@lumoai/cli 1.5.0 → 1.6.0

package/dist/cli/src/lib/hook-runner.js

@@ -6,6 +6,8 @@ exports.runHookWithBody = runHookWithBody;
 const config_1 = require("./config");
 const api_1 = require("./api");
 const hook_log_1 = require("./hook-log");
+const sanitize_1 = require("./sanitize");
+const agent_1 = require("./agent");
 /**
  * Hard timeout for the hook POST. On timeout the request is aborted,
  * logged, and `runHook` exits 0 — Claude Code is never blocked beyond
@@ -49,16 +51,40 @@ function readStdin() {
 }
 /**
  * Build the array of stdout lines to emit for a given hook path + response
- * body. Returns an empty array for any path other than 'session-start'.
+ * body. Returns an empty array for any path that emits nothing.
  *
  * For 'session-start' the array contains:
  *   [0] plain-text bind/unbound status line (always present when taskBinding exists)
- *   [1] (optional) hookSpecificOutput JSON when memorySection is a non-empty string
+ *   [1] (optional) hookSpecificOutput JSON when there is any additionalContext —
+ *       the memory section and the PR-review-todos section, concatenated.
  *
- * The JSON on line [1] conforms to Claude Code's hookSpecificOutput envelope so
- * the runtime injects additionalContext into the conversation automatically.
+ * For 'pre-tool-use' the array contains:
+ *   [0] (optional) a PreToolUse hookSpecificOutput JSON carrying the parallel-
+ *       edit collision warning as additionalContext, when the server returned a
+ *       `collisionWarning` (LUM-150 step ③). Empty otherwise.
+ *
+ * The JSON lines conform to Claude Code's hookSpecificOutput envelope so the
+ * runtime injects additionalContext into the conversation automatically.
  */
 function formatHookStdoutLines(path, responseBody) {
+    if (path === 'pre-tool-use') {
+        if (responseBody == null || typeof responseBody !== 'object')
+            return [];
+        const warning = responseBody
+            .collisionWarning;
+        if (typeof warning !== 'string' || warning === '')
+            return [];
+        return [
+            JSON.stringify({
+                hookSpecificOutput: {
+                    hookEventName: 'PreToolUse',
+                    // Server-built text routed back to stdout — sanitize untrusted free
+                    // text before Claude Code consumes it (ANSI/control-char injection).
+                    additionalContext: (0, sanitize_1.sanitizeField)(warning),
+                },
+            }),
+        ];
+    }
     if (path !== 'session-start')
         return [];
     if (responseBody == null || typeof responseBody !== 'object')
@@ -70,16 +96,19 @@ function formatHookStdoutLines(path, responseBody) {
     const sessionId = body.sessionId;
     const tb = body.taskBinding;
     if (tb && tb.bound === true) {
-        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${tb.taskTitle}`);
+        lines.push(`[Lumo] session_id=${sessionId} | 当前任务: ${tb.taskIdentifier} - ${(0, sanitize_1.sanitizeField)(tb.taskTitle ?? '')}`);
     }
     else if (tb && tb.bound === false) {
         lines.push(`[Lumo] session_id=${sessionId} | 当前未绑定任务。请告诉我你要处理的任务编号（如 LUM-42），或说"跳过"。`);
     }
-    if (typeof body.memorySection === 'string' && body.memorySection !== '') {
+    // Memory + PR-review todos share one additionalContext block so Claude Code
+    // injects a single coherent context payload at session start.
+    const contextParts = [body.memorySection, body.reviewTodosSection].filter((s) => typeof s === 'string' && s !== '');
+    if (contextParts.length > 0) {
         lines.push(JSON.stringify({
             hookSpecificOutput: {
                 hookEventName: 'SessionStart',
-                additionalContext: body.memorySection,
+                additionalContext: contextParts.join('\n\n'),
             },
