@kkelly-offical/kkcode 0.1.6 → 0.1.7

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@kkelly-offical/kkcode",
-  "version": "0.1.6",
+  "version": "0.1.7",
   "description": "Team-first terminal AI coding agent CLI with LongAgent orchestration, GitHub integration and themed UX.",
   "type": "module",
   "packageManager": "pnpm@10.5.2",

package/src/agent/agent.mjs

@@ -1,211 +1,220 @@
-import { readFile } from "node:fs/promises"
-import path from "node:path"
-import { fileURLToPath } from "node:url"
-
-const __dirname = path.dirname(fileURLToPath(import.meta.url))
-
-const registry = new Map()
-
-function promptPath(name) {
-  return path.join(__dirname, "prompt", `${name}.txt`)
-}
-
-async function loadPrompt(name) {
-  try {
-    return (await readFile(promptPath(name), "utf8")).trim()
-  } catch {
-    return ""
-  }
-}
-
-export function defineAgent(spec) {
-  const agent = {
-    name: spec.name,
-    description: spec.description || "",
-    mode: spec.mode || "primary",
-    permission: spec.permission || "default",
-    tools: spec.tools || null,
-    model: spec.model || null,
-    temperature: spec.temperature ?? null,
-    maxTurns: spec.maxTurns || null,
-    hidden: spec.hidden || false,
-    promptFile: spec.promptFile || spec.name,
-    _promptCache: spec._promptCache ?? null,
-    _customAgent: spec._customAgent || false,
-    _scope: spec._scope || null,
-    _source: spec._source || null
-  }
-  registry.set(agent.name, agent)
-  return agent
-}
-
-export async function getAgentPrompt(name) {
-  const agent = registry.get(name)
-  if (!agent) return ""
-  if (agent._promptCache !== null) return agent._promptCache
-  agent._promptCache = await loadPrompt(agent.promptFile)
-  return agent._promptCache
-}
-
-export function getAgent(name) {
-  return registry.get(name) || null
-}
-
-export function listAgents({ includeHidden = false } = {}) {
-  const agents = [...registry.values()]
-  return includeHidden ? agents : agents.filter((a) => !a.hidden)
-}
-
-export function resolveAgentForMode(mode) {
-  if (registry.has(mode)) return registry.get(mode)
-  const modeMap = { ask: "build", plan: "plan", agent: "build", longagent: "longagent" }
-  const mapped = modeMap[mode]
-  return mapped ? registry.get(mapped) || null : null
-}
-
-defineAgent({
-  name: "build",
-  description: "Default agent with full tool access for code development",
-  mode: "primary",
-  permission: "full",
-  tools: null
-})
-
-defineAgent({
-  name: "plan",
-  description: "Read-only analysis agent, no file editing allowed",
-  mode: "primary",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash"]
-})
-
-defineAgent({
-  name: "explore",
-  description: "Fast file search subagent for codebase exploration",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash"]
-})
-
-defineAgent({
-  name: "longagent",
-  description: "Persistent iterative execution agent for complex multi-step tasks",
-  mode: "primary",
-  permission: "full",
-  tools: null
-})
-
-defineAgent({
-  name: "reviewer",
-  description: "Code review specialist for analyzing code quality, bugs, and security issues",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash"]
-})
-
-defineAgent({
-  name: "researcher",
-  description: "Deep codebase research and web-augmented exploration agent",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash", "websearch", "codesearch", "webfetch"]
-})
-
-defineAgent({
-  name: "architect",
-  description: "Feature architecture designer. Analyzes codebase patterns, designs implementation blueprints with specific files, component designs, data flows.",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash"]
-})
-
-defineAgent({
-  name: "guide",
-  description: "kkcode self-help guide. Answers questions about kkcode features, tools, configuration, modes, skills, hooks, MCP servers, and usage patterns by searching the kkcode source code.",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "webfetch", "websearch"]
-})
-
-defineAgent({
-  name: "security-reviewer",
-  description: "Security audit specialist. Performs OWASP Top 10 checks, hardcoded secret scans, dependency audits, and authentication/authorization reviews.",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash"]
-})
-
-defineAgent({
-  name: "tdd-guide",
-  description: "TDD specialist. Guides and executes test-driven development: scaffold interfaces, write failing tests (RED), implement minimum code (GREEN), refactor (IMPROVE). Targets 80%+ coverage.",
-  mode: "subagent",
