@prestyj/cli 4.3.164 → 4.3.200

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (258) hide show
  1. package/dist/cli.js +106 -27
  2. package/dist/cli.js.map +1 -1
  3. package/dist/core/agent-session.d.ts +50 -1
  4. package/dist/core/agent-session.d.ts.map +1 -1
  5. package/dist/core/agent-session.js +175 -20
  6. package/dist/core/agent-session.js.map +1 -1
  7. package/dist/core/agents.d.ts +6 -1
  8. package/dist/core/agents.d.ts.map +1 -1
  9. package/dist/core/agents.js +112 -3
  10. package/dist/core/agents.js.map +1 -1
  11. package/dist/core/auth-storage.d.ts.map +1 -1
  12. package/dist/core/auth-storage.js +20 -1
  13. package/dist/core/auth-storage.js.map +1 -1
  14. package/dist/core/claude-code-version.d.ts +10 -0
  15. package/dist/core/claude-code-version.d.ts.map +1 -0
  16. package/dist/core/claude-code-version.js +106 -0
  17. package/dist/core/claude-code-version.js.map +1 -0
  18. package/dist/core/compaction/compactor.d.ts +13 -0
  19. package/dist/core/compaction/compactor.d.ts.map +1 -1
  20. package/dist/core/compaction/compactor.js +20 -1
  21. package/dist/core/compaction/compactor.js.map +1 -1
  22. package/dist/core/compaction/compactor.test.js +12 -1
  23. package/dist/core/compaction/compactor.test.js.map +1 -1
  24. package/dist/core/index.d.ts +1 -1
  25. package/dist/core/index.d.ts.map +1 -1
  26. package/dist/core/index.js +1 -1
  27. package/dist/core/index.js.map +1 -1
  28. package/dist/core/model-registry.d.ts +30 -2
  29. package/dist/core/model-registry.d.ts.map +1 -1
  30. package/dist/core/model-registry.js +41 -26
  31. package/dist/core/model-registry.js.map +1 -1
  32. package/dist/core/model-registry.test.d.ts +2 -0
  33. package/dist/core/model-registry.test.d.ts.map +1 -0
  34. package/dist/core/model-registry.test.js +19 -0
  35. package/dist/core/model-registry.test.js.map +1 -0
  36. package/dist/core/oauth/anthropic.d.ts.map +1 -1
  37. package/dist/core/oauth/anthropic.js +64 -42
  38. package/dist/core/oauth/anthropic.js.map +1 -1
  39. package/dist/core/oauth/openai.js +1 -1
  40. package/dist/core/oauth/openai.js.map +1 -1
  41. package/dist/core/prompt-commands.d.ts.map +1 -1
  42. package/dist/core/prompt-commands.js +480 -100
  43. package/dist/core/prompt-commands.js.map +1 -1
  44. package/dist/core/prompt-commands.test.d.ts +2 -0
  45. package/dist/core/prompt-commands.test.d.ts.map +1 -0
  46. package/dist/core/prompt-commands.test.js +33 -0
  47. package/dist/core/prompt-commands.test.js.map +1 -0
  48. package/dist/core/repomap-context.d.ts +11 -0
  49. package/dist/core/repomap-context.d.ts.map +1 -0
  50. package/dist/core/repomap-context.js +68 -0
  51. package/dist/core/repomap-context.js.map +1 -0
  52. package/dist/core/repomap-context.test.d.ts +2 -0
  53. package/dist/core/repomap-context.test.d.ts.map +1 -0
  54. package/dist/core/repomap-context.test.js +47 -0
  55. package/dist/core/repomap-context.test.js.map +1 -0
  56. package/dist/core/repomap.d.ts +74 -0
  57. package/dist/core/repomap.d.ts.map +1 -0
  58. package/dist/core/repomap.js +897 -0
  59. package/dist/core/repomap.js.map +1 -0
  60. package/dist/core/repomap.test.d.ts +2 -0
  61. package/dist/core/repomap.test.d.ts.map +1 -0
  62. package/dist/core/repomap.test.js +444 -0
  63. package/dist/core/repomap.test.js.map +1 -0
  64. package/dist/core/session-compaction.d.ts +15 -0
  65. package/dist/core/session-compaction.d.ts.map +1 -0
  66. package/dist/core/session-compaction.js +31 -0
  67. package/dist/core/session-compaction.js.map +1 -0
  68. package/dist/core/session-compaction.test.d.ts +2 -0
  69. package/dist/core/session-compaction.test.d.ts.map +1 -0
  70. package/dist/core/session-compaction.test.js +70 -0
  71. package/dist/core/session-compaction.test.js.map +1 -0
  72. package/dist/core/settings-manager.d.ts +3 -5
  73. package/dist/core/settings-manager.d.ts.map +1 -1
  74. package/dist/core/settings-manager.js +6 -5
  75. package/dist/core/settings-manager.js.map +1 -1
  76. package/dist/core/slash-commands.d.ts +2 -0
  77. package/dist/core/slash-commands.d.ts.map +1 -1
  78. package/dist/core/slash-commands.js +15 -14
  79. package/dist/core/slash-commands.js.map +1 -1
  80. package/dist/core/style-packs/index.d.ts.map +1 -1
  81. package/dist/core/style-packs/index.js +8 -9
  82. package/dist/core/style-packs/index.js.map +1 -1
  83. package/dist/index.d.ts +2 -2
  84. package/dist/index.d.ts.map +1 -1
  85. package/dist/index.js +1 -1
  86. package/dist/index.js.map +1 -1
  87. package/dist/interactive.d.ts.map +1 -1
  88. package/dist/interactive.js +12 -6
  89. package/dist/interactive.js.map +1 -1
  90. package/dist/modes/json-mode.d.ts +7 -0
  91. package/dist/modes/json-mode.d.ts.map +1 -1
  92. package/dist/modes/json-mode.js +9 -1
  93. package/dist/modes/json-mode.js.map +1 -1
  94. package/dist/system-prompt.d.ts.map +1 -1
  95. package/dist/system-prompt.js +105 -108
  96. package/dist/system-prompt.js.map +1 -1
  97. package/dist/system-prompt.test.d.ts +2 -0
  98. package/dist/system-prompt.test.d.ts.map +1 -0
  99. package/dist/system-prompt.test.js +107 -0
  100. package/dist/system-prompt.test.js.map +1 -0
  101. package/dist/tools/bash.d.ts.map +1 -1
  102. package/dist/tools/bash.js +1 -0
  103. package/dist/tools/bash.js.map +1 -1
  104. package/dist/tools/edit-diff.d.ts +66 -1
  105. package/dist/tools/edit-diff.d.ts.map +1 -1
  106. package/dist/tools/edit-diff.js +208 -10
  107. package/dist/tools/edit-diff.js.map +1 -1
  108. package/dist/tools/edit-diff.test.js +175 -15
  109. package/dist/tools/edit-diff.test.js.map +1 -1
  110. package/dist/tools/edit.d.ts +3 -1
  111. package/dist/tools/edit.d.ts.map +1 -1
  112. package/dist/tools/edit.js +190 -44
  113. package/dist/tools/edit.js.map +1 -1
  114. package/dist/tools/edit.test.js +392 -3
  115. package/dist/tools/edit.test.js.map +1 -1
  116. package/dist/tools/enter-plan.d.ts.map +1 -1
  117. package/dist/tools/enter-plan.js +1 -0
  118. package/dist/tools/enter-plan.js.map +1 -1
  119. package/dist/tools/exit-plan.d.ts.map +1 -1
  120. package/dist/tools/exit-plan.js +1 -0
  121. package/dist/tools/exit-plan.js.map +1 -1
  122. package/dist/tools/index.d.ts +13 -0
  123. package/dist/tools/index.d.ts.map +1 -1
  124. package/dist/tools/index.js +4 -4
  125. package/dist/tools/index.js.map +1 -1
  126. package/dist/tools/prompt-hints.d.ts.map +1 -1
  127. package/dist/tools/prompt-hints.js +6 -4
  128. package/dist/tools/prompt-hints.js.map +1 -1
  129. package/dist/tools/read.d.ts +1 -1
  130. package/dist/tools/read.d.ts.map +1 -1
  131. package/dist/tools/read.js +2 -1
  132. package/dist/tools/read.js.map +1 -1
  133. package/dist/tools/subagent.d.ts +1 -1
  134. package/dist/tools/subagent.d.ts.map +1 -1
  135. package/dist/tools/subagent.js +55 -2
  136. package/dist/tools/subagent.js.map +1 -1
  137. package/dist/tools/tasks.d.ts.map +1 -1
  138. package/dist/tools/tasks.js +1 -0
  139. package/dist/tools/tasks.js.map +1 -1
  140. package/dist/tools/web-fetch.d.ts +1 -0
  141. package/dist/tools/web-fetch.d.ts.map +1 -1
  142. package/dist/tools/web-fetch.js +96 -6
  143. package/dist/tools/web-fetch.js.map +1 -1
  144. package/dist/tools/web-fetch.test.d.ts +2 -0
  145. package/dist/tools/web-fetch.test.d.ts.map +1 -0
  146. package/dist/tools/web-fetch.test.js +90 -0
  147. package/dist/tools/web-fetch.test.js.map +1 -0
  148. package/dist/tools/web-search.d.ts +1 -0
  149. package/dist/tools/web-search.d.ts.map +1 -1
  150. package/dist/tools/web-search.js +167 -27
  151. package/dist/tools/web-search.js.map +1 -1
  152. package/dist/tools/web-search.test.d.ts +2 -0
  153. package/dist/tools/web-search.test.d.ts.map +1 -0
  154. package/dist/tools/web-search.test.js +119 -0
  155. package/dist/tools/web-search.test.js.map +1 -0
  156. package/dist/tools/write.d.ts +1 -1
  157. package/dist/tools/write.d.ts.map +1 -1
  158. package/dist/tools/write.js +3 -1
  159. package/dist/tools/write.js.map +1 -1
  160. package/dist/tools/write.test.js +23 -0
  161. package/dist/tools/write.test.js.map +1 -1
  162. package/dist/ui/App.d.ts +54 -5
  163. package/dist/ui/App.d.ts.map +1 -1
  164. package/dist/ui/App.js +533 -241
  165. package/dist/ui/App.js.map +1 -1
  166. package/dist/ui/activity-phrases.d.ts +2 -1
  167. package/dist/ui/activity-phrases.d.ts.map +1 -1
  168. package/dist/ui/activity-phrases.js +11 -1
  169. package/dist/ui/activity-phrases.js.map +1 -1
  170. package/dist/ui/components/ActivityIndicator.d.ts +15 -1
  171. package/dist/ui/components/ActivityIndicator.d.ts.map +1 -1
  172. package/dist/ui/components/ActivityIndicator.js +143 -44
  173. package/dist/ui/components/ActivityIndicator.js.map +1 -1
  174. package/dist/ui/components/ActivityIndicator.test.d.ts +2 -0
  175. package/dist/ui/components/ActivityIndicator.test.d.ts.map +1 -0
  176. package/dist/ui/components/ActivityIndicator.test.js +40 -0
  177. package/dist/ui/components/ActivityIndicator.test.js.map +1 -0
  178. package/dist/ui/components/AnimationContext.d.ts +8 -2
  179. package/dist/ui/components/AnimationContext.d.ts.map +1 -1
  180. package/dist/ui/components/AnimationContext.js +94 -16
  181. package/dist/ui/components/AnimationContext.js.map +1 -1
  182. package/dist/ui/components/AssistantMessage.js +1 -1
  183. package/dist/ui/components/AssistantMessage.js.map +1 -1
  184. package/dist/ui/components/CompactionNotice.d.ts +5 -1
  185. package/dist/ui/components/CompactionNotice.d.ts.map +1 -1
  186. package/dist/ui/components/CompactionNotice.js +4 -6
  187. package/dist/ui/components/CompactionNotice.js.map +1 -1
  188. package/dist/ui/components/Footer.d.ts +10 -2
  189. package/dist/ui/components/Footer.d.ts.map +1 -1
  190. package/dist/ui/components/Footer.js +45 -8
  191. package/dist/ui/components/Footer.js.map +1 -1
  192. package/dist/ui/components/InputArea.d.ts.map +1 -1
  193. package/dist/ui/components/InputArea.js +76 -28
  194. package/dist/ui/components/InputArea.js.map +1 -1
  195. package/dist/ui/components/ServerToolExecution.d.ts +1 -0
  196. package/dist/ui/components/ServerToolExecution.d.ts.map +1 -1
  197. package/dist/ui/components/ServerToolExecution.js +21 -2
  198. package/dist/ui/components/ServerToolExecution.js.map +1 -1
  199. package/dist/ui/components/Spinner.d.ts +3 -1
  200. package/dist/ui/components/Spinner.d.ts.map +1 -1
  201. package/dist/ui/components/Spinner.js +10 -4
  202. package/dist/ui/components/Spinner.js.map +1 -1
  203. package/dist/ui/components/StreamingArea.js +1 -1
  204. package/dist/ui/components/StreamingArea.js.map +1 -1
  205. package/dist/ui/components/SubAgentPanel.d.ts.map +1 -1
  206. package/dist/ui/components/SubAgentPanel.js +3 -4
  207. package/dist/ui/components/SubAgentPanel.js.map +1 -1
  208. package/dist/ui/components/ToolExecution.d.ts +2 -0
  209. package/dist/ui/components/ToolExecution.d.ts.map +1 -1
  210. package/dist/ui/components/ToolExecution.js +24 -5
  211. package/dist/ui/components/ToolExecution.js.map +1 -1
  212. package/dist/ui/components/ToolGroupExecution.d.ts.map +1 -1
  213. package/dist/ui/components/ToolGroupExecution.js +23 -2
  214. package/dist/ui/components/ToolGroupExecution.js.map +1 -1
  215. package/dist/ui/components/ToolUseLoader.d.ts +4 -2
  216. package/dist/ui/components/ToolUseLoader.d.ts.map +1 -1
  217. package/dist/ui/components/ToolUseLoader.js +3 -3
  218. package/dist/ui/components/ToolUseLoader.js.map +1 -1
  219. package/dist/ui/components/index.d.ts +1 -2
  220. package/dist/ui/components/index.d.ts.map +1 -1
  221. package/dist/ui/components/index.js +1 -2
  222. package/dist/ui/components/index.js.map +1 -1
  223. package/dist/ui/hooks/useAgentLoop.d.ts +4 -1
  224. package/dist/ui/hooks/useAgentLoop.d.ts.map +1 -1
  225. package/dist/ui/hooks/useAgentLoop.js +110 -13
  226. package/dist/ui/hooks/useAgentLoop.js.map +1 -1
  227. package/dist/ui/hooks/useBlink.d.ts.map +1 -1
  228. package/dist/ui/hooks/useBlink.js +3 -4
  229. package/dist/ui/hooks/useBlink.js.map +1 -1
  230. package/dist/ui/hooks/useTerminalSize.d.ts +12 -3
  231. package/dist/ui/hooks/useTerminalSize.d.ts.map +1 -1
  232. package/dist/ui/hooks/useTerminalSize.js +16 -1
  233. package/dist/ui/hooks/useTerminalSize.js.map +1 -1
  234. package/dist/ui/pixel.js +1 -1
  235. package/dist/ui/render.d.ts +44 -5
  236. package/dist/ui/render.d.ts.map +1 -1
  237. package/dist/ui/render.js +56 -8
  238. package/dist/ui/render.js.map +1 -1
  239. package/dist/utils/error-handler.d.ts.map +1 -1
  240. package/dist/utils/error-handler.js +2 -0
  241. package/dist/utils/error-handler.js.map +1 -1
  242. package/package.json +10 -7
  243. package/dist/ui/buddy/Buddy.d.ts +0 -15
  244. package/dist/ui/buddy/Buddy.d.ts.map +0 -1
  245. package/dist/ui/buddy/Buddy.js +0 -118
  246. package/dist/ui/buddy/Buddy.js.map +0 -1
  247. package/dist/ui/buddy/gacha.d.ts +0 -8
  248. package/dist/ui/buddy/gacha.d.ts.map +0 -1
  249. package/dist/ui/buddy/gacha.js +0 -94
  250. package/dist/ui/buddy/gacha.js.map +0 -1
  251. package/dist/ui/buddy/species.d.ts +0 -52
  252. package/dist/ui/buddy/species.d.ts.map +0 -1
  253. package/dist/ui/buddy/species.js +0 -257
  254. package/dist/ui/buddy/species.js.map +0 -1
  255. package/dist/ui/components/ThinkingIndicator.d.ts +0 -6
  256. package/dist/ui/components/ThinkingIndicator.d.ts.map +0 -1
  257. package/dist/ui/components/ThinkingIndicator.js +0 -145
  258. package/dist/ui/components/ThinkingIndicator.js.map +0 -1
@@ -6,102 +6,464 @@ export const PROMPT_COMMANDS = [
6
6
  {
7
7
  name: "scan",
8
8
  aliases: [],
9
- description: "Find dead code, bugs, and security issues",
10
- prompt: `Find quick wins in this codebase. Spawn 5 sub-agents in parallel using the subagent tool (call the subagent tool 5 times in a single response, each with a different task), each focusing on one area. Adapt each area to what's relevant for THIS project's stack and architecture.
9
+ description: "Find confirmed dead code only",
10
+ prompt: `# Scan: Confirmed Dead Code Review
11
11
 
