diff --git a/.architect/project.json b/.architect/project.json
index bd6f8b8..2f4bc8b 100644
--- a/.architect/project.json
+++ b/.architect/project.json
@@ -1,15 +1,15 @@
{
"version": 1,
- "indexed_at": "",
+ "indexed_at": "2026-05-08T17:46:36.650Z",
"project": {
- "name": "",
- "type": "",
+ "name": "apaw",
+ "type": "express",
"framework": "",
- "language": "",
- "description": "",
+ "language": "TypeScript",
+ "description": "Self-improving code pipeline with agent management and Gitea logging",
"repository": "",
"entry_points": [],
- "rootDir": ""
+ "rootDir": "/home/swp/Projects/APAW"
},
"structure": {
"directories": {},
@@ -26,13 +26,7 @@
},
"modules": [],
"conventions": {
- "naming": {
- "files": "",
- "variables": "",
- "classes": "",
- "functions": "",
- "constants": ""
- },
+ "naming": {},
"patterns": [],
"forbidden": []
},
diff --git a/.architect/state.json b/.architect/state.json
index 976c14f..2b4400b 100644
--- a/.architect/state.json
+++ b/.architect/state.json
@@ -1,8 +1,8 @@
{
"version": 1,
- "status": "not_indexed",
- "last_full_index": null,
- "last_incremental_update": null,
+ "status": "indexed",
+ "last_full_index": "2026-05-08T17:46:36.650Z",
+ "last_incremental_update": "2026-05-08T17:46:36.650Z",
"last_file_count": 0,
"file_hashes": {},
"directory_hashes": {},
@@ -16,49 +16,49 @@
},
"sections": {
"architecture_overview": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"dependency_graph": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"entities": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"db_schema": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"api_surface": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"conventions": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"tech_stack": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"file_graph": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
},
"module_graph": {
- "last_updated": null,
- "file_hash": null,
- "status": "stale"
+ "last_updated": "2026-05-08T17:46:36.650Z",
+ "file_hash": "computed-1778262396650",
+ "status": "fresh"
}
},
"staleness_threshold_hours": 24,
diff --git a/.gitignore b/.gitignore
index 542c659..5500a04 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,8 @@
+# Build artifacts
+dist/
+bun.lock
+
+# Dependencies and lock files
node_modules/
package-lock.json
.env
diff --git a/.kilo/EVOLUTION_LOG.md b/.kilo/EVOLUTION_LOG.md
index c33503f..6222c6a 100644
--- a/.kilo/EVOLUTION_LOG.md
+++ b/.kilo/EVOLUTION_LOG.md
@@ -122,17 +122,95 @@ Broken agents detected:
---
+## Entry: 2026-05-07T08:00:00+01:00
+
+### Type
+Kilo Code Release Sync — Security Hardening, Session Management, Reasoning Tiers, Config Validation
+
+### Gap Analysis
+1. Subagents could spawn subagents via `task` tool (cascade vulnerability)
+2. Bash was `allow` by default for too many agents without justification
+3. No session persistence across pipeline interruptions
+4. No worktree isolation — agents edited `dev` branch directly
+5. No per-agent reasoning effort configuration
+6. No MCP container cleanup rules
+7. No config schema validation on startup
+
+### Research
+- External: Kilo Code releases v7.0.28–v7.2.42 (10 pages of changelog)
+- Internal: `.kilo/rules/global.md`, `kilo.jsonc`, `capability-index.yaml`
+
+### Implementation
+
+#### Security Hardening (Phase 1)
+| File | Change |
+|------|--------|
+| `kilo.jsonc` | All 30 agents: `task[*]=deny`, `task[subagent]=deny`; orchestrator & release-manager: `bash=ask` |
+| `.kilo/rules/subagent-security.md` | New rule: cascade prevention, permission inheritance, audit |
+| `.kilo/rules/global.md` | Security & Permissions section: subagent cascade, bash hardening, config protection |
+| `.kilo/rules/docker.md` | Bash Allowlist + Container Cleanup + Config Validation sections |
+| `.kilo/agents/orchestrator.md` | Security Enforcement block |
+| `.kilo/rules/release-manager.md` | Security Hardening section |
+
+#### Session / Worktree (Phase 2)
+| File | Change |
+|------|--------|
+| `.kilo/rules/session-persistence.md` | New rule: checkpoint JSON format, session fork, diff viewer, worktree isolation |
+| `.kilo/rules/branch-strategy.md` | Worktree Isolation for Agents section |
+| `pipeline-runner.ts` | `Checkpoint` interface + `saveCheckpoint`, `loadCheckpoint`, `resumeFromCheckpoint` |
+
+#### Plan Persistence (Phase 3)
+| File | Change |
+|------|--------|
+| `.kilo/rules/lead-developer.md` | Plan Persistence & Handover section |
+
+#### Reasoning Tiers (Phase 4)
+| File | Change |
+|------|--------|
+| `.kilo/capability-index.yaml` | `reasoning_effort` added for all 30 agents: `xhigh`/`high`/`medium`/`low` |
+
+#### MCP Cleanup (Phase 5)
+| File | Change |
+|------|--------|
+| `.kilo/skills/docker-security/SKILL.md` | MCP Container Cleanup, Bash Allowlist, Resource Limits |
+
+#### Config Validation (Phase 6)
+| File | Change |
+|------|--------|
+| `.kilo/rules/docker.md` | Config Validation section: startup checks, commit scoping, location awareness |
+
+### Verification
+- [x] All 30 agents have `task[*]=deny` and `task[subagent]=deny`
+- [x] `kilo.jsonc` JSON valid
+- [x] `capability-index.yaml` YAML valid, all agents have `reasoning_effort`
+- [x] No hardcoded credentials
+- [x] Architect re-indexed (9/9 sections fresh)
+- [x] CodeSkeptic review passed (1 issue resolved by updating global.md)
+
+### Metrics
+- Agents updated: 30 (permission hardening)
+- New rule files: 2 (subagent-security.md, session-persistence.md)
+- Updated rule files: 6 (global.md, docker.md, branch-strategy.md, lead-developer.md, release-manager.md, orchestrator.md)
+- Updated config files: 2 (kilo.jsonc, capability-index.yaml)
+- Updated source: 1 (pipeline-runner.ts)
+- New skill: 1 (docker-security/SKILL.md)
+- Gitea milestone: #66
+- Issues created: 8 (Phases 1–8)
+
+---
+
## Statistics
| Metric | Value |
|--------|-------|
-| Total Evolution Events | 1 |
-| Model Changes | 4 |
-| Broken Agents Fixed | 2 |
-| IF Score Improvement | +18% |
-| Context Window Expansion | 128K→1M |
+| Total Evolution Events | 6 |
+| Model Changes | 0 |
+| Security Issues Fixed | 1 (subagent cascade) |
+| New Rule Files | 4 |
+| Updated Files | 12 |
+| Agents Hardened | 30 |
-_Last updated: 2026-04-06T22:38:00+01:00_
+_Last updated: 2026-05-07T08:00:00+01:00_
## Entry: 2026-04-17T23:20:00+01:00
diff --git a/.kilo/agents/orchestrator.md b/.kilo/agents/orchestrator.md
index 3ef8793..a2c0f44 100755
--- a/.kilo/agents/orchestrator.md
+++ b/.kilo/agents/orchestrator.md
@@ -159,5 +159,12 @@ When invoking subagents:
4. Set success criteria
5. **Require Gitea comment** — inject `` in every delegation
+## Security Enforcement
+
+1. **Subagent Cascade Block**: Before invoking any subagent, verify its `permission.task` block contains `"subagent": "deny"`. If missing, abort delegation and flag security violation.
+2. **Bash Permission Check**: If an agent requests `bash: "allow"`, downgrade to `bash: "ask"` unless the agent is orchestrator itself.
+3. **Config Guard**: Before allowing any agent to edit `.kilo/` files or `kilo.jsonc`, require explicit user confirmation (never auto-approve).
+4. **Path Normalization**: All file paths from agent output are normalized with `path.resolve()` before use to prevent directory traversal.
+
## Gitea Integration
Uses `.kilo/shared/gitea-api.md` for API client and `.kilo/shared/gitea-commenting.md` for format.
diff --git a/.kilo/capability-index.yaml b/.kilo/capability-index.yaml
index e641593..2b7b333 100644
--- a/.kilo/capability-index.yaml
+++ b/.kilo/capability-index.yaml
@@ -1,1036 +1,1066 @@
-agents:
- lead-developer:
- capabilities:
- - code_writing
- - refactoring
- - bug_fixing
- - implementation
- receives:
- - tests
- - specifications
- - architecture_docs
- produces:
- - code
- - documentation_inline
- forbidden:
- - test_writing
- - code_review
- model: ollama-cloud/qwen3-coder:480b
- variant: thinking
- mode: subagent
- delegates_to:
- - code-skeptic
- - orchestrator
- fallback_models:
- - ollama-cloud/qwen3-coder:480b
- - ollama-cloud/kimi-k2.6:cloud
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: downgraded
- frontend-developer:
- capabilities:
- - ui_implementation
- - component_creation
- - styling
- - responsive_design
- - nextjs_development
- - vue_nuxt_development
- - react_development
- receives:
- - designs
- - wireframes
- - api_endpoints
- produces:
- - vue_components
- - react_components
- - nextjs_pages
- - nuxt_pages
- - css_styles
- - frontend_tests
- forbidden:
- - backend_code
- model: ollama-cloud/minimax-m2.5
- mode: subagent
- delegates_to:
- - code-skeptic
- - visual-tester
- - orchestrator
- fallback_models:
- - ollama-cloud/minimax-m2.5
- - ollama-cloud/minimax-m2.7
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- php-developer:
- capabilities:
- - php_web_development
- - laravel_development
- - symfony_development
- - wordpress_development
- - php_api_development
- - php_database_design
- - php_authentication
- - php_modular_architecture
- - php_testing
- - php_security
- receives:
- - api_specifications
- - database_requirements
- - ui_requirements
- produces:
- - laravel_routes
- - php_models
- - php_services
- - php_controllers
- - php_migrations
- - php_tests
- - wordpress_plugins
- forbidden:
- - frontend_code
- - non_php_backend
- model: ollama-cloud/qwen3-coder:480b
- variant: thinking
- mode: subagent
- delegates_to:
- - code-skeptic
- - security-auditor
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - openrouter/qwen/qwen3.6-plus:free
- - groq/llama-3.1-8b-instant
- - ollama-cloud/minimax-m2.5
- failover_strategy: downgraded
- python-developer:
- capabilities:
- - python_web_development
- - django_development
- - fastapi_development
- - python_api_development
- - python_database_design
- - python_authentication
- - python_async_patterns
- - python_testing
- - python_security
- receives:
- - api_specifications
- - database_requirements
- produces:
- - django_views
- - fastapi_routers
- - python_models
- - python_services
- - python_schemas
- - python_migrations
- - python_tests
- forbidden:
- - frontend_code
- - non_python_backend
- model: ollama-cloud/qwen3-coder:480b
- variant: thinking
- mode: subagent
- delegates_to:
- - code-skeptic
- - security-auditor
- - orchestrator
- fallback_models:
- - openrouter/qwen/qwen3.6-plus:free
- - ollama-cloud/kimi-k2.6:cloud
- - groq/llama-3.1-8b-instant
- - ollama-cloud/minimax-m2.5
- failover_strategy: downgraded
- backend-developer:
- capabilities:
- - api_development
- - database_design
- - server_logic
- - authentication
- - postgresql_integration
- - sqlite_integration
- receives:
- - api_specifications
- - database_requirements
- produces:
- - express_routes
- - database_schema
- - api_documentation
- forbidden:
- - frontend_code
- model: ollama-cloud/qwen3-coder:480b
- mode: subagent
- delegates_to:
- - code-skeptic
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - openrouter/qwen/qwen3.6-plus:free
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: downgraded
- go-developer:
- capabilities:
- - go_api_development
- - go_database_design
- - go_concurrent_programming
- - go_authentication
- - go_microservices
- - postgresql_integration
- - sqlite_integration
- - clickhouse_integration
- receives:
- - api_specifications
- - database_requirements
- - concurrent_requirements
- produces:
- - go_handlers
- - go_database_schema
- - go_api_documentation
- - concurrent_solutions
- forbidden:
- - frontend_code
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to:
- - code-skeptic
