gm-kilo 2.0.47 → 2.0.48

package/.github/workflows/publish-npm.yml

@@ -11,27 +11,52 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+        with:
+          token: ${{ secrets.GH_PAT || github.token }}
 
       - uses: actions/setup-node@v4
         with:
           node-version: '22'
           registry-url: 'https://registry.npmjs.org'
 
+      - name: Configure git
+        run: |
+          git config user.name "github-actions[bot]"
+          git config user.email "github-actions[bot]@users.noreply.github.com"
+
+      - name: Bump patch version
+        run: |
+          PACKAGE=$(jq -r '.name' package.json)
+          OLD_VERSION=$(jq -r '.version' package.json)
+
+          # Skip bump if last commit was already a version bump
+          LAST_MSG=$(git log -1 --pretty=%s)
+          if echo "$LAST_MSG" | grep -qE '^v[0-9]+\.[0-9]+\.[0-9]+$'; then
+            echo "Last commit was a version bump, skipping"
+            echo "SKIP_BUMP=true" >> $GITHUB_ENV
+          else
+            npm version patch --no-git-tag-version
+            NEW_VERSION=$(jq -r '.version' package.json)
+            git add package.json
+            git commit -m "v$NEW_VERSION"
+            git push
+            echo "Bumped $PACKAGE from $OLD_VERSION to $NEW_VERSION"
+          fi
+
       - name: Publish to npm
         run: |
           PACKAGE=$(jq -r '.name' package.json)
           VERSION=$(jq -r '.version' package.json)
           echo "Package: $PACKAGE@$VERSION"
 
-          # Skip if this exact version is already on npm
           PUBLISHED=$(npm view "$PACKAGE@$VERSION" version 2>/dev/null || echo "")
           if [ "$PUBLISHED" = "$VERSION" ]; then
-            echo "✅ $PACKAGE@$VERSION already published - skipping"
+            echo "$PACKAGE@$VERSION already published - skipping"
             exit 0
           fi
 
           echo "Publishing $PACKAGE@$VERSION..."
           npm publish --access public
-          echo "✅ Published $PACKAGE@$VERSION"
+          echo "Published $PACKAGE@$VERSION"
         env:
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

package/.gitignore

@@ -11,3 +11,6 @@ build/
 .vscode/
 .idea/
 *.iml
+.gm-stop-verified
+
+.code-search/

package/hooks/pre-tool-use-hook.js

@@ -55,6 +55,29 @@ const run = () => {
       return { block: true, reason: 'Plan mode is disabled. Use GM agent planning (PLAN→EXECUTE→EMIT→VERIFY→COMPLETE state machine) via gm:gm subagent instead.' };
     }
 
+    if (tool_name === 'Bash') {
+      const command = (tool_input?.command || '').trim();
+      const allowed = /^(git |npm publish|npm pack|docker |sudo systemctl|systemctl )/.test(command);
+      if (!allowed) {
+        return { block: true, reason: 'Bash is blocked. Use the code_execution tool with Python instead. The hook intercepts code_execution, runs python3, and returns stdout/stderr/exit_code. Example: use code_execution with code "import subprocess; r=subprocess.run([\'node\',\'--version\'],capture_output=True,text=True); print(r.stdout)"' };
+      }
+    }
+
+    if (tool_name === 'code_execution') {
+      const code = tool_input?.code || '';
+      const { spawnSync } = require('child_process');
+      const proc = spawnSync('python3', ['-'], {
+        input: code,
+        encoding: 'utf-8',
+        timeout: 30000
+      });
+      const stdout = proc.stdout || '';
+      const stderr = proc.stderr || '';
+      const exitCode = proc.status !== null ? proc.status : 1;
+      const result = `[CODE EXECUTION RESULT]\nstdout: ${stdout}\nstderr: ${stderr}\nexit_code: ${exitCode}`;
+      return { block: true, reason: result };
+    }
+
     return { allow: true };
   } catch (error) {
     return { allow: true };
@@ -70,7 +93,7 @@ try {
     } else {
       console.log(JSON.stringify({ hookSpecificOutput: { hookEventName: 'PreToolUse', permissionDecision: 'deny', permissionDecisionReason: result.reason } }));
     }
-    process.exit(2);
+    process.exit(0);
   }
 