12
- **Agent 1 - Performance**: Inefficient algorithms, unnecessary work, missing early returns, blocking operations, things that scale poorly
12
+ Find dead code in this codebase. Do not look for bugs, security issues, performance issues, style issues, or refactors. This command is report-first: do not edit or delete anything until the user chooses an option at the end.
13
13
 
14
- **Agent 2 - Dead Weight**: Unused code, unreachable paths, stale comments/TODOs, obsolete files, imports to nowhere
14
+ ## Phase 1: Parallel dead-code search
15
15
 
16
- **Agent 3 - Lurking Bugs**: Unhandled edge cases, missing error handling, resource leaks, race conditions, silent failures
16
+ Spawn exactly 3 sub-agents in parallel using the subagent tool (call the subagent tool 3 times in a single response), each with a different validation angle:
17
17
 
18
- **Agent 4 - Security**: Hardcoded secrets, injection risks, exposed sensitive data, overly permissive access, unsafe defaults
18
+ **Agent 1 - Static Reachability**: Check exports, imports, call sites, route registration, command registration, component usage, tests, package entrypoints, and public API surfaces. Identify candidates only when references appear absent or unreachable.
19
19
 
20
- **Agent 5 - Dependencies & Config**: Unused packages, vulnerable dependencies, misconfigured settings, dead environment variables, orphaned config files
20
+ **Agent 2 - Runtime & Dynamic Usage**: Check dynamic loading, reflection, string-based references, plugin systems, CLI commands, routes, config keys, generated-code hooks, framework conventions, side-effect imports, and files used outside TypeScript import graphs.
21
21
 
22
- ## The Only Valid Findings
22
+ **Agent 3 - Historical & Boundary Safety**: Check git history, package manifests, build configs, docs, examples, scripts, CI, release artifacts, and external-facing filenames/API names that may be consumed by users even if unused internally.
23
23
 
24
- A finding is ONLY valid if it falls into one of these categories:
24
+ Each sub-agent must return only candidates with file:line ranges, estimated line counts, validation evidence, and reasons removal may be unsafe. Finding nothing is valid.
25
25
 
26
- 1. **Dead** - Code that literally does nothing. Unused, unreachable, no-op.
27
- 2. **Broken** - Will cause errors, crashes, or wrong behavior. Not "might" - WILL.
28
- 3. **Dangerous** - Security holes, data exposure, resource exhaustion.
26
+ ## Phase 2: Main-agent validation
29
27
 
30
- That's it. Three categories. If it doesn't fit, don't report it.
28
+ For every candidate, validate it yourself before reporting it:
31
29
 