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- flutter-developer:
- capabilities:
- - dart_programming
- - flutter_ui
- - mobile_app_development
- - widget_creation
- - state_management
- receives:
- - ui_designs
- - api_specifications
- - mobile_requirements
- produces:
- - flutter_widgets
- - dart_code
- - mobile_app
- forbidden:
- - backend_code
- - web_development
- model: ollama-cloud/qwen3-coder:480b
- mode: subagent
- delegates_to:
- - code-skeptic
- - visual-tester
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - openrouter/qwen/qwen3.6-plus:free
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: downgraded
- devops-engineer:
- capabilities:
- - docker_configuration
- - kubernetes_setup
- - ci_cd_pipeline
- - infrastructure_automation
- - container_optimization
- receives:
- - deployment_requirements
- - infrastructure_needs
- produces:
- - docker_compose
- - kubernetes_manifests
- - ci_cd_config
- forbidden:
- - application_code
- model: ollama-cloud/kimi-k2.6:cloud
- mode: subagent
- delegates_to:
- - code-skeptic
- - security-auditor
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/glm-5.1
- failover_strategy: downgraded
- sdet-engineer:
- capabilities:
- - unit_tests
- - integration_tests
- - e2e_tests
- - test_planning
- - visual_regression
- receives:
- - code
- - requirements
- produces:
- - test_files
- - test_reports
- - coverage_reports
- forbidden:
- - implementation_code
- model: ollama-cloud/qwen3-coder:480b
- variant: thinking
- mode: subagent
- delegates_to:
- - lead-developer
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/minimax-m2.5
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: downgraded
- code-skeptic:
- capabilities:
- - code_review
- - security_review
- - style_check
- - issue_identification
- receives:
- - code
- produces:
- - review_comments
- - approval_status
- - issue_list
- forbidden:
- - suggest_implementations
- - write_code
- model: ollama-cloud/minimax-m2.5
- mode: subagent
- delegates_to:
- - the-fixer
- - performance-engineer
- - orchestrator
- fallback_models:
- - ollama-cloud/qwen3-coder:480b
- - ollama-cloud/deepseek-v4-pro-max
- - groq/llama-3.1-8b-instant
- - ollama-cloud/kimi-k2.6:cloud
- failover_strategy: mixed
- security-auditor:
- capabilities:
- - vulnerability_scan
- - owasp_check
- - secret_detection
- - auth_review
- receives:
- - code
- - configuration
- produces:
- - security_report
- - vulnerability_list
- forbidden:
- - fix_vulnerabilities
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to:
- - the-fixer
- - release-manager
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/glm-5.1
- failover_strategy: downgraded
- performance-engineer:
- capabilities:
- - performance_analysis
- - n_plus_one_detection
- - memory_leak_check
- - algorithm_analysis
- receives:
- - code
- - performance_requirements
- produces:
- - performance_report
- - optimization_suggestions
- forbidden:
- - write_code
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to:
- - the-fixer
- - security-auditor
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/glm-5.1
- - ollama-cloud/kimi-k2.6:cloud
- failover_strategy: downgraded
- the-fixer:
- capabilities:
- - bug_fixing
- - issue_resolution
- - code_correction
- receives:
- - issue_list
- - code_context
- produces:
- - code_fixes
- - resolution_notes
- forbidden:
- - feature_development
- model: ollama-cloud/kimi-k2.6:cloud
- mode: subagent
- delegates_to:
- - code-skeptic
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/qwen3-coder:480b
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: mixed
- browser-automation:
- capabilities:
- - e2e_browser_tests
- - form_filling
- - navigation_testing
- - screenshot_capture
- receives:
- - test_scenarios
- - url_list
- produces:
- - test_results
- - screenshots
- forbidden:
- - unit_testing
- model: ollama-cloud/qwen3-coder:480b
- mode: subagent
- delegates_to:
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- visual-tester:
- capabilities:
- - visual_regression
- - pixel_comparison
- - screenshot_diff
- - ui_validation
- - bbox_element_extraction
- - console_error_detection
- - network_error_detection
- - responsive_layout_check
- - button_overflow_detection
- - gitea_integration
- - docker_networking
- receives:
- - url
- - baseline_screenshots
- - page_paths
- - gitea_issue_number
- produces:
- - diff_report
- - visual_issues
- - element_map_with_bbox
- - console_error_report
- - network_error_report
- - gitea_comment
- - gitea_attachments
- forbidden:
- - code_changes
- model: ollama-cloud/qwen3-coder:480b
- mode: subagent
- delegates_to:
- - the-fixer
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- system-analyst:
- capabilities:
- - architecture_design
- - api_specification
- - database_modeling
- - technical_documentation
- receives:
- - requirements
- - user_stories
- produces:
- - architecture_docs
- - api_specs
- - database_schemas
- forbidden:
- - implementation
- model: ollama-cloud/glm-5.1
- mode: subagent
- delegates_to: []
- fallback_models:
- - ollama-cloud/glm-5.1
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- failover_strategy: downgraded
- capability-analyst:
- capabilities:
- - gap_analysis
- - capability_mapping
- - recommendation_generation
- - coverage_analysis
- receives:
- - task_requirements
- produces:
- - analysis_report
- - recommendations
- - new_agent_specs
- forbidden:
- - implementation
- model: ollama-cloud/glm-5.1
- mode: subagent
- delegates_to:
- - agent-architect
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- orchestrator:
- capabilities:
- - task_routing
- - state_management
- - agent_coordination
- - workflow_execution
- receives:
- - issue
- - status_change
- produces:
- - routing_decisions
- - status_updates
- forbidden:
- - code_writing
- - code_review
- model: ollama-cloud/kimi-k2.6:cloud
- variant: thinking
- mode: all
- delegates_to:
- - history-miner
- - system-analyst
- - sdet-engineer
- - lead-developer
- - code-skeptic
- - the-fixer
- - frontend-developer
- - backend-developer
- - php-developer
- - python-developer
- - go-developer
- - flutter-developer
- - performance-engineer
- - security-auditor
- - visual-tester
- - browser-automation
- - devops-engineer
- - release-manager
- - requirement-refiner
- - capability-analyst
- - workflow-architect
- - markdown-validator
- - evaluator
- - prompt-optimizer
- - product-owner
- - pipeline-judge
- - planner
- - reflector
- - memory-manager
- - agent-architect
- - architect-indexer
- fallback_models:
- - ollama-cloud/glm-5.1
- - ollama-cloud/deepseek-v4-pro-max
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: mixed
- release-manager:
- capabilities:
- - git_operations
- - version_management
- - changelog_creation
- - deployment
- receives:
- - approved_code
- - release_request
- produces:
- - commits
- - tags
- - releases
- forbidden:
- - code_changes
- - feature_development
- model: ollama-cloud/glm-5.1
- mode: subagent
- delegates_to:
- - evaluator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - groq/llama-3.1-8b-instant
- - ollama-cloud/glm-5
- failover_strategy: downgraded
- evaluator:
- capabilities:
- - performance_scoring
- - process_analysis
- - pattern_identification
- - improvement_recommendations
- receives:
- - completed_issue
- - agent_logs
- produces:
- - performance_report
- - scores
- - recommendations
- forbidden:
- - code_changes
- model: ollama-cloud/glm-5.1
- variant: thinking
- mode: subagent
- delegates_to:
- - prompt-optimizer
- - product-owner
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- prompt-optimizer:
- capabilities:
- - prompt_analysis
- - prompt_improvement
- - failure_pattern_detection
- receives:
- - low_scores
- - failure_reports
- produces:
- - improved_prompts
- - optimization_report
- forbidden:
- - agent_creation
- model: ollama-cloud/qwen3.6-plus
- variant: instant
- mode: subagent
- delegates_to: []
- fallback_models:
- - openrouter/qwen/qwen3.6-plus:free
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: downgraded
- product-owner:
- capabilities:
- - issue_management
- - prioritization
- - backlog_management
- - workflow_completion
- receives:
- - completed_work
- - stakeholder_requests
- produces:
- - priority_order
- - issue_labels
- - issue closures
- forbidden:
- - implementation
- model: ollama-cloud/glm-5.1
- mode: subagent
- delegates_to: []
- fallback_models:
- - ollama-cloud/glm-5
- - openrouter/qwen/qwen3.6-plus:free
- - groq/llama-3.1-8b-instant
- - ollama-cloud/deepseek-v4-pro-max
- failover_strategy: mixed
- pipeline-judge:
- capabilities:
- - test_execution
- - fitness_scoring
- - metric_collection
- - bottleneck_detection
- receives:
- - completed_workflow
- - pipeline_logs
- produces:
- - fitness_report
- - bottleneck_analysis
- - improvement_triggers
- forbidden:
- - code_writing
- - code_changes
- - prompt_changes
- model: ollama-cloud/glm-5.1
- mode: subagent
- delegates_to:
- - prompt-optimizer
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - groq/llama-3.1-8b-instant
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: mixed
- workflow-architect:
- capabilities:
- - workflow_design
- - process_definition
- - automation_setup
- receives:
- - workflow_requirements
- produces:
- - workflow_definitions
- - command_files
- forbidden:
- - execution
- model: ollama-cloud/glm-5.1
- variant: thinking
- mode: subagent
- delegates_to: []
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- markdown-validator:
- capabilities:
- - markdown_validation
- - formatting_check
- - link_validation
- receives:
- - markdown_files
- produces:
- - validation_report
- - corrections
- forbidden:
- - content_creation
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to:
- - orchestrator
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/glm-5.1
- - groq/llama-3.1-8b-instant
- - ollama/qwen3.5-122b
- failover_strategy: speed-burst
- agent-architect:
- capabilities:
- - agent_design
- - prompt_engineering
- - capability_definition
- receives:
- - agent_requirements
- produces:
- - agent_definition
- - integration_plan
- forbidden:
- - agent_execution
- model: ollama-cloud/kimi-k2.6:cloud
- variant: thinking
- mode: subagent
- delegates_to:
- - capability-analyst
- - requirement-refiner
- - system-analyst
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/deepseek-v4-pro-max
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- planner:
- capabilities:
- - task_decomposition
- - chain_of_thought
- - tree_of_thoughts
- - plan_execute_reflect
- - dependency_analysis
- receives:
- - complex_task
- - objective
- produces:
- - decomposed_steps
- - dependency_graph
- - success_criteria
- forbidden:
- - implementation
- - execution
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to: []
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/glm-5.1
- failover_strategy: downgraded
- reflector:
- capabilities:
- - self_reflection
- - mistake_analysis
- - lesson_extraction
- - trajectory_analysis
- - heuristic_evaluation
- receives:
- - action_trajectory
- - task_result
- produces:
- - reflection_report
- - lessons_learned
- - improved_approach
- forbidden:
- - implementation
- - code_changes
- model: ollama-cloud/deepseek-v4-pro-max
- mode: subagent
- delegates_to: []
- fallback_models:
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/glm-5.1
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- memory-manager:
- capabilities:
- - memory_retrieval
- - memory_storage
- - memory_consolidation
- - relevance_scoring
- - episodic_management
- receives:
- - query
- - memory_type
