@kyo-so/cli 0.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.agents/skills/kyoso-review/SKILL.md +38 -0
- package/.agents/skills/kyoso-review/agents/openai.yaml +14 -0
- package/LICENSE +677 -0
- package/README.md +202 -0
- package/dist/acp/AcpAgentManager.d.ts +9 -0
- package/dist/acp/AcpAgentProcess.d.ts +9 -0
- package/dist/acp/FakeAgentManager.d.ts +9 -0
- package/dist/acp/normalize.d.ts +3 -0
- package/dist/acp/prompts.d.ts +2 -0
- package/dist/aggregate/aggregateFindings.d.ts +15 -0
- package/dist/aggregate/severity.d.ts +3 -0
- package/dist/audit/sanitize.d.ts +3 -0
- package/dist/audit/trace.d.ts +12 -0
- package/dist/bin/kyoso.js +199606 -0
- package/dist/cli/args.d.ts +8 -0
- package/dist/cli/doctor.d.ts +9 -0
- package/dist/cli/init.d.ts +4 -0
- package/dist/cli/io.d.ts +7 -0
- package/dist/cli/main.d.ts +1 -0
- package/dist/config/defaultConfig.d.ts +2 -0
- package/dist/config/defineConfig.d.ts +2 -0
- package/dist/config/loadConfig.d.ts +22 -0
- package/dist/config/schema.d.ts +117 -0
- package/dist/config/trustedConfig.d.ts +5 -0
- package/dist/config/tsConfigLoader.d.ts +7 -0
- package/dist/context/buildContext.d.ts +11 -0
- package/dist/context/pathPolicy.d.ts +3 -0
- package/dist/context/truncate.d.ts +6 -0
- package/dist/core/constants.d.ts +7 -0
- package/dist/core/errors.d.ts +4 -0
- package/dist/core/runReview.d.ts +12 -0
- package/dist/core/types.d.ts +154 -0
- package/dist/core/validateRequest.d.ts +2 -0
- package/dist/index.d.ts +3 -0
- package/dist/index.js +189728 -0
- package/dist/judge/anthropic.d.ts +2 -0
- package/dist/judge/deterministicFallback.d.ts +3 -0
- package/dist/judge/openai.d.ts +2 -0
- package/dist/judge/prompt.d.ts +9 -0
- package/dist/judge/provider.d.ts +26 -0
- package/dist/mcp/formatMcpResponse.d.ts +7 -0
- package/dist/mcp/schemas.d.ts +38 -0
- package/dist/mcp/server.d.ts +6 -0
- package/dist/output/markdown.d.ts +7 -0
- package/dist/security/cisaGate.d.ts +2 -0
- package/dist/security/decision.d.ts +10 -0
- package/dist/security/recursionGuard.d.ts +1 -0
- package/dist/security/redact.d.ts +5 -0
- package/dist/security/sanitizeText.d.ts +3 -0
- package/dist/security/secretScan.d.ts +2 -0
- package/dist/utils/env.d.ts +5 -0
- package/dist/utils/ids.d.ts +1 -0
- package/dist/workspace/cleanup.d.ts +1 -0
- package/dist/workspace/createSnapshot.d.ts +11 -0
- package/examples/claude-code-mcp.json +13 -0
- package/examples/codex-config.toml +11 -0
- package/examples/kyoso.config.ts +22 -0
- package/package.json +50 -0
|
@@ -0,0 +1,9 @@
|
|
|
1
|
+
import type { KyosoResult, ReviewTool } from "../core/types.js";
|
|
2
|
+
export declare function buildJudgePrompt(tool: ReviewTool, result: Omit<KyosoResult, "summaryMarkdown">, summaryText: string): string;
|
|
3
|
+
export declare function parseJudgeOutput(text: string, fallbackSummaryText: string): {
|
|
4
|
+
summaryText: string;
|
|
5
|
+
disagreementComments: Array<{
|
|
6
|
+
topic: string;
|
|
7
|
+
judgeComment: string;
|
|
8
|
+
}>;
|
|
9
|
+
};
|
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
import type { KyosoConfig } from "../config/schema.js";
|
|
2
|
+
import type { KyosoResult, JudgeProvider, ReviewTool } from "../core/types.js";
|
|
3
|
+
export type JudgeOutput = {
|
|
4
|
