UniqueSoft/APAW
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

feat(evolution): Kilo Code release sync & APAW system hardening (v2026-05-07)

Browse Source 
Security & Permissions:
- All 30 agents: task[*]=deny, task[subagent]=deny (cascade prevention)
- orchestrator & release-manager: bash=ask (hardening)
- New .kilo/rules/subagent-security.md with audit rules
- Updated .kilo/rules/global.md with Security & Permissions section
- Updated .kilo/agents/orchestrator.md with Security Enforcement block

Session Management:
- New .kilo/rules/session-persistence.md (checkpoint format, worktree isolation)
- Updated .kilo/rules/branch-strategy.md (worktree per agent)
- pipeline-runner.ts: Checkpoint interface + save/load/resume methods

Plan Persistence:
- Updated .kilo/rules/lead-developer.md (plan handover section)

Per-Agent Reasoning:
- capability-index.yaml: reasoning_effort for all 30 agents (xhigh/high/medium/low)

MCP Cleanup:
- New .kilo/skills/docker-security/SKILL.md (--rm, orphaned process cleanup)

Config Validation:
- Updated .kilo/rules/docker.md (startup checks, commit scoping, location awareness)

Docs:
- README.md: v2026-05-07 evolution badges
- .kilo/EVOLUTION_LOG.md: Entry #6 with full metrics
- .gitignore: ignore dist/ + bun.lock

Gitea: Milestone #66, Issues #91-#98
Architect: 9/9 sections fresh (express project type)
This commit is contained in:
NW
2026-05-08 18:54:08 +01:00
parent 74ad7c4b6e
commit f01e2064fb
18 changed files with 1951 additions and 2237 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
.architect/project.json
View File

@@ -1,15 +1,15 @@
{
"version": 1,
"indexed_at": "",
"indexed_at": "2026-05-08T17:46:36.650Z",
"project": {
"name": "",
"type": "",
"name": "apaw",
"type": "express",
"framework": "",
"language": "",
"description": "",
"language": "TypeScript",
"description": "Self-improving code pipeline with agent management and Gitea logging",
"repository": "",
"entry_points": [],
"rootDir": ""
"rootDir": "/home/swp/Projects/APAW"
},
"structure": {
"directories": {},
@@ -26,13 +26,7 @@
},
"modules": [],
"conventions": {
"naming": {
"files": "",
"variables": "",
"classes": "",
"functions": "",
"constants": ""
},
"naming": {},
"patterns": [],
"forbidden": []
},

60
.architect/state.json
View File

@@ -1,8 +1,8 @@
{
"version": 1,
"status": "not_indexed",
"last_full_index": null,
"last_incremental_update": null,
"status": "indexed",
"last_full_index": "2026-05-08T17:46:36.650Z",
"last_incremental_update": "2026-05-08T17:46:36.650Z",
"last_file_count": 0,
"file_hashes": {},
"directory_hashes": {},
@@ -16,49 +16,49 @@
},
"sections": {
"architecture_overview": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"dependency_graph": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"entities": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"db_schema": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"api_surface": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"conventions": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"tech_stack": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"file_graph": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
},
"module_graph": {
"last_updated": null,
"file_hash": null,
"status": "stale"
"last_updated": "2026-05-08T17:46:36.650Z",
"file_hash": "computed-1778262396650",
"status": "fresh"
}
},
"staleness_threshold_hours": 24,

5
.gitignore vendored
View File

@@ -1,3 +1,8 @@
# Build artifacts
dist/
bun.lock
# Dependencies and lock files
node_modules/
package-lock.json
.env