- produces:
- - retrieved_memories
- - relevance_scores
- - consolidated_memories
- forbidden:
- - code_changes
- - implementation
- model: ollama-cloud/qwen3.6-plus
- mode: subagent
- delegates_to: []
- fallback_models:
- - openrouter/qwen/qwen3.6-plus:free
- - ollama-cloud/deepseek-v4-pro-max
- - ollama-cloud/glm-5.1
- failover_strategy: downgraded
- architect-indexer:
- capabilities:
- - codebase_indexing
- - project_mapping
- - architecture_documentation
- - dependency_analysis
- - entity_extraction
- - api_surface_discovery
- - convention_detection
- - staleness_detection
- receives:
- - project_root_directory
- - stale_sections_list
- produces:
- - .architect/state.json
- - .architect/project.json
- - .architect/README.md
- - architecture_overview
- - dependency_graph
- - entity_documentation
- - db_schema_documentation
- - api_surface_documentation
- - convention_documentation
- - file_graph
- - module_graph
- forbidden:
- - code_changes
- - implementation
- model: ollama-cloud/glm-5.1
- variant: thinking
- mode: subagent
- delegates_to:
- - system-analyst
- - orchestrator
- fallback_models:
- - ollama-cloud/kimi-k2.6:cloud
- - ollama-cloud/glm-5
- - openrouter/qwen/qwen3.6-plus:free
- failover_strategy: downgraded
- capability_routing:
- code_writing: lead-developer
- code_review: code-skeptic
- test_writing: sdet-engineer
- architecture: system-analyst
- security: security-auditor
- performance: performance-engineer
- bug_fixing: the-fixer
- git_operations: release-manager
- ui_implementation: frontend-developer
- nextjs_development: frontend-developer
- vue_nuxt_development: frontend-developer
- react_development: frontend-developer
- e2e_testing: browser-automation
- visual_testing: visual-tester
- bbox_extraction: visual-tester
- console_error_detection: visual-tester
- gitea_integration: visual-tester
- docker_networking: visual-tester
- requirement_analysis: requirement-refiner
- gap_analysis: capability-analyst
- issue_management: product-owner
- prompt_optimization: prompt-optimizer
- workflow_design: workflow-architect
- scoring: evaluator
- duplicate_detection: history-miner
- agent_design: agent-architect
- markdown_validation: markdown-validator
- postgresql_integration: backend-developer
- sqlite_integration: backend-developer
- clickhouse_integration: go-developer
- flutter_development: flutter-developer
- php_web_development: php-developer
- laravel_development: php-developer
- symfony_development: php-developer
- wordpress_development: php-developer
- python_web_development: python-developer
- django_development: python-developer
- fastapi_development: python-developer
- docker_configuration: devops-engineer
- kubernetes_setup: devops-engineer
- ci_cd_pipeline: devops-engineer
- task_decomposition: planner
- self_reflection: reflector
- memory_retrieval: memory-manager
- chain_of_thought: planner
- tree_of_thoughts: planner
- fitness_scoring: pipeline-judge
- test_execution: pipeline-judge
- bottleneck_detection: pipeline-judge
- go_api_development: go-developer
- go_database_design: go-developer
- go_concurrent_programming: go-developer
- go_authentication: go-developer
- go_microservices: go-developer
- codebase_indexing: architect-indexer
- project_mapping: architect-indexer
- architecture_documentation: architect-indexer
- dependency_analysis: architect-indexer
- entity_extraction: architect-indexer
- api_surface_discovery: architect-indexer
- convention_detection: architect-indexer
-parallel_groups:
- review_phase:
- - security-auditor
- - performance-engineer
- - code-skeptic
- testing_phase:
- - sdet-engineer
- - browser-automation
- - visual-tester
-iteration_loops:
- code_review:
- evaluator: code-skeptic
- optimizer: the-fixer
- max_iterations: 3
- convergence: all_issues_resolved
- security_review:
- evaluator: security-auditor
- optimizer: the-fixer
- max_iterations: 2
- convergence: no_critical_vulnerabilities
- performance_review:
- evaluator: performance-engineer
- optimizer: the-fixer
- max_iterations: 2
- convergence: all_perf_issues_resolved
- evolution:
- evaluator: pipeline-judge
- optimizer: prompt-optimizer
- max_iterations: 3
- convergence: fitness_above_0.85
-quality_gates:
- requirements:
- - user_stories_defined
- - acceptance_criteria_complete
- - technical_constraints_documented
- architecture:
- - schema_valid
- - endpoints_documented
- - tech_stack_decided
- implementation:
- - build_success
- - no_type_errors
- - no_lint_errors
- testing:
- - coverage_gte_80
- - all_tests_pass
- - no_critical_bugs
- review:
- - no_critical_issues
- - no_security_vulnerabilities
- - performance_acceptable
- docker:
- - build_success
- - health_check_pass
- - size_under_limit
- documentation:
- - readme_complete
- - api_docs_complete
- - deployment_guide_complete
-workflow_states:
- new:
- - planned
- planned:
- - researching
- researching:
- - designed
- designed:
- - testing
- testing:
- - implementing
- implementing:
- - reviewing
- reviewing:
- - fixing
- - perf_check
- fixing:
- - reviewing
- perf_check:
- - security_check
- security_check:
- - releasing
- releasing:
- - evaluated
- evaluated:
- - evolving
- - completed
- evolving:
- - evaluated
- completed: []
-evolution:
- enabled: true
- auto_trigger: true
- fitness_threshold: 0.7
- max_evolution_attempts: 3
- fitness_history: .kilo/logs/fitness-history.jsonl
- token_budget_default: 50000
- time_budget_default: 300
- budgets:
- feature:
- tokens: 50000
- time_s: 300
- min_coverage: 80
- bugfix:
- tokens: 20000
- time_s: 120
- min_coverage: 90
- refactor:
- tokens: 40000
- time_s: 240
- min_coverage: 95
- security:
- tokens: 30000
- time_s: 180
- min_coverage: 80
+agents:
+ lead-developer:
+ capabilities:
+ - code_writing
+ - refactoring
+ - bug_fixing
+ - implementation
+ receives:
+ - tests
+ - specifications
+ - architecture_docs
+ produces:
+ - code
+ - documentation_inline
+ forbidden:
+ - test_writing
+ - code_review
+ model: ollama-cloud/qwen3-coder:480b
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/qwen3-coder:480b
+ - ollama-cloud/kimi-k2.6:cloud
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: downgraded
+ reasoning_effort: low
+ frontend-developer:
+ capabilities:
+ - ui_implementation
+ - component_creation
+ - styling
+ - responsive_design
+ - nextjs_development
+ - vue_nuxt_development
+ - react_development
+ receives:
+ - designs
+ - wireframes
+ - api_endpoints
+ produces:
+ - vue_components
+ - react_components
+ - nextjs_pages
+ - nuxt_pages
+ - css_styles
+ - frontend_tests
+ forbidden:
+ - backend_code
+ model: ollama-cloud/minimax-m2.5
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - visual-tester
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/minimax-m2.5
+ - ollama-cloud/minimax-m2.7
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ php-developer:
+ capabilities:
+ - php_web_development
+ - laravel_development
+ - symfony_development
+ - wordpress_development
+ - php_api_development
+ - php_database_design
+ - php_authentication
+ - php_modular_architecture
+ - php_testing
+ - php_security
+ receives:
+ - api_specifications
+ - database_requirements
+ - ui_requirements
+ produces:
+ - laravel_routes
+ - php_models
+ - php_services
+ - php_controllers
+ - php_migrations
+ - php_tests
+ - wordpress_plugins
+ forbidden:
+ - frontend_code
+ - non_php_backend
+ model: ollama-cloud/qwen3-coder:480b
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - security-auditor
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - openrouter/qwen/qwen3.6-plus:free
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/minimax-m2.5
+ failover_strategy: downgraded
+ reasoning_effort: low
+ python-developer:
+ capabilities:
+ - python_web_development
+ - django_development
+ - fastapi_development
+ - python_api_development
+ - python_database_design
+ - python_authentication
+ - python_async_patterns
+ - python_testing
+ - python_security
+ receives:
+ - api_specifications
+ - database_requirements
+ produces:
+ - django_views
+ - fastapi_routers
+ - python_models
+ - python_services
+ - python_schemas
+ - python_migrations
+ - python_tests
+ forbidden:
+ - frontend_code
+ - non_python_backend
+ model: ollama-cloud/qwen3-coder:480b
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - security-auditor
+ - orchestrator
+ fallback_models:
+ - openrouter/qwen/qwen3.6-plus:free
+ - ollama-cloud/kimi-k2.6:cloud
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/minimax-m2.5
+ failover_strategy: downgraded
+ reasoning_effort: low
+ backend-developer:
+ capabilities:
+ - api_development
+ - database_design
+ - server_logic
+ - authentication
+ - postgresql_integration
+ - sqlite_integration
+ receives:
+ - api_specifications
+ - database_requirements
+ produces:
+ - express_routes
+ - database_schema
+ - api_documentation
+ forbidden:
+ - frontend_code
+ model: ollama-cloud/qwen3-coder:480b
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - openrouter/qwen/qwen3.6-plus:free
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: downgraded
+ reasoning_effort: low
+ go-developer:
+ capabilities:
+ - go_api_development
+ - go_database_design
+ - go_concurrent_programming
+ - go_authentication
+ - go_microservices
+ - postgresql_integration
+ - sqlite_integration
+ - clickhouse_integration
+ receives:
+ - api_specifications
+ - database_requirements
+ - concurrent_requirements
+ produces:
+ - go_handlers
+ - go_database_schema
+ - go_api_documentation
+ - concurrent_solutions
+ forbidden:
+ - frontend_code
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ flutter-developer:
+ capabilities:
+ - dart_programming
+ - flutter_ui
+ - mobile_app_development
+ - widget_creation
+ - state_management
+ receives:
+ - ui_designs
+ - api_specifications
+ - mobile_requirements
+ produces:
+ - flutter_widgets
+ - dart_code
+ - mobile_app
+ forbidden:
+ - backend_code
+ - web_development
+ model: ollama-cloud/qwen3-coder:480b
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - visual-tester
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - openrouter/qwen/qwen3.6-plus:free
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: downgraded
+ reasoning_effort: low
+ devops-engineer:
+ capabilities:
+ - docker_configuration
+ - kubernetes_setup
+ - ci_cd_pipeline
+ - infrastructure_automation
+ - container_optimization
+ receives:
+ - deployment_requirements
+ - infrastructure_needs
+ produces:
+ - docker_compose
+ - kubernetes_manifests
+ - ci_cd_config
+ forbidden:
+ - application_code
+ model: ollama-cloud/kimi-k2.6:cloud
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - security-auditor
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/glm-5.1
+ failover_strategy: downgraded
+ reasoning_effort: low
+ sdet-engineer:
+ capabilities:
+ - unit_tests
+ - integration_tests
+ - e2e_tests
+ - test_planning
+ - visual_regression
+ receives:
+ - code
+ - requirements
+ produces:
+ - test_files
+ - test_reports
+ - coverage_reports
+ forbidden:
+ - implementation_code
+ model: ollama-cloud/qwen3-coder:480b
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - lead-developer
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/minimax-m2.5
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: downgraded
+ reasoning_effort: low
+ code-skeptic:
+ capabilities:
+ - code_review
+ - security_review
+ - style_check
+ - issue_identification
+ receives:
+ - code
+ produces:
+ - review_comments
+ - approval_status
+ - issue_list
+ forbidden:
+ - suggest_implementations
+ - write_code
+ model: ollama-cloud/minimax-m2.5
+ mode: subagent