         }));
     }
@@ -92,16 +121,16 @@ function formatHookStdoutLines(path, responseBody) {
  *
  * This function NEVER throws and NEVER rejects.
  */
-async function runHook(path) {
+async function runHook(path, agentToken) {
     const body = await readStdin();
-    return runHookWithBody(path, body);
+    return runHookWithBody(path, body, agentToken);
 }
 /**
  * Test-friendly worker. Takes the hook body as an argument so tests can
  * exercise the side-effect logic without poking process.stdin. Production
  * code always goes through `runHook`, which feeds it real stdin.
  */
-async function runHookWithBody(path, body) {
+async function runHookWithBody(path, body, agentToken) {
     try {
         const creds = (0, config_1.readCredentials)();
         if (!creds) {
@@ -111,27 +140,43 @@ async function runHookWithBody(path, body) {
         // Allow `LUMO_API_URL` to override the baked-in creds.apiUrl for
         // redirecting hooks at dev-env switch without re-running `lumo auth
         // login`. The bearer token from creds.json is still used as-is.
-        const envUrl = process.env.LUMO_API_URL?.trim();
-        const apiUrl = envUrl && envUrl.length > 0 ? envUrl : creds.apiUrl;
+        // An insecure override (non-https, non-localhost) throws here and is
+        // caught by the outer try/catch → logged, POST skipped, hook still exits 0.
+        // The host-mismatch warning goes to hook.log (never stdout, which would
+        // pollute Claude Code).
+        const apiUrl = (0, api_1.resolveAuthedApiUrl)(creds.apiUrl, {
+            warn: message => (0, hook_log_1.logHookError)(`[${path}]`, message),
+        });
         const url = `${(0, api_1.trimTrailingSlash)(apiUrl)}/api/hooks/${path}`;
         const controller = new AbortController();
         const timer = setTimeout(() => controller.abort(), TIMEOUT_MS);
+        // Tell the server which coding agent produced this hook. The token is
+        // baked into the hook command at `lumo setup --agent <token>`; we send
+        // the normalized enum so the server can record it on the session. An
+        // unrecognized/absent token is dropped — the server then falls back to
+        // its default (CLAUDE_CODE).
+        const headers = {
+            'Content-Type': 'application/json',
+            Authorization: `Bearer ${creds.token}`,
+        };
+        const agentEnum = agentToken ? (0, agent_1.normalizeAgent)(agentToken) : null;
+        if (agentEnum)
+            headers['X-Lumo-Agent'] = agentEnum;
         try {
             const res = await fetch(url, {
                 method: 'POST',
-                headers: {
-                    'Content-Type': 'application/json',
-                    Authorization: `Bearer ${creds.token}`,
-                },
+                headers,
                 body: body || '{}',
                 signal: controller.signal,
             });
             if (!res.ok) {
                 (0, hook_log_1.logHookError)(`[${path}]`, `HTTP ${res.status} from ${url}`);
             }
-            else if (path === 'session-start') {
-                // Per-hook side effects fire only after a 2xx response so a transient
-                // server failure doesn't desync local state from server state.
+            else if (path === 'session-start' || path === 'pre-tool-use') {
+                // Paths that turn the response body into stdout for Claude Code:
+                //   session-start → bind status + injected context
+                //   pre-tool-use  → parallel-edit collision warning (LUM-150 ③)
+                // Only after a 2xx so a transient server failure emits nothing.
                 try {
                     const responseBody = await res.json();
                     for (const line of formatHookStdoutLines(path, responseBody)) {

