@heysalad/cheri-cli 1.2.1 → 1.3.1

package/CHANGELOG.md

@@ -2,6 +2,82 @@
 
 All notable changes to Cheri CLI will be documented in this file.
 
+## [1.3.1] - 2026-02-17
+
+### 🐛 Bug Fixes
+
+#### Permission System
+- **Fixed spinner blocking approval prompts**: Approval prompts now appear BEFORE spinners start, preventing terminal blocking
+- **Added upfront permission request**: Tasks with write operations now ask for permissions at the start
+- **Better user experience**: Users can approve entire session with [a]lways option
+
+#### How It Works
+1. Agent analyzes task for write operations (build, create, modify, etc.)
+2. Shows upfront permission request: `[Y]es, [n]o, [a]lways`
+3. If approved, proceeds with task
+4. Individual risky operations still prompt for confirmation (unless 'always' was chosen)
+
+#### Changes
+- Moved approval logic before `ToolPanel` creation to avoid spinner blocking input
+- Added `requestUpfrontPermissions()` function to analyze and request batch permissions
+- Added `skipApproval` parameter to `executeTool()` to avoid double prompting
+- Improved permission flow for better UX
+
+---
+
+## [1.3.0] - 2026-02-17
+
+### 🎯 Major Feature - Token-Tracked Sessions with Predictable Costs
+
+#### Durable Objects Backend
+- **Automatic Workspace Creation**: Workspaces are automatically initialized on login
+- **Session Management**: Each chat is tracked as a separate session with token limits
+- **Token Tracking**: Real-time tracking of input and output tokens
+- **Cost Calculation**: Automatic cost estimation based on AWS Bedrock pricing
+  - Claude Sonnet 4: $3/M input, $15/M output
+  - Max ~$9 per 1M token session
+- **Auto-Compaction**: Sessions automatically compact at 90% of 1M token limit
+- **Force Compaction**: Sessions force compact at 100% to maintain limits
+
+#### New Cloud Tools
+- `get_workspace_stats` - View monthly token usage, limits, and costs
+- `list_sessions` - List all chat sessions with token tracking
+- `get_session_cost` - Get detailed cost breakdown for a specific session
+
+#### Backend Architecture
+- **WorkspaceDO**: One Durable Object per user managing all sessions
+- **SessionDO**: One Durable Object per chat tracking messages and tokens
+- **Persistent State**: Automatic state management with Cloudflare Durable Objects
+- **Scalable**: Handles unlimited users with per-user isolation
+
+#### API Enhancements
+- `POST /api/workspace/init` - Initialize user workspace
+- `POST /api/workspace/session/create` - Create new tracked session
+- `GET /api/workspace/sessions` - List recent sessions
+- `GET /api/workspace/session/:id` - Get specific session details
+- `GET /api/workspace/stats` - Get workspace statistics
+- `POST /api/session/:id/message` - Add message with token tracking
+- `GET /api/session/:id/cost` - Get session cost estimate
+- `POST /api/session/:id/compact` - Manual session compaction
+
+### ✨ Improved
+- **Login Flow**: Now automatically initializes workspace with token tracking
+- **Cost Visibility**: Users can see token usage and costs at any time
+- **Predictable Billing**: 1M token limit per chat ensures known maximum costs
+
+### 📚 Documentation
+- Added `ARCHITECTURE_PLAN.md` with complete system design
+- Added `DURABLE_OBJECTS_STARTER.ts` with implementation reference
+- Added `wrangler.toml` for Cloudflare Workers configuration
+
+### 🔧 Technical Details
+- Integrated Durable Objects into existing Cloudflare Workers backend
+- Added TypeScript interfaces for Workspace and Session types
+- Implemented token estimation based on character count (~4 chars/token)
+- Added pricing constants for multiple AI models (Claude, Nova)
+
+---
+
 ## [1.1.0] - 2026-02-17
 
 ### ✨ Added - Beautiful UI & Animations

package/README.md

@@ -2,7 +2,12 @@
 
 CLI for [Cheri](https://cheri.heysalad.app) — the AI-powered cloud IDE that never forgets.
 
