@agxnte/reidx 2.0.10 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +84 -84
- package/package.json +1 -1
- package/pyproject.toml +2 -2
- package/src/reidx/__init__.py +2 -2
- package/src/reidx/provider_manager/palette.py +2 -0
package/README.md
CHANGED
|
@@ -1,8 +1,8 @@
|
|
|
1
|
-
|
|
1
|
+
# ReidX
|
|
2
2
|
|
|
3
3
|
Terminal-native personal intelligence and coding CLI with an agent-first runtime.
|
|
4
4
|
|
|
5
|
-
A real runtime
|
|
5
|
+
A real runtime � not a chat wrapper. Sessions, tasks, tools, policy gates,
|
|
6
6
|
providers, and persistence are first-class. A genuine full-screen TUI (not an
|
|
7
7
|
inline redraw hack) with a locked-to-bottom footer, scrollable history,
|
|
8
8
|
collapsible reasoning/tool-call output, a live subagent panel, and a live "/"
|
|
@@ -11,7 +11,7 @@ command menu. Built to grow into a durable operator surface.
|
|
|
11
11
|
**Status:** Phase 5 complete (correctness fixes + real resume + interaction
|
|
12
12
|
upgrade), plus a full-screen TUI rewrite, real HTTP providers (Anthropic /
|
|
13
13
|
OpenAI / OpenAI-compatible / Ollama), subagent spawning, DeepReid
|
|
14
|
-
(Researcher
|
|
14
|
+
(Researcher?Planner?Critic planning pipeline), Nyx (redteam persona mode),
|
|
15
15
|
web search, and workflows on top. See `docs/` for the architecture audit and
|
|
16
16
|
phase plans.
|
|
17
17
|
|
|
@@ -20,11 +20,11 @@ phase plans.
|
|
|
20
20
|
## Target stack
|
|
21
21
|
|
|
22
22
|
- **Python** 3.12+
|
|
23
|
-
- **Typer**
|
|
24
|
-
- **Pydantic v2**
|
|
25
|
-
- **Rich**
|
|
26
|
-
- **prompt_toolkit**
|
|
27
|
-
- No HTTP client dependency
|
|
23
|
+
- **Typer** � CLI command surface
|
|
24
|
+
- **Pydantic v2** � schemas and validation
|
|
25
|
+
- **Rich** � terminal rendering (markdown, tables, panels)
|
|
26
|
+
- **prompt_toolkit** � the full-screen TUI (layout, input, completion, mouse)
|
|
27
|
+
- No HTTP client dependency � the Anthropic/OpenAI/Ollama providers and
|
|
28
28
|
`web_search` all speak stdlib `urllib`, so there's nothing extra to install
|
|
29
29
|
to go from the offline stub to a real model.
|
|
30
30
|
|
|
@@ -65,7 +65,7 @@ reid doctor
|
|
|
65
65
|
Expected output:
|
|
66
66
|
|
|
67
67
|
```
|
|
68
|
-
reid 2.
|
|
68
|
+
reid 2.1.1
|
|
69
69
|
settings <path> (found|missing)
|
|
70
70
|
python <path> (3.13.x)
|
|
71
71
|
workspace <cwd>
|
|
@@ -92,65 +92,65 @@ is offline and exercisable without API keys.
|
|
|
92
92
|
## The interactive TUI
|
|
93
93
|
|
|
94
94
|
`reid` (with no subcommand, or `reid interactive`) launches a real
|
|
95
|
-
full-screen `prompt_toolkit` application
|
|
95
|
+
full-screen `prompt_toolkit` application � the same style of terminal
|
|
96
96
|
ownership as `vim`/`htop` (alternate screen; your native scrollback is
|
|
97
97
|
untouched and restored exactly as it was on exit). Rich handles all the
|
|
98
98
|
actual rendering (markdown, tables, panels); prompt_toolkit owns the screen,
|
|
99
99
|
input, and layout around it.