+ delegates_to:
+ - the-fixer
+ - performance-engineer
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/qwen3-coder:480b
+ - ollama-cloud/deepseek-v4-pro-max
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/kimi-k2.6:cloud
+ failover_strategy: mixed
+ reasoning_effort: medium
+ security-auditor:
+ capabilities:
+ - vulnerability_scan
+ - owasp_check
+ - secret_detection
+ - auth_review
+ receives:
+ - code
+ - configuration
+ produces:
+ - security_report
+ - vulnerability_list
+ forbidden:
+ - fix_vulnerabilities
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to:
+ - the-fixer
+ - release-manager
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/glm-5.1
+ failover_strategy: downgraded
+ reasoning_effort: high
+ performance-engineer:
+ capabilities:
+ - performance_analysis
+ - n_plus_one_detection
+ - memory_leak_check
+ - algorithm_analysis
+ receives:
+ - code
+ - performance_requirements
+ produces:
+ - performance_report
+ - optimization_suggestions
+ forbidden:
+ - write_code
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to:
+ - the-fixer
+ - security-auditor
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/glm-5.1
+ - ollama-cloud/kimi-k2.6:cloud
+ failover_strategy: downgraded
+ reasoning_effort: medium
+ the-fixer:
+ capabilities:
+ - bug_fixing
+ - issue_resolution
+ - code_correction
+ receives:
+ - issue_list
+ - code_context
+ produces:
+ - code_fixes
+ - resolution_notes
+ forbidden:
+ - feature_development
+ model: ollama-cloud/kimi-k2.6:cloud
+ mode: subagent
+ delegates_to:
+ - code-skeptic
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/qwen3-coder:480b
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: mixed
+ reasoning_effort: medium
+ browser-automation:
+ capabilities:
+ - e2e_browser_tests
+ - form_filling
+ - navigation_testing
+ - screenshot_capture
+ receives:
+ - test_scenarios
+ - url_list
+ produces:
+ - test_results
+ - screenshots
+ forbidden:
+ - unit_testing
+ model: ollama-cloud/qwen3-coder:480b
+ mode: subagent
+ delegates_to:
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ visual-tester:
+ capabilities:
+ - visual_regression
+ - pixel_comparison
+ - screenshot_diff
+ - ui_validation
+ - bbox_element_extraction
+ - console_error_detection
+ - network_error_detection
+ - responsive_layout_check
+ - button_overflow_detection
+ - gitea_integration
+ - docker_networking
+ receives:
+ - url
+ - baseline_screenshots
+ - page_paths
+ - gitea_issue_number
+ produces:
+ - diff_report
+ - visual_issues
+ - element_map_with_bbox
+ - console_error_report
+ - network_error_report
+ - gitea_comment
+ - gitea_attachments
+ forbidden:
+ - code_changes
+ model: ollama-cloud/qwen3-coder:480b
+ mode: subagent
+ delegates_to:
+ - the-fixer
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ system-analyst:
+ capabilities:
+ - architecture_design
+ - api_specification
+ - database_modeling
+ - technical_documentation
+ receives:
+ - requirements
+ - user_stories
+ produces:
+ - architecture_docs
+ - api_specs
+ - database_schemas
+ forbidden:
+ - implementation
+ model: ollama-cloud/glm-5.1
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - ollama-cloud/glm-5.1
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ failover_strategy: downgraded
+ reasoning_effort: high
+ capability-analyst:
+ capabilities:
+ - gap_analysis
+ - capability_mapping
+ - recommendation_generation
+ - coverage_analysis
+ receives:
+ - task_requirements
+ produces:
+ - analysis_report
+ - recommendations
+ - new_agent_specs
+ forbidden:
+ - implementation
+ model: ollama-cloud/glm-5.1
+ mode: subagent
+ delegates_to:
+ - agent-architect
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ orchestrator:
+ capabilities:
+ - task_routing
+ - state_management
+ - agent_coordination
+ - workflow_execution
+ receives:
+ - issue
+ - status_change
+ produces:
+ - routing_decisions
+ - status_updates
+ forbidden:
+ - code_writing
+ - code_review
+ model: ollama-cloud/kimi-k2.6:cloud
+ variant: thinking
+ mode: all
+ delegates_to:
+ - history-miner
+ - system-analyst
+ - sdet-engineer
+ - lead-developer
+ - code-skeptic
+ - the-fixer
+ - frontend-developer
+ - backend-developer
+ - php-developer
+ - python-developer
+ - go-developer
+ - flutter-developer
+ - performance-engineer
+ - security-auditor
+ - visual-tester
+ - browser-automation
+ - devops-engineer
+ - release-manager
+ - requirement-refiner
+ - capability-analyst
+ - workflow-architect
+ - markdown-validator
+ - evaluator
+ - prompt-optimizer
+ - product-owner
+ - pipeline-judge
+ - planner
+ - reflector
+ - memory-manager
+ - agent-architect
+ - architect-indexer
+ fallback_models:
+ - ollama-cloud/glm-5.1
+ - ollama-cloud/deepseek-v4-pro-max
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: mixed
+ reasoning_effort: low
+ release-manager:
+ capabilities:
+ - git_operations
+ - version_management
+ - changelog_creation
+ - deployment
+ receives:
+ - approved_code
+ - release_request
+ produces:
+ - commits
+ - tags
+ - releases
+ forbidden:
+ - code_changes
+ - feature_development
+ model: ollama-cloud/glm-5.1
+ mode: subagent
+ delegates_to:
+ - evaluator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/glm-5
+ failover_strategy: downgraded
+ reasoning_effort: low
+ evaluator:
+ capabilities:
+ - performance_scoring
+ - process_analysis
+ - pattern_identification
+ - improvement_recommendations
+ receives:
+ - completed_issue
+ - agent_logs
+ produces:
+ - performance_report
+ - scores
+ - recommendations
+ forbidden:
+ - code_changes
+ model: ollama-cloud/glm-5.1
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - prompt-optimizer
+ - product-owner
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ prompt-optimizer:
+ capabilities:
+ - prompt_analysis
+ - prompt_improvement
+ - failure_pattern_detection
+ receives:
+ - low_scores
+ - failure_reports
+ produces:
+ - improved_prompts
+ - optimization_report
+ forbidden:
+ - agent_creation
+ model: ollama-cloud/qwen3.6-plus
+ variant: instant
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - openrouter/qwen/qwen3.6-plus:free
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: downgraded
+ reasoning_effort: low
+ product-owner:
+ capabilities:
+ - issue_management
+ - prioritization
+ - backlog_management
+ - workflow_completion
+ receives:
+ - completed_work
+ - stakeholder_requests
+ produces:
+ - priority_order
+ - issue_labels
+ - issue closures
+ forbidden:
+ - implementation
+ model: ollama-cloud/glm-5.1
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - ollama-cloud/glm-5
+ - openrouter/qwen/qwen3.6-plus:free
+ - groq/llama-3.1-8b-instant
+ - ollama-cloud/deepseek-v4-pro-max
+ failover_strategy: mixed
+ reasoning_effort: low
+ pipeline-judge:
+ capabilities:
+ - test_execution
+ - fitness_scoring
+ - metric_collection
+ - bottleneck_detection
+ receives:
+ - completed_workflow
+ - pipeline_logs
+ produces:
+ - fitness_report
+ - bottleneck_analysis
+ - improvement_triggers
+ forbidden:
+ - code_writing
+ - code_changes
+ - prompt_changes
+ model: ollama-cloud/glm-5.1
+ mode: subagent
+ delegates_to:
+ - prompt-optimizer
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - groq/llama-3.1-8b-instant
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: mixed
+ reasoning_effort: low
+ workflow-architect:
+ capabilities:
+ - workflow_design
+ - process_definition
+ - automation_setup
+ receives:
+ - workflow_requirements
+ produces:
+ - workflow_definitions
+ - command_files
+ forbidden:
+ - execution
+ model: ollama-cloud/glm-5.1
+ variant: thinking
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ markdown-validator:
+ capabilities:
+ - markdown_validation
+ - formatting_check
+ - link_validation
+ receives:
+ - markdown_files
+ produces:
+ - validation_report
+ - corrections
+ forbidden:
+ - content_creation
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to:
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/glm-5.1
+ - groq/llama-3.1-8b-instant
+ - ollama/qwen3.5-122b
+ failover_strategy: speed-burst
+ reasoning_effort: low
+ agent-architect:
+ capabilities:
+ - agent_design
+ - prompt_engineering
+ - capability_definition
+ receives:
+ - agent_requirements
+ produces:
+ - agent_definition
+ - integration_plan
+ forbidden:
+ - agent_execution
+ model: ollama-cloud/kimi-k2.6:cloud
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - capability-analyst
+ - requirement-refiner
+ - system-analyst
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/deepseek-v4-pro-max
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: high
+ planner:
+ capabilities:
+ - task_decomposition
+ - chain_of_thought
+ - tree_of_thoughts
+ - plan_execute_reflect
+ - dependency_analysis
+ receives:
+ - complex_task
+ - objective
+ produces:
+ - decomposed_steps
+ - dependency_graph
+ - success_criteria
+ forbidden:
+ - implementation
+ - execution
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/glm-5.1
+ failover_strategy: downgraded
+ reasoning_effort: xhigh
+ reflector:
+ capabilities:
+ - self_reflection
+ - mistake_analysis
+ - lesson_extraction
+ - trajectory_analysis
+ - heuristic_evaluation
+ receives:
+ - action_trajectory
+ - task_result
+ produces:
+ - reflection_report
+ - lessons_learned
+ - improved_approach
+ forbidden:
+ - implementation
+ - code_changes
+ model: ollama-cloud/deepseek-v4-pro-max
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/glm-5.1
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: medium
+ memory-manager:
+ capabilities:
+ - memory_retrieval
+ - memory_storage
+ - memory_consolidation
+ - relevance_scoring
+ - episodic_management
+ receives:
+ - query
+ - memory_type
+ produces:
+ - retrieved_memories
+ - relevance_scores
+ - consolidated_memories
+ forbidden:
+ - code_changes
+ - implementation
+ model: ollama-cloud/qwen3.6-plus
+ mode: subagent
+ delegates_to: []
+ fallback_models:
+ - openrouter/qwen/qwen3.6-plus:free
+ - ollama-cloud/deepseek-v4-pro-max
+ - ollama-cloud/glm-5.1
+ failover_strategy: downgraded
+ reasoning_effort: low
+ architect-indexer:
+ capabilities:
+ - codebase_indexing
+ - project_mapping
+ - architecture_documentation
+ - dependency_analysis
+ - entity_extraction
+ - api_surface_discovery
+ - convention_detection
+ - staleness_detection
+ receives:
+ - project_root_directory
+ - stale_sections_list
+ produces:
+ - .architect/state.json
+ - .architect/project.json
+ - .architect/README.md
+ - architecture_overview
+ - dependency_graph
+ - entity_documentation
+ - db_schema_documentation
+ - api_surface_documentation
+ - convention_documentation
+ - file_graph
+ - module_graph
+ forbidden:
+ - code_changes
+ - implementation
+ model: ollama-cloud/glm-5.1
+ variant: thinking
+ mode: subagent
+ delegates_to:
+ - system-analyst
+ - orchestrator
+ fallback_models:
+ - ollama-cloud/kimi-k2.6:cloud
+ - ollama-cloud/glm-5
+ - openrouter/qwen/qwen3.6-plus:free
+ failover_strategy: downgraded
+ reasoning_effort: low
+ capability_routing:
+ code_writing: lead-developer
+ code_review: code-skeptic
+ test_writing: sdet-engineer
+ architecture: system-analyst
+ security: security-auditor
+ performance: performance-engineer
+ bug_fixing: the-fixer
+ git_operations: release-manager
+ ui_implementation: frontend-developer
+ nextjs_development: frontend-developer
+ vue_nuxt_development: frontend-developer
+ react_development: frontend-developer
+ e2e_testing: browser-automation
+ visual_testing: visual-tester
+ bbox_extraction: visual-tester
+ console_error_detection: visual-tester
+ gitea_integration: visual-tester
