WrongStack

WrongStack

Built on the wrong stack. Shipped anyway.

A CLI AI coding agent that runs in your terminal. It reads your code, edits files, runs commands, and reasons through bugs — while you stay in control of every permission. It drives autonomous goal loops, parallel subagent fan-out, multi-agent Director orchestration, and collaborative debugging; guides Spec-Driven Development cycles; and ships with 36 built-in tools, 16 bundled skills, 7 first-party plugins (prompt library, GitHub cloud sync, git, security, skills, plan, observability), 10 more in the official @wrongstack/plugins collection, and ~110 providers from models.dev — all with AES-256-GCM encrypted secrets and per-tool permission policies.

Provider catalog comes from models.dev — no hardcoded provider lists, no hardcoded pricing, no hardcoded model names. API keys are encrypted at rest with a per-machine key. Every developer-level config lives under ~/.wrongstack/; the only thing you'd ever commit to a repo is .wrongstack/AGENTS.md.

Features

`--no-features` minimal kernel

Flips off MCP, plugins, memory tools, models.dev fetch, and skill discovery. What's left: kernel (Container + Pipeline + EventBus + RunController, 505 lines) + agent (525 lines) + 36 tools + permission policy + curated system prompt. The minimal-viable WrongStack runs offline with no network calls at startup. Provider family must be declared explicitly in config when using this mode.

---

What's new in 0.9.20

- Collaborative debugging goes live in the TUI. The fleet monitor (Ctrl+F) now renders a dedicated ⚡ COLLAB SESSION banner during a Director.spawnCollab() run: live per-stage counters (🐛 bugs · 📐 plans · ⚖️ evaluations), a color-coded overall verdict chip (approve / needs_revision / reject), and an inline timeline of bug.found → refactor.plan → critic.evaluation → session done events with elapsed-time stamps. The TUI listens directly to the collab FleetBus events, detects each agent's role from its subagent id, and caps the timeline buffer so long runs stay bounded.

- AGENTS.md documents the collab pipeline + fleet commands. New reference sections cover the three-agent bug-hunter → refactor-planner → critic pipeline, the fleet_emit event contract, the relevant code references, and the full Ctrl+F / Ctrl+G / /fleet * command table.

What's new in 0.9.19

- Security audit — findings F-01 → F-07 remediated. A full security-check pass closed: an arbitrary file write in the diff tool (a/b refs were pushed into git diff argv unguarded, so { a: "--output=<path>" } clobbered files with no confirmation — now validated as commit-ish), tool-registry wrap/unregister now enforce plugin trust tiers (external plugins can't silently downgrade a builtin), the subagent auto-approve guard now fails closed (denies edit/replace/all mcp__*, not just bash/write), symlink-resolving containment checks on read/edit/write, SSRF-guarded redirects in the search tool, session-log scrubbing of user/model turn text, and IPv6 IMDS parity in MCP transport validation. 26 new regression tests; pnpm audit reports 0 advisories across 591 deps. See security-report/ and CHANGELOG.md.

- Collaborative debugging — three agents on one problem, in parallel. Director.spawnCollab() runs BugHunter, RefactorPlanner, and Critic simultaneously on a shared immutable file snapshot. Findings flow through the FleetBus (bug.found → refactor.plan → critic.evaluation); the Director routes results between agents via a shared scratchpad and returns a structured CollabDebugReport. Subagents emit structured signals through the new fleet_emit tool, and each spawned worker now gets a memorable scientist nickname (Turing, Shannon, Gauss, …) instead of AGENT#N.

- Tougher streaming. Truncated tool-call argument streams (JSON that ends mid-object) are now salvaged by completePartialObject instead of dropping the call.

What's new in 0.9.7

• Four new bundled skills — bundled set grows 12 → 16. Added testing (vitest patterns, mocking, coverage, unit/integration/e2e), observability (structured logging, traces, metrics, redaction), api-design (REST patterns, error codes, pagination, auth), and docker-deploy (multi-stage builds, non-root user, image scanning).

