@kkelly-offical/kkcode 0.1.6 → 0.2.1

package/src/skill/builtin/commit.mjs

@@ -1,64 +1,64 @@
-export const name = "commit"
-export const description = "Stage changes and create a git commit with a descriptive message using AI-powered git automation"
-
-export async function run(args, context = {}) {
-  const hasGitAuto = context.config?.git_auto?.enabled !== false
-  
-  return `Review the current git status and create a well-structured commit.
-
-${hasGitAuto ? `🚀 Git Auto Mode Enabled
-The AI can now use ghost commits (temporary snapshots) to safely manage changes before you finalize them.
-` : `⚙️ Standard Mode
-Consider enabling git_auto in your config for enhanced safety features.
-`}
-
-Steps:
-1. Run \`git_info\` to understand the repository context.
-2. Run \`git_status\` to see all changed, staged, and untracked files.
-3. Review the changes to understand what needs to be committed.
-
-${hasGitAuto ? `4. **IMPORTANT**: Before making any edits, create a ghost commit snapshot:
-   \`git_snapshot\` - Creates a temporary snapshot you can restore later
-   
-5. After reviewing, if you need to make changes, the AI will:
-   - First create an automatic snapshot (if git_auto.auto_snapshot is enabled)
-   - Apply changes using \`edit\`, \`write\`, or \`git_apply_patch\`
-   
-6. If you're not satisfied with the changes:
-   - Use \`git_list_snapshots\` to see available snapshots
-   - Use \`git_restore\` with the snapshot_id to revert
-   
-7. When satisfied with the changes, guide the user to manually run:
-   \`bash: git add <files> && git commit -m "<message>"\`
-   Note: AI is forbidden from running git commit directly for security.` 
-   
-: `4. Stage the relevant files with manual git commands (AI cannot run git commit):
-   - AI can suggest: \`bash: git add <files>\`
-   - But user must manually run: \`git commit -m "<message>"\`
-   
-5. Note: AI is forbidden from executing git commit/push for security reasons.`}
-
-Commit Message Format (Conventional Commits):
-- feat: new feature or capability
-- fix: bug fix
-- refactor: code restructuring without behavior change
-- docs: documentation changes
-- style: formatting, whitespace, semicolons
-- test: adding or updating tests
-- chore: build process, dependencies, tooling
-
-Format: <type>(<optional scope>): <short description>
-Example: feat(auth): add JWT token refresh logic
-
-Important:
-- Keep the commit focused on a single logical change.
-- If there are unrelated changes, create separate commits.
-- The commit message subject should be under 72 characters.
-- Use imperative mood: "add feature" not "added feature".
-
-${hasGitAuto ? `Safety Features:
-- Ghost commits are stored for 7 days then auto-cleaned
-- Maximum 50 snapshots per repository
-- Snapshots don't interfere with your normal git workflow
-- Use \`git_cleanup\` to manually clean up expired snapshots` : ""}`
-}
+export const name = "commit"
+export const description = "Stage changes and create a git commit with a descriptive message using AI-powered git automation"
+
+export async function run(args, context = {}) {
+  const hasGitAuto = context.config?.git_auto?.enabled !== false
+  
+  return `Review the current git status and create a well-structured commit.
+
+${hasGitAuto ? `🚀 Git Auto Mode Enabled
+The AI can now use ghost commits (temporary snapshots) to safely manage changes before you finalize them.
+` : `⚙️ Standard Mode
+Consider enabling git_auto in your config for enhanced safety features.
+`}
+
+Steps:
+1. Run \`git_info\` to understand the repository context.
+2. Run \`git_status\` to see all changed, staged, and untracked files.
+3. Review the changes to understand what needs to be committed.
+
+${hasGitAuto ? `4. **IMPORTANT**: Before making any edits, create a ghost commit snapshot:
+   \`git_snapshot\` - Creates a temporary snapshot you can restore later
+   
+5. After reviewing, if you need to make changes, the AI will:
+   - First create an automatic snapshot (if git_auto.auto_snapshot is enabled)
+   - Apply changes using \`edit\`, \`write\`, or \`git_apply_patch\`
+   
+6. If you're not satisfied with the changes:
+   - Use \`git_list_snapshots\` to see available snapshots
+   - Use \`git_restore\` with the snapshot_id to revert
+   
+7. When satisfied with the changes, guide the user to manually run:
+   \`bash: git add <files> && git commit -m "<message>"\`
+   Note: AI is forbidden from running git commit directly for security.` 
+   
+: `4. Stage the relevant files with manual git commands (AI cannot run git commit):
+   - AI can suggest: \`bash: git add <files>\`
+   - But user must manually run: \`git commit -m "<message>"\`
+   
+5. Note: AI is forbidden from executing git commit/push for security reasons.`}
+
+Commit Message Format (Conventional Commits):
+- feat: new feature or capability
+- fix: bug fix
+- refactor: code restructuring without behavior change
+- docs: documentation changes
+- style: formatting, whitespace, semicolons
+- test: adding or updating tests
+- chore: build process, dependencies, tooling
+
+Format: <type>(<optional scope>): <short description>
+Example: feat(auth): add JWT token refresh logic
+
+Important:
+- Keep the commit focused on a single logical change.
+- If there are unrelated changes, create separate commits.
+- The commit message subject should be under 72 characters.
+- Use imperative mood: "add feature" not "added feature".
+
+${hasGitAuto ? `Safety Features:
+- Ghost commits are stored for 7 days then auto-cleaned
+- Maximum 50 snapshots per repository
+- Snapshots don't interfere with your normal git workflow
+- Use \`git_cleanup\` to manually clean up expired snapshots` : ""}`
+}