+
summaryText: string;
|
|
5
|
+
disagreementComments: Array<{
|
|
6
|
+
topic: string;
|
|
7
|
+
judgeComment: string;
|
|
8
|
+
}>;
|
|
9
|
+
};
|
|
10
|
+
export type ResolvedJudgeProvider = Exclude<JudgeProvider, "auto"> | "deterministic_fallback";
|
|
11
|
+
export type JudgeRunResult = {
|
|
12
|
+
provider: ResolvedJudgeProvider;
|
|
13
|
+
status: "completed" | "deterministic_fallback" | "failed_fallback";
|
|
14
|
+
output: JudgeOutput;
|
|
15
|
+
error?: string;
|
|
16
|
+
};
|
|
17
|
+
export type JudgeRunInput = {
|
|
18
|
+
tool: ReviewTool;
|
|
19
|
+
result: Omit<KyosoResult, "summaryMarkdown">;
|
|
20
|
+
summaryText: string;
|
|
21
|
+
config: KyosoConfig["judge"];
|
|
22
|
+
requestedProvider?: JudgeProvider;
|
|
23
|
+
env: NodeJS.ProcessEnv;
|
|
24
|
+
};
|
|
25
|
+
export declare function resolveJudgeProvider(provider: JudgeProvider, env: NodeJS.ProcessEnv): ResolvedJudgeProvider;
|
|
26
|
+
export declare function runJudge(input: JudgeRunInput): Promise<JudgeRunResult>;
|
|
@@ -0,0 +1,38 @@
|
|
|
1
|
+
import * as z from "zod/v4";
|
|
2
|
+
export declare const kyosoReviewRequestSchema: z.ZodObject<{
|
|
3
|
+
goal: z.ZodString;
|
|
4
|
+
repoSummary: z.ZodOptional<z.ZodString>;
|
|
5
|
+
currentPlan: z.ZodOptional<z.ZodString>;
|
|
6
|
+
selectedFiles: z.ZodOptional<z.ZodArray<z.ZodObject<{
|
|
7
|
+
path: z.ZodString;
|
|
8
|
+
language: z.ZodOptional<z.ZodString>;
|
|
9
|
+
content: z.ZodString;
|
|
10
|
+
truncated: z.ZodOptional<z.ZodBoolean>;
|
|
11
|
+
}, z.core.$strip>>>;
|
|
12
|
+
diff: z.ZodOptional<z.ZodObject<{
|
|
13
|
+
baseRef: z.ZodOptional<z.ZodString>;
|
|
14
|
+
headRef: z.ZodOptional<z.ZodString>;
|
|
15
|
+
unifiedDiff: z.ZodString;
|
|
16
|
+
}, z.core.$strip>>;
|
|
17
|
+
constraints: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
18
|
+
workspace: z.ZodOptional<z.ZodObject<{
|
|
19
|
+
root: z.ZodOptional<z.ZodString>;
|
|
20
|
+
allowRead: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
21
|
+
denyRead: z.ZodOptional<z.ZodArray<z.ZodString>>;
|
|
22
|
+
}, z.core.$strip>>;
|
|
23
|
+
options: z.ZodOptional<z.ZodObject<{
|
|
24
|
+
network: z.ZodOptional<z.ZodEnum<{
|
|
25
|
+
model_only: "model_only";
|
|
26
|
+
unrestricted: "unrestricted";
|
|
27
|
+
}>>;
|
|
28
|
+
maxAgentTimeoutMs: z.ZodOptional<z.ZodNumber>;
|
|
29
|
+
includeAgentRawOutputs: z.ZodOptional<z.ZodBoolean>;
|
|
30
|
+
judgeProvider: z.ZodOptional<z.ZodEnum<{
|
|
31
|
+
auto: "auto";
|
|
32
|
+
openai: "openai";
|
|
33
|
+
anthropic: "anthropic";
|
|
34
|
+
none: "none";
|
|
35
|
+
}>>;
|
|
36
|
+
allowSecretRedaction: z.ZodOptional<z.ZodBoolean>;
|
|
37
|
+
}, z.core.$strip>>;
|
|
38
|
+
}, z.core.$strip>;
|
|
@@ -0,0 +1,6 @@
|
|
|
1
|
+
import { McpServer } from "@modelcontextprotocol/server";
|
|
2
|
+
import { type RunReviewOptions } from "../core/runReview.js";
|
|
3
|
+
export declare const KYOSO_MCP_INSTRUCTIONS = "Kyoso is a multi-agent planning and review gate. Use it only when the user explicitly asks for Kyoso, multi-agent review, plan review, security review, CISA Secure by Design review, or diff review. Kyoso does not apply code changes. It returns structured review results and Markdown summaries.";
|
|
4
|
+
export declare function listKyosoMcpTools(): string[];
