supipowers 0.4.0 → 0.6.0

package/src/context-mode/hooks.ts

@@ -0,0 +1,176 @@
+// src/context-mode/hooks.ts
+import type { ExtensionAPI } from "@oh-my-pi/pi-coding-agent";
+import type { SupipowersConfig } from "../types.js";
+import { compressToolResult } from "./compressor.js";
+import { detectContextMode, type ContextModeStatus } from "./detector.js";
+import { EventStore } from "./event-store.js";
+import { extractEvents, extractPromptEvents } from "./event-extractor.js";
+import { buildResumeSnapshot } from "./snapshot-builder.js";
+import { readFileSync, mkdirSync } from "node:fs";
+import { join, dirname } from "node:path";
+import { fileURLToPath } from "node:url";
+
+// Cached detection result
+let cachedStatus: ContextModeStatus | null = null;
+
+/** HTTP command patterns for blocking */
+const HTTP_PATTERNS = [
+  /^\s*curl\s/,
+  /^\s*wget\s/,
+  /\bcurl\s+(-[a-zA-Z]*\s+)*https?:\/\//,
+  /\bwget\s+(-[a-zA-Z]*\s+)*https?:\/\//,
+];
+
+function isHttpCommand(command: unknown): boolean {
+  if (typeof command !== "string") return false;
+  return HTTP_PATTERNS.some((p) => p.test(command));
+}
+
+function loadRoutingSkill(): string | null {
+  try {
+    const __dirname = dirname(fileURLToPath(import.meta.url));
+    const skillPath = join(__dirname, "..", "..", "skills", "context-mode", "SKILL.md");
+    return readFileSync(skillPath, "utf-8");
+  } catch {
+    return null;
+  }
+}
+
+/** Register context-mode hooks on the extension API */
+export function registerContextModeHooks(pi: ExtensionAPI, config: SupipowersConfig): void {
+  if (!config.contextMode.enabled) return;
+
+  // Phase 2: Event store initialization
+  let eventStore: EventStore | null = null;
+  let sessionId = `session-${Date.now()}`;
+
+  if (config.contextMode.eventTracking) {
+    try {
+      const dbDir = join(process.cwd(), ".omp", "supipowers", "sessions");
+      mkdirSync(dbDir, { recursive: true });
+      eventStore = new EventStore(join(dbDir, "events.db"));
+      eventStore.init();
+    } catch (e) {
+      (pi as any).logger?.error?.("context-mode: failed to initialize event store", e);
+    }
+  }
+
+  // Update module-level refs for compaction hooks
+  _eventStoreRef = eventStore;
+  _sessionIdRef = sessionId;
+
+  // Phase 1: Result compression + Phase 2: Event extraction
+  pi.on("tool_result", (event) => {
+    // Phase 1: compression
+    const compressed = compressToolResult(event, config.contextMode.compressionThreshold);
+
+    // Phase 2: event extraction (fire-and-forget)
+    if (eventStore && config.contextMode.eventTracking) {
+      try {
+        const events = extractEvents(event, sessionId);
+        if (events.length > 0) eventStore.writeEvents(events);
+      } catch (e) {
+        (pi as any).logger?.warn?.("context-mode: event extraction failed", e);
+      }
+    }
+
+    return compressed;
+  });
+
+  // Phase 1: Command blocking
+  pi.on("tool_call", (event) => {
+    if (!config.contextMode.blockHttpCommands) return;
+    if (event.toolName !== "bash") return;
+
+    const command = event.input?.command;
+    if (!isHttpCommand(command)) return;
+
+    // Only block if context-mode has a replacement tool
+    if (!cachedStatus) cachedStatus = detectContextMode(pi.getActiveTools());
+    if (!cachedStatus.tools.ctxFetchAndIndex) return;
+
+    return {
+      block: true,
+      reason:
+        "Use ctx_fetch_and_index instead of curl/wget. " +
+        "It fetches the URL, indexes the content, and returns a compressed summary.",
+    };
+  });
+
+  // Phase 1: Routing instructions + Phase 2: Prompt event extraction
+  pi.on("before_agent_start", (event) => {
+    // Phase 2: prompt event extraction (fire-and-forget)
+    if (eventStore && config.contextMode.eventTracking) {
+      try {
+        const prompt = (event as any).prompt as string | undefined;
+        if (prompt) {
+          const events = extractPromptEvents(prompt, sessionId);
+          if (events.length > 0) eventStore.writeEvents(events);
+        }
+      } catch (e) {
+        (pi as any).logger?.warn?.("context-mode: prompt event extraction failed", e);
+      }
+    }
+
+    // Phase 1: routing instructions
+    if (!config.contextMode.routingInstructions) return;
+    if (!cachedStatus) cachedStatus = detectContextMode(pi.getActiveTools());
+    if (!cachedStatus.available) return;
+
+    const skill = loadRoutingSkill();
+    if (!skill) return;
+
+    const systemPrompt = (event as any).systemPrompt as string | undefined;
+    if (!systemPrompt) return { systemPrompt: skill };
+    return { systemPrompt: systemPrompt + "\n\n" + skill };
+  });
+
+  // Phase 3: Compaction integration
+  if (config.contextMode.compaction && eventStore) {
+    let pendingSnapshot: string | null = null;
+
+    pi.on("session_before_compact", () => {
+      try {
+        pendingSnapshot = buildResumeSnapshot(eventStore!, sessionId);
+      } catch (e) {
+        (pi as any).logger?.warn?.("context-mode: snapshot build failed", e);
+        pendingSnapshot = null;
+      }
+      return undefined; // don't cancel or replace compaction
+    });
+
+    pi.on("session.compacting", () => {
+      if (!pendingSnapshot) return undefined;
+      const snapshot = pendingSnapshot;
+      pendingSnapshot = null;
+      return {
+        context: snapshot.split("\n"),
+        preserveData: {
+          resumeSnapshot: snapshot,
+          eventCounts: eventStore!.getEventCounts(sessionId),
+        },
+      };
+    });
+  }
+}
+
+/** Get the event store instance (for use by compaction hooks) */
+export function getEventStore(): EventStore | null {
+  return _eventStoreRef;
+}
+
+/** Get the session ID (for use by compaction hooks) */
+export function getSessionId(): string {
+  return _sessionIdRef;
+}
+
+// Module-level refs updated by registerContextModeHooks
+let _eventStoreRef: EventStore | null = null;
+let _sessionIdRef = "";
+
+/** Reset cached state (for testing) */
+export function _resetCache(): void {
+  cachedStatus = null;
+  _eventStoreRef = null;
+  _sessionIdRef = "";
+}

