@heysalad/cheri-cli 1.0.0 → 1.1.0

package/CHANGELOG.md

@@ -0,0 +1,95 @@
+# Changelog
+
+All notable changes to Cheri CLI will be documented in this file.
+
+## [1.1.0] - 2026-02-17
+
+### ✨ Added - Beautiful UI & Animations
+
+#### Enhanced Visual Feedback
+- **Thinking Animation**: Beautiful animated spinner while AI processes requests
+- **Tool Execution Panels**: Rich, color-coded panels for each tool with:
+  - Tool-specific icons (📖 for reading, ✍️ for writing, ⚡ for executing)
+  - Real-time elapsed time tracking
+  - Success/failure animations with context
+  - Preview of results in success messages
+
+#### New UI Components
+- **Gradient Colors**: Beautiful gradient text for enhanced readability
+  - Cheri red (#FF6B6B), Purple (#A855F7), Blue (#3B82F6), Green (#10B981)
+  - Cyan (#06B6D4), Yellow (#F59E0B), Pink (#EC4899)
+- **Custom Spinners**: Operation-specific animated spinners
+  - File operations: Reading, writing, editing, deleting
+  - Cloud operations: API calls, workspace management
+  - Search operations: File and content search
+  - Command execution: Shell command progress
+  - AI thinking: Multi-frame thinking animation
+
+#### Enhanced Logging
+- **Enhanced Icons**: Unicode icons for all status messages (✓ ✗ ⚠ ℹ 💡)
+- **Box Drawing**: Beautiful borders with unicode box characters
+- **Progress Bars**: Animated progress indicators with percentage
+- **Stream Renderer**: Colored streaming text for AI responses
+- **Tool Panels**: Live-updating panels for tool execution with timing
+
+#### Developer Experience
+- **Managed Spinners**: Automatic cleanup of all active spinners
+- **Error Context**: Better error messages with truncated stack traces
+- **Visual Separators**: Clear section dividers between operations
+- **Status Messages**: Context-aware success/failure messages
+
+### 🔧 Improved
+
+#### Agent Command
+- Streaming responses now display in gradient cyan for better readability
+- Tool executions show in animated panels with real-time feedback
+- Visual separator between AI response and tool execution
+- Thinking spinner appears while waiting for AI response
+- Better error display with color-coded severity
+
+#### Logger
+- Enhanced all log methods with gradient colors
+- Added icons to all status messages
+- Improved visual hierarchy with better spacing
+- Enhanced banner with animated logo
+
+### 📚 Files Added
+- `src/lib/ui.js` - Complete UI system with animations and components
+
+### 🐛 Bug Fixes
+- Fixed missing newlines after tool execution
+- Better handling of long command outputs in spinners
+- Improved truncation of long file paths in status messages
+
+---
+
+## [1.0.0] - 2026-02-16
+
+### Initial Release
+- AI-powered coding agent with tool execution
+- Cloud workspace management
+- Session persistence and resume
+- MCP server integration
+- Multi-agent orchestration
+- Sandbox command execution
+- File operations (read, write, edit)
+- Search capabilities
+- Configuration management
+- Memory system
+- Plugin/skill support
+- Approval workflows
+- Diff tracking and rollback
+
+---
+
+## Future Roadmap
+
+### Planned Features
+- Interactive mode with REPL
+- Diff viewer with syntax highlighting
+- File tree visualization
+- Real-time collaboration indicators
+- Custom theme support
+- Notification sounds (optional)
+- Performance metrics dashboard
+- Export session transcripts with formatting

