@heysalad/cheri-cli 0.10.0 → 1.0.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@heysalad/cheri-cli",
-  "version": "0.10.0",
+  "version": "1.0.0",
   "description": "Cheri CLI - AI-powered cloud IDE by HeySalad. Like Claude Code, but for cloud workspaces.",
   "type": "module",
   "bin": {
@@ -39,7 +39,10 @@
   "dependencies": {
     "chalk": "^5.3.0",
     "commander": "^12.1.0",
+    "diff": "^8.0.3",
     "inquirer": "^9.2.23",
+    "marked": "^15.0.12",
+    "marked-terminal": "^7.3.0",
     "ora": "^8.0.1"
   }
 }

package/src/commands/agent.js

@@ -1,20 +1,29 @@
-import { apiClient } from "../lib/api-client.js";
 import { log } from "../lib/logger.js";
+import { getConfigValue } from "../lib/config-store.js";
 import { getToolDefinitions, executeTool as executeLocalTool, requiresConfirmation as toolRequiresConfirmation } from "../lib/tools/index.js";
 import { generateSessionId, saveSession, loadSession, listSessions } from "../lib/sessions/index.js";
-import { compactMessages, shouldCompact, estimateMessagesTokens } from "../lib/context.js";
+import { compactMessages, shouldCompact, estimateMessagesTokens, getContextStats } from "../lib/context.js";
 import { loadHooks, runHooks } from "../lib/hooks/index.js";
 import { loadPlugins, getSkillContext, getSlashCommand } from "../lib/plugins/index.js";
-import { checkPermission, loadPermissions } from "../lib/permissions.js";
+import { loadPermissions, checkPermission } from "../lib/permissions.js";
 import { getMemoryContext } from "../lib/memory.js";
+import { createProvider } from "../lib/providers/index.js";
+import { renderMarkdown, renderDiff } from "../lib/markdown.js";
+import { classifyCommand, getSafetyLabel } from "../lib/command-safety.js";
+import { sandboxExec, SandboxLevel, getSandboxInfo } from "../lib/sandbox.js";
+import { snapshotFile, recordChange, getSessionChanges, generateDiff, rollbackChange, rollbackAll, clearSessionChanges } from "../lib/diff-tracker.js";
+import { shouldApprove, promptApproval, getApprovalMode } from "../lib/approval.js";
+import { McpManager } from "../lib/mcp/client.js";
+import { AgentOrchestrator } from "../lib/multi-agent.js";
 import chalk from "chalk";
 import readline from "readline";
 
 const SYSTEM_PROMPT = `You are Cheri, an AI coding assistant by HeySalad. You are a powerful agentic coding tool that can read, write, edit, and search code, execute shell commands, and manage cloud workspaces.
 
-You have two categories of tools:
-1. LOCAL CODING TOOLS — read_file, write_file, edit_file, run_command, search_files, search_content, list_directory. Use these to work directly with the user's local codebase.
-2. CLOUD PLATFORM TOOLS — get_account_info, list_workspaces, create_workspace, stop_workspace, get_workspace_status, get_memory, add_memory, clear_memory, get_usage, get_config, set_config. Use these to manage the Cheri cloud platform.
+You have these tool categories:
+1. LOCAL CODING TOOLS — read_file, write_file, edit_file, run_command, search_files, search_content, list_directory
+2. CLOUD PLATFORM TOOLS — get_account_info, list_workspaces, create_workspace, stop_workspace, get_workspace_status, get_memory, add_memory, clear_memory, get_usage, get_config, set_config
+3. AGENT TOOLS — spawn_agent (delegate subtasks to child agents), get_changes (view file changes this session), rollback_change (undo a file change)
 
 Guidelines:
 - Read files before editing them. Understand existing code before making changes.
@@ -24,9 +33,10 @@ Guidelines:
 - For shell commands, prefer specific commands over broad ones.
 - Be concise. Show what you did and the result.
 - Never guess file contents — always read first.
+- Use spawn_agent for independent subtasks that can run in parallel.
 - Current working directory: ${process.cwd()}`;
 