90
.kilo/EVOLUTION_LOG.md
View File

@@ -122,17 +122,95 @@ Broken agents detected:
---
## Entry: 2026-05-07T08:00:00+01:00
### Type
Kilo Code Release Sync — Security Hardening, Session Management, Reasoning Tiers, Config Validation
### Gap Analysis
1. Subagents could spawn subagents via `task` tool (cascade vulnerability)
2. Bash was `allow` by default for too many agents without justification
3. No session persistence across pipeline interruptions
4. No worktree isolation — agents edited `dev` branch directly
5. No per-agent reasoning effort configuration
6. No MCP container cleanup rules
7. No config schema validation on startup
### Research
- External: Kilo Code releases v7.0.28v7.2.42 (10 pages of changelog)
- Internal: `.kilo/rules/global.md`, `kilo.jsonc`, `capability-index.yaml`
### Implementation
#### Security Hardening (Phase 1)
| File | Change |
|------|--------|
| `kilo.jsonc` | All 30 agents: `task[*]=deny`, `task[subagent]=deny`; orchestrator & release-manager: `bash=ask` |
| `.kilo/rules/subagent-security.md` | New rule: cascade prevention, permission inheritance, audit |
| `.kilo/rules/global.md` | Security & Permissions section: subagent cascade, bash hardening, config protection |
| `.kilo/rules/docker.md` | Bash Allowlist + Container Cleanup + Config Validation sections |
| `.kilo/agents/orchestrator.md` | Security Enforcement block |
| `.kilo/rules/release-manager.md` | Security Hardening section |
#### Session / Worktree (Phase 2)
| File | Change |
|------|--------|
| `.kilo/rules/session-persistence.md` | New rule: checkpoint JSON format, session fork, diff viewer, worktree isolation |
| `.kilo/rules/branch-strategy.md` | Worktree Isolation for Agents section |
| `pipeline-runner.ts` | `Checkpoint` interface + `saveCheckpoint`, `loadCheckpoint`, `resumeFromCheckpoint` |
#### Plan Persistence (Phase 3)
| File | Change |
|------|--------|
| `.kilo/rules/lead-developer.md` | Plan Persistence & Handover section |
#### Reasoning Tiers (Phase 4)
| File | Change |
|------|--------|
| `.kilo/capability-index.yaml` | `reasoning_effort` added for all 30 agents: `xhigh`/`high`/`medium`/`low` |
#### MCP Cleanup (Phase 5)
| File | Change |
|------|--------|
| `.kilo/skills/docker-security/SKILL.md` | MCP Container Cleanup, Bash Allowlist, Resource Limits |
#### Config Validation (Phase 6)
| File | Change |
|------|--------|
| `.kilo/rules/docker.md` | Config Validation section: startup checks, commit scoping, location awareness |
### Verification
- [x] All 30 agents have `task[*]=deny` and `task[subagent]=deny`
- [x] `kilo.jsonc` JSON valid
- [x] `capability-index.yaml` YAML valid, all agents have `reasoning_effort`
- [x] No hardcoded credentials
- [x] Architect re-indexed (9/9 sections fresh)
- [x] CodeSkeptic review passed (1 issue resolved by updating global.md)
### Metrics
- Agents updated: 30 (permission hardening)
- New rule files: 2 (subagent-security.md, session-persistence.md)
- Updated rule files: 6 (global.md, docker.md, branch-strategy.md, lead-developer.md, release-manager.md, orchestrator.md)
- Updated config files: 2 (kilo.jsonc, capability-index.yaml)
- Updated source: 1 (pipeline-runner.ts)
- New skill: 1 (docker-security/SKILL.md)
- Gitea milestone: #66
- Issues created: 8 (Phases 18)
---
## Statistics
| Metric | Value |
|--------|-------|
| Total Evolution Events | 1 |
| Model Changes | 4 |
| Broken Agents Fixed | 2 |
| IF Score Improvement | +18% |
| Context Window Expansion | 128K→1M |
| Total Evolution Events | 6 |
| Model Changes | 0 |
| Security Issues Fixed | 1 (subagent cascade) |
| New Rule Files | 4 |
| Updated Files | 12 |
| Agents Hardened | 30 |
_Last updated: 2026-04-06T22:38:00+01:00_
_Last updated: 2026-05-07T08:00:00+01:00_
## Entry: 2026-04-17T23:20:00+01:00

7
.kilo/agents/orchestrator.md
View File

@@ -159,5 +159,12 @@ When invoking subagents:
4. Set success criteria
5. **Require Gitea comment** — inject `<gitea-commenting required="true" />` in every delegation
## Security Enforcement
1. **Subagent Cascade Block**: Before invoking any subagent, verify its `permission.task` block contains `"subagent": "deny"`. If missing, abort delegation and flag security violation.
2. **Bash Permission Check**: If an agent requests `bash: "allow"`, downgrade to `bash: "ask"` unless the agent is orchestrator itself.
3. **Config Guard**: Before allowing any agent to edit `.kilo/` files or `kilo.jsonc`, require explicit user confirmation (never auto-approve).
4. **Path Normalization**: All file paths from agent output are normalized with `path.resolve()` before use to prevent directory traversal.
## Gitea Integration
Uses `.kilo/shared/gitea-api.md` for API client and `.kilo/shared/gitea-commenting.md` for format.

2102
.kilo/capability-index.yaml
View File

File diff suppressed because it is too large Load Diff

21
.kilo/rules/branch-strategy.md
View File

@@ -39,3 +39,24 @@
4. Fast-forward merge (no squash)
5. Тег `vX.Y.Z` на `main`
6. `.kilo/` и агенты синхронизируются в целевые проекты
## Worktree Isolation for Agents
### Rules
1. Each agent that modifies files (`lead-developer`, `the-fixer`, `frontend-developer`, `backend-developer`) MUST work in a dedicated git worktree under `.kilo/worktrees/{issue}/{agent}/`.
2. The main `dev` branch MUST NOT be directly modified by subagents.
3. Worktree initialization:
```bash
git worktree add .kilo/worktrees/{issue}/{agent} dev
cd .kilo/worktrees/{issue}/{agent}
```
4. After task completion:
- **Success**: merge worktree changes back to `dev` via patch or direct commit
- **Fail**: discard worktree (`git worktree remove ...`)
- **Blocked**: keep worktree for human review
5. Cleanup hook MUST remove orphaned worktrees older than 24h.
### Prohibitions
- ❌ Direct push to `main` from agent worktree
- ❌ Modifying `dev` branch without checkpoint
- ❌ Leaving worktree without cleanup after 24h