|
|
100
100
|
|
|
101
|
-
- **Locked-to-bottom footer**
|
|
102
|
-
subagent panel, and a status line (app name
|
|
103
|
-
token/context-window usage
|
|
101
|
+
- **Locked-to-bottom footer** � a spinner row, the input box, an optional
|
|
102
|
+
subagent panel, and a status line (app name � mode � model � effort �
|
|
103
|
+
token/context-window usage � workspace � task count) are always pinned to
|
|
104
104
|
the terminal's actual last rows. The scrollable output pane fills
|
|
105
105
|
everything above it.
|
|
106
|
-
- **Mouse-wheel scroll**
|
|
106
|
+
- **Mouse-wheel scroll** � scroll up to read history without losing your
|
|
107
107
|
place; new replies keep arriving below the fold instead of yanking you back
|
|
108
108
|
down. Scroll back to the bottom (or far enough) and it re-locks
|
|
109
109
|
automatically. (Hold **Shift** while click-dragging for native text
|
|
110
|
-
selection/copy
|
|
110
|
+
selection/copy � mouse support for scrolling means the terminal hands mouse
|
|
111
111
|
events to the app, and Shift is the standard bypass every terminal supports
|
|
112
112
|
for that.)
|
|
113
|
-
- **Collapsible reasoning + tool calls (Ctrl+O)**
|
|
114
|
-
a grayed-out
|
|
115
|
-
|
|
113
|
+
- **Collapsible reasoning + tool calls (Ctrl+O)** � chain-of-thought shows as
|
|
114
|
+
a grayed-out `? Thought for Ns` line and each tool call as a one-line
|
|
115
|
+
`? tool(args) ok/error` summary, collapsed by default. `Ctrl+O` toggles
|
|
116
116
|
every collapsed block open at once to see the full detail.
|
|
117
|
-
- **`/` completion menu**
|
|
118
|
-
with its description (Tab
|
|
117
|
+
- **`/` completion menu** � type `/` for a live menu of every slash command
|
|
118
|
+
with its description (Tab/?/? to navigate, Enter to accept); no need to run
|
|
119
119
|
`/help` first, though `/help` still works and shows the same list grouped
|
|
120
120
|
by category.
|
|
121
121
|
- **Large/multi-line pastes collapse** to a placeholder like
|
|
122
|
-
`[Pasted text #1 +42 lines]` (same idea as Claude Code's own input box)
|
|
122
|
+
`[Pasted text #1 +42 lines]` (same idea as Claude Code's own input box) �
|
|
123
123
|
the full text is still sent when you submit, only the box display is
|
|
124
124
|
compact.
|
|
125
|
-
- **Escape to stop a response**
|
|
126
|
-
just that turn (the spinner switches to
|
|
125
|
+
- **Escape to stop a response** � while a reply is generating, `Esc` cancels
|
|
126
|
+
just that turn (the spinner switches to `? stopping�`) and returns whatever
|
|
127
127
|
partial answer/tool results it already had; the session itself stays open.
|
|
128
128
|
It's polled at safe points (before the next model call, between tool
|
|
129
129
|
calls), so it can't kill a request already in flight, but it ends the turn
|
|
130
130
|
at the next opportunity instead of waiting for it to run to completion.
|
|
131
131
|
`Ctrl+D` is still the one that exits the whole session.
|
|
132
|
-
- **Live subagent panel**
|
|
132
|
+
- **Live subagent panel** � appears under the input box whenever the model
|
|
133
133
|
calls `spawn_agent` (see Tools below), showing one row per child agent:
|
|
134
134
|
name, status (running/done/error), elapsed time, and its last action.
|
|
135
135
|
Finished rows linger for ~2s then disappear; auto-hidden when nothing's
|
|
136
136
|
running.
|
|
137
|
-
- **DeepReid trigger**
|
|
137
|
+
- **DeepReid trigger** � type `deepread`/`deep reid` (a few spellings
|
|
138
138
|
accepted) at the very start of the box: it pulses green, and your message
|
|
139
|
-
runs through the real Researcher
|
|
139
|
+
runs through the real Researcher?Planner?Critic pipeline instead of a
|
|
140
140
|
normal turn. See "DeepReid" under Tools/What works now below.
|
|
141
|
-
- **Nyx mode**
|
|
141
|
+
- **Nyx mode** � `/nyx on` swaps the assistant's persona to a redteam/
|
|
142
142
|
offensive-security assistant for authorized pentesting and CTF work,
|
|
143
143
|
without changing what tools it can call or how the policy engine gates
|
|
144
144
|
them. See "Nyx (redteam mode)" below.
