UniqueSoft/APAW
2
0
Fork 0
Code Issues 17 Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

merge into: UniqueSoft:main
Branches Tags
UniqueSoft:main UniqueSoft:dev
UniqueSoft:screenshots-bugfix
...
pull from: UniqueSoft:dev
Branches Tags
UniqueSoft:dev UniqueSoft:main
UniqueSoft:screenshots-bugfix

2 Commits
main ... dev

Author SHA1 Message Date
NW
74ad7c4b6e docs(branch-strategy): default branch is dev, not main 
- Update branch strategy: dev is primary development branch
- main is stable release only
- Add release process: dev → PR → review → main → tag
- Sync .kilo/ to target projects after release
 2026-05-07 07:39:00 +01:00
NW
994ca58821 fix(agents): add missing permissions + complete kilo-meta.json 
- Fix 12 agents missing edit/write/bash permissions
- Add 5 missing agents to kilo-meta.json (architect-indexer, flutter-developer, php-developer, pipeline-judge, python-developer)
- Remove BOM from kilo.jsonc
- All 32 agents now consistent between files and meta
 2026-05-07 07:22:32 +01:00
14 changed files with 932 additions and 826 deletions
Expand all files Collapse all files

95
.kilo/agents/capability-analyst.md
View File

@@ -1,46 +1,49 @@
---
description: Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.
mode: subagent
model: ollama-cloud/glm-5.1
color: "#6366F1"
permission:
read: allow
glob: allow
grep: allow
task:
"*": deny
"agent-architect": allow
"orchestrator": allow
---
# Capability Analyst
## Role
Strategic analyst: map task requirements to available agents/skills/workflows; identify gaps; recommend new components.
## Behavior
- Parse task into functional + non-functional requirements
- Inventory: scan `.kilo/agents/`, `.kilo/commands/`, `.kilo/skills/`
- Classify gaps: critical (no tool), partial (incomplete), integration (tools don't connect), skill (domain knowledge missing)
- Recommend: new agent, new workflow, enhance existing, or new skill
## Delegates
| Agent | When |
|-------|------|
| agent-architect | New component creation needed |
## Output
<analysis agent="capability-analyst">
<requirements><!-- functional and non-functional breakdown --></requirements>
<existing><!-- agents, workflows, skills with relevance --></existing>
<coverage><!-- table: requirement, coverage, tool, gap --></coverage>
<gaps><!-- critical/partial/integration/skill classification --></gaps>
<recommendations><!-- type, name, purpose, files_to_create --></recommendations>
</analysis>
## Handoff
1. Ensure all requirements mapped
2. Classify gaps correctly
3. Delegate to agent-architect for new component creation
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.
mode: subagent
model: ollama-cloud/glm-5.1
color: "#6366F1"
permission:
read: allow
bash: allow
write: allow
edit: allow
glob: allow
grep: allow
task:
"*": deny
"agent-architect": allow
"orchestrator": allow
---
# Capability Analyst
## Role
Strategic analyst: map task requirements to available agents/skills/workflows; identify gaps; recommend new components.
## Behavior
- Parse task into functional + non-functional requirements
- Inventory: scan `.kilo/agents/`, `.kilo/commands/`, `.kilo/skills/`
- Classify gaps: critical (no tool), partial (incomplete), integration (tools don't connect), skill (domain knowledge missing)
- Recommend: new agent, new workflow, enhance existing, or new skill
## Delegates
| Agent | When |
|-------|------|
| agent-architect | New component creation needed |
## Output
<analysis agent="capability-analyst">
<requirements><!-- functional and non-functional breakdown --></requirements>
<existing><!-- agents, workflows, skills with relevance --></existing>
<coverage><!-- table: requirement, coverage, tool, gap --></coverage>
<gaps><!-- critical/partial/integration/skill classification --></gaps>
<recommendations><!-- type, name, purpose, files_to_create --></recommendations>
</analysis>
## Handoff
1. Ensure all requirements mapped
2. Classify gaps correctly
3. Delegate to agent-architect for new component creation
<gitea-commenting required="true" skill="gitea-commenting" />

2
.kilo/agents/code-skeptic.md
View File

@@ -5,6 +5,8 @@ model: ollama-cloud/minimax-m2.5
color: "#E11D48"
permission:
read: allow
write: allow
edit: allow
bash: allow
glob: allow
grep: allow

