@banaxi/banana-code 1.6.0 → 1.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@banaxi/banana-code",
-    "version": "1.6.0",
+    "version": "1.7.0",
     "description": "🍌 BananaCode",
     "keywords": [
         "banana",

package/src/config.js

@@ -186,6 +186,7 @@ async function runSetupWizard() {
     });
 
     const config = await setupProvider(provider);
+    config.useMemory = true;
 
     await saveConfig(config);
     console.log(chalk.yellow.bold("\nYou're all peeled and ready. Type your first message!\n"));

package/src/constants.js

@@ -24,10 +24,11 @@ export const OLLAMA_CLOUD_MODELS = [
     { name: 'Kimi K2.5 (Cloud)', value: 'kimi-k2.5:cloud' },
     { name: 'Qwen 3.5 397B (Cloud)', value: 'qwen3.5:397b-cloud' },
     { name: 'DeepSeek V3.2 (Cloud)', value: 'deepseek-v3.2:cloud' },
-    { name: 'GLM-5 (Cloud)', value: 'glm-5:cloud' },
+    { name: 'GLM-5.1 (Cloud)', value: 'glm-5.1:cloud' },
     { name: 'MiniMax M2.7 (Cloud)', value: 'minimax-m2.7:cloud' },
     { name: 'Llama 3.3 70B (Cloud)', value: 'llama3.3:cloud' },
-    { name: 'Llama 3.1 405B (Cloud)', value: 'llama3.1:405b-cloud' }
+    { name: 'Llama 3.1 405B (Cloud)', value: 'llama3.1:405b-cloud' },
+    { name: 'Gemma 4 31B (Cheapest, Very Good Code)', value: 'gemma4:31b-cloud' }
 ];
 
 export const MISTRAL_MODELS = [

package/src/index.js

@@ -3,7 +3,7 @@ import chalk from 'chalk';
 import ora from 'ora';
 import { loadConfig, saveConfig, setupProvider } from './config.js';
 import { runStartup } from './startup.js';
-import { getSessionPermissions } from './permissions.js';
+import { getSessionPermissions, setYoloMode } from './permissions.js';
 
