@blockrun/franklin 3.6.1 → 3.6.2

package/dist/agent/bash-guard.d.ts

@@ -0,0 +1,17 @@
+/**
+ * Bash Risk Classifier — lightweight Guardian for Franklin.
+ *
+ * Classifies bash commands into three risk levels:
+ *   safe      — read-only or standard dev commands → auto-approve
+ *   normal    — typical mutations (file writes, installs) → default ask behavior
+ *   dangerous — destructive/irreversible operations → always ask, with warning
+ *
+ * Inspired by OpenAI Codex's Guardian system, but deterministic pattern matching
+ * instead of an LLM call. Fast, predictable, zero-cost.
+ */
+export type BashRiskLevel = 'safe' | 'normal' | 'dangerous';
+export interface BashRiskResult {
+    level: BashRiskLevel;
+    reason?: string;
+}
+export declare function classifyBashRisk(command: string): BashRiskResult;

package/dist/agent/bash-guard.js

@@ -0,0 +1,158 @@
+/**
+ * Bash Risk Classifier — lightweight Guardian for Franklin.
+ *
+ * Classifies bash commands into three risk levels:
+ *   safe      — read-only or standard dev commands → auto-approve
+ *   normal    — typical mutations (file writes, installs) → default ask behavior
+ *   dangerous — destructive/irreversible operations → always ask, with warning
+ *
+ * Inspired by OpenAI Codex's Guardian system, but deterministic pattern matching
+ * instead of an LLM call. Fast, predictable, zero-cost.
+ */
+// ─── Dangerous Patterns ──────────────────────────────────────────────────
+// Checked first. If ANY pattern matches, the command is dangerous.
+const DANGEROUS_PATTERNS = [
+    // Destructive file operations
+    [/\brm\s+-[a-zA-Z]*[rR][a-zA-Z]*\s+[/~]/, 'recursive delete on root/home'],
+    [/\brm\s+-[a-zA-Z]*[rR][a-zA-Z]*f/, 'forced recursive delete'],
+    [/\brm\s+-[a-zA-Z]*f[a-zA-Z]*[rR]/, 'forced recursive delete'],
+    [/\bmkfs\b/, 'format filesystem'],
+    [/\bdd\s+.*of=/, 'raw disk write'],
+    // Git irreversible operations
+    [/\bgit\s+push\s+.*--force\b/, 'force push'],
+    [/\bgit\s+push\s+-f\b/, 'force push'],
+    [/\bgit\s+reset\s+--hard\b/, 'hard reset — discards uncommitted changes'],
+    [/\bgit\s+clean\s+-[a-zA-Z]*f/, 'git clean — deletes untracked files'],
+    [/\bgit\s+checkout\s+--\s+\./, 'discard all working changes'],
+    [/\bgit\s+branch\s+-D\b/, 'force delete branch'],
+    // Database destructive
+    [/\bDROP\s+(TABLE|DATABASE|SCHEMA)\b/i, 'drop database objects'],
+    [/\bTRUNCATE\s+TABLE\b/i, 'truncate table'],
+    // System-level danger
+    [/\bchmod\s+(-R\s+)?777\b/, 'world-writable permissions'],
+    [/\bcurl\s+.*\|\s*(sudo\s+)?(ba)?sh\b/, 'pipe URL to shell'],
+    [/\bwget\s+.*\|\s*(sudo\s+)?(ba)?sh\b/, 'pipe URL to shell'],
+    [/\bsudo\s+rm\b/, 'sudo delete'],
+    // Kill/shutdown
+    [/\bkill\s+-9\s+-1\b/, 'kill all processes'],
+    [/\bshutdown\b/, 'system shutdown'],
+    [/\breboot\b/, 'system reboot'],
+];
+// ─── Safe Commands ────────────────────────────────────────────────────────
+// If ALL segments use these commands, auto-approve.
+const SAFE_COMMANDS = new Set([
+    // Filesystem read-only
+    'ls', 'cat', 'head', 'tail', 'wc', 'du', 'df', 'file', 'stat', 'tree',
+    'find', 'grep', 'rg', 'ag', 'ack', 'which', 'whereis', 'type',
+    'echo', 'printf', 'date', 'whoami', 'hostname', 'uname', 'printenv',
+    'pwd', 'realpath', 'dirname', 'basename',
+    // Text processing (read-only when not redirecting)
+    'jq', 'yq', 'sort', 'uniq', 'cut', 'tr', 'diff', 'comm', 'less', 'more',
+    'wc', 'tee', 'xargs',
+]);
+const SAFE_GIT_SUBCOMMANDS = new Set([
+    'status', 'log', 'diff', 'show', 'branch', 'tag', 'remote',
+    'blame', 'shortlog', 'describe', 'rev-parse', 'rev-list',
+    'ls-files', 'ls-tree', 'ls-remote', 'config', 'reflog',
