feat: add Cursor-style Debug Mode with hypothesis-driven instrumentation#1523
Open
potb wants to merge 13 commits intocode-yeongyu:devfrom
Open
feat: add Cursor-style Debug Mode with hypothesis-driven instrumentation#1523potb wants to merge 13 commits intocode-yeongyu:devfrom
potb wants to merge 13 commits intocode-yeongyu:devfrom
Conversation
# Conflicts: # src/features/builtin-commands/commands.ts # src/features/builtin-commands/types.ts # src/features/builtin-skills/skills.test.ts # src/features/builtin-skills/skills.ts # src/hooks/keyword-detector/constants.ts
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
1 issue found across 11 files
Confidence score: 3/5
- Potential security exposure in
src/features/builtin-skills/skills.ts: debug server template binds to all interfaces by default, making unauthenticated/ingestreachable on the local network - Risk is moderate because it can expose an endpoint unexpectedly; binding to localhost would reduce impact
- Pay close attention to
src/features/builtin-skills/skills.ts- default host binding exposes/ingestbeyond localhost.
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="src/features/builtin-skills/skills.ts">
<violation number="1" location="src/features/builtin-skills/skills.ts:94">
P2: Debug server template binds to all interfaces by default; without a hostname it listens on 0.0.0.0/::, exposing the unauthenticated /ingest endpoint to the local network. Bind explicitly to localhost for safety.</violation>
</file>
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
- Update command count test to expect 8 commands (added stop-continuation) - Remove debug keywords from analyze pattern to prevent double-match - Add getMainSessionID spy to keyword-detector tests to handle mock pollution - Add beforeEach reset and test imports to unstable-agent-babysitter tests
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds a Cursor-style Debug Mode for hypothesis-driven runtime debugging with lightweight instrumentation and a local NDJSON log server.
New Features
/debugcommand with a 7-step workflow and guided templateruntime-debuggingskill with:@DEBUG:START/@DEBUG:END) for systematic cleanup[debug-mode]message.gitignoreupdated to exclude.opencode/debug/Testing
37 tests added/updated across commands, skills, and keyword detector; all passing.
Supersedes #1113
Summary by cubic
Introduces a guided Debug Mode with hypothesis-driven instrumentation and a local NDJSON log server to diagnose runtime issues and cleanly remove instrumentation.
Written for commit 2203a23. Summary will update on new commits.