32
- **NOT valid findings:**
33
- - "This works but could be cleaner" - NO
34
- - "Modern best practice suggests..." - NO
35
- - "This is verbose/repetitive but functional" - NO
36
- - "You could use X instead of Y" - NO
37
- - "This isn't how I'd write it" - NO
30
+ 1. Search for references with grep/find and language-aware patterns where possible, including exact symbol names, filenames, route names, config keys, CLI command names, test names, and documented examples.
31
+ 2. Check exports and package/public entrypoints before marking anything removable.
32
+ 3. Check framework conventions and dynamic lookup risks before marking anything removable. Use official docs when a framework/tool convention could imply usage without direct imports.
33
+ 4. Check whether removing it would change public API, CLI behavior, routes, config support, migration behavior, generated artifacts, docs examples, tests, or side effects.
34
+ 5. For code-level removal tasks, kencode search is secondary: use it only to verify framework/tool conventions or common generated-code patterns that could make code appear unused locally. Do not treat absence from public code search as proof that local code is dead.
35
+ 6. If evidence is incomplete, mark safety as Low or drop the finding.
38
36
 
39
- If the code works, isn't dangerous, and does something - leave it alone.
37
+ ## What counts as dead code
40
38
 
41
- ## Output Format
39
+ Report only code that is validated as one of:
42
40
 
43
- For each finding:
44
- \`\`\`
45
- [DEAD/BROKEN/DANGEROUS] file:line - What it is
46
- Impact: What happens if left unfixed
47
- \`\`\`
41
+ - **Unused file**: no imports, no entrypoint references, no dynamic/framework usage, no public/exported contract.
42
+ - **Unused export**: exported but not referenced internally or by package entrypoints, and not part of documented/public API.
43
+ - **Unreachable branch**: condition/path cannot execute based on current code and config.
44
+ - **Obsolete artifact**: stale script/config/example/generated artifact no longer referenced by build, docs, package manifests, or CI.
45
+ - **No-op code**: code executes but has no observable effect and no intentional placeholder/documentation purpose.
46
+
47
+ Do not report:
48
+ - Public APIs, package exports, CLI commands, routes, config keys, migrations, docs examples, tests, generated-code integration points, or plugin hooks unless you can prove they are obsolete.
49
+ - Code only unused in the current test suite.
50
+ - Code that might be used through strings, framework conventions, side effects, or external consumers.
51
+ - Anything you are not confident is safe to remove.
52
+
53
+ ## Safety labels
54
+
55
+ - **High**: Strong evidence from static references, entrypoints, configs, docs, tests, and dynamic-use checks; removal is likely safe.
56
+ - **Medium**: Probably dead, but one boundary or dynamic-use risk remains; remove only with targeted verification.
57
+ - **Low**: Suspicious but not proven; do not remove without more investigation.
58
+
59
+ ## Final output
60
+
61
+ Output one concise table, prioritized by safety and impact. No prose before the table.
62
+
63
+ | Priority | Location | Lines | Dead-code type | Evidence | Safety to remove | Recommended action |
64
+ |---|---|---:|---|---|---|---|
65
+ | P0/P1/P2/P3 | file:line-line | N | unused file/export/branch/artifact/no-op | one sentence | High/Medium/Low | Remove / Investigate / Keep |
66
+
67
+ Priority guide:
68
+ - **P0**: High-safety removal with meaningful line or complexity reduction.
69
+ - **P1**: High-safety small removal, or Medium-safety meaningful cleanup.
70
+ - **P2**: Medium-safety small cleanup; needs targeted verification.
71
+ - **P3**: Low-safety candidate; keep unless user wants deeper investigation.
72
+
73
+ Rules:
74
+ - Put High safety rows first, then Medium, then Low.
75
+ - Keep each table cell short.
76
+ - If no confirmed dead code is found, output one row saying none found and set action to \`Keep\`.
77
+ - Do not recommend deletion for Low-safety rows.
78
+
79
+ After the table, ask exactly:
80
+
81
+ What should I do?
82
+ A) Create tasks to remove all High-safety dead code
83
+ B) Create tasks to remove only top priorities
84
+ C) Skip
85
+
86
+ Do not start deleting or editing until the user chooses.
48
87
 
49
- Finding nothing is a valid outcome. Most codebases don't have easy wins - that's fine.`,
88
+ If the user chooses A or B, do not remove code directly. Instead, use the tasks tool to create one task per selected removal or tightly coupled removal group, ordered by dependency and risk. Each task prompt must be standalone and include the exact locations, safety evidence, reference-search requirements, removal instructions, project verification commands, and instructions to prove the removal did not delete used code before marking the task complete. That proof must include fresh local reference searches after editing, relevant project checks/tests, and official-docs or kencode comparison only where framework/tool conventions or generated-code patterns could imply hidden usage. After creating tasks, tell the user exactly: "Tasks created. Press CTRL + T to open the Tasks Pane and press R to run all tasks." Do not begin executing them unless the user explicitly starts a task.`,
50
89
  },
51
90
  {
52
91
  name: "verify",
53
92
  aliases: [],
54
- description: "Verify code against docs and best practices",
55
- prompt: `Verify this codebase against current best practices and official documentation. Spawn 8 sub-agents in parallel using the subagent tool (call the subagent tool 8 times in a single response, each with a different task), each focusing on one category. Each agent must VERIFY findings using real code samples or official docs - no assumptions allowed.
93
+ description: "Review this codebase against real-world implementations",
94
+ prompt: `# Verify: Codebase Real-World Check
95
+
96
+ Review this codebase's implementation against real-world code, not opinions. Start with changes from this conversation or \`git diff\` / \`git status\`; if there are no relevant changes, choose the most important implemented feature or module in the current project and review that.
97
+
98
+ ## Phase 1: Parallel codebase review
99
+
100
+ Spawn exactly 3 sub-agents in parallel using the subagent tool (call the subagent tool 3 times in a single response), each with a different focus:
101
+
102
+ **Agent 1 - Implementation Shape**: Identify the main APIs, components, functions, file structure, state flow, and integration points. Return only concrete search anchors and candidate concerns.
103
+
104
+ **Agent 2 - Completeness**: Check whether the implementation appears to miss expected pieces: edge cases, cleanup, error states, validation, tests, configuration, accessibility, migrations, docs, or lifecycle handling. Return only concrete candidate gaps.
105
+
106
+ **Agent 3 - Divergence**: Look for unusual patterns, over-custom code, reinvented utilities, brittle abstractions, or choices that may differ from how mature projects solve the same problem. Return only concrete candidate divergences.
107
+
108
+ Each sub-agent must include file:line references and suggested literal search anchors for kencode search, such as imports, function names, hooks, props, config keys, or API calls. Do not report subjective style preferences.
109
+
110
+ ## Phase 2: Real-world comparison with kencode search
111
+
112
+ After the 3 agents return, use \`mcp__kencode-search__searchCode\` yourself to verify or reject their candidates.
113
+
114
+ Search rules:
115
+ - Use literal code tokens, not conceptual phrases.
116
+ - Prefer imports, framework identifiers, config keys, hook names, component names, and API calls from this codebase.
117
+ - Use \`peek: true\` first when exploring, then fetch narrowed examples with repo/path filters when useful.
118
+ - Compare against multiple real repositories when possible; one repo is weak evidence unless it is an official or canonical implementation.
119
+ - If kencode search is unavailable or returns insufficient evidence, say that in the Evidence column and lower confidence.
120
+
121
+ ## What to classify
122
+
123
+ Report only findings that fit one of these:
124
+
125
+ 1. **Aligned** - The implementation matches consistent real-world practice. No action needed.
126
+ 2. **Missing** - Real-world implementations consistently include something this code lacks.
127
+ 3. **Divergent** - This code differs from common implementations in a way that likely matters.
128
+ 4. **Better Elsewhere** - Real-world implementations solve the same problem more robustly or simply, with evidence.
129
+
130
+ Drop anything that is only taste, personal preference, or unsupported by code evidence.
131
+
132
+ ## Final output
133
+
134
+ Output one concise table, prioritized by impact. No prose before the table.
135
+
136
+ | Priority | Type | Location | Finding | Evidence | Recommended action |
137
+ |---|---|---|---|---|---|
138
+ | P0/P1/P2/P3 | Missing/Divergent/Better Elsewhere/Aligned | file:line | one sentence | kencode evidence in one sentence | concrete action or \`None\` |
139
+
140
+ Priority guide:
141
+ - **P0**: likely bug, data loss, security risk, or broken integration.
142
+ - **P1**: important missing behavior or maintainability risk.
143
+ - **P2**: useful improvement backed by real-world evidence.
144
+ - **P3**: aligned/no-action observations.
145
+
146
+ Rules:
147
+ - Keep each table cell short.
148
+ - Put action-taking findings before aligned findings.
149
+ - If everything is aligned, output only aligned rows and set every action to \`None\`.
150
+ - If there is not enough evidence for any finding, output one row explaining that verification was inconclusive.
151
+
152
+ After the table, ask exactly:
153
+
154
+ Which should I do?
155
+ A) Create tasks to refine and adjust all
156
+ B) Create tasks for just top priorities
157
+ C) Skip
158
+
159
+ Do not start fixing until the user chooses.
160
+
161
+ If the user chooses A or B, do not fix directly. Instead, use the tasks tool to create one task per selected finding or tightly coupled finding group, ordered by dependency and priority. Each task prompt must be standalone and include the finding, affected local files/anchors, kencode evidence from the report, instructions to compare the approach with kencode search before editing, implementation instructions, project verification commands, and instructions to compare the final implementation with kencode search again before marking the task complete. After creating tasks, tell the user exactly: "Tasks created. Press CTRL + T to open the Tasks Pane and press R to run all tasks." Do not begin executing them unless the user explicitly starts a task.`,
162
+ },
163
+ {
164
+ name: "expand",
165
+ aliases: [],
166
+ description: "Find high-value gaps by comparing this project to current alternatives",
167
+ prompt: `# Expand: Current Competitive Gap Review
168
+
169
+ Find high-value gaps by comparing this project to similar, adjacent, and best-in-class repositories/tools/websites/services. This command is project-agnostic: infer what THIS project is before choosing comparisons. This command is report-first: do not edit, install, or implement anything until the user chooses an option at the end.
170
+
171
+ ## Phase 0: Profile this project first
172
+
173
+ Before external research, inspect the local project and write a private working profile:
174
+
175
+ - What the project does, who it serves, and how it ships/runs.
176
+ - Core workflows, entrypoints, packages/modules, integrations, and user-facing surfaces.
177
+ - Existing features, security controls, developer tooling, docs, tests, release/ops setup, and architecture patterns.
178
+ - The most relevant comparison categories for THIS project. Do not assume this is an AI-agent app unless the repo proves it.
179
+
180
+ Use this profile to decide what kinds of external projects are relevant. If the user passed arguments to /expand, treat them as a focus area and prioritize that lens while still validating project relevance.
181
+
182
+ ## Phase 1: Parallel expansion research
183
+
184
+ Spawn exactly 5 sub-agents in parallel using the subagent tool (call the subagent tool 5 times in a single response). Give each sub-agent the project profile and a different comparison lens. Adapt the lenses to the project, but cover these defaults unless clearly irrelevant:
185
+
186
+ **Agent 1 - Direct peers & product features**: Find actively maintained projects/tools/services closest to this project. Look for user-facing capabilities, workflows, integrations, onboarding, and monetizable/retention-driving features they have that this project lacks.
187
+
188
+ **Agent 2 - Security, privacy & recent incidents**: Find recent security/privacy hardening, dependency ecosystem changes, advisories, exploit mitigations, auth/session patterns, sandboxing, supply-chain defenses, and issue/PR fixes from comparable projects that this project should consider.
189
+
190
+ **Agent 3 - Architecture, code quality & implementation shape**: Compare code organization, APIs, extensibility, agent/runtime loops, data models, concurrency, error handling, configuration, plugin systems, and maintainability patterns. Include cleaner implementation ideas only when they produce concrete user/developer value.
191
+
192
+ **Agent 4 - Developer experience, ops & release maturity**: Compare tests, CI/CD, docs, examples, templates, telemetry/observability, migrations, upgrade paths, packaging, installation, local dev, debugging, and support workflows.
193
+
194
+ **Agent 5 - Ecosystem, trends & adjacent inspiration**: Look beyond direct peers to adjacent current tools, libraries, SaaS products, standards, RFCs, framework releases, and recent commits/releases that suggest important missing directions.
195
+
196
+ Each sub-agent must:
56
197
 