+]);
+const SAFE_PKG_SUBCOMMANDS = new Set([
+    'test', 'run', 'list', 'ls', 'info', 'view', 'show',
+    'outdated', 'audit', 'start', 'dev', 'serve', 'lint', 'check',
+    'why', 'explain', 'doctor',
+]);
+const SAFE_CARGO_SUBCOMMANDS = new Set([
+    'test', 'check', 'clippy', 'build', 'run', 'bench', 'doc',
+    'fmt', 'tree', 'metadata', 'verify-project',
+]);
+// ─── Classifier ──────────────────────────────────────────────────────────
+export function classifyBashRisk(command) {
+    // 1. Check dangerous patterns first (highest priority)
+    for (const [pattern, reason] of DANGEROUS_PATTERNS) {
+        if (pattern.test(command)) {
+            return { level: 'dangerous', reason };
+        }
+    }
+    // 2. Check if every segment is a known-safe command
+    const segments = command.split(/\s*(?:&&|\|\||[;|])\s*/);
+    let allSafe = true;
+    for (const segment of segments) {
+        const trimmed = segment.trim();
+        if (!trimmed)
+            continue;
+        if (!isSegmentSafe(trimmed)) {
+            allSafe = false;
+            break;
+        }
+    }
+    if (allSafe && segments.some(s => s.trim().length > 0)) {
+        return { level: 'safe' };
+    }
+    return { level: 'normal' };
+}
+function isSegmentSafe(segment) {
+    // Parse: strip env vars, extract command and args
+    const words = segment.split(/\s+/).filter(w => !w.includes('='));
+    let idx = 0;
+    let cmd = words[idx] || '';
+    // Strip harmless prefixes
+    while (['time', 'nice'].includes(cmd) && idx < words.length - 1) {
+        cmd = words[++idx] || '';
+    }
+    // sudo → not safe (even if the underlying command is safe)
+    if (cmd === 'sudo')
+        return false;
+    const baseName = cmd.split('/').pop() || cmd;
+    const argIdx = idx + 1;
+    const subCmd = words[argIdx] || '';
+    // git
+    if (baseName === 'git') {
+        return SAFE_GIT_SUBCOMMANDS.has(subCmd);
+    }
+    // npm / yarn / pnpm / bun / npx
+    if (['npm', 'npx', 'yarn', 'pnpm', 'bun'].includes(baseName)) {
+        // "npm run <script>" — safe (dev servers, linters, etc.)
+        if (subCmd === 'run')
+            return true;
+        return SAFE_PKG_SUBCOMMANDS.has(subCmd);
+    }
+    // cargo
+    if (baseName === 'cargo') {
+        return SAFE_CARGO_SUBCOMMANDS.has(subCmd);
+    }
+    // rtk (RTK wrapper — safe, it's a proxy)
+    if (baseName === 'rtk')
+        return true;
+    // Known safe base command
+    if (SAFE_COMMANDS.has(baseName)) {
+        // sed -i is not read-only
+        if (baseName === 'sed' && segment.includes(' -i'))
+            return false;
+        // Output redirection means writing — not safe
+        if (/>\s*[^&|]/.test(segment))
+            return false;
+        return true;
+    }
+    // Version/help checks are always safe
+    if (/\s+(-v|--version|-V)\s*$/.test(segment))
+        return true;
+    if (/\s+(-h|--help)\s*$/.test(segment))
+        return true;
+    // gh (GitHub CLI) read-only commands
+    if (baseName === 'gh') {
+        const ghAction = words.slice(argIdx, argIdx + 2).join(' ');
+        if (/^(pr|issue|repo|release|run)\s+(view|list|status|diff|checks|comments)/.test(ghAction))
+            return true;
+        if (subCmd === 'api')
+            return true; // gh api is read-only (GET)
+        if (subCmd === 'auth' && words[argIdx + 1] === 'status')
+            return true;
+        return false;
+    }
+    // docker/podman read-only
+    if (baseName === 'docker' || baseName === 'podman') {
+        if (['ps', 'images', 'inspect', 'logs', 'stats', 'top', 'port', 'version', 'info'].includes(subCmd))
+            return true;
+        return false;
+    }
+    return false;
+}