   if (isGemini) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "gm-kilo",
-  "version": "2.0.47",
+  "version": "2.0.48",
   "description": "State machine agent with hooks, skills, and automated git enforcement",
   "author": "AnEntrypoint",
   "license": "MIT",
@@ -54,4 +54,4 @@
     ".gitignore",
     ".editorconfig"
   ]
-}
+}

package/skills/dev/SKILL.md

@@ -1,48 +1,54 @@
 ---
 name: dev
-description: Execute code and shell commands. Use for all code execution, file operations, running scripts, testing hypotheses, and any task that requires running code. Replaces plugin:gm:dev and mcp-glootie.
-allowed-tools: Bash
+description: Execute code by calling the code_execution tool with Python code. The PreToolUse hook intercepts code_execution calls, runs the Python via python3, and returns stdout/stderr/exit_code as the result. Use for all code execution, file operations, running scripts, and hypothesis testing.
+allowed-tools: Bash,code_execution
 ---
 
 # Code Execution with dev
 
-Execute code directly using the Bash tool. No wrapper, no persistent files, no cleanup needed beyond what the code itself creates.
+Use the `code_execution` tool with Python code. The hook intercepts the call, executes the Python locally, and returns the result as a deny reason formatted as:
 
-## Run code inline
-
-```bash
-# JavaScript / TypeScript
-bun -e "const fs = require('fs'); console.log(fs.readdirSync('.'))"
-bun -e "import { readFileSync } from 'fs'; console.log(readFileSync('package.json', 'utf-8'))"
-
-# Run a file
-bun run script.ts
-node script.js
-
-# Python
-python -c "import json; print(json.dumps({'ok': True}))"
-
-# Shell
-bash -c "ls -la && cat package.json"
 ```
+[CODE EXECUTION RESULT]
+stdout: <output>
+stderr: <errors>
+exit_code: <N>
+```
+
+## Run code inline
 
-## File operations (inline, no temp files)
+```python
+# File operations
+import os, json
+print(json.dumps(os.listdir('.')))
 
-```bash
-# Read
-bun -e "console.log(require('fs').readFileSync('path/to/file', 'utf-8'))"
+# Read a file
+with open('package.json') as f:
+    print(f.read())
 
-# Write
-bun -e "require('fs').writeFileSync('out.json', JSON.stringify({x:1}, null, 2))"
+# Write a file
+with open('out.json', 'w') as f:
+    import json
+    json.dump({'ok': True}, f, indent=2)
 
 # Stat / exists
-bun -e "const fs=require('fs'); console.log(fs.existsSync('file.txt'), fs.statSync?.('.')?.size)"
+import os
+print(os.path.exists('file.txt'), os.path.getsize('.'))
+
+# HTTP requests
+import urllib.request
+resp = urllib.request.urlopen('https://example.com')
+print(resp.read()[:200])
+
+# Run subprocess
+import subprocess
+r = subprocess.run(['node', '--version'], capture_output=True, text=True)
+print(r.stdout)
 ```
 
 ## Rules
 
 - Each run under 15 seconds
 - Pack every related hypothesis into one run — never one idea per run
-- No persistent temp files; if a temp file is needed, delete it in the same command
-- No spawn/exec/fork inside executed code
-- Use `bun` over `node` when available
+- No persistent temp files; if a temp file is needed, delete it in the same code
+- Use `code_execution` tool for all execution; Bash only for git/npm publish/docker

package/skills/process-management/SKILL.md

@@ -12,6 +12,27 @@ description: >-
 
 All applications MUST run through PM2. Direct invocations (node, bun, python) are forbidden for any process that produces output or has a lifecycle.
 
+## Installation (First Time Only)
+
+Check if PM2 is installed:
+
+```bash
+pm2 --version
+```
+
+If command not found, install globally:
+
+```bash
+npm install -g pm2
+```
+
+Verify installation:
+
+```bash
+pm2 --version        # should print version number
+pm2 ping             # should respond "pong"
+```
+
 ## Pre-Start Check (MANDATORY)
 
 Before starting any process, check what is already running: