@kkelly-offical/kkcode 0.1.7 → 0.2.1

package/src/permission/file-edit-policy.mjs

@@ -0,0 +1,108 @@
+function globToRegex(pattern) {
+  let src = ""
+  let i = 0
+  while (i < pattern.length) {
+    const ch = pattern[i]
+    if (ch === "*" && pattern[i + 1] === "*") {
+      src += ".*"
+      i += 2
+      if (pattern[i] === "/") i++
+    } else if (ch === "*") {
+      src += "[^/]*"
+      i++
+    } else if (ch === "?") {
+      src += "[^/]"
+      i++
+    } else if (".+^${}()|[]\\".includes(ch)) {
+      src += `\\${ch}`
+      i++
+    } else {
+      src += ch
+      i++
+    }
+  }
+  return new RegExp(`^${src}$`, "i")
+}
+
+function normalizePath(value) {
+  return String(value || "")
+    .replace(/\\/g, "/")
+    .split("/")
+    .reduce((acc, segment) => {
+      if (!segment || segment === ".") return acc
+      if (segment === "..") {
+        acc.pop()
+        return acc
+      }
+      acc.push(segment)
+      return acc
+    }, [])
+    .join("/")
+}
+
+function matchGlob(pattern, value) {
+  return globToRegex(pattern).test(normalizePath(value))
+}
+
+export const DEFAULT_SENSITIVE_FILE_PATTERNS = [
+  "AGENTS.md",
+  "**/AGENTS.md",
+  "KKCODE.md",
+  "**/KKCODE.md",
+  ".kkcode/**",
+  "**/.kkcode/**",
+  "kkcode.config.yaml",
+  "**/kkcode.config.yaml",
+  ".mcp.json",
+  "**/.mcp.json",
+  ".env",
+  ".env.*",
+  "**/.env",
+  "**/.env.*",
+  ".github/workflows/**",
+  "**/.github/workflows/**"
+]
+
+const SENSITIVE_EDIT_TOOLS = new Set([
+  "write",
+  "edit",
+  "patch",
+  "multiedit",
+  "notebookedit"
+])
+
+function extractCandidatePaths(input) {
+  if (Array.isArray(input)) return input.flatMap(extractCandidatePaths)
+  if (typeof input !== "string") return []
+  return input
+    .split(",")
+    .map((part) => normalizePath(part.trim()))
+    .filter(Boolean)
+}
+
+export function getSensitiveFilePatterns(config = {}) {
+  const configured = config.tool?.sensitive_file_patterns
+  if (!configured) return [...DEFAULT_SENSITIVE_FILE_PATTERNS]
+  if (Array.isArray(configured)) return configured.filter((value) => typeof value === "string" && value.trim())
+  return [...DEFAULT_SENSITIVE_FILE_PATTERNS]
+}
+
+export function isSensitiveEditTool(toolName) {
+  return SENSITIVE_EDIT_TOOLS.has(String(toolName || ""))
+}
+
+export function isSensitiveEditPath(pathOrPaths, config = {}) {
+  const patterns = getSensitiveFilePatterns(config)
+  const candidates = extractCandidatePaths(pathOrPaths)
+  return candidates.some((candidate) => patterns.some((pattern) => matchGlob(pattern, candidate)))
+}
+
+export function getSensitiveEditPolicy(toolName, pathOrPaths, config = {}) {
+  if (!isSensitiveEditTool(toolName)) return null
+  if (!isSensitiveEditPath(pathOrPaths, config)) return null
+  return {
+    action: "ask",
+    source: "sensitive_path",
+    reason: "sensitive edit target requires explicit approval"
+  }
+}

package/src/permission/prompt.mjs

@@ -36,4 +36,4 @@ export async function askPermissionInteractive({ tool, sessionId, reason = "", d
   } finally {
     rl.close()
   }
-}
+}