package/dist/agent/permissions.js

@@ -7,6 +7,31 @@ import path from 'node:path';
 import readline from 'node:readline';
 import chalk from 'chalk';
 import { BLOCKRUN_DIR } from '../config.js';
+import { classifyBashRisk } from './bash-guard.js';
+// ─── Common dev command patterns (auto-allow without prompting) ──────────
+// These are "normal" risk commands that are too common to interrupt the user.
+// Only applied when --trust flag is set (user explicitly opted into auto-mode).
+const COMMON_DEV_PATTERNS = [
+    /^npm\s+(install|i|ci|run|exec|test|start|build|lint|format|outdated|ls|list|info|view|pack)\b/,
+    /^(pnpm|yarn|bun)\s+(install|add|run|test|build|lint|exec)\b/,
+    /^pip3?\s+install\b/,
+    /^python3?\s+/,
+    /^node\s+/,
+    /^(pytest|jest|vitest|mocha)\b/,
+    /^(tsc|eslint|prettier|biome)\b/,
+    /^git\s+(add|commit|push|pull|fetch|status|diff|log|branch|checkout|switch|merge|rebase|stash|tag|remote|show)\b/,
+    /^(cat|head|tail|wc|sort|uniq|diff|file|which|whoami|hostname|uname|date|echo)\b/,
+    /^(ls|pwd|cd|mkdir|touch)\b/,
+    /^(docker|docker-compose)\s+(ps|logs|images|inspect|stats|exec|build|run|pull)\b/,
+    /^(curl|wget)\s+/,
+    /^make\b/,
+    /^cargo\s+(build|test|check|clippy|run|bench|doc|fmt)\b/,
+    /^go\s+(build|test|run|vet|fmt|mod)\b/,
+];
+function isCommonDevCommand(cmd) {
+    const trimmed = cmd.trim();
+    return COMMON_DEV_PATTERNS.some(p => p.test(trimmed));
+}
 // ─── Default Rules ─────────────────────────────────────────────────────────
 const READ_ONLY_TOOLS = new Set(['Read', 'Glob', 'Grep', 'WebSearch', 'Task', 'AskUser', 'ImageGen', 'TradingSignal', 'TradingMarket', 'SearchX']);
 const DESTRUCTIVE_TOOLS = new Set(['Write', 'Edit', 'Bash']);
@@ -61,8 +86,17 @@ export class PermissionManager {
         if (this.matchesRule(toolName, input, this.rules.allow)) {
             return { behavior: 'allow', reason: 'allowed by rule' };
         }
-        // Check explicit ask rules
+        // Check explicit ask rules — with Bash risk classification
         if (this.matchesRule(toolName, input, this.rules.ask)) {
+            // Bash Guardian: classify risk before blindly asking
+            if (toolName === 'Bash') {
+                const cmd = input.command || '';
+                const risk = classifyBashRisk(cmd);
+                if (risk.level === 'safe') {
+                    return { behavior: 'allow', reason: 'safe command' };
+                }
+                // dangerous and normal both ask, but dangerous gets a warning in describeAction
+            }
             return { behavior: 'ask' };
         }
         // Default: read-only tools are auto-allowed, others ask
@@ -179,7 +213,12 @@ export class PermissionManager {
         switch (toolName) {
             case 'Bash': {
                 const cmd = input.command || '';
-                return `Execute: ${cmd.length > 100 ? cmd.slice(0, 100) + '...' : cmd}`;
+                const preview = cmd.length > 100 ? cmd.slice(0, 100) + '...' : cmd;
+                const risk = classifyBashRisk(cmd);
+                if (risk.level === 'dangerous') {
+                    return `\x1b[31m⚠ DANGEROUS: ${risk.reason}\x1b[0m\n  │ Execute: ${preview}`;
+                }
+                return `Execute: ${preview}`;
             }
             case 'Write': {
                 const fp = input.file_path || '';