-  permission: "full",
-  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
-})
-
-defineAgent({
-  name: "build-fixer",
-  description: "Build error diagnosis and repair. Analyzes build failures, identifies root causes, applies fixes, and verifies the build succeeds. Supports TypeScript, Python, Go, Rust, Java.",
-  mode: "subagent",
-  permission: "full",
-  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
-})
-
-defineAgent({
-  name: "frontend-designer",
-  description: "Frontend design specialist. Creates polished, distinctive UIs with strong aesthetics — typography, color, motion, layout. Avoids generic AI-style designs. Reads project design system (Tailwind, CSS vars, component libraries) and produces production-grade frontend code.",
-  mode: "subagent",
-  permission: "full",
-  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
-})
-
-defineAgent({
-  name: "compaction",
-  description: "Conversation summarizer for context compression",
-  mode: "subagent",
-  permission: "none",
-  tools: [],
-  hidden: true
-})
-
-defineAgent({
-  name: "title",
-  description: "Session title generator",
-  mode: "subagent",
-  permission: "none",
-  tools: [],
-  hidden: true
-})
-
-// 4-Stage LongAgent agents
-defineAgent({
-  name: "preview-agent",
-  description: "4-Stage LongAgent: Stage 1 - Previewing Agent. Explores codebase, extracts requirements, no editing allowed.",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash", "question", "todowrite"]
-})
-
-defineAgent({
-  name: "blueprint-agent",
-  description: "4-Stage LongAgent: Stage 2 - Blueprint Agent. Creates detailed implementation plan, function designs, architecture.",
-  mode: "subagent",
-  permission: "readonly",
-  tools: ["read", "glob", "grep", "list", "bash", "question", "todowrite"]
-})
-
-defineAgent({
-  name: "coding-agent",
-  description: "4-Stage LongAgent: Stage 3 - Coding Agent. Implements code strictly according to blueprint.",
-  mode: "subagent",
-  permission: "full",
-  tools: null
-})
-
-defineAgent({
-  name: "debugging-agent",
-  description: "4-Stage LongAgent: Stage 4 - Debugging Agent. Verifies implementation, runs tests, finds and fixes bugs.",
-  mode: "subagent",
-  permission: "full",
-  tools: null
-})
+import { readFile } from "node:fs/promises"
+import path from "node:path"
+import { fileURLToPath } from "node:url"
+
+const __dirname = path.dirname(fileURLToPath(import.meta.url))
+
+const registry = new Map()
+
+function promptPath(name) {
+  return path.join(__dirname, "prompt", `${name}.txt`)
+}
+
+async function loadPrompt(name) {
+  try {
+    return (await readFile(promptPath(name), "utf8")).trim()
+  } catch {
+    return ""
+  }
+}
+
+export function defineAgent(spec) {
+  const agent = {
+    name: spec.name,
+    description: spec.description || "",
+    mode: spec.mode || "primary",
+    permission: spec.permission || "default",
+    tools: spec.tools || null,
+    model: spec.model || null,
+    temperature: spec.temperature ?? null,
+    maxTurns: spec.maxTurns || null,
+    hidden: spec.hidden || false,
+    promptFile: spec.promptFile || spec.name,
+    _promptCache: spec._promptCache ?? null,
+    _customAgent: spec._customAgent || false,
+    _scope: spec._scope || null,
+    _source: spec._source || null
+  }
+  registry.set(agent.name, agent)
+  return agent
+}
+
+export async function getAgentPrompt(name) {
+  const agent = registry.get(name)
+  if (!agent) return ""
+  if (agent._promptCache !== null) return agent._promptCache
+  agent._promptCache = await loadPrompt(agent.promptFile)
+  return agent._promptCache
+}
+
+export function getAgent(name) {
+  return registry.get(name) || null
+}
+
+export function listAgents({ includeHidden = false } = {}) {
+  const agents = [...registry.values()]
+  return includeHidden ? agents : agents.filter((a) => !a.hidden)
+}
+
+export function resolveAgentForMode(mode) {
+  if (registry.has(mode)) return registry.get(mode)
+  const modeMap = { ask: "build", plan: "plan", agent: "build", longagent: "longagent" }
+  const mapped = modeMap[mode]
+  return mapped ? registry.get(mapped) || null : null
+}
+
+defineAgent({
+  name: "build",
+  description: "Default agent with full tool access for code development",
+  mode: "primary",
+  permission: "full",
+  tools: null
+})
+
+defineAgent({
+  name: "plan",
+  description: "Read-only analysis agent, no file editing allowed",
+  mode: "primary",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash"]
+})
+
+defineAgent({