package/package.json

@@ -1,14 +1,20 @@
 {
   "name": "@heysalad/cheri-cli",
-  "version": "1.0.0",
-  "description": "Cheri CLI - AI-powered cloud IDE by HeySalad. Like Claude Code, but for cloud workspaces.",
+  "version": "1.1.0",
+  "description": "Cheri CLI - AI-powered cloud IDE by HeySalad. Like Claude Code, but for cloud workspaces. Now with beautiful animations and enhanced UI!",
   "type": "module",
   "bin": {
     "cheri": "./bin/cheri.js"
   },
   "files": [
     "bin/",
-    "src/"
+    "src/**/*.js",
+    "!src/**/*.fixed.js",
+    "!src/**/*.backup.js",
+    "!src/**/*.test.js",
+    "!src/**/*.spec.js",
+    "CHANGELOG.md",
+    "README.md"
   ],
   "scripts": {
     "start": "node bin/cheri.js",

package/src/commands/agent.js

@@ -15,6 +15,7 @@ import { snapshotFile, recordChange, getSessionChanges, generateDiff, rollbackCh
 import { shouldApprove, promptApproval, getApprovalMode } from "../lib/approval.js";
 import { McpManager } from "../lib/mcp/client.js";
 import { AgentOrchestrator } from "../lib/multi-agent.js";
+import { ToolPanel, status, StreamRenderer, gradients, icons } from "../lib/ui.js";
 import chalk from "chalk";
 import readline from "readline";
 
@@ -229,27 +230,53 @@ async function executeTool(name, args, orchestrator, allTools, parseSSE, mcpMana
 }
 
 // ── SSE Stream Parser ─────────────────────────────────────────────────────────
+const STREAM_TIMEOUT_MS = 120000; // 2 minutes with no data = timeout
+
 async function* parseSSEStream(response) {
   const reader = response.body.getReader();
   const decoder = new TextDecoder();
   let buffer = "";
+  let lastDataAt = Date.now();
+
   try {
     while (true) {
-      const { done, value } = await reader.read();
+      // Race between next chunk and timeout
+      const timeoutPromise = new Promise((_, reject) => {
+        const remaining = STREAM_TIMEOUT_MS - (Date.now() - lastDataAt);
+        if (remaining <= 0) reject(new Error("Stream timed out — no data received for 2 minutes"));
+        else setTimeout(() => reject(new Error("Stream timed out — no data received for 2 minutes")), remaining);
+      });
+
+      let result;
+      try {
+        result = await Promise.race([reader.read(), timeoutPromise]);
+      } catch (err) {
+        log.warn(err.message);
+        break;
+      }
+
+      const { done, value } = result;
       if (done) break;
+
+      lastDataAt = Date.now();
       buffer += decoder.decode(value, { stream: true });
       const lines = buffer.split("\n");
       buffer = lines.pop() || "";
+
       for (const line of lines) {
         if (line.startsWith("data: ")) {
           const data = line.slice(6).trim();
           if (data === "[DONE]") return;
-          try { yield JSON.parse(data); } catch {}
+          try {
+            yield JSON.parse(data);
+          } catch (parseErr) {
+            log.dim(`SSE parse warning: ${parseErr.message}`);
+          }
         }
       }
     }
   } finally {
-    reader.releaseLock();
+    try { reader.releaseLock(); } catch {}
   }
 }
 
@@ -264,19 +291,12 @@ export async function runAgent(userRequest, options = {}) {
   const memoryContext = getMemoryContext();
   const skillContext = getSkillContext(plugins.skills, userRequest);
 
-  // Initialize MCP servers
-  const mcpManager = new McpManager();
-  const mcpServers = getConfigValue("mcp.servers") || {};
-  for (const [name, config] of Object.entries(mcpServers)) {
-    if (config.command) await mcpManager.addServer(name, config);
-  }
-
   // Create provider
   const providerName = getConfigValue("agent.provider") || getConfigValue("ai.provider") || "cheri";
   const provider = createProvider(providerName);
   const agentModel = getConfigValue("agent.model") || getConfigValue("ai.model") || "";
 
-  // Handle slash commands
+  // Handle slash commands (before MCP init to avoid leaking child processes)
   if (userRequest.startsWith("/")) {
     const cmdName = userRequest.slice(1).split(/\s+/)[0];
     const cmdArgs = userRequest.slice(1 + cmdName.length).trim();
@@ -385,6 +405,13 @@ export async function runAgent(userRequest, options = {}) {
     }
   }
 