 import { GeminiProvider } from './providers/gemini.js';
 import { ClaudeProvider } from './providers/claude.js';
@@ -325,7 +325,7 @@ async function handleSlashCommand(command) {
                     {
                         name: 'Enable Global AI Memory (Allows AI to save facts persistently)',
                         value: 'useMemory',
-                        checked: config.useMemory || false
+                        checked: config.useMemory !== false
                     }
                 ]
             });
@@ -375,6 +375,8 @@ async function handleSlashCommand(command) {
             break;
         case '/plan':
             config.planMode = true;
+            config.askMode = false;
+            config.securityMode = false;
             await saveConfig(config);
             if (providerInstance) {
                 const savedMessages = providerInstance.messages;
@@ -385,8 +387,52 @@ async function handleSlashCommand(command) {
             }
             console.log(chalk.magenta(`Plan mode enabled. For significant changes, the AI will now propose an implementation plan before writing code.`));
             break;
+        case '/ask':
+            config.askMode = true;
+            config.planMode = false;
+            config.securityMode = false;
+            await saveConfig(config);
+            if (providerInstance) {
+                const savedMessages = providerInstance.messages;
+                providerInstance = createProvider();
+                providerInstance.messages = savedMessages;
+            } else {
+                providerInstance = createProvider();
+            }
+            console.log(chalk.blue(`Ask mode enabled. The AI will only answer questions and cannot edit files.`));
+            break;
+        case '/security':
+            config.securityMode = true;
+            config.askMode = false;
+            config.planMode = false;
+            await saveConfig(config);
+            if (providerInstance) {
+                const savedMessages = providerInstance.messages;
+                providerInstance = createProvider();
+                providerInstance.messages = savedMessages;
+            } else {
+                providerInstance = createProvider();
+            }
+            console.log(chalk.red(`Security mode enabled. The AI will look for and help fix vulnerabilities.`));
+            console.log(chalk.yellow(`Disclaimer: Please only use this mode for defensive purposes to secure your own code, and do not use the identified vulnerabilities maliciously.`));
+            break;
+        case '/yolo':
+            config.yolo = !config.yolo;
+            setYoloMode(config.yolo);
+            await saveConfig(config);
+            if (providerInstance) {
+                const savedMessages = providerInstance.messages;
+                providerInstance = createProvider();
+                providerInstance.messages = savedMessages;
+            } else {
+                providerInstance = createProvider();
+            }
+            console.log(config.yolo ? chalk.bgRed.white.bold('\n ⚠️ YOLO MODE ENABLED - All permission requests will be auto-accepted! \n') : chalk.green('\nYOLO mode disabled.\n'));
+            break;
         case '/agent':
             config.planMode = false;
+            config.askMode = false;
+            config.securityMode = false;
             await saveConfig(config);
             if (providerInstance) {
                 const savedMessages = providerInstance.messages;
@@ -438,7 +484,7 @@ async function handleSlashCommand(command) {
             }
             break;
         case '/memory':
-            if (!config.useMemory) {
+            if (config.useMemory === false) {
                 console.log(chalk.yellow("Global AI Memory is disabled. Enable it in /settings first."));
                 break;
             }
@@ -539,6 +585,7 @@ Available commands:
   /init            - Generate a BANANA.md project summary file
   /plan            - Enable Plan Mode (AI proposes a plan for big changes)
   /agent           - Enable Agent Mode (default, AI edits directly)
+  /yolo            - Toggle YOLO mode (skip all permission requests)
   /debug           - Toggle debug mode (show tool results)
   /help            - Show all commands
   /exit            - Quit Banana Code
@@ -667,7 +714,10 @@ function drawPromptBox(inputText, cursorPos) {
     // Redraw status bar and separator (they are always below the prompt)
     const modelDisplay = providerInstance ? providerInstance.modelName : (config.model || 'unknown');
     const providerDisplay = config.provider.toUpperCase();
-    const modeDisplay = config.planMode ? chalk.magenta('PLAN MODE') : chalk.green('AGENT MODE');
+    let modeDisplay = chalk.green('AGENT MODE');
+    if (config.askMode) modeDisplay = chalk.blue('ASK MODE');
+    else if (config.securityMode) modeDisplay = chalk.red('SECURITY MODE');
+    else if (config.planMode) modeDisplay = chalk.magenta('PLAN MODE');
     
     let tokenDisplay = '';
     if (config.showTokenCount && providerInstance) {
@@ -685,7 +735,8 @@ function drawPromptBox(inputText, cursorPos) {
         tokenDisplay = ` / Tokens: ${color(tokens.toLocaleString())}`;
     }
     
-    const leftText = ` Provider: ${chalk.cyan(providerDisplay)} / Model: ${chalk.yellow(modelDisplay)} / ${modeDisplay}${tokenDisplay}`;
+    const yoloDisplay = config.yolo ? chalk.bgRed.white.bold(' ⚠️ YOLO ') : '';
+    const leftText = ` Provider: ${chalk.cyan(providerDisplay)} / Model: ${chalk.yellow(modelDisplay)} / ${modeDisplay}${tokenDisplay}${yoloDisplay ? ' / ' + yoloDisplay : ''}`;
     const rightText = '/help for shortcuts ';
     const leftStripped = leftText.replace(/\x1b\[[0-9;]*m/g, '');
     const midPad = Math.max(0, width - leftStripped.length - rightText.length);
@@ -728,7 +779,10 @@ function drawPromptBoxInitial(inputText) {
     // Status bar: Current Provider / Model + right-aligned "/help for shortcuts"
     const modelDisplay = providerInstance ? providerInstance.modelName : (config.model || 'unknown');
     const providerDisplay = config.provider.toUpperCase();
-    const modeDisplay = config.planMode ? chalk.magenta('PLAN MODE') : chalk.green('AGENT MODE');
+    let modeDisplay = chalk.green('AGENT MODE');
+    if (config.askMode) modeDisplay = chalk.blue('ASK MODE');
+    else if (config.securityMode) modeDisplay = chalk.red('SECURITY MODE');
+    else if (config.planMode) modeDisplay = chalk.magenta('PLAN MODE');
     
     let tokenDisplay = '';
     if (config.showTokenCount && providerInstance) {
@@ -746,7 +800,8 @@ function drawPromptBoxInitial(inputText) {
         tokenDisplay = ` / Tokens: ${color(tokens.toLocaleString())}`;
     }
     
