gm-copilot-cli 2.0.152 → 2.0.153

package/agents/gm.md

@@ -185,7 +185,7 @@ Server + client split:
 - `git` — version control only
 - `bun x gm-exec` — all other shell/code execution:
   - `bun x gm-exec bash [--cwd=<dir>] <cmd>` — run shell commands
-  - `bun x gm-exec exec [--lang=<lang>] [--cwd=<dir>] [--file=<path>] <code>` — execute code (nodejs default; langs: nodejs, python, go, rust, c, cpp, java, deno, bash)
+  - `bun x gm-exec exec [--lang=<lang>] [--cwd=<dir>] [--file=<path>] <code>` — execute code (nodejs default; langs: nodejs, python, go, rust, c, cpp, java, deno, bash, cmd)
   - `bun x gm-exec status <task_id>` — poll status + drain output of background task
   - `bun x gm-exec sleep <task_id> [seconds]` — wait for task completion (default 30s timeout)
   - `bun x gm-exec close <task_id>` — delete background task
@@ -194,8 +194,8 @@ Server + client split:
 - Everything else is blocked
 
 **gm-exec EXEC SAFETY RULES** — prevent stray files and working directory pollution:
-- NEVER run `bun x gm-exec exec` without `--cwd` pointing to a safe scratch directory, not the project root. Use `--cwd=/tmp` or `--cwd=C:/Windows/Temp` for throwaway runs. Only use `--cwd=<project>` when the code explicitly needs to import from that project.
-- For any code longer than a single expression, use `--file=<path>` instead of inline `<code>`. Write the code to a temp file first via `bun x gm-exec exec "require('fs').writeFileSync('/tmp/run.mjs', \`...\`)"` then run `bun x gm-exec exec --file=/tmp/run.mjs`. This prevents shell quoting failures from leaking code fragments as filenames in the working directory.
+- NEVER run `bun x gm-exec exec` without `--cwd` pointing to a safe scratch directory, not the project root. Use the system temp directory (`os.tmpdir()` — `/tmp` on Unix, `C:\Users\<user>\AppData\Local\Temp` on Windows) for throwaway runs. Only use `--cwd=<project>` when the code explicitly needs to import from that project.
+- For any code longer than a single expression, use `--file=<path>` instead of inline `<code>`. Write the code to a temp file first via `bun x gm-exec exec "require('fs').writeFileSync(require('os').tmpdir()+'/run.mjs', \`...\`)"` then run `bun x gm-exec exec --file=<tmpdir>/run.mjs`. This prevents shell quoting failures from leaking code fragments as filenames in the working directory.
 - Single-line inline code is safe only when it contains no shell metacharacters (backticks, quotes, parens, brackets). If in doubt, use `--file`.
 - After any exec session, verify no stray files were created: `bun x gm-exec bash --cwd=<project> "git status --porcelain"` must be empty. If stray files appear, delete them before proceeding.
 

package/copilot-profile.md

@@ -1,6 +1,6 @@
 ---
 name: gm
-version: 2.0.152
+version: 2.0.153
 description: State machine agent with hooks, skills, and automated git enforcement
 author: AnEntrypoint
 repository: https://github.com/AnEntrypoint/gm-copilot-cli

package/hooks/session-end-git-hook.js

@@ -1,6 +1,5 @@
-#!/usr/bin/env node
+#!/usr/bin/env bun
 
-// Skip hooks when running inside agentgui subprocess to prevent spurious injections
 if (process.env.AGENTGUI_SUBPROCESS === '1') {
   console.log(JSON.stringify({ decision: 'approve' }));
   process.exit(0);
@@ -9,13 +8,14 @@ if (process.env.AGENTGUI_SUBPROCESS === '1') {
 const { execSync } = require('child_process');
 const fs = require('fs');
 const path = require('path');
+const os = require('os');
 const crypto = require('crypto');
 
 const projectDir = process.env.CLAUDE_PROJECT_DIR || process.cwd();
 
 const getCounterPath = () => {
   const hash = crypto.createHash('md5').update(projectDir).digest('hex');
-  return path.join('/tmp', `gm-git-block-counter-${hash}.json`);
+  return path.join(os.tmpdir(), `gm-git-block-counter-${hash}.json`);
 };
 