package/dist/agent/tokens.js

@@ -180,7 +180,7 @@ const MODEL_CONTEXT_WINDOWS = {
     'xai/grok-4-0709': 131_072,
     'xai/grok-4-1-fast-reasoning': 131_072,
     // Others
-    'zai/glm-5.1': 128_000,
+    'zai/glm-5.1': 200_000,
     'moonshot/kimi-k2.5': 128_000,
     'minimax/minimax-m2.7': 128_000,
 };

package/dist/mcp/client.js

@@ -79,6 +79,42 @@ async function connectStdio(name, config) {
             concurrent: true, // MCP tools are safe to run concurrently
         });
     }
+    // Discover resources (optional — not all servers expose resources)
+    try {
+        const { resources: mcpResources } = await client.listResources();
+        for (const resource of mcpResources) {
+            const resourceToolName = `mcp__${name}__read_${resource.name.replace(/[^a-zA-Z0-9_]/g, '_')}`;
+            const resourceDesc = resource.description
+                ? `Read resource: ${resource.description}`.slice(0, 2048)
+                : `Read MCP resource "${resource.name}" from ${name}`;
+            capabilities.push({
+                spec: {
+                    name: resourceToolName,
+                    description: resourceDesc,
+                    input_schema: { type: 'object', properties: {}, required: [] },
+                },
+                execute: async () => {
+                    try {
+                        const result = await client.readResource({ uri: resource.uri });
+                        const output = result.contents
+                            ?.map(c => c.text ?? `[resource: ${c.uri}]`)
+                            ?.join('\n') || JSON.stringify(result.contents);
+                        return { output, isError: false };
+                    }
+                    catch (err) {
+                        return {
+                            output: `MCP resource error (${name}/${resource.name}): ${err.message}`,
+                            isError: true,
+                        };
+                    }
+                },
+                concurrent: true,
+            });
+        }
+    }
+    catch {
+        // Server doesn't support resources — that's fine, tools-only mode
+    }
     const connected = { name, client, transport, tools: capabilities };
     connections.set(name, connected);
     return connected;

package/dist/pricing.js

@@ -73,7 +73,7 @@ export const MODEL_PRICING = {
     'zai/glm-5': { input: 0, output: 0, perCall: 0.001 },
     'zai/glm-5.1': { input: 0, output: 0, perCall: 0.001 },
     'zai/glm-5-turbo': { input: 0, output: 0, perCall: 0.001 },
-    'zai/glm-5.1-turbo': { input: 0, output: 0, perCall: 0.001 },
+    'zai/glm-5.1-turbo': { input: 0, output: 0, perCall: 0.001 }, // client alias for zai/glm-5-turbo
 };
 /** Opus pricing for savings calculations */
 export const OPUS_PRICING = MODEL_PRICING['anthropic/claude-opus-4.6'];