-// Cloud platform tools
+// ── Cloud platform tools ──────────────────────────────────────────────────────
 const CLOUD_TOOLS = [
   { name: "get_account_info", description: "Get the current user's account information", parameters: { type: "object", properties: {}, required: [] } },
   { name: "list_workspaces", description: "List all cloud workspaces for the current user", parameters: { type: "object", properties: {}, required: [] } },
@@ -41,22 +51,37 @@ const CLOUD_TOOLS = [
   { name: "set_config", description: "Set a configuration value", parameters: { type: "object", properties: { key: { type: "string", description: "Config key" }, value: { type: "string", description: "Value to set" } }, required: ["key", "value"] } },
 ];
 
-const CLOUD_TOOL_NAMES = new Set(CLOUD_TOOLS.map((t) => t.name));
+// ── Agent meta-tools ────────────────────────────────────────────────────────
+const AGENT_TOOLS = [
+  { name: "spawn_agent", description: "Spawn a child agent to work on a subtask independently. Use for tasks that can be parallelized.", parameters: { type: "object", properties: { name: { type: "string", description: "Short name for this sub-agent" }, task: { type: "string", description: "The task description for the sub-agent" } }, required: ["name", "task"] } },
+  { name: "get_changes", description: "View all file changes made this session with diffs", parameters: { type: "object", properties: {}, required: [] } },
+  { name: "rollback_change", description: "Undo a specific file change by index", parameters: { type: "object", properties: { index: { type: "number", description: "Change index (from get_changes)" } }, required: ["index"] } },
+];
+
+const CLOUD_TOOL_NAMES = new Set(CLOUD_TOOLS.map(t => t.name));
+const AGENT_TOOL_NAMES = new Set(AGENT_TOOLS.map(t => t.name));
 
-function buildTools() {
-  const localDefs = getToolDefinitions().map((t) => ({
-    type: "function",
-    function: { name: t.name, description: t.description, parameters: t.parameters },
+function buildTools(mcpTools = []) {
+  const localDefs = getToolDefinitions().map(t => ({
+    type: "function", function: { name: t.name, description: t.description, parameters: t.parameters },
+  }));
+  const cloudDefs = CLOUD_TOOLS.map(t => ({
+    type: "function", function: { name: t.name, description: t.description, parameters: t.parameters },
   }));
-  const cloudDefs = CLOUD_TOOLS.map((t) => ({
-    type: "function",
-    function: { name: t.name, description: t.description, parameters: t.parameters },
+  const agentDefs = AGENT_TOOLS.map(t => ({
+    type: "function", function: { name: t.name, description: t.description, parameters: t.parameters },
   }));
-  return [...localDefs, ...cloudDefs];
+  const mcpDefs = mcpTools.map(t => ({
+    type: "function", function: { name: t.name, description: t.description, parameters: t.parameters },
+  }));
+  return [...localDefs, ...cloudDefs, ...agentDefs, ...mcpDefs];
 }
 
+// ── Cloud tool executor ───────────────────────────────────────────────────────
 async function executeCloudTool(name, args) {
   try {
+    // Dynamic import to avoid circular dependency
+    const { apiClient } = await import("../lib/api-client.js");
     switch (name) {
       case "get_account_info": return await apiClient.getMe();
       case "list_workspaces": return await apiClient.listWorkspaces();
@@ -67,10 +92,7 @@ async function executeCloudTool(name, args) {
       case "add_memory": return await apiClient.addMemory(args.content, args.category);
       case "clear_memory": return await apiClient.clearMemory();
       case "get_usage": return await apiClient.getUsage();
-      case "get_config": {
-        const { getConfigValue } = await import("../lib/config-store.js");
-        return { key: args.key, value: getConfigValue(args.key) };
-      }
+      case "get_config": return { key: args.key, value: getConfigValue(args.key) };
       case "set_config": {
         const { setConfigValue } = await import("../lib/config-store.js");
         setConfigValue(args.key, args.value);
@@ -83,28 +105,96 @@ async function executeCloudTool(name, args) {
   }
 }
 