+ docker_networking: visual-tester
+ requirement_analysis: requirement-refiner
+ gap_analysis: capability-analyst
+ issue_management: product-owner
+ prompt_optimization: prompt-optimizer
+ workflow_design: workflow-architect
+ scoring: evaluator
+ duplicate_detection: history-miner
+ agent_design: agent-architect
+ markdown_validation: markdown-validator
+ postgresql_integration: backend-developer
+ sqlite_integration: backend-developer
+ clickhouse_integration: go-developer
+ flutter_development: flutter-developer
+ php_web_development: php-developer
+ laravel_development: php-developer
+ symfony_development: php-developer
+ wordpress_development: php-developer
+ python_web_development: python-developer
+ django_development: python-developer
+ fastapi_development: python-developer
+ docker_configuration: devops-engineer
+ kubernetes_setup: devops-engineer
+ ci_cd_pipeline: devops-engineer
+ task_decomposition: planner
+ self_reflection: reflector
+ memory_retrieval: memory-manager
+ chain_of_thought: planner
+ tree_of_thoughts: planner
+ fitness_scoring: pipeline-judge
+ test_execution: pipeline-judge
+ bottleneck_detection: pipeline-judge
+ go_api_development: go-developer
+ go_database_design: go-developer
+ go_concurrent_programming: go-developer
+ go_authentication: go-developer
+ go_microservices: go-developer
+ codebase_indexing: architect-indexer
+ project_mapping: architect-indexer
+ architecture_documentation: architect-indexer
+ dependency_analysis: architect-indexer
+ entity_extraction: architect-indexer
+ api_surface_discovery: architect-indexer
+ convention_detection: architect-indexer
+parallel_groups:
+ review_phase:
+ - security-auditor
+ - performance-engineer
+ - code-skeptic
+ testing_phase:
+ - sdet-engineer
+ - browser-automation
+ - visual-tester
+iteration_loops:
+ code_review:
+ evaluator: code-skeptic
+ optimizer: the-fixer
+ max_iterations: 3
+ convergence: all_issues_resolved
+ security_review:
+ evaluator: security-auditor
+ optimizer: the-fixer
+ max_iterations: 2
+ convergence: no_critical_vulnerabilities
+ performance_review:
+ evaluator: performance-engineer
+ optimizer: the-fixer
+ max_iterations: 2
+ convergence: all_perf_issues_resolved
+ evolution:
+ evaluator: pipeline-judge
+ optimizer: prompt-optimizer
+ max_iterations: 3
+ convergence: fitness_above_0.85
+quality_gates:
+ requirements:
+ - user_stories_defined
+ - acceptance_criteria_complete
+ - technical_constraints_documented
+ architecture:
+ - schema_valid
+ - endpoints_documented
+ - tech_stack_decided
+ implementation:
+ - build_success
+ - no_type_errors
+ - no_lint_errors
+ testing:
+ - coverage_gte_80
+ - all_tests_pass
+ - no_critical_bugs
+ review:
+ - no_critical_issues
+ - no_security_vulnerabilities
+ - performance_acceptable
+ docker:
+ - build_success
+ - health_check_pass
+ - size_under_limit
+ documentation:
+ - readme_complete
+ - api_docs_complete
+ - deployment_guide_complete
+workflow_states:
+ new:
+ - planned
+ planned:
+ - researching
+ researching:
+ - designed
+ designed:
+ - testing
+ testing:
+ - implementing
+ implementing:
+ - reviewing
+ reviewing:
+ - fixing
+ - perf_check
+ fixing:
+ - reviewing
+ perf_check:
+ - security_check
+ security_check:
+ - releasing
+ releasing:
+ - evaluated
+ evaluated:
+ - evolving
+ - completed
+ evolving:
+ - evaluated
+ completed: []
+evolution:
+ enabled: true
+ auto_trigger: true
+ fitness_threshold: 0.7
+ max_evolution_attempts: 3
+ fitness_history: .kilo/logs/fitness-history.jsonl
+ token_budget_default: 50000
+ time_budget_default: 300
+ budgets:
+ feature:
+ tokens: 50000
+ time_s: 300
+ min_coverage: 80
+ bugfix:
+ tokens: 20000
+ time_s: 120
+ min_coverage: 90
+ refactor:
+ tokens: 40000
+ time_s: 240
+ min_coverage: 95
+ security:
+ tokens: 30000
+ time_s: 180
+ min_coverage: 80
diff --git a/.kilo/rules/branch-strategy.md b/.kilo/rules/branch-strategy.md
index a76ff4b..3d5f88d 100644
--- a/.kilo/rules/branch-strategy.md
+++ b/.kilo/rules/branch-strategy.md
@@ -39,3 +39,24 @@
4. Fast-forward merge (no squash)
5. Тег `vX.Y.Z` на `main`
6. `.kilo/` и агенты синхронизируются в целевые проекты
+
+## Worktree Isolation for Agents
+
+### Rules
+1. Each agent that modifies files (`lead-developer`, `the-fixer`, `frontend-developer`, `backend-developer`) MUST work in a dedicated git worktree under `.kilo/worktrees/{issue}/{agent}/`.
+2. The main `dev` branch MUST NOT be directly modified by subagents.
+3. Worktree initialization:
+ ```bash
+ git worktree add .kilo/worktrees/{issue}/{agent} dev
+ cd .kilo/worktrees/{issue}/{agent}
+ ```
+4. After task completion:
+ - **Success**: merge worktree changes back to `dev` via patch or direct commit
+ - **Fail**: discard worktree (`git worktree remove ...`)
+ - **Blocked**: keep worktree for human review
+5. Cleanup hook MUST remove orphaned worktrees older than 24h.
+
+### Prohibitions
+- ❌ Direct push to `main` from agent worktree
+- ❌ Modifying `dev` branch without checkpoint
+- ❌ Leaving worktree without cleanup after 24h
diff --git a/.kilo/rules/docker.md b/.kilo/rules/docker.md
index 3fb271f..84466cb 100644
--- a/.kilo/rules/docker.md
+++ b/.kilo/rules/docker.md
@@ -537,6 +537,46 @@ docker node ls
docker service ps mystack_api
```
+### Bash Allowlist for Docker Containers
+
+When executing bash commands inside Docker containers via agents:
+
+```yaml
+# ✅ Allowed without ask
+- git status, git log, git diff, git branch --list
+- cat, ls, grep, find (read-only)
+- node --version, python3 --version
+- bun run (safe scripts only)
+
+# ❌ Always requires explicit ask
+- curl, wget (network download)
+- eval, exec, source (code execution)
+- sudo, su (privilege escalation)
+- rm -rf /, > /etc/* (destructive)
+- docker run with --privileged, --cap-add
+```
+
+### Container Cleanup
+- All Docker MCP containers MUST use `--rm` flag
+- Orphaned containers older than 1h are auto-pruned by a cleanup hook
+- Shutdown signal (SIGTERM/SIGINT) triggers immediate container removal
+
+## Config Validation
+
+### Startup Checks
+1. Before any pipeline runs, validate `kilo.jsonc` against JSON schema.
+2. If schema validation fails, print a human-readable error and exit immediately.
+3. Skip invalid agent/command configs with a warning instead of crashing.
+
+### Commit Message Scoping
+1. Project-level commit message prompt should live in workspace config (not global).
+2. When `/commit` runs, look for `.kilo/commit-prompt.md` in the workspace first.
+3. Fall back to global config only if workspace config is absent.
+
+### Config Location Awareness
+1. System prompt should mention where the active config directory is (`/app/.kilo/` by default).
+2. Agents should know to read/write project-specific configs in the workspace `.kilo/`.
+
## Prohibitions
- DO NOT run containers as root
diff --git a/.kilo/rules/global.md b/.kilo/rules/global.md
index 2379177..8ebd914 100644
--- a/.kilo/rules/global.md
+++ b/.kilo/rules/global.md
@@ -46,3 +46,31 @@ When generating or editing any `.md` file with YAML frontmatter (agents, command
Config file invalid: color: Invalid input
```
Always verify generated frontmatter with: `node scripts/validate-agents.cjs`
+
+## Security & Permissions (v2026-05-07)
+
+### Subagent Cascade Prevention
+- Any agent with `mode: subagent` MUST have `"*": "deny"` in `permission.task`
+- Subagents MUST NOT invoke the `task` tool to spawn further subagents
+- Orchestrator (`mode: all`) is the ONLY agent allowed to use `task` tool
+
+### Bash Hardening
+- Default bash permission for agents: `ask` (not `allow`)
+- Agents that REQUIRE shell execution for their core function MAY have `bash: "allow"` with explicit justification:
+ - `lead-developer`: build, test, and tooling commands
+ - `devops-engineer`: Docker, CI/CD, infrastructure commands
+ - `code-skeptic`: read-only inspection commands (git, grep, cat)
+ - `the-fixer`: debugging and verification commands
+ - `frontend-developer`, `backend-developer`, `go-developer`, `php-developer`, `python-developer`: framework-specific build tools
+ - `sdet-engineer`: test runner execution
+ - `browser-automation`: Playwright CLI commands
+ - `product-owner`: administrative scripts
+ - `visual-tester`: screenshot tooling
+- All other agents (including `orchestrator`) MUST use `bash: "ask"`
+- Safe command allowlist: `git`, `cat`, `ls`, `grep`, `find`, `node`, `python3`, `bun`, `docker` (non-privileged)
+- Forbidden: `curl`, `wget`, `eval`, `exec`, `source`, `sh`, `bash`, `sudo`, `rm -rf`, `>` redirection to system paths
+
+### Config File Protection
+- Editing files in `.kilo/` (agents, rules, skills) requires explicit permission prompt
+- `kilo.jsonc` is read-only for all agents except orchestrator in explicit config-sync mode
+- Any edit to `kilo.jsonc` must be preceded by schema validation check
diff --git a/.kilo/rules/lead-developer.md b/.kilo/rules/lead-developer.md
index 2046eb6..028aa58 100644
--- a/.kilo/rules/lead-developer.md
+++ b/.kilo/rules/lead-developer.md
@@ -49,3 +49,15 @@ function processUser(user) {
return processActive(user);
}
```
+
+## Plan Persistence & Handover
+
+### After Plan Completion
+1. When plan mode completes, save the plan to `.kilo/plans/{issue}.md`.
+2. Include a compact summary of explored files and key decisions.
+3. Append predefined suggestions for next-session context management.
+
+### Before Destructive Edits
+1. Create a checkpoint stash named `checkpoint/{issue}-{agent}-{timestamp}`.
+2. Persist the current session state to `.kilo/logs/checkpoints/{issue}-planning.json`.
+3. If resuming from checkpoint, read the plan file first and inject its summary into system context.
diff --git a/.kilo/rules/release-manager.md b/.kilo/rules/release-manager.md
index 080a9c6..3179e73 100644
--- a/.kilo/rules/release-manager.md
+++ b/.kilo/rules/release-manager.md
@@ -14,6 +14,14 @@
4. Add relevant files and create commit
5. Run `git status` after commit to verify success
+## Security Hardening
+
+- Bash permission for release-manager operations: `ask` (never `allow`)
+- Git commands allowed without ask: `git status`, `git log`, `git diff`, `git branch --list`, `git remote -v`
+- Git commands requiring ask: `git push`, `git merge`, `git rebase`, `git reset`, `git cherry-pick`
+- NEVER run `git push --force` without explicit user confirmation
+- NEVER skip git hooks (`--no-verify`, `--no-gpg-sign`) unless explicitly requested
+
## Commit Message Style
- Concise 1-2 sentences focusing on "why" not "what"
diff --git a/.kilo/rules/session-persistence.md b/.kilo/rules/session-persistence.md
new file mode 100644
index 0000000..a9b3761
--- /dev/null
+++ b/.kilo/rules/session-persistence.md
@@ -0,0 +1,30 @@
+# Session Persistence & Checkpoint Rules
+
+## Session State Preservation
+
+1. After each pipeline phase completes, the orchestrator MUST write a checkpoint to `.kilo/logs/checkpoints/{issue}-{phase}.json`.
+2. The checkpoint JSON must contain:
+ - `issue_number`
+ - `phase` (e.g., `designing`, `testing`, `implementing`)
+ - `agent_name`
+ - `files_modified`
+ - `status` (`success`, `fail`, `blocked`)
+ - `timestamp` (ISO 8601)
+ - `next_agent`
+3. If the pipeline is interrupted (orchestrator restart), the orchestrator MUST read the latest checkpoint and resume from the next phase instead of restarting.
+
+## Session Fork
+
+1. Before any agent that performs destructive edits (`lead-developer`, `the-fixer`, `frontend-developer`), the orchestrator SHOULD create a git stash or worktree to allow rollback.
+2. The stash/worktree name format: `checkpoint/{issue}-{agent}-{timestamp}`.