package/dist/tools/bash.js

@@ -51,7 +51,26 @@ function compressOutput(command, output) {
         else if (sub === 'install')
             out = compressInstall(out);
     }
-    // 7. Always collapse excessive blank lines
+    // 7. Python — pip install, pytest, python scripts
+    else if (/^(pip|pip3)\s+install\b/.test(fullCmd)) {
+        out = compressInstall(out);
+    }
+    else if (/^(pytest|python.*-m\s+pytest)\b/.test(fullCmd)) {
+        out = compressTests(out);
+    }
+    // 8. Docker — strip layer hashes, progress bars, keep errors + summary
+    else if (/^docker\s+(build|run|pull|push|compose)\b/.test(fullCmd)) {
+        out = compressDocker(out);
+    }
+    // 9. curl/wget — strip progress bars, keep response
+    else if (/^(curl|wget)\b/.test(fullCmd)) {
+        out = compressDownload(out);
+    }
+    // 10. Make — keep errors/warnings, drop recipe lines
+    else if (cmd === 'make') {
+        out = compressBuild(out);
+    }
+    // 11. Always collapse excessive blank lines
     out = collapseBlankLines(out);
     return out;
 }
@@ -161,6 +180,42 @@ function compressBuild(out) {
     });
     return collapseBlankLines(kept.join('\n')).trim() || out.trim();
 }
+function compressDocker(out) {
+    const lines = out.split('\n');
+    const kept = lines.filter(l => {
+        const t = l.trim();
+        // Drop layer progress: "sha256:abc123: Pulling fs layer" / "Downloading [==>  ]"
+        if (/^[a-f0-9]{12}:\s*(Pull|Wait|Download|Extract|Verif|Already)/.test(t))
+            return false;
+        // Drop download/upload progress bars
+        if (/^\[[\s=>#]+\]/.test(t) || /\d+(\.\d+)?%/.test(t) && t.length < 80)
+            return false;
+        // Drop "Sending build context" progress
+        if (/^Sending build context/.test(t))
+            return false;
+        return true;
+    });
+    return collapseBlankLines(kept.join('\n')).trim() || out.trim();
+}
+function compressDownload(out) {
+    const lines = out.split('\n');
+    const kept = lines.filter(l => {
+        const t = l.trim();
+        // Drop curl progress bars: "  % Total    % Received..."
+        if (/^\s*%\s+Total/.test(t))
+            return false;
+        if (/^\s*\d+\s+\d+[kMG]?\s+\d+\s+\d+[kMG]?/.test(t) && t.length < 100)
+            return false;
+        // Drop wget progress: "2024-01-01 12:00:00 (1.23 MB/s) - saved"
+        if (/^\d{4}-\d{2}-\d{2}.*saved/.test(t))
+            return false;
+        // Drop download percentage lines
+        if (/^\s*\d+%\s/.test(t))
+            return false;
+        return true;
+    });
+    return collapseBlankLines(kept.join('\n')).trim() || out.trim();
+}
 const backgroundTasks = new Map();
 let bgTaskCounter = 0;
 /** Get a background task's result (called by the agent to check status). */

