@andyqiu/codeforge 0.5.10 → 0.5.11

package/dist/index.js

@@ -13262,12 +13262,25 @@ async function mergeSessionBack(opts) {
   }
   const hasDevOnce = await packageHasScript(mainRoot, "dev:once");
   if (hasDevOnce) {
-    try {
-      await runCmd("npm", ["run", "dev:once"], mainRoot);
-    } catch (err) {
-      await runGit2(mainRoot, ["reset", "--hard", "HEAD"]).catch(() => {});
-      const msg = err instanceof Error ? err.message : String(err);
-      throw new Error(`dev:once 失败已 reset 主仓: ${msg}`);
+    const stagedRaw = await runGit2(mainRoot, [
+      "diff",
+      "--cached",
+      "--name-only",
+      "--diff-filter=ACMR"
+    ]);
+    const stagedPaths = stagedRaw.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    const canSkipDevOnce = await shouldSkipDevOnce(mainRoot, stagedPaths);
+    if (canSkipDevOnce) {
+      const sourceCount = stagedPaths.filter((p) => /^(plugins|lib|src)\//.test(p) && !/\.(md|test\.ts)$/.test(p)).length;
+      console.log(`[session-worktree] skip dev:once: dist 已是最新（${sourceCount} staged 源文件 mtime <= dist mtime）`);
+    } else {
+      try {
+        await runCmd("npm", ["run", "dev:once"], mainRoot);
+      } catch (err) {
+        await runGit2(mainRoot, ["reset", "--hard", "HEAD"]).catch(() => {});
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`dev:once 失败已 reset 主仓: ${msg}`);
+      }
     }
   } else {
     console.log(`[session-worktree] skip dev:once: not configured in ${mainRoot}/package.json`);
@@ -13275,7 +13288,9 @@ async function mergeSessionBack(opts) {
   const squashedRaw = await runGit2(wt, ["log", "--format=%s", `${baseSha}..HEAD`]);
   const squashedCommits = squashedRaw.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
   const message = opts.commitMessage ?? buildMergeMessage(opts.sessionId, branch, baseSha, squashedCommits);
-  await runGit2(mainRoot, ["commit", "-m", message]);
+  await runGitWithEnv(mainRoot, ["commit", "-m", message], {
+    SKIP_DEV_SYNC_CHECK: "1"
+  });
   const newSha = (await runGit2(mainRoot, ["rev-parse", "HEAD"])).trim();
   try {
     await removeWorktree({ root: mainRoot, worktree_path: wt, force: true });
@@ -13376,6 +13391,24 @@ function runGit2(cwd, args, timeoutMs = 1e4) {
     });
   });
 }
+function runGitWithEnv(cwd, args, envOverrides, timeoutMs = 1e4) {
+  const inheritedEnv = process["env"];
+  return new Promise((resolve11, reject) => {
+    execFile3("git", args, {
+      cwd,
+      timeout: timeoutMs,
+      windowsHide: true,
+      encoding: "utf8",
+      env: Object.assign({}, inheritedEnv, envOverrides)
+    }, (err, stdout, stderr) => {
+      if (err) {
+        reject(new Error(`git ${args.join(" ")} (cwd=${cwd}) 失败: ${stderr?.trim() || err.message}`));
+        return;
+      }
+      resolve11(stdout);
+    });
+  });
+}
 async function packageHasScript(mainRoot, scriptName) {
   try {
     const pkgPath = path13.join(mainRoot, "package.json");
@@ -13388,7 +13421,31 @@ async function packageHasScript(mainRoot, scriptName) {
     return false;
   }
 }
-function runCmd(cmd, args, cwd, timeoutMs = 120000) {
+async function shouldSkipDevOnce(mainRoot, stagedPaths) {
+  let distMtimeSec;
+  try {
+    const st = await fs10.stat(path13.join(mainRoot, "dist/index.js"));
+    distMtimeSec = Math.floor(st.mtimeMs / 1000);
+  } catch {
+    return false;
+  }
+  const relevant = stagedPaths.filter((p) => /^(plugins|lib|src)\//.test(p) && !/\.(md|test\.ts)$/.test(p));
+  if (relevant.length === 0)
+    return true;
+  for (const rel of relevant) {
+    try {
+      const abs = path13.join(mainRoot, rel);
+      const st = await fs10.stat(abs);
+      const srcMtimeSec = Math.floor(st.mtimeMs / 1000);
+      if (srcMtimeSec > distMtimeSec)
+        return false;
+    } catch {
+      return false;
+    }
+  }
+  return true;
+}
+function runCmd(cmd, args, cwd, timeoutMs = 300000) {
   return new Promise((resolve11, reject) => {
     execFile3(cmd, args, { cwd, timeout: timeoutMs, windowsHide: true, encoding: "utf8" }, (err, stdout, stderr) => {
       if (err) {
@@ -21232,7 +21289,11 @@ var RISK_PATTERNS = [
     kinds: ["bash", "other"],
     re: /\b(DROP\s+(DATABASE|TABLE)|TRUNCATE\s+TABLE|DROP\s+SCHEMA)\b/i
   },
-  { tag: "write_secrets", re: /(\.env(?:\.\w+)?|id_[edr]sa|\.ssh\/id_|\.pem|\.p12|secret\.json)/i },
+  {
+    tag: "write_secrets",
+    re: /(\.env(?:\.\w+)?|id_[edr]sa|\.ssh\/id_|\.pem|\.p12|secret\.json)/i,
+    matchOn: ["command", "filePath", "path"]
+  },
   {
     tag: "write_etc",
     kinds: ["bash", "edit"],
@@ -21313,11 +21374,11 @@ function classifyTool(tool2) {
 }
 function evaluateRisk(tool2, args) {
   const kind = classifyTool(tool2);
-  const haystack = buildHaystack(args);
   const hits = [];
   for (const pattern of RISK_PATTERNS) {
     if (pattern.kinds && !pattern.kinds.includes(kind))
       continue;
+    const haystack = buildHaystackFor(args, pattern.matchOn);
     const m = haystack.match(pattern.re);
     if (m) {
       hits.push({
@@ -21338,6 +21399,19 @@ function buildHaystack(args) {
     return String(args);
   }
 }
+function buildHaystackFor(args, matchOn) {
+  if (!matchOn || matchOn.length === 0) {
+    return buildHaystack(args);
+  }
+  const parts = [];
+  for (const key of matchOn) {
+    if (key in args) {
+      const val = args[key];
+      parts.push(typeof val === "string" ? val : JSON.stringify(val));
+    }
+  }
+  return parts.join(" ");
+}
 