|
|
145
145
|
- **Keyboard shortcuts in the input box:**
|
|
146
|
-
-
|
|
147
|
-
-
|
|
146
|
+
- `?` / `?` � input history
|
|
147
|
+
- `?` / `?` � cycle reasoning effort (`low ? medium ? high ? xhigh`) when
|
|
148
148
|
the box is empty; otherwise they move the cursor normally
|
|
149
|
-
- `Ctrl+O`
|
|
150
|
-
- `Esc`
|
|
151
|
-
- `Ctrl+C`
|
|
149
|
+
- `Ctrl+O` � toggle collapsed/expanded reasoning + tool calls
|
|
150
|
+
- `Esc` � stop the in-flight response (only while one is generating)
|
|
151
|
+
- `Ctrl+C` � clear the current line; `Ctrl+D` � exit
|
|
152
152
|
- A small mascot renders next to the welcome banner on launch
|
|
153
|
-
(`render.py::banner`/`_MASCOT`)
|
|
153
|
+
(`render.py::banner`/`_MASCOT`) � purely cosmetic, easy to swap out.
|
|
154
154
|
|
|
155
155
|
---
|
|
156
156
|
|
|
@@ -160,13 +160,13 @@ input, and layout around it.
|
|
|
160
160
|
|
|
161
161
|
| Command | Purpose |
|
|
162
162
|
|---|---|
|
|
163
|
-
| `reid` | Launch the interactive TUI (default
|
|
164
|
-
| `reid interactive "<prompt>"` | Launch interactive mode and immediately submit `<prompt>` as the first turn
|
|
165
|
-
| `reid --file <path>` / `-f` | Same idea, but read the initial prompt from a text file
|
|
163
|
+
| `reid` | Launch the interactive TUI (default � no subcommand needed) |
|
|
164
|
+
| `reid interactive "<prompt>"` | Launch interactive mode and immediately submit `<prompt>` as the first turn � session stays open afterward |
|
|
165
|
+
| `reid --file <path>` / `-f` | Same idea, but read the initial prompt from a text file � works with `interactive`, `exec`, and the bare/no-subcommand form |
|
|
166
166
|
| `reid --nyx` | Launch with the Nyx redteam/offensive-security persona active from the start (also on `interactive` and `exec`) |
|
|
167
167
|
| `<cmd> \| reid` | Pipe a prompt via stdin as the initial turn (only applies to the bare/no-subcommand form) |
|
|
168
168
|
| `reid exec "<prompt>"` | Run a single prompt non-interactively (headless) |
|
|
169
|
-
| `reid deepreid "<task>"` | Plan + review `<task>` via the Researcher/Planner/Critic pipeline (headless, like `exec`)
|
|
169
|
+
| `reid deepreid "<task>"` | Plan + review `<task>` via the Researcher/Planner/Critic pipeline (headless, like `exec`) � no code changes, saves a Markdown plan |
|
|
170
170
|
| `reid resume <session-id>` | Resume a prior session, then enter interactive mode |
|
|
171
171
|
| `reid sessions` | List all sessions |
|
|
172
172
|
| `reid config-show` | Show the effective (merged) configuration |
|
|
@@ -178,7 +178,7 @@ input, and layout around it.
|
|
|
178
178
|
### Slash commands (inside the TUI)
|
|
179
179
|
|
|
180
180
|
Type `/` in the input box for a live completion menu of all of these with
|
|
181
|
-
descriptions
|
|
181
|
+
descriptions � the table below is the same information, grouped.
|
|
182
182
|
|
|
183
183
|
**Session**
|
|
184
184
|
|
|
@@ -268,7 +268,7 @@ inspect the goal hierarchy, evidence, blockers, and revisions.