package/src/context-mode/installer.ts

@@ -0,0 +1,71 @@
+// src/context-mode/installer.ts
+import { detectContextMode } from "./detector.js";
+
+type ExecFn = (cmd: string, args: string[]) => Promise<{ stdout: string; code: number }>;
+
+/** Installation status */
+export interface ContextModeInstallStatus {
+  cliInstalled: boolean;
+  mcpConfigured: boolean;
+  toolsAvailable: boolean;
+  version: string | null;
+}
+
+/** Check context-mode installation status */
+export async function checkInstallation(
+  exec: ExecFn,
+  activeTools: string[],
+): Promise<ContextModeInstallStatus> {
+  const status = detectContextMode(activeTools);
+
+  // Check CLI
+  let cliInstalled = false;
+  let version: string | null = null;
+
+  try {
+    const whichResult = await exec("which", ["context-mode"]);
+    cliInstalled = whichResult.code === 0;
+  } catch {
+    cliInstalled = false;
+  }
+
+  // Get version
+  if (cliInstalled) {
+    try {
+      const versionResult = await exec("context-mode", ["--version"]);
+      if (versionResult.code === 0) {
+        version = versionResult.stdout.trim() || null;
+      }
+    } catch {
+      version = null;
+    }
+  }
+
+  return {
+    cliInstalled,
+    mcpConfigured: status.available,
+    toolsAvailable: status.available,
+    version,
+  };
+}
+
+/** Install context-mode globally */
+export async function installContextMode(
+  exec: ExecFn,
+): Promise<{ success: boolean; error?: string }> {
+  try {
+    const result = await exec("npm", ["install", "-g", "context-mode"]);
+    if (result.code !== 0) {
+      return {
+        success: false,
+        error: `npm install failed (exit ${result.code}). Check permissions or try: sudo npm install -g context-mode`,
+      };
+    }
+    return { success: true };
+  } catch (e) {
+    return {
+      success: false,
+      error: `Installation failed: ${e instanceof Error ? e.message : String(e)}`,
+    };
+  }
+}