package/src/skill/builtin/design.mjs

@@ -1,76 +1,76 @@
-import { readFile } from "node:fs/promises"
-import path from "node:path"
-
-export const name = "design"
-export const description = "Frontend design mode — generates polished, distinctive UI with strong aesthetics (usage: /design <task>)"
-
-async function detectDesignContext(cwd) {
-  try {
-    const pkg = JSON.parse(await readFile(path.join(cwd, "package.json"), "utf8"))
-    const deps = { ...pkg.dependencies, ...pkg.devDependencies }
-    const ctx = {}
-    // Framework
-    if (deps.next) ctx.framework = "next"
-    else if (deps.nuxt) ctx.framework = "nuxt"
-    else if (deps.vue) ctx.framework = "vue"
-    else if (deps.react) ctx.framework = "react"
-    else if (deps.svelte || deps["@sveltejs/kit"]) ctx.framework = "svelte"
-    // CSS
-    if (deps.tailwindcss) ctx.css = "tailwind"
-    else if (deps.unocss) ctx.css = "unocss"
-    else if (deps["styled-components"]) ctx.css = "styled-components"
-    // Component lib
-    if (deps.antd) ctx.lib = "antd"
-    else if (deps["element-plus"]) ctx.lib = "element-plus"
-    else if (deps["@mui/material"]) ctx.lib = "mui"
-    else if (deps["@chakra-ui/react"]) ctx.lib = "chakra-ui"
-    else if (deps["@mantine/core"]) ctx.lib = "mantine"
-    else if (deps["naive-ui"]) ctx.lib = "naive-ui"
-    return ctx
-  } catch { return {} }
-}
-
-const AESTHETICS_PROMPT = `<frontend_aesthetics>
-You are in DESIGN MODE. Create polished, distinctive frontends — NOT generic AI output.
-
-Typography: Avoid Inter/Roboto/Arial. Use distinctive fonts (Space Grotesk, Playfair Display, Satoshi, IBM Plex). Extreme weight contrast (200 vs 800), 3x+ size jumps.
-
-Color: CSS variables for ALL colors. Dominant color + sharp accent. Draw from IDE themes (Nord, Catppuccin), cultural aesthetics. AVOID purple-gradient-on-white.
-
-Motion: One high-impact staggered reveal per page. Micro-interactions on hover/focus/press. CSS transitions + animation-delay.
-
-Layout: CSS Grid for pages, Flexbox for components. Generous whitespace. Consistent 4px spacing scale. Mobile-first.
-
-Depth: Layered gradients, backdrop-filter glass, box-shadow elevation hierarchy.
-
-NEVER: cookie-cutter card grids, generic hero sections, border-radius:9999px everywhere, gray wireframe text, no visual rhythm.
-</frontend_aesthetics>`
-
-export async function run(ctx) {
-  const task = (ctx.args || "").trim()
-  const cwd = ctx.cwd || process.cwd()
-  const design = await detectDesignContext(cwd)
-
-  const parts = [AESTHETICS_PROMPT, ""]
-
-  if (Object.keys(design).length) {
-    parts.push("## Project Design Context")
-    if (design.framework) parts.push(`- Framework: ${design.framework}`)
-    if (design.css) parts.push(`- CSS: ${design.css}`)
-    if (design.lib) parts.push(`- Component Library: ${design.lib}`)
-    parts.push("")
-    parts.push("Read the project's existing styles/theme before writing new code. Extend, don't replace.")
-    parts.push("")
-  }
-
-  if (task) {
-    parts.push(`## Task`)
-    parts.push(task)
-    parts.push("")
-    parts.push("Implement this with production-grade design quality. Make it look like a professional designer built it.")
-  } else {
-    parts.push("No task specified. Usage: /design <description of what to build>")
-  }
-
-  return parts.join("\n")
-}
+import { readFile } from "node:fs/promises"
+import path from "node:path"
+
+export const name = "design"
+export const description = "Frontend design mode — generates polished, distinctive UI with strong aesthetics (usage: /design <task>)"
+
+async function detectDesignContext(cwd) {
+  try {
+    const pkg = JSON.parse(await readFile(path.join(cwd, "package.json"), "utf8"))
+    const deps = { ...pkg.dependencies, ...pkg.devDependencies }
+    const ctx = {}
+    // Framework
+    if (deps.next) ctx.framework = "next"
+    else if (deps.nuxt) ctx.framework = "nuxt"
+    else if (deps.vue) ctx.framework = "vue"
+    else if (deps.react) ctx.framework = "react"
+    else if (deps.svelte || deps["@sveltejs/kit"]) ctx.framework = "svelte"
+    // CSS
+    if (deps.tailwindcss) ctx.css = "tailwind"
+    else if (deps.unocss) ctx.css = "unocss"
+    else if (deps["styled-components"]) ctx.css = "styled-components"
+    // Component lib
+    if (deps.antd) ctx.lib = "antd"
+    else if (deps["element-plus"]) ctx.lib = "element-plus"
+    else if (deps["@mui/material"]) ctx.lib = "mui"
+    else if (deps["@chakra-ui/react"]) ctx.lib = "chakra-ui"
+    else if (deps["@mantine/core"]) ctx.lib = "mantine"
+    else if (deps["naive-ui"]) ctx.lib = "naive-ui"
+    return ctx
+  } catch { return {} }
+}
+
+const AESTHETICS_PROMPT = `<frontend_aesthetics>
+You are in DESIGN MODE. Create polished, distinctive frontends — NOT generic AI output.
+
+Typography: Avoid Inter/Roboto/Arial. Use distinctive fonts (Space Grotesk, Playfair Display, Satoshi, IBM Plex). Extreme weight contrast (200 vs 800), 3x+ size jumps.
+
+Color: CSS variables for ALL colors. Dominant color + sharp accent. Draw from IDE themes (Nord, Catppuccin), cultural aesthetics. AVOID purple-gradient-on-white.
+
+Motion: One high-impact staggered reveal per page. Micro-interactions on hover/focus/press. CSS transitions + animation-delay.
+
+Layout: CSS Grid for pages, Flexbox for components. Generous whitespace. Consistent 4px spacing scale. Mobile-first.
+
+Depth: Layered gradients, backdrop-filter glass, box-shadow elevation hierarchy.
+
+NEVER: cookie-cutter card grids, generic hero sections, border-radius:9999px everywhere, gray wireframe text, no visual rhythm.
+</frontend_aesthetics>`
+
+export async function run(ctx) {
+  const task = (ctx.args || "").trim()
+  const cwd = ctx.cwd || process.cwd()
+  const design = await detectDesignContext(cwd)
+
+  const parts = [AESTHETICS_PROMPT, ""]
+
+  if (Object.keys(design).length) {
+    parts.push("## Project Design Context")
+    if (design.framework) parts.push(`- Framework: ${design.framework}`)
+    if (design.css) parts.push(`- CSS: ${design.css}`)
+    if (design.lib) parts.push(`- Component Library: ${design.lib}`)
+    parts.push("")
+    parts.push("Read the project's existing styles/theme before writing new code. Extend, don't replace.")
+    parts.push("")
+  }
+
+  if (task) {
+    parts.push(`## Task`)
+    parts.push(task)
+    parts.push("")
+    parts.push("Implement this with production-grade design quality. Make it look like a professional designer built it.")
+  } else {
+    parts.push("No task specified. Usage: /design <description of what to build>")
+  }
+
+  return parts.join("\n")
+}