+  // Initialize MCP servers (after slash commands to avoid leaking child processes on early returns)
+  const mcpManager = new McpManager();
+  const mcpServers = getConfigValue("mcp.servers") || {};
+  for (const [name, config] of Object.entries(mcpServers)) {
+    if (config.command) await mcpManager.addServer(name, config);
+  }
+
   // Run SessionStart hooks
   if (!currentSession) await runHooks("SessionStart", { cwd: process.cwd() });
 
@@ -425,116 +452,165 @@ export async function runAgent(userRequest, options = {}) {
 
   const MAX_ITERATIONS = getConfigValue("agent.maxIterations") || 15;
 
-  for (let i = 0; i < MAX_ITERATIONS; i++) {
-    const response = await provider.chatStream(currentSession.messages, ALL_TOOLS, {
-      model: agentModel || undefined,
-    });
+  try {
+    for (let i = 0; i < MAX_ITERATIONS; i++) {
+      // Show thinking animation while waiting for response
+      const thinkingSpinner = status.thinking('Analyzing request...');
+      thinkingSpinner.start();
 
-    let fullText = "";
-    const toolCalls = {};
+      const response = await provider.chatStream(currentSession.messages, ALL_TOOLS, {
+        model: agentModel || undefined,
+      });
 
-    for await (const chunk of parseSSEStream(response)) {
-      const delta = chunk.choices?.[0]?.delta;
-      const finishReason = chunk.choices?.[0]?.finish_reason;
+      let fullText = "";
+      const toolCalls = {};
+      let firstContent = false;
+
+      for await (const chunk of parseSSEStream(response)) {
+        const delta = chunk.choices?.[0]?.delta;
+        const finishReason = chunk.choices?.[0]?.finish_reason;
+
+        if (delta?.content) {
+          // Stop thinking spinner on first content
+          if (!firstContent) {
+            thinkingSpinner.stop();
+            firstContent = true;
+          }
+          // Stream with gradient color
+          process.stdout.write(gradients.cyan(delta.content));
+          fullText += delta.content;
+        }
 
-      if (delta?.content) {
-        process.stdout.write(delta.content);
-        fullText += delta.content;
-      }
+        if (delta?.tool_calls) {
+          // Stop spinner if we're getting tool calls
+          if (!firstContent) {
+            thinkingSpinner.stop();
+            firstContent = true;
+          }
+
+          for (const tc of delta.tool_calls) {
+            const idx = tc.index;
+            if (!toolCalls[idx]) toolCalls[idx] = { id: tc.id || "", name: "", arguments: "" };
+            if (tc.id) toolCalls[idx].id = tc.id;
+            if (tc.function?.name) toolCalls[idx].name = tc.function.name;
+            if (tc.function?.arguments) toolCalls[idx].arguments += tc.function.arguments;
+          }
+        }
 
-      if (delta?.tool_calls) {
-        for (const tc of delta.tool_calls) {
-          const idx = tc.index;
-          if (!toolCalls[idx]) toolCalls[idx] = { id: tc.id || "", name: "", arguments: "" };
-          if (tc.id) toolCalls[idx].id = tc.id;
-          if (tc.function?.name) toolCalls[idx].name = tc.function.name;
-          if (tc.function?.arguments) toolCalls[idx].arguments += tc.function.arguments;
+        if (finishReason) {
+          if (!firstContent) thinkingSpinner.stop();
+          break;
         }
       }
 
-      if (finishReason) break;
-    }
+      const toolCallList = Object.values(toolCalls);
 
-    const toolCallList = Object.values(toolCalls);
+      if (toolCallList.length === 0) {
+        // Text was already streamed to stdout, just add a newline
+        if (fullText) {
+          process.stdout.write("\n");
+        }
+        currentSession.messages.push({ role: "assistant", content: fullText });
+        saveSession(currentSession.id, currentSession);
+        return;
+      }
 