package/src/permission/rules.mjs

@@ -1,3 +1,84 @@
+import { getSensitiveEditPolicy } from "./file-edit-policy.mjs"
+
+export const PERMISSION_MODES = ["auto", "manual", "yolo"]
+export const LEGACY_PERMISSION_POLICIES = ["ask", "allow", "deny"]
+
+const AUTO_READONLY_TOOLS = new Set([
+  "list",
+  "read",
+  "glob",
+  "grep",
+  "codesearch",
+  "sysinfo",
+  "websearch",
+  "webfetch",
+  "background_output",
+  "task_list",
+  "task_get",
+  "task_output",
+  "todowrite",
+  "question",
+  "enter_plan",
+  "exit_plan"
+])
+
+const AUTO_REVIEW_ASK_TOOLS = new Set([
+  "bash",
+  "write",
+  "edit",
+  "patch",
+  "multiedit",
+  "notebookedit",
+  "task",
+  "task_stop",
+  "background_cancel",
+  "skill"
+])
+
+const TRUSTED_BASH_PATTERNS = [
+  /^(pwd|ls|cat|head|tail|wc|which|date|whoami|uname)\b/i,
+  /^(rg|grep|find)\b/i,
+  /^sed\s+-n\b/i,
+  /^git\s+(status|log|diff|show|branch|rev-parse)\b/i,
+  /^(node|npm|pnpm|yarn)\s+(--version|-v|version|root|list|ls)\b/i
+]
+
+function normalizePermissionMode(permission = {}) {
+  const mode = String(permission.mode || "").toLowerCase()
+  if (PERMISSION_MODES.includes(mode)) return mode
+  const legacy = String(permission.default_policy || "").toLowerCase()
+  if (legacy === "auto" || legacy === "yolo") return legacy
+  return "manual"
+}
+
+function trustedBashCommand(command) {
+  const cmd = String(command || "").trim()
+  if (!cmd) return false
+  if (/[;&|<>`]/.test(cmd)) return false
+  return TRUSTED_BASH_PATTERNS.some((pattern) => pattern.test(cmd))
+}
+
+function autoAllowsTool({ tool, command = "" }) {
+  if (AUTO_READONLY_TOOLS.has(tool)) return true
+  if (tool === "bash") return trustedBashCommand(command)
+  if (AUTO_REVIEW_ASK_TOOLS.has(tool)) return false
+  return false
+}
+
+function applySensitiveEscalation(decision, { tool, pattern, config, mode }) {
+  if (mode === "yolo") return decision
+  const sensitivePolicy = getSensitiveEditPolicy(tool, pattern, config)
+  if (sensitivePolicy && decision.action === "allow") {
+    return {
+      action: sensitivePolicy.action,
+      source: sensitivePolicy.source,
+      rule: decision.rule || null,
+      mode
+    }
+  }
+  return decision
+}
+
 /**
  * Glob-style pattern matching supporting:
  *   *      — any chars except /
@@ -31,9 +112,18 @@ function globToRegex(pattern) {
   return new RegExp(`^${src}$`, "i")
 }
 
+function normalizePath(p) {
+  // Resolve ../ and ./ sequences to prevent traversal bypass
+  return p.replace(/\\/g, "/").split("/").reduce((acc, seg) => {
+    if (seg === "..") { acc.pop(); return acc }
+    if (seg !== "." && seg !== "") acc.push(seg)
+    return acc
+  }, []).join("/")
+}
+
 function matchGlob(value, pattern) {
   if (!pattern || pattern === "*") return true
-  const str = String(value || "")
+  const str = normalizePath(String(value || ""))
   const negate = pattern.startsWith("!")
   const pat = negate ? pattern.slice(1) : pattern
   const matched = globToRegex(pat).test(str)
@@ -99,22 +189,41 @@ export function matchRule(rule, input) {
 
 export function evaluatePermission({ config, tool, mode, pattern = "*", command = "", risk = 0 }) {
   const permission = config.permission || { default_policy: "ask", rules: [] }
+  const permissionMode = normalizePermissionMode(permission)
   const rules = Array.isArray(permission.rules) ? permission.rules : []
   for (const rule of rules) {
     if (matchRule(rule, { tool, mode, pattern, command, risk })) {
-      return {
+      const matchedDecision = {
         action: rule.action,
         source: "rule",
-        rule
+        rule,
+        mode: permissionMode
       }
+      return applySensitiveEscalation(matchedDecision, { tool, pattern, config, mode: permissionMode })
     }
   }
-  return {
-    action: permission.default_policy || "ask",
+
+  if (permissionMode === "yolo") {
+    return { action: "allow", source: "mode:yolo", rule: null, mode: permissionMode }
+  }
+
+  if (permissionMode === "auto") {
+    const action = autoAllowsTool({ tool, command, risk }) ? "allow" : "ask"
+    const decision = { action, source: "auto_review", rule: null, mode: permissionMode }
+    return applySensitiveEscalation(decision, { tool, pattern, config, mode: permissionMode })
+  }
+
+  const defaultPolicy = LEGACY_PERMISSION_POLICIES.includes(permission.default_policy)
+    ? permission.default_policy
+    : "ask"
+  const fallbackDecision = {
+    action: defaultPolicy,
     source: "default",
-    rule: null
+    rule: null,
+    mode: permissionMode
   }
+  return applySensitiveEscalation(fallbackDecision, { tool, pattern, config, mode: permissionMode })
 }
 
