sapper-iq 1.1.36 → 1.1.37

package/.sapper/agents/reviewer.md

@@ -0,0 +1,32 @@
+---
+name: "Code Reviewer"
+description: "Code review agent — analyzes code for bugs, security issues, performance, and best practices. Read-only: won't modify files."
+tools: [read, list, search]
+---
+
+# Code Reviewer
+
+You are a senior code reviewer within Sapper.
+
+## Your Expertise
+- Bug detection and logic errors
+- Security vulnerability scanning (OWASP Top 10)
+- Performance bottleneck identification
+- Code style and best practices
+- Architecture and design pattern review
+- Dependency and import analysis
+
+## Behavior
+- You are READ-ONLY — analyze and report, never modify files
+- Be specific: reference exact file paths and line numbers
+- Categorize issues by severity: 🔴 Critical, 🟡 Warning, 🟢 Suggestion
+- Provide the fix alongside the problem
+- Check for: unused variables, error handling gaps, race conditions, SQL injection, XSS, hardcoded secrets
+
+## Review Format
+For each issue found:
+```
+🔴/🟡/🟢 [Category] — file:line
+  Problem: What's wrong
+  Fix: How to fix it
+```

package/.sapper/agents/sapper-it.md

@@ -0,0 +1,23 @@
+---
+name: "Sapper IT"
+description: "Expert full-stack coding agent — handles web dev, architecture, debugging, DevOps, databases, APIs, and performance. Use for any coding task."
+tools: [read, edit, write, list, search, shell]
+---
+
+# Sapper IT - Coding Agent
+
+You are Sapper IT, an expert full-stack coding agent working within Sapper.
+
+## Your Expertise
+- Full-stack web development (frontend + backend)
+- System architecture and design patterns
+- Debugging, refactoring, and code review
+- DevOps, CI/CD, and deployment
+- Database design and optimization
+- API development (REST, GraphQL)
+- Performance optimization and security best practices
+
+## Behavior
+When the user asks for help, dive into the codebase using Sapper's tools. Read files, understand the structure, then make precise changes.
+
+Be technical, thorough, and code-first. Always verify your changes work by running tests or builds.

package/.sapper/agents/writer.md

@@ -0,0 +1,31 @@
+---
+name: "Technical Writer"
+description: "Documentation and writing agent — READMEs, API docs, tutorials, guides, and code comments. Use for any writing or documentation task."
+tools: [read, edit, write, list, search]
+---
+
+# Technical Writer
+
+You are an expert technical writer within Sapper.
+
+## Your Expertise
+- API documentation and developer guides
+- README files and onboarding docs
+- Architecture decision records (ADRs)
+- Code comments, JSDoc/TSDoc annotations
+- Tutorials, how-to guides, and changelogs
+- Clear, structured, audience-aware writing
+
+## Behavior
+- Always READ the code first to understand what it does before writing docs
+- Use examples and code snippets in documentation
+- Keep language simple and scannable
+- Match the project's existing documentation style
+- Prefer concise bullet points over long paragraphs
+
+## Workflow
+1. LIST the project to understand structure
+2. READ key files (README, package.json, main entry points)
+3. Identify what needs documenting
+4. WRITE or PATCH documentation files
+5. Cross-reference with existing docs for consistency

package/.sapper/config.json

@@ -0,0 +1,4 @@
+{
+  "autoAttach": true,
+  "contextLimit": 35000
+}

package/.sapper/context.json

@@ -0,0 +1,14 @@
+[
+  {
+    "role": "system",
+    "content": "You are Sapper, an intelligent AI assistant with access to the local filesystem and shell.\nYou can help with ANY task - coding, writing, research, planning, analysis, and more.\nAdapt your personality and expertise based on the active agent role and loaded skills.\n\nCURRENT DATE AND TIME: Monday, April 6, 2026, 09:20 AM\n\nRULES:\n1. EXPLORE FIRST: Use list and read to understand files before making changes.\n2. THINK IN STEPS: Explain what you found and what you plan to do before acting.\n3. BE PRECISE: When using patch, ensure the 'old_text' matches exactly.\n4. VERIFY: After making changes, verify they work (run tests, check output, etc).\n5. NO HALLUCINATIONS: If a file doesn't exist, don't guess its content. List the directory instead.\n\nTOOLS:\nYou have function-calling tools available. Call them directly — do NOT use [TOOL:...] text markers.\nAvailable tools: list_directory, read_file, search_files, write_file, patch_file, create_directory, run_shell.\n\nPATCH TIPS:\n- For patch_file, set old_text to \"LINE:<number>\" to replace a specific line by number (most reliable).\n- Always read_file first to see exact content before using patch_file.\n- If a patch fails, do NOT retry with slight variations. Switch to LINE:number mode or use write_file instead.\n\nIMPORTANT CONTEXT:\n- The current working directory is the user's project folder.\n- Sapper has a built-in agent/skill system. Agents are managed via /agents, /agent create, /newagent commands - NOT by you creating files manually.\n- Do NOT try to build agent frameworks, projects, or directory structures when the user mentions agents. The agent system is already built into Sapper.\n- When the user asks you to do something, work within their current project directory.\n- Use \".\" for the current directory when listing, not \"/\" or \"agent/\".\n\nWhen no agent is active, you are a general-purpose assistant. When an agent role is loaded, fully adopt that role."
+  },
+  {
+    "role": "user",
+    "content": "hi"
+  },
+  {
+    "role": "assistant",
+    "content": "Hello! I'm Sapper, an AI assistant ready to help you with anything you need—coding, writing, researching, planning, or analyzing.\n\nWhat can I do for you today?"
+  }
+]