-    if (toolCallList.length === 0) {
-      // Render markdown for final text output
       if (fullText) {
-        process.stdout.write("\r\x1b[K"); // clear streaming line
-        console.log(renderMarkdown(fullText));
+        process.stdout.write("\n");
+        // Add visual separator after text response
+        if (toolCallList.length > 0) {
+          console.log(chalk.dim("─".repeat(60)));
+        }
       }
-      currentSession.messages.push({ role: "assistant", content: fullText });
-      saveSession(currentSession.id, currentSession);
-      mcpManager.disconnectAll();
-      return;
-    }
-
-    if (fullText) process.stdout.write("\n");
-
-    const assistantMsg = { role: "assistant", content: fullText || null };
-    assistantMsg.tool_calls = toolCallList.map(tc => ({
-      id: tc.id, type: "function", function: { name: tc.name, arguments: tc.arguments },
-    }));
-    currentSession.messages.push(assistantMsg);
-
-    // Execute tools — parallel for safe tools, sequential for others
-    const safeTools = [];
-    const unsafeTools = [];
-
-    for (const tc of toolCallList) {
-      let input = {};
-      try { input = JSON.parse(tc.arguments); } catch {}
-      const isSafe = tc.name === "read_file" || tc.name === "list_directory" ||
-        tc.name === "search_files" || tc.name === "search_content" ||
-        CLOUD_TOOL_NAMES.has(tc.name);
-      (isSafe ? safeTools : unsafeTools).push({ tc, input });
-    }
 
-    // Execute safe tools in parallel
-    const executeOne = async ({ tc, input }) => {
-      const isMcp = mcpManager.isMcpTool(tc.name);
-      const isLocal = !CLOUD_TOOL_NAMES.has(tc.name) && !AGENT_TOOL_NAMES.has(tc.name) && !isMcp;
-      const prefix = isMcp ? chalk.magenta("mcp") : isLocal ? chalk.magenta("local") : chalk.blue("cloud");
-
-      // Command safety label
-      let safetyStr = "";
-      if (tc.name === "run_command" && input.command) {
-        const safety = getSafetyLabel(input.command);
-        safetyStr = ` ${chalk[safety.color](`[${safety.label}]`)}`;
+      const assistantMsg = { role: "assistant", content: fullText || null };
+      assistantMsg.tool_calls = toolCallList.map(tc => ({
+        id: tc.id, type: "function", function: { name: tc.name, arguments: tc.arguments },
+      }));
+      currentSession.messages.push(assistantMsg);
+
+      // Execute tools — parallel for safe tools, sequential for others
+      const safeTools = [];
+      const unsafeTools = [];
+
+      for (const tc of toolCallList) {
+        let input = {};
+        try { input = JSON.parse(tc.arguments); } catch {}
+        const isSafe = tc.name === "read_file" || tc.name === "list_directory" ||
+          tc.name === "search_files" || tc.name === "search_content" ||
+          CLOUD_TOOL_NAMES.has(tc.name);
+        (isSafe ? safeTools : unsafeTools).push({ tc, input });
       }
 
-      log.info(`${prefix} ${chalk.cyan(tc.name)}${safetyStr}${Object.keys(input).length ? chalk.dim(" " + truncate(JSON.stringify(input), 80)) : ""}`);
+      // Execute safe tools in parallel
+      const executeOne = async ({ tc, input }) => {
+        const isMcp = mcpManager.isMcpTool(tc.name);
+        const isLocal = !CLOUD_TOOL_NAMES.has(tc.name) && !AGENT_TOOL_NAMES.has(tc.name) && !isMcp;
 
-      const result = await executeTool(tc.name, input, orchestrator, ALL_TOOLS, parseSSEStream, mcpManager);
+        // Create animated panel for this tool execution
+        const panel = new ToolPanel(tc.name, input);
 