+  name: "explore",
+  description: "Fast file search subagent for codebase exploration",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash"]
+})
+
+defineAgent({
+  name: "longagent",
+  description: "Persistent iterative execution agent for complex multi-step tasks",
+  mode: "primary",
+  permission: "full",
+  tools: null
+})
+
+defineAgent({
+  name: "reviewer",
+  description: "Code review specialist for analyzing code quality, bugs, and security issues",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash"]
+})
+
+defineAgent({
+  name: "researcher",
+  description: "Deep codebase research and web-augmented exploration agent",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash", "websearch", "codesearch", "webfetch"]
+})
+
+defineAgent({
+  name: "architect",
+  description: "Feature architecture designer. Analyzes codebase patterns, designs implementation blueprints with specific files, component designs, data flows.",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash"]
+})
+
+defineAgent({
+  name: "guide",
+  description: "kkcode self-help guide. Answers questions about kkcode features, tools, configuration, modes, skills, hooks, MCP servers, and usage patterns by searching the kkcode source code.",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "webfetch", "websearch"]
+})
+
+defineAgent({
+  name: "security-reviewer",
+  description: "Security audit specialist. Performs OWASP Top 10 checks, hardcoded secret scans, dependency audits, and authentication/authorization reviews.",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash"]
+})
+
+defineAgent({
+  name: "tdd-guide",
+  description: "TDD specialist. Guides and executes test-driven development: scaffold interfaces, write failing tests (RED), implement minimum code (GREEN), refactor (IMPROVE). Targets 80%+ coverage.",
+  mode: "subagent",
+  permission: "full",
+  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
+})
+
+defineAgent({
+  name: "build-fixer",
+  description: "Build error diagnosis and repair. Analyzes build failures, identifies root causes, applies fixes, and verifies the build succeeds. Supports TypeScript, Python, Go, Rust, Java.",
+  mode: "subagent",
+  permission: "full",
+  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
+})
+
+defineAgent({
+  name: "frontend-designer",
+  description: "Frontend design specialist. Creates polished, distinctive UIs with strong aesthetics — typography, color, motion, layout. Avoids generic AI-style designs. Reads project design system (Tailwind, CSS vars, component libraries) and produces production-grade frontend code.",
+  mode: "subagent",
+  permission: "full",
+  tools: ["read", "write", "edit", "bash", "glob", "grep", "list"]
+})
+
+defineAgent({
+  name: "compaction",
+  description: "Conversation summarizer for context compression",
+  mode: "subagent",
+  permission: "none",
+  tools: [],
+  hidden: true
+})
+
+defineAgent({
+  name: "title",
+  description: "Session title generator",
+  mode: "subagent",
+  permission: "none",
+  tools: [],
+  hidden: true
+})
+
+// 4-Stage LongAgent agents
+defineAgent({
+  name: "preview-agent",
+  description: "4-Stage LongAgent: Stage 1 - Previewing Agent. Explores codebase, extracts requirements, no editing allowed.",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash", "question", "todowrite"]
+})
+
+defineAgent({
+  name: "blueprint-agent",
+  description: "4-Stage LongAgent: Stage 2 - Blueprint Agent. Creates detailed implementation plan, function designs, architecture.",
+  mode: "subagent",
+  permission: "readonly",
+  tools: ["read", "glob", "grep", "list", "bash", "question", "todowrite"]
+})
+
+defineAgent({
+  name: "coding-agent",
+  description: "4-Stage LongAgent: Stage 3 - Coding Agent. Implements code strictly according to blueprint.",
+  mode: "subagent",
+  permission: "full",
+  tools: null
+})
+
+defineAgent({
+  name: "debugging-agent",
+  description: "4-Stage LongAgent: Stage 4 - Debugging Agent. Verifies implementation, runs tests, finds and fixes bugs.",
+  mode: "subagent",
+  permission: "full",
+  tools: null
+})
+
+defineAgent({
+  name: "bug-hunter",
+  description: "Deep bug detection specialist. Systematically hunts logic errors, boundary conditions, race conditions, resource leaks, error handling gaps, and state corruption. Reports only HIGH/MEDIUM confidence bugs with concrete trigger paths.",
+  mode: "subagent",
+  permission: "full",
+  maxTurns: 30,
+  tools: ["read", "glob", "grep", "list", "bash"]
+})