-async function confirmAction(toolName, input) {
-  const desc = toolName === "run_command" ? input.command : JSON.stringify(input);
-  return new Promise((resolve) => {
-    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
-    rl.question(chalk.yellow(`  Allow ${chalk.cyan(toolName)}: ${chalk.dim(truncate(desc, 60))}? [Y/n] `), (answer) => {
-      rl.close();
-      resolve(answer.trim().toLowerCase() !== "n");
-    });
-  });
+// ── Agent meta-tool executor ──────────────────────────────────────────────────
+async function executeAgentTool(name, args, orchestrator, allTools, parseSSE) {
+  switch (name) {
+    case "spawn_agent": {
+      if (!orchestrator) return { error: "Agent orchestration not available" };
+      orchestrator.createAgent(args.name, args.task);
+      const result = await orchestrator.runAgent(args.name, args.task, allTools, parseSSE);
+      return { agent: args.name, result: result.slice(0, 4000) };
+    }
+    case "get_changes": {
+      const changes = getSessionChanges();
+      if (changes.length === 0) return { changes: [], message: "No file changes this session" };
+      return { changes };
+    }
+    case "rollback_change": {
+      return rollbackChange(args.index);
+    }
+    default:
+      return { error: `Unknown agent tool: ${name}` };
+  }
 }
 
-async function executeTool(name, args) {
-  // Check permission rules
-  const permission = checkPermission(name, args);
-  if (permission === "deny") {
-    return { error: `Tool ${name} is denied by permission rules` };
+// ── Enhanced local tool executor with sandbox + diff tracking ─────────────────
+async function executeLocalToolEnhanced(name, args) {
+  // Sandbox for run_command
+  if (name === "run_command") {
+    const sandboxLevel = getConfigValue("sandbox.level") || "basic";
+    const allowNetwork = getConfigValue("sandbox.allowNetwork") || false;
+
+    if (sandboxLevel !== "none") {
+      const result = await sandboxExec(args.command, {
+        cwd: args.cwd || process.cwd(),
+        timeout: args.timeout || 120000,
+        level: sandboxLevel === "strict" ? SandboxLevel.STRICT : SandboxLevel.BASIC,
+        allowNetwork,
+      });
+      return {
+        stdout: result.stdout,
+        stderr: result.stderr,
+        exitCode: result.exitCode,
+        ...(result.timedOut ? { timedOut: true } : {}),
+        sandbox: getSandboxInfo(sandboxLevel),
+      };
+    }
+  }
+
+  // Diff tracking for file modifications
+  if (name === "write_file" || name === "edit_file") {
+    const filePath = args.path || args.file_path;
+    const snapshot = snapshotFile(filePath);
+    const result = await executeLocalTool(name, args);
+    if (!result.error) {
+      const { readFileSync, existsSync } = await import("fs");
+      const absPath = filePath.startsWith("/") ? filePath : `${process.cwd()}/${filePath}`;
+      if (existsSync(absPath)) {
+        const newContent = readFileSync(absPath, "utf-8");
+        const change = recordChange(snapshot, newContent, name === "write_file" ? "write" : "edit");
+        result.diff = generateDiff(change).split("\n").slice(0, 20).join("\n");
+      }
+    }
+    return result;
   }
 
-  // Run PreToolUse hooks
+  return executeLocalTool(name, args);
+}
+
+// ── Main tool execution with approval + hooks + permissions ───────────────────
+let sessionAutoApprove = false;
+
+async function executeTool(name, args, orchestrator, allTools, parseSSE, mcpManager) {
+  // Permission rules check
+  const permission = checkPermission(name, args);
+  if (permission === "deny") return { error: `Tool ${name} is denied by permission rules` };
+
+  // Pre-tool hooks
   const hookResult = await runHooks("PreToolUse", { toolName: name, input: args });
-  if (!hookResult.allowed) {
-    return { error: hookResult.reason || `Blocked by hook` };
+  if (!hookResult.allowed) return { error: hookResult.reason || "Blocked by hook" };
+
+  // MCP tools
+  if (mcpManager?.isMcpTool(name)) {
+    const result = await mcpManager.callTool(name, args);
+    await runHooks("PostToolUse", { toolName: name, input: args, result });
+    return result;
+  }
+
+  // Agent meta-tools
+  if (AGENT_TOOL_NAMES.has(name)) {
+    const result = await executeAgentTool(name, args, orchestrator, allTools, parseSSE);
+    await runHooks("PostToolUse", { toolName: name, input: args, result });
+    return result;
   }
 
