier — Mission Control (PRD-055 §8.1).
+ *
+ *   import { classify, TIERS, behavior } from './risk-tier.mjs';
+ *   const tier = classify('shell', { command: 'rm -rf node_modules' });
+ *   // → 'shell-dangerous'
+ *
+ * Pure: no I/O, no async. Tested in isolation; the rest of the CLI relies on
+ * the return value to decide whether to auto-approve, auto-approve with
+ * checkpoint, or hold for explicit approval.
+ *
+ * The CLI never asks the backend for the tier. The backend's job is to say
+ * "this is what I want to run"; we map that to a tier locally so dangerous
+ * intent can't be hidden behind a friendly description.
+ */
+
+// ── Tier enum ────────────────────────────────────────────────────────────
+
+export const TIERS = Object.freeze({
+  READ:            'read',
+  LOCAL_EDIT:      'local-edit',
+  SHELL_SAFE:      'shell-safe',
+  SHELL_MEDIUM:    'shell-medium',
+  SHELL_DANGEROUS: 'shell-dangerous',
+  DESTRUCTIVE:     'destructive',
+  NETWORK:         'network',
+});
+
+/**
+ * Default behavior by tier:
+ *   auto              — proceed silently
+ *   auto-with-undo    — proceed but record a checkpoint first
+ *   prompt-safe       — prompt with Enter=approve default
+ *   prompt-explicit   — magenta-bordered prompt, no default
+ */
+export const BEHAVIOR = Object.freeze({
+  [TIERS.READ]:            'auto',
+  [TIERS.LOCAL_EDIT]:      'auto-with-undo',
+  [TIERS.SHELL_SAFE]:      'auto',
+  [TIERS.SHELL_MEDIUM]:    'prompt-safe',
+  [TIERS.SHELL_DANGEROUS]: 'prompt-explicit',
+  [TIERS.DESTRUCTIVE]:     'prompt-explicit',
+  [TIERS.NETWORK]:         'prompt-safe',
+});
+
+export function behavior(tier) {
+  return BEHAVIOR[tier] || 'prompt-safe';
+}
+
+// ── Tool → tier (non-shell) ─────────────────────────────────────────────
+
+const READ_TOOLS = new Set([
+  'read_file', 'read_files',
+  'search_code', 'search_files', 'grep',
+  'list_files', 'get_file_info', 'get_project_overview',
+  'git_status', 'git_diff',
+  'analyze_code',
+  'validate_file', 'validate_structure',
+]);
+
+const LOCAL_EDIT_TOOLS = new Set([
+  'edit_file', 'write_file', 'write_project',
+]);
+
+const DESTRUCTIVE_TOOLS = new Set([
+  'delete_file',
+]);
+
+const NETWORK_TOOLS = new Set([
+  'WebFetch', 'fetch_url',
+]);
+
+// ── Shell sub-classifier ────────────────────────────────────────────────
+
+const SHELL_SAFE_RE = [
+  // Inspection / read-only + harmless shell navigation built-ins.
+  // `cd` / `pushd` / `popd` only change the process working directory; if
+  // chained with something dangerous, the multi-segment classifier still
+  // catches the danger (`cd /x && rm -rf .` → SHELL_DANGEROUS).
+  /^\s*(cd|pushd|popd|ls|cat|head|tail|less|more|wc|file|stat|tree|find|grep|rg|ag|fd|echo|printf|pwd|whoami|date|which|type|env|printenv|uname|hostname|id|df|du|uptime|free|top|ps|lsof)\b/i,