package/dist/cli/src/lib/hooks-template.js

@@ -35,35 +35,80 @@ exports.LUMO_HOOK_EVENTS = [
     ['CwdChanged', 'cwd-changed'],
     ['InstructionsLoaded', 'instructions-loaded'],
 ];
+/** Default agent token baked into the hook commands when none is given. */
+const DEFAULT_AGENT_TOKEN = 'claude-code';
+/**
+ * A hook command belongs to Lumo when it is exactly `lumo hook <slug>` or
+ * carries trailing flags (`lumo hook <slug> --agent codex`). We match on the
+ * prefix so a re-run can recognize — and rewrite — an entry baked with a
+ * different (or no) `--agent` token.
+ */
+function isLumoHookCommand(command, slug) {
+    return (command === `lumo hook ${slug}` || command.startsWith(`lumo hook ${slug} `));
+}
 // Build the settings.json fragment we want to install. We do not use a
 // matcher because the Lumo hook handlers ingest every event of a given type;
 // adding a matcher would silently drop events that have no `tool_name` (e.g.
 // SessionStart). Keep this in step with cli/src/commands/hook.ts dispatch.
-function buildLumoHookFragment() {
+//
+// `agentToken` is baked into every command (`lumo hook <slug> --agent
+// <token>`) so the hook tells the server which coding agent owns the session.
+function buildLumoHookFragment(agentToken = DEFAULT_AGENT_TOKEN) {
     const hooks = {};
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
         hooks[event] = [
-            { hooks: [{ type: 'command', command: `lumo hook ${slug}` }] },
+            {
+                hooks: [
+                    {
+                        type: 'command',
+                        command: `lumo hook ${slug} --agent ${agentToken}`,
+                    },
+                ],
+            },
         ];
     }
     return { hooks };
 }
-function mergeLumoHooks(existing) {
+function mergeLumoHooks(existing, agentToken = DEFAULT_AGENT_TOKEN) {
     const base = existing
         ? JSON.parse(JSON.stringify(existing))
         : {};
     if (!base.hooks)
         base.hooks = {};
-    const stats = { addedEvents: [], alreadyPresent: [] };
+    const stats = {
+        addedEvents: [],
+        alreadyPresent: [],
+        updatedEvents: [],
+    };
     for (const [event, slug] of exports.LUMO_HOOK_EVENTS) {
-        const ourCmd = `lumo hook ${slug}`;
+        const ourCmd = `lumo hook ${slug} --agent ${agentToken}`;
         const groups = base.hooks[event] ?? [];
-        const present = groups.some(g => Array.isArray(g.hooks) && g.hooks.some(h => h.command === ourCmd));
-        if (present) {
+        let exact = false;
+        let rewritten = false;
+        for (const g of groups) {
+            if (!Array.isArray(g.hooks))
+                continue;
+            for (const h of g.hooks) {
+                if (h.command === ourCmd) {
+                    exact = true;
+                }
+                else if (isLumoHookCommand(h.command, slug)) {
+                    // legacy flagless or a different agent token — bring it up to date
+                    h.command = ourCmd;
+                    rewritten = true;
+                }
+            }
+        }
+        if (exact) {
             stats.alreadyPresent.push(event);
             base.hooks[event] = groups;
             continue;
         }
+        if (rewritten) {
+            stats.updatedEvents.push(event);
+            base.hooks[event] = groups;
+            continue;
+        }
         base.hooks[event] = [
             ...groups,
             { hooks: [{ type: 'command', command: ourCmd }] },

package/dist/cli/src/lib/memory-content.js

@@ -1,9 +1,10 @@
 "use strict";
-// Category/field metadata + builders for the `lumo memory` commands.
-// Mirrors the four content shapes validated server-side by parseMemoryContent.
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.buildMemoryContent = buildMemoryContent;
 exports.formatMemoryList = formatMemoryList;
+// Category/field metadata + builders for the `lumo memory` commands.
+// Mirrors the four content shapes validated server-side by parseMemoryContent.
+const sanitize_1 = require("./sanitize");
 const trimmed = (v) => (v ?? '').trim();
 /**
  * Validate the per-category flags and assemble { category, content }. Required
@@ -69,7 +70,7 @@ function headline(category, content) {
             : category === 'CONVENTION' ? 'rule'
                 : 'workflow';
     const v = c[key];
-    return typeof v === 'string' && v.length > 0 ? v : '(unparseable)';
+    return typeof v === 'string' && v.length > 0 ? (0, sanitize_1.sanitizeField)(v) : '(unparseable)';
 }
 /** Fixed-width rows: id  SCOPE  CATEGORY  headline  source(auto|manual). */
 function formatMemoryList(rows) {