 // Exported for testing
-export { matchGlob, matchPatterns, matchCommandPrefix }
+export { matchGlob, matchPatterns, matchCommandPrefix, normalizePermissionMode, trustedBashCommand, autoAllowsTool }

package/src/plugin/builtin-hooks/post-edit-format.mjs

@@ -18,7 +18,8 @@ export default {
   name: "post-edit-format",
   tool: {
     async after(payload) {
-      const { toolName, args, cwd } = payload
+      const toolName = String(payload.toolName || payload.tool || "")
+      const { args, cwd } = payload
       if (!["edit", "write", "multiedit"].includes(toolName)) return payload
 
       // Collect affected files

package/src/plugin/builtin-hooks/post-edit-typecheck.mjs

@@ -1,61 +1,125 @@
-// Post-edit TypeScript type check hook
-// Runs `tsc --noEmit` after editing .ts/.tsx files to catch type errors early
+// Post-edit diagnostics + observability hook
+// Captures baseline diagnostics before mutation tools and appends a concise
+// post-edit diagnostics delta plus mutation summary after mutation tools run.
 
-import { exec as execCb } from "node:child_process"
-import { promisify } from "node:util"
-import { access } from "node:fs/promises"
-import path from "node:path"
+import {
+  buildEditDiagnosticsReport,
+  buildMutationObservability,
+  collectDiagnosticsSnapshot,
+  extractTouchedFiles,
+  isDiagnosticsEligibleFile,
+  isMutationTool
+} from "../../observability/edit-diagnostics.mjs"
 
-const exec = promisify(execCb)
+function normalizeToolName(payload = {}) {
+  return String(payload.toolName || payload.tool || "").trim()
+}
+
+function isCompletedResult(result) {
+  if (!result || typeof result !== "object") return true
+  return !result.status || result.status === "completed"
+}
 
-async function fileExists(p) {
-  try { await access(p); return true } catch { return false }
+function appendFeedback(result, reportText) {
+  if (!reportText) return result
+  if (typeof result === "string") return `${result}\n${reportText}`.trim()
+  if (result && typeof result === "object") {
+    return {
+      ...result,
+      output: `${String(result.output || "")}\n${reportText}`.trim()
+    }
+  }
+  return result
+}
+
+function buildReportText({ observability, diagnostics }) {
+  const lines = []
+  if (observability?.changes?.length) {
+    lines.push("Mutation summary:")
+    lines.push(`- ${observability.summary}`)
+  }
+  if (diagnostics?.summary?.text) {
+    lines.push("Diagnostics:")
+    lines.push(`- ${diagnostics.summary.text}`)
+    for (const issue of (diagnostics.delta?.added || []).slice(0, 2)) {
+      lines.push(`- introduced ${issue.file || "unknown"} ${issue.code || ""} ${issue.message || ""}`.trim())
+    }
+    for (const issue of (diagnostics.delta?.resolved || []).slice(0, 2)) {
+      lines.push(`- resolved ${issue.file || "unknown"} ${issue.code || ""} ${issue.message || ""}`.trim())
+    }
+  }
+  return lines.join("\n")
 }
 
 export default {
   name: "post-edit-typecheck",
   tool: {
-    async after(payload) {
-      const { toolName, args, result, cwd } = payload
-      if (!["edit", "write", "multiedit"].includes(toolName)) return payload
-
-      // Determine affected files
-      const files = []
-      if (args?.path) files.push(args.path)
-      if (args?.changes) {
-        for (const c of args.changes) {
-          if (c.path) files.push(c.path)
+    async before(payload) {
+      const toolName = normalizeToolName(payload)
+      if (!isMutationTool(toolName)) return payload
+
+      const cwd = payload.cwd || process.cwd()
+      const files = extractTouchedFiles({ args: payload.args }).filter(isDiagnosticsEligibleFile)
+      if (files.length === 0) return payload
+
+      const baseline = await collectDiagnosticsSnapshot({ cwd, files }).catch(() => null)
+      return {
+        ...payload,
+        _editObservability: {
+          files,
+          baseline
         }
       }
+    },
 