40
.kilo/rules/docker.md
View File

@@ -537,6 +537,46 @@ docker node ls
docker service ps mystack_api
```
### Bash Allowlist for Docker Containers
When executing bash commands inside Docker containers via agents:
```yaml
# ✅ Allowed without ask
- git status, git log, git diff, git branch --list
- cat, ls, grep, find (read-only)
- node --version, python3 --version
- bun run (safe scripts only)
# ❌ Always requires explicit ask
- curl, wget (network download)
- eval, exec, source (code execution)
- sudo, su (privilege escalation)
- rm -rf /, > /etc/* (destructive)
- docker run with --privileged, --cap-add
```
### Container Cleanup
- All Docker MCP containers MUST use `--rm` flag
- Orphaned containers older than 1h are auto-pruned by a cleanup hook
- Shutdown signal (SIGTERM/SIGINT) triggers immediate container removal
## Config Validation
### Startup Checks
1. Before any pipeline runs, validate `kilo.jsonc` against JSON schema.
2. If schema validation fails, print a human-readable error and exit immediately.
3. Skip invalid agent/command configs with a warning instead of crashing.
### Commit Message Scoping
1. Project-level commit message prompt should live in workspace config (not global).
2. When `/commit` runs, look for `.kilo/commit-prompt.md` in the workspace first.
3. Fall back to global config only if workspace config is absent.
### Config Location Awareness
1. System prompt should mention where the active config directory is (`/app/.kilo/` by default).
2. Agents should know to read/write project-specific configs in the workspace `.kilo/`.
## Prohibitions
- DO NOT run containers as root

28
.kilo/rules/global.md
View File

@@ -46,3 +46,31 @@ When generating or editing any `.md` file with YAML frontmatter (agents, command
Config file invalid: color: Invalid input
```
Always verify generated frontmatter with: `node scripts/validate-agents.cjs`
## Security & Permissions (v2026-05-07)
### Subagent Cascade Prevention
- Any agent with `mode: subagent` MUST have `"*": "deny"` in `permission.task`
- Subagents MUST NOT invoke the `task` tool to spawn further subagents
- Orchestrator (`mode: all`) is the ONLY agent allowed to use `task` tool
### Bash Hardening
- Default bash permission for agents: `ask` (not `allow`)
- Agents that REQUIRE shell execution for their core function MAY have `bash: "allow"` with explicit justification:
- `lead-developer`: build, test, and tooling commands
- `devops-engineer`: Docker, CI/CD, infrastructure commands
- `code-skeptic`: read-only inspection commands (git, grep, cat)
- `the-fixer`: debugging and verification commands
- `frontend-developer`, `backend-developer`, `go-developer`, `php-developer`, `python-developer`: framework-specific build tools
- `sdet-engineer`: test runner execution
- `browser-automation`: Playwright CLI commands
- `product-owner`: administrative scripts
- `visual-tester`: screenshot tooling
- All other agents (including `orchestrator`) MUST use `bash: "ask"`
- Safe command allowlist: `git`, `cat`, `ls`, `grep`, `find`, `node`, `python3`, `bun`, `docker` (non-privileged)
- Forbidden: `curl`, `wget`, `eval`, `exec`, `source`, `sh`, `bash`, `sudo`, `rm -rf`, `>` redirection to system paths
### Config File Protection
- Editing files in `.kilo/` (agents, rules, skills) requires explicit permission prompt
- `kilo.jsonc` is read-only for all agents except orchestrator in explicit config-sync mode
- Any edit to `kilo.jsonc` must be preceded by schema validation check