   // Cloud tools
@@ -114,31 +204,42 @@ async function executeTool(name, args) {
     return result;
   }
 
-  // Local tools — check if confirmation needed
-  if (permission === "ask" || (permission !== "allow" && toolRequiresConfirmation(name))) {
-    const allowed = await confirmAction(name, args);
-    if (!allowed) return { error: "User denied execution" };
+  // Local tools — enhanced approval system
+  if (!sessionAutoApprove) {
+    const decision = shouldApprove(name, args);
+    if (decision === "deny") return { error: "Denied by approval policy" };
+    if (decision === "ask" || decision === "suggest") {
+      // Override with permission rules
+      if (permission === "allow") {
+        // Permission rules say allow, skip approval
+      } else {
+        const approved = await promptApproval(name, args, decision);
+        if (approved === "auto") {
+          sessionAutoApprove = true;
+        } else if (!approved) {
+          return { error: "User denied execution" };
+        }
+      }
+    }
   }
 
-  const result = await executeLocalTool(name, args);
+  const result = await executeLocalToolEnhanced(name, args);
   await runHooks("PostToolUse", { toolName: name, input: args, result });
   return result;
 }
 
+// ── SSE Stream Parser ─────────────────────────────────────────────────────────
 async function* parseSSEStream(response) {
   const reader = response.body.getReader();
   const decoder = new TextDecoder();
   let buffer = "";
-
   try {
     while (true) {
       const { done, value } = await reader.read();
       if (done) break;
-
       buffer += decoder.decode(value, { stream: true });
       const lines = buffer.split("\n");
       buffer = lines.pop() || "";
-
       for (const line of lines) {
         if (line.startsWith("data: ")) {
           const data = line.slice(6).trim();
@@ -152,7 +253,7 @@ async function* parseSSEStream(response) {
   }
 }
 
-// Active session state
+// ── Active session state ──────────────────────────────────────────────────────
 let currentSession = null;
 
 export async function runAgent(userRequest, options = {}) {
@@ -163,17 +264,28 @@ export async function runAgent(userRequest, options = {}) {
   const memoryContext = getMemoryContext();
   const skillContext = getSkillContext(plugins.skills, userRequest);
 
-  // Check for slash commands
+  // Initialize MCP servers
+  const mcpManager = new McpManager();
+  const mcpServers = getConfigValue("mcp.servers") || {};
+  for (const [name, config] of Object.entries(mcpServers)) {
+    if (config.command) await mcpManager.addServer(name, config);
+  }
+
+  // Create provider
+  const providerName = getConfigValue("agent.provider") || getConfigValue("ai.provider") || "cheri";
+  const provider = createProvider(providerName);
+  const agentModel = getConfigValue("agent.model") || getConfigValue("ai.model") || "";
+
+  // Handle slash commands
   if (userRequest.startsWith("/")) {
     const cmdName = userRequest.slice(1).split(/\s+/)[0];
     const cmdArgs = userRequest.slice(1 + cmdName.length).trim();
 