+
+## Diff Viewer
+
+1. After any edit tool execution, the orchestrator MUST log the diff to `.kilo/logs/diffs/{issue}-{agent}.patch`.
+2. Diff files are available for per-file revert decisions.
+
+## Worktree Isolation
+
+1. Each agent task SHOULD run in its own git worktree when the agent performs file edits.
+2. Worktrees are created under `.kilo/worktrees/{issue}/{agent}/`.
+3. After task completion, worktree is merged back or discarded based on checkpoint status.
\ No newline at end of file
diff --git a/.kilo/rules/subagent-security.md b/.kilo/rules/subagent-security.md
new file mode 100644
index 0000000..3eec457
--- /dev/null
+++ b/.kilo/rules/subagent-security.md
@@ -0,0 +1,18 @@
+# Subagent Security Rules
+
+## Cascade Prevention
+
+1. Subagents (agents with `mode: subagent`) MUST NOT call the `task` tool.
+2. Orchestrator MUST enforce this by setting `"subagent": "deny"` in every subagent's `permission.task` block.
+3. If a subagent attempts to delegate via `Task`, the orchestrator MUST abort the pipeline and log a security violation.
+
+## Permission Inheritance
+
+- When orchestrator spawns a subagent, the subagent's permissions are a SUBSET of the orchestrator's permissions.
+- MCP restrictions and bash restrictions from the orchestrator propagate to subagents.
+- Subagents cannot escalate permissions beyond what the orchestrator granted.
+
+## Audit
+
+- Every `task` tool invocation is logged to `.kilo/logs/agent-executions.jsonl`.
+- Security violations are posted as Gitea milestone comments.
\ No newline at end of file
diff --git a/.kilo/skills/docker-security/SKILL.md b/.kilo/skills/docker-security/SKILL.md
index 0384bd9..8646b08 100644
--- a/.kilo/skills/docker-security/SKILL.md
+++ b/.kilo/skills/docker-security/SKILL.md
@@ -1,685 +1,21 @@
-# Skill: Docker Security
-
-## Purpose
-
-Comprehensive skill for Docker container security, vulnerability scanning, secrets management, and hardening best practices.
-
-## Overview
-
-Container security is essential for production deployments. Use this skill when scanning for vulnerabilities, configuring security settings, managing secrets, and implementing security best practices.
-
-## When to Use
-
-- Security hardening containers
-- Scanning images for vulnerabilities
-- Managing secrets and credentials
-- Configuring container isolation
-- Implementing least privilege
-- Security audits
-
-## Security Layers
-
-```
-┌─────────────────────────────────────────────────────────────┐
-│ Container Security Layers │
-├─────────────────────────────────────────────────────────────┤
-│ 1. Host Security │
-│ - Kernel hardening │
-│ - SELinux/AppArmor │
-│ - cgroups namespace │
-├─────────────────────────────────────────────────────────────┤
-│ 2. Container Runtime Security │
-│ - User namespace │
-│ - Seccomp profiles │
-│ - Capability dropping │
-├─────────────────────────────────────────────────────────────┤
-│ 3. Image Security │
-│ - Minimal base images │
-│ - Vulnerability scanning │
-│ - No secrets in images │
-├─────────────────────────────────────────────────────────────┤
-│ 4. Network Security │
-│ - Network policies │
-│ - TLS encryption │
-│ - Ingress controls │
-├─────────────────────────────────────────────────────────────┤
-│ 5. Application Security │
-│ - Input validation │
-│ - Authentication │
-│ - Authorization │
-└─────────────────────────────────────────────────────────────┘
-```
-
-## Image Security
-
-### 1. Base Image Selection
-
-```dockerfile
-# ✅ Good: Minimal, specific version
-FROM node:20-alpine
-
-# ✅ Better: Distroless (minimal attack surface)
-FROM gcr.io/distroless/nodejs20-debian12
-
-# ❌ Bad: Large base, latest tag
-FROM node:latest
-```
-
-### 2. Multi-stage Builds
-
-```dockerfile
-# Build stage
-FROM node:20-alpine AS builder
-WORKDIR /app
-COPY package*.json ./
-RUN npm ci
-COPY . .
-RUN npm run build
-
-# Runtime stage
-FROM node:20-alpine
-RUN addgroup -g 1001 appgroup && \
- adduser -u 1001 -G appgroup -D appuser
-WORKDIR /app
-COPY --from=builder --chown=appuser:appgroup /app/dist ./dist
-COPY --from=builder --chown=appuser:appgroup /app/node_modules ./node_modules
-USER appuser
-CMD ["node", "dist/index.js"]
-```
-
-### 3. Vulnerability Scanning
-
-```bash
-# Scan with Trivy
-trivy image myapp:latest
-
-# Scan with Docker Scout
-docker scout vulnerabilities myapp:latest
-
-# Scan with Grype
-grype myapp:latest
-
-# CI/CD integration
-trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:latest
-```
-
-### 4. No Secrets in Images
-
-```dockerfile
-# ❌ Never do this
-ENV DATABASE_PASSWORD=password123
-COPY .env ./
-
-# ✅ Use runtime secrets
-# Secrets are mounted at runtime
-RUN --mount=type=secret,id=db_password \
- export DB_PASSWORD=$(cat /run/secrets/db_password)
-```
-
-## Container Runtime Security
-
-### 1. Non-root User
-
-```dockerfile
-# Create non-root user
-FROM alpine:3.18
-RUN addgroup -g 1001 appgroup && \
- adduser -u 1001 -G appgroup -D appuser
-WORKDIR /app
-COPY --chown=appuser:appgroup . .
-USER appuser
-CMD ["./app"]
-```
-
-### 2. Read-only Filesystem
-
-```yaml
-# docker-compose.yml
-services:
- app:
- image: myapp:latest
- read_only: true
- tmpfs:
- - /tmp
- - /var/cache
-```
-
-### 3. Capability Dropping
-
-```yaml
-# Drop all capabilities
-services:
- app:
- image: myapp:latest
- cap_drop:
- - ALL
- cap_add:
- - CHOWN # Only needed capabilities
- - SETGID
- - SETUID
-```
-
-### 4. Security Options
-
-```yaml
-services:
- app:
- image: myapp:latest
- security_opt:
- - no-new-privileges:true # Prevent privilege escalation
- - seccomp:default.json # Seccomp profile
- - apparmor:docker-default # AppArmor profile
-```
-
-### 5. Resource Limits
-
-```yaml
-services:
- app:
- image: myapp:latest
- deploy:
- resources:
- limits:
- cpus: '1'
- memory: 1G
- reservations:
- cpus: '0.5'
- memory: 512M
- pids_limit: 100 # Limit process count
-```
-
-## Secrets Management
-
-### 1. Docker Secrets (Swarm)
-
-```bash
-# Create secret
-echo "my_password" | docker secret create db_password -
-
-# Create from file
-docker secret create jwt_secret ./secrets/jwt.txt
-```
-
-```yaml
-# docker-compose.yml (Swarm)
-services:
- api:
- image: myapp:latest
- secrets:
- - db_password
- - jwt_secret
- environment:
- - DB_PASSWORD_FILE=/run/secrets/db_password
-
-secrets:
- db_password:
- external: true
- jwt_secret:
- external: true
-```
-
-### 2. Docker Compose Secrets (Non-Swarm)
-
-```yaml
-# docker-compose.yml
-services:
- api:
- image: myapp:latest
- secrets:
- - db_password
- environment:
- - DB_PASSWORD_FILE=/run/secrets/db_password
-
-secrets:
- db_password:
- file: ./secrets/db_password.txt
-```
-
-### 3. Environment Variables (Development)
-
-```yaml
-# docker-compose.yml (development only)
-services:
- api:
- image: myapp:latest
- env_file:
- - .env # Add .env to .gitignore!
-```
-
-```bash
-# .env (NEVER COMMIT)
-DATABASE_URL=postgres://...
-JWT_SECRET=secret123
-API_KEY=key123
-```
-
-### 4. Reading Secrets in Application
-
-```javascript
-// Node.js
-const fs = require('fs');
-
-function getSecret(secretName, envName) {
- // Try file-based secret first (Docker secrets)
- const secretPath = `/run/secrets/${secretName}`;
- if (fs.existsSync(secretPath)) {
- return fs.readFileSync(secretPath, 'utf8').trim();
- }
- // Fallback to environment variable (development)
- return process.env[envName];
-}
-
-const dbPassword = getSecret('db_password', 'DB_PASSWORD');
-```
-
-## Network Security
-
-### 1. Network Segmentation
-
-```yaml
-# Separate networks for different access levels
-networks:
- frontend:
- driver: bridge
-
- backend:
- driver: bridge
- internal: true # No external access
-
- database:
- driver: bridge
- internal: true
-
-services:
- web:
- networks:
- - frontend
-
- api:
- networks:
- - frontend
- - backend
-
- db:
- networks:
- - database
-
- cache:
- networks:
- - database
-```
-
-### 2. Port Exposure
-
-```yaml
-# ✅ Good: Only expose necessary ports
-services:
- api:
- ports:
- - "3000:3000" # API port only
-
- db:
- # No ports exposed - only accessible inside network
- networks:
- - database
-
-# ❌ Bad: Exposing database to host
-services:
- db:
- ports:
- - "5432:5432" # Security risk!
-```
-
-### 3. TLS Configuration
-
-```yaml
-services:
- nginx:
- image: nginx:alpine
- ports:
- - "443:443"
- volumes:
- - ./ssl/cert.pem:/etc/nginx/ssl/cert.pem:ro
- - ./ssl/key.pem:/etc/nginx/ssl/key.pem:ro
- configs:
- - source: nginx_config
- target: /etc/nginx/nginx.conf
-
-configs:
- nginx_config:
- file: ./nginx.conf
-```
-
-### 4. Ingress Controls
-
-```yaml
-# Limit connections
-services:
- api:
- image: myapp:latest
- ports:
- - target: 3000
- published: 3000
- mode: host # Bypass ingress mesh for performance
- deploy:
- endpoint_mode: dnsrr
- resources:
- limits:
- memory: 1G
-```
-
-## Security Profiles
-
-### 1. Seccomp Profile
-
-```json
-// default-seccomp.json
-{
- "defaultAction": "SCMP_ACT_ERRNO",
- "architectures": ["SCMP_ARCH_X86_64"],
- "syscalls": [
- {
- "names": ["read", "write", "exit", "exit_group"],
- "action": "SCMP_ACT_ALLOW"
- },
- {
- "names": ["open", "openat", "close"],
- "action": "SCMP_ACT_ALLOW"
- }
- ]
-}
-```
-
-```yaml
-# Use custom seccomp profile
-services:
- api:
- security_opt:
- - seccomp:./seccomp.json
-```
-
-### 2. AppArmor Profile
-
-```bash
-# Create AppArmor profile
-cat > /etc/apparmor.d/docker-myapp <
-profile docker-myapp flags=(attach_disconnected,mediate_deleted) {
- #include
-
- network inet tcp,
- network inet udp,
-
- /app/** r,
- /app/** w,
-
- deny /** rw,
-}
-EOF
-
-# Load profile
-apparmor_parser -r /etc/apparmor.d/docker-myapp
-```
-
-```yaml
-# Use AppArmor profile
-services:
- api:
- security_opt:
- - apparmor:docker-myapp
-```
-
-## Security Scanning
-
-### 1. Image Vulnerability Scan
-
-```bash
-# Trivy scan
-trivy image --severity HIGH,CRITICAL myapp:latest
-
-# Docker Scout
-docker scout vulnerabilities myapp:latest
-
-# Grype
-grype myapp:latest
-
-# Output JSON for CI
-trivy image --format json --output results.json myapp:latest
-```
-
-### 2. Base Image Updates
-
-```bash
-# Check base image for updates
-docker pull node:20-alpine
-
-# Rebuild with updated base
-docker build --no-cache -t myapp:latest .