|
|
5
|
+
export declare function createMcpServer(options?: RunReviewOptions): McpServer;
|
|
6
|
+
export declare function startMcpServer(options?: RunReviewOptions): Promise<void>;
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
import type { KyosoResult, ReviewTool } from "../core/types.js";
|
|
2
|
+
type MarkdownRenderOptions = {
|
|
3
|
+
summaryText?: string;
|
|
4
|
+
};
|
|
5
|
+
export declare function renderMarkdownResult(tool: ReviewTool, result: Omit<KyosoResult, "summaryMarkdown">, options?: MarkdownRenderOptions): string;
|
|
6
|
+
export declare function defaultSummaryText(result: Omit<KyosoResult, "summaryMarkdown">): string;
|
|
7
|
+
export {};
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
import type { CisaSecureByDesignResult, KyosoDecision, KyosoFinding, ReviewTool, SecretScanResult } from "../core/types.js";
|
|
2
|
+
export declare function decide(input: {
|
|
3
|
+
tool: ReviewTool;
|
|
4
|
+
findings: KyosoFinding[];
|
|
5
|
+
cisa?: CisaSecureByDesignResult;
|
|
6
|
+
degraded: boolean;
|
|
7
|
+
secretScan: Pick<SecretScanResult, "detected"> & {
|
|
8
|
+
blocked: boolean;
|
|
9
|
+
};
|
|
10
|
+
}): KyosoDecision;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function assertNotChildAgent(env?: NodeJS.ProcessEnv): void;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function newTraceId(): string;
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
export declare function cleanupSnapshot(path: string): Promise<void>;
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import type { KyosoReviewRequest, ReviewTool } from "../core/types.js";
|
|
2
|
+
export type Snapshot = {
|
|
3
|
+
root: string;
|
|
4
|
+
repoDir: string;
|
|
5
|
+
contextDir: string;
|
|
6
|
+
fileCount: number;
|
|
7
|
+
};
|
|
8
|
+
export declare function createSnapshot(traceId: string, tool: ReviewTool, request: KyosoReviewRequest, options?: {
|
|
9
|
+
denyPatterns?: string[];
|
|
10
|
+
allowPatterns?: string[];
|
|
11
|
+
}): Promise<Snapshot>;
|
|
@@ -0,0 +1,13 @@
|
|
|
1
|
+
{
|
|
2
|
+
"mcpServers": {
|
|
3
|
+
"kyoso": {
|
|
4
|
+
"command": "npx",
|
|
5
|
+
"args": ["-y", "@kyo-so/cli", "mcp"],
|
|
6
|
+
"env": {
|
|
7
|
+
"OPENAI_API_KEY": "${OPENAI_API_KEY}",
|
|
8
|
+
"ANTHROPIC_API_KEY": "${ANTHROPIC_API_KEY}",
|
|
9
|
+
"CLAUDE_CODE_OAUTH_TOKEN": "${CLAUDE_CODE_OAUTH_TOKEN}"
|
|
10
|
+
}
|
|
11
|
+
}
|
|
12
|
+
}
|
|
13
|
+
}
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
[mcp_servers.kyoso]
|
|
2
|
+
command = "npx"
|
|
3
|
+
args = ["-y", "@kyo-so/cli", "mcp"]
|
|
4
|
+
env_vars = ["OPENAI_API_KEY", "CODEX_API_KEY", "ANTHROPIC_API_KEY", "CLAUDE_CODE_OAUTH_TOKEN"]
|
|
5
|
+
startup_timeout_sec = 20
|
|
6
|
+
tool_timeout_sec = 360
|
|
7
|
+
enabled = true
|
|
8
|
+
|
|
9
|
+
# Bun alternative:
|
|
10
|
+
# command = "bunx"
|
|
11
|
+
# args = ["@kyo-so/cli", "mcp"]
|
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
import { defineConfig } from "@kyo-so/cli";
|
|
2
|
+
|
|
3
|
+
export default defineConfig({
|
|
4
|
+
network: {
|
|
5
|
+
defaultMode: "model_only",
|
|
6
|
+
allowUnrestricted: true,
|
|
7
|
+
},
|
|
8
|
+
agents: {
|
|
9
|
+
codex: {
|
|
10
|
+
// Omit model to use the user's Codex default from ~/.codex/config.toml.