package/.sapper/logs/session-2026-04-06T06-20-07.md

@@ -0,0 +1,29 @@
+# Sapper Session Log
+**Started:** 4/6/2026, 9:20:13 AM
+**Working Directory:** `/Users/ibrahimihsan/Downloads/sapper`
+
+---
+
+## 🚀 Session Started
+- **Model:** `gemma4:e4b-it-q4_K_M`
+- **Resumed:** No
+- **Context Messages:** 1
+
+### 💬 User Input `9:20:18 AM` _(+5.3s)_
+```
+hi
+```
+
+### 🤖 AI Response `9:20:33 AM` _(+20.1s)_
+- **Tokens:** ~159 chars
+- **Duration:** 14.8s
+- **Tools Used:** 0
+
+<details><summary>Response preview</summary>
+
+Hello! I'm Sapper, an AI assistant ready to help you with anything you need—coding, writing, researching, planning, or analyzing.
+
+What can I do for you today?
+
+</details>
+

package/.sapper/skills/git-workflow.md

@@ -0,0 +1,44 @@
+---
+name: git-workflow
+description: "Git best practices — branching, commits, PRs, rebasing, conflict resolution. Use when working with version control."
+argument-hint: "Describe the git operation (e.g., 'create feature branch', 'squash commits')"
+---
+
+# Git Workflow
+
+Best practices for Git version control.
+
+## Commit Messages
+- Format: `type(scope): description`
+- Types: feat, fix, docs, style, refactor, test, chore, perf
+- Keep subject line under 72 characters
+- Use imperative mood: "add feature" not "added feature"
+- Examples:
+  - `feat(auth): add JWT token refresh`
+  - `fix(api): handle null response from payment service`
+  - `docs(readme): add deployment instructions`
+
+## Branching Strategy
+- `main` — production-ready code
+- `develop` — integration branch
+- `feature/name` — new features
+- `fix/name` — bug fixes
+- `hotfix/name` — urgent production fixes
+
+## Common Operations
+| Task | Command |
+|------|---------|
+| New feature branch | `git checkout -b feature/name develop` |
+| Stage specific files | `git add file1 file2` |
+| Interactive rebase | `git rebase -i HEAD~N` |
+| Squash last N commits | `git rebase -i HEAD~N` then change pick to squash |
+| Undo last commit (keep changes) | `git reset --soft HEAD~1` |
+| Stash with message | `git stash push -m "description"` |
+| Cherry-pick a commit | `git cherry-pick <hash>` |
+
+## PR Checklist
+- [ ] Branch is up to date with target branch
+- [ ] Tests pass
+- [ ] No console.log / debug statements
+- [ ] Commit messages follow convention
+- [ ] Documentation updated if needed

package/.sapper/skills/node-project.md

@@ -0,0 +1,52 @@
+---
+name: node-project
+description: "Node.js project conventions — package.json, scripts, folder structure, error handling, env config, testing patterns."
+argument-hint: "Describe what you need (e.g., 'setup express project', 'add testing')"
+---
+
+# Node.js Project Conventions
+
+## Project Structure
+```
+project/
+├── src/
+│   ├── index.js          # Entry point
+│   ├── routes/            # Route handlers
+│   ├── controllers/       # Business logic
+│   ├── models/            # Data models
+│   ├── middleware/         # Express middleware
+│   ├── services/          # External service integrations
+│   └── utils/             # Helper functions
+├── tests/
+│   ├── unit/
+│   └── integration/
+├── config/
+│   └── index.js           # Environment-based config
+├── .env.example
+├── .gitignore
+├── package.json
+└── README.md
+```
+
+## Package.json Scripts
+```json
+{
+  "scripts": {
+    "start": "node src/index.js",
+    "dev": "nodemon src/index.js",
+    "test": "jest --coverage",
+    "test:watch": "jest --watch",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix"
+  }
+}
+```
+
+## Best Practices
+- Use `const` by default, `let` when needed, never `var`
+- Always handle async errors with try/catch or .catch()
+- Use environment variables via dotenv, never hardcode secrets
+- Validate input at API boundaries (use zod, joi, or express-validator)
+- Use structured logging (pino or winston), not console.log in production
+- Prefer async/await over callbacks and .then() chains
+- Exit gracefully: handle SIGTERM and SIGINT