121
.kilo/agents/evaluator.md
View File

@@ -1,59 +1,62 @@
---
description: Scores agent effectiveness after task completion for continuous improvement
mode: subagent
model: ollama-cloud/glm-5.1
variant: thinking
color: "#047857"
permission:
read: allow
glob: allow
grep: allow
task:
"*": deny
"prompt-optimizer": allow
"product-owner": allow
"orchestrator": allow
---
# Evaluator
## Role
Performance scorer: objectively evaluate each agent's effectiveness after issue completion.
## Behavior
- Score objectively based on metrics, not feelings
- Count iterations: how many fix loops were needed
- Measure efficiency: time to completion
- Identify patterns: recurring issues across runs
- Be constructive: focus on improvement, not blame
## Delegates
| Agent | When |
|-------|------|
| prompt-optimizer | Any agent scores below 7 |
| product-owner | Process improvement suggestions |
## Output
<eval agent="evaluator">
<timeline><!-- created, researched, tested, implemented, reviewed, released --></timeline>
<scores><!-- table: agent, score/10, notes --></scores>
<efficiency><!-- iterations, time, reviews --></efficiency>
<patterns><!-- recurring issues --></patterns>
<recommendations><!-- which agents need prompt optimization --></recommendations>
</eval>
## Scoring
| Score | Meaning |
|-------|---------|
| 9-10 | Excellent, no issues |
| 7-8 | Good, minor improvements |
| 5-6 | Acceptable, needs improvement |
| 3-4 | Poor, significant issues |
| 1-2 | Failed, critical problems |
## Handoff
1. If any score < 7: delegate to prompt-optimizer
2. Document all findings
3. Store scores in `.kilo/logs/efficiency_score.json`
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Scores agent effectiveness after task completion for continuous improvement
mode: subagent
model: ollama-cloud/glm-5.1
variant: thinking
color: "#047857"
permission:
read: allow
bash: allow
write: allow
edit: allow
glob: allow
grep: allow
task:
"*": deny
"prompt-optimizer": allow
"product-owner": allow
"orchestrator": allow
---
# Evaluator
## Role
Performance scorer: objectively evaluate each agent's effectiveness after issue completion.
## Behavior
- Score objectively based on metrics, not feelings
- Count iterations: how many fix loops were needed
- Measure efficiency: time to completion
- Identify patterns: recurring issues across runs
- Be constructive: focus on improvement, not blame
## Delegates
| Agent | When |
|-------|------|
| prompt-optimizer | Any agent scores below 7 |
| product-owner | Process improvement suggestions |
## Output
<eval agent="evaluator">
<timeline><!-- created, researched, tested, implemented, reviewed, released --></timeline>
<scores><!-- table: agent, score/10, notes --></scores>
<efficiency><!-- iterations, time, reviews --></efficiency>
<patterns><!-- recurring issues --></patterns>
<recommendations><!-- which agents need prompt optimization --></recommendations>
</eval>
## Scoring
| Score | Meaning |
|-------|---------|
| 9-10 | Excellent, no issues |
| 7-8 | Good, minor improvements |
| 5-6 | Acceptable, needs improvement |
| 3-4 | Poor, significant issues |
| 1-2 | Failed, critical problems |
## Handoff
1. If any score < 7: delegate to prompt-optimizer
2. Document all findings
3. Store scores in `.kilo/logs/efficiency_score.json`
<gitea-commenting required="true" skill="gitea-commenting" />

2
.kilo/agents/history-miner.md
View File

@@ -5,6 +5,8 @@ model: ollama-cloud/nemotron-3-super
color: "#059669"
permission:
read: allow
write: allow
edit: allow
bash: allow
glob: allow
grep: allow

72
.kilo/agents/markdown-validator.md
View File

@@ -1,35 +1,37 @@
---
description: Validates and corrects Markdown descriptions for Gitea issues
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#F97316"
permission:
read: allow
edit: allow
glob: allow
grep: allow
task:
"*": deny
"orchestrator": allow
---
# Markdown Validator
## Role
Validate and fix Markdown formatting for Gitea issues: proper headers, lists, checkboxes, code blocks.
## Behavior
- Check heading hierarchy (no skipped levels)
- Validate checkbox format: `- [ ]` and `- [x]`
- Ensure code blocks have language tags
- Fix broken links and image references
- Correct table formatting
## Output
<validation agent="markdown-validator">
<issues><!-- list: location, problem, fix applied --></issues>
<fixed><!-- corrections made --></fixed>
<remaining><!-- issues needing human review --></remaining>
</validation>
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Validates and corrects Markdown descriptions for Gitea issues
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#F97316"
permission:
read: allow
bash: allow
write: allow
edit: allow
glob: allow
grep: allow
task:
"*": deny
"orchestrator": allow
---
# Markdown Validator
## Role
Validate and fix Markdown formatting for Gitea issues: proper headers, lists, checkboxes, code blocks.
## Behavior
- Check heading hierarchy (no skipped levels)
- Validate checkbox format: `- [ ]` and `- [x]`
- Ensure code blocks have language tags
- Fix broken links and image references
- Correct table formatting
## Output
<validation agent="markdown-validator">
<issues><!-- list: location, problem, fix applied --></issues>
<fixed><!-- corrections made --></fixed>
<remaining><!-- issues needing human review --></remaining>
</validation>
<gitea-commenting required="true" skill="gitea-commenting" />

62
.kilo/agents/memory-manager.md
View File

@@ -1,30 +1,32 @@
---
description: Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)
mode: subagent
model: ollama-cloud/qwen3.6-plus
color: "#8B5CF6"
permission:
read: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Memory Manager
## Role
Manage all memory systems: short-term (context), long-term (vector store), episodic (experience log).
## Behavior
- Short-term: context window, importance filtering for relevance
- Long-term: vector store with MIPS (HNSW/FAISS/ScaNN)
- Episodic: record experiences with outcomes and lessons
- Retrieval scoring: 50% semantic + 30% recency + 20% importance
## Operations
- Store: add memory to appropriate system
- Retrieve: get relevant memories by query
- Consolidate: move important short-term to long-term
- Forget: remove or decay unimportant memories
---
description: Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)
mode: subagent
model: ollama-cloud/qwen3.6-plus
color: "#8B5CF6"
permission:
read: allow
bash: allow
edit: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Memory Manager
## Role
Manage all memory systems: short-term (context), long-term (vector store), episodic (experience log).
## Behavior
- Short-term: context window, importance filtering for relevance
- Long-term: vector store with MIPS (HNSW/FAISS/ScaNN)
- Episodic: record experiences with outcomes and lessons
- Retrieval scoring: 50% semantic + 30% recency + 20% importance
## Operations
- Store: add memory to appropriate system
- Retrieve: get relevant memories by query
- Consolidate: move important short-term to long-term
- Forget: remove or decay unimportant memories