-      if (result.error) log.error(result.error);
-      else log.success(tc.name);
+        // Command safety label for run_command
+        if (tc.name === "run_command" && input.command) {
+          const safety = getSafetyLabel(input.command);
+          const safetyLabel = chalk[safety.color](`[${safety.label}]`);
+          panel.update(`running ${safetyLabel}`);
+        }
 
-      return { id: tc.id, result };
-    };
+        const result = await executeTool(tc.name, input, orchestrator, ALL_TOOLS, parseSSEStream, mcpManager);
 
-    // Parallel execution for safe tools
-    const safeResults = safeTools.length > 0 ? await Promise.all(safeTools.map(executeOne)) : [];
+        // Determine result message based on tool type
+        let resultMsg = '';
+        if (result.stdout && tc.name === "run_command") {
+          const preview = result.stdout.split('\n')[0].slice(0, 50);
+          resultMsg = preview + (result.stdout.length > 50 ? '...' : '');
+        } else if (result.path || result.file_path) {
+          resultMsg = result.path || result.file_path;
+        }
 
-    // Sequential execution for unsafe tools
-    const unsafeResults = [];
-    for (const item of unsafeTools) {
-      unsafeResults.push(await executeOne(item));
-    }
+        if (result.error) {
+          panel.fail(result.error.slice(0, 80));
+        } else {
+          panel.succeed(resultMsg);
+        }
+
+        return { id: tc.id, result };
+      };
 
-    // Add all results to messages
-    for (const { id, result } of [...safeResults, ...unsafeResults]) {
-      const resultStr = JSON.stringify(result);
-      const truncatedResult = resultStr.length > 8000 ? resultStr.slice(0, 8000) + "...(truncated)" : resultStr;
-      currentSession.messages.push({ role: "tool", tool_call_id: id, content: truncatedResult });
+      // Parallel execution for safe tools — use allSettled to avoid losing results on single failure
+      const safeResults = [];
+      if (safeTools.length > 0) {
+        const settled = await Promise.allSettled(safeTools.map(executeOne));
+        for (let j = 0; j < settled.length; j++) {
+          if (settled[j].status === "fulfilled") {
+            safeResults.push(settled[j].value);
+          } else {
+            safeResults.push({ id: safeTools[j].tc.id, result: { error: settled[j].reason?.message || "Tool execution failed" } });
+          }
+        }
+      }
+
+      // Sequential execution for unsafe tools
+      const unsafeResults = [];
+      for (const item of unsafeTools) {
+        unsafeResults.push(await executeOne(item));
+      }
+
+      // Add all results to messages
+      for (const { id, result } of [...safeResults, ...unsafeResults]) {
+        const resultStr = JSON.stringify(result);
+        const truncatedResult = resultStr.length > 8000 ? resultStr.slice(0, 8000) + "...(truncated)" : resultStr;
+        currentSession.messages.push({ role: "tool", tool_call_id: id, content: truncatedResult });
+      }
+
+      saveSession(currentSession.id, currentSession);
     }
 
-    saveSession(currentSession.id, currentSession);
+    log.warn("Agent reached maximum iterations. Stopping.");
+    await runHooks("Stop", { reason: "max_iterations" });
+  } finally {
+    mcpManager.disconnectAll();
   }
-
-  log.warn("Agent reached maximum iterations. Stopping.");
-  await runHooks("Stop", { reason: "max_iterations" });
-  mcpManager.disconnectAll();
 }
 
 function truncate(str, max) {

package/src/commands/login.js

@@ -1,5 +1,5 @@
 import chalk from "chalk";
-import inquirer from "inquirer";
+import readline from "readline";
 import { setConfigValue, getConfigValue } from "../lib/config-store.js";
 import { apiClient } from "../lib/api-client.js";
 import { log } from "../lib/logger.js";
@@ -15,18 +15,38 @@ export async function loginFlow() {
   log.blank();
   console.log(`  ${chalk.cyan.underline(`${apiUrl}/auth/github?source=cli`)}`);
   log.blank();
-  log.info("Step 2: After GitHub login, your token will be shown automatically.");
+  log.info("Step 2: After GitHub login, your token will be shown.");
   log.info("        Copy it and paste it below.");
   log.blank();
 