+  // mkdir -p / touch are creation primitives but harmless in scope.
+  /^\s*mkdir\s+-p\b/i,
+  /^\s*touch\s/i,
+  /^\s*git\s+(status|log|diff|show|branch|tag|remote|stash\s+list|blame|shortlog|describe|rev-parse|ls-files|ls-tree|config\s+--get)\b/i,
+  // Test-only invocations
+  /^\s*(npm|pnpm|yarn)\s+(test|run\s+test|run\s+lint|list|ls|view|info|outdated)\b/i,
+  /^\s*node\s+--check\b/i,
+  /^\s*python3?\s+-m\s+py_compile\b/i,
+  /^\s*pytest\b(?!.*--?(delete|rm|destructive))/i,
+  /^\s*cargo\s+(check|test|clippy|build)\b/i,
+  /^\s*go\s+(test|vet|build)\b/i,
+  /^\s*make\s+(test|check|lint|build)\b/i,
+];
+
+const SHELL_DANGEROUS_RE = [
+  /\brm\s+-r/i,
+  /\brm\s+--recursive/i,
+  /\brm\s+-rf?\b/i,
+  /\bunlink\s/i,
+  /\brmdir\s+-/i,
+  /\bgit\s+push.*--force/i,
+  /\bgit\s+push.*-f\b/i,
+  /\bgit\s+reset\s+--hard/i,
+  /\bgit\s+clean\s+-f/i,
+  /\bgit\s+checkout\s+\./i,
+  /\bgit\s+stash\s+drop/i,
+  /\bgit\s+branch\s+-D/i,
+  /\bgit\s+filter-branch/i,
+  /\bsudo\b/i,
+  /\bsu\s+-/i,
+  /\bcurl\b.*\|\s*(sh|bash|zsh)/i,
+  /\bwget\b.*\|\s*(sh|bash|zsh)/i,
+  /\beval\s+["'$(]/i,
+  /\bkubectl\s+delete/i,
+  /\bdocker\s+(rm|rmi|system\s+prune|volume\s+rm|network\s+rm)/i,
+  /\bdrop\s+(table|database|schema)/i,
+  /\btruncate\s+table/i,
+  /\bmkfs\b/i,
+  /\bdd\s+if=/i,
+  /:\s*\(\s*\)\s*\{.*:\|/i, // fork bomb
+  />\s*\/dev\/sda/i,
+];
+
+const SHELL_MEDIUM_RE = [
+  /^\s*(npm|pnpm|yarn)\s+(install|i|add|remove|uninstall|update|upgrade|publish|deploy)\b/i,
+  /^\s*pip\s+(install|uninstall|--upgrade)\b/i,
+  /^\s*pipx\s+(install|uninstall)\b/i,
+  /^\s*brew\s+(install|uninstall|upgrade|update)\b/i,
+  /^\s*apt(-get)?\s+(install|remove|upgrade|update)\b/i,
+  /^\s*cargo\s+(install|uninstall|publish|run)\b/i,
+  /^\s*go\s+(install|get|mod\s+tidy|mod\s+download)\b/i,
+  /^\s*make(\s|$)/i,
+  /^\s*git\s+(commit|push|pull|merge|rebase|fetch|checkout(?!\s+\.)|cherry-pick|revert|tag|stash(?!\s+drop))/i,
+  /^\s*docker\s+(build|run|exec|compose|pull|push|tag)/i,
+];
+
+export function classifyShell(command) {
+  const cmd = String(command || '').trim();
+  if (!cmd) return TIERS.SHELL_MEDIUM;
+
+  // Dangerous wins over safe — never let a safe-looking prefix mask `&& rm -rf`.
+  if (SHELL_DANGEROUS_RE.some(re => re.test(cmd))) return TIERS.SHELL_DANGEROUS;
+
+  // For a chained command, classify each segment and take the riskiest —
+  // never let a safe-looking prefix mask `&& npm install` or worse.
+  if (/&&|\|\||;|\|(?!\|)/.test(cmd)) {
+    const segments = splitShellSegments(cmd);
+    if (segments.length > 1) {
+      let worst = TIERS.SHELL_SAFE;
+      for (const seg of segments) {
+        const t = classifyShell(seg);
+        worst = riskier(worst, t);
+        if (worst === TIERS.SHELL_DANGEROUS) return worst;
+      }
+      return worst;
+    }
+  }
+
+  if (SHELL_MEDIUM_RE.some(re => re.test(cmd))) return TIERS.SHELL_MEDIUM;