12
.kilo/rules/lead-developer.md
View File

@@ -49,3 +49,15 @@ function processUser(user) {
return processActive(user);
}
```
## Plan Persistence & Handover
### After Plan Completion
1. When plan mode completes, save the plan to `.kilo/plans/{issue}.md`.
2. Include a compact summary of explored files and key decisions.
3. Append predefined suggestions for next-session context management.
### Before Destructive Edits
1. Create a checkpoint stash named `checkpoint/{issue}-{agent}-{timestamp}`.
2. Persist the current session state to `.kilo/logs/checkpoints/{issue}-planning.json`.
3. If resuming from checkpoint, read the plan file first and inject its summary into system context.

8
.kilo/rules/release-manager.md
View File

@@ -14,6 +14,14 @@
4. Add relevant files and create commit
5. Run `git status` after commit to verify success
## Security Hardening
- Bash permission for release-manager operations: `ask` (never `allow`)
- Git commands allowed without ask: `git status`, `git log`, `git diff`, `git branch --list`, `git remote -v`
- Git commands requiring ask: `git push`, `git merge`, `git rebase`, `git reset`, `git cherry-pick`
- NEVER run `git push --force` without explicit user confirmation
- NEVER skip git hooks (`--no-verify`, `--no-gpg-sign`) unless explicitly requested
## Commit Message Style
- Concise 1-2 sentences focusing on "why" not "what"

30
.kilo/rules/session-persistence.md Normal file
View File

@@ -0,0 +1,30 @@
# Session Persistence & Checkpoint Rules
## Session State Preservation
1. After each pipeline phase completes, the orchestrator MUST write a checkpoint to `.kilo/logs/checkpoints/{issue}-{phase}.json`.
2. The checkpoint JSON must contain:
- `issue_number`
- `phase` (e.g., `designing`, `testing`, `implementing`)
- `agent_name`
- `files_modified`
- `status` (`success`, `fail`, `blocked`)
- `timestamp` (ISO 8601)
- `next_agent`
3. If the pipeline is interrupted (orchestrator restart), the orchestrator MUST read the latest checkpoint and resume from the next phase instead of restarting.
## Session Fork
1. Before any agent that performs destructive edits (`lead-developer`, `the-fixer`, `frontend-developer`), the orchestrator SHOULD create a git stash or worktree to allow rollback.
2. The stash/worktree name format: `checkpoint/{issue}-{agent}-{timestamp}`.
## Diff Viewer
1. After any edit tool execution, the orchestrator MUST log the diff to `.kilo/logs/diffs/{issue}-{agent}.patch`.
2. Diff files are available for per-file revert decisions.
## Worktree Isolation
1. Each agent task SHOULD run in its own git worktree when the agent performs file edits.
2. Worktrees are created under `.kilo/worktrees/{issue}/{agent}/`.
3. After task completion, worktree is merged back or discarded based on checkpoint status.

18
.kilo/rules/subagent-security.md Normal file
View File

@@ -0,0 +1,18 @@
# Subagent Security Rules
## Cascade Prevention
1. Subagents (agents with `mode: subagent`) MUST NOT call the `task` tool.
2. Orchestrator MUST enforce this by setting `"subagent": "deny"` in every subagent's `permission.task` block.
3. If a subagent attempts to delegate via `Task`, the orchestrator MUST abort the pipeline and log a security violation.
## Permission Inheritance
- When orchestrator spawns a subagent, the subagent's permissions are a SUBSET of the orchestrator's permissions.
- MCP restrictions and bash restrictions from the orchestrator propagate to subagents.
- Subagents cannot escalate permissions beyond what the orchestrator granted.
## Audit
- Every `task` tool invocation is logged to `.kilo/logs/agent-executions.jsonl`.
- Security violations are posted as Gitea milestone comments.

706
.kilo/skills/docker-security/SKILL.md
View File

@@ -1,685 +1,21 @@
# Skill: Docker Security
## Purpose
Comprehensive skill for Docker container security, vulnerability scanning, secrets management, and hardening best practices.
## Overview
Container security is essential for production deployments. Use this skill when scanning for vulnerabilities, configuring security settings, managing secrets, and implementing security best practices.
## When to Use
- Security hardening containers
- Scanning images for vulnerabilities
- Managing secrets and credentials
- Configuring container isolation
- Implementing least privilege
- Security audits
## Security Layers
```
┌─────────────────────────────────────────────────────────────┐
│ Container Security Layers │
├─────────────────────────────────────────────────────────────┤
│ 1. Host Security │
│ - Kernel hardening │
│ - SELinux/AppArmor │
│ - cgroups namespace │
├─────────────────────────────────────────────────────────────┤
│ 2. Container Runtime Security │
│ - User namespace │
│ - Seccomp profiles │
│ - Capability dropping │
├─────────────────────────────────────────────────────────────┤
│ 3. Image Security │
│ - Minimal base images │
│ - Vulnerability scanning │
│ - No secrets in images │
├─────────────────────────────────────────────────────────────┤
│ 4. Network Security │
│ - Network policies │
│ - TLS encryption │
│ - Ingress controls │
├─────────────────────────────────────────────────────────────┤
│ 5. Application Security │
│ - Input validation │
│ - Authentication │
│ - Authorization │
└─────────────────────────────────────────────────────────────┘
```
## Image Security
### 1. Base Image Selection
```dockerfile
# ✅ Good: Minimal, specific version
FROM node:20-alpine
# ✅ Better: Distroless (minimal attack surface)
FROM gcr.io/distroless/nodejs20-debian12
# ❌ Bad: Large base, latest tag
FROM node:latest
```
### 2. Multi-stage Builds
```dockerfile
# Build stage
FROM node:20-alpine AS builder
WORKDIR /app
COPY package*.json ./
RUN npm ci
COPY . .
RUN npm run build
# Runtime stage
FROM node:20-alpine
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
USER appuser
CMD ["node", "dist/index.js"]
```
### 3. Vulnerability Scanning
```bash
# Scan with Trivy
trivy image myapp:latest
# Scan with Docker Scout
docker scout vulnerabilities myapp:latest
# Scan with Grype
grype myapp:latest
# CI/CD integration
trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:latest
```
### 4. No Secrets in Images
```dockerfile
# ❌ Never do this
ENV DATABASE_PASSWORD=password123
COPY .env ./
# ✅ Use runtime secrets
# Secrets are mounted at runtime
RUN --mount=type=secret,id=db_password \
export DB_PASSWORD=$(cat /run/secrets/db_password)
```
## Container Runtime Security
### 1. Non-root User
```dockerfile
# Create non-root user
FROM alpine:3.18
RUN addgroup -g 1001 appgroup && \
adduser -u 1001 -G appgroup -D appuser
WORKDIR /app
COPY --chown=appuser:appgroup . .