-Manage workspaces, track API usage, and access your AI memory from the terminal.
+**Features:**
+- 🤖 AI-powered coding agent with tool execution
+- 📊 Token-tracked sessions with predictable costs
+- ☁️ Cloud workspace management
+- 💾 Persistent memory system
+- 🔧 Automatic workspace initialization
 
 ## Install
 
@@ -15,14 +20,14 @@ Requires Node.js 18+.
 ## Quick Start
 
 ```bash
-# Authenticate with your Cheri account
+# Authenticate with your Cheri account (auto-initializes workspace)
 cheri login
 
-# Launch a cloud workspace
-cheri workspace launch owner/my-repo
+# Start coding with AI agent
+cheri agent "create a todo list app"
 
-# Check account status
-cheri status
+# Check token usage and costs
+cheri stats
 
 # View API usage and rate limits
 cheri usage
@@ -30,19 +35,40 @@ cheri usage
 
 ## Commands
 
+### AI Agent
 | Command | Description |
 |---|---|
-| `cheri login` | Authenticate with GitHub |
+| `cheri agent <task>` | Start AI coding agent for a task |
+| `cheri agent -i` | Interactive agent mode |
+| `cheri agent -r <session-id>` | Resume a previous session |
+
+### Account & Authentication
+| Command | Description |
+|---|---|
+| `cheri login` | Authenticate with GitHub (auto-initializes workspace) |
 | `cheri status` | Show account and workspace status |
 | `cheri usage` | Show API usage and rate limit status |
+| `cheri stats` | Show token usage statistics and costs |
+
+### Workspaces
+| Command | Description |
+|---|---|
 | `cheri workspace launch <repo>` | Launch a new cloud workspace |
 | `cheri workspace list` | List all workspaces |
 | `cheri workspace stop <id>` | Stop a running workspace |
 | `cheri workspace status <id>` | Get workspace status |
+
+### Memory
+| Command | Description |
+|---|---|
 | `cheri memory show` | Show current memory entries |
 | `cheri memory add <text>` | Add a memory entry |
 | `cheri memory clear` | Clear all memory |
 | `cheri memory export` | Export memory to JSON |
+
+### Configuration
+| Command | Description |
+|---|---|
 | `cheri config list` | Show all configuration |
 | `cheri config get <key>` | Get a config value |
 | `cheri config set <key> <value>` | Set a config value |
@@ -60,6 +86,26 @@ $ cheri
 🍒 cheri > exit
 ```
 
+## Token Limits & Costs
+
+### Per Session (Chat)
+- **Max Tokens**: 1,000,000 tokens per chat
+- **Auto-Compact**: Triggers at 900K tokens (90%)
+- **Force Compact**: Triggers at 1M tokens (100%)
+
+### Monthly Limits
+| Plan | Sessions | Tokens/Month | Max Cost/Month |
+|---|---|---|---|
+| Free | 10 | 10M tokens | ~$90 |
+| Pro | 100 | 100M tokens | ~$900 |
+
+### Pricing (AWS Bedrock Claude Sonnet 4)
+- **Input**: $3.00 per 1M tokens
+- **Output**: $15.00 per 1M tokens
+- **Max per chat**: ~$9.00 (at 1M tokens, 50/50 split)
+
+Use `cheri stats` to check your current token usage and costs.
+
 ## Rate Limits
 
