@andyqiu/codeforge 0.5.9 → 0.5.11

package/dist/index.js

@@ -13262,12 +13262,25 @@ async function mergeSessionBack(opts) {
   }
   const hasDevOnce = await packageHasScript(mainRoot, "dev:once");
   if (hasDevOnce) {
-    try {
-      await runCmd("npm", ["run", "dev:once"], mainRoot);
-    } catch (err) {
-      await runGit2(mainRoot, ["reset", "--hard", "HEAD"]).catch(() => {});
-      const msg = err instanceof Error ? err.message : String(err);
-      throw new Error(`dev:once 失败已 reset 主仓: ${msg}`);
+    const stagedRaw = await runGit2(mainRoot, [
+      "diff",
+      "--cached",
+      "--name-only",
+      "--diff-filter=ACMR"
+    ]);
+    const stagedPaths = stagedRaw.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
+    const canSkipDevOnce = await shouldSkipDevOnce(mainRoot, stagedPaths);
+    if (canSkipDevOnce) {
+      const sourceCount = stagedPaths.filter((p) => /^(plugins|lib|src)\//.test(p) && !/\.(md|test\.ts)$/.test(p)).length;
+      console.log(`[session-worktree] skip dev:once: dist 已是最新（${sourceCount} staged 源文件 mtime <= dist mtime）`);
+    } else {
+      try {
+        await runCmd("npm", ["run", "dev:once"], mainRoot);
+      } catch (err) {
+        await runGit2(mainRoot, ["reset", "--hard", "HEAD"]).catch(() => {});
+        const msg = err instanceof Error ? err.message : String(err);
+        throw new Error(`dev:once 失败已 reset 主仓: ${msg}`);
+      }
     }
   } else {
     console.log(`[session-worktree] skip dev:once: not configured in ${mainRoot}/package.json`);
@@ -13275,7 +13288,9 @@ async function mergeSessionBack(opts) {
   const squashedRaw = await runGit2(wt, ["log", "--format=%s", `${baseSha}..HEAD`]);
   const squashedCommits = squashedRaw.split(/\r?\n/).map((s) => s.trim()).filter(Boolean);
   const message = opts.commitMessage ?? buildMergeMessage(opts.sessionId, branch, baseSha, squashedCommits);
-  await runGit2(mainRoot, ["commit", "-m", message]);
+  await runGitWithEnv(mainRoot, ["commit", "-m", message], {
+    SKIP_DEV_SYNC_CHECK: "1"
+  });
   const newSha = (await runGit2(mainRoot, ["rev-parse", "HEAD"])).trim();
   try {
     await removeWorktree({ root: mainRoot, worktree_path: wt, force: true });
@@ -13376,6 +13391,24 @@ function runGit2(cwd, args, timeoutMs = 1e4) {
     });
   });
 }
+function runGitWithEnv(cwd, args, envOverrides, timeoutMs = 1e4) {
+  const inheritedEnv = process["env"];
+  return new Promise((resolve11, reject) => {
+    execFile3("git", args, {
+      cwd,
+      timeout: timeoutMs,
+      windowsHide: true,
+      encoding: "utf8",
+      env: Object.assign({}, inheritedEnv, envOverrides)
+    }, (err, stdout, stderr) => {
+      if (err) {
+        reject(new Error(`git ${args.join(" ")} (cwd=${cwd}) 失败: ${stderr?.trim() || err.message}`));
+        return;
+      }
+      resolve11(stdout);
+    });
+  });
+}
 async function packageHasScript(mainRoot, scriptName) {
   try {
     const pkgPath = path13.join(mainRoot, "package.json");
@@ -13388,7 +13421,31 @@ async function packageHasScript(mainRoot, scriptName) {
     return false;
   }
 }
-function runCmd(cmd, args, cwd, timeoutMs = 120000) {
+async function shouldSkipDevOnce(mainRoot, stagedPaths) {
+  let distMtimeSec;
+  try {
+    const st = await fs10.stat(path13.join(mainRoot, "dist/index.js"));
+    distMtimeSec = Math.floor(st.mtimeMs / 1000);
+  } catch {
+    return false;
+  }
+  const relevant = stagedPaths.filter((p) => /^(plugins|lib|src)\//.test(p) && !/\.(md|test\.ts)$/.test(p));
+  if (relevant.length === 0)
+    return true;
+  for (const rel of relevant) {
+    try {
+      const abs = path13.join(mainRoot, rel);
+      const st = await fs10.stat(abs);