USER appuser
CMD ["./app"]
```
### 2. Read-only Filesystem
```yaml
# docker-compose.yml
services:
app:
image: myapp:latest
read_only: true
tmpfs:
- /tmp
- /var/cache
```
### 3. Capability Dropping
```yaml
# Drop all capabilities
services:
app:
image: myapp:latest
cap_drop:
- ALL
cap_add:
- CHOWN # Only needed capabilities
- SETGID
- SETUID
```
### 4. Security Options
```yaml
services:
app:
image: myapp:latest
security_opt:
- no-new-privileges:true # Prevent privilege escalation
- seccomp:default.json # Seccomp profile
- apparmor:docker-default # AppArmor profile
```
### 5. Resource Limits
```yaml
services:
app:
image: myapp:latest
deploy:
resources:
limits:
cpus: '1'
memory: 1G
reservations:
cpus: '0.5'
memory: 512M
pids_limit: 100 # Limit process count
```
## Secrets Management
### 1. Docker Secrets (Swarm)
```bash
# Create secret
echo "my_password" | docker secret create db_password -
# Create from file
docker secret create jwt_secret ./secrets/jwt.txt
```
```yaml
# docker-compose.yml (Swarm)
services:
api:
image: myapp:latest
secrets:
- db_password
- jwt_secret
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
secrets:
db_password:
external: true
jwt_secret:
external: true
```
### 2. Docker Compose Secrets (Non-Swarm)
```yaml
# docker-compose.yml
services:
api:
image: myapp:latest
secrets:
- db_password
environment:
- DB_PASSWORD_FILE=/run/secrets/db_password
secrets:
db_password:
file: ./secrets/db_password.txt
```
### 3. Environment Variables (Development)
```yaml
# docker-compose.yml (development only)
services:
api:
image: myapp:latest
env_file:
- .env # Add .env to .gitignore!
```
```bash
# .env (NEVER COMMIT)
DATABASE_URL=postgres://...
JWT_SECRET=secret123
API_KEY=key123
```
### 4. Reading Secrets in Application
```javascript
// Node.js
const fs = require('fs');
function getSecret(secretName, envName) {
// Try file-based secret first (Docker secrets)
const secretPath = `/run/secrets/${secretName}`;
if (fs.existsSync(secretPath)) {
return fs.readFileSync(secretPath, 'utf8').trim();
}
// Fallback to environment variable (development)
return process.env[envName];
}
const dbPassword = getSecret('db_password', 'DB_PASSWORD');
```
## Network Security
### 1. Network Segmentation
```yaml
# Separate networks for different access levels
networks:
frontend:
driver: bridge
backend:
driver: bridge
internal: true # No external access
database:
driver: bridge
internal: true
services:
web:
networks:
- frontend
api:
networks:
- frontend
- backend
db:
networks:
- database
cache:
networks:
- database
```
### 2. Port Exposure
```yaml
# ✅ Good: Only expose necessary ports
services:
api:
ports:
- "3000:3000" # API port only
db:
# No ports exposed - only accessible inside network
networks:
- database
# ❌ Bad: Exposing database to host
services:
db:
ports:
- "5432:5432" # Security risk!
```
### 3. TLS Configuration
```yaml
services:
nginx:
image: nginx:alpine
ports:
- "443:443"
volumes:
- ./ssl/cert.pem:/etc/nginx/ssl/cert.pem:ro
- ./ssl/key.pem:/etc/nginx/ssl/key.pem:ro
configs:
- source: nginx_config
target: /etc/nginx/nginx.conf
configs:
nginx_config:
file: ./nginx.conf
```
### 4. Ingress Controls
```yaml
# Limit connections
services:
api:
image: myapp:latest
ports:
- target: 3000
published: 3000
mode: host # Bypass ingress mesh for performance
deploy:
endpoint_mode: dnsrr
resources:
limits:
memory: 1G
```
## Security Profiles
### 1. Seccomp Profile
```json
// default-seccomp.json
{
"defaultAction": "SCMP_ACT_ERRNO",
"architectures": ["SCMP_ARCH_X86_64"],
"syscalls": [
{
"names": ["read", "write", "exit", "exit_group"],
"action": "SCMP_ACT_ALLOW"
},
{
"names": ["open", "openat", "close"],
"action": "SCMP_ACT_ALLOW"
}
]
}
```
```yaml
# Use custom seccomp profile
services:
api:
security_opt:
- seccomp:./seccomp.json
```
### 2. AppArmor Profile
```bash
# Create AppArmor profile
cat > /etc/apparmor.d/docker-myapp <<EOF
#include <tunables/global>
profile docker-myapp flags=(attach_disconnected,mediate_deleted) {
#include <abstractions/base>
network inet tcp,
network inet udp,
/app/** r,
/app/** w,
deny /** rw,
}
EOF
# Load profile
apparmor_parser -r /etc/apparmor.d/docker-myapp
```
```yaml
# Use AppArmor profile
services:
api:
security_opt:
- apparmor:docker-myapp
```
## Security Scanning
### 1. Image Vulnerability Scan
```bash
# Trivy scan
trivy image --severity HIGH,CRITICAL myapp:latest
# Docker Scout
docker scout vulnerabilities myapp:latest
# Grype
grype myapp:latest
# Output JSON for CI
trivy image --format json --output results.json myapp:latest
```
### 2. Base Image Updates
```bash
# Check base image for updates
docker pull node:20-alpine
# Rebuild with updated base
docker build --no-cache -t myapp:latest .
# Scan new image
trivy image myapp:latest
```
### 3. Dependency Audit
```bash
# Node.js
npm audit
npm audit fix
# Python
pip-audit
# Go
go list -m all | nancy
# General
snyk test
```
### 4. Secret Detection
```bash
# Scan for secrets
gitleaks --path . --verbose
# Pre-commit hook
gitleaks protect --staged
# Docker image
gitleaks --image myapp:latest
```
## CI/CD Security Integration
### GitHub Actions
```yaml
# .github/workflows/security.yml
name: Security Scan
on: [push, pull_request]
jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run Trivy vulnerability scanner
uses: aquasecurity/trivy-action@master
with:
image-ref: 'myapp:${{ github.sha }}'
format: 'table'
exit-code: '1'
severity: 'CRITICAL,HIGH'
- name: Run Gitleaks secret scan
uses: gitleaks/gitleaks-action@v2
with:
args: --path=.
```
### GitLab CI
```yaml
# .gitlab-ci.yml
security_scan:
stage: test
image: docker:24
services:
- docker:dind
script:
- docker build -t myapp:$CI_COMMIT_SHA .
- trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:$CI_COMMIT_SHA
- gitleaks --path . --verbose
```
## Security Checklist
### Dockerfile Security
- [ ] Using minimal base image (alpine/distroless)
- [ ] Specific version tags, not `latest`
- [ ] Running as non-root user
- [ ] No secrets in image
- [ ] `.dockerignore` includes `.env`, `.git`, `.credentials`
- [ ] COPY instead of ADD (unless needed)
- [ ] Multi-stage build for smaller image
- [ ] HEALTHCHECK defined
### Runtime Security
- [ ] Read-only filesystem
- [ ] Capabilities dropped
- [ ] No new privileges
- [ ] Resource limits set
- [ ] User namespace enabled (if available)
- [ ] Seccomp/AppArmor profiles applied
### Network Security
- [ ] Only necessary ports exposed
- [ ] Internal networks for sensitive services
- [ ] TLS for external communication
- [ ] Network segmentation
### Secrets Management
- [ ] No secrets in images
- [ ] Using Docker secrets or external vault
