@burtson-labs/bandit-stealth-cli 1.7.127 → 1.7.129

package/README.md

@@ -58,14 +58,21 @@ That's it. No API keys. No cloud services. The agent reads your code, searches,
 - **Background subagents** — long investigations spawn detached; status bar shows `bg:N running`; you keep talking; synopsis auto-injects when ready (`/tasks` to inspect, drill down, or cancel)
 - **`watch_command`** — run a dev server / `--watch` test runner for a bounded window, agent reacts to what came out
 - **`find_directory`** — cross-repo discovery; ask "open the auth-api repo" and the agent sweeps `~/Documents/GitHub`, `~/GitHub`, `~/Projects`, `~/code`, `~/dev`, `~/repos`, `~/work`, `~/src`, plus the workspace parent — no "where is that repo?" round-trips
+- **MCP both directions** — speaks the Model Context Protocol as a client (`/mcp add github <token>`, `/mcp add slack`, `/mcp add gitlab`, `/mcp add custom <name> <cmd…>`) and as a server (`bandit mcp serve` exposes Bandit's native tool surface over stdio so Claude Desktop / Cursor / Cline / Continue can drive your codebase through it)
 - **Installs CLIs on demand** — ask Bandit to install `ripgrep`, `httpie`, the GitHub CLI, etc. and it picks the right package manager (`brew`, `npm install -g`, `pip install`, `cargo install`, `gem install`, `go install`) and runs it through the permission gate
+- **Interactive scaffolders work** — `create-vite`, `create-react-app`, `ng new`, etc. detect a non-TTY stdin and self-abort. Bandit recognizes the pattern and surfaces a clear *"run this with `!`"* recovery hint so the model doesn't loop on a "command appeared to succeed" misread
+- **Live command output** — `npm install`, `pip install`, `watch_command npm run dev` stream their output to your terminal as it arrives, dimmed, while the spinner keeps animating. No more wondering if a 20-second install is hung
+- **Interrupt + queue** — press **Esc** mid-turn to cancel the agent and clear your queue. Type a follow-up + Enter to queue it (`queued: N · sends after this turn` in the status row). The next turn picks it up automatically
+- **`?` shortcuts overlay** — type `?` at an empty prompt for a live cheatsheet that disappears the moment you backspace it
+- **`!`-prefix shell escape** — `!cmd` runs straight in your shell with full TTY access. First-use confirmation gate; per-call yellow box every time after so you can't miss the bypass. Catastrophic patterns (`rm -rf`, `mkfs`, `dd if=`) blocked even here
 - **Plan execution** — structured multi-step plans for complex refactors
 - **Session persistence** — every REPL session saved as JSONL under `~/.bandit/sessions/` for later resume
+- **`/insights` HTML report** — local-only activity report: tool stats, top-touched files, languages, longest streak, peak day, error patterns, optional AI summary, mailto share
 - **Project memory** — drop a `BANDIT.md` or `CLAUDE.md` at your workspace root and it's auto-loaded into the system prompt
 - **File + image mentions** — `@path` auto-inlines files; images are either sent multimodally or OCR'd locally (Apple Vision / tesseract)
 - **Clipboard paste** — `Ctrl+V` in the REPL pastes an image straight from your clipboard
 - **Hooks** — `PreToolUse` / `PostToolUse` / `Stop` shell hooks via `.bandit/settings.json`
-- **Themes** — 6 palettes with `/theme`, including colorblind-friendly + ANSI-only options for SSH/CI logs
+- **12 themes** — Stealth Light/Dark, Midnight, Onyx, Charcoal, Dracula, Nord, Tokyo Night, Solarized Dark/Light, Catppuccin Mocha, Sepia. `/theme` to pick
 - **Cross-platform** — macOS, Linux, Windows; Windows `.cmd`/`.bat` shims (npm/npx/pnpm/tsc) resolved correctly
 - **Update-aware** — fire-and-forget npm-registry check at boot; `update vX.Y.Z available` shows in the status bar when a newer CLI is published