 | Plan | Limit |
@@ -77,12 +123,6 @@ Config is stored in `~/.cheri/`. Set the API URL if self-hosting:
 cheri config set apiUrl https://your-instance.example.com
 ```
 
-## Links
-
-- [Cheri Cloud IDE](https://cheri.heysalad.app)
-- [Dashboard](https://cheri.heysalad.app/dashboard)
-- [GitHub](https://github.com/chilu18/cloud-ide)
-
 ## 🔗 Links
 
 - **Homepage**: [cheri.heysalad.app](https://cheri.heysalad.app)

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "@heysalad/cheri-cli",
-  "version": "1.2.1",
-  "description": "Cheri CLI - AI-powered cloud IDE by HeySalad®. Like Claude Code, but for cloud workspaces. Now with beautiful animations and enhanced UI!",
+  "version": "1.3.1",
+  "description": "Cheri CLI - AI-powered cloud IDE by HeySalad®. With token-tracked sessions, predictable AI costs, and automatic workspace management.",
   "type": "module",
   "bin": {
     "cheri": "./bin/cheri.js"

package/src/commands/agent.js

@@ -50,6 +50,9 @@ const CLOUD_TOOLS = [
   { name: "get_usage", description: "Get the user's API usage and rate limit statistics", parameters: { type: "object", properties: {}, required: [] } },
   { name: "get_config", description: "Get a configuration value by key (dot notation supported)", parameters: { type: "object", properties: { key: { type: "string", description: "Config key, e.g. 'ai.provider'" } }, required: ["key"] } },
   { name: "set_config", description: "Set a configuration value", parameters: { type: "object", properties: { key: { type: "string", description: "Config key" }, value: { type: "string", description: "Value to set" } }, required: ["key", "value"] } },
+  { name: "get_workspace_stats", description: "Get token usage statistics for your workspace (monthly usage, limits, costs)", parameters: { type: "object", properties: {}, required: [] } },
+  { name: "list_sessions", description: "List recent chat sessions with token tracking", parameters: { type: "object", properties: {}, required: [] } },
+  { name: "get_session_cost", description: "Get detailed token usage and cost estimate for a specific session", parameters: { type: "object", properties: { sessionId: { type: "string", description: "Session ID to query" } }, required: ["sessionId"] } },
 ];
 
 // ── Agent meta-tools ────────────────────────────────────────────────────────
@@ -99,6 +102,9 @@ async function executeCloudTool(name, args) {
         setConfigValue(args.key, args.value);
         return { key: args.key, value: args.value, status: "updated" };
       }
+      case "get_workspace_stats": return await apiClient.getWorkspaceStats();
+      case "list_sessions": return await apiClient.listSessions();
+      case "get_session_cost": return await apiClient.getSessionCost(args.sessionId);
       default: return { error: `Unknown cloud tool: ${name}` };
     }
   } catch (err) {
@@ -175,7 +181,7 @@ async function executeLocalToolEnhanced(name, args) {
 // ── Main tool execution with approval + hooks + permissions ───────────────────
 let sessionAutoApprove = false;
 
-async function executeTool(name, args, orchestrator, allTools, parseSSE, mcpManager) {
+async function executeTool(name, args, orchestrator, allTools, parseSSE, mcpManager, skipApproval = false) {
   // Permission rules check
   const permission = checkPermission(name, args);
   if (permission === "deny") return { error: `Tool ${name} is denied by permission rules` };
@@ -206,7 +212,9 @@ async function executeTool(name, args, orchestrator, allTools, parseSSE, mcpMana
   }
 
   // Local tools — enhanced approval system
-  if (!sessionAutoApprove) {
+  // Note: For tools executed via executeOne in agent loop, approval is handled
+  // BEFORE spinner creation to avoid blocking terminal. This is a fallback.
+  if (!sessionAutoApprove && !skipApproval) {
     const decision = shouldApprove(name, args);
     if (decision === "deny") return { error: "Denied by approval policy" };
     if (decision === "ask" || decision === "suggest") {
@@ -280,6 +288,51 @@ async function* parseSSEStream(response) {
   }
 }
 
+// ── Upfront permission request ────────────────────────────────────────────────
+async function requestUpfrontPermissions(userRequest) {
+  const approvalMode = getApprovalMode();
+
+  // Skip if in auto mode or already auto-approved this session
+  if (approvalMode === "auto" || sessionAutoApprove) {
+    return true;
+  }
+
+  // Check if request likely involves write operations
+  const writeKeywords = ['build', 'create', 'make', 'write', 'add', 'implement', 'generate', 'fix', 'update', 'modify', 'delete', 'install', 'setup'];
+  const hasWriteIntent = writeKeywords.some(kw => userRequest.toLowerCase().includes(kw));
+
+  if (!hasWriteIntent) {
+    return true; // No write operations expected, proceed
+  }
+
+  // Show upfront permission request
+  console.log("");
+  log.info("This task may require file modifications and command execution.");
+  console.log("");
+
+  return new Promise((resolve) => {
+    const rl = readline.createInterface({ input: process.stdin, output: process.stdout });
+    rl.question(