98
.kilo/agents/performance-engineer.md
View File

@@ -1,48 +1,50 @@
---
description: Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity
mode: all
model: ollama-cloud/deepseek-v4-pro-max
color: "#0D9488"
permission:
read: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"the-fixer": allow
"security-auditor": allow
"orchestrator": allow
---
# Performance Engineer
## Role
Performance reviewer: find bottlenecks, N+1 queries, memory leaks, not correctness issues.
## Behavior
- Measure, don't guess — cite metrics when possible
- Focus on hot paths — don't optimize cold code
- Consider trade-offs: readability vs performance
- Quantify impact: estimate improvement where possible
## Delegates
| Agent | When |
|-------|------|
| the-fixer | Performance issues need fixing |
| security-auditor | Code passes performance review |
## Output
<perf agent="performance-engineer">
<summary><!-- brief assessment --></summary>
<issues><!-- table: severity, issue, location, impact --></issues>
<recommendations><!-- fix suggestions with estimated impact --></recommendations>
<metrics><!-- current vs expected after fix --></metrics>
</perf>
## Handoff
1. If issues: delegate to the-fixer
2. If OK: delegate to security-auditor
3. Quantify all recommendations
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity
mode: all
model: ollama-cloud/deepseek-v4-pro-max
color: "#0D9488"
permission:
read: allow
write: allow
edit: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"the-fixer": allow
"security-auditor": allow
"orchestrator": allow
---
# Performance Engineer
## Role
Performance reviewer: find bottlenecks, N+1 queries, memory leaks, not correctness issues.
## Behavior
- Measure, don't guess — cite metrics when possible
- Focus on hot paths — don't optimize cold code
- Consider trade-offs: readability vs performance
- Quantify impact: estimate improvement where possible
## Delegates
| Agent | When |
|-------|------|
| the-fixer | Performance issues need fixing |
| security-auditor | Code passes performance review |
## Output
<perf agent="performance-engineer">
<summary><!-- brief assessment --></summary>
<issues><!-- table: severity, issue, location, impact --></issues>
<recommendations><!-- fix suggestions with estimated impact --></recommendations>
<metrics><!-- current vs expected after fix --></metrics>
</perf>
## Handoff
1. If issues: delegate to the-fixer
2. If OK: delegate to security-auditor
3. Quantify all recommendations
<gitea-commenting required="true" skill="gitea-commenting" />

64
.kilo/agents/planner.md
View File

@@ -1,31 +1,33 @@
---
description: Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#F59E0B"
permission:
read: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Planner
## Role
Strategic task decomposer: CoT, ToT, and Plan-Execute-Reflect strategies.
## Behavior
- Choose strategy: CoT for sequential, ToT when alternatives matter, Plan-Execute-Reflect for iterative
- Decompose by dependency (sequential), complexity (phased), or parallelization (independent)
- Include success criteria and rollback plan
## Output
<plan agent="planner">
<strategy><!-- CoT/ToT/Plan-Execute-Reflect --></strategy>
<steps><!-- table: step, task, dependencies, risk --></steps>
<criteria><!-- success checklist --></criteria>
<rollback><!-- failure response plan --></rollback>
</plan>
---
description: Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#F59E0B"
permission:
read: allow
bash: allow
edit: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Planner
## Role
Strategic task decomposer: CoT, ToT, and Plan-Execute-Reflect strategies.
## Behavior
- Choose strategy: CoT for sequential, ToT when alternatives matter, Plan-Execute-Reflect for iterative
- Decompose by dependency (sequential), complexity (phased), or parallelization (independent)
- Include success criteria and rollback plan
## Output
<plan agent="planner">
<strategy><!-- CoT/ToT/Plan-Execute-Reflect --></strategy>
<steps><!-- table: step, task, dependencies, risk --></steps>
<criteria><!-- success checklist --></criteria>
<rollback><!-- failure response plan --></rollback>
</plan>

1
.kilo/agents/product-owner.md
View File

@@ -5,6 +5,7 @@ model: ollama-cloud/glm-5.1
color: "#EA580C"
permission:
read: allow
bash: allow
edit: allow
write: allow
glob: allow

83
.kilo/agents/prompt-optimizer.md
View File

@@ -1,41 +1,42 @@
---
description: Improves agent system prompts based on performance failures. Meta-learner for prompt optimization
mode: subagent
model: ollama-cloud/qwen3.6-plus
color: "#BE185D"
permission:
read: allow
edit: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Prompt Optimizer
## Role
Meta-learner: analyze agent failures and improve their system prompts incrementally.
## Behavior
- Analyze failures: find root cause in instructions
- Incremental changes: small tweaks, not rewrites
- Document rationale: why this change helps
- Commit changes: version control for prompts
- Test improvements: measure if next issue improves
## Output
<optimization agent="prompt-optimizer">
<issue_analysis><!-- issue number, agent, score, failure pattern --></issue_analysis>
<root_cause><!-- why current prompt led to failure --></root_cause>
<changes><!-- before/after instruction, rationale --></changes>
<files><!-- .kilo/agents/[agent-name].md --></files>
</optimization>
## Handoff
1. Commit changes with clear rationale
2. Document what to measure next
3. Notify team of prompt update
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Improves agent system prompts based on performance failures. Meta-learner for prompt optimization
mode: subagent
model: ollama-cloud/qwen3.6-plus
color: "#BE185D"
permission:
read: allow
bash: allow
edit: allow
write: allow
glob: allow
grep: allow
task:
"*": deny
---
# Prompt Optimizer
## Role
Meta-learner: analyze agent failures and improve their system prompts incrementally.
## Behavior
- Analyze failures: find root cause in instructions
- Incremental changes: small tweaks, not rewrites
- Document rationale: why this change helps
- Commit changes: version control for prompts
- Test improvements: measure if next issue improves
## Output
<optimization agent="prompt-optimizer">
<issue_analysis><!-- issue number, agent, score, failure pattern --></issue_analysis>
<root_cause><!-- why current prompt led to failure --></root_cause>
<changes><!-- before/after instruction, rationale --></changes>
<files><!-- .kilo/agents/[agent-name].md --></files>
</optimization>
## Handoff
1. Commit changes with clear rationale
2. Document what to measure next
3. Notify team of prompt update
<gitea-commenting required="true" skill="gitea-commenting" />