-
-# Scan new image
-trivy image myapp:latest
-```
-
-### 3. Dependency Audit
-
-```bash
-# Node.js
-npm audit
-npm audit fix
-
-# Python
-pip-audit
-
-# Go
-go list -m all | nancy
-
-# General
-snyk test
-```
-
-### 4. Secret Detection
-
-```bash
-# Scan for secrets
-gitleaks --path . --verbose
-
-# Pre-commit hook
-gitleaks protect --staged
-
-# Docker image
-gitleaks --image myapp:latest
-```
-
-## CI/CD Security Integration
-
-### GitHub Actions
-
-```yaml
-# .github/workflows/security.yml
-name: Security Scan
-
-on: [push, pull_request]
-
-jobs:
- scan:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v3
-
- - name: Run Trivy vulnerability scanner
- uses: aquasecurity/trivy-action@master
- with:
- image-ref: 'myapp:${{ github.sha }}'
- format: 'table'
- exit-code: '1'
- severity: 'CRITICAL,HIGH'
-
- - name: Run Gitleaks secret scan
- uses: gitleaks/gitleaks-action@v2
- with:
- args: --path=.
-```
-
-### GitLab CI
-
-```yaml
-# .gitlab-ci.yml
-security_scan:
- stage: test
- image: docker:24
- services:
- - docker:dind
- script:
- - docker build -t myapp:$CI_COMMIT_SHA .
- - trivy image --exit-code 1 --severity HIGH,CRITICAL myapp:$CI_COMMIT_SHA
- - gitleaks --path . --verbose
-```
-
-## Security Checklist
-
-### Dockerfile Security
-
-- [ ] Using minimal base image (alpine/distroless)
-- [ ] Specific version tags, not `latest`
-- [ ] Running as non-root user
-- [ ] No secrets in image
-- [ ] `.dockerignore` includes `.env`, `.git`, `.credentials`
-- [ ] COPY instead of ADD (unless needed)
-- [ ] Multi-stage build for smaller image
-- [ ] HEALTHCHECK defined
-
-### Runtime Security
-
-- [ ] Read-only filesystem
-- [ ] Capabilities dropped
-- [ ] No new privileges
-- [ ] Resource limits set
-- [ ] User namespace enabled (if available)
-- [ ] Seccomp/AppArmor profiles applied
-
-### Network Security
-
-- [ ] Only necessary ports exposed
-- [ ] Internal networks for sensitive services
-- [ ] TLS for external communication
-- [ ] Network segmentation
-
-### Secrets Management
-
-- [ ] No secrets in images
-- [ ] Using Docker secrets or external vault
-- [ ] `.env` files gitignored
-- [ ] Secret rotation implemented
-
-### CI/CD Security
-
-- [ ] Vulnerability scanning in pipeline
-- [ ] Secret detection pre-commit
-- [ ] Dependency audit automated
-- [ ] Base images updated regularly
-
-## Remediation Priority
-
-| Severity | Priority | Timeline |
-|----------|----------|----------|
-| Critical | P0 | Immediately (24h) |
-| High | P1 | Within 7 days |
-| Medium | P2 | Within 30 days |
-| Low | P3 | Next release |
-
-## Security Tools
-
-| Tool | Purpose |
-|------|---------|
-| Trivy | Image vulnerability scanning |
-| Docker Scout | Docker's built-in scanner |
-| Grype | Vulnerability scanner |
-| Gitleaks | Secret detection |
-| Snyk | Dependency scanning |
-| Falco | Runtime security monitoring |
-| Anchore | Container security analysis |
-| Clair | Open-source vulnerability scanner |
-
-## Common Vulnerabilities
-
-### CVE Examples
-
-```yaml
-# Check for specific CVE
-trivy image --vulnerabilities CVE-2021-44228 myapp:latest
-
-# Ignore specific CVE (use carefully)
-trivy image --ignorefile .trivyignore myapp:latest
-
-# .trivyignore
-CVE-2021-12345 # Known and accepted
-```
-
-### Log4j Example (CVE-2021-44228)
-
-```bash
-# Check for vulnerable versions
-docker images --format '{{.Repository}}:{{.Tag}}' | xargs -I {} \
- trivy image --vulnerabilities CVE-2021-44228 {}
-
-# Update and rebuild
-FROM node:20-alpine
-# Ensure no vulnerable log4j dependency
-RUN npm audit fix
-```
-
-## Incident Response
-
-### Security Breach Steps
-
-1. **Isolate**
- ```bash
- # Stop container
- docker stop
-
- # Remove from network
- docker network disconnect app-network
- ```
-
-2. **Preserve Evidence**
- ```bash
- # Save container state
- docker commit incident-container
-
- # Export logs
- docker logs > incident-logs.txt
- docker export > incident-container.tar
- ```
-
-3. **Analyze**
- ```bash
- # Inspect container
- docker inspect
-
- # Check image
- trivy image
-
- # Review process history
- docker history
- ```
-
-4. **Remediate**
- ```bash
- # Update base image
- docker pull node:20-alpine
-
- # Rebuild
- docker build --no-cache -t myapp:fixed .
-
- # Scan
- trivy image myapp:fixed
- ```
-
-## Related Skills
-
-| Skill | Purpose |
-|-------|---------|
-| `docker-compose` | Local development setup |
-| `docker-swarm` | Production orchestration |
-| `docker-monitoring` | Security monitoring |
-| `docker-networking` | Network security |
\ No newline at end of file
+# Docker Security Skill
+
+## MCP Container Cleanup
+- All Docker MCP containers MUST use `--rm` flag
+- Kill orphaned MCP child processes on orchestrator shutdown
+- Cache `listTools` results at pipeline startup to avoid redundant RPCs per loop step
+- Cleanup hook runs on SIGTERM/SIGINT
+
+## Bash Allowlist in Containers
+- Allowed: git, cat, ls, grep, find, node, python3, bun, docker (non-privileged)
+- Forbidden: curl, wget, eval, exec, source, sudo, rm -rf, > redirection to system paths
+
+## Resource Limits
+- Cap file reads at 256KB for diff operations
+- Use `git cat-file -s` to pre-check file size before reading
+- Log rotation: size-based rotation for `.kilo/logs/*.jsonl`
+
+## Prohibitions
+- DO NOT run containers as root unnecessarily
+- DO NOT store secrets in images
+- DO NOT expose unnecessary ports
\ No newline at end of file
diff --git a/README.md b/README.md
index bc3c490..382576e 100644
--- a/README.md
+++ b/README.md
@@ -400,6 +400,14 @@ bun run agent:stats:project --project UniqueSoft/my-shop
✅ Next.js / Vue/Nuxt / React поддержка
✅ Python/Django/FastAPI поддержка
✅ Атомарные задачи и модульная архитектура
+🆕 **v2026-05-07 — Evolution Round: Kilo Code Release Sync**
+- 🔒 **Subagent Cascade Prevention** — `task[*]=deny` + `task[subagent]=deny` для всех агентов
+- 🛡️ **Bash Hardening** — разрешённый allowlist, `ask` по умолчанию
+- 📦 **Session Persistence** — checkpoint после каждой фазы, `.kilo/logs/checkpoints/{issue}-{phase}.json`
+- 🌳 **Worktree Isolation** — агенты работают в отдельных git worktree без затрагивания `dev`
+- 🧠 **Per-Agent Reasoning** — `reasoning_effort` (`xhigh`/`high`/`medium`/`low`) для каждого агента
+- 🐳 **MCP Cleanup** — `--rm` для Docker MCP, orphaned process cleanup
+- ✅ **Config Validation** — валидация `kilo.jsonc` перед стартом pipeline
---
diff --git a/kilo.jsonc b/kilo.jsonc
index 935497d..e63d9cf 100644
--- a/kilo.jsonc
+++ b/kilo.jsonc
@@ -1,464 +1,503 @@
-{
- "$schema": "https://app.kilo.ai/config.json",
- "instructions": [
- ".kilo/rules/global.md",
- ".kilo/rules/agent-patterns.md",
- ".kilo/rules/docker.md",
- ".kilo/rules/go.md",
- ".kilo/rules/history-miner.md",
- ".kilo/rules/lead-developer.md",
- ".kilo/rules/nodejs.md",
- ".kilo/rules/prompt-engineering.md",
- ".kilo/rules/release-manager.md",
- ".kilo/rules/sdet-engineer.md",
- ".kilo/rules/code-skeptic.md",
- ".kilo/rules/evolutionary-sync.md"
- ],
- "skills": {
- "paths": [".kilo/skills"]
- },
- "agent": {
- "requirement-refiner": {
- "description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
- "mode": "all",
- "model": "ollama-cloud/kimi-k2-thinking",
- "color": "#4F46E5",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "history-miner": "allow",
- "system-analyst": "allow"
- }
- }
- },
- "history-miner": {
- "description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1"
- },
- "system-analyst": {
- "description": "Designs technical specifications, data schemas, and API contracts before implementation",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1"
- },
- "sdet-engineer": {
- "description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
- "mode": "all",
- "model": "ollama-cloud/qwen3-coder:480b",
- "color": "#8B5CF6",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "lead-developer": "allow"
- }
- }
- },
- "lead-developer": {
- "description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
- "mode": "subagent",
- "model": "ollama-cloud/qwen3-coder:480b",
- "color": "#DC2626",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow"
- }
- }
- },
- "frontend-developer": {
- "description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
- "mode": "all",
- "model": "ollama-cloud/minimax-m2.5",
- "color": "#0EA5E9",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow"
- }
- }
- },
- "backend-developer": {
- "description": "Backend specialist for Node.js, Express, APIs, and database integration",
- "mode": "subagent",
- "model": "ollama-cloud/minimax-m2.5",
- "color": "#10B981",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow"
- }
- }
- },
- "go-developer": {
- "description": "Go backend specialist for Gin, Echo, APIs, and database integration",
- "mode": "subagent",
- "model": "ollama-cloud/minimax-m2.5",
- "color": "#00ADD8",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow"
- }
- }
- },
- "devops-engineer": {
- "description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
- "mode": "subagent",
- "model": "ollama-cloud/minimax-m2.5",
- "color": "#FF6B35",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow",
- "security-auditor": "allow"
- }
- }
- },
- "code-skeptic": {
- "description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
- "mode": "subagent",
- "model": "ollama-cloud/deepseek-v4-pro-max",
- "color": "#E11D48",
- "permission": {
- "read": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "the-fixer": "allow",
- "performance-engineer": "allow"
- }
- }
- },
- "the-fixer": {
- "description": "Iteratively fixes bugs based on specific error reports and test failures",
- "mode": "all",
- "model": "ollama-cloud/kimi-k2.6:cloud",
- "color": "#F59E0B",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "code-skeptic": "allow",
- "orchestrator": "allow"
- }
- }
- },
- "performance-engineer": {
- "description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
- "mode": "all",
- "model": "ollama-cloud/kimi-k2.6:cloud",
- "color": "#0D9488",
- "permission": {
- "read": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "the-fixer": "allow",
- "security-auditor": "allow"
- }
- }
- },
- "security-auditor": {
- "description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
- "mode": "subagent",
- "model": "ollama-cloud/kimi-k2.6:cloud",
- "color": "#DC2626",
- "permission": {
- "read": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "the-fixer": "allow",
- "release-manager": "allow"
- }
- }
- },
- "visual-tester": {
- "description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "permission": {
- "read": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "orchestrator": {
- "description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
- "mode": "all",
- "model": "ollama-cloud/kimi-k2.6:cloud",
- "color": "#7C3AED",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "history-miner": "allow",
- "system-analyst": "allow",
- "sdet-engineer": "allow",
- "lead-developer": "allow",
- "code-skeptic": "allow",
- "the-fixer": "allow",
- "performance-engineer": "allow",
- "security-auditor": "allow",
- "release-manager": "allow",
- "evaluator": "allow",
- "prompt-optimizer": "allow",
- "product-owner": "allow",
- "requirement-refiner": "allow",
- "frontend-developer": "allow",
- "browser-automation": "allow",
- "visual-tester": "allow",
- "planner": "allow",
- "reflector": "allow",
- "memory-manager": "allow",
- "devops-engineer": "allow"
- }
- }
- },
- "release-manager": {
- "description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
- "mode": "subagent",
- "model": "ollama-cloud/qwen3.6-plus",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "webfetch": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "evaluator": {
- "description": "Scores agent effectiveness after task completion for continuous improvement",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "color": "#047857",
- "permission": {
- "read": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny",
- "prompt-optimizer": "allow",
- "product-owner": "allow"
- }
- }
- },
- "prompt-optimizer": {
- "description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "product-owner": {
- "description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "webfetch": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "agent-architect": {
- "description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
- "mode": "subagent",
- "model": "ollama-cloud/kimi-k2.6:cloud",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "capability-analyst": {
- "description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "permission": {