+      const srcMtimeSec = Math.floor(st.mtimeMs / 1000);
+      if (srcMtimeSec > distMtimeSec)
+        return false;
+    } catch {
+      return false;
+    }
+  }
+  return true;
+}
+function runCmd(cmd, args, cwd, timeoutMs = 300000) {
   return new Promise((resolve11, reject) => {
     execFile3(cmd, args, { cwd, timeout: timeoutMs, windowsHide: true, encoding: "utf8" }, (err, stdout, stderr) => {
       if (err) {
@@ -13563,8 +13620,8 @@ async function pruneOrphanWorktrees(mainRoot) {
 var DEFAULT_MERGE_LOOP_CONFIG = {
   maxReviewLoops: 3,
   autoCoder: true,
-  reviewTimeoutMs: 600000,
-  coderTimeoutMs: 1800000,
+  reviewTimeoutMs: 180000,
+  coderTimeoutMs: 600000,
   abortDirtyStrategy: "checkpoint"
 };
 async function runMergeLoop(opts) {
@@ -13614,7 +13671,11 @@ async function runMergeLoop(opts) {
         maxRounds: config.maxReviewLoops,
         ...lastReviewSummary ? { prevSummary: lastReviewSummary } : {},
         ...opts.signal ? { signal: opts.signal } : {}
-      }), config.reviewTimeoutMs, `reviewer 第 ${loops} 轮`, opts.signal);
+      }), config.reviewTimeoutMs, `reviewer 第 ${loops} 轮`, opts.signal, {
+        onHeartbeat: (elapsedMs) => {
+          progress("dispatch_review", `reviewer 第 ${loops}/${config.maxReviewLoops} 轮仍在运行，已等待 ${Math.round(elapsedMs / 1000)}s`);
+        }
+      });
     } catch (err) {
       const e = err;
       if (isAbortError2(e)) {
@@ -13683,7 +13744,11 @@ async function runMergeLoop(opts) {
         ...opts.planId ? { planId: opts.planId } : {},
         reviewerSummary: reviewResult.summary,
         ...opts.signal ? { signal: opts.signal } : {}
-      }), config.coderTimeoutMs, `coder round ${loops}`, opts.signal);
+      }), config.coderTimeoutMs, `coder round ${loops}`, opts.signal, {
+        onHeartbeat: (elapsedMs) => {
+          progress("dispatch_coder", `coder round ${loops} 仍在运行，已等待 ${Math.round(elapsedMs / 1000)}s`);
+        }
+      });
       progress("wait_coder", `coder 完成: ${coderResult.ok ? "ok" : "fail"} - ${coderResult.summary}`);
       if (!coderResult.ok) {
         return {
@@ -13766,34 +13831,50 @@ async function handleAbortDirty(opts, config, entry) {
 function isAbortError2(err) {
   return err instanceof Error && err.name === "AbortError";
 }
-function withTimeout2(p, ms, label, signal) {
+function withTimeout2(p, ms, label, signal, hbOpts) {
   return new Promise((resolve11, reject) => {
-    const timer = setTimeout(() => {
+    const startedAt = Date.now();
+    let hbTimer = null;
+    let timer;
+    const cleanup = () => {
+      clearTimeout(timer);
+      if (hbTimer)
+        clearInterval(hbTimer);
+      if (signal)
+        signal.removeEventListener("abort", onAbort);
+    };
+    timer = setTimeout(() => {
+      cleanup();
       reject(new Error(`${label} 超时 (${ms}ms)`));
     }, ms);
+    const hbInterval = hbOpts?.heartbeatIntervalMs ?? 30000;
+    const hbCb = hbOpts?.onHeartbeat;
+    if (hbCb) {
+      hbTimer = setInterval(() => {
+        try {
+          hbCb(Date.now() - startedAt);
+        } catch {}
+      }, hbInterval);
+    }
     const onAbort = () => {
-      clearTimeout(timer);
+      cleanup();
       const err = new Error(`${label} aborted by signal`);
       err.name = "AbortError";
       reject(err);
     };
     if (signal) {
       if (signal.aborted) {
-        clearTimeout(timer);
+        cleanup();
         onAbort();
         return;
       }
       signal.addEventListener("abort", onAbort, { once: true });
     }
     p.then((v) => {
-      clearTimeout(timer);
-      if (signal)
-        signal.removeEventListener("abort", onAbort);
+      cleanup();