57
- **Agent 1 - Core Framework**: Detect the main framework, verify usage patterns against official documentation
198
+ 1. Use current sources: prefer repos/releases/commits/docs/articles updated within the last 6 months. Drop old or stale sources unless they are canonical and still actively maintained.
199
+ 2. Return only candidates that appear absent or materially weaker in this project.
200
+ 3. Include source names/URLs, freshness date (commit/release/article/doc date), and the local search anchors they used or recommend to verify absence.
201
+ 4. Separate findings into useful categories for the final report, such as Security, Product, Architecture, Developer Experience, Operations, or Ecosystem.
202
+ 5. Avoid generic wishlist items. Every candidate must be grounded in an external comparison and relevant to this project profile.
58
203
 
59
- **Agent 2 - Dependencies/Libraries**: Check if library APIs being used are current or deprecated. Verify against library documentation
204
+ ## Phase 2: Main-agent validation against this repo
60
205
 
61
- **Agent 3 - Language Patterns**: Identify the primary language, verify idioms and patterns are current
206
+ For every candidate from the sub-agents, validate it yourself before reporting:
62
207
 
63
- **Agent 4 - Configuration**: Examine build tools, bundlers, linters, and config files. Verify settings against current tool documentation
208
+ 1. Confirm the external source is relevant to this project and fresh enough (normally within 6 months).
209
+ 2. Search this repo with grep/find and language-aware anchors to check whether the feature/pattern/control already exists under another name.
210
+ 3. Check manifests, docs, configs, package exports, routes, CLI commands, tests, CI, examples, and framework conventions before calling something missing.
211
+ 4. Use mcp__kencode-search__searchCode when code-level comparison would clarify whether the external implementation is materially cleaner or more complete. Use literal imports, functions, config keys, CLI flags, route names, or package names — not conceptual phrases.
212
+ 5. Drop anything already present, not applicable, too vague, too stale, or unsupported by evidence.
213
+ 6. Keep the report short: prioritize the highest-value gaps over completeness.
64
214
 
65
- **Agent 5 - Security Patterns**: Review auth, data handling, secrets management. Verify against current security guidance and OWASP recommendations
215
+ ## What counts as a reportable gap
66
216
 
67
- **Agent 6 - Testing**: Identify test framework in use, verify testing patterns match current library recommendations
217
+ Report only gaps that are:
68
218
 
69
- **Agent 7 - API/Data Handling**: Review data fetching, state management, storage patterns. Verify against current patterns and framework docs
219
+ - **Missing capability**: A relevant current peer has a feature, integration, workflow, or user-facing behavior this project lacks.
220
+ - **Security/privacy hardening**: A current source addressed a meaningful risk this project has not addressed.
221
+ - **Operational maturity**: A relevant project has CI, release, observability, packaging, migration, or support practices this project lacks.
222
+ - **Developer experience**: A relevant project has docs, examples, tests, debugging, local dev, extension points, or generated commands that would materially improve this project.
223
+ - **Implementation quality**: A comparable codebase handles a shared concern more simply, safely, extensibly, or robustly, and this repo lacks that pattern.
224
+ - **Ecosystem alignment**: A recent framework/API/standard/release changed expectations and this project has not caught up.
70
225
 
71
- **Agent 8 - Error Handling**: Examine error handling patterns, verify they match library documentation
226
+ Do not report:
72
227
 
73
- ## Agent Workflow
228
+ - Ideas not tied to a real current source.
229
+ - Things this repo already has, even if named differently.
230
+ - Stale comparisons with no activity in the last 6 months unless canonical and still relevant.
231
+ - Pure taste or style preferences.
232
+ - Massive rewrites unless there is a specific incremental gap to implement.
233
+ - Low-confidence guesses.
74
234
 
75
- Each agent MUST follow this process:
76
- 1. **Identify** - What's relevant in THIS project for your category
77
- 2. **Find** - Locate specific implementations in the codebase
78
- 3. **Verify** - Check against real code or official docs
79
- 4. **Report** - Only report when verified current practice differs from codebase
235
+ ## Priority levels
80
236
 
81
- ## The Only Valid Findings
237
+ - **P0**: Critical gap: security exposure, data loss risk, broken compatibility, major missing core workflow, or urgent ecosystem change.
238
+ - **P1**: High-value gap: important feature/hardening/DX/ops improvement with strong external evidence and clear fit.
239
+ - **P2**: Useful gap: meaningful but not urgent, or requires a scoped design decision before implementation.
240
+ - **P3**: Exploratory gap: promising but lower confidence or lower immediate impact. Use sparingly.
82
241
 
83
- A finding is ONLY valid if:
84
- 1. **OUTDATED** - Works but uses old patterns with verified better alternatives
85
- 2. **DEPRECATED** - Uses APIs marked deprecated in current official docs
86
- 3. **INCORRECT** - Implementation contradicts official documentation
242
+ ## Final output
87
243
 
88
- **NOT valid findings:**
89
- - "I think there's a better way" without verification - NO
90
- - "This looks old" without proof - NO
91
- - Style preferences or subjective improvements - NO
92
- - Anything not verified via real code or official docs - NO
244
+ Output separate category sections only for categories with findings. No prose before the first section. Each section must use a table with exactly these 3 columns:
93
245
 