package/src/agent/prompt/bug-hunter.txt

@@ -0,0 +1,90 @@
+You are a deep bug detection specialist. Your job is to systematically hunt for real, exploitable bugs in codebases — not style issues or theoretical concerns.
+
+Available tools: Read, Glob, Grep, List, Bash
+
+# Bug Categories (Priority Order)
+
+## 1. Logic Errors
+- Off-by-one errors in loops and array indexing
+- Incorrect boolean logic (De Morgan violations, short-circuit misuse)
+- Wrong comparison operators (== vs ===, < vs <=)
+- Unreachable code paths, dead branches
+- Variable shadowing that changes behavior
+- Missing return statements in conditional branches
+
+## 2. Boundary Conditions
+- Empty arrays/objects/strings not handled
+- null/undefined propagation without guards
+- NaN comparisons (NaN !== NaN)
+- Integer overflow / floating point precision
+- Empty string vs null vs undefined confusion
+- Array index out of bounds
+
+## 3. Race Conditions & Concurrency
+- Async state mutations without synchronization
+- TOCTOU (time-of-check-time-of-use) patterns
+- Promise chains with shared mutable state
+- Event handler ordering assumptions
+- Missing await on async calls
+- Concurrent Map/Set modifications
+
+## 4. Resource Leaks
+- Unclosed file handles, streams, sockets
+- setTimeout/setInterval without cleanup
+- Event listeners added but never removed
+- Database connections not released
+- Child processes not terminated
+- AbortController signals not wired
+
+## 5. Error Handling Gaps
+- Silent catch blocks that swallow errors
+- Unhandled promise rejections
+- try/catch that catches too broadly
+- Error objects losing stack trace (re-throw without cause)
+- finally blocks that override return values
+- Missing error propagation in callbacks
+
+## 6. State Corruption
+- Shared mutable objects passed by reference
+- Stale closures capturing outdated values
+- Cache invalidation misses
+- Partial updates leaving inconsistent state
+- Constructor/init order dependencies
+
+# Hunt Process
+
+1. **Map attack surface**: Use `glob` to identify entry points, handlers, and critical paths
+2. **Trace data flow**: Use `grep` to follow variables from input to output
+3. **Read critical code**: Use `read` to examine complex functions, error handlers, and state management
+4. **Verify assumptions**: Use `bash` to run tests, check types, or validate behavior
+5. **Cross-reference**: Check if the same pattern appears elsewhere (copy-paste bugs)
+
+# Confidence Scoring
+
+For each bug found, assign confidence:
+- **HIGH** (8-10): Clear bug with reproducible trigger path
+- **MEDIUM** (5-7): Suspicious pattern, needs specific conditions to trigger
+- **LOW** (1-4): Theoretical concern, unlikely in practice — do NOT report these
+
+Only report HIGH and MEDIUM confidence bugs.
+
+# Output Format
+
+For each bug:
+- **Confidence**: HIGH / MEDIUM (with score 1-10)
+- **Category**: From the categories above
+- **File**: file path and line number(s)
+- **Bug**: Clear description of what's wrong
+- **Trigger**: How to reproduce or what conditions cause it
+- **Fix**: Concrete fix with code snippet
+
+End with: total bugs by confidence, most critical fix to prioritize.
+
+# Anti-Patterns to Avoid
+
+- Do NOT report missing documentation or comments
+- Do NOT report style/formatting issues
+- Do NOT report "could be improved" suggestions
+- Do NOT report theoretical vulnerabilities without trigger paths
+- Do NOT flag intentional design decisions as bugs
+- Focus on bugs that WILL cause incorrect behavior in production

package/src/repl.mjs

@@ -29,6 +29,7 @@ import { extractImageRefs, buildContentBlocks, readClipboardImage, readClipboard
 import { generateSkill, saveSkillGlobal } from "./skill/generator.mjs"
 import { userConfigCandidates, projectConfigCandidates, memoryFilePath } from "./storage/paths.mjs"
 import { persistTrust, revokeTrust } from "./permission/workspace-trust.mjs"
+import { confirmRollback, executeRollback } from "./session/rollback.mjs"
 