package/src/context-mode/snapshot-builder.ts

@@ -0,0 +1,127 @@
+// src/context-mode/snapshot-builder.ts
+import type { EventStore, TrackedEvent } from "./event-store.js";
+
+const CAPS = {
+  tasks: 10,
+  decisions: 5,
+  files: 20,
+  errors: 3,
+  git: 5,
+};
+
+/** Build a resume snapshot from tracked events for a session */
+export function buildResumeSnapshot(eventStore: EventStore, sessionId: string): string {
+  const counts = eventStore.getEventCounts(sessionId);
+  const hasAnyEvents = Object.values(counts).some((c) => c > 0);
+  if (!hasAnyEvents) return "";
+
+  const sections: string[] = ["<session_knowledge>"];
+
+  // Last request
+  const prompts = eventStore.getEvents(sessionId, { categories: ["prompt"], limit: 1 });
+  if (prompts.length > 0) {
+    const data = safeParse(prompts[0].data);
+    const prompt = typeof data?.prompt === "string" ? data.prompt.slice(0, 200) : "";
+    if (prompt) {
+      sections.push(`  <last_request>${prompt}</last_request>`);
+    }
+  }
+
+  // Pending tasks
+  const tasks = eventStore.getEvents(sessionId, { categories: ["task"], limit: CAPS.tasks });
+  if (tasks.length > 0) {
+    sections.push("  <pending_tasks>");
+    for (const t of tasks) {
+      const data = safeParse(t.data);
+      const content = extractTaskContent(data);
+      if (content) sections.push(`    - ${content.slice(0, 100)}`);
+    }
+    sections.push("  </pending_tasks>");
+  }
+
+  // Key decisions
+  const decisions = eventStore.getEvents(sessionId, { categories: ["decision"], limit: CAPS.decisions });
+  if (decisions.length > 0) {
+    sections.push("  <key_decisions>");
+    for (const d of decisions) {
+      const data = safeParse(d.data);
+      const prompt = typeof data?.prompt === "string" ? data.prompt.slice(0, 100) : "";
+      if (prompt) sections.push(`    - ${prompt}`);
+    }
+    sections.push("  </key_decisions>");
+  }
+
+  // Files modified (write/edit only, deduplicated)
+  const fileEvents = eventStore.getEvents(sessionId, { categories: ["file"], limit: 200 });
+  const modifiedPaths = new Set<string>();
+  for (const f of fileEvents) {
+    const data = safeParse(f.data);
+    if (data?.op === "edit" || data?.op === "write") {
+      if (typeof data.path === "string") modifiedPaths.add(data.path);
+    }
+  }
+  if (modifiedPaths.size > 0) {
+    sections.push("  <files_modified>");
+    const paths = [...modifiedPaths].slice(0, CAPS.files);
+    for (const p of paths) sections.push(`    - ${p}`);
+    sections.push("  </files_modified>");
+  }
+
+  // Recent errors
+  const errors = eventStore.getEvents(sessionId, { categories: ["error"], limit: CAPS.errors });
+  if (errors.length > 0) {
+    sections.push("  <recent_errors>");
+    for (const e of errors) {
+      const data = safeParse(e.data);
+      const summary = formatErrorSummary(data);
+      if (summary) sections.push(`    - ${summary.slice(0, 150)}`);
+    }
+    sections.push("  </recent_errors>");
+  }
+
+  // Git state
+  const gitEvents = eventStore.getEvents(sessionId, { categories: ["git"], limit: CAPS.git });
+  if (gitEvents.length > 0) {
+    sections.push("  <git_state>");
+    for (const g of gitEvents) {
+      const data = safeParse(g.data);
+      const cmd = typeof data?.command === "string" ? data.command.slice(0, 100) : "";
+      if (cmd) sections.push(`    - ${cmd}`);
+    }
+    sections.push("  </git_state>");
+  }
+
+  sections.push("</session_knowledge>");
+
+  // If only the wrapper tags exist (no inner sections), return empty
+  if (sections.length <= 2) return "";
+
+  return sections.join("\n");
+}
+
+function safeParse(json: string): Record<string, unknown> | null {
+  try {
+    return JSON.parse(json);
+  } catch {
+    return null;
+  }
+}
+
+function extractTaskContent(data: Record<string, unknown> | null): string | null {
+  if (!data?.input) return null;
+  const input = data.input as Record<string, unknown>;
+  if (Array.isArray(input.ops)) {
+    const ops = input.ops as Array<{ content?: string; op?: string }>;
+    return ops.map((o) => `${o.op ?? "task"}: ${o.content ?? ""}`).join("; ");
+  }
+  return JSON.stringify(input).slice(0, 100);
+}
+
+function formatErrorSummary(data: Record<string, unknown> | null): string | null {
+  if (!data) return null;
+  const command = typeof data.command === "string" ? data.command : "";
+  const toolName = typeof data.toolName === "string" ? data.toolName : "";
+  const exitCode = typeof data.exitCode === "number" ? ` (exit ${data.exitCode})` : "";
+  const prefix = command || toolName;
+  return prefix ? `${prefix}${exitCode}` : null;
+}