94
- ## Output Format
246
+ | Repo/tool/source | Feature or gap | Priority |
247
+ |---|---|---|
248
+ | name + fresh date | concise gap, evidence, and why this repo lacks it | P0/P1/P2/P3 |
249
+
250
+ Rules:
251
+
252
+ - The table must have exactly 3 columns. Put source URL/date/evidence and local absence proof inside the first two cells, not extra columns.
253
+ - Sort rows by priority within each category: P0, then P1, then P2, then P3.
254
+ - Keep each cell concise but specific enough to be actionable.
255
+ - If no validated gaps are found, output one table row saying no fresh validated gaps were found.
256
+ - Do not include implementation prose after the tables except the options below.
257
+
258
+ After the tables, ask exactly:
259
+
260
+ What should I do?
261
+ A) Create tasks for all P0/P1 gaps
262
+ B) Create tasks for only the top priority gap from each category
263
+ C) Skip
264
+
265
+ Do not start implementing until the user chooses.
266
+
267
+ If the user chooses A or B, do not implement gaps directly. Instead, use the tasks tool to create one implementation task per selected gap, ordered by dependency and priority.
268
+
269
+ Each task prompt must be standalone and include:
270
+
271
+ 1. The specific gap, including relevant local files/anchors and source evidence from the /expand report.
272
+ 2. Instructions to compare the implementation approach with kencode search before editing, using literal code tokens and current real-world examples.
273
+ 3. Instructions to implement the gap in the local codebase.
274
+ 4. Instructions to verify correctness after implementation by running project checks and by comparing the final implementation with kencode search again before marking the task complete.
275
+
276
+ Do not create planning tasks, do not instruct tasks to use planning-only workflows, and do not create or write implementation plans from /expand selections.
277
+
278
+ After creating tasks, tell the user exactly: "Tasks created. Press CTRL + T to open the Tasks Pane and press R to run all tasks." Do not begin executing them unless the user explicitly starts a task.`,
279
+ },
280
+ {
281
+ name: "bullet-proof",
282
+ aliases: ["bp"],
283
+ description: "Defensive security review — audit the project for exploitable weaknesses",
284
+ prompt: `# Bullet-Proof: Defensive Security Review
285
+
286
+ You are a defensive security auditor reviewing this codebase to identify exploitable weaknesses so they can be patched before the project ships. Think rigorously about realistic threat scenarios — boundary checks, edge cases, race conditions, trust assumptions, supply-chain risks, agent-mediated paths.
287
+
288
+ Goal: harden this project against realistic threats. **Report only HIGH CONFIDENCE findings (≥0.8) with a concrete data-flow path that demonstrates exposure.** Better to miss theoretical issues than flood the report with noise.
289
+
290
+ This command is **dynamic and project-agnostic**. Recon drives everything. Do not assume the stack, the language, the deploy target, or that there is an LLM/agent layer. Read first, decide second.
291
+
292
+ ## Phase 1: Recon — Understand THIS project before auditing anything
293
+
294
+ Spawn **FOUR recon subagents in parallel** using the subagent tool (call the subagent tool 4 times in a single response). Each has a narrow, independent slice so they can all run at once. **No vulnerabilities flagged in this phase.**
295
+
296
+ **Recon Agent A — Stack & Deployment.** Read manifests, lockfiles, CI/CD configs, Dockerfile/Helm/Terraform, deploy scripts. Produce:
297
+ - Primary language(s), framework(s), runtimes
298
+ - Deploy target (browser / server / CLI / mobile / desktop / embedded / cloud function / container / serverless / smart contract / firmware / ML pipeline / library / SaaS / self-hosted)
299
+ - How it ships (npm/PyPI/cargo/go modules/app store/binary/Docker image/Helm chart/Terraform)
300
+ - Where it runs (which cloud/host, multi-tenant or single-tenant, network topology if discernible)
301
+
302
+ **Recon Agent B — Trust Boundaries & Sources.** Walk entry-point code (route handlers, CLI argparse, queue consumers, WebSocket handlers, IPC receivers, MCP server handlers, file/env readers, deserialization entry, plugin loaders). Produce:
303
+ - **Trust boundaries table** — every place untrusted data crosses into the system
304
+ - **Sources table** — for each entry point: location (file:line), input shape, who controls it (anonymous / authenticated user / admin / other service / build-time / env)
305
+
306
+ **Recon Agent C — Sinks.** Walk dangerous-operation code. Produce a **Sinks table** with location (file:line) and sink type for: shell exec, SQL / NoSQL / LDAP / XPath queries, eval / Function / exec / pickle / yaml.load / Marshal / ObjectInputStream, file write, file include / require with dynamic path, network egress (fetch / requests / http.Get), auth decisions, secret reads, native deserializers, dynamic code load, smart-contract external calls, child_process spawns.
307
+
308
+ **Recon Agent D — Assets.** Scan for what is worth stealing or destroying. Produce an **Assets table** with location and asset type for: credentials / tokens (config files, env files, KMS, OAuth flows, ~/.{app}/auth.json-style stores), customer/PII data stores, source code with IP value, build/CI secrets, signing keys, model API tokens, on-chain funds / wallets, session state, MCP config files, license keys.
309
+
310
+ **After all four return, the main agent synthesizes:**
311
+ 1. Assemble the four tables (Stack/Deploy, Sources, Sinks, Assets) into the recon report
312
+ 2. Add the **Threat model** — concrete to THIS project, derived from the four agents' outputs. Who would realistically target it and what for? (Examples: supply-chain risks affecting downstream users of a library; multi-tenant abuse on a SaaS; untrusted user input on a CLI/mobile app; insider risk with repo access; phishing-based account takeover; coding-agent risks from injected web content; on-chain reentrancy risks for a smart contract.) Be specific.
313
+ 3. Note any obvious gaps the four recon agents flagged (areas that need a deeper look in Phase 3)
314
+
315
+ ## Phase 2: Plan the audit — recon drives this
316
+
317
+ From the recon output, decide which vulnerability classes apply to THIS project. **Skip audits with no entry surface.** A static documentation site does not get a SQLi audit. A Rust embedded firmware project does not get a prompt-injection audit. A Python ML pipeline does get pickle/yaml audits. A library that ships to others gets supply-chain weighted heavily.
318
+
319
+ Default catalog — pick what applies, drop what doesn't, add stack-specific audits where recon shows a unique surface:
320
+
321
+ | Audit | Fires when | Audits for |
322
+ |---|---|---|
323
+ | **Injection** | unsanitized input reaches an interpreter | SQLi, command injection, template injection, eval/Function/exec, pickle/yaml.load, NoSQL/LDAP/XPath injection, prompt injection |
324
+ | **AuthN/AuthZ/Session** | any auth, session, or access-control logic exists | broken access control (IDOR, BOLA), JWT alg confusion / alg:none, OAuth state/PKCE/redirect-uri abuse, session fixation, missing rate limit on credential checks, MFA bypass, TOCTOU races |
325
+ | **Secrets & exposure paths** | any secret/credential/token exists | hardcoded keys, logs/errors/debug-file leakage, source maps in published artifacts, telemetry leakage, prototype pollution exposing secrets, \`JSON.stringify(err)\` shapes, env dump in error pages, exposed \`.git\`/\`.env\`/\`.map\` |
326
+ | **Supply chain** | any dependency manager or external code | unpinned deps/actions, postinstall scripts, typosquats, **slopsquats (AI-hallucinated package names registered by malicious parties)**, dependency confusion, lockfile drift, install-time \`curl \\| sh\`, unsigned releases, unverified maintainer takeovers, self-spreading worms (Shai-Hulud family) |
327
+ | **CI/CD & build integrity** | any CI workflow, release pipeline | \`pull_request_target\` + checkout of PR HEAD (Pwn Request), Actions cache poisoning, OIDC token theft from \`/proc\`, self-hosted runner reuse, secret echoes, missing \`permissions:\` block |
328
+ | **SSRF, path traversal, file ops** | any URL/path/file built from input | SSRF to metadata endpoints (IMDSv1), path traversal, zip-slip, symlink races, unrestricted upload, archive extraction outside target dir |
329
+ | **Cloud/infra & misconfig** | any IaC, container, cloud SDK use | overpermissive IAM (\`Action:*\`, \`iam:PassRole:*\`), public buckets, IMDSv1, exposed K8s API/kubelet, presigned URLs without expiry, default creds, debug endpoints in prod, CORS \`origin:*\` + \`credentials:true\` |
330
+ | **Crypto** | any crypto/hashing/signing | weak algos (MD5/SHA1 for auth), missing IV, ECB mode, hardcoded keys, JWT \`alg:none\`, non-constant-time compare on secrets, predictable PRNG for tokens |
331
+ | **Agent surface** | only if recon detected LLM/AI/MCP/coding-agent/tool-calling code | indirect prompt injection via fetched content, MCP tool poisoning, tool-description injection (ToolLeak), system-prompt exposure via tool args, **Rules-File Backdoor (Unicode bidi / zero-width chars hiding instructions in CLAUDE.md / .cursorrules / AGENTS.md)**, malicious CLAUDE.md walking up parent dirs, DNS-exfil via coerced tool calls, RAG / memory / context poisoning, vector-store embedding risks |
332
+ | **Dangerous-sink dataflow (taint)** | Sources × Sinks tables are non-empty | trace each Source through the codebase to every reachable Sink; flag reachable paths with no sanitization between |
333
+
334
+ **Add stack-specific audits when recon surfaces them**: smart-contract reentrancy/oracle manipulation; mobile IPC / deep links / pasteboard / WebView \`addJavascriptInterface\`; embedded firmware update integrity, debug interfaces left enabled; ML model deserialization, training-data poisoning, MLflow/Triton config exposure.
335
+
336
+ ## Phase 3: Parallel audits
337
+
338
+ Spawn one subagent per active audit **in a single response** (call the subagent tool N times **with \`agent: "auditor"\`**, where N is whatever Phase 2 picked — do not pad to a fixed number, do not drop audits Phase 2 selected). The \`auditor\` agent has the defensive-review persona and exclusion list baked in, so your task description only needs the vulnerability-class scope. Each auditor receives:
339
+ - The full recon output (Sources, Sinks, Assets, Threat model)
340
+ - Its specific vulnerability-class scope
341
+ - The 2026 threat reference at the bottom of this prompt
342
+
343
+ Each auditor must:
344
+ 1. **Trace data flow** from Sources to Sinks for its class. Not pattern matching.
345
+ 2. For every candidate, apply the **untrusted-input vs trusted-input** decision: is the input *actually reachable* by an untrusted source, or is it a settings constant / build-time string / hard-coded value?
346
+ 3. Construct a concrete **vulnerability scenario** — describe how the weakness would be triggered (input → system response → resulting exposure). If you can't describe the steps, don't flag it.
347
+ 4. Assign **confidence 0.0–1.0**. Drop anything <0.8 before returning.
348
+ 5. Be framework-aware: ORM parameterization, auto-escape, memory-safe languages, JSX/template escaping all eliminate entire vuln classes. Don't flag what the framework already handles.
349
+
350
+ ## Phase 4: False-positive filter
351
+
352
+ After auditors complete, spawn one verification subagent per surviving finding **in parallel with \`agent: "skeptic"\`** (call the subagent tool once per finding in a single response). The \`skeptic\` agent starts from "this is a false positive" and tries to disprove the finding — only confirmed findings survive. Pass each verifier the full audit finding (location, source/sink, vulnerability scenario, claimed confidence). Drop anything the skeptic returns as DROP; lower severity for DOWNGRADE.
353
+
354
+ **Hard exclusions — do NOT report these, even if real:**
355
+ - DOS / rate-limiting / memory exhaustion without a clear amplification primitive
356
+ - Theoretical race conditions without a demonstrable trigger window
357
+ - Regex-DOS without untrusted-supplied regex
358
+ - Log spoofing / log injection (cosmetic)
359
+ - SSRF where the URL is a settings constant or build-time string
360
+ - Env-var trust (env is server-controlled by definition)
361
+ - Client-side authentication theatre on a server-validated endpoint
362
+ - React/Angular/Vue XSS in non-unsafe-sink paths (\`dangerouslySetInnerHTML\`, \`v-html\`, \`bypassSecurityTrust*\` are the only real ones)
363
+ - Shell-script command injection without an untrusted input path
364
+ - Findings in documentation files, example code, or test fixtures
365
+ - Insecure-by-design dev tooling that doesn't ship to users
366
+ - "Could be improved" style preferences or hardening-best-practice nudges with no demonstrable path
367
+
368
+ ## Phase 5: Report
369
+
370
+ Output one report. No code edits in this phase.
95
371
 