+      chalk.yellow(`  Grant permissions for this session? ${chalk.dim("[Y]es, [n]o, [a]lways")} `),
+      (answer) => {
+        rl.close();
+        const a = answer.trim().toLowerCase();
+        if (a === "a" || a === "always") {
+          sessionAutoApprove = true;
+          log.success("Auto-approve enabled for this session");
+          resolve(true);
+        } else if (a === "n" || a === "no") {
+          log.warn("Permissions denied");
+          resolve(false);
+        } else {
+          log.success("Permissions granted - will ask before risky operations");
+          resolve(true);
+        }
+      }
+    );
+  });
+}
+
 // ── Active session state ──────────────────────────────────────────────────────
 let currentSession = null;
 
@@ -291,6 +344,13 @@ export async function runAgent(userRequest, options = {}) {
   const memoryContext = getMemoryContext();
   const skillContext = getSkillContext(plugins.skills, userRequest);
 
+  // Request upfront permissions if needed
+  const hasPermission = await requestUpfrontPermissions(userRequest);
+  if (!hasPermission) {
+    log.error("Task cancelled - permissions denied");
+    return;
+  }
+
   // Create provider (defaults to Cheri cloud which uses AWS Bedrock)
   const providerName = getConfigValue("agent.provider") || getConfigValue("ai.provider") || "cheri";
   let provider;
@@ -561,7 +621,26 @@ export async function runAgent(userRequest, options = {}) {
         const isMcp = mcpManager.isMcpTool(tc.name);
         const isLocal = !CLOUD_TOOL_NAMES.has(tc.name) && !AGENT_TOOL_NAMES.has(tc.name) && !isMcp;
 
-        // Create animated panel for this tool execution
+        // Check if approval is needed BEFORE creating spinner
+        let needsApproval = false;
+        if (isLocal && !sessionAutoApprove) {
+          const decision = shouldApprove(tc.name, input);
+          if (decision === "ask" || decision === "suggest") {
+            needsApproval = true;
+
+            // Get approval WITHOUT spinner running
+            const approved = await promptApproval(tc.name, input, decision);
+            if (approved === "auto") {
+              sessionAutoApprove = true;
+            } else if (!approved) {
+              return { id: tc.id, result: { error: "User denied execution" } };
+            }
+          } else if (decision === "deny") {
+            return { id: tc.id, result: { error: "Denied by approval policy" } };
+          }
+        }
+
+        // Create animated panel for this tool execution (AFTER approval)
         const panel = new ToolPanel(tc.name, input);
 
         // Command safety label for run_command
@@ -571,7 +650,8 @@ export async function runAgent(userRequest, options = {}) {
           panel.update(`running ${safetyLabel}`);
         }
 
-        const result = await executeTool(tc.name, input, orchestrator, ALL_TOOLS, parseSSEStream, mcpManager);
+        // Skip approval in executeTool since we already handled it above
+        const result = await executeTool(tc.name, input, orchestrator, ALL_TOOLS, parseSSEStream, mcpManager, needsApproval);
 
         // Determine result message based on tool type
         let resultMsg = '';

package/src/commands/login.js

@@ -63,6 +63,16 @@ export async function loginFlow() {
     log.blank();
     log.success(`Logged in as ${chalk.cyan(me.ghLogin || me.userId)}`);
     log.keyValue("Plan", me.plan === "pro" ? chalk.green("Pro") : "Free");
+
+    // Initialize workspace for token tracking
+    try {
+      await apiClient.initWorkspace();
+      log.dim("✓ Workspace initialized with token tracking");
+    } catch (workspaceErr) {
+      // Workspace init is non-critical, just log it
+      log.dim(`⚠ Workspace init skipped: ${workspaceErr.message}`);
+    }
+
     log.blank();
     log.tip("Using Cheri cloud service (AWS Bedrock). Run 'cheri agent' to start coding!");
   } catch (err) {

package/src/lib/api-client.js

@@ -128,4 +128,42 @@ export const apiClient = {
   async getModels() {
     return request("/api/chat/models");
   },
+
+  // Token-Tracked Workspaces & Sessions
+  async initWorkspace() {
+    return request("/api/workspace/init", { method: "POST" });
+  },
+
+  async createSession() {
+    return request("/api/workspace/session/create", { method: "POST" });
+  },
+
+  async listSessions() {
+    return request("/api/workspace/sessions");
+  },
+
+  async getSession(sessionId) {
+    return request(`/api/workspace/session/${encodeURIComponent(sessionId)}`);
+  },
+
+  async getWorkspaceStats() {
+    return request("/api/workspace/stats");
+  },
+
+  async addSessionMessage(sessionId, role, content, tokens = null) {
+    return request(`/api/session/${encodeURIComponent(sessionId)}/message`, {
+      method: "POST",
+      body: JSON.stringify({ role, content, tokens }),
+    });
+  },
+
+  async getSessionCost(sessionId) {
+    return request(`/api/session/${encodeURIComponent(sessionId)}/cost`);
+  },
+
+  async compactSession(sessionId) {
+    return request(`/api/session/${encodeURIComponent(sessionId)}/compact`, {
+      method: "POST",
+    });
+  },
 };