• All bundled skills standardized. Every skill now follows one structure — Overview → Rules → Patterns (Do / Don't) → Skills in scope — so they read consistently and compose predictably. Highlights: react-modern hook table expanded and a duplicate section removed, typescript-strict gained a Workflow section (tsconfig → per-file → CI gate), refactor-planner moved its dependency-graph example into Patterns, and audit-log documents the JSONL session-event structure.

• docs/skills.md now reflects 16 bundled skills, with AGENTS.md and the skill-gen docs synced to the standardized layout.

What's new in 0.9.4

• /autophase, /goal, and /sdd no longer crash when paths are unconfigured. All three slash commands now guard opts.paths before use and return a clear error message rather than throwing when the paths layer hasn't been wired into the command context.

• TUI settings overlay reflects persisted values on open. The TUI's /settings overlay now calls getSettings (wired to loadAutonomySetting) on mount so the mode and delay fields show the actual saved values instead of always starting from defaults.

• saveSettings return type is now async-compatible. saveSettings in RunTuiOptions returns string | null | Promise<string | null> so the async persistAutonomySetting implementation in the CLI executor no longer causes a type mismatch.

What's new in 0.9.2

• /settings works in the TUI — now with a real overlay. The old menu blocked on readline, which can't run under Ink (Ink owns stdin) — so in the TUI it hung invisibly and every keypress redrew the status bar into the chat history. Two fixes: (1) the builtin /settings is now argument-driven and non-blocking (/settings, /settings delay <seconds>, /settings mode <off|suggest|auto>, /settings defaults) — works in REPL + headless; (2) the TUI registers a keyboard-driven overlay (↑/↓ field · ←/→ change · Enter save · Esc cancel) for autonomy mode and auto-proceed delay, matching the /model and /autonomy pickers.

• WebUI can list saved providers. A new providers.saved WebSocket message returns every saved provider (id, family, baseUrl) with its stored keys as { label, maskedKey, isActive, createdAt }. Only masked key values cross the wire — raw secrets stay server-side.

What's new in 0.9.1

• Corruption guard pre-commit hook. A new scripts/guard-against-corruption.mjs runs on every commit and blocks two patterns of damage: the known worktreeMonitorToggle corruption fragment in any staged file, and suspicious mass-changes (>20 files by default, tunable via GUARD_MAX_FILES, override with --force). Auto-wired through postinstall so a fresh pnpm install activates the guard with zero setup.

• /settings interactive menu. New slash command opens a terminal picker for the two most-asked-for runtime knobs: auto-proceed delay (seconds the agent waits in auto autonomy before continuing) and default autonomy mode (off / suggest / auto). Persisted to ~/.wrongstack/config.json.

• Three security tightenings. Mutating auto-permission tools now require user confirmation (a remote WS client can no longer trigger network-side-effect tools without a prompt). bash and exec redact secret-bearing CLI flags (--token=…, TOKEN=…, --github-token=…, …) before registering the process, so /ps and crash dumps never leak. config.json rollback on POSIX refuses to write when the calling euid does not own the file.

• Windows build memory fix. build, typecheck, and test:coverage now prepend cross-env NODE_OPTIONS=--max-old-space-size=4096 so the monorepo's typecheck and coverage passes stop OOM'ing on Windows.

What's new in 0.9.0

• AutoPhase autonomous workflow. /autophase start [title] breaks a project into ordered phases (Discovery → Design → Implementation → Testing → Deployment) and runs them autonomously, with a live phase/task view in the web UI. Run /autophase for the full subcommand list.

• TUI input stays put. Fixed a regression where resizing or new output could push the input box to the top of the screen and erase committed history; the input and status bar now stay pinned to the bottom and /help lists every command in full.

• Leaner compaction accounting. Context-compaction load is now reported against the full-request estimate (no more confusing "~1.3× overhead" figures), and no-op compactions are skipped.

For earlier release notes, see CHANGELOG.md.