96
- For each finding:
97
372
  \`\`\`
98
- [OUTDATED/DEPRECATED/INCORRECT] file:line - What it is
99
- Current: How it's implemented now
100
- Verified: What the correct/current approach is
101
- Source: URL to official docs or evidence
373
+ # Bullet-Proof Report [Project name from recon]
374
+ Date: [today's date]
375
+ Threat model: [from recon]
376
+
377
+ ## Exposure Surface Summary
378
+ [1-paragraph summary of the project's realistic exposure profile and where untrusted data enters]
379
+
380
+ ## Sources / Sinks / Assets
381
+ [Compact tables from recon]
382
+
383
+ ## Risk Matrix
384
+ | Severity | Count | Definition |
385
+ |---|---|---|
386
+ | Critical | N | RCE, full auth bypass, credential theft, fund loss |
387
+ | High | N | privilege escalation, data exposure with auth, supply-chain compromise |
388
+ | Medium | N | limited-scope info disclosure, weakened crypto, partial bypass |
389
+
390
+ ## Findings
391
+
392
+ ### [BP-001] <title> — Critical
393
+ - Location: path:line
394
+ - Category: <slug> CWE: CWE-XXX Confidence: 0.95
395
+ - Exposure surface: <entry point from Sources>
396
+ - Source → Sink: <e.g. \`POST /api/foo body.userId\` → \`subprocess.run(..., shell=True)\`>
397
+ - Vulnerability scenario:
398
+ 1. Untrusted input <specific payload> reaches <source>
399
+ 2. Server processes it as <what>
400
+ 3. Result: <RCE / data exposure / auth bypass>
401
+ - Impact: <blast radius — what is exposed, how far it spreads>
402
+ - Fix: <concrete remediation, code-level>
403
+
404
+ […repeat per finding, ordered Critical → High → Medium…]
405
+
406
+ ## What was not flagged
407
+ [1-paragraph: which vulnerability classes returned zero findings, and how many findings the FP filter dropped — so the user sees the work, not just the survivors]
102
408
  \`\`\`
103
409
 
104
- No findings is a valid outcome. If implementations match current practices, that's good news.`,
410
+ ## Phase 6: Ask before fixing
411
+
412
+ After the report, ask:
413
+
414
+ > Which (if any) should I fix? Options:
415
+ > - A) Create tasks for all Critical + High
416
+ > - B) Create tasks for specific findings (give IDs, e.g. "BP-001, BP-004")
417
+ > - C) Create tasks for a category (auth, supply chain, secrets, …)
418
+ > - D) None — report only
419
+
420
+ **Do not start fixing until the user picks.**
421
+
422
+ If the user chooses A, B, or C, do not fix directly. Instead, use the tasks tool to create one task per selected finding or tightly coupled finding group, ordered by severity, exploitability, and dependency. Each task prompt must be standalone and include the finding ID, vulnerability scenario, affected local files/anchors, concrete remediation, instructions to compare security-sensitive implementation details with kencode search or authoritative docs before editing, project verification commands, and instructions to compare the final fix with kencode search or authoritative docs again before marking the task complete. After creating tasks, tell the user exactly: "Tasks created. Press CTRL + T to open the Tasks Pane and press R to run all tasks." Do not begin executing them unless the user explicitly starts a task.
423
+
424
+ ## Threat reference (May 2026)
425
+
426
+ Cite these as needed per audit. Do not dump them into the report — use them to verify whether a candidate is actually reachable.
427
+
428
+ **OWASP Top 10:2025** — A01 Broken Access Control (now includes SSRF), A02 Misconfig, **A03 Supply Chain Failures (new)**, A05 Injection (now includes prompt injection), **A10 Mishandling Exceptional Conditions (new — fail-open patterns)**.
429
+
430
+ **OWASP API Security Top 10 (2023)** — BOLA, Broken Auth, BOPLA, SSRF (API7).
431
+
432
+ **OWASP Top 10 for LLM Apps v2025** — LLM01 Prompt Injection (direct + indirect), LLM02 Sensitive Info Disclosure, LLM03 Supply Chain, LLM04 Data & Model Poisoning, LLM05 Improper Output Handling, LLM06 Excessive Agency, **LLM07 System Prompt Leakage (new)**, **LLM08 Vector & Embedding Weaknesses (new — RAG/embedding-store attacks)**, LLM09 Misinformation, LLM10 Unbounded Consumption.
433
+
434
+ **OWASP Top 10 for Agents 2026 (ASI01–10)** — Goal hijack, tool misuse, identity/privilege abuse, agentic supply chain, unexpected code exec, memory/context poisoning, inter-agent comms, cascading failures, human-trust exploit, rogue agents.
435
+
436
+ **Real 2024-2026 incidents — use as grep templates:**
437
+ - tj-actions/changed-files (Mar 14-15 2025, CVE-2025-30066, 23k repos) → unpinned GH Actions, \`uses: foo/bar@main\` / mutable tags, runner-memory secret dumps
438
+ - TanStack Mini Shai-Hulud (May 11 2026, CVE-2026-45321, CVSS 9.6 — 84 versions across 42 \`@tanstack/*\` + UiPath/Mistral/Guardrails/OpenSearch, 169+ packages total, "TeamPCP") → self-spreading npm worm, \`pull_request_target\` + cache poisoning + OIDC token extraction from \`/proc/<pid>/mem\`, persistent \`gh-token-monitor\` daemon
439
+ - Slopsquatting (ongoing 2025-2026, \`react-codeshift\` Jan 2026) → AI coding assistants hallucinate ~20% non-existent package names (open-source models ~21.7%, GPT-4 ~5.2%); malicious parties register the hallucinated names on npm/PyPI. **Verify every package actually existed BEFORE the agent suggested it** — check registry age, download history, author identity
440
+ - XZ Utils (CVE-2024-3094) → unverified maintainer takeovers, multi-year backdoor injection in install scripts
441
+ - Invariant Labs MCP hijack (May 2025) → MCP server returns malicious tool descriptions / crafted issue content
442
+ - Claude Code source-map leak (Mar 2026, 513k LOC) → \`*.map\` files in \`npm pack\` / shipped artifacts
443
+ - Embrace The Red DNS-exfil (Aug 2025) → coding agent coerced into encoding secrets in DNS queries
444
+ - IMDSv1 → AWS creds via SSRF (Mar 2025 campaign) → Terraform missing \`http_tokens = "required"\`
445
+ - GitGuardian 2026 — 28.6M GitHub secret leaks in 2025, 24k inside MCP config files
446
+
447
+ **Language-specific hot zones — only apply to languages actually present:**
448
+ - **Node/TS**: \`child_process.exec\`/\`execSync\`, \`spawn(..., {shell:true})\`, \`eval\`/\`Function\`, \`vm.runIn*\`, prototype pollution via \`lodash.merge\`/\`Object.assign({}, userJson)\`, \`serialize-javascript\`/\`node-serialize\`, source maps in published packages
449
+ - **Python**: \`pickle.load\`, \`yaml.load\` without \`SafeLoader\`, \`eval\`/\`exec\`, \`subprocess.*(shell=True)\`, \`os.system\`, \`Jinja2(autoescape=False)\`, \`flask.render_template_string(user_input)\`, \`requests(verify=False)\`, \`xml.etree\`/\`lxml\` without \`defusedxml\`
450
+ - **Go**: \`exec.Command("sh", "-c", userInput)\`, \`html/template\` vs \`text/template\` confusion, unbounded \`io.ReadAll\`, race-prone \`map\` access without lock
451
+ - **Rust**: \`unsafe\` blocks with raw pointers, \`Command::new("sh").arg("-c")\`, deserializing untrusted \`bincode\`/\`serde_pickle\`/\`serde_json\` with \`#[serde(deny_unknown_fields)]\` missing
452
+ - **Java/JVM**: \`ObjectInputStream\` deserialization, JNDI lookup (Log4Shell-style), \`Runtime.exec(String)\`, XXE in default XML parsers
453
+ - **Ruby**: \`eval\`/\`instance_eval\`, \`Marshal.load\`, \`YAML.load\` (not \`safe_load\`), \`Kernel#system\` with interpolation, mass assignment
454
+ - **PHP**: \`unserialize\`, \`eval\`, \`assert(string)\`, \`include $userInput\`, \`preg_replace\` /e modifier
455
+ - **C/C++**: unsafe \`strcpy\`/\`sprintf\`/\`gets\`, integer overflows, format strings (\`printf(userInput)\`), use-after-free, double-free
456
+ - **Solidity / EVM**: reentrancy, unchecked external calls, integer over/underflow (pre-0.8), \`tx.origin\` for auth, delegatecall to untrusted, oracle manipulation
457
+ - **Mobile (iOS/Android)**: insecure IPC / deep links / pasteboard, WebView \`addJavascriptInterface\`, exported activities/intents without permission checks, insecure local storage
458
+
459
+ ## Rules
460
+
461
+ - **Recon first, audits second.** No audit fires without a recon-identified entry surface to justify it.
462
+ - **No pattern-only findings.** Every flag must have a Sources → Sinks path traced through the code.
463
+ - **No "could be improved" recommendations.** Either it's exploitable or it's not in scope.
464
+ - **Strict confidence gate (≥0.8).** Drop everything else, even if it looks suspicious.
465
+ - **Adapt to the stack, always.** The audit catalog and threat reference above are guidance, not a checklist to apply uniformly.
466
+ - **Report only.** Wait for the user to pick what to fix in Phase 6.`,
105
467
  },
106
468
  {
107
469
  name: "research",
@@ -111,7 +473,7 @@ No findings is a valid outcome. If implementations match current practices, that
111
473
 
112
474
  First, if it's not clear what the project is building, ask me to describe the features, target platform, and any constraints. If you can infer this from the codebase, proceed directly.
113
475
 
114
- Then spawn 6 sub-agents in parallel using the subagent tool (call the subagent tool 6 times in a single response, each with a different task). Every agent must verify ALL recommendations - no training-data assumptions allowed.
476
+ Then spawn 6 sub-agents in parallel using the subagent tool (call the subagent tool 6 times in a single response, each with a different task). Every agent must verify ALL recommendations with current official docs, package registries, releases, or maintained source repositories - no training-data assumptions allowed. Use kencode search for architecture and implementation-shape comparisons where real code examples matter.
115
477
 