 const readCounter = () => {

package/hooks/session-end-hook.js

@@ -1,6 +1,5 @@
-#!/usr/bin/env node
+#!/usr/bin/env bun
 
-// Skip hooks when running inside agentgui subprocess to prevent spurious injections
 if (process.env.AGENTGUI_SUBPROCESS === '1') {
   console.log(JSON.stringify({ decision: 'approve' }));
   process.exit(0);
@@ -9,8 +8,6 @@ if (process.env.AGENTGUI_SUBPROCESS === '1') {
 const fs = require('fs');
 const path = require('path');
 
-// Always use current working directory for .prd location
-// Explicitly resolve to ./.prd in the current folder
 const projectDir = process.cwd();
 const prdFile = path.resolve(projectDir, '.prd');
 
@@ -22,19 +19,15 @@ const run = () => {
   if (aborted) return { ok: true };
 
   try {
-    // Check if .prd file exists and has content
     if (fs.existsSync(prdFile)) {
       const prdContent = fs.readFileSync(prdFile, 'utf-8').trim();
       if (prdContent.length > 0) {
-        // .prd has content, block stopping
         return {
           ok: false,
           reason: `Work items remain in ${prdFile}. Remove completed items as they finish. Current items:\n\n${prdContent}`
         };
       }
     }
-
-    // .prd doesn't exist or is empty, allow stop
     return { ok: true };
   } catch (error) {
     return { ok: true };

package/hooks/session-start-hook.js

@@ -4,8 +4,8 @@ const fs = require('fs');
 const path = require('path');
 const { execSync } = require('child_process');
 
-const pluginRoot = process.env.CLAUDE_PLUGIN_ROOT || process.env.GEMINI_PROJECT_DIR || process.env.OC_PLUGIN_ROOT;
-const projectDir = process.env.CLAUDE_PROJECT_DIR || process.env.GEMINI_PROJECT_DIR || process.env.OC_PROJECT_DIR;
+const pluginRoot = process.env.CLAUDE_PLUGIN_ROOT || process.env.GEMINI_PROJECT_DIR || process.env.OC_PLUGIN_ROOT || process.env.KILO_PLUGIN_ROOT;
+const projectDir = process.env.CLAUDE_PROJECT_DIR || process.env.GEMINI_PROJECT_DIR || process.env.OC_PROJECT_DIR || process.env.KILO_PROJECT_DIR;
 
 const ensureGitignore = () => {
   if (!projectDir) return;
@@ -22,9 +22,7 @@ const ensureGitignore = () => {
         : content + '\n' + entry + '\n';
       fs.writeFileSync(gitignorePath, newContent);
     }
-  } catch (e) {
-    // Silently fail - not critical
-  }
+  } catch (e) {}
 };
 
 ensureGitignore();
@@ -32,41 +30,24 @@ ensureGitignore();
 try {
   let outputs = [];
 
-  // 1. Read ./start.md
   if (pluginRoot) {
-    const startMdPath = path.join(pluginRoot, '/agents/gm.md');
+    const gmMdPath = path.join(pluginRoot, '/agents/gm.md');
     try {
-      const startMdContent = fs.readFileSync(startMdPath, 'utf-8');
-      outputs.push(startMdContent);
-    } catch (e) {
-      // File may not exist in this context
-    }
+      const gmMdContent = fs.readFileSync(gmMdPath, 'utf-8');
+      outputs.push(gmMdContent);
+    } catch (e) {}
   }
 
-  // 2. Add semantic code-search explanation
-  const codeSearchContext = `## 🔍 Semantic Code Search Now Available
-
-Your prompts will trigger **semantic code search** - intelligent, intent-based exploration of your codebase.
+  const codeSearchContext = `## Semantic Code Search Available
 