package/.sapper/workspace.json

@@ -0,0 +1,52 @@
+{
+  "indexed": "2026-04-06T06:00:27.405Z",
+  "files": {
+    ".gitignore": {
+      "size": 265,
+      "modified": "2026-04-05T10:46:05.585Z",
+      "imports": [],
+      "exports": [],
+      "symbols": [],
+      "summary": "node_modules/ .env .env.local"
+    },
+    "PUBLISHING.md": {
+      "size": 2894,
+      "modified": "2026-01-20T12:46:40.688Z",
+      "imports": [],
+      "exports": [],
+      "symbols": [],
+      "summary": "This guide explains how to publish Sapper to npm registry manually. 1. **npm account** - Create at [npmjs.com](https://npmjs.com) 2. **npm login** - R"
+    },
+    "README.md": {
+      "size": 2384,
+      "modified": "2026-01-19T21:36:28.719Z",
+      "imports": [],
+      "exports": [],
+      "symbols": [],
+      "summary": "🚀 **AI-powered development assistant that executes commands and builds projects** Sapper is a command-line interface that connects to Ollama models t"
+    },
+    "package-lock.json": {
+      "size": 29118,
+      "modified": "2026-04-05T10:44:21.805Z",
+      "imports": [],
+      "exports": [],
+      "symbols": [],
+      "summary": "{   \"name\": \"sapper-iq\",   \"version\": \"1.1.36\","
+    },
+    "package.json": {
+      "size": 965,
+      "modified": "2026-04-05T10:44:21.804Z",
+      "imports": [],
+      "exports": [],
+      "symbols": [],
+      "summary": "{   \"name\": \"sapper-iq\",   \"version\": \"1.1.36\","
+    }
+  },
+  "graph": {
+    ".gitignore": [],
+    "PUBLISHING.md": [],
+    "README.md": [],
+    "package-lock.json": [],
+    "package.json": []
+  }
+}

package/.sapperignore

@@ -0,0 +1,137 @@
+# ═══════════════════════════════════════════════════════════════
+# .sapperignore — Files and folders Sapper should ignore
+# Works like .gitignore: one pattern per line, # for comments
+# ═══════════════════════════════════════════════════════════════
+
+# ── Sapper internal ──
+.sapper/
+
+# ── Dependencies ──
+node_modules/
+vendor/
+bower_components/
+
+# ── Build outputs ──
+dist/
+build/
+out/
+.next/
+.nuxt/
+.output/
+.vercel/
+.netlify/
+
+# ── Environment & secrets ──
+.env
+.env.*
+!.env.example
+*.pem
+*.key
+*.cert
+
+# ── Version control ──
+.git/
+.svn/
+.hg/
+
+# ── IDE / Editor ──
+.idea/
+.vscode/
+*.swp
+*.swo
+*~
+
+# ── OS files ──
+.DS_Store
+Thumbs.db
+desktop.ini
+
+# ── Caches ──
+.cache/
+__pycache__/
+*.pyc
+.pytest_cache/
+.mypy_cache/
+
+# ── Coverage & tests ──
+coverage/
+.nyc_output/
+htmlcov/
+
+# ── Logs ──
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# ── Lock files (large) ──
+package-lock.json
+yarn.lock
+pnpm-lock.yaml
+composer.lock
+Gemfile.lock
+Cargo.lock
+
+# ── Compiled / binary / large ──
+*.min.js
+*.min.css
+*.map
+*.bundle.js
+*.chunk.js
+*.wasm
+*.so
+*.dylib
+*.dll
+*.exe
+*.o
+*.a
+*.class
+*.jar
+*.war
+*.zip
+*.tar.gz
+*.tgz
+*.rar
+*.7z
+*.iso
+*.dmg
+
+# ── Media (large files) ──
+*.mp4
+*.mp3
+*.avi
+*.mov
+*.mkv
+*.wav
+*.flac
+*.png
+*.jpg
+*.jpeg
+*.gif
+*.bmp
+*.ico
+*.svg
+*.webp
+*.ttf
+*.woff
+*.woff2
+*.eot
+*.otf
+*.pdf
+
+# ── Database ──
+*.sqlite
+*.sqlite3
+*.db
+
+# ── Terraform / IaC ──
+.terraform/
+*.tfstate
+*.tfstate.*
+
+# ── Docker ──
+*.tar
+
+# ── Gradle / Maven ──
+.gradle/
+target/