|
|
|
268
268
|
| `/workflows` | List saved workflows |
|
|
269
269
|
| `/workflow save <name> [n]` | Save the last `n` user turns as a reusable workflow (default 5) |
|
|
270
270
|
| `/workflow show <name>` | Show a workflow's steps |
|
|
271
|
-
| `/workflow run <name>` | Run a workflow's steps in sequence
|
|
271
|
+
| `/workflow run <name>` | Run a workflow's steps in sequence � each step gets the same handling as typing it directly (slash commands and prompts both work, spinner/approval included) |
|
|
272
272
|
| `/workflow delete <name>` | Delete a workflow |
|
|
273
273
|
|
|
274
274
|
Workflows are global (not tied to a session or workspace) and persist to
|
|
@@ -296,7 +296,7 @@ from any other.
|
|
|
296
296
|
|
|
297
297
|
## Providers
|
|
298
298
|
|
|
299
|
-
`stub` (offline, deterministic) is always registered and always the default
|
|
299
|
+
`stub` (offline, deterministic) is always registered and always the default �
|
|
300
300
|
nothing auto-promotes over it. Real HTTP providers all speak stdlib `urllib`
|
|
301
301
|
(no extra dependency):
|
|
302
302
|
|
|
@@ -311,7 +311,7 @@ Two ways to get a real provider registered:
|
|
|
311
311
|
|
|
312
312
|
1. **Env vars** (Anthropic only, auto-registered at startup, never made
|
|
313
313
|
default): `ANTHROPIC_API_KEY`, `ANTHROPIC_BASE_URL`, `ANTHROPIC_MODEL`.
|
|
314
|
-
2. **`/connect`**
|
|
314
|
+
2. **`/connect`** � persists a `ProviderRecord` to
|
|
315
315
|
`<storage_root>/providers.json` (chmod `600` on POSIX) and registers it
|
|
316
316
|
immediately:
|
|
317
317
|
|
|
@@ -328,7 +328,7 @@ active provider or either built-in name (`stub`, `anthropic`).
|
|
|
328
328
|
|
|
329
329
|
`spawn_agent` (see Tools below) inherits the parent's active provider by
|
|
330
330
|
default, so switching to a local model at the top level applies to child
|
|
331
|
-
agents too
|
|
331
|
+
agents too � it can also be given a one-off `provider`/`model` override.
|
|
332
332
|
|
|
333
333
|
---
|
|
334
334
|
|
|
@@ -336,13 +336,13 @@ agents too — it can also be given a one-off `provider`/`model` override.
|
|
|
336
336
|
|
|
337
337
|
Nyx swaps the assistant's system prompt to a redteam/offensive-security
|
|
338
338
|
persona for authorized penetration testing, CTF competitions, and security
|
|
339
|
-
research
|
|
339
|
+
research � recon, exploit development, payload construction, privilege
|
|
340
340
|
escalation, C2 usage, and report writing, described directly rather than with
|
|
341
341
|
vague hedging. It still pushes back on requests with no stated engagement
|
|
342
342
|
scope, or mass-scale/destructive/indiscriminate techniques.
|
|
343
343
|
|
|
344
344
|
Nyx **only changes the system prompt.** Tool access and policy gating are
|
|
345
|
-
completely unaffected
|
|
345
|
+
completely unaffected � the `ToolRegistry`/`PolicyEngine`, not the prompt, is
|
|
346
346
|
the actual safety boundary (the same design used by DeepReid's role prompts).
|
|
347
347
|
|
|
348
348
|
Turn it on three ways:
|
|
@@ -366,43 +366,43 @@ or at runtime inside the TUI:
|
|
|
366
366
|
## Subagents (`spawn_agent`)
|
|
367
367
|
|
|
368
368
|
The agent can call `spawn_agent` to run a scoped child agent inline and block
|
|
369
|
-
on its result
|
|
369
|
+
on its result � useful for parallel research, focused review, or anything
|
|
370
370
|
that shouldn't pollute the main conversation's context. Each child gets:
|
|
371
371
|
|
|
372
372
|
- its **own** `Agent` + `PolicyEngine` (same config/mode as the parent, but
|
|
373
|
-
an independent instance
|
|
373
|
+
an independent instance � a child running in a stricter mode never mutates
|
|
374
374
|
the parent's)
|
|
375
375
|
- a **filtered `ToolRegistry`** built from an explicit `tool_allowlist` (default:
|
|
376
|
-
`read_file`, `list_dir`, `find_files`, `grep_files`
|
|
376
|
+
`read_file`, `list_dir`, `find_files`, `grep_files` � read-only). The child
|
|
377
377
|
literally cannot see or call anything outside that allowlist.