-  const { token } = await inquirer.prompt([
-    {
-      type: "password",
-      name: "token",
-      message: "Paste your API token:",
-      mask: "*",
-    },
-  ]);
+  // Use raw readline to avoid inquirer's readline conflicts with REPL
+  const token = await new Promise((resolve) => {
+    const rl = readline.createInterface({
+      input: process.stdin,
+      output: process.stdout,
+      terminal: true,
+    });
+
+    // Mask input for security
+    let input = "";
+    const originalWrite = process.stdout.write.bind(process.stdout);
+
+    rl.question(chalk.cyan("  Paste your API token: "), (answer) => {
+      rl.close();
+      resolve(answer);
+    });
+
+    // Override _writeToOutput to mask characters
+    rl._writeToOutput = function (str) {
+      if (str.includes("\n") || str.includes("\r")) {
+        originalWrite.call(process.stdout, str);
+      } else if (str.length === 1 && str !== " " && !str.startsWith("\x1b")) {
+        originalWrite.call(process.stdout, "*");
+      } else {
+        originalWrite.call(process.stdout, str);
+      }
+    };
+  });
 
   if (!token || !token.trim()) {
     throw new Error("No token provided.");

package/src/commands/memory.js

@@ -8,7 +8,7 @@ export async function showMemory(options = {}) {
   const spinner = ora("Fetching memories...").start();
 
   try {
-    const { memories } = await apiClient.getMemory();
+    const { memories = [] } = await apiClient.getMemory();
     spinner.stop();
 
     log.blank();
@@ -66,7 +66,7 @@ export async function exportMemory(options = {}) {
   const spinner = ora("Exporting memories...").start();
 
   try {
-    const { memories } = await apiClient.getMemory();
+    const { memories = [] } = await apiClient.getMemory();
 
     const exportData = {
       version: "0.1.0",

package/src/commands/status.js

@@ -27,7 +27,7 @@ export async function showStatus() {
   // Workspaces
   log.header("Workspaces");
   try {
-    const { workspaces } = await apiClient.listWorkspaces();
+    const { workspaces = [] } = await apiClient.listWorkspaces();
     if (workspaces.length === 0) {
       log.keyValue("Count", "0");
       log.dim(`  Run ${chalk.cyan("cheri workspace launch owner/repo")} to create one.`);

package/src/commands/usage.js

@@ -14,19 +14,22 @@ export async function showUsage() {
     spinner.stop();
 
     // Rate limit
+    const rateLimit = data.rateLimit || {};
     log.header("Rate Limit");
     log.keyValue("Plan", data.plan === "pro" ? chalk.green("Pro") : "Free");
-    log.keyValue("Limit", `${data.rateLimit.limit} requests/hour`);
-    const remaining = data.rateLimit.remaining;
-    const limit = data.rateLimit.limit;
+    log.keyValue("Limit", `${rateLimit.limit ?? "N/A"} requests/hour`);
+    const remaining = rateLimit.remaining ?? 0;
+    const limit = rateLimit.limit ?? 1;
     const remainColor = remaining > limit * 0.5 ? chalk.green : remaining > limit * 0.1 ? chalk.yellow : chalk.red;
     log.keyValue("Remaining", remainColor(`${remaining}`));
-    log.keyValue("Resets at", data.rateLimit.resetsAt);
+    log.keyValue("Resets at", rateLimit.resetsAt ?? "N/A");
 