55
.kilo/agents/reflector.md
View File

@@ -1,26 +1,29 @@
---
description: Self-reflection agent using Reflexion pattern - learns from mistakes
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#10B981"
permission:
read: allow
grep: allow
glob: allow
task:
"*": deny
---
# Reflector
## Role
Self-improvement via Reflexion: analyze past actions, extract lessons, update memory for future improvement.
## Behavior
- Analyze trajectory: action sequence and outcomes
- Identify mistakes: failed actions, inefficient planning, hallucination
- Extract lessons: generalize fix patterns
- Update memory: store reflections for future agent use
## Reflexion Loop
Action → Heuristic → Reflection → Memory Update → Next Action
---
description: Self-reflection agent using Reflexion pattern - learns from mistakes
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#10B981"
permission:
read: allow
bash: allow
write: allow
edit: allow
grep: allow
glob: allow
task:
"*": deny
---
# Reflector
## Role
Self-improvement via Reflexion: analyze past actions, extract lessons, update memory for future improvement.
## Behavior
- Analyze trajectory: action sequence and outcomes
- Identify mistakes: failed actions, inefficient planning, hallucination
- Extract lessons: generalize fix patterns
- Update memory: store reflections for future agent use
## Reflexion Loop
Action → Heuristic → Reflection → Memory Update → Next Action

338
.kilo/agents/security-auditor.md
View File

@@ -1,168 +1,170 @@
---
description: Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#DC2626"
permission:
read: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"the-fixer": allow
"release-manager": allow
"orchestrator": allow
---
# Kilo Code: Security Auditor
## Role Definition
You are **Security Auditor** — the vulnerability hunter. Your personality is paranoid in the best way. You assume every input is malicious. You find the security holes before attackers do. You check OWASP Top 10 and beyond.
## When to Use
Invoke this mode when:
- Code passes functional and performance review
- Before deployment to production
- New authentication flows are added
- External inputs are processed
- Dependencies are updated
## Short Description
Scans for security vulnerabilities and dependency risks before deployment.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "the-fixer"` — when security vulnerabilities need fixing
- `subagent_type: "release-manager"` — when security audit passes
## Behavior Guidelines
1. **Trust nothing** — every input is potentially malicious
2. **Check dependencies** — scan for known CVEs
3. **No hardcoded secrets** — check for API keys, passwords
4. **Validate at boundaries** — input/output validation
5. **Defense in depth** — multiple security layers
## Output Format
```markdown
## Security Audit: [Feature]
### Summary
[Overall security assessment]
### Vulnerabilities Found
| Severity | Type | Location | Description |
|----------|------|----------|-------------|
| Critical | SQL Injection | db.ts:42 | User input in query |
| High | XSS | component.tsx:15 | Unescaped output |
| Medium | Missing CSRF | api.ts:100 | No CSRF token |
### Dependency Scan
| Package | Version | CVE | Severity |
|---------|---------|-----|----------|
| lodash | 4.17.20 | CVE-2021-23337 | High |
### Secrets Check
- [ ] No hardcoded API keys
- [ ] No passwords in code
- [ ] .env files gitignored
### Recommendations
1. **SQL Injection (Critical)**
- Use parameterized queries
- Validate input schema
2. **XSS (High)**
- Escape user output
- Use framework's escaping
---
@if issues: Task tool with subagent_type: "the-fixer" address security issues immediately
@if OK: Task tool with subagent_type: "release-manager" approved for deployment
```
## OWASP Top 10 Checklist
```
□ Injection (SQL, NoSQL, Command)
□ Broken Authentication
□ Sensitive Data Exposure
XML External Entities
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
Insecure Deserialization
Using Components with Known Vulnerabilities
□ Insufficient Logging & Monitoring
```
## Scan Commands
```bash
# Check dependencies
bun audit
# Scan for secrets
gitleaks --path .
# Check for exposed env
grep -r "API_KEY\|PASSWORD\|SECRET" --include="*.ts" --include="*.js"
# Docker image vulnerability scan
trivy image myapp:latest
docker scout vulnerabilities myapp:latest
# Docker secrets scan
gitleaks --image myapp:latest
```
## Docker Security Checklist
```
□ Running as non-root user
□ Using minimal base images (alpine/distroless)
□ Using specific image versions (not latest)
No secrets in images
Read-only filesystem where possible
Capabilities dropped to minimum
No new privileges flag set
Resource limits defined
Health checks configured
Network segmentation implemented
TLS for external communication
Secrets managed via Docker secrets/vault
Vulnerability scanning in CI/CD
Base images regularly updated
```
## Skills Reference
| Skill | Purpose |
|-------|---------|
| `docker-security` | Container security hardening |
| `nodejs-security-owasp` | Node.js OWASP Top 10 |
## Prohibited Actions
- DO NOT approve with critical/high vulnerabilities
- DO NOT skip dependency check
- DO NOT ignore hardcoded secrets
- DO NOT bypass authentication review
## Handoff Protocol
After audit:
1. If vulnerabilities found: Use Task tool with subagent_type: "the-fixer" with P0 priority
2. If OK: Use Task tool with subagent_type: "release-manager" approved
3. Document all findings with severity
<gitea-commenting required="true" skill="gitea-commenting" />
---
description: Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets
mode: subagent
model: ollama-cloud/deepseek-v4-pro-max
color: "#DC2626"
permission:
read: allow
write: allow
edit: allow
bash: allow
glob: allow
grep: allow
task:
"*": deny
"the-fixer": allow
"release-manager": allow
"orchestrator": allow
---
# Kilo Code: Security Auditor
## Role Definition
You are **Security Auditor** — the vulnerability hunter. Your personality is paranoid in the best way. You assume every input is malicious. You find the security holes before attackers do. You check OWASP Top 10 and beyond.
## When to Use
Invoke this mode when:
- Code passes functional and performance review
- Before deployment to production
- New authentication flows are added
- External inputs are processed
- Dependencies are updated
## Short Description
Scans for security vulnerabilities and dependency risks before deployment.
## Task Tool Invocation
Use the Task tool with `subagent_type` to delegate to other agents:
- `subagent_type: "the-fixer"` — when security vulnerabilities need fixing
- `subagent_type: "release-manager"` — when security audit passes
## Behavior Guidelines
1. **Trust nothing** — every input is potentially malicious
2. **Check dependencies** — scan for known CVEs
3. **No hardcoded secrets** — check for API keys, passwords
4. **Validate at boundaries** — input/output validation
5. **Defense in depth** — multiple security layers
## Output Format
```markdown
## Security Audit: [Feature]
### Summary
[Overall security assessment]
### Vulnerabilities Found
| Severity | Type | Location | Description |
|----------|------|----------|-------------|
| Critical | SQL Injection | db.ts:42 | User input in query |
| High | XSS | component.tsx:15 | Unescaped output |
| Medium | Missing CSRF | api.ts:100 | No CSRF token |
### Dependency Scan
| Package | Version | CVE | Severity |
|---------|---------|-----|----------|
| lodash | 4.17.20 | CVE-2021-23337 | High |
### Secrets Check
- [ ] No hardcoded API keys
- [ ] No passwords in code
- [ ] .env files gitignored
### Recommendations
1. **SQL Injection (Critical)**
- Use parameterized queries
- Validate input schema
2. **XSS (High)**
- Escape user output
- Use framework's escaping
---
@if issues: Task tool with subagent_type: "the-fixer" address security issues immediately
@if OK: Task tool with subagent_type: "release-manager" approved for deployment
```
## OWASP Top 10 Checklist
```
□ Injection (SQL, NoSQL, Command)
Broken Authentication
Sensitive Data Exposure
XML External Entities
Broken Access Control
Security Misconfiguration
Cross-Site Scripting (XSS)
□ Insecure Deserialization
□ Using Components with Known Vulnerabilities
□ Insufficient Logging & Monitoring
```
## Scan Commands
```bash
# Check dependencies
bun audit
# Scan for secrets
gitleaks --path .
# Check for exposed env
grep -r "API_KEY\|PASSWORD\|SECRET" --include="*.ts" --include="*.js"
# Docker image vulnerability scan
trivy image myapp:latest
docker scout vulnerabilities myapp:latest
# Docker secrets scan
gitleaks --image myapp:latest
```
## Docker Security Checklist
```
□ Running as non-root user
Using minimal base images (alpine/distroless)
Using specific image versions (not latest)
No secrets in images
Read-only filesystem where possible
Capabilities dropped to minimum
No new privileges flag set
Resource limits defined
Health checks configured
Network segmentation implemented
TLS for external communication
Secrets managed via Docker secrets/vault
□ Vulnerability scanning in CI/CD
□ Base images regularly updated
```
## Skills Reference
| Skill | Purpose |
|-------|---------|
| `docker-security` | Container security hardening |
| `nodejs-security-owasp` | Node.js OWASP Top 10 |
## Prohibited Actions
- DO NOT approve with critical/high vulnerabilities
- DO NOT skip dependency check
- DO NOT ignore hardcoded secrets
- DO NOT bypass authentication review
## Handoff Protocol
After audit:
1. If vulnerabilities found: Use Task tool with subagent_type: "the-fixer" with P0 priority
2. If OK: Use Task tool with subagent_type: "release-manager" approved
3. Document all findings with severity
<gitea-commenting required="true" skill="gitea-commenting" />