package/dist/ui/app.js

@@ -13,6 +13,7 @@ import { renderMarkdown } from './markdown.js';
 import { resolveModel, PICKER_CATEGORIES, PICKER_MODELS_FLAT, } from './model-picker.js';
 import { estimateCost } from '../pricing.js';
 import { formatTokens, shortModelName } from '../stats/format.js';
+import { mouse } from './mouse.js';
 // ─── Full-width input box ──────────────────────────────────────────────────
 function InputBox({ input, setInput, onSubmit, model, balance, sessionCost, queued, queuedCount, focused, busy, contextPct, vimMode, onVimModeChange }) {
     const { stdout } = useStdout();
@@ -80,6 +81,37 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
     // Messages queued while agent is busy — auto-submitted FIFO when turns complete.
     const [queuedInputs, setQueuedInputs] = useState([]);
     const turnDoneCallbackRef = useRef(null);
+    // ── Render throttling: batch rapid text_delta/thinking_delta into 50ms frames ──
+    // Without this, each delta (20-100/sec) triggers a full React re-render.
+    // With this, we accumulate in refs and flush at ~20fps — smooth and efficient.
+    const pendingTextRef = useRef('');
+    const pendingThinkingRef = useRef('');
+    const flushTimerRef = useRef(null);
+    const flushPendingText = useCallback(() => {
+        flushTimerRef.current = null;
+        const text = pendingTextRef.current;
+        const thinking = pendingThinkingRef.current;
+        if (text) {
+            pendingTextRef.current = '';
+            setWaiting(false);
+            setThinking(false);
+            setStreamText(prev => prev + text);
+        }
+        if (thinking) {
+            pendingThinkingRef.current = '';
+            setWaiting(false);
+            setThinking(true);
+            setThinkingText(prev => {
+                const updated = prev + thinking;
+                return updated.length > 500 ? updated.slice(-500) : updated;
+            });
+        }
+    }, []);
+    const scheduleFlush = useCallback(() => {
+        if (!flushTimerRef.current) {
+            flushTimerRef.current = setTimeout(flushPendingText, 50);
+        }
+    }, [flushPendingText]);
     // Refs to read current state values inside memoized event handlers (avoids stale closures)
     const streamTextRef = useRef('');
     const turnTokensRef = useRef({ input: 0, output: 0, calls: 0 });
@@ -110,15 +142,19 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
     const commitResponse = useCallback((text, tokens = turnTokensRef.current, cost = turnCostRef.current) => {
         if (!text.trim())
             return;
-        setCommittedResponses((rs) => [...rs, {
-                key: String(Date.now() + Math.random()),
-                text,
-                tokens,
-                cost,
-                model: turnModelRef.current,
-                tier: turnTierRef.current,
-                savings: turnSavingsRef.current,
-            }]);
+        setCommittedResponses((rs) => {
+            const next = [...rs, {
+                    key: String(Date.now() + Math.random()),
+                    text,
+                    tokens,
+                    cost,
+                    model: turnModelRef.current,
+                    tier: turnTierRef.current,
+                    savings: turnSavingsRef.current,
+                }];
+            // Cap at 300 items — older items are already in terminal scrollback
+            return next.length > 300 ? next.slice(-300) : next;
+        });
         const allLines = text.split('\n');
         if (allLines.length > 20) {
             setResponsePreview('  ↑ scroll to see full reply\n' + allLines.slice(-20).join('\n'));
@@ -359,6 +395,22 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
         turnSavingsRef.current = undefined;
         onSubmit(trimmed);
     }, [ready, currentModel, totalCost, onSubmit, onModelChange, onAbort, onExit, exit, lastPrompt, inputHistory, showStatus]);
+    // Mouse support — enable tracking and handle clicks on tool results
+    useEffect(() => {
+        const cleanup = mouse.enable();
+        const handleClick = (_event) => {
+            // Click anywhere toggles the expandable tool (if one exists)
+            // This is intentionally simple — we don't track exact coordinates of components.
+            // The expandable tool is always the most recent tool result, so any click is a
+            // reasonable toggle target. Tab key remains the precise alternative.
+            setExpandableTool(prev => prev ? { ...prev, expanded: !prev.expanded } : null);
+        };
+        mouse.on('click', handleClick);
+        return () => {
+            mouse.removeListener('click', handleClick);
+            cleanup();
+        };
+    }, []);
     // Expose event handler, balance updater, and permission bridge
     useEffect(() => {
         globalThis.__runcode_ui = {
@@ -390,18 +442,14 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
             handleEvent: (event) => {
                 switch (event.kind) {
                     case 'text_delta':
-                        setWaiting(false);
-                        setThinking(false);
-                        setStreamText(prev => prev + event.text);
+                        // Throttled: accumulate in ref, flush every 50ms (~20fps)
+                        pendingTextRef.current += event.text;
+                        scheduleFlush();
                         break;
                     case 'thinking_delta':
-                        setWaiting(false);
-                        setThinking(true);
-                        setThinkingText(prev => {
-                            // Keep last 500 chars of thinking for display
-                            const updated = prev + event.text;
-                            return updated.length > 500 ? updated.slice(-500) : updated;
-                        });
+                        // Throttled: accumulate in ref, flush every 50ms
+                        pendingThinkingRef.current += event.text;
+                        scheduleFlush();
                         break;
                     case 'capability_start':
                         setWaiting(false);
@@ -492,6 +540,17 @@ function RunCodeApp({ initialModel, workDir, walletAddress, walletBalance, chain
                         break;
                     }
                     case 'turn_done': {
+                        // Flush any pending throttled text immediately
+                        if (flushTimerRef.current) {
+                            clearTimeout(flushTimerRef.current);
+                            flushTimerRef.current = null;
+                        }
+                        // Merge pending text into the ref so commitResponse sees the full text
+                        if (pendingTextRef.current) {
+                            streamTextRef.current += pendingTextRef.current;
+                            pendingTextRef.current = '';
+                        }
+                        pendingThinkingRef.current = '';
                         // Flush expandable tool to Static before committing response
                         setExpandableTool(prev => {
                             if (prev)
@@ -649,7 +708,7 @@ export function launchInkUI(opts) {
             return new Promise((resolve) => { resolveInput = resolve; });
         },
         onAbort: (cb) => { abortCallback = cb; },
-        cleanup: () => { instance.unmount(); },
+        cleanup: () => { mouse.disable(); instance.unmount(); },
         requestPermission: (toolName, description) => {
             const ui = globalThis.__runcode_ui;
             return ui?.requestPermission(toolName, description) ?? Promise.resolve('no');