+  if (SHELL_SAFE_RE.some(re => re.test(cmd)))   return TIERS.SHELL_SAFE;
+  return TIERS.SHELL_MEDIUM;
+}
+
+function splitShellSegments(cmd) {
+  // Split on top-level &&, ||, ;, | — naive but enough for the classifier.
+  return cmd.split(/&&|\|\||;|\|/).map(s => s.trim()).filter(Boolean);
+}
+
+const TIER_ORDER = [
+  TIERS.READ,
+  TIERS.SHELL_SAFE,
+  TIERS.LOCAL_EDIT,
+  TIERS.NETWORK,
+  TIERS.SHELL_MEDIUM,
+  TIERS.DESTRUCTIVE,
+  TIERS.SHELL_DANGEROUS,
+];
+
+function riskier(a, b) {
+  return TIER_ORDER.indexOf(b) > TIER_ORDER.indexOf(a) ? b : a;
+}
+
+// ── Top-level classify ──────────────────────────────────────────────────
+
+/**
+ * Classify a tool call into a risk tier. Always returns one of TIERS.
+ *
+ * @param {string} tool   Tool name (e.g. 'shell', 'edit_file')
+ * @param {object} args   Tool arguments (e.g. { command: 'rm -rf x' })
+ */
+export function classify(tool, args = {}) {
+  if (!tool) return TIERS.SHELL_MEDIUM;
+
+  if (READ_TOOLS.has(tool))        return TIERS.READ;
+  if (LOCAL_EDIT_TOOLS.has(tool))  return TIERS.LOCAL_EDIT;
+  if (DESTRUCTIVE_TOOLS.has(tool)) return TIERS.DESTRUCTIVE;
+  if (NETWORK_TOOLS.has(tool))     return TIERS.NETWORK;
+
+  if (tool === 'shell' || tool === 'run_tests' || tool === 'validate_build' || tool === 'lint_check') {
+    return classifyShell(args.command || args.cmd || '');
+  }
+
+  // Sub-agents inherit their parent's risk (read-ish by default).
+  if (['explore', 'plan', 'verify', 'debug', 'refactor', 'analyze_code'].includes(tool)) {
+    return TIERS.READ;
+  }
+
+  // MCP tools: assume network unless the name implies read.
+  if (tool.startsWith('mcp')) {
+    return /(?:read|get|list|search|describe|info|status)/i.test(tool) ? TIERS.READ : TIERS.NETWORK;
+  }
+
+  return TIERS.SHELL_MEDIUM;
+}
+
+/**
+ * Convenience: human label for a tier (used in approval prompts and the
+ * status bar). Returned strings already uppercased / hyphenated.
+ */
+export function label(tier) {
+  switch (tier) {
+    case TIERS.READ:            return 'READ';
+    case TIERS.LOCAL_EDIT:      return 'LOCAL-EDIT';
+    case TIERS.SHELL_SAFE:      return 'SHELL-SAFE';
+    case TIERS.SHELL_MEDIUM:    return 'SHELL-MEDIUM';
+    case TIERS.SHELL_DANGEROUS: return 'SHELL-DANGEROUS';
+    case TIERS.DESTRUCTIVE:     return 'DESTRUCTIVE';
+    case TIERS.NETWORK:         return 'NETWORK';
+    default:                    return String(tier || '').toUpperCase();
+  }
+}
+
+/**
+ * Whether the tool needs an explicit human keystroke before running.
+ */
+export function requiresExplicitApproval(tier) {
+  return behavior(tier) === 'prompt-explicit';
+}
+
+/**
+ * Whether the tier should auto-create an undo checkpoint before running.
+ */
+export function requiresCheckpoint(tier) {
+  return behavior(tier) === 'auto-with-undo';
+}