-### How It Works
-Describe what you need in plain language, and the search understands your intent:
-- "Find authentication validation" → locates auth checks, guards, permission logic
-- "Where is database initialization?" → finds connection setup, migrations, schemas
-- "Show error handling patterns" → discovers try/catch patterns, error boundaries
+Describe what you need in plain language to search the codebase:
+- "Find authentication validation" locates auth checks, guards, permission logic
+- "Where is database initialization?" finds connection setup, migrations, schemas
+- "Show error handling patterns" discovers try/catch patterns, error boundaries
 
-NOT syntax-based regex matching - truly semantic understanding across files.
-
-### Example
-Instead of regex patterns, simply describe your intent:
-"Find where API authorization is checked"
-
-The search will find permission validations, role checks, authentication guards - however they're implemented.
-
-### When to Use Code Search
-When exploring unfamiliar code, finding similar patterns, understanding integrations, or locating feature implementations across your codebase.`;
+Use the code-search skill for all codebase exploration.`;
   outputs.push(codeSearchContext);
 
-  // 3. Run mcp-thorns (bun x with npx fallback)
   if (projectDir && fs.existsSync(projectDir)) {
     try {
       let thornOutput;
@@ -97,55 +78,26 @@ When exploring unfamiliar code, finding similar patterns, understanding integrat
 
   const isGemini = process.env.GEMINI_PROJECT_DIR !== undefined;
   const isOpenCode = process.env.OC_PLUGIN_ROOT !== undefined;
+  const isKilo = process.env.KILO_PLUGIN_ROOT !== undefined;
 
   if (isGemini) {
-    const result = {
-      systemMessage: additionalContext
-    };
-    console.log(JSON.stringify(result, null, 2));
-  } else if (isOpenCode) {
-    const result = {
-      hookSpecificOutput: {
-        hookEventName: 'session.created',
-        additionalContext
-      }
-    };
-    console.log(JSON.stringify(result, null, 2));
+    console.log(JSON.stringify({ systemMessage: additionalContext }, null, 2));
+  } else if (isOpenCode || isKilo) {
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'session.created', additionalContext } }, null, 2));
   } else {
-    const result = {
-      hookSpecificOutput: {
-        hookEventName: 'SessionStart',
-        additionalContext
-      }
-    };
-    console.log(JSON.stringify(result, null, 2));
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'SessionStart', additionalContext } }, null, 2));
   }
 } catch (error) {
   const isGemini = process.env.GEMINI_PROJECT_DIR !== undefined;
   const isOpenCode = process.env.OC_PLUGIN_ROOT !== undefined;
+  const isKilo = process.env.KILO_PLUGIN_ROOT !== undefined;
 
   if (isGemini) {
-    console.log(JSON.stringify({
-      systemMessage: `Error executing hook: ${error.message}`
-    }, null, 2));
-  } else if (isOpenCode) {
-    console.log(JSON.stringify({
-      hookSpecificOutput: {
-        hookEventName: 'session.created',
-        additionalContext: `Error executing hook: ${error.message}`
-      }
-    }, null, 2));
+    console.log(JSON.stringify({ systemMessage: `Error executing hook: ${error.message}` }, null, 2));
+  } else if (isOpenCode || isKilo) {
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'session.created', additionalContext: `Error executing hook: ${error.message}` } }, null, 2));
   } else {
-    console.log(JSON.stringify({
-      hookSpecificOutput: {
-        hookEventName: 'SessionStart',
-        additionalContext: `Error executing hook: ${error.message}`
-      }
-    }, null, 2));
+    console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'SessionStart', additionalContext: `Error executing hook: ${error.message}` } }, null, 2));
   }
   process.exit(0);
 }
-
-
-
-

package/manifest.yml

@@ -1,5 +1,5 @@
 name: gm
-version: 2.0.152
+version: 2.0.153
 description: State machine agent with hooks, skills, and automated git enforcement
 author: AnEntrypoint
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-copilot-cli",
-  "version": "2.0.152",
+  "version": "2.0.153",
   "description": "State machine agent with hooks, skills, and automated git enforcement",
   "author": "AnEntrypoint",
   "license": "MIT",

package/tools.json

@@ -1,6 +1,6 @@
 {
   "name": "gm",
-  "version": "2.0.152",
+  "version": "2.0.153",
   "description": "State machine agent with hooks, skills, and automated git enforcement",
   "tools": [
     {