-      // Only check if at least one TS/TSX file was edited
-      const tsFiles = files.filter(f => /\.tsx?$/.test(f))
-      if (tsFiles.length === 0) return payload
+    async after(payload) {
+      const toolName = normalizeToolName(payload)
+      if (!isMutationTool(toolName)) return payload
+      if (!isCompletedResult(payload.result)) return payload
+
+      const cwd = payload.cwd || process.cwd()
+      const metadata = payload.result && typeof payload.result === "object" && payload.result.metadata && typeof payload.result.metadata === "object"
+        ? { ...payload.result.metadata }
+        : {}
+      const files = (payload._editObservability?.files || extractTouchedFiles({ args: payload.args, metadata }))
+        .filter(isDiagnosticsEligibleFile)
 
-      // Verify tsconfig.json exists in project
-      const tsconfigPath = path.join(cwd || process.cwd(), "tsconfig.json")
-      if (!(await fileExists(tsconfigPath))) return payload
+      const observability = buildMutationObservability(metadata)
+      let diagnostics = null
 
-      try {
-        await exec("npx tsc --noEmit --pretty 2>&1", {
-          cwd: cwd || process.cwd(),
-          timeout: 15000
+      if (files.length > 0) {
+        const current = await collectDiagnosticsSnapshot({ cwd, files }).catch(() => null)
+        diagnostics = buildEditDiagnosticsReport({
+          cwd,
+          files,
+          baseline: payload._editObservability?.baseline || {},
+          current: current || {},
+          reason: current ? "" : "snapshot_failed"
         })
-        // No errors — silently pass through
-      } catch (error) {
-        const output = (error.stdout || error.stderr || "").trim()
-        if (output) {
-          // Append type check warnings to tool result
-          const warning = `\n⚠ TypeScript type check found issues:\n${output.slice(0, 2000)}`
-          if (typeof result === "string") {
-            payload.result = result + warning
-          } else if (result && typeof result === "object") {
-            payload.result = { ...result, output: (result.output || "") + warning }
+      }
+
+      if (!observability.changes.length && !diagnostics) {
+        return payload
+      }
+
+      const reportText = buildReportText({ observability, diagnostics })
+      let nextResult = appendFeedback(payload.result, reportText)
+
+      if (nextResult && typeof nextResult === "object") {
+        nextResult = {
+          ...nextResult,
+          metadata: {
+            ...metadata,
+            observability,
+            ...(diagnostics ? { diagnostics } : {})
           }
         }
       }
 
-      return payload
+      return {
+        ...payload,
+        result: nextResult
+      }
     }
   }
 }

package/src/plugin/hook-bus.mjs

@@ -1,6 +1,7 @@
 import path from "node:path"
 import { access, readdir } from "node:fs/promises"
 import { pathToFileURL, fileURLToPath } from "node:url"
+import { userRootDir } from "../storage/paths.mjs"
 
 const __dirname = path.dirname(fileURLToPath(import.meta.url))
 
@@ -17,7 +18,8 @@ const HOOK_EVENTS = [
 const state = {
   loaded: false,
   hooks: [],
-  errors: []
+  errors: [],
+  warnedPluginAlias: false
 }
 
 function normalizeHook(mod, source) {
@@ -63,11 +65,23 @@ export async function initHookBus(cwd = process.cwd()) {
   if (state.loaded) return state
   // Built-in hooks ship with kkcode (lowest priority — user hooks can override)
   const builtinHooks = path.join(__dirname, "builtin-hooks")
-  const userRoot = process.env.USERPROFILE || process.env.HOME || cwd
-  const userHooks = path.join(userRoot, ".kkcode", "hooks")
+  const userHooks = path.join(userRootDir(), "hooks")
+  const projectPluginHooks = path.join(cwd, ".kkcode", "plugins")
   const projectHooks = path.join(cwd, ".kkcode", "hooks")
-  // Load order: builtin → user → project (later hooks in chain take priority)
-  const files = [...(await discover(builtinHooks)), ...(await discover(userHooks)), ...(await discover(projectHooks))]
+  // Load order: builtin → user → project plugin alias → project hooks
+  // `.kkcode/plugins` remains a compatibility alias for hook scripts while
+  // `.kkcode/hooks` is the explicit project hook path.
+  const pluginAliasFiles = await discover(projectPluginHooks)
+  if (pluginAliasFiles.length && !state.warnedPluginAlias) {
+    state.errors.push("deprecated hook path: .kkcode/plugins is a compatibility alias for loose hook scripts; prefer .kkcode/hooks or a plugin.json package boundary")
+    state.warnedPluginAlias = true
+  }
+  const files = [
+    ...(await discover(builtinHooks)),
+    ...(await discover(userHooks)),
+    ...pluginAliasFiles,
+    ...(await discover(projectHooks))
+  ]
   for (const file of files) {
     const loaded = await loadModule(file)
     if (loaded.error) {