package/src/discipline/debugging.ts

@@ -1,6 +1,6 @@
 /**
  * Systematic debugging instructions for sub-agent prompts.
- * Matches superpowers' systematic-debugging skill depth.
+ * Matches supipowers' systematic-debugging skill depth.
  */
 export function buildDebuggingInstructions(): string {
   return [
@@ -46,12 +46,12 @@ export function buildDebuggingInstructions(): string {
     "",
     "### Red Flags — STOP and Follow the Process",
     "",
-    "- \"Quick fix for now, investigate later\"",
-    "- \"Just try changing X and see if it works\"",
-    "- \"Skip the test, I'll manually verify\"",
-    "- \"It's probably X, let me fix that\"",
-    "- \"I don't fully understand but this might work\"",
-    "- \"One more fix attempt\" (when already tried 2+)",
+    '- "Quick fix for now, investigate later"',
+    '- "Just try changing X and see if it works"',
+    '- "Skip the test, I\'ll manually verify"',
+    '- "It\'s probably X, let me fix that"',
+    '- "I don\'t fully understand but this might work"',
+    '- "One more fix attempt" (when already tried 2+)',
     "- Each fix reveals a new problem in a different place",
   ].join("\n");
 }

package/src/discipline/receiving-review.ts

@@ -1,6 +1,6 @@
 /**
  * Receiving code review instructions for sub-agent prompts.
- * Matches superpowers' receiving-code-review skill:
+ * Matches supipowers' receiving-code-review skill:
  * technical rigor and verification, not performative agreement.
  */
 export function buildReceivingReviewInstructions(): string {
@@ -22,9 +22,9 @@ export function buildReceivingReviewInstructions(): string {
     "### Forbidden Responses",
     "",
     "Never use performative agreement:",
-    "- \"You're absolutely right!\"",
-    "- \"Great point!\"",
-    "- \"Excellent catch!\"",
+    '- "You\'re absolutely right!"',
+    '- "Great point!"',
+    '- "Excellent catch!"',
     "",
     "Instead: restate requirements, ask clarifying questions, take action.",
     "",
@@ -41,7 +41,7 @@ export function buildReceivingReviewInstructions(): string {
     "",
     "### YAGNI Check",
     "",
-    "For suggested \"professional features\" — grep the codebase for actual usage.",
+    'For suggested "professional features" — grep the codebase for actual usage.',
     "If unused, suggest removal instead of implementing.",
     "",
     "### Implementation Order",