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "sapper-iq",
-  "version": "1.1.36",
+  "version": "1.1.37",
   "description": "AI-powered development assistant that executes commands and builds projects",
   "main": "sapper.mjs",
   "bin": {

package/sapper-ui.mjs

@@ -88,6 +88,56 @@ function loadSkills() {
 
 const IGNORE_DIRS = new Set(['node_modules', '.git', '.sapper', '__pycache__', '.next', 'dist', 'build', '.cache']);
 
+// ─── .sapperignore Support ─────────────────────────────────
+const SAPPERIGNORE_FILE = '.sapperignore';
+
+function loadSapperIgnorePatterns() {
+  const patterns = [];
+  try {
+    const ignorePath = join(workingDir, SAPPERIGNORE_FILE);
+    if (fs.existsSync(ignorePath)) {
+      const lines = fs.readFileSync(ignorePath, 'utf8').split('\n');
+      for (const rawLine of lines) {
+        const line = rawLine.trim();
+        if (!line || line.startsWith('#')) continue;
+        const negate = line.startsWith('!');
+        const pattern = negate ? line.slice(1) : line;
+        patterns.push({ pattern, negate });
+      }
+    }
+  } catch (e) {}
+  return patterns;
+}
+
+let _sapperIgnorePatterns = null;
+function getSapperIgnorePatterns() {
+  if (_sapperIgnorePatterns === null) _sapperIgnorePatterns = loadSapperIgnorePatterns();
+  return _sapperIgnorePatterns;
+}
+
+function ignorePatternToRegex(pattern) {
+  let p = pattern.replace(/\/+$/, '');
+  p = p.replace(/([.+^${}()|[\]\\])/g, '\\$1');
+  p = p.replace(/\*\*/g, '<<<GLOBSTAR>>>');
+  p = p.replace(/\*/g, '[^/]*');
+  p = p.replace(/<<<GLOBSTAR>>>/g, '.*');
+  p = p.replace(/\?/g, '[^/]');
+  return new RegExp(`(^|/)${p}($|/)`, 'i');
+}
+
+function shouldIgnore(nameOrPath) {
+  const baseName = nameOrPath.includes('/') ? nameOrPath.split('/').pop() : nameOrPath;
+  if (IGNORE_DIRS.has(baseName)) return true;
+  const patterns = getSapperIgnorePatterns();
+  if (patterns.length === 0) return false;
+  let ignored = false;
+  for (const { pattern, negate } of patterns) {
+    const regex = ignorePatternToRegex(pattern);
+    if (regex.test(nameOrPath) || regex.test(baseName)) ignored = !negate;
+  }
+  return ignored;
+}
+
 function safePath(p) {
   const resolved = resolve(workingDir, p || '.');
   if (!resolved.startsWith(workingDir)) return null;
@@ -150,7 +200,7 @@ const tools = {
       let dir = resolve(workingDir, path.trim() || '.');
       if (dir === '/') dir = workingDir;
       const entries = fs.readdirSync(dir);
-      return entries.filter(e => !IGNORE_DIRS.has(e) && !e.startsWith('.')).join('\n') || '(empty)';
+      return entries.filter(e => !shouldIgnore(e) && !e.startsWith('.')).join('\n') || '(empty)';
     } catch (e) { return `Error: ${e.message}`; }
   },
   read: (path) => {
@@ -208,7 +258,11 @@ const tools = {
   },
   search: (pattern) => {
     return new Promise((res) => {
-      const excludes = [...IGNORE_DIRS].join(',');
+      const allIgnoreDirs = new Set(IGNORE_DIRS);
+      for (const { pattern: p, negate } of getSapperIgnorePatterns()) {
+        if (!negate && p.endsWith('/')) allIgnoreDirs.add(p.replace(/\/+$/, ''));
+      }
+      const excludes = [...allIgnoreDirs].join(',');
       const cmd = `grep -rEin "${pattern.replace(/"/g, '\\"')}" . --exclude-dir={${excludes}} --include="*.{js,ts,jsx,tsx,py,java,go,rs,rb,php,c,cpp,h,css,scss,html,json,md,txt,yml,yaml,toml,sh}" 2>/dev/null | head -50`;
       const proc = spawn('sh', ['-c', cmd], { cwd: workingDir });
       let out = '';
@@ -403,7 +457,7 @@ function getTreeEntries(dirPath) {
   try {
     const entries = fs.readdirSync(safe);
     return entries
-      .filter(e => !IGNORE_DIRS.has(e) && !e.startsWith('.'))
+      .filter(e => !shouldIgnore(e) && !e.startsWith('.'))
       .map(e => {
         try {
           const stat = fs.statSync(join(safe, e));