116
478
  **Agent 1 - Project Scan**: Read the current working directory. Catalog what already exists: config files, installed deps, directory structure, language/framework already chosen. Report exactly what's in place.
117
479
 
@@ -127,10 +489,11 @@ Then spawn 6 sub-agents in parallel using the subagent tool (call the subagent t
127
489
 
128
490
  ## Agent Rules
129
491
 
130
- 1. Every recommendation MUST be verified - no guessing
131
- 2. Confirm latest stable versions - do not assume version numbers
132
- 3. Pick ONE best option per category - no "you could also use X"
133
- 4. No prose, no hedging, no alternatives lists - decisive answers only
492
+ 1. Every recommendation MUST be verified with a source URL/date - no guessing
493
+ 2. Confirm latest stable versions from official registries or release pages - do not assume version numbers
494
+ 3. Verify CLI flags, config keys, and file formats against official docs before recommending them
495
+ 4. Pick ONE best option per category - no "you could also use X"
496
+ 5. No prose, no hedging, no alternatives lists - decisive answers only
134
497
 
135
498
  ## Output
136
499
 
@@ -168,20 +531,23 @@ Stack: [framework + language + runtime]
168
531
  [URLs used for verification]
169
532
  \`\`\`
170
533
 
171
- Write the file, then summarize what was researched.`,
534
+ Write the file, then summarize what was researched and list the verification sources used. If any recommendation could not be verified from current official sources or maintained repos, omit it rather than guessing.`,
172
535
  },
173
536
  {
174
537
  name: "init",
175
538
  aliases: [],
176
539
  description: "Generate or update CLAUDE.md for this project",
177
- prompt: `Generate or update a minimal CLAUDE.md with project structure, guidelines, and quality checks.
540
+ prompt: `Generate or update a minimal CLAUDE.md with project-specific context only: what this project is, how it is structured, and commands/workflows that are unique to it.
541
+
542
+ Do NOT add generic agent behavior already covered by the system prompt, including: read before edit/write, re-read after formatters, ask before destructive actions, no fake verification, generic code-quality advice, single-responsibility rules, one-file-per-component rules, or language-style conventions. Include only project-specific overrides or stricter local requirements.
178
543
 
179
544
  ## Step 1: Check if CLAUDE.md Exists
180
545
 
181
546
  If CLAUDE.md exists:
182
547
  - Read the existing file
183
548
  - Preserve custom sections the user may have added
184
- - Update the structure, quality checks, and organization rules
549
+ - Update only project-specific facts that are stale or missing
550
+ - Remove generic guidance that is already covered by the system prompt unless it is a deliberate project-specific override
185
551
 
186
552
  If CLAUDE.md does NOT exist:
187
553
  - Create a new one from scratch
@@ -199,22 +565,30 @@ Wait for all sub-agents to complete, then synthesize the information.
199
565
  ## Step 3: Detect Project Type & Commands
200
566
 
201
567
  Check for config files:
202
- - package.json -> JavaScript/TypeScript (extract lint, typecheck, server scripts)
568
+ - package.json -> JavaScript/TypeScript (extract package-manager, build, lint, typecheck, test, format, and server scripts)
203
569
  - pyproject.toml or requirements.txt -> Python
204
570
  - go.mod -> Go
205
571
  - Cargo.toml -> Rust
206
572
 
207
- Extract linting commands, typechecking commands, and server start command (if applicable).
573
+ Extract exact commands that are useful project facts. Verify commands against local package scripts, manifests, Makefiles, CI, or documented project workflows; do not invent commands from convention alone. Do not restate generic "run checks after edits" behavior unless this project requires a stricter command sequence than the system prompt's Verification section.
208
574
 
209
- ## Step 4: Generate Project Tree
575
+ ## Step 4: Summarize Stable Structure
210
576
 
211
- Create a concise tree structure showing key directories and files with brief descriptions.
577
+ If useful, create a concise structure summary for future agents showing only key stable directories and files with brief descriptions. Do NOT embed generated symbol maps, exhaustive file indexes, generated repo maps, auto-generated directory listings, or large trees in CLAUDE.md.
212
578
 
213
579
  ## Step 5: Generate or Update CLAUDE.md
214
580
 
215
- Create CLAUDE.md with: project description, project structure tree, organization rules (one file per component, single responsibility), and zero-tolerance code quality checks with the exact commands for this project.
581
+ Create CLAUDE.md with only sections that add project-specific value. Prefer this structure:
582
+
583
+ - Project name and one-sentence purpose
584
+ - Key packages/apps/modules and what each owns
585
+ - Important project-specific architecture or workflow notes
586
+ - Exact local commands (install/build/check/test/dev/publish/deploy) when they are not obvious from package scripts alone
587
+ - Project-specific constraints that override defaults (for example required publish order, generated-file workflow, auth/secrets storage, deployment caveats)
216
588
 
217
- Keep total file under 100 lines. If updating, preserve any custom sections the user added.
589
+ Avoid generic sections named "Code Quality", "Organization Rules", or "How to Work" unless every bullet is specific to this project. Do not duplicate language style packs or generic verification rules. Do not add generated repo maps, symbol indexes, exhaustive file indexes, or auto-generated project inventories; CLAUDE.md must remain durable, agent-focused project context.
590
+
591
+ Keep total file under 100 lines. If updating, preserve any custom sections the user added. After writing, re-read CLAUDE.md and confirm it contains only project-specific facts supported by local files.
218
592
 
219
593
  ## Step 6: Restart Notice
220
594
 
@@ -250,7 +624,7 @@ Based on the project type, check if linting/typechecking tools are already confi
250
624
 
251
625
  ## Step 3: Install Missing Tools (if needed)
252
626
 
253
- Only install what's missing. Use the detected package manager.
627
+ Only install what's missing. Use the detected package manager. Before installing or writing config, verify current recommended setup, CLI flags, and config filenames against official docs for the selected tools.
254
628
 
255
629
  ## Step 4: Generate /fix Command
256
630
 
@@ -288,7 +662,7 @@ Replace [INSERT PROJECT-SPECIFIC COMMANDS] with the actual commands for the dete
288
662
 
289
663
  ## Step 5: Confirm
290
664
 
291
- Report what was detected, what was installed, and that /fix is now available.`,
665
+ Report what was detected, what official docs or local configs were used to verify it, what was installed, and that /fix is now available.`,
292
666
  },
293
667
  {
294
668
  name: "setup-commit",
@@ -300,9 +674,11 @@ Report what was detected, what was installed, and that /fix is now available.`,
300
674
 
301
675
  Check for config files and extract the lint/typecheck commands:
302
676
  - package.json -> Extract lint, typecheck scripts
303
- - pyproject.toml -> Use mypy, pylint/ruff
304
- - go.mod -> Use go vet, gofmt
305
- - Cargo.toml -> Use cargo clippy, cargo fmt --check
677
+ - pyproject.toml -> Use configured mypy, pylint/ruff commands
678
+ - go.mod -> Use configured go vet/gofmt/staticcheck commands
679
+ - Cargo.toml -> Use configured cargo clippy/fmt commands
680
+
681
+ Prefer existing project scripts. If you must synthesize a command from tool conventions, verify the current CLI flags against official docs first.
306
682
 
307
683
  ## Step 2: Generate /commit Command
308
684
 
@@ -337,7 +713,7 @@ Keep the command file under 20 lines.
337
713
 
338
714
  ## Step 3: Confirm
339
715
 
340
- Report that /commit is now available with quality checks and AI-generated commit messages.`,
716
+ Report that /commit is now available with quality checks and AI-generated commit messages, and mention which local scripts/docs verified the commands.`,
341
717
  },
342
718
  {
343
719
  name: "setup-tests",
@@ -351,7 +727,7 @@ Detect the project type, framework, and architecture. Identify all critical busi
351
727
 
352
728
  ## Step 2: Determine Testing Strategy
353
729
 
354
- Use these tools based on project type (2025-2026 best practices):
730
+ Use these tools based on project type (2025-2026 best practices), but verify current versions, install commands, config files, and runner flags against official docs before installing anything:
355
731
 
356
732
  | Language | Unit/Integration | E2E | Notes |
357
733
  |----------|------------------|-----|-------|
@@ -370,7 +746,7 @@ Spawn 4 sub-agents in parallel using the subagent tool (call the subagent tool 4
370
746
  **Agent 3 - Integration Tests**: Create integration tests for APIs, database operations, and service interactions
371
747
  **Agent 4 - E2E Tests** (if applicable): Create end-to-end tests for critical user flows
372
748
 
373
- Each agent should create COMPREHENSIVE tests covering all critical code paths - not just samples.
749
+ Each agent should create COMPREHENSIVE tests covering all critical code paths - not just samples. Each agent must verify test framework APIs and helper patterns against official docs or current maintained examples before adding tests.
374
750
 
375
751
  ## Step 4: Verify and Generate /test Command
376
752
 
@@ -403,7 +779,7 @@ Replace placeholders with the actual test commands for this project.
403
779
 
404
780
  ## Step 5: Report
405
781
 
406
- Summarize what was set up, how many tests were created, and that /test is now available.`,
782
+ Summarize what was set up, how many tests were created, what official docs/current examples verified the setup, and that /test is now available.`,
407
783
  },
408
784
  {
409
785
  name: "setup-update",
@@ -451,7 +827,7 @@ Run a clean install and read ALL output carefully. Look for:
451
827
  ## Step 4: Fix Issues
452
828
 
453
829
  For each warning/deprecation:
454
- 1. Research the recommended replacement or fix
830
+ 1. Research the recommended replacement or fix using official changelogs, migration guides, advisories, or package docs
455
831
  2. Update code/dependencies accordingly
456
832
  3. Re-run installation
457
833
  4. Verify no warnings remain
@@ -471,7 +847,7 @@ Replace all placeholders with the actual commands for the detected project type
471
847
 