package/dist/ui/model-picker.js

@@ -54,7 +54,7 @@ export const MODEL_SHORTCUTS = {
     // Others
     minimax: 'minimax/minimax-m2.7',
     glm: 'zai/glm-5.1',
-    'glm-turbo': 'zai/glm-5.1-turbo',
+    'glm-turbo': 'zai/glm-5-turbo',
     'glm5': 'zai/glm-5.1',
     kimi: 'moonshot/kimi-k2.5',
 };
@@ -79,7 +79,7 @@ export const PICKER_CATEGORIES = [
         category: '🔥 Promo (flat $0.001/call)',
         models: [
             { id: 'zai/glm-5.1', shortcut: 'glm', label: 'GLM-5.1', price: '$0.001/call', highlight: true },
-            { id: 'zai/glm-5.1-turbo', shortcut: 'glm-turbo', label: 'GLM-5.1 Turbo', price: '$0.001/call', highlight: true },
+            { id: 'zai/glm-5-turbo', shortcut: 'glm-turbo', label: 'GLM-5 Turbo', price: '$0.001/call', highlight: true },
         ],
     },
     {

package/dist/ui/mouse.d.ts

@@ -0,0 +1,29 @@
+/**
+ * Mouse event support for Ink terminal UI.
+ * Enables SGR extended mouse tracking (DECSET 1000+1006) and parses events from stdin.
+ * Lightweight — only handles clicks, not drag/hover/selection.
+ */
+import { EventEmitter } from 'node:events';
+export interface MouseEvent {
+    button: 'left' | 'middle' | 'right' | 'wheel-up' | 'wheel-down';
+    action: 'press' | 'release';
+    col: number;
+    row: number;
+}
+declare class MouseManager extends EventEmitter {
+    private enabled;
+    private stdinListener;
+    /**
+     * Enable mouse tracking. Call once on app startup.
+     * Returns cleanup function to call on unmount.
+     */
+    enable(): () => void;
+    /**
+     * Disable mouse tracking and clean up.
+     */
+    disable(): void;
+    isEnabled(): boolean;
+}
+/** Singleton mouse manager. */
+export declare const mouse: MouseManager;
+export {};