package/dist/cli/src/lib/path-guard.js

@@ -0,0 +1,125 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.matchSensitiveName = matchSensitiveName;
+exports.checkArtifactFilePath = checkArtifactFilePath;
+const fs = __importStar(require("fs"));
+const path = __importStar(require("path"));
+const SENSITIVE_SEGMENTS = ['.ssh', '.aws', '.gnupg'];
+const SENSITIVE_BASENAMES = [
+    'id_rsa',
+    'id_dsa',
+    'id_ecdsa',
+    'id_ed25519',
+    'credentials',
+    '.npmrc',
+    '.netrc',
+    '.pgpass',
+    '.htpasswd',
+];
+const SENSITIVE_EXTENSIONS = ['.pem', '.key', '.pfx', '.p12'];
+/**
+ * Pure denylist check. Returns a human-readable reason when the path looks
+ * like a secret, or null when it is acceptable. Matches the basename
+ * (case-insensitive) and path segments; no filesystem access.
+ */
+function matchSensitiveName(p) {
+    const segments = p.split(/[\\/]+/).filter(Boolean);
+    for (const seg of segments) {
+        if (SENSITIVE_SEGMENTS.includes(seg.toLowerCase())) {
+            return `path contains ${seg}`;
+        }
+    }
+    const base = (segments[segments.length - 1] ?? '').toLowerCase();
+    if (base === '.env' || base.startsWith('.env.'))
+        return 'matches .env';
+    if (SENSITIVE_BASENAMES.includes(base))
+        return `matches ${base}`;
+    for (const ext of SENSITIVE_EXTENSIONS) {
+        if (base.endsWith(ext))
+            return `matches *${ext}`;
+    }
+    return null;
+}
+/**
+ * Decide whether `rawPath` is safe to read and upload as an artifact body.
+ * Two layers: (1) it must resolve to a real path inside the project directory
+ * (cwd), and (2) neither the raw nor the canonical path may match the
+ * sensitive-filename denylist. realpath defeats symlinks that escape the tree.
+ * NOTE: there is a TOCTOU window between this check and the caller's read;
+ * the caller reads the returned canonical `resolved` path to narrow it.
+ */
+function checkArtifactFilePath(rawPath, deps) {
+    const cwd = deps?.cwd ?? process.cwd;
+    const realpath = deps?.realpath ?? fs.realpathSync;
+    // 1. Fail fast on the raw path (no fs access).
+    const rawHit = matchSensitiveName(rawPath);
+    if (rawHit)
+        return { ok: false, reason: 'sensitive', detail: rawHit };
+    const root = cwd();
+    const absolute = path.resolve(root, rawPath);
+    // 2. Canonicalize. realpath throws if the path does not exist / is unreadable.
+    let resolved;
+    let rootReal;
+    try {
+        resolved = realpath(absolute);
+        rootReal = realpath(root);
+    }
+    catch {
+        return { ok: false, reason: 'unreadable', detail: 'path does not resolve' };
+    }
+    // 3. Re-check the denylist on the canonical path (catches innocent-looking
+    //    symlinks pointing at a secret).
+    const canonHit = matchSensitiveName(resolved);
+    if (canonHit)
+        return { ok: false, reason: 'sensitive', detail: canonHit };
+    // The path must be a file inside the project, not the project root itself.
+    if (resolved === rootReal) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'path resolves to the project root, not a file',
+        };
+    }
+    // 4. Confinement: the canonical path must be inside the project root.
+    if (resolved !== rootReal && !resolved.startsWith(rootReal + path.sep)) {
+        return {
+            ok: false,
+            reason: 'outside-project',
+            detail: 'resolves outside project directory',
+        };
+    }
+    return { ok: true, resolved };
+}

package/dist/cli/src/lib/progress-comment-api.js

@@ -0,0 +1,47 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.fetchProgressDraft = fetchProgressDraft;
+exports.postProgressComment = postProgressComment;
+const api_1 = require("./api");
+function base(creds) {
+    return (0, api_1.trimTrailingSlash)((0, api_1.resolveAuthedApiUrl)(creds.apiUrl));
+}
+/** GET the unposted progress draft for the session. Throws on transport / non-200. */
+async function fetchProgressDraft(creds, sessionId) {
+    const url = `${base(creds)}/api/sessions/${encodeURIComponent(sessionId)}/turn-summaries`;
+    const res = await fetch(url, {
+        headers: { Authorization: `Bearer ${creds.token}` },
+    });
+    if (res.status === 401)
+        throw new Error('API key invalid or revoked. Run `lumo auth login`.');
+    if (!res.ok)
+        throw new Error(`progress draft fetch failed (HTTP ${res.status})`);
+    return (await res.json());
+}
+/** POST the (possibly edited) body + watermark. Throws the server message on non-201. */
+async function postProgressComment(creds, sessionId, payload) {
+    const url = `${base(creds)}/api/sessions/${encodeURIComponent(sessionId)}/progress-comment`;
+    const res = await fetch(url, {
+        method: 'POST',
+        headers: {
+            Authorization: `Bearer ${creds.token}`,
+            'Content-Type': 'application/json',
+        },
+        body: JSON.stringify(payload),
+    });
+    if (res.status === 401)
+        throw new Error('API key invalid or revoked. Run `lumo auth login`.');
+    if (res.status !== 201) {
+        let serverMsg = null;
+        try {
+            const errBody = (await res.json());
+            if (typeof errBody.error === 'string')
+                serverMsg = errBody.error;
+        }
+        catch {
+            // body wasn't JSON
+        }
+        throw new Error(serverMsg ?? `progress comment failed (HTTP ${res.status})`);
+    }
+    return (await res.json());
+}