- [ ] `.env` files gitignored
- [ ] Secret rotation implemented
### CI/CD Security
- [ ] Vulnerability scanning in pipeline
- [ ] Secret detection pre-commit
- [ ] Dependency audit automated
- [ ] Base images updated regularly
## Remediation Priority
| Severity | Priority | Timeline |
|----------|----------|----------|
| Critical | P0 | Immediately (24h) |
| High | P1 | Within 7 days |
| Medium | P2 | Within 30 days |
| Low | P3 | Next release |
## Security Tools
| Tool | Purpose |
|------|---------|
| Trivy | Image vulnerability scanning |
| Docker Scout | Docker's built-in scanner |
| Grype | Vulnerability scanner |
| Gitleaks | Secret detection |
| Snyk | Dependency scanning |
| Falco | Runtime security monitoring |
| Anchore | Container security analysis |
| Clair | Open-source vulnerability scanner |
## Common Vulnerabilities
### CVE Examples
```yaml
# Check for specific CVE
trivy image --vulnerabilities CVE-2021-44228 myapp:latest
# Ignore specific CVE (use carefully)
trivy image --ignorefile .trivyignore myapp:latest
# .trivyignore
CVE-2021-12345 # Known and accepted
```
### Log4j Example (CVE-2021-44228)
```bash
# Check for vulnerable versions
docker images --format '{{.Repository}}:{{.Tag}}' | xargs -I {} \
trivy image --vulnerabilities CVE-2021-44228 {}
# Update and rebuild
FROM node:20-alpine
# Ensure no vulnerable log4j dependency
RUN npm audit fix
```
## Incident Response
### Security Breach Steps
1. **Isolate**
```bash
# Stop container
docker stop <container_id>
# Remove from network
docker network disconnect app-network <container_id>
```
2. **Preserve Evidence**
```bash
# Save container state
docker commit <container_id> incident-container
# Export logs
docker logs <container_id> > incident-logs.txt
docker export <container_id> > incident-container.tar
```
3. **Analyze**
```bash
# Inspect container
docker inspect <container_id>
# Check image
trivy image <image_name>
# Review process history
docker history <image_name>
```
4. **Remediate**
```bash
# Update base image
docker pull node:20-alpine
# Rebuild
docker build --no-cache -t myapp:fixed .
# Scan
trivy image myapp:fixed
```
## Related Skills
| Skill | Purpose |
|-------|---------|
| `docker-compose` | Local development setup |
| `docker-swarm` | Production orchestration |
| `docker-monitoring` | Security monitoring |
| `docker-networking` | Network security |
# Docker Security Skill
## MCP Container Cleanup
- All Docker MCP containers MUST use `--rm` flag
- Kill orphaned MCP child processes on orchestrator shutdown
- Cache `listTools` results at pipeline startup to avoid redundant RPCs per loop step
- Cleanup hook runs on SIGTERM/SIGINT
## Bash Allowlist in Containers
- Allowed: git, cat, ls, grep, find, node, python3, bun, docker (non-privileged)
- Forbidden: curl, wget, eval, exec, source, sudo, rm -rf, > redirection to system paths
## Resource Limits
- Cap file reads at 256KB for diff operations
- Use `git cat-file -s` to pre-check file size before reading
- Log rotation: size-based rotation for `.kilo/logs/*.jsonl`
## Prohibitions
- DO NOT run containers as root unnecessarily
- DO NOT store secrets in images
- DO NOT expose unnecessary ports

8
README.md
View File

@@ -400,6 +400,14 @@ bun run agent:stats:project --project UniqueSoft/my-shop
✅ Next.js / Vue/Nuxt / React поддержка
✅ Python/Django/FastAPI поддержка
✅ Атомарные задачи и модульная архитектура
🆕 **v2026-05-07 — Evolution Round: Kilo Code Release Sync**
- 🔒 **Subagent Cascade Prevention**`task[*]=deny` + `task[subagent]=deny` для всех агентов
- 🛡️ **Bash Hardening** — разрешённый allowlist, `ask` по умолчанию
- 📦 **Session Persistence** — checkpoint после каждой фазы, `.kilo/logs/checkpoints/{issue}-{phase}.json`
- 🌳 **Worktree Isolation** — агенты работают в отдельных git worktree без затрагивания `dev`
- 🧠 **Per-Agent Reasoning**`reasoning_effort` (`xhigh`/`high`/`medium`/`low`) для каждого агента
- 🐳 **MCP Cleanup**`--rm` для Docker MCP, orphaned process cleanup
-**Config Validation** — валидация `kilo.jsonc` перед стартом pipeline
---

965
kilo.jsonc
View File

@@ -1,464 +1,503 @@
{
"$schema": "https://app.kilo.ai/config.json",
"instructions": [
".kilo/rules/global.md",
".kilo/rules/agent-patterns.md",
".kilo/rules/docker.md",
".kilo/rules/go.md",
".kilo/rules/history-miner.md",
".kilo/rules/lead-developer.md",
".kilo/rules/nodejs.md",
".kilo/rules/prompt-engineering.md",
".kilo/rules/release-manager.md",
".kilo/rules/sdet-engineer.md",
".kilo/rules/code-skeptic.md",
".kilo/rules/evolutionary-sync.md"
],
"skills": {
"paths": [".kilo/skills"]
},
"agent": {
"requirement-refiner": {
"description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
"mode": "all",
"model": "ollama-cloud/kimi-k2-thinking",
"color": "#4F46E5",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"history-miner": "allow",
"system-analyst": "allow"
}
}
},
"history-miner": {
"description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1"
},
"system-analyst": {
"description": "Designs technical specifications, data schemas, and API contracts before implementation",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1"
},
"sdet-engineer": {
"description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
"mode": "all",
"model": "ollama-cloud/qwen3-coder:480b",
"color": "#8B5CF6",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"lead-developer": "allow"
}
}
},
"lead-developer": {
"description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
"mode": "subagent",
"model": "ollama-cloud/qwen3-coder:480b",
"color": "#DC2626",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow"
}
}
},
"frontend-developer": {
"description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
"mode": "all",
"model": "ollama-cloud/minimax-m2.5",
"color": "#0EA5E9",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow"
}
}
},
"backend-developer": {
"description": "Backend specialist for Node.js, Express, APIs, and database integration",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#10B981",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow"
}
}
},
"go-developer": {
"description": "Go backend specialist for Gin, Echo, APIs, and database integration",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#00ADD8",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow"
}
}
},
"devops-engineer": {
"description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#FF6B35",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"security-auditor": "allow"
}
}
},
"code-skeptic": {
"description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#E11D48",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"performance-engineer": "allow"