package/src/discipline/tdd.ts

@@ -1,6 +1,6 @@
 /**
  * TDD enforcement instructions for sub-agent prompts.
- * Matches superpowers' test-driven-development skill depth.
+ * Matches supipowers' test-driven-development skill depth.
  */
 export function buildTddInstructions(): string {
   return [
@@ -49,7 +49,7 @@ export function buildTddInstructions(): string {
     "- Test passes immediately",
     "- Can't explain why test failed",
     "- Tests added later",
-    "- Rationalizing \"just this once\"",
+    '- Rationalizing "just this once"',
     "",
     "### Testing Anti-Patterns",
     "",

package/src/discipline/verification.ts

@@ -1,6 +1,6 @@
 /**
  * Verification-before-completion instructions for sub-agent prompts.
- * Matches superpowers' verification-before-completion skill depth.
+ * Matches supipowers' verification-before-completion skill depth.
  */
 export function buildVerificationInstructions(): string {
   return [
@@ -27,31 +27,31 @@ export function buildVerificationInstructions(): string {
     "",
     "| Claim | Requires | Not Sufficient |",
     "|-------|----------|----------------|",
-    "| Tests pass | Test command output: 0 failures | Previous run, \"should pass\" |",
+    '| Tests pass | Test command output: 0 failures | Previous run, "should pass" |',
     "| Build succeeds | Build command: exit 0 | Linter passing, logs look good |",
     "| Bug fixed | Test original symptom: passes | Code changed, assumed fixed |",
     "| Regression test works | Red-green cycle verified | Test passes once |",
-    "| Agent completed | VCS diff shows changes | Agent reports \"success\" |",
+    '| Agent completed | VCS diff shows changes | Agent reports "success" |',
     "| Requirements met | Line-by-line checklist | Tests passing |",
     "",
     "### Red Flags — STOP Before Claiming",
     "",
-    "- Using \"should\", \"probably\", \"seems to\"",
-    "- Expressing satisfaction before verification (\"Great!\", \"Perfect!\", \"Done!\")",
+    '- Using "should", "probably", "seems to"',
+    '- Expressing satisfaction before verification ("Great!", "Perfect!", "Done!")',
     "- About to commit/push/PR without verification",
     "- Trusting agent success reports without checking",
     "- Relying on partial verification",
-    "- Thinking \"just this once\"",
+    '- Thinking "just this once"',
     "",
     "### Verification Patterns",
     "",
     "**Tests:**",
     "- Run test command → see actual pass count → then claim",
-    "- Never say \"should pass now\" or \"looks correct\"",
+    '- Never say "should pass now" or "looks correct"',
     "",
     "**Regression tests (TDD red-green):**",
     "- Write → Run (pass) → Revert fix → Run (MUST FAIL) → Restore → Run (pass)",
-    "- Never say \"I've written a regression test\" without red-green verification",
+    '- Never say "I\'ve written a regression test" without red-green verification',
     "",
     "**Build:**",
     "- Run build → see exit 0 → then claim",
@@ -59,7 +59,7 @@ export function buildVerificationInstructions(): string {
     "",
     "**Requirements:**",
     "- Re-read plan → create checklist → verify each → report gaps or completion",
-    "- Never say \"tests pass, phase complete\" without checking requirements",
+    '- Never say "tests pass, phase complete" without checking requirements',
     "",
     "**Agent delegation:**",
     "- Agent reports success → check VCS diff → verify changes → report actual state",