|
|
378
378
|
- the parent's **provider/model by default**, with optional per-call overrides
|
|
379
|
-
- **no** `spawn_agent` of its own
|
|
379
|
+
- **no** `spawn_agent` of its own � one layer of nesting only, so a runaway
|
|
380
380
|
chain of subagents can't spawn subagents of their own
|
|
381
381
|
|
|
382
382
|
Lifecycle is reported to a `SubagentManager` that the TUI's subagent panel
|
|
383
|
-
subscribes to (see "The interactive TUI" above)
|
|
383
|
+
subscribes to (see "The interactive TUI" above) � running/done/error, elapsed
|
|
384
384
|
time, last action.
|
|
385
385
|
|
|
386
386
|
---
|
|
387
387
|
|
|
388
388
|
## DeepReid
|
|
389
389
|
|
|
390
|
-
A real Researcher
|
|
390
|
+
A real Researcher?Planner?Critic subagent pipeline for planning and
|
|
391
391
|
reviewing a task before any code gets written:
|
|
392
392
|
|
|
393
|
-
- **Researcher**
|
|
393
|
+
- **Researcher** � read-only file tools + `web_search`, investigates the
|
|
394
394
|
codebase/web and produces a cited Findings list. Never writes files or
|
|
395
395
|
runs commands.
|
|
396
|
-
- **Planner**
|
|
396
|
+
- **Planner** � no tools, reasons only over the Findings, produces numbered
|
|
397
397
|
implementation steps + risks + open questions.
|
|
398
|
-
- **Critic**
|
|
398
|
+
- **Critic** � no tools, checks the Plan against the Findings for
|
|
399
399
|
unsupported claims, missing cases, and contradictions; ends with a
|
|
400
400
|
`Verdict: ready to build | needs revision | blocked on: ...` line.
|
|
401
401
|
- If the Critic asks for a revision, the Planner gets one more pass (capped
|
|
402
402
|
at 2 rounds total) before the pipeline returns.
|
|
403
403
|
|
|
404
404
|
Each role is a fresh, independent `Agent` + `RuntimeState` + `Session` +
|
|
405
|
-
`PolicyEngine`
|
|
405
|
+
`PolicyEngine` � not turns on one shared conversation � so the "Planner/Critic
|
|
406
406
|
have no tools" constraint is real (they can't see any prior tool output). All
|
|
407
407
|
three run in `AUTONOMOUS` mode internally regardless of the caller's
|
|
408
408
|
configured mode; the restricted tool registries are the actual safety
|
|
@@ -419,7 +419,7 @@ or type `deepread`/`deep reid` at the very start of the TUI's input box (the
|
|
|
419
419
|
border pulses green while the pipeline runs, with real-time progress shown
|
|
420
420
|
per stage).
|
|
421
421
|
|
|
422
|
-
DeepReid never writes files or runs commands itself
|
|
422
|
+
DeepReid never writes files or runs commands itself � building the plan is
|
|
423
423
|
still the regular single-agent loop, or a human, for now (see "What is
|
|
424
424
|
stubbed" below).
|
|
425
425
|
|
|
@@ -427,18 +427,18 @@ stubbed" below).