package/src/core/stream-client.mjs

@@ -93,14 +93,23 @@ export class TarangStreamClient {
         };
         if (this.token) headers['Authorization'] = `Bearer ${this.token}`;
 
+        // Abort controller so cancel() can break out of a stalled reader
+        // instead of waiting for the next SSE event to notice _cancelled.
+        this._abort = new AbortController();
+
         let response;
         try {
             response = await fetch(url, {
                 method: 'POST',
                 headers,
                 body: JSON.stringify(body),
+                signal: this._abort.signal,
             });
         } catch (err) {
+            if (err.name === 'AbortError') {
+                yield { type: EVENT_TYPES.STATUS, data: { message: 'Cancelled by user.' } };
+                return;
+            }
             yield { type: EVENT_TYPES.ERROR, data: { message: `Network error: ${err.message}. Check your connection or use --local mode.`, fatal: true } };
             return;
         }
@@ -175,7 +184,15 @@ export class TarangStreamClient {
 
         try {
             while (true) {
-                const { done, value } = await reader.read();
+                let read;
+                try {
+                    read = await reader.read();
+                } catch (err) {
+                    // Aborted via cancel() — treat as a clean end-of-stream.
+                    if (err && (err.name === 'AbortError' || this._cancelled)) break;
+                    throw err;
+                }
+                const { done, value } = read;
                 if (done) break;
 
                 buffer += decoder.decode(value, { stream: true });
@@ -335,6 +352,7 @@ export class TarangStreamClient {
     /** Cancel the current stream. */
     async cancel() {
         this._cancelled = true;
+        // Best-effort backend POST — the stream may already be torn down.
         if (this.currentTaskId) {
             try {
                 await fetch(`${this.baseUrl}/api/cancel/${this.currentTaskId}`, {
@@ -343,6 +361,11 @@ export class TarangStreamClient {
                 });
             } catch { /* best effort */ }
         }
+        // Force the in-flight SSE reader to abort so the REPL returns to the
+        // prompt immediately instead of waiting on a parked reader.read().
+        if (this._abort) {
+            try { this._abort.abort(); } catch {}
+        }
     }
 
     /** Pause the current stream. */

package/src/core/tool-executor.mjs

@@ -28,6 +28,7 @@ import { execSync } from 'node:child_process';
 export function createToolExecutor({
     projectRegistry = new ProjectRegistry(),
     skillsLoader = new SkillsLoader().load(process.cwd()),
+    checkpoints = null,
 } = {}) {
     const occRegistry = createToolRegistry();
     const skillTool = occRegistry.get('Skill');
@@ -90,6 +91,12 @@ export function createToolExecutor({
         '.rs':  (file) => `rustfmt --check "${file}" 2>&1`,
     };
 
+    // tsc --pretty and eslint emit ANSI codes (including background-red
+    // highlights) which bleed when our renderer slices the first 80 chars.
+    // Strip color codes so the stored lint string is always plain text.
+    const ANSI_RE = /\x1b\[[0-9;]*[a-zA-Z]/g;
+    function stripAnsi(s) { return String(s || '').replace(ANSI_RE, ''); }
+
     function autoLint(filePath) {
         const ext = path.extname(filePath);
         const cmdFn = LINT_COMMANDS[ext];
@@ -101,13 +108,14 @@ export function createToolExecutor({
                 timeout: 15_000,
                 cwd: process.cwd(),
                 stdio: ['pipe', 'pipe', 'pipe'],
+                env: { ...process.env, FORCE_COLOR: '0', NO_COLOR: '1', TERM: 'dumb' },
             });
-            const trimmed = output.trim();
+            const trimmed = stripAnsi(output).trim();
             if (!trimmed) return null;
             return trimmed;
         } catch (err) {
             // Non-zero exit means lint errors found
-            const output = (err.stderr || err.stdout || '').trim();
+            const output = stripAnsi(err.stderr || err.stdout || '').trim();
             if (!output) return null;
             return output;
         }
@@ -132,6 +140,30 @@ export function createToolExecutor({
         return parts.length ? `\n--- Verify ---\n${parts.join('\n')}` : '';
     }
 