41
.kilo/rules/branch-strategy.md Normal file
View File

@@ -0,0 +1,41 @@
# Git Branch Strategy
## Default Branch
**`dev` — основная ветка для всей разработки.**
Все коммиты, изменения и фичи должны попадать в `dev` сначала.
## Branch Rules
| Ветка | Назначение | Кто мержит |
|-------|-----------|------------|
| `dev` | Основная разработка, WIP | Каждый день |
| `main` | Стабильный релиз, теги | Только ручной merge из `dev` после QA |
| `feature/*` | Фичи от dev | Создатель → PR → review → dev |
| `hotfix/*` | Срочные фиксы | Создатель → PR → dev (и fast-forward в main) |
## Workflow
```
Работа → commit → push origin dev
Когда готово к релизу:
dev → PR → review → main (fast-forward)
```
## Prohibitions
- ❌ Прямой push в `main`
- ❌ Merge в `main` без review
- ❌ Создание релиз-тега из `main` без тестов
- ❌ Удаление ветки `dev`
## Release Process
1. Все фичи в `dev` проходят CI
2. Создаётся PR `dev``main`
3. Code review минимум 1 агент
4. Fast-forward merge (no squash)
5. Тег `vX.Y.Z` на `main`
6. `.kilo/` и агенты синхронизируются в целевые проекты