 const HIST_DIR = join(homedir(), ".kkcode")
 const HIST_FILE = join(HIST_DIR, "repl_history")
@@ -88,6 +89,7 @@ const BUILTIN_SLASH = [
   { name: "longagent", desc: "switch to longagent mode" },
   { name: "create-skill", desc: "generate a new skill via AI" },
   { name: "create-agent", desc: "generate a new sub-agent via AI" },
+  { name: "undo", desc: "undo last code changes" },
   { name: "trust", desc: "trust this workspace" },
   { name: "untrust", desc: "revoke workspace trust" },
   { name: "exit", desc: "quit" }
@@ -747,7 +749,9 @@ async function processInputLine({
     else {
       for (const s of sessions) {
         const age = ageLabel(Date.now() - s.updatedAt)
-        print(`  ${s.id.slice(0, 12)}  ${padRight(s.mode, 9)} ${padRight(s.model || "?", 20)} ${padRight(s.status || "-", 14)} ${age}`)
+        const title = s.title || `${s.mode}:${s.model || "?"}`
+        const titleClipped = title.length > 35 ? title.slice(0, 32) + "..." : title
+        print(`  ${s.id.slice(0, 12)}  ${padRight(titleClipped, 36)} ${padRight(s.mode, 9)} ${padRight(s.status || "-", 10)} ${age}`)
       }
     }
     return { exit: false }
@@ -756,12 +760,42 @@ async function processInputLine({
   if (normalized === "/resume" || normalized.startsWith("/resume ") || normalized === "/r" || normalized.startsWith("/r ")) {
     const arg = normalized.replace(/^\/(resume|r)/, "").trim()
     const sessions = await listSessions({ cwd: process.cwd(), limit: 20, includeChildren: false })
+
+    if (!sessions.length) {
+      print("no sessions found in current directory")
+      return { exit: false }
+    }
+
     let target = null
-    if (!arg) target = sessions[0] || null
-    else target = sessions.find((s) => s.id === arg || s.id.startsWith(arg)) || null
+
+    if (!arg) {
+      // Show interactive numbered list
+      print(`\n  Sessions in ${paint(process.cwd(), "cyan")}:\n`)
+      for (let i = 0; i < sessions.length; i++) {
+        const s = sessions[i]
+        const num = paint(`  ${String(i + 1).padStart(2)}.`, "yellow")
+        const title = s.title || `${s.mode}:${s.model || "?"}`
+        const titleClipped = title.length > 45 ? title.slice(0, 42) + "..." : title
+        const age = ageLabel(Date.now() - s.updatedAt)
+        const mode = paint(padRight(s.mode, 9), "cyan")
+        const status = s.status === "active" ? paint("active", "green") : paint(s.status || "-", null, { dim: true })
+        print(`${num} ${padRight(titleClipped, 46)} ${mode} ${padRight(status, 14)} ${paint(age, null, { dim: true })}`)
+      }
+      print(`\n  usage: ${paint("/resume <number>", "yellow")} or ${paint("/resume <session-id>", "yellow")}`)
+      return { exit: false }
+    }
+
+    // Try numeric index first (1-based)
+    const idx = parseInt(arg, 10)
+    if (!Number.isNaN(idx) && idx >= 1 && idx <= sessions.length) {
+      target = sessions[idx - 1]
+    } else {
+      // Fallback to ID prefix match
+      target = sessions.find((s) => s.id === arg || s.id.startsWith(arg)) || null
+    }
 
     if (!target) {
-      print(arg ? `no session matching "${arg}"` : "no sessions to resume")
+      print(`no session matching "${arg}"`)
       return { exit: false }
     }
 
@@ -769,15 +803,33 @@ async function processInputLine({
     state.mode = target.mode || state.mode
     state.providerType = target.providerType || state.providerType
     state.model = target.model || state.model
-    print(`resumed session: ${target.id} (${target.mode}, ${target.model || "?"})`)
+    const title = target.title || `${target.mode}:${target.model || "?"}`
+    print(`resumed: ${paint(title, "cyan")} (${target.mode}, ${target.model || "?"})`)
     const msgs = await getConversationHistory(target.id, 3)
     for (const m of msgs) {
-      const preview = m.content.length > 84 ? `${m.content.slice(0, 84)}...` : m.content
+      const text = typeof m.content === "string" ? m.content : JSON.stringify(m.content)
+      const preview = text.length > 84 ? `${text.slice(0, 84)}...` : text
       print(`  [${m.role}] ${preview}`)
     }
     return { exit: false }
   }
 
+  if (normalized === "/undo") {
+    const language = ctx.configState.config.language || "en"
+    const cwd = process.cwd()
+    const confirmation = await confirmRollback({ cwd, language })
+    print(confirmation.message)
+    if (!confirmation.confirmed) return { exit: false }
+    const result = await executeRollback({
+      cwd,
+      commitHash: confirmation.commitHash,
+      sessionId: state.sessionId,
+      language
+    })
+    print(result.message)
+    return { exit: false }
+  }
+
   if (["/ask", "/plan", "/agent", "/longagent"].includes(normalized)) {
     state.mode = resolveMode(normalized.slice(1))
     print(`mode switched: ${state.mode}`)