-    const leftText = ` Provider: ${chalk.cyan(providerDisplay)} / Model: ${chalk.yellow(modelDisplay)} / ${modeDisplay}${tokenDisplay}`;
+    const yoloDisplay = config.yolo ? chalk.bgRed.white.bold(' ⚠️ YOLO ') : '';
+    const leftText = ` Provider: ${chalk.cyan(providerDisplay)} / Model: ${chalk.yellow(modelDisplay)} / ${modeDisplay}${tokenDisplay}${yoloDisplay ? ' / ' + yoloDisplay : ''}`;
     const rightText = '/help for shortcuts ';
 
     const leftStripped = leftText.replace(/\x1b\[[0-9;]*m/g, '');
@@ -923,6 +978,12 @@ function promptUser() {
 async function main() {
     try {
         config = await loadConfig();
+
+        if (process.argv.includes('--yolo')) {
+            config.yolo = true;
+        }
+        setYoloMode(config.yolo);
+
         await runStartup();
 
         if (config.betaTools && config.betaTools.includes('mcp_support')) {
@@ -933,7 +994,16 @@ async function main() {
         if (apiIdx !== -1) {
             const portStr = process.argv[apiIdx + 1];
             const port = portStr && !portStr.startsWith('-') ? parseInt(portStr) : 3000;
-            await startApiServer(port, createProvider);
+
+            let host = '127.0.0.1';
+            const hostIdx = process.argv.indexOf('--host');
+            if (hostIdx !== -1 && process.argv[hostIdx + 1] && !process.argv[hostIdx + 1].startsWith('-')) {
+                host = process.argv[hostIdx + 1];
+            } else if (process.argv.includes('--expose')) {
+                host = '0.0.0.0';
+            }
+
+            await startApiServer(port, createProvider, host);
             return;
         }
 

package/src/permissions.js

@@ -4,6 +4,10 @@ import crypto from 'crypto';
 
 const sessionPermissions = new Set();
 
+export function setYoloMode(enabled) {
+    global.bananaYoloMode = !!enabled;
+}
+
 function wrapText(text, width) {
     const lines = [];
     for (let i = 0; i < text.length; i += width) {
@@ -13,6 +17,10 @@ function wrapText(text, width) {
 }
 
 export async function requestPermission(actionType, details) {
+    if (global.bananaYoloMode || process.argv.includes('--yolo')) {
+        return { allowed: true };
+    }
+
     const permKey = `allow_session_${actionType}`;
 
     if (sessionPermissions.has(permKey)) {

package/src/prompt.js

@@ -41,7 +41,7 @@ Always use tools when they would help. Be concise but thorough. `;
     } catch (e) {}
 
     // Load Global Memory
-    if (config.useMemory) {
+    if (config.useMemory !== false) {
         prompt += `\n\n# Global AI Memory\nYou have the ability to remember facts across ALL sessions and projects using the \`save_memory\` tool. If the user tells you their name, personal preferences, coding rules, or other information they might want to persist, feel free to use the \`save_memory\` tool so you can remember it in the future.\n`;
         
         try {
@@ -92,6 +92,26 @@ The user is operating in "Plan Mode".
 `;
     }
 
+    if (config.askMode) {
+        prompt += `
+[ASK MODE ENABLED]
+The user is operating in "Ask Mode".
+- You are strictly restricted to answering questions, explaining code, and providing information.
+- You MUST NOT make any changes to the codebase. Do NOT use tools that modify files or execute shell commands that change state (e.g. creating/deleting files, installing packages).
+- Use read-only tools like search_files, list_directory, read_file, and read-only execute_command (like running a test or git status) to gather information to answer the user's questions.
+`;
+    }
+
+    if (config.securityMode) {
+        prompt += `
+[SECURITY MODE ENABLED]
+The user is operating in "Security Mode".
+- Your primary objective is to find security vulnerabilities, misconfigurations, and bad practices in the codebase.
+- Act as a red-team auditor. Search for OWASP Top 10 vulnerabilities, leaked API keys, unsafe inputs, injection flaws, etc.
+- Provide detailed reports of any vulnerabilities found, including the file path, the affected lines, and suggestions for remediation.
+`;
+    }
+
     if (hasPatchTool) {
         prompt += `
 When editing existing files, PREFER using the 'patch_file' tool for surgical, targeted changes instead of 'write_file', especially for large files. This prevents accidental truncation and is much more efficient. Only use 'write_file' when creating new files or when making very extensive changes to a small file.`;

package/src/server.js

@@ -6,7 +6,7 @@ import chalk from 'chalk';
 import { loadConfig } from './config.js';
 import { listSessions, loadSession } from './sessions.js';
 