package/dist/ui/mouse.js

@@ -0,0 +1,89 @@
+/**
+ * Mouse event support for Ink terminal UI.
+ * Enables SGR extended mouse tracking (DECSET 1000+1006) and parses events from stdin.
+ * Lightweight — only handles clicks, not drag/hover/selection.
+ */
+import { EventEmitter } from 'node:events';
+// ─── Terminal escape sequences ────────────────────────────────────────────
+const ENABLE_MOUSE = '\x1b[?1000h' + // Normal mouse tracking (clicks + wheel)
+    '\x1b[?1006h'; // SGR extended format (readable coordinates)
+const DISABLE_MOUSE = '\x1b[?1006l' +
+    '\x1b[?1000l';
+// SGR mouse event format: ESC [ < button ; col ; row M (press) or m (release)
+const SGR_MOUSE_RE = /\x1b\[<(\d+);(\d+);(\d+)([Mm])/g;
+// ─── Mouse Manager ───────────────────────────────────────────────────────
+class MouseManager extends EventEmitter {
+    enabled = false;
+    stdinListener = null;
+    /**
+     * Enable mouse tracking. Call once on app startup.
+     * Returns cleanup function to call on unmount.
+     */
+    enable() {
+        if (this.enabled)
+            return () => { };
+        this.enabled = true;
+        // Write enable sequences
+        process.stdout.write(ENABLE_MOUSE);
+        // Listen on stdin for mouse sequences
+        // We use 'data' event at a higher priority than Ink's handler.
+        // Mouse sequences that we parse are still passed to Ink (we can't consume them),
+        // but Ink will ignore unrecognized escape sequences.
+        this.stdinListener = (data) => {
+            const str = data.toString('utf-8');
+            let match;
+            SGR_MOUSE_RE.lastIndex = 0;
+            while ((match = SGR_MOUSE_RE.exec(str)) !== null) {
+                const btnCode = parseInt(match[1], 10);
+                const col = parseInt(match[2], 10) - 1; // 1-indexed → 0-indexed
+                const row = parseInt(match[3], 10) - 1;
+                const isPress = match[4] === 'M';
+                // Decode button
+                const baseBtn = btnCode & 0x03;
+                const isWheel = (btnCode & 0x40) !== 0;
+                let button;
+                if (isWheel) {
+                    button = baseBtn === 0 ? 'wheel-up' : 'wheel-down';
+                }
+                else {
+                    button = baseBtn === 0 ? 'left' : baseBtn === 1 ? 'middle' : 'right';
+                }
+                const event = {
+                    button,
+                    action: isPress ? 'press' : 'release',
+                    col,
+                    row,
+                };
+                this.emit('mouse', event);
+                // Emit convenience events
+                if (button === 'left' && isPress) {
+                    this.emit('click', event);
+                }
+            }
+        };
+        process.stdin.on('data', this.stdinListener);
+        return () => this.disable();
+    }
+    /**
+     * Disable mouse tracking and clean up.
+     */
+    disable() {
+        if (!this.enabled)
+            return;
+        this.enabled = false;
+        if (this.stdinListener) {
+            process.stdin.removeListener('data', this.stdinListener);
+            this.stdinListener = null;
+        }
+        // Best-effort: disable mouse tracking
+        try {
+            process.stdout.write(DISABLE_MOUSE);
+        }
+        catch {
+            // Ignore write errors during cleanup (stdout may be closed)
+        }
+    }
+    isEnabled() { return this.enabled; }
+}
+/** Singleton mouse manager. */
+export const mouse = new MouseManager();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blockrun/franklin",
-  "version": "3.6.1",
+  "version": "3.6.2",
   "description": "Franklin — The AI agent with a wallet. Spends USDC autonomously to get real work done. Pay per action, no subscriptions.",
   "type": "module",
   "exports": {