       resolve11(v);
     }, (e) => {
-      clearTimeout(timer);
-      if (signal)
-        signal.removeEventListener("abort", onAbort);
+      cleanup();
       reject(e);
     });
   });
@@ -14901,7 +14982,7 @@ class ProductionSpawner {
         prompt,
         title: `[merge-review] sess=${args.sessionId.slice(0, 8)} r=${args.round}/${args.maxRounds}`,
         ...args.signal ? { signal: args.signal } : {},
-        timeoutMs: this.opts.reviewerTimeoutMs ?? 600000
+        timeoutMs: this.opts.reviewerTimeoutMs ?? 180000
       }, args.sessionId);
     } catch (err) {
       throw err;
@@ -14933,7 +15014,7 @@ ${r.text.slice(0, 800)}`
         prompt,
         title: `[merge-fix] sess=${args.sessionId.slice(0, 8)}`,
         ...args.signal ? { signal: args.signal } : {},
-        timeoutMs: this.opts.coderTimeoutMs ?? 1800000
+        timeoutMs: this.opts.coderTimeoutMs ?? 600000
       }, args.sessionId);
     } catch (err) {
       throw err;
@@ -21208,7 +21289,11 @@ var RISK_PATTERNS = [
     kinds: ["bash", "other"],
     re: /\b(DROP\s+(DATABASE|TABLE)|TRUNCATE\s+TABLE|DROP\s+SCHEMA)\b/i
   },
-  { tag: "write_secrets", re: /(\.env(?:\.\w+)?|id_[edr]sa|\.ssh\/id_|\.pem|\.p12|secret\.json)/i },
+  {
+    tag: "write_secrets",
+    re: /(\.env(?:\.\w+)?|id_[edr]sa|\.ssh\/id_|\.pem|\.p12|secret\.json)/i,
+    matchOn: ["command", "filePath", "path"]
+  },
   {
     tag: "write_etc",
     kinds: ["bash", "edit"],
@@ -21289,11 +21374,11 @@ function classifyTool(tool2) {
 }
 function evaluateRisk(tool2, args) {
   const kind = classifyTool(tool2);
-  const haystack = buildHaystack(args);
   const hits = [];
   for (const pattern of RISK_PATTERNS) {
     if (pattern.kinds && !pattern.kinds.includes(kind))
       continue;
+    const haystack = buildHaystackFor(args, pattern.matchOn);
     const m = haystack.match(pattern.re);
     if (m) {
       hits.push({
@@ -21314,6 +21399,19 @@ function buildHaystack(args) {
     return String(args);
   }
 }
+function buildHaystackFor(args, matchOn) {
+  if (!matchOn || matchOn.length === 0) {
+    return buildHaystack(args);
+  }
+  const parts = [];
+  for (const key of matchOn) {
+    if (key in args) {
+      const val = args[key];
+      parts.push(typeof val === "string" ? val : JSON.stringify(val));
+    }
+  }
+  return parts.join(" ");
+}
 
 // lib/file-regex-acl.ts
 import * as path23 from "node:path";
@@ -21612,7 +21710,7 @@ import * as zlib from "node:zlib";
 // lib/version-injected.ts
 function getInjectedVersion() {
   try {
-    const v = "0.5.9";
+    const v = "0.5.11";
     if (typeof v === "string" && /^\d+\.\d+\.\d+/.test(v)) {
       return v;
     }
@@ -22915,10 +23013,19 @@ function buildGitVcsWriteRegex(mainRoot) {
   return new RegExp(`git\\b[^\\n]*(?:-C\\s+|--work-tree[=\\s])${esc}`);
 }
 var WRITE_TOOLS = new Set(["write", "edit", "ast_edit"]);
+var CLASS_B_CALLER_WHITELIST = new Set([
+  "codeforge",
+  "reviewer",
+  "general"
+]);
 function rewritePath(value, mainRoot, worktreeRoot) {
   if (!value)
     return null;
   const resolved = path27.isAbsolute(value) ? value : path27.resolve(mainRoot, value);
+  const wtPrefix2 = worktreeRoot.endsWith("/") ? worktreeRoot : worktreeRoot + "/";
+  if (resolved === worktreeRoot || resolved.startsWith(wtPrefix2)) {
+    return null;
+  }
   if (resolved === mainRoot)
     return worktreeRoot;
   const prefix = mainRoot.endsWith("/") ? mainRoot : mainRoot + "/";
@@ -22937,6 +23044,20 @@ function commandContainsMainRoot(command, mainRoot) {
   const re = new RegExp(`${escapeRegex2(mainRoot)}(?=[\\s'"\`)]|$)`);
   return re.test(command);
 }
+function commandContainsMainRootExcludingWorktree(command, mainRoot, worktreePath) {