-    // Built-in slash commands
     if (cmdName === "sessions" || cmdName === "history") {
       const sessions = listSessions();
       if (sessions.length === 0) { log.info("No saved sessions."); return; }
       log.brand("Sessions");
-      sessions.slice(0, 10).forEach((s) => {
+      sessions.slice(0, 10).forEach(s => {
         console.log(`  ${chalk.dim(s.id.slice(0, 12))}  ${s.title}  ${chalk.dim(`(${s.messageCount} msgs)`)}`);
       });
       return;
@@ -181,7 +293,7 @@ export async function runAgent(userRequest, options = {}) {
     if (cmdName === "resume") {
       const sessions = listSessions();
       if (sessions.length === 0) { log.info("No sessions to resume."); return; }
-      const target = cmdArgs ? sessions.find((s) => s.id.includes(cmdArgs)) : sessions[0];
+      const target = cmdArgs ? sessions.find(s => s.id.includes(cmdArgs)) : sessions[0];
       if (!target) { log.error("Session not found."); return; }
       const data = loadSession(target.id);
       if (data) {
@@ -202,9 +314,68 @@ export async function runAgent(userRequest, options = {}) {
     }
     if (cmdName === "new") {
       currentSession = null;
+      clearSessionChanges();
+      sessionAutoApprove = false;
       log.success("Started new session.");
       return;
     }
+    if (cmdName === "changes") {
+      const changes = getSessionChanges();
+      if (changes.length === 0) { log.info("No file changes this session."); return; }
+      log.brand("File Changes");
+      changes.forEach((c, i) => {
+        console.log(`  ${chalk.dim(`[${i}]`)} ${chalk.cyan(c.operation)} ${c.path} ${chalk.dim(`(${c.linesAdded > 0 ? "+" : ""}${c.linesAdded} lines)`)}`);
+      });
+      return;
+    }
+    if (cmdName === "rollback") {
+      if (cmdArgs === "all") {
+        const results = rollbackAll();
+        log.success(`Rolled back ${results.length} changes.`);
+      } else {
+        const idx = parseInt(cmdArgs);
+        if (isNaN(idx)) { log.error("Usage: /rollback <index> or /rollback all"); return; }
+        const result = rollbackChange(idx);
+        if (result.error) log.error(result.error);
+        else log.success(`Rolled back: ${result.path}`);
+      }
+      return;
+    }
+    if (cmdName === "stats") {
+      if (!currentSession) { log.info("No active session."); return; }
+      const stats = getContextStats(currentSession.messages);
+      log.brand("Session Stats");
+      log.keyValue("Tokens", `~${Math.round(stats.tokens / 1000)}k`);
+      log.keyValue("Messages", stats.messageCount);
+      log.keyValue("User turns", stats.turns);
+      log.keyValue("Tool calls", stats.toolCalls);
+      log.keyValue("Provider", providerName);
+      log.keyValue("Model", agentModel || "(default)");
+      log.keyValue("Approval", getApprovalMode());
+      log.keyValue("Sandbox", getConfigValue("sandbox.level") || "basic");
+      return;
+    }
+    if (cmdName === "mode") {
+      if (!cmdArgs) {
+        log.info(`Current approval mode: ${chalk.cyan(getApprovalMode())}`);
+        log.dim("  Modes: auto, suggest, ask, deny");
+        return;
+      }
+      const { setConfigValue } = await import("../lib/config-store.js");
+      setConfigValue("approval.mode", cmdArgs);
+      log.success(`Approval mode set to: ${cmdArgs}`);
+      return;
+    }
+    if (cmdName === "model") {
+      if (!cmdArgs) {
+        log.info(`Current model: ${chalk.cyan(agentModel || "(provider default)")}`);
+        return;
+      }
+      const { setConfigValue } = await import("../lib/config-store.js");
+      setConfigValue("agent.model", cmdArgs);
+      log.success(`Agent model set to: ${cmdArgs}`);
+      return;
+    }
 
     // Plugin slash commands
     const cmd = getSlashCommand(plugins.commands, cmdName);
@@ -214,10 +385,8 @@ export async function runAgent(userRequest, options = {}) {
     }
   }
 
-  // Run SessionStart hooks on first message
-  if (!currentSession) {
-    await runHooks("SessionStart", { cwd: process.cwd() });
-  }
+  // Run SessionStart hooks
+  if (!currentSession) await runHooks("SessionStart", { cwd: process.cwd() });
 