 // lib/file-regex-acl.ts
 import * as path23 from "node:path";
@@ -21636,7 +21710,7 @@ import * as zlib from "node:zlib";
 // lib/version-injected.ts
 function getInjectedVersion() {
   try {
-    const v = "0.5.10";
+    const v = "0.5.11";
     if (typeof v === "string" && /^\d+\.\d+\.\d+/.test(v)) {
       return v;
     }
@@ -22970,6 +23044,20 @@ function commandContainsMainRoot(command, mainRoot) {
   const re = new RegExp(`${escapeRegex2(mainRoot)}(?=[\\s'"\`)]|$)`);
   return re.test(command);
 }
+function commandContainsMainRootExcludingWorktree(command, mainRoot, worktreePath) {
+  if (!worktreePath || worktreePath === mainRoot) {
+    return commandContainsMainRoot(command, mainRoot);
+  }
+  const wtpIdx = command.indexOf(worktreePath);
+  if (wtpIdx !== -1) {
+    const afterWtp = command.slice(wtpIdx + worktreePath.length);
+    if (/(?:^|[/\\])\.\.(?:[/\\\s'";|<>]|$)/.test(afterWtp)) {
+      return true;
+    }
+  }
+  const sanitized = command.split(worktreePath).join("");
+  return commandContainsMainRoot(sanitized, mainRoot);
+}
 function detectBashWriteIntent(command, mainRoot) {
   if (isReadOnlyBashCommand(command))
     return false;
@@ -23227,7 +23315,7 @@ var sessionWorktreeGuardPlugin = async (ctx) => {
         }
         if (toolName === "bash") {
           const command = argsObj["command"];
-          if (typeof command === "string" && commandContainsMainRoot(command, mainRoot) && detectBashWriteIntent(command, mainRoot)) {
+          if (typeof command === "string" && commandContainsMainRootExcludingWorktree(command, mainRoot, worktreePath) && detectBashWriteIntent(command, mainRoot)) {
             const caller = await resolveAgentForGuard({ sessionID: input.sessionID, agent: input.agent }, ctx.client, log14);
             if (caller !== null && CLASS_B_CALLER_WHITELIST.has(caller)) {
               log14.debug?.(`[class-b-whitelist] allow caller=${caller}`, { sessionId, tool: toolName, command: command.slice(0, 200) });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@andyqiu/codeforge",
-  "version": "0.5.10",
+  "version": "0.5.11",
   "description": "CodeForge — opencode 的零侵入扩展包",
   "type": "module",
   "private": false,