|
|
|
427
427
|
|
|
428
428
|
## Configuration
|
|
429
429
|
|
|
430
|
-
Config is merged in this precedence order (low
|
|
430
|
+
Config is merged in this precedence order (low ? high):
|
|
431
431
|
|
|
432
|
-
1. **Built-in defaults**
|
|
433
|
-
2. **Global config**
|
|
434
|
-
3. **Project config**
|
|
432
|
+
1. **Built-in defaults** � a stub provider, balanced mode
|
|
433
|
+
2. **Global config** � `~/.reidx/config.json`
|
|
434
|
+
3. **Project config** � `./.reidx/config.json`
|
|
435
435
|
4. **`settings.json`'s `reidx` block** (see below)
|
|
436
436
|
5. **Environment variables** (highest)
|
|
437
437
|
|
|
438
438
|
### `settings.json` (Claude-Code-shaped project settings)
|
|
439
439
|
|
|
440
440
|
ReidX also reads a Claude-Code-style `settings.json`: an `env` block
|
|
441
|
-
(applied to `os.environ` before anything reads credentials
|
|
441
|
+
(applied to `os.environ` before anything reads credentials � this is how a
|
|
442
442
|
project can bake in Anthropic-compatible proxy credentials even when the
|
|
443
443
|
shell's own `ANTHROPIC_*` vars point somewhere else) and an optional
|
|
444
444
|
`reidx` block (baked-in `default_provider`, `policy`, etc.). Unknown keys
|
|
@@ -449,7 +449,7 @@ Path resolution (first hit wins):
|
|
|
449
449
|
|
|
450
450
|
1. `$REIDCHAT_SETTINGS` (explicit override)
|
|
451
451
|
2. A project-local `settings.json`, found by walking upward from the current
|
|
452
|
-
directory the way `git` finds `.git`
|
|
452
|
+
directory the way `git` finds `.git` � so launching `reid` from any
|
|
453
453
|
subdirectory of a project still finds that project's file
|
|
454
454
|
3. `~/.reidx/settings.json` (global default)
|
|
455
455
|
4. `E:/leech/Reidchat.json` (legacy shared file)
|
|
@@ -500,13 +500,13 @@ The policy engine gates every tool call. Pick a mode that matches your trust lev
|
|
|
500
500
|
| `autonomous` | Low and medium allowed without prompts; high risk still prompts. |
|
|
501
501
|
| `custom` | Only explicit allowlists permit; everything else prompts. |
|
|
502
502
|
|
|
503
|
-
Path confinement is enforced in all modes
|
|
503
|
+
Path confinement is enforced in all modes � file tools cannot read or write outside
|
|
504
504
|
the workspace root (plus any configured `additional_writable_roots`). Shell commands
|
|
505
505
|
in the default denylist (`rm`, `rmdir`, `del`, `format`, `shutdown`, `reboot`, `mkfs`)
|
|
506
506
|
are always blocked.
|
|
507
507
|
|
|
508
508
|
This same policy engine is what actually gates `spawn_agent` children and Nyx
|
|
509
|
-
mode
|
|
509
|
+
mode � neither persona nor tool inheritance bypasses it.
|
|
510
510
|
|
|
511
511
|
Switch modes at runtime:
|
|
512
512
|
|
|
@@ -530,8 +530,8 @@ The agent loop calls tools through the registry. Each tool is policy-gated.
|
|
|
530
530
|
| `find_files` | low | Find files matching a glob pattern |
|
|
531
531
|
| `grep_files` | low | Search file contents with a regex |
|
|
532
532
|
| `run_command` | high | Run a shell command with policy approval and timeout |
|
|
533
|
-
| `web_search` | high | Search the web (DuckDuckGo, free, no API key)
|
|
534
|
-
| `spawn_agent` | medium | Run a scoped child agent (own policy engine + tool allowlist) and block for its result
|
|
533
|
+
| `web_search` | high | Search the web (DuckDuckGo, free, no API key) � see below |
|
|
534
|
+
| `spawn_agent` | medium | Run a scoped child agent (own policy engine + tool allowlist) and block for its result � see "Subagents" above |
|
|
535
535
|
|
|
536
536
|
All file tools confine access to the workspace root. Traversal outside is denied.
|
|
537
537
|
|
|
@@ -540,16 +540,16 @@ All file tools confine access to the workspace root. Traversal outside is denied
|
|
|
540
540
|
Free, no API key, stdlib-only (`urllib` + `re`). Two DuckDuckGo sources, tried
|
|
541
541
|
in order:
|
|
542
542
|
|
|
543
|
-
1. The official Instant Answer JSON API
|
|
543
|
+
1. The official Instant Answer JSON API � fast (~0.3s), but only populated
|
|
544
544
|
for factual/entity queries ("what is X").
|
|
545
|
-
2. The HTML-only search endpoint
|
|
545
|
+
2. The HTML-only search endpoint � slower and more exposed to DuckDuckGo's
|
|
546
546
|
anti-bot rate limiting, but covers general search queries the fast path
|
|
547
547
|
doesn't.