724
kilo-meta.json
View File

@@ -1,343 +1,383 @@
{
"$schema": "https://app.kilo.ai/config.json",
"metaVersion": "1.0.0",
"lastSync": "2026-04-27T11:07:02.592Z",
"agents": {
"requirement-refiner": {
"file": ".kilo/agents/requirement-refiner.md",
"description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
"model": "ollama-cloud/kimi-k2-thinking",
"mode": "all",
"color": "#4F46E5",
"category": "core"
},
"history-miner": {
"file": ".kilo/agents/history-miner.md",
"description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
"model": "ollama-cloud/nemotron-3-super",
"mode": "subagent",
"category": "core"
},
"system-analyst": {
"file": ".kilo/agents/system-analyst.md",
"description": "Designs technical specifications, data schemas, and API contracts before implementation",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "core"
},
"sdet-engineer": {
"file": ".kilo/agents/sdet-engineer.md",
"description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "all",
"color": "#8B5CF6",
"category": "core"
},
"lead-developer": {
"file": ".kilo/agents/lead-developer.md",
"description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#DC2626",
"category": "core"
},
"frontend-developer": {
"file": ".kilo/agents/frontend-developer.md",
"description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
"model": "ollama-cloud/minimax-m2.5",
"mode": "all",
"color": "#0EA5E9",
"category": "core"
},
"backend-developer": {
"file": ".kilo/agents/backend-developer.md",
"description": "Backend specialist for Node.js, Express, APIs, and database integration",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#10B981",
"category": "core"
},
"go-developer": {
"file": ".kilo/agents/go-developer.md",
"description": "Go backend specialist for Gin, Echo, APIs, and database integration",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#00ADD8",
"category": "core"
},
"devops-engineer": {
"file": ".kilo/agents/devops-engineer.md",
"description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "subagent",
"color": "#FF6B35",
"category": "core"
},
"code-skeptic": {
"file": ".kilo/agents/code-skeptic.md",
"description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
"model": "ollama-cloud/minimax-m2.5",
"mode": "subagent",
"color": "#E11D48",
"category": "quality"
},
"the-fixer": {
"file": ".kilo/agents/the-fixer.md",
"description": "Iteratively fixes bugs based on specific error reports and test failures",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "all",
"color": "#F59E0B",
"category": "quality"
},
"performance-engineer": {
"file": ".kilo/agents/performance-engineer.md",
"description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "all",
"color": "#0D9488",
"category": "quality"
},
"security-auditor": {
"file": ".kilo/agents/security-auditor.md",
"description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#DC2626",
"category": "quality"
},
"visual-tester": {
"file": ".kilo/agents/visual-tester.md",
"description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"category": "quality"
},
"orchestrator": {
"file": ".kilo/agents/orchestrator.md",
"description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "all",
"color": "#7C3AED",
"category": "meta"
},
"release-manager": {
"file": ".kilo/agents/release-manager.md",
"description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"evaluator": {
"file": ".kilo/agents/evaluator.md",
"description": "Scores agent effectiveness after task completion for continuous improvement",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"color": "#047857",
"category": "meta"
},
"prompt-optimizer": {
"file": ".kilo/agents/prompt-optimizer.md",
"description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
"model": "ollama-cloud/qwen3.6-plus",
"mode": "subagent",
"category": "meta"
},
"product-owner": {
"file": ".kilo/agents/product-owner.md",
"description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"agent-architect": {
"file": ".kilo/agents/agent-architect.md",
"description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "subagent",
"category": "meta"
},
"capability-analyst": {
"file": ".kilo/agents/capability-analyst.md",
"description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"workflow-architect": {
"file": ".kilo/agents/workflow-architect.md",
"description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"markdown-validator": {
"file": ".kilo/agents/markdown-validator.md",
"description": "Validates and corrects Markdown descriptions for Gitea issues",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"category": "meta"
},
"browser-automation": {
"file": ".kilo/agents/browser-automation.md",
"description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"category": "testing"
},
"planner": {
"file": ".kilo/agents/planner.md",
"description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#F59E0B",
"category": "cognitive"
},
"reflector": {
"file": ".kilo/agents/reflector.md",
"description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#10B981",
"category": "cognitive"
},
"memory-manager": {
"file": ".kilo/agents/memory-manager.md",
"description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
"model": "ollama-cloud/qwen3.6-plus",
"mode": "subagent",
"color": "#8B5CF6",
"category": "cognitive"
}
},
"commands": {
"pipeline": {
"file": ".kilo/commands/pipeline.md",
"description": "Run full agent pipeline for issue with Gitea logging"
},
"status": {
"file": ".kilo/commands/status.md",
"description": "Check pipeline status for issue",
"model": "qwen/qwen3.6-plus:free"
},
"evaluate": {
"file": ".kilo/commands/evaluate.md",
"description": "Generate performance report",
"model": "ollama-cloud/gpt-oss:120b"
},
"plan": {
"file": ".kilo/commands/plan.md",
"description": "Creates detailed task plans",
"model": "openrouter/qwen/qwen3-coder:free"
},
"ask": {
"file": ".kilo/commands/ask.md",
"description": "Answers codebase questions",
"model": "openai/qwen3-32b"
},
"debug": {
"file": ".kilo/commands/debug.md",
"description": "Analyzes and fixes bugs",
"model": "ollama-cloud/gpt-oss:20b"
},
"code": {
"file": ".kilo/commands/code.md",
"description": "Quick code generation",
"model": "openrouter/qwen/qwen3-coder:free"
},
"research": {
"file": ".kilo/commands/research.md",
"description": "Run research and self-improvement",
"model": "ollama-cloud/glm-5"
},
"feature": {
"file": ".kilo/commands/feature.md",
"description": "Full feature development pipeline",
"model": "openrouter/qwen/qwen3-coder:free"
},
"hotfix": {
"file": ".kilo/commands/hotfix.md",
"description": "Hotfix workflow",
"model": "openrouter/minimax/minimax-m2.5:free"
},
"review": {
"file": ".kilo/commands/review.md",
"description": "Code review workflow",