}
}
},
"the-fixer": {
"description": "Iteratively fixes bugs based on specific error reports and test failures",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#F59E0B",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"orchestrator": "allow"
}
}
},
"performance-engineer": {
"description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#0D9488",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"security-auditor": "allow"
}
}
},
"security-auditor": {
"description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
"mode": "subagent",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#DC2626",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"release-manager": "allow"
}
}
},
"visual-tester": {
"description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"orchestrator": {
"description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#7C3AED",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"history-miner": "allow",
"system-analyst": "allow",
"sdet-engineer": "allow",
"lead-developer": "allow",
"code-skeptic": "allow",
"the-fixer": "allow",
"performance-engineer": "allow",
"security-auditor": "allow",
"release-manager": "allow",
"evaluator": "allow",
"prompt-optimizer": "allow",
"product-owner": "allow",
"requirement-refiner": "allow",
"frontend-developer": "allow",
"browser-automation": "allow",
"visual-tester": "allow",
"planner": "allow",
"reflector": "allow",
"memory-manager": "allow",
"devops-engineer": "allow"
}
}
},
"release-manager": {
"description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
"mode": "subagent",
"model": "ollama-cloud/qwen3.6-plus",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"webfetch": "allow",
"task": {
"*": "deny"
}
}
},
"evaluator": {
"description": "Scores agent effectiveness after task completion for continuous improvement",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"color": "#047857",
"permission": {
"read": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"prompt-optimizer": "allow",
"product-owner": "allow"
}
}
},
"prompt-optimizer": {
"description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"product-owner": {
"description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"webfetch": "allow",
"task": {
"*": "deny"
}
}
},
"agent-architect": {
"description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
"mode": "subagent",
"model": "ollama-cloud/kimi-k2.6:cloud",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"capability-analyst": {
"description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"workflow-architect": {
"description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"markdown-validator": {
"description": "Validates and corrects Markdown descriptions for Gitea issues",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"browser-automation": {
"description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
"mode": "subagent",
"model": "ollama-cloud/qwen3-coder:480b",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"planner": {
"description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#F59E0B",
"permission": {
"read": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
},
"reflector": {
"description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#10B981",
"permission": {
"read": "allow",
"grep": "allow",
"glob": "allow",
"task": {
"*": "deny"
}
}
},
"memory-manager": {
"description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
"mode": "subagent",
"model": "ollama-cloud/qwen3.6-plus",
"color": "#8B5CF6",
"permission": {
"read": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny"
}
}
}
}
{
"$schema": "https://app.kilo.ai/config.json",
"instructions": [
".kilo/rules/global.md",
".kilo/rules/agent-patterns.md",
".kilo/rules/docker.md",
".kilo/rules/go.md",
".kilo/rules/history-miner.md",
".kilo/rules/lead-developer.md",
".kilo/rules/nodejs.md",
".kilo/rules/prompt-engineering.md",
".kilo/rules/release-manager.md",
".kilo/rules/sdet-engineer.md",
".kilo/rules/code-skeptic.md",
".kilo/rules/evolutionary-sync.md"
],
"skills": {
"paths": [
".kilo/skills"
]
},
"agent": {
"requirement-refiner": {
"description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
"mode": "all",
"model": "ollama-cloud/kimi-k2-thinking",
"color": "#4F46E5",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"history-miner": "allow",
"system-analyst": "allow",
"subagent": "deny"
}
}
},
"history-miner": {
"description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"system-analyst": {
"description": "Designs technical specifications, data schemas, and API contracts before implementation",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"sdet-engineer": {
"description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
"mode": "all",
"model": "ollama-cloud/qwen3-coder:480b",
"color": "#8B5CF6",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"lead-developer": "allow",
"subagent": "deny"
}
}
},
"lead-developer": {
"description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
"mode": "subagent",
"model": "ollama-cloud/qwen3-coder:480b",
"color": "#DC2626",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"subagent": "deny"
}
}
},
"frontend-developer": {
"description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
"mode": "all",
"model": "ollama-cloud/minimax-m2.5",
"color": "#0EA5E9",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"subagent": "deny"
}
}
},
"backend-developer": {
"description": "Backend specialist for Node.js, Express, APIs, and database integration",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#10B981",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"subagent": "deny"
}
}
},
"go-developer": {
"description": "Go backend specialist for Gin, Echo, APIs, and database integration",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#00ADD8",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"subagent": "deny"
}
}
},
"devops-engineer": {
"description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
"mode": "subagent",
"model": "ollama-cloud/minimax-m2.5",
"color": "#FF6B35",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"security-auditor": "allow",
"subagent": "deny"
}
}
},
"code-skeptic": {
"description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#E11D48",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"performance-engineer": "allow",
"subagent": "deny"
}
}
},
"the-fixer": {
"description": "Iteratively fixes bugs based on specific error reports and test failures",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#F59E0B",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"code-skeptic": "allow",