   // Build or continue session
   if (!currentSession) {
@@ -227,20 +396,15 @@ export async function runAgent(userRequest, options = {}) {
       title: userRequest.slice(0, 60),
       createdAt: Date.now(),
     };
-  } else {
-    // Inject fresh skill context if relevant
-    if (skillContext) {
-      const sysMsg = currentSession.messages.find((m) => m.role === "system");
-      if (sysMsg && !sysMsg.content.includes(skillContext)) {
-        sysMsg.content += skillContext;
-      }
-    }
+  } else if (skillContext) {
+    const sysMsg = currentSession.messages.find(m => m.role === "system");
+    if (sysMsg && !sysMsg.content.includes(skillContext)) sysMsg.content += skillContext;
   }
 
   currentSession.messages.push({ role: "user", content: userRequest });
   currentSession.updatedAt = Date.now();
 
-  // Auto-compact if conversation is too long
+  // Auto-compact if needed
   if (shouldCompact(currentSession.messages)) {
     const { messages, compacted } = compactMessages(currentSession.messages);
     if (compacted) {
@@ -249,11 +413,22 @@ export async function runAgent(userRequest, options = {}) {
     }
   }
 
-  const ALL_TOOLS = buildTools();
-  const MAX_ITERATIONS = 15;
+  // Build tools including MCP
+  const mcpTools = mcpManager.getAllToolDefinitions();
+  const ALL_TOOLS = buildTools(mcpTools);
+
+  // Create orchestrator for sub-agents
+  const orchestrator = new AgentOrchestrator(
+    (msgs, tools) => provider.chatStream(msgs, tools, { model: agentModel || undefined }),
+    (name, args) => executeTool(name, args, null, ALL_TOOLS, parseSSEStream, mcpManager)
+  );
+
+  const MAX_ITERATIONS = getConfigValue("agent.maxIterations") || 15;
 
   for (let i = 0; i < MAX_ITERATIONS; i++) {
-    const response = await apiClient.chatStream(currentSession.messages, ALL_TOOLS);
+    const response = await provider.chatStream(currentSession.messages, ALL_TOOLS, {
+      model: agentModel || undefined,
+    });
 
     let fullText = "";
     const toolCalls = {};
@@ -283,49 +458,83 @@ export async function runAgent(userRequest, options = {}) {
     const toolCallList = Object.values(toolCalls);
 
     if (toolCallList.length === 0) {
-      if (fullText) process.stdout.write("\n");
-      // Save assistant response to session
+      // Render markdown for final text output
+      if (fullText) {
+        process.stdout.write("\r\x1b[K"); // clear streaming line
+        console.log(renderMarkdown(fullText));
+      }
       currentSession.messages.push({ role: "assistant", content: fullText });
       saveSession(currentSession.id, currentSession);
+      mcpManager.disconnectAll();
       return;
     }
 
     if (fullText) process.stdout.write("\n");
 
     const assistantMsg = { role: "assistant", content: fullText || null };
-    assistantMsg.tool_calls = toolCallList.map((tc) => ({
+    assistantMsg.tool_calls = toolCallList.map(tc => ({
       id: tc.id, type: "function", function: { name: tc.name, arguments: tc.arguments },
     }));
     currentSession.messages.push(assistantMsg);
 
+    // Execute tools — parallel for safe tools, sequential for others
+    const safeTools = [];
+    const unsafeTools = [];
+
     for (const tc of toolCallList) {
       let input = {};
       try { input = JSON.parse(tc.arguments); } catch {}
+      const isSafe = tc.name === "read_file" || tc.name === "list_directory" ||
+        tc.name === "search_files" || tc.name === "search_content" ||
+        CLOUD_TOOL_NAMES.has(tc.name);
+      (isSafe ? safeTools : unsafeTools).push({ tc, input });
+    }
 