|
|
548
548
|
|
|
549
549
|
Results are cached in-memory per session (5 minute TTL) so repeated queries
|
|
550
550
|
don't re-hit the network. Sponsored/ad results are filtered out rather than
|
|
551
551
|
surfaced as raw tracking links. Gated as `ActionKind.NETWORK` (HIGH risk by
|
|
552
|
-
default) through the same policy engine as every other tool
|
|
552
|
+
default) through the same policy engine as every other tool � expect an
|
|
553
553
|
approval prompt in `balanced`/`strict` mode.
|
|
554
554
|
|
|
555
555
|
---
|
|
@@ -598,7 +598,7 @@ reid exec --nyx "recon plan for <authorized target>"
|
|
|
598
598
|
```
|
|
599
599
|
|
|
600
600
|
Output goes to stdout; tool-call count goes to stderr. Exit code is `0` on success,
|
|
601
|
-
`1` if no text was produced. The approver auto-allows in exec mode
|
|
601
|
+
`1` if no text was produced. The approver auto-allows in exec mode � set
|
|
602
602
|
`REIDX_PERMISSION_MODE=autonomous` for unattended runs, or `strict` to deny all
|
|
603
603
|
risky actions silently.
|
|
604
604
|
|
|
@@ -654,11 +654,11 @@ ReidX/
|
|
|
654
654
|
|
|
655
655
|
See the parent repo's design docs:
|
|
656
656
|
|
|
657
|
-
- `reidx-build-plan.md`
|
|
658
|
-
- `agent-first-cli-spec.md`
|
|
659
|
-
- `docs/reidx-architecture-audit.md`
|
|
660
|
-
- `docs/reidx-phase-5-plan.md`
|
|
661
|
-
- `../deepreid-spec.md`
|
|
657
|
+
- `reidx-build-plan.md` � full product definition and phase plan
|
|
658
|
+
- `agent-first-cli-spec.md` � generic agent-first CLI specification
|
|
659
|
+
- `docs/reidx-architecture-audit.md` � file-aware critique of this scaffold
|
|
660
|
+
- `docs/reidx-phase-5-plan.md` � correctness fixes + interaction upgrade
|
|
661
|
+
- `../deepreid-spec.md` � spec for DeepReid, the planning/review multi-agent
|
|
662
662
|
subsystem, now implemented (see above)
|
|
663
663
|
|
|
664
664
|
---
|
|
@@ -672,10 +672,10 @@ See the parent repo's design docs:
|
|
|
672
672
|
needed; real Anthropic/OpenAI/OpenAI-compatible/Ollama providers available
|
|
673
673
|
via env vars or `/connect`)
|
|
674
674
|
- Session create / list / resume with message history restoration
|
|
675
|
-
- Task tracking with status state machine (pending
|
|
675
|
+
- Task tracking with status state machine (pending ? active ? completed/failed/skipped)
|
|
676
676
|
- Goals: `/goal` manages per-session outcome/evidence/subgoal/milestone state
|
|
677
677
|
in `goals.json`; active goals are linked into new task metadata
|
|
678
|
-
- Policy engine with 4 modes, path confinement, command allowlist/denylist
|
|
678
|
+
- Policy engine with 4 modes, path confinement, command allowlist/denylist �
|
|
679
679
|
the single safety boundary for every tool, including subagents and Nyx mode
|
|
680
680
|
- 9 tools (file read/write/patch/list/find/grep + shell + free web search +
|
|
681
681
|
spawn_agent) all policy-gated
|
|
@@ -685,17 +685,17 @@ See the parent repo's design docs:
|
|
|
685
685
|
`~/.reidx/providers.json`
|
|
686
686
|
- Subagents: `spawn_agent` tool runs a scoped child agent (own policy engine +
|
|
687
687
|
tool allowlist, one layer of nesting), live TUI panel showing progress
|
|
688
|
-
- **DeepReid** (`src/reidx/deepreid/`): a real Researcher
|
|
689
|
-
subagent pipeline
|
|
688
|
+
- **DeepReid** (`src/reidx/deepreid/`): a real Researcher?Planner?Critic
|
|
689
|
+
subagent pipeline � each role is an independent `Agent`/`PolicyEngine`
|
|
690
690
|
(Planner/Critic get zero tools; Researcher gets read-only file tools +
|
|
691
691
|
`web_search` only), sequential, with a Critic-driven revision loop capped
|
|
692
|
-
at 2 rounds. Never writes files or runs commands
|
|
692
|
+
at 2 rounds. Never writes files or runs commands � output is a Markdown
|
|
693
693
|
plan+critique, saved to `~/.reidx/deepreid/<run-id>.md`. Two entry
|
|
694
694
|
points: `reid deepreid "<task>"` (headless CLI, like `exec`) and typing
|
|
695
695
|
`deepread`/`deep reid` at the start of the TUI's input box (border pulses
|
|
696
696
|
green while active, real-time progress shown per stage).