package/src/git/base-branch.ts

@@ -0,0 +1,30 @@
+type ExecFn = (cmd: string, args: string[]) => Promise<{ stdout: string; code: number }>;
+
+const FALLBACK = "main";
+
+/**
+ * Detect the repository's default branch.
+ * Strategy:
+ * 1. git symbolic-ref refs/remotes/origin/HEAD → parse branch name
+ * 2. git config init.defaultBranch
+ * 3. Falls back to "main"
+ */
+export async function detectBaseBranch(exec: ExecFn): Promise<string> {
+  try {
+    const result = await exec("git", ["symbolic-ref", "refs/remotes/origin/HEAD"]);
+    if (result.code === 0 && result.stdout.trim()) {
+      const ref = result.stdout.trim();
+      const branch = ref.replace(/^refs\/remotes\/origin\//, "");
+      if (branch && branch !== ref) return branch;
+    }
+  } catch { /* continue to next strategy */ }
+
+  try {
+    const result = await exec("git", ["config", "init.defaultBranch"]);
+    if (result.code === 0 && result.stdout.trim()) {
+      return result.stdout.trim();
+    }
+  } catch { /* continue to fallback */ }
+
+  return FALLBACK;
+}

package/src/git/branch-finish.ts

@@ -1,3 +1,5 @@
+import { assertSafeRef, assertSafePath } from "./sanitize.js";
+
 export interface FinishOption {
   id: "merge" | "pr" | "keep" | "discard";
   label: string;
@@ -19,15 +21,21 @@ export interface BranchFinishPromptOptions {
 
 /**
  * Build the prompt that guides the agent through finishing a development branch.
- * Follows superpowers' finishing-a-development-branch skill:
+ * Follows supipowers' finishing-a-development-branch skill:
  * - Verify tests pass first
  * - Present exactly 4 options
  * - Execute chosen option
  * - Clean up worktree (conditional)
  */
-export function buildBranchFinishPrompt(options: BranchFinishPromptOptions): string {
+export function buildBranchFinishPrompt(
+  options: BranchFinishPromptOptions,
+): string {
   const { branchName, baseBranch, worktreePath } = options;
 
+  assertSafeRef(branchName, "branchName");
+  assertSafeRef(baseBranch, "baseBranch");
+  if (worktreePath) assertSafePath(worktreePath, "worktreePath");
+
   const sections: string[] = [
     "## Finish Development Branch",
     "",
@@ -77,6 +85,7 @@ export function buildBranchFinishPrompt(options: BranchFinishPromptOptions): str
     "",
     "```bash",
     `git checkout ${baseBranch}`,
+    ...(worktreePath ? [`git worktree remove ${worktreePath}`] : []),
     `git branch -D ${branchName}`,
     "```",
   ];
@@ -88,7 +97,7 @@ export function buildBranchFinishPrompt(options: BranchFinishPromptOptions): str
       "",
       `Worktree at: \`${worktreePath}\``,
       "",
-      "- **Options 1 and 4:** Clean up the worktree:",
+      "- **Option 1:** Clean up the worktree:",
       "  ```bash",
       `  git worktree remove ${worktreePath}`,
       "  ```",

package/src/git/sanitize.ts

@@ -0,0 +1,19 @@
+/**
+ * Validate a git ref name for safe interpolation into shell commands.
+ * Rejects names containing shell metacharacters, whitespace, or git-invalid sequences.
+ * Follows git-check-ref-format rules plus shell safety.
+ */
+const SAFE_REF = /^[a-zA-Z0-9][a-zA-Z0-9._\/-]*$/;
+const BANNED = /\.\.|\/{2}|@\{|[~^:?*\[\\]/;
+
+export function assertSafeRef(value: string, label: string): void {
+  if (!value || !SAFE_REF.test(value) || BANNED.test(value) || value.endsWith(".lock") || value.endsWith("/") || value.endsWith(".")) {
+    throw new Error(`Unsafe ${label}: "${value}" contains characters not allowed in git ref names or shell commands`);
+  }
+}
+
+export function assertSafePath(value: string, label: string): void {
+  if (!value || /[;&|`$(){}!#<>'"\\]/.test(value)) {
+    throw new Error(`Unsafe ${label}: "${value}" contains shell metacharacters`);
+  }
+}