npm - superclaude-kiro - Versions diffs - 1.3.3 → 1.3.7 - Mend

superclaude-kiro 1.3.3 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "superclaude-kiro",
-  "version": "1.3.3",
+  "version": "1.3.7",
   "description": "SuperClaude Framework for Kiro (CLI and IDE) - Easy installation for teams",
   "type": "module",
   "bin": {
@@ -46,4 +46,4 @@
     "README.md",
     "LICENSE"
   ]
-}
+}

package/src/installer.js CHANGED Viewed

@@ -209,7 +209,7 @@ export async function installSuperClaude(options = {}) {
       console.log(chalk.gray(`    - ${selectedServers.length} MCP servers`));
     }
     if (trustedResult && trustedResult.count > 0) {
-      console.log(chalk.gray(`    - ${trustedResult.total} trusted commands (${trustedResult.count} new)`));
+      console.log(chalk.gray(`    - ${trustedResult.total} trusted commands + shell/write/read/webFetch tools`));
     }
     console.log('');
     console.log(chalk.cyan('Quick Start:'));
@@ -400,22 +400,28 @@ export async function getStatus() {
     }
   }
-  // Check trusted commands
+  // Check trusted commands and trusted tools
   const ideSettingsPath = getKiroIdeSettingsPath();
   if (await fs.pathExists(ideSettingsPath)) {
     try {
       const ideSettings = await fs.readJson(ideSettingsPath);
       const trustedCmds = ideSettings['kiroAgent.trustedCommands'] || ideSettings['kiro.agent.trustedCommands'] || [];
+      const trustedTools = ideSettings['kiroAgent.trustedTools'] || [];
       if (trustedCmds.length > 0) {
         console.log(chalk.green(`    ✔ Trusted commands (${trustedCmds.length})`));
       } else {
         console.log(chalk.yellow('    ○ Trusted commands (none configured)'));
       }
+      if (trustedTools.length > 0) {
+        console.log(chalk.green(`    ✔ Trusted tools (${trustedTools.join(', ')})`));
+      } else {
+        console.log(chalk.yellow('    ○ Trusted tools (none configured - run install to fix)'));
+      }
     } catch {
-      console.log(chalk.yellow('    ○ Trusted commands (settings unreadable)'));
+      console.log(chalk.yellow('    ○ Trusted commands/tools (settings unreadable)'));
     }
   } else {
-    console.log(chalk.yellow('    ○ Trusted commands (Kiro IDE settings not found)'));
+    console.log(chalk.yellow('    ○ Trusted commands/tools (Kiro IDE settings not found)'));
   }
   console.log('');
@@ -573,8 +579,13 @@ function getKiroIdeSettingsPath() {
 }
 /**
- * Configure Kiro IDE trusted commands for auto-approving common dev tool CLI calls.
+ * Configure Kiro IDE trusted commands and trusted tools for auto-approving
+ * common dev tool CLI calls and built-in IDE tools.
  * Merges with existing user settings without overwriting.
+ *
+ * Two separate Kiro IDE settings:
+ * - kiroAgent.trustedCommands: shell command prefix patterns (e.g. "git *")
+ * - kiroAgent.trustedTools: built-in IDE tool names (e.g. "shell", "write", "read")
  */
 async function configureTrustedCommands(categories = null) {
   const settingsPath = getKiroIdeSettingsPath();
@@ -603,6 +614,7 @@ async function configureTrustedCommands(categories = null) {
     }
   }
+  // --- trustedCommands ---
   // Use the current Kiro IDE settings key (kiroAgent.trustedCommands)
   // Also migrate from the old key (kiro.agent.trustedCommands) if present
   const CURRENT_KEY = 'kiroAgent.trustedCommands';
@@ -622,6 +634,21 @@ async function configureTrustedCommands(categories = null) {
     delete settings[LEGACY_KEY];
   }
+  // --- trustedTools ---
+  // kiroAgent.trustedTools controls Kiro IDE's built-in tool auto-approval
+  // (separate from trustedCommands which is for shell command prefix matching).
+  // "shell" auto-approves all shell tool invocations including scripts with
+  // dynamic variable prefixes like $VAR/script.sh that prefix matching can't handle.
+  const TOOLS_KEY = 'kiroAgent.trustedTools';
+  const TRUSTED_TOOLS = ['shell', 'write', 'read', 'webFetch', 'remote_web_search'];
+  const existingTools = settings[TOOLS_KEY] || [];
+  const existingToolsSet = new Set(existingTools);
+  const newTools = TRUSTED_TOOLS.filter(t => !existingToolsSet.has(t));
+  if (newTools.length > 0) {
+    settings[TOOLS_KEY] = [...existingTools, ...newTools];
+  }
   // Write back
   await fs.ensureDir(path.dirname(settingsPath));
   await fs.writeJson(settingsPath, settings, { spaces: 2 });

package/src/mcp-servers.js CHANGED Viewed

@@ -127,7 +127,8 @@ export function buildServerConfig(serverName, apiKey = null, overrides = {}) {
   const config = {
     command: overrides.command || server.config.command,
-    args: overrides.args ? [...overrides.args] : [...server.config.args]
+    args: overrides.args ? [...overrides.args] : [...server.config.args],
+    disabled: false
   };
   // Start with server-defined env, then override env (e.g. PATH augmentation, SSL certs)