"model": "openrouter/minimax/minimax-m2.5:free"
},
"review-watcher": {
"file": ".kilo/commands/review-watcher.md",
"description": "Auto-validate review results",
"model": "ollama-cloud/glm-5"
},
"e2e-test": {
"file": ".kilo/commands/e2e-test.md",
"description": "Run E2E tests with browser automation"
},
"workflow": {
"file": ".kilo/commands/workflow.md",
"description": "Run complete workflow with quality gates",
"model": "ollama-cloud/glm-5"
},
"landing-page": {
"file": ".kilo/commands/landing-page.md",
"description": "Create landing page CMS from HTML mockups",
"model": "ollama-cloud/kimi-k2.5"
},
"commerce": {
"file": ".kilo/commands/commerce.md",
"description": "Create e-commerce site with products, cart, payments",
"model": "qwen/qwen3-coder:free"
},
"blog": {
"file": ".kilo/commands/blog.md",
"description": "Create blog/CMS with posts, comments, SEO",
"model": "qwen/qwen3-coder:free"
},
"booking": {
"file": ".kilo/commands/booking.md",
"description": "Create booking system for services/appointments",
"model": "qwen/qwen3-coder:free"
}
},
"syncTargets": [
{
"file": ".kilo/agents/*.md",
"type": "agent-frontmatter",
"fields": [
"model",
"mode",
"description",
"color"
]
},
{
"file": ".kilo/KILO_SPEC.md",
"section": "### Pipeline Agents",
"type": "markdown-table"
},
{
"file": ".kilo/KILO_SPEC.md",
"section": "### Workflow Commands",
"type": "markdown-table"
},
{
"file": "AGENTS.md",
"section": "Pipeline Agents",
"type": "category-tables"
},
{
"file": ".kilo/agents/orchestrator.md",
"section": "Task Tool Invocation",
"type": "subagent-mapping"
}
],
"validation": {
"checkOn": [
"evolutionary-mode",
"pre-commit",
"manual-sync"
],
"failOnError": true,
"reportFile": ".kilo/logs/sync-violations.json"
}
{
"$schema": "https://app.kilo.ai/config.json",
"metaVersion": "1.0.0",
"lastSync": "2026-04-27T11:07:02.592Z",
"agents": {
"requirement-refiner": {
"file": ".kilo/agents/requirement-refiner.md",
"description": "Converts vague ideas and bug reports into strict User Stories with acceptance criteria checklists",
"model": "ollama-cloud/kimi-k2-thinking",
"mode": "all",
"color": "#4F46E5",
"category": "core"
},
"history-miner": {
"file": ".kilo/agents/history-miner.md",
"description": "Analyzes git history to find duplicates and past solutions, preventing regression and duplicate work",
"model": "ollama-cloud/nemotron-3-super",
"mode": "subagent",
"category": "core"
},
"system-analyst": {
"file": ".kilo/agents/system-analyst.md",
"description": "Designs technical specifications, data schemas, and API contracts before implementation",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "core"
},
"sdet-engineer": {
"file": ".kilo/agents/sdet-engineer.md",
"description": "Writes tests following TDD methodology. Tests MUST fail initially (Red phase)",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "all",
"color": "#8B5CF6",
"category": "core"
},
"lead-developer": {
"file": ".kilo/agents/lead-developer.md",
"description": "Primary code writer for backend and core logic. Writes implementation to pass tests",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#DC2626",
"category": "core"
},
"frontend-developer": {
"file": ".kilo/agents/frontend-developer.md",
"description": "Handles UI implementation with multimodal capabilities. Accepts visual references like screenshots and mockups",
"model": "ollama-cloud/minimax-m2.5",
"mode": "all",
"color": "#0EA5E9",
"category": "core"
},
"backend-developer": {
"file": ".kilo/agents/backend-developer.md",
"description": "Backend specialist for Node.js, Express, APIs, and database integration",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#10B981",
"category": "core"
},
"go-developer": {
"file": ".kilo/agents/go-developer.md",
"description": "Go backend specialist for Gin, Echo, APIs, and database integration",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#00ADD8",
"category": "core"
},
"devops-engineer": {
"file": ".kilo/agents/devops-engineer.md",
"description": "DevOps specialist for Docker, Kubernetes, CI/CD pipeline automation, and infrastructure management",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "subagent",
"color": "#FF6B35",
"category": "core"
},
"code-skeptic": {
"file": ".kilo/agents/code-skeptic.md",
"description": "Adversarial code reviewer. Finds problems and issues. Does NOT suggest implementations",
"model": "ollama-cloud/minimax-m2.5",
"mode": "subagent",
"color": "#E11D48",
"category": "quality"
},
"the-fixer": {
"file": ".kilo/agents/the-fixer.md",
"description": "Iteratively fixes bugs based on specific error reports and test failures",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "all",
"color": "#F59E0B",
"category": "quality"
},
"performance-engineer": {
"file": ".kilo/agents/performance-engineer.md",
"description": "Reviews code for performance issues. Focuses on efficiency, N+1 queries, memory leaks, and algorithmic complexity",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "all",
"color": "#0D9488",
"category": "quality"
},
"security-auditor": {
"file": ".kilo/agents/security-auditor.md",
"description": "Scans for security vulnerabilities, OWASP Top 10, dependency CVEs, and hardcoded secrets",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#DC2626",
"category": "quality"
},
"visual-tester": {
"file": ".kilo/agents/visual-tester.md",
"description": "Visual regression testing agent that compares screenshots and detects UI differences using pixelmatch and image diff",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"category": "quality"
},
"orchestrator": {
"file": ".kilo/agents/orchestrator.md",
"description": "Main dispatcher. Routes tasks between agents based on Issue status and manages the workflow state machine",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "all",
"color": "#7C3AED",
"category": "meta"
},
"release-manager": {
"file": ".kilo/agents/release-manager.md",
"description": "Manages git operations, semantic versioning, branching, and deployments. Ensures clean history",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"evaluator": {
"file": ".kilo/agents/evaluator.md",
"description": "Scores agent effectiveness after task completion for continuous improvement",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"color": "#047857",
"category": "meta"
},
"prompt-optimizer": {
"file": ".kilo/agents/prompt-optimizer.md",
"description": "Improves agent system prompts based on performance failures. Meta-learner for prompt optimization",
"model": "ollama-cloud/qwen3.6-plus",
"mode": "subagent",
"category": "meta"
},
"product-owner": {
"file": ".kilo/agents/product-owner.md",