package/src/skill/generator.mjs

@@ -1,7 +1,7 @@
 import { writeFile, mkdir } from "node:fs/promises"
 import { join, basename } from "node:path"
-import { homedir } from "node:os"
 import { requestProvider } from "../provider/router.mjs"
+import { userRootDir } from "../storage/paths.mjs"
 
 const SKILL_GEN_SYSTEM = `You are a skill generator for kkcode, a terminal AI coding agent.
 Your task is to generate a skill file based on the user's description.
@@ -86,6 +86,22 @@ export async function generateSkill({ description, configState, providerType, mo
   const fenceMatch = content.match(/```(?:markdown|javascript|js|mjs)?\n([\s\S]*?)\n```/)
   if (fenceMatch) content = fenceMatch[1]
 
+  // Safety: reject .mjs skills that contain dangerous patterns
+  if (type === "mjs") {
+    const dangerPatterns = [
+      /child_process/,
+      /\bexec\s*\(/,
+      /\bspawn\s*\(/,
+      /\beval\s*\(/,
+      /Function\s*\(/,
+      /require\s*\(\s*['"]fs['"]\s*\)/
+    ]
+    const hasDanger = dangerPatterns.some(p => p.test(content))
+    if (hasDanger) {
+      return { name, filename: `${name}.${type}`, content, type, needsReview: true, reviewReason: "contains potentially dangerous code patterns (child_process, exec, eval, etc.)" }
+    }
+  }
+
   const filename = `${name}.${type}`
   return { name, filename, content, type }
 }
@@ -94,7 +110,7 @@ export async function generateSkill({ description, configState, providerType, mo
  * Save a skill to the global skills directory.
  */
 export async function saveSkillGlobal(filename, content) {
-  const dir = join(homedir(), ".kkcode", "skills")
+  const dir = join(userRootDir(), "skills")
   await mkdir(dir, { recursive: true })
   const filePath = join(dir, filename)
   await writeFile(filePath, content, "utf-8")