package/src/trusted-commands.js CHANGED Viewed

@@ -188,37 +188,125 @@ export const COMMAND_CATEGORIES = {
       'tasklist',
       'tasklist *',
       'wsl *',
+      // Bash / shell scripting
+      'bash *',
+      'sh *',
+      'source *',
+      'export *',
+      'set *',
+      'unset *',
+      'test *',
+      'printf *',
+      'dirname *',
+      'basename *',
+      'realpath *',
+      'readlink *',
+      'mktemp *',
+      'sleep *',
+      'true',
+      'false',
+      'seq *',
+      'date *',
+      'id',
+      'uname *',
+      'timeout *',
+      'paste *',
+      'comm *',
+      'column *',
+      'nl *',
+      'expand *',
+      'fold *',
+      'md5sum *',
+      'sha256sum *',
+      'base64 *',
+      'strings *',
+      'iconv *',
+      'dos2unix *',
+      'unix2dos *',
+      'patch *',
+      'envsubst *',
+      // PowerShell foreach
+      'foreach *',
+      '(foreach *',
+      '(ForEach-*',
       // PowerShell cmdlets
       'Get-Content *',
       'Set-Content *',
+      'Add-Content *',
+      'Clear-Content *',
       'Get-Item *',
       'Get-ChildItem',
       'Get-ChildItem *',
       'Get-ItemProperty *',
+      'Get-ItemPropertyValue *',
+      'Set-ItemProperty *',
       'Select-Object *',
       'Select-String *',
+      'Select-Xml *',
       'Where-Object *',
       'ForEach-Object *',
       'ConvertFrom-Json *',
       'ConvertTo-Json *',
+      'ConvertFrom-Csv *',
+      'ConvertTo-Csv *',
+      'Import-Csv *',
+      'Export-Csv *',
       'Out-File *',
+      'Out-String *',
+      'Out-Null',
       'Test-Path *',
       'New-Item *',
       'Copy-Item *',
       'Move-Item *',
       'Rename-Item *',
       'Invoke-WebRequest *',
+      'Invoke-RestMethod *',
       'Write-Output *',
       'Write-Host *',
+      'Write-Error *',
+      'Write-Warning *',
+      'Write-Verbose *',
+      'Write-Debug *',
       'Get-Process',
       'Get-Process *',
       'Get-Service',
       'Get-Service *',
       'Sort-Object *',
+      'Group-Object *',
       'Measure-Object *',
       'Format-Table *',
       'Format-List *',
       'Compare-Object *',
+      'Tee-Object *',
+      'Add-Member *',
+      'New-Object *',
+      // PowerShell flow control and scripting
+      'Start-Sleep *',
+      'Start-Process *',
+      'Wait-Process *',
+      // PowerShell path and location
+      'Join-Path *',
+      'Split-Path *',
+      'Resolve-Path *',
+      'Convert-Path *',
+      'Set-Location *',
+      'Get-Location',
+      'Push-Location *',
+      'Pop-Location',
+      // PowerShell date, hash, and utility
+      'Get-Date',
+      'Get-Date *',
+      'Get-Random',
+      'Get-Random *',
+      'Get-Unique *',
+      'Get-FileHash *',
+      // PowerShell network
+      'Test-Connection *',
+      'Resolve-DnsName *',
+      // PowerShell module management (read-only)
+      'Get-Module',
+      'Get-Module *',
+      'Import-Module *',
       // PowerShell subexpressions — (Get-Content ...) etc.
       '(Get-*',
       '(Set-*',
@@ -230,6 +318,25 @@ export const COMMAND_CATEGORIES = {
       '(New-*',
       '(Copy-*',
       '(Move-*',
+      '(Join-*',
+      '(Split-*',
+      '(Resolve-*',
+      '(Convert-*',
+      '(Import-*',
+      '(Export-*',
+      '(Format-*',
+      '(Measure-*',
+      '(Compare-*',
+      '(Add-*',
+      '(Start-*',
+      '(Wait-*',
+      '(Write-*',
+      '(Sort-*',
+      '(Group-*',
+      // Dynamic variable-prefixed commands (e.g. $JAVA_HOME/bin/java, $var/script.sh)
+      // These can't be matched by static prefix patterns, so we trust the $ prefix broadly.
+      // This covers scripts and binaries invoked via environment variable paths.
+      '$*',
     ]
   },
@@ -252,6 +359,19 @@ export const COMMAND_CATEGORIES = {
       'ruff *',
       'black *',
       'flake8 *',
+      // Document processing tools (used by docx, pdf, pptx, xlsx skills)
+      'pandoc *',
+      'pdftotext *',
+      'pdfimages *',
+      'pdftoppm *',
+      'qpdf *',
+      'pdftk *',
+      'gs *',
+      'soffice *',
+      'markitdown *',
+      // Image and OCR tools (used by pdf, slack-gif-creator skills)
+      'convert *',
+      'tesseract *',
     ]
   },