-export async function startApiServer(port = 3000, createProvider) {
+export async function startApiServer(port = 3000, createProvider, host = '127.0.0.1') {
     const app = express();
     const server = http.createServer(app);
     const wss = new WebSocketServer({ server });
@@ -140,8 +140,8 @@ export async function startApiServer(port = 3000, createProvider) {
         res.json({ status: 'running', provider: config.provider, model: config.model });
     });
 
-    server.listen(port, () => {
-        console.log(chalk.green.bold(`\n🍌 Banana Code API Server running at http://localhost:${port}`));
+    server.listen(port, host, () => {
+        console.log(chalk.green.bold(`\n🍌 Banana Code API Server running at http://${host}:${port}`));
         console.log(chalk.gray(`WebSocket streaming enabled on the same port.\n`));
     });
 }

package/src/tools/readManyFiles.js

@@ -0,0 +1,32 @@
+import fs from 'fs/promises';
+import path from 'path';
+import { requestPermission } from '../permissions.js';
+
+export async function readManyFiles({ filepaths }) {
+    if (!Array.isArray(filepaths)) {
+        return 'Error: filepaths must be an array of strings.';
+    }
+
+    let results = [];
+    
+    // Request permission for all files. You could ask for them individually or batch them.
+    // Here we'll request them individually but sequentially.
+    for (const filepath of filepaths) {
+        const absPath = path.resolve(process.cwd(), filepath);
+        const perm = await requestPermission('Read File', filepath);
+        
+        if (!perm.allowed) {
+            results.push(`--- File: ${filepath} ---\nUser denied permission to read: ${filepath}\n`);
+            continue;
+        }
+
+        try {
+            const content = await fs.readFile(absPath, 'utf8');
+            results.push(`--- File: ${filepath} ---\n${content}\n`);
+        } catch (err) {
+            results.push(`--- File: ${filepath} ---\nError reading file: ${err.message}\n`);
+        }
+    }
+
+    return results.join('\n');
+}

package/src/tools/registry.js

@@ -1,5 +1,6 @@
 import { execCommand } from './execCommand.js';
 import { readFile } from './readFile.js';
+import { readManyFiles } from './readManyFiles.js';
 import { writeFile } from './writeFile.js';
 import { fetchUrl } from './fetchUrl.js';
 import { searchFiles } from './searchFiles.js';
@@ -36,6 +37,21 @@ export const TOOLS = [
             required: ['filepath']
         }
     },
+    {
+        name: 'read_many_files',
+        description: 'Read the contents of multiple files at once.',
+        parameters: {
+            type: 'object',
+            properties: {
+                filepaths: {
+                    type: 'array',
+                    description: 'List of file paths to read',
+                    items: { type: 'string' }
+                }
+            },
+            required: ['filepaths']
+        }
+    },
     {
         name: 'write_file',
         description: 'Write content to a file. Overwrites existing content.',
@@ -210,11 +226,15 @@ export const TOOLS = [
 
 export function getAvailableTools(config = {}) {
     let available = TOOLS.filter(tool => {
+        if (config.askMode) {
+            const forbiddenInAskMode = ['write_file', 'patch_file'];
+            if (forbiddenInAskMode.includes(tool.name)) return false;
+        }
         if (tool.beta) {
             return config.betaTools && config.betaTools.includes(tool.name);
         }
         if (tool.memoryFeature) {
-            return config.useMemory === true;
+            return config.useMemory !== false;
         }
         if (tool.settingsFeature) {
             // Default to true if not explicitly set to false
@@ -274,6 +294,7 @@ export async function executeTool(name, args, config) {
     switch (name) {
         case 'execute_command': return await execCommand(args);
         case 'read_file': return await readFile(args);
+        case 'read_many_files': return await readManyFiles(args);
         case 'write_file': return await writeFile(args);
         case 'fetch_url': return await fetchUrl(args);
         case 'search_files': return await searchFiles(args);