- "read": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "workflow-architect": {
- "description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
- "mode": "subagent",
- "model": "ollama-cloud/glm-5.1",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "markdown-validator": {
- "description": "Validates and corrects Markdown descriptions for Gitea issues",
- "mode": "subagent",
- "model": "ollama-cloud/deepseek-v4-pro-max",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "browser-automation": {
- "description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
- "mode": "subagent",
- "model": "ollama-cloud/qwen3-coder:480b",
- "permission": {
- "read": "allow",
- "edit": "allow",
- "write": "allow",
- "bash": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "planner": {
- "description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
- "mode": "subagent",
- "model": "ollama-cloud/deepseek-v4-pro-max",
- "color": "#F59E0B",
- "permission": {
- "read": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "reflector": {
- "description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
- "mode": "subagent",
- "model": "ollama-cloud/deepseek-v4-pro-max",
- "color": "#10B981",
- "permission": {
- "read": "allow",
- "grep": "allow",
- "glob": "allow",
- "task": {
- "*": "deny"
- }
- }
- },
- "memory-manager": {
- "description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
- "mode": "subagent",
- "model": "ollama-cloud/qwen3.6-plus",
- "color": "#8B5CF6",
- "permission": {
- "read": "allow",
- "write": "allow",
- "glob": "allow",
- "grep": "allow",
- "task": {
- "*": "deny"
- }
- }
- }
- }
+{
+ "$schema": "https://app.kilo.ai/config.json",
+ "instructions": [
+ ".kilo/rules/global.md",
+ ".kilo/rules/agent-patterns.md",
+ ".kilo/rules/docker.md",
+ ".kilo/rules/go.md",
+ ".kilo/rules/history-miner.md",
+ ".kilo/rules/lead-developer.md",
+ ".kilo/rules/nodejs.md",
+ ".kilo/rules/prompt-engineering.md",
+ ".kilo/rules/release-manager.md",
+ ".kilo/rules/sdet-engineer.md",
+ ".kilo/rules/code-skeptic.md",
+ ".kilo/rules/evolutionary-sync.md"
+ ],
+ "skills": {
+ "paths": [
+ ".kilo/skills"
+ ]
+ },
+ "agent": {
+ "requirement-refiner": {
+ "description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
+ "mode": "all",
+ "model": "ollama-cloud/kimi-k2-thinking",
+ "color": "#4F46E5",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "history-miner": "allow",
+ "system-analyst": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "history-miner": {
+ "description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "system-analyst": {
+ "description": "Designs technical specifications, data schemas, and API contracts before implementation",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "sdet-engineer": {
+ "description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
+ "mode": "all",
+ "model": "ollama-cloud/qwen3-coder:480b",
+ "color": "#8B5CF6",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "lead-developer": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "lead-developer": {
+ "description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
+ "mode": "subagent",
+ "model": "ollama-cloud/qwen3-coder:480b",
+ "color": "#DC2626",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "frontend-developer": {
+ "description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
+ "mode": "all",
+ "model": "ollama-cloud/minimax-m2.5",
+ "color": "#0EA5E9",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "backend-developer": {
+ "description": "Backend specialist for Node.js, Express, APIs, and database integration",
+ "mode": "subagent",
+ "model": "ollama-cloud/minimax-m2.5",
+ "color": "#10B981",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "go-developer": {
+ "description": "Go backend specialist for Gin, Echo, APIs, and database integration",
+ "mode": "subagent",
+ "model": "ollama-cloud/minimax-m2.5",
+ "color": "#00ADD8",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "devops-engineer": {
+ "description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
+ "mode": "subagent",
+ "model": "ollama-cloud/minimax-m2.5",
+ "color": "#FF6B35",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "security-auditor": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "code-skeptic": {
+ "description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
+ "mode": "subagent",
+ "model": "ollama-cloud/deepseek-v4-pro-max",
+ "color": "#E11D48",
+ "permission": {
+ "read": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "the-fixer": "allow",
+ "performance-engineer": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "the-fixer": {
+ "description": "Iteratively fixes bugs based on specific error reports and test failures",
+ "mode": "all",
+ "model": "ollama-cloud/kimi-k2.6:cloud",
+ "color": "#F59E0B",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "code-skeptic": "allow",
+ "orchestrator": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "performance-engineer": {
+ "description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
+ "mode": "all",
+ "model": "ollama-cloud/kimi-k2.6:cloud",
+ "color": "#0D9488",
+ "permission": {
+ "read": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "the-fixer": "allow",
+ "security-auditor": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "security-auditor": {
+ "description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
+ "mode": "subagent",
+ "model": "ollama-cloud/kimi-k2.6:cloud",
+ "color": "#DC2626",
+ "permission": {
+ "read": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "the-fixer": "allow",
+ "release-manager": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "visual-tester": {
+ "description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "read": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "orchestrator": {
+ "description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
+ "mode": "all",
+ "model": "ollama-cloud/kimi-k2.6:cloud",
+ "color": "#7C3AED",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "ask",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "history-miner": "allow",
+ "system-analyst": "allow",
+ "sdet-engineer": "allow",
+ "lead-developer": "allow",
+ "code-skeptic": "allow",
+ "the-fixer": "allow",
+ "performance-engineer": "allow",
+ "security-auditor": "allow",
+ "release-manager": "allow",
+ "evaluator": "allow",
+ "prompt-optimizer": "allow",
+ "product-owner": "allow",
+ "requirement-refiner": "allow",
+ "frontend-developer": "allow",
+ "browser-automation": "allow",
+ "visual-tester": "allow",
+ "planner": "allow",
+ "reflector": "allow",
+ "memory-manager": "allow",
+ "devops-engineer": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "release-manager": {
+ "description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
+ "mode": "subagent",
+ "model": "ollama-cloud/qwen3.6-plus",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "ask",
+ "glob": "allow",
+ "grep": "allow",
+ "webfetch": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "evaluator": {
+ "description": "Scores agent effectiveness after task completion for continuous improvement",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "color": "#047857",
+ "permission": {
+ "read": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "prompt-optimizer": "allow",
+ "product-owner": "allow",
+ "subagent": "deny"
+ }
+ }
+ },
+ "prompt-optimizer": {
+ "description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "product-owner": {
+ "description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "webfetch": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "agent-architect": {
+ "description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
+ "mode": "subagent",
+ "model": "ollama-cloud/kimi-k2.6:cloud",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "capability-analyst": {
+ "description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "read": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "workflow-architect": {
+ "description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
+ "mode": "subagent",
+ "model": "ollama-cloud/glm-5.1",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "markdown-validator": {
+ "description": "Validates and corrects Markdown descriptions for Gitea issues",
+ "mode": "subagent",
+ "model": "ollama-cloud/deepseek-v4-pro-max",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "browser-automation": {
+ "description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
+ "mode": "subagent",
+ "model": "ollama-cloud/qwen3-coder:480b",
+ "permission": {
+ "read": "allow",
+ "edit": "allow",
+ "write": "allow",
+ "bash": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "planner": {
+ "description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
+ "mode": "subagent",
+ "model": "ollama-cloud/deepseek-v4-pro-max",
+ "color": "#F59E0B",
+ "permission": {
+ "read": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "reflector": {
+ "description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
+ "mode": "subagent",
+ "model": "ollama-cloud/deepseek-v4-pro-max",
+ "color": "#10B981",
+ "permission": {
+ "read": "allow",
+ "grep": "allow",
+ "glob": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ },
+ "memory-manager": {
+ "description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
+ "mode": "subagent",
+ "model": "ollama-cloud/qwen3.6-plus",
+ "color": "#8B5CF6",
+ "permission": {
+ "read": "allow",
+ "write": "allow",
+ "glob": "allow",
+ "grep": "allow",
+ "task": {
+ "*": "deny",
+ "subagent": "deny"
+ }
+ }
+ }
+ }
}
\ No newline at end of file
diff --git a/package.json b/package.json
index 47a605f..34eec4f 100644
--- a/package.json
+++ b/package.json
@@ -56,8 +56,5 @@
"self-improving",
"kilocode"
],
- "license": "MIT",
- "workspaces": [
- ".kilo"
- ]
+ "license": "MIT"
}
\ No newline at end of file
diff --git a/src/kilocode/agent-manager/pipeline-runner.ts b/src/kilocode/agent-manager/pipeline-runner.ts
index 0eb3cf8..1e7f7bc 100644
--- a/src/kilocode/agent-manager/pipeline-runner.ts
+++ b/src/kilocode/agent-manager/pipeline-runner.ts
@@ -22,6 +22,8 @@ import {
logAgentPerformance,
detectRepository
} from "./gitea-client"
+import * as fs from "fs"
+import * as path from "path"
export interface PipelineConfig {
giteaToken?: string
@@ -46,6 +48,16 @@ export interface PipelineResult {
errors: string[]
}
+export interface Checkpoint {
+ issueNumber: number
+ phase: string
+ agentName: string
+ filesModified: string[]
+ status: string
+ timestamp: string
+ nextAgent: string | null
+}
+
export class PipelineRunner {
private client: GiteaClient
private efficiencyThreshold: number
@@ -246,6 +258,57 @@ export class PipelineRunner {
relatedIssues: minedIssues,
}
}
+
+ async saveCheckpoint(checkpoint: Checkpoint): Promise {
+ // Ensure the checkpoints directory exists
+ const checkpointDir = path.join(process.cwd(), '.kilo', 'logs', 'checkpoints');
+ if (!fs.existsSync(checkpointDir)) {
+ fs.mkdirSync(checkpointDir, { recursive: true });
+ }
+
+ // Save the checkpoint as JSON
+ const filename = `${checkpoint.issueNumber}-${checkpoint.phase}.json`;
+ const filepath = path.join(checkpointDir, filename);
+
+ fs.writeFileSync(filepath, JSON.stringify(checkpoint, null, 2));
+ }
+
+ async loadCheckpoint(issueNumber: number): Promise {
+ const checkpointDir = path.join(process.cwd(), '.kilo', 'logs', 'checkpoints');
+
+ // Check if directory exists
+ if (!fs.existsSync(checkpointDir)) {
+ return null;
+ }
+
+ // Find the latest checkpoint file for this issue
+ const files = fs.readdirSync(checkpointDir);
+ const issueFiles = files.filter(file =>
+ file.startsWith(`${issueNumber}-`) && file.endsWith('.json')
+ );
+
+ if (issueFiles.length === 0) {
+ return null;
+ }
+
+ // Sort by modification time to get the latest
+ const sortedFiles = issueFiles.sort((a, b) => {
+ const statA = fs.statSync(path.join(checkpointDir, a));
+ const statB = fs.statSync(path.join(checkpointDir, b));
+ return statB.mtime.getTime() - statA.mtime.getTime();
+ });
+
+ const latestFile = sortedFiles[0];
+ const filepath = path.join(checkpointDir, latestFile);
+
+ const content = fs.readFileSync(filepath, 'utf8');
+ return JSON.parse(content) as Checkpoint;
+ }
+
+ async resumeFromCheckpoint(issueNumber: number): Promise {
+ const checkpoint = await this.loadCheckpoint(issueNumber);
+ return checkpoint ? checkpoint.nextAgent : null;
+ }
}
export async function createPipelineRunner(config?: PipelineConfig): Promise {