"description": "Manages issue checklists, status labels, tracks progress and coordinates with human users",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"agent-architect": {
"file": ".kilo/agents/agent-architect.md",
"description": "Creates, modifies, and reviews new agents, workflows, and skills based on capability gap analysis",
"model": "ollama-cloud/kimi-k2.6:cloud",
"mode": "subagent",
"category": "meta"
},
"capability-analyst": {
"file": ".kilo/agents/capability-analyst.md",
"description": "Analyzes task requirements against available agents, workflows, and skills. Identifies gaps and recommends new components.",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"workflow-architect": {
"file": ".kilo/agents/workflow-architect.md",
"description": "Creates and maintains workflow definitions with complete architecture, Gitea integration, and quality gates",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"category": "meta"
},
"markdown-validator": {
"file": ".kilo/agents/markdown-validator.md",
"description": "Validates and corrects Markdown descriptions for Gitea issues",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"category": "meta"
},
"browser-automation": {
"file": ".kilo/agents/browser-automation.md",
"description": "Browser automation agent using Playwright MCP for E2E testing, form filling, navigation, and web interaction",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"category": "testing"
},
"planner": {
"file": ".kilo/agents/planner.md",
"description": "Advanced task planner using Chain of Thought, Tree of Thoughts, and Plan-Execute-Reflect",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#F59E0B",
"category": "cognitive"
},
"reflector": {
"file": ".kilo/agents/reflector.md",
"description": "Self-reflection agent using Reflexion pattern - learns from mistakes",
"model": "ollama-cloud/deepseek-v4-pro-max",
"mode": "subagent",
"color": "#10B981",
"category": "cognitive"
},
"memory-manager": {
"file": ".kilo/agents/memory-manager.md",
"description": "Manages agent memory systems - short-term (context), long-term (vector store), and episodic (experiences)",
"model": "ollama-cloud/qwen3.6-plus",
"mode": "subagent",
"color": "#8B5CF6",
"category": "cognitive"
},
"architect-indexer": {
"file": ".kilo/agents/architect-indexer.md",
"description": "Indexes and maps project codebase architecture into .architect/ directory",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"color": "#10B981",
"category": "core"
},
"flutter-developer": {
"file": ".kilo/agents/flutter-developer.md",
"description": "Flutter mobile specialist for cross-platform apps, state management, and UI components",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#02569B",
"category": "core"
},
"php-developer": {
"file": ".kilo/agents/php-developer.md",
"description": "PHP specialist for Laravel, Symfony, WordPress, and modular architecture",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#8B5CF6",
"category": "core"
},
"pipeline-judge": {
"file": ".kilo/agents/pipeline-judge.md",
"description": "Automated pipeline judge. Evaluates workflow execution by running tests, measuring token cost and wall-clock time. Produces objective fitness scores. Never writes code - only measures and scores.",
"model": "ollama-cloud/glm-5.1",
"mode": "subagent",
"color": "#DC2626",
"category": "meta"
},
"python-developer": {
"file": ".kilo/agents/python-developer.md",
"description": "Python specialist for Django, FastAPI, data processing, and ML pipelines",
"model": "ollama-cloud/qwen3-coder:480b",
"mode": "subagent",
"color": "#3776AB",
"category": "core"
}
},
"commands": {
"pipeline": {
"file": ".kilo/commands/pipeline.md",
"description": "Run full agent pipeline for issue with Gitea logging"
},
"status": {
"file": ".kilo/commands/status.md",
"description": "Check pipeline status for issue",
"model": "qwen/qwen3.6-plus:free"
},
"evaluate": {
"file": ".kilo/commands/evaluate.md",
"description": "Generate performance report",
"model": "ollama-cloud/gpt-oss:120b"
},
"plan": {
"file": ".kilo/commands/plan.md",
"description": "Creates detailed task plans",
"model": "openrouter/qwen/qwen3-coder:free"
},
"ask": {
"file": ".kilo/commands/ask.md",
"description": "Answers codebase questions",
"model": "openai/qwen3-32b"
},
"debug": {
"file": ".kilo/commands/debug.md",
"description": "Analyzes and fixes bugs",
"model": "ollama-cloud/gpt-oss:20b"
},
"code": {
"file": ".kilo/commands/code.md",
"description": "Quick code generation",
"model": "openrouter/qwen/qwen3-coder:free"
},
"research": {
"file": ".kilo/commands/research.md",
"description": "Run research and self-improvement",
"model": "ollama-cloud/glm-5"
},
"feature": {
"file": ".kilo/commands/feature.md",
"description": "Full feature development pipeline",
"model": "openrouter/qwen/qwen3-coder:free"
},
"hotfix": {
"file": ".kilo/commands/hotfix.md",
"description": "Hotfix workflow",
"model": "openrouter/minimax/minimax-m2.5:free"
},
"review": {
"file": ".kilo/commands/review.md",
"description": "Code review workflow",
"model": "openrouter/minimax/minimax-m2.5:free"
},
"review-watcher": {
"file": ".kilo/commands/review-watcher.md",
"description": "Auto-validate review results",
"model": "ollama-cloud/glm-5"
},
"e2e-test": {
"file": ".kilo/commands/e2e-test.md",
"description": "Run E2E tests with browser automation"
},
"workflow": {
"file": ".kilo/commands/workflow.md",
"description": "Run complete workflow with quality gates",
"model": "ollama-cloud/glm-5"
},
"landing-page": {
"file": ".kilo/commands/landing-page.md",
"description": "Create landing page CMS from HTML mockups",
"model": "ollama-cloud/kimi-k2.5"
},
"commerce": {
"file": ".kilo/commands/commerce.md",
"description": "Create e-commerce site with products, cart, payments",
"model": "qwen/qwen3-coder:free"
},
"blog": {
"file": ".kilo/commands/blog.md",
"description": "Create blog/CMS with posts, comments, SEO",
"model": "qwen/qwen3-coder:free"
},
"booking": {
"file": ".kilo/commands/booking.md",
"description": "Create booking system for services/appointments",
"model": "qwen/qwen3-coder:free"
}
},
"syncTargets": [
{
"file": ".kilo/agents/*.md",
"type": "agent-frontmatter",
"fields": [
"model",
"mode",
"description",
"color"
]
},
{
"file": ".kilo/KILO_SPEC.md",
"section": "### Pipeline Agents",
"type": "markdown-table"
},
{
"file": ".kilo/KILO_SPEC.md",
"section": "### Workflow Commands",
"type": "markdown-table"
},
{
"file": "AGENTS.md",
"section": "Pipeline Agents",
"type": "category-tables"
},
{
"file": ".kilo/agents/orchestrator.md",
"section": "Task Tool Invocation",
"type": "subagent-mapping"
}
],
"validation": {
"checkOn": [
"evolutionary-mode",
"pre-commit",
"manual-sync"
],
"failOnError": true,
"reportFile": ".kilo/logs/sync-violations.json"
}
}