     // Today's usage
+    const usage = data.usage || {};
+    const today = usage.today || {};
     log.header("Today");
-    log.keyValue("Requests", `${data.usage.today.requests}`);
-    const endpoints = data.usage.today.endpoints || {};
+    log.keyValue("Requests", `${today.requests ?? 0}`);
+    const endpoints = today.endpoints || {};
     if (Object.keys(endpoints).length > 0) {
       for (const [ep, count] of Object.entries(endpoints)) {
         console.log(`    ${chalk.dim(ep)} ${chalk.cyan(count)}`);
@@ -34,10 +37,11 @@ export async function showUsage() {
     }
 
     // Summary
+    const summary = data.summary || {};
     log.header("Summary");
-    log.keyValue("Last 7 days", `${data.usage.last7d.requests} requests`);
-    log.keyValue("Last 30 days", `${data.usage.last30d.requests} requests`);
-    log.keyValue("All time", `${data.summary.totalRequests} requests`);
+    log.keyValue("Last 7 days", `${usage.last7d?.requests ?? 0} requests`);
+    log.keyValue("Last 30 days", `${usage.last30d?.requests ?? 0} requests`);
+    log.keyValue("All time", `${summary.totalRequests ?? 0} requests`);
     if (data.summary.memberSince) {
       log.keyValue("Member since", new Date(data.summary.memberSince).toLocaleDateString());
     }

package/src/commands/workspace.js

@@ -70,7 +70,7 @@ export async function listWorkspaces() {
       const statusColor =
         ws.status === "running" ? chalk.green : chalk.dim;
       console.log(
-        `  ${ws.id.padEnd(24)} ${(ws.repo || "").padEnd(24)} ${statusIcon} ${statusColor(ws.status.padEnd(9))} ${chalk.cyan(ws.url || "")}`
+        `  ${ws.id.padEnd(24)} ${(ws.repo || "").padEnd(24)} ${statusIcon} ${statusColor((ws.status || "unknown").padEnd(9))} ${chalk.cyan(ws.url || "")}`
       );
     });
 

package/src/lib/command-safety.js

@@ -135,7 +135,13 @@ const MODERATE_PATTERNS = [
 export function classifyCommand(command) {
   const trimmed = command.trim();
 
-  // Check exact safe commands first
+  // Check dangerous patterns FIRST (before safe commands, since safe commands
+  // like "cat", "echo", "sed" can be dangerous with certain arguments)
+  for (const pattern of DANGEROUS_PATTERNS) {
+    if (pattern.test(trimmed)) return "dangerous";
+  }
+
+  // Check exact safe commands
   if (SAFE_COMMANDS.has(trimmed)) return "safe";
 
   // Check if it starts with a safe command (with arguments)
@@ -143,11 +149,6 @@ export function classifyCommand(command) {
     if (trimmed.startsWith(safe + " ") || trimmed === safe) return "safe";
   }
 
-  // Check dangerous patterns
-  for (const pattern of DANGEROUS_PATTERNS) {
-    if (pattern.test(trimmed)) return "dangerous";
-  }
-
   // Check moderate patterns
   for (const pattern of MODERATE_PATTERNS) {
     if (pattern.test(trimmed)) return "moderate";

package/src/lib/config-store.js

@@ -149,20 +149,10 @@ export function getConfigValue(key) {
  */
 export function setConfigValue(key, value) {
   ensureConfigDir();
-  // Only load user config (not merged) to avoid persisting project/env overrides
+  // Only load user config (not merged) to avoid persisting defaults
   const userConfig = loadJsonFile(CONFIG_FILE);
-  const merged = deepMerge(getDefaultConfig(), userConfig);
-
-  const keys = key.split(".");
-  let current = merged;
-  for (let i = 0; i < keys.length - 1; i++) {
-    if (!current[keys[i]] || typeof current[keys[i]] !== "object") {
-      current[keys[i]] = {};
-    }
-    current = current[keys[i]];
-  }
-  current[keys[keys.length - 1]] = value;
-  setConfig(merged);
+  setNestedValue(userConfig, key, value);
+  setConfig(userConfig);
 }
 
 /**