+    // ── Solution nudge after exploration ───────────────────────
+    // After the agent has read enough code, nudge it to formulate
+    // a solution based on the goal — not to blindly edit, but to
+    // synthesize what it learned into a fix approach.
+    let _codeReadsCount = 0;
+    let _hasEdited = false;
+
+    function solutionNudge(filePath) {
+        const ext = path.extname(filePath).toLowerCase();
+        const isCode = ['.py', '.js', '.ts', '.tsx', '.mjs', '.go', '.rs', '.java', '.rb'].includes(ext);
+        if (!isCode || _hasEdited) return '';
+
+        _codeReadsCount++;
+        if (_codeReadsCount < 4) return '';
+
+        // Only nudge once at threshold, not every read after
+        if (_codeReadsCount === 4) {
+            return '\n\n--- You have explored enough code to formulate a solution. ' +
+                'Based on what you have read, determine the fix and apply it. ' +
+                'If the approach is unclear, call plan() with your findings. ---';
+        }
+        return '';
+    }
+
     // ── Tool mapping table ──────────────────────────────────────
 
     const toolMap = {
@@ -258,10 +290,11 @@ export function createToolExecutor({
             });
             const output = typeof result === 'string' ? result : String(result);
             const content = output.replace(/^\s*\d+[→\t]/gm, '');
+            const actNudge = solutionNudge(filePath);
             return {
                 success: !isError(output),
                 content,
-                output: output + nudge,
+                output: output + nudge + actNudge,
                 _tool: 'read_file',
                 _output_type: 'file_content',
             };
@@ -284,6 +317,10 @@ export function createToolExecutor({
                     await occRegistry.call('Read', { file_path: filePath, limit: 1 });
                 }
             } catch { /* file may not exist yet */ }
+            // Checkpoint before overwrite so /undo can restore the previous content.
+            if (checkpoints && fs.existsSync(filePath)) {
+                try { checkpoints.save(filePath); } catch { /* best effort */ }
+            }
             const result = await occRegistry.call('Write', {
                 file_path: filePath,
                 content: args.content,
@@ -380,6 +417,11 @@ export function createToolExecutor({
                 await occRegistry.call('Read', { file_path: filePath, limit: 1 });
             } catch { /* best effort */ }
 
+            // Checkpoint before edit so /undo can restore the previous content.
+            if (checkpoints) {
+                try { checkpoints.save(filePath); } catch { /* best effort */ }
+            }
+
             let result;
             try {
                 result = await occRegistry.call('Edit', {
@@ -418,6 +460,7 @@ print('OK: replaced')
 
             const wrapped = wrapResult(result, 'edit_file');
             updateProjectIndex(filePath);
+            _hasEdited = true;
 
             // Auto-lint the edited file
             const lintOutput = autoLint(filePath);
@@ -484,9 +527,16 @@ print('OK: replaced')
                 }
             } catch { /* rg not found or no results */ }
 
-            // Layer 2: BM25 — semantic relevance (finds related code even without exact match)
+            // Layer 2: Symbol search — AST-extracted functions/classes with signatures
             if (project?.retriever) {
                 if (!project.retriever.index) project.retriever.loadIndex();
+                const symbols = project.retriever.searchSymbols(query, 5);
+                if (symbols.length > 0) {
+                    const symOutput = project.retriever.formatSymbolResults(symbols);
+                    parts.push(`## Symbols (functions/classes)\n${symOutput}`);
+                }
+
+                // Layer 3: BM25 chunks — broader context when symbols aren't enough
                 const chunks = project.retriever.retrieve(query, 5);
                 if (chunks.length > 0) {
                     const bm25Output = chunks.map(c => {
@@ -609,7 +659,7 @@ print('OK: replaced')
             return { success: true, files: results, _tool: 'read_files' };
         },
 
-        // 9. delete_file + safety check
+        // 9. delete_file + safety check + checkpoint for undo
         delete_file: async (args) => {
             try {
                 const filePath = resolvePath(args.file_path || args.path, args);
@@ -617,6 +667,9 @@ print('OK: replaced')
                 if (!delCheck.safe) {
                     return { success: false, output: `🛡️ BLOCKED: ${delCheck.reason}`, _tool: 'delete_file', _blocked: true };
                 }
+                if (checkpoints) {
+                    try { checkpoints.save(filePath); } catch { /* best effort */ }
+                }
                 fs.unlinkSync(filePath);
                 updateProjectIndex(filePath);
                 return { success: true, message: `Deleted ${args.path}`, _tool: 'delete_file' };