472
848
  ## Step 3: Confirm
473
849
 
474
- Report that /update is now available with dependency updates, security audits, and deprecation fixes.`,
850
+ Report that /update is now available with dependency updates, security audits, and deprecation fixes, and mention that generated update steps require official changelog/migration-guide verification before applying changes.`,
475
851
  },
476
852
  {
477
853
  name: "setup-eyes",
@@ -485,7 +861,7 @@ Build the perception probes this project needs and document them in CLAUDE.md so
485
861
 
486
862
  1. \`ezcoder eyes list\` — see what's already installed/verified. **Resume**, don't restart. Skip verified probes; re-run failed ones.
487
863
  2. \`ezcoder eyes detect\` — emits JSON of \`{capability: {candidates, primary}}\` for this project.
488
- 3. **Pick 3–8 capabilities to install this run.** Heuristics:
864
+ 3. **Pick 3–8 capabilities to install this run.** Verify any capability assumptions against \`ezcoder eyes\` help output or official/local CLI docs before installing. Heuristics:
489
865
  - Universal: \`http\` for any API/backend, \`runtime_logs\` for anything with a server.
490
866
  - UI: \`visual\` — for multi-stack projects (e.g. React Native), install all primary candidates with distinct names: \`install visual --impl playwright --as visual-web\`, \`install visual --impl adb --as visual-android\`, \`install visual --impl simctl --as visual-ios\`.
491
867
  - Backend with email/webhooks: \`capture_email\`, \`capture_webhook\`.
@@ -493,7 +869,7 @@ Build the perception probes this project needs and document them in CLAUDE.md so
493
869
  4. For each pick: \`ezcoder eyes install <cap> [--impl <name>] [--as <name>]\`. On failure: retry once, then mark and continue — don't abort the whole run.
494
870
  5. \`ezcoder eyes verify\` — runs every installed probe's self-test. Some failures (\`adb\` no device, \`simctl\` no booted simulator) are expected; they get recorded.
495
871
  6. **Write/update the \`## Eyes\` section in CLAUDE.md** (create CLAUDE.md if missing; do NOT clobber other sections). Use the template below. The triggers are the load-bearing piece — make them project-specific and actionable.
496
- 7. **Report**: list verified ✓ / failed ✗ / deferred. End with the restart notice.
872
+ 7. **Report**: list verified ✓ / failed ✗ / deferred, and note which probe self-tests or docs verified the setup. End with the restart notice.
497
873
 
498
874
  ## CLAUDE.md \`## Eyes\` template
499
875
 
@@ -577,9 +953,9 @@ Read the open signals in \`.ezcoder/eyes/journal.jsonl\`, group related ones, pr
577
953
  - **New/updated trigger**: bullet added under \`## Eyes → When to use\` in CLAUDE.md.
578
954
  5. Present all proposals as a numbered list with diffs inline. Ask: **"Accept which? Reply with numbers (e.g. '1, 3') or 'none'."**
579
955
  6. On user reply:
580
- - For accepted: apply the change. Then \`ezcoder eyes log ack <id>\` for every journal entry the proposal covers.
956
+ - For accepted: apply the change. Then run the relevant probe self-test or a focused command that exercises the changed probe/trigger. Then \`ezcoder eyes log ack <id>\` for every journal entry the proposal covers.
581
957
  - For unmentioned / rejected: \`ezcoder eyes log defer <id>\` so they stop appearing in context every turn. The user can resurrect deferred entries later.
582
- 7. **Report**: applied changes (one line each), entries acked, entries deferred.
958
+ 7. **Report**: applied changes (one line each), verification run, entries acked, entries deferred.
583
959
 
584
960
  ## Rules
585
961
 
@@ -641,7 +1017,9 @@ Review the same changes for efficiency:
641
1017
 
642
1018
  Wait for all three agents to complete. Aggregate their findings and fix each issue directly. If a finding is a false positive or not worth addressing, note it and move on — do not argue with the finding, just skip it.
643
1019
 
644
- When done, briefly summarize what was fixed (or confirm the code was already clean).`,
1020
+ Before making any non-trivial pattern/API change, verify the intended approach against local neighboring code first; use kencode search or official docs when the change touches framework APIs, lifecycle behavior, concurrency, cleanup, or other conventions where real-world practice matters.
1021
+
1022
+ When done, run relevant project checks/tests, then briefly summarize what was fixed (or confirm the code was already clean) and what verification ran.`,
645
1023
  },
646
1024
  {
647
1025
  name: "batch",
@@ -703,11 +1081,12 @@ For each worker, the task must be fully self-contained. Include:
703
1081
  \`\`\`
704
1082
  After you finish implementing the change:
705
1083
  1. Self-review your diff for code reuse, quality, and efficiency. Search the codebase for existing utilities that could replace new code. Fix any issues found.
706
- 2. Run the project's test suite (check for package.json scripts, Makefile targets, or common commands like npm test, pnpm test, pytest, go test). If tests fail, fix them.
707
- 3. Follow the e2e test recipe above. If it says to skip e2e, skip it.
708
- 4. Commit all changes with a clear message, push the branch, and create a PR with gh pr create. Use a descriptive title.
709
- 5. Switch back to the original branch with git checkout -.
710
- 6. End with exactly: PR: <url> or PR: none <reason>
1084
+ 2. For framework/API/config changes, compare the approach with official docs or kencode search examples before finalizing. Do not use kencode for purely local renames or mechanical edits.
1085
+ 3. Run the project's test suite (check for package.json scripts, Makefile targets, or common commands like npm test, pnpm test, pytest, go test). If tests fail, fix them.
1086
+ 4. Follow the e2e test recipe above. If it says to skip e2e, skip it.
1087
+ 5. Commit all changes with a clear message, push the branch, and create a PR with gh pr create. Use a descriptive title.
1088
+ 6. Switch back to the original branch with git checkout -.
1089
+ 7. End with exactly: PR: <url> or PR: none — <reason>
711
1090
  \`\`\`
712
1091
 
713
1092
  ## Phase 4: Track Results
@@ -803,7 +1182,7 @@ Don't invent. Don't pad.
803
1182
 
804
1183
  After all sub-agents complete, use the **skill** tool to invoke the \`find-skills\` skill. Feed it the aggregated candidate list with search terms. Let find-skills drive discovery across skills.sh, vercel-labs/agent-skills, and anthropics/skills.
805
1184
 
806
- For each candidate, record the best 0–1 ecosystem match: skill name, source repo URL. If no fit exists, record "no match". **Do NOT install anything yet.**
1185
+ For each candidate, record the best 0–1 ecosystem match: skill name, source repo URL, and enough evidence from the skill README/source to prove it fits this project. If no fit exists, record "no match". **Do NOT install anything yet.**
807
1186
 
808
1187
  ## Phase 5: Prioritized recommendation
809
1188
 
@@ -886,7 +1265,7 @@ Report which are present, missing, or configured below the pack's strictness rec
886
1265
 
887
1266
  "Active style packs" refers specifically to the per-language sub-sections inside the **Language Style Packs** section in your system prompt (e.g. \`### TypeScript\`, \`### Python\`, \`### Go\`). It does **NOT** include the cross-cutting \`### Agent-Written Code\` preamble that sits above them — those are guidelines for how code is *written*, not project-scaffolding to audit. It also does **NOT** include Skills (\`.ezcoder/skills/\`) or any other extension category. If the Language Style Packs section is absent or empty, **skip this entire section entirely** — do not substitute Skills or any other concept.
888
1267
 
889
- When per-language packs are present, compare the project against each pack's **Tooling** bullet and the system prompt's **Verification** commands:
1268
+ When per-language packs are present, compare the project against each pack's **Tooling** bullet and the system prompt's **Verification** commands. For tool recommendations or config semantics, verify against official docs when local files are ambiguous:
890
1269
  - Tooling: which strict-mode flags or lint-rule presets does the pack recommend that the project is missing? (e.g. \`tsconfig\` missing \`noUncheckedIndexedAccess\`, \`pyproject\` missing \`[tool.ruff]\`, Go project missing \`golangci-lint\` config).
891
1270
  - Dependencies: list which pack-mentioned libs (Zod, Pydantic, thiserror, anyhow, etc.) the project uses, has an equivalent for, or lacks. **Observation only — no recommendation to install.**
892
1271
 
@@ -921,15 +1300,16 @@ At the end:
921
1300
  <N> gaps in hygiene, <N> in tooling, <N> in verify pipeline, <N> in style-pack alignment.
922
1301
 
923
1302
  Which (if any) would you like me to fix? Options:
924
- - A) All [GAP] items that are safe + additive (no overwrites)
925
- - B) Pick category: hygiene / tooling / verify / style-pack alignment
926
- - C) Specific items — tell me which
1303
+ - A) Create tasks for all [GAP] items that are safe + additive (no overwrites)
1304
+ - B) Create tasks for a category: hygiene / tooling / verify / style-pack alignment
1305
+ - C) Create tasks for specific items — tell me which
927
1306
  - D) None — just the report
928
1307
  \`\`\`
929
1308
 
930
1309
  ## Rules
931
1310
 
932
1311
  - **Report only.** No edits, no installs, no commits without explicit user confirmation after the report.
1312
+ - **Task handoff for fixes.** If the user chooses A, B, or C, do not fix directly. Use the tasks tool to create one standalone task per selected gap or tightly coupled gap group. Each task must include the gap, affected files/configs, safe-additive constraints, implementation instructions, project verification commands, and instructions to verify relevant tool/config semantics against official docs before marking the task complete. Use kencode search only for code-level examples, not as proof of scaffolding requirements. After creating tasks, tell the user exactly: "Tasks created. Press CTRL + T to open the Tasks Pane and press R to run all tasks." Do not begin executing them unless the user explicitly starts a task.
933
1313
  - **No code refactors recommended.** This audit is about scaffolding/tooling, not code review. Use \`/scan\` or \`/verify\` for code-level findings.
934
1314
  - **No dependency installations in the report.** Listing them as observations is fine; recommending installation is not — that's the user's call.
935
1315
  - **Skip empty categories.** If a category has no findings, omit it.