|
|
697
697
|
- **Nyx**: redteam/offensive-security persona, toggled via `--nyx` or
|
|
698
|
-
`/nyx on|off`
|
|
698
|
+
`/nyx on|off` � swaps the system prompt only; tool access/policy gating are
|
|
699
699
|
unchanged
|
|
700
700
|
- Claude-Code-shaped `settings.json` support (env block + baked-in `reidx`
|
|
701
701
|
config block), project-local with upward directory search
|
|
@@ -707,10 +707,10 @@ See the parent repo's design docs:
|
|
|
707
707
|
|
|
708
708
|
## What is stubbed (extension-ready)
|
|
709
709
|
|
|
710
|
-
- **MCP**
|
|
711
|
-
- **Patch tool**
|
|
712
|
-
- **Automation**
|
|
713
|
-
- **DeepReid Builder role**
|
|
710
|
+
- **MCP** � config schema + lifecycle slots; stdio/JSON-RPC is TODO
|
|
711
|
+
- **Patch tool** � single exact-match replace; structured edits + diff preview TODO
|
|
712
|
+
- **Automation** � one-shot exec; scheduling/background TODO
|
|
713
|
+
- **DeepReid Builder role** � a subagent that actually implements an
|
|
714
714
|
approved plan is explicitly out of scope for v1 (per `../deepreid-spec.md`);
|
|
715
715
|
building is still the regular single-agent loop, or a human, for now.
|
|
716
716
|
- **Escape-to-stop** only interrupts the normal turn loop (`Agent.run_turn`);
|
package/package.json
CHANGED
package/pyproject.toml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
[project]
|
|
2
2
|
name = "reidx"
|
|
3
|
-
version = "2.
|
|
4
|
-
description = "Terminal-native personal intelligence and coding CLI (agent-first runtime)"
|
|
3
|
+
version = "2.1.1"
|
|
4
|
+
description = "Terminal-native personal intelligence and coding CLI (agent-first runtime)"
|
|
5
5
|
readme = "README.md"
|
|
6
6
|
requires-python = ">=3.12"
|
|
7
7
|
license = { text = "MIT" }
|
package/src/reidx/__init__.py
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
|
|
1
|
+
"""ReidX: terminal-native agent-first CLI runtime."""
|
|
2
2
|
|
|
3
|
-
__version__ = "2.
|
|
3
|
+
__version__ = "2.1.1"
|
|
@@ -456,6 +456,7 @@ class ProviderPalette:
|
|
|
456
456
|
existing = self.db.get_provider(d.name)
|
|
457
457
|
if existing:
|
|
458
458
|
self.current_provider = existing
|
|
459
|
+
self._register_current()
|
|
459
460
|
self.screen = self.MANAGE
|
|
460
461
|
else:
|
|
461
462
|
sp = StoredProvider(
|
|
@@ -475,6 +476,7 @@ class ProviderPalette:
|
|
|
475
476
|
self.screen = self.MANAGE
|
|
476
477
|
self.selected_index = 0
|
|
477
478
|
self._scroll_offset = 0
|
|
479
|
+
self._register_current()
|
|
478
480
|
self._invalidate()
|
|
479
481
|
|
|
480
482
|
def _on_keys_select(self, item: PaletteItem) -> None:
|