-      const isLocal = !CLOUD_TOOL_NAMES.has(tc.name);
-      const prefix = isLocal ? chalk.magenta("local") : chalk.blue("cloud");
-      log.info(`${prefix} ${chalk.cyan(tc.name)}${Object.keys(input).length ? chalk.dim(" " + truncate(JSON.stringify(input), 80)) : ""}`);
+    // Execute safe tools in parallel
+    const executeOne = async ({ tc, input }) => {
+      const isMcp = mcpManager.isMcpTool(tc.name);
+      const isLocal = !CLOUD_TOOL_NAMES.has(tc.name) && !AGENT_TOOL_NAMES.has(tc.name) && !isMcp;
+      const prefix = isMcp ? chalk.magenta("mcp") : isLocal ? chalk.magenta("local") : chalk.blue("cloud");
+
+      // Command safety label
+      let safetyStr = "";
+      if (tc.name === "run_command" && input.command) {
+        const safety = getSafetyLabel(input.command);
+        safetyStr = ` ${chalk[safety.color](`[${safety.label}]`)}`;
+      }
 
-      const result = await executeTool(tc.name, input);
+      log.info(`${prefix} ${chalk.cyan(tc.name)}${safetyStr}${Object.keys(input).length ? chalk.dim(" " + truncate(JSON.stringify(input), 80)) : ""}`);
 
-      if (result.error) {
-        log.error(result.error);
-      } else {
-        log.success(tc.name);
-      }
+      const result = await executeTool(tc.name, input, orchestrator, ALL_TOOLS, parseSSEStream, mcpManager);
+
+      if (result.error) log.error(result.error);
+      else log.success(tc.name);
+
+      return { id: tc.id, result };
+    };
+
+    // Parallel execution for safe tools
+    const safeResults = safeTools.length > 0 ? await Promise.all(safeTools.map(executeOne)) : [];
 
+    // Sequential execution for unsafe tools
+    const unsafeResults = [];
+    for (const item of unsafeTools) {
+      unsafeResults.push(await executeOne(item));
+    }
+
+    // Add all results to messages
+    for (const { id, result } of [...safeResults, ...unsafeResults]) {
       const resultStr = JSON.stringify(result);
       const truncatedResult = resultStr.length > 8000 ? resultStr.slice(0, 8000) + "...(truncated)" : resultStr;
-
-      currentSession.messages.push({ role: "tool", tool_call_id: tc.id, content: truncatedResult });
+      currentSession.messages.push({ role: "tool", tool_call_id: id, content: truncatedResult });
     }
 
-    // Save session after each tool round
     saveSession(currentSession.id, currentSession);
   }
 
-  log.warn("Agent reached maximum iterations (15). Stopping.");
+  log.warn("Agent reached maximum iterations. Stopping.");
   await runHooks("Stop", { reason: "max_iterations" });
+  mcpManager.disconnectAll();
 }
 
 function truncate(str, max) {
@@ -337,9 +546,32 @@ export function registerAgentCommand(program) {
     .command("agent")
     .argument("<request...>")
     .description("AI coding agent — natural language command interface")
-    .action(async (requestParts) => {
+    .option("-p, --provider <name>", "AI provider (cheri, openai, anthropic, deepseek, ollama, ...)")
+    .option("-m, --model <id>", "Model ID to use")
+    .option("--auto", "Auto-approve all tool executions")
+    .option("--sandbox <level>", "Sandbox level: none, basic, strict")
+    .action(async (requestParts, opts) => {
       const request = requestParts.join(" ");
-      try { await runAgent(request); }
-      catch (err) { log.error(err.message); }
+      try {
+        if (opts.provider) {
+          const { setConfigValue } = await import("../lib/config-store.js");
+          setConfigValue("agent.provider", opts.provider);
+        }
+        if (opts.model) {
+          const { setConfigValue } = await import("../lib/config-store.js");
+          setConfigValue("agent.model", opts.model);
+        }
+        if (opts.auto) {
+          const { setConfigValue } = await import("../lib/config-store.js");
+          setConfigValue("approval.mode", "auto");
+        }
+        if (opts.sandbox) {
+          const { setConfigValue } = await import("../lib/config-store.js");
+          setConfigValue("sandbox.level", opts.sandbox);
+        }
+        await runAgent(request);
+      } catch (err) {
+        log.error(err.message);
+      }
     });
 }