+  if (!worktreePath || worktreePath === mainRoot) {
+    return commandContainsMainRoot(command, mainRoot);
+  }
+  const wtpIdx = command.indexOf(worktreePath);
+  if (wtpIdx !== -1) {
+    const afterWtp = command.slice(wtpIdx + worktreePath.length);
+    if (/(?:^|[/\\])\.\.(?:[/\\\s'";|<>]|$)/.test(afterWtp)) {
+      return true;
+    }
+  }
+  const sanitized = command.split(worktreePath).join("");
+  return commandContainsMainRoot(sanitized, mainRoot);
+}
 function detectBashWriteIntent(command, mainRoot) {
   if (isReadOnlyBashCommand(command))
     return false;
@@ -23194,20 +23315,36 @@ var sessionWorktreeGuardPlugin = async (ctx) => {
         }
         if (toolName === "bash") {
           const command = argsObj["command"];
-          if (typeof command === "string" && commandContainsMainRoot(command, mainRoot) && detectBashWriteIntent(command, mainRoot)) {
-            const snippet = command.length > 60 ? command.slice(0, 60) + "…" : command;
-            const reason = `[session-worktree-guard] DENIED: bash.command 含主仓绝对路径写操作 (${snippet})，请在当前 session worktree (${worktreePath}) 内操作`;
-            log14.warn(reason, { sessionId, command: command.slice(0, 200) });
-            safeWriteLog(PLUGIN_NAME25, {
-              hook: "tool.execute.before",
-              tool: toolName,
-              sessionID: input.sessionID,
-              action: "deny",
-              source: "bash-write-intent",
-              command: command.slice(0, 200)
-            });
-            denied = new DeniedError(reason);
-            return;
+          if (typeof command === "string" && commandContainsMainRootExcludingWorktree(command, mainRoot, worktreePath) && detectBashWriteIntent(command, mainRoot)) {
+            const caller = await resolveAgentForGuard({ sessionID: input.sessionID, agent: input.agent }, ctx.client, log14);
+            if (caller !== null && CLASS_B_CALLER_WHITELIST.has(caller)) {
+              log14.debug?.(`[class-b-whitelist] allow caller=${caller}`, { sessionId, tool: toolName, command: command.slice(0, 200) });
+              safeWriteLog(PLUGIN_NAME25, {
+                hook: "tool.execute.before",
+                tool: toolName,
+                sessionID: input.sessionID,
+                action: "allow-whitelist",
+                source: "class-b-caller-whitelist",
+                caller,
+                command: command.slice(0, 200)
+              });
+            } else {
+              const callerTag = caller === null ? "unresolved" : caller;
+              const snippet = command.length > 60 ? command.slice(0, 60) + "…" : command;
+              const reason = `[session-worktree-guard] DENIED: bash.command 含主仓绝对路径写操作 (${snippet}) [caller=${callerTag}]，请在当前 session worktree (${worktreePath}) 内操作`;
+              log14.warn(reason, { sessionId, caller: callerTag, command: command.slice(0, 200) });
+              safeWriteLog(PLUGIN_NAME25, {
+                hook: "tool.execute.before",
+                tool: toolName,
+                sessionID: input.sessionID,
+                action: "deny",
+                source: "bash-write-intent",
+                caller: callerTag,
+                command: command.slice(0, 200)
+              });
+              denied = new DeniedError(reason);
+              return;
+            }
           }
         }
         if (toolName === "write" || toolName === "edit") {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@andyqiu/codeforge",
-  "version": "0.5.9",
+  "version": "0.5.11",
   "description": "CodeForge — opencode 的零侵入扩展包",
   "type": "module",
   "private": false,