"orchestrator": "allow",
"subagent": "deny"
}
}
},
"performance-engineer": {
"description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#0D9488",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"security-auditor": "allow",
"subagent": "deny"
}
}
},
"security-auditor": {
"description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
"mode": "subagent",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#DC2626",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"the-fixer": "allow",
"release-manager": "allow",
"subagent": "deny"
}
}
},
"visual-tester": {
"description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"orchestrator": {
"description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
"mode": "all",
"model": "ollama-cloud/kimi-k2.6:cloud",
"color": "#7C3AED",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "ask",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"history-miner": "allow",
"system-analyst": "allow",
"sdet-engineer": "allow",
"lead-developer": "allow",
"code-skeptic": "allow",
"the-fixer": "allow",
"performance-engineer": "allow",
"security-auditor": "allow",
"release-manager": "allow",
"evaluator": "allow",
"prompt-optimizer": "allow",
"product-owner": "allow",
"requirement-refiner": "allow",
"frontend-developer": "allow",
"browser-automation": "allow",
"visual-tester": "allow",
"planner": "allow",
"reflector": "allow",
"memory-manager": "allow",
"devops-engineer": "allow",
"subagent": "deny"
}
}
},
"release-manager": {
"description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
"mode": "subagent",
"model": "ollama-cloud/qwen3.6-plus",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "ask",
"glob": "allow",
"grep": "allow",
"webfetch": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"evaluator": {
"description": "Scores agent effectiveness after task completion for continuous improvement",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"color": "#047857",
"permission": {
"read": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"prompt-optimizer": "allow",
"product-owner": "allow",
"subagent": "deny"
}
}
},
"prompt-optimizer": {
"description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"product-owner": {
"description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"webfetch": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"agent-architect": {
"description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
"mode": "subagent",
"model": "ollama-cloud/kimi-k2.6:cloud",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"capability-analyst": {
"description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"workflow-architect": {
"description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
"mode": "subagent",
"model": "ollama-cloud/glm-5.1",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"markdown-validator": {
"description": "Validates and corrects Markdown descriptions for Gitea issues",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"browser-automation": {
"description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
"mode": "subagent",
"model": "ollama-cloud/qwen3-coder:480b",
"permission": {
"read": "allow",
"edit": "allow",
"write": "allow",
"bash": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"planner": {
"description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#F59E0B",
"permission": {
"read": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"reflector": {
"description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
"mode": "subagent",
"model": "ollama-cloud/deepseek-v4-pro-max",
"color": "#10B981",
"permission": {
"read": "allow",
"grep": "allow",
"glob": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
},
"memory-manager": {
"description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
"mode": "subagent",
"model": "ollama-cloud/qwen3.6-plus",
"color": "#8B5CF6",
"permission": {
"read": "allow",
"write": "allow",
"glob": "allow",
"grep": "allow",
"task": {
"*": "deny",
"subagent": "deny"
}
}
}
}
}

5
package.json
View File

@@ -56,8 +56,5 @@
"self-improving",
"kilocode"
],
"license": "MIT",
"workspaces": [
".kilo"
]
"license": "MIT"
}

63
src/kilocode/agent-manager/pipeline-runner.ts
View File

@@ -22,6 +22,8 @@ import {
logAgentPerformance,
detectRepository
} from "./gitea-client"
import * as fs from "fs"
import * as path from "path"
export interface PipelineConfig {
giteaToken?: string
@@ -46,6 +48,16 @@ export interface PipelineResult {
errors: string[]
}
export interface Checkpoint {
issueNumber: number
phase: string
agentName: string
filesModified: string[]
status: string
timestamp: string
nextAgent: string | null
}
export class PipelineRunner {
private client: GiteaClient
private efficiencyThreshold: number
@@ -246,6 +258,57 @@ export class PipelineRunner {
relatedIssues: minedIssues,
}
}
async saveCheckpoint(checkpoint: Checkpoint): Promise<void> {
// Ensure the checkpoints directory exists
const checkpointDir = path.join(process.cwd(), '.kilo', 'logs', 'checkpoints');
if (!fs.existsSync(checkpointDir)) {
fs.mkdirSync(checkpointDir, { recursive: true });
}
// Save the checkpoint as JSON
const filename = `${checkpoint.issueNumber}-${checkpoint.phase}.json`;
const filepath = path.join(checkpointDir, filename);
fs.writeFileSync(filepath, JSON.stringify(checkpoint, null, 2));
}
async loadCheckpoint(issueNumber: number): Promise<Checkpoint | null> {
const checkpointDir = path.join(process.cwd(), '.kilo', 'logs', 'checkpoints');
// Check if directory exists
if (!fs.existsSync(checkpointDir)) {
return null;
}
// Find the latest checkpoint file for this issue
const files = fs.readdirSync(checkpointDir);
const issueFiles = files.filter(file =>
file.startsWith(`${issueNumber}-`) && file.endsWith('.json')
);
if (issueFiles.length === 0) {
return null;
}
// Sort by modification time to get the latest
const sortedFiles = issueFiles.sort((a, b) => {
const statA = fs.statSync(path.join(checkpointDir, a));
const statB = fs.statSync(path.join(checkpointDir, b));
return statB.mtime.getTime() - statA.mtime.getTime();
});
const latestFile = sortedFiles[0];
const filepath = path.join(checkpointDir, latestFile);
const content = fs.readFileSync(filepath, 'utf8');
return JSON.parse(content) as Checkpoint;
}
async resumeFromCheckpoint(issueNumber: number): Promise<string | null> {
const checkpoint = await this.loadCheckpoint(issueNumber);
return checkpoint ? checkpoint.nextAgent : null;
}
}
export async function createPipelineRunner(config?: PipelineConfig): Promise<PipelineRunner> {