|
|
11
|
+
// model: "gpt-5.5",
|
|
12
|
+
},
|
|
13
|
+
claude: {
|
|
14
|
+
// Omit model to use the Claude adapter default.
|
|
15
|
+
// model: "claude-sonnet-5",
|
|
16
|
+
timeoutMs: 240_000,
|
|
17
|
+
auth: {
|
|
18
|
+
preferApiKey: false,
|
|
19
|
+
},
|
|
20
|
+
},
|
|
21
|
+
},
|
|
22
|
+
});
|
package/package.json
ADDED
|
@@ -0,0 +1,50 @@
|
|
|
1
|
+
{
|
|
2
|
+
"name": "@kyo-so/cli",
|
|
3
|
+
"version": "0.1.0",
|
|
4
|
+
"description": "Kyo-so: MCP-native, ACP-powered multi-agent review gates for AI coding workflows.",
|
|
5
|
+
"license": "AGPL-3.0-or-later",
|
|
6
|
+
"type": "module",
|
|
7
|
+
"engines": {
|
|
8
|
+
"node": ">=20"
|
|
9
|
+
},
|
|
10
|
+
"main": "./dist/index.js",
|
|
11
|
+
"types": "./dist/index.d.ts",
|
|
12
|
+
"exports": {
|
|
13
|
+
".": {
|
|
14
|
+
"types": "./dist/index.d.ts",
|
|
15
|
+
"import": "./dist/index.js"
|
|
16
|
+
},
|
|
17
|
+
"./package.json": "./package.json"
|
|
18
|
+
},
|
|
19
|
+
"bin": {
|
|
20
|
+
"kyoso": "dist/bin/kyoso.js"
|
|
21
|
+
},
|
|
22
|
+
"files": [
|
|
23
|
+
"dist",
|
|
24
|
+
".agents/skills/kyoso-review",
|
|
25
|
+
"examples",
|
|
26
|
+
"README.md",
|
|
27
|
+
"LICENSE"
|
|
28
|
+
],
|
|
29
|
+
"scripts": {
|
|
30
|
+
"dev": "bun run src/cli/main.ts",
|
|
31
|
+
"typecheck": "tsc --noEmit",
|
|
32
|
+
"test": "bun test",
|
|
33
|
+
"build": "bun build src/index.ts --target=node --outfile dist/index.js && bun build src/cli/main.ts --target=node --outfile dist/bin/kyoso.js --banner '#!/usr/bin/env node' && node -e \"require('node:fs').chmodSync('dist/bin/kyoso.js', 0o755)\" && tsc -p tsconfig.build.json",
|
|
34
|
+
"lint": "tsc --noEmit",
|
|
35
|
+
"format": "prettier --write .",
|
|
36
|
+
"format:check": "prettier --check .",
|
|
37
|
+
"pack:verify": "node scripts/verify-pack.mjs",
|
|
38
|
+
"prepack": "bun run build"
|
|
39
|
+
},
|
|
40
|
+
"dependencies": {
|
|
41
|
+
"@agentclientprotocol/sdk": "1.0.0",
|
|
42
|
+
"@modelcontextprotocol/server": "2.0.0-alpha.3",
|
|
43
|
+
"typescript": "6.0.3",
|
|
44
|
+
"zod": "4.4.3"
|
|
45
|
+
},
|
|
46
|
+
"devDependencies": {
|
|
47
|
+
"@types/bun": "1.3.14",
|
|
48
|
+
"prettier": "3.9.1"
|
|
49
|
+
}
|
|
50
|
+
}
|