package/dist/cli/src/lib/resolve-doc-id.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.lookupDocId = lookupDocId;
 const api_1 = require("./api");
 const resolve_doc_1 = require("./resolve-doc");
+const sanitize_1 = require("./sanitize");
 /**
  * Resolve a user-typed doc reference (cuid OR case-insensitive title) to a
  * document id. Fetches GET /api/documents to perform a title lookup when
@@ -25,7 +26,7 @@ async function lookupDocId(apiUrl, token, reference) {
     if (result.kind === 'ambiguous') {
         console.error(`Error: title "${reference}" matches ${result.candidates.length} docs:`);
         for (const c of result.candidates) {
-            console.error(`  ${c.id}  ${c.title}`);
+            console.error(`  ${c.id}  ${(0, sanitize_1.sanitizeField)(c.title)}`);
         }
         console.error('Re-run with the cuid.');
         return null;

package/dist/cli/src/lib/resolve-member.js

@@ -3,6 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.fetchMembers = fetchMembers;
 exports.resolveMember = resolveMember;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 /**
  * Fetch the workspace member directory once. Used by doc-share commands to
  * resolve a free-form member ref → memberId locally, because the document
@@ -16,7 +17,7 @@ async function fetchMembers(apiUrl, token) {
     });
     if (!res.ok) {
         const text = await res.text();
-        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${text}`);
+        throw new Error(`failed to load members (${res.status} ${res.statusText}): ${(0, sanitize_1.sanitizeField)(text)}`);
     }
     const body = (await res.json());
     return body.members.map(m => ({

package/dist/cli/src/lib/sanitize.js

@@ -0,0 +1,17 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sanitizeField = sanitizeField;
+// Matches C0 control chars EXCEPT tab (\x09) and newline (\x0a), DEL (\x7f),
+// and the C1 control range (\x80-\x9f). Includes ESC (\x1b) and the 8-bit CSI
+// introducer (\x9b) — both ANSI escape-sequence injection vectors. U+0080-U+009F
+// are never legitimate visible text, so stripping them is safe.
+const CONTROL_CHARS = /[\x00-\x08\x0b-\x1f\x7f-\x9f]/g;
+/**
+ * Strip terminal control characters from untrusted, server-returned fields
+ * before printing them, to prevent ANSI escape-sequence injection. Tab and
+ * newline are preserved so fixed-width tables and multi-line bodies render
+ * correctly. Callers handle optional values, e.g. `sanitizeField(name ?? '')`.
+ */
+function sanitizeField(value) {
+    return value.replace(CONTROL_CHARS, '');
+}

package/dist/cli/src/lib/tag-resolver.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.resolveTagRefs = resolveTagRefs;
 const api_1 = require("./api");
+const sanitize_1 = require("./sanitize");
 async function resolveTagRefs(refs, deps) {
     const fetchImpl = deps.fetchImpl ?? fetch;
     // Trim + reject empty
@@ -36,7 +37,7 @@ async function resolveTagRefs(refs, deps) {
         });
         if (!res.ok) {
             const body = await res.text();
-            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${body}`);
+            throw new Error(`tag resolve failed: ${res.status} ${res.statusText}: ${(0, sanitize_1.sanitizeField)(body)}`);
         }
         const json = (await res.json());
         nameIds = json.tags.map(t => t.id);

package/dist/cli/src/lib/update-check.js

@@ -40,10 +40,10 @@ exports.maybeRefreshInBackground = maybeRefreshInBackground;
 exports.runBackgroundRefresh = runBackgroundRefresh;
 const fs = __importStar(require("fs"));
 const path = __importStar(require("path"));
-const os = __importStar(require("os"));
 const https = __importStar(require("https"));
 const child_process_1 = require("child_process");
-const CACHE_FILE = path.join(process.env.LUMO_CONFIG_DIR || path.join(os.homedir(), '.lumo'), 'update-check.json');
+const config_1 = require("./config");
+const CACHE_FILE = path.join((0, config_1.configDir)(), 'update-check.json');
 const CHECK_INTERVAL_MS = 1000 * 60 * 60 * 24;
 function readCache() {
     try {

package/dist/cli/src/lib/wrap-panel.js

@@ -0,0 +1,15 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.runWrapPanel = runWrapPanel;
+/** Run each section in order; print its title, prepare, then run if it has content. */
+async function runWrapPanel(sections, opts) {
+    for (const section of sections) {
+        process.stdout.write(`\n━━ ${section.title} ━━\n`);
+        const hasContent = await section.prepare();
+        if (!hasContent) {
+            process.stdout.write('(无内容)\n');
+            continue;
+        }
+        await section.run(opts);
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@lumoai/cli",
-  "version": "1.5.0",
+  "version": "1.6.0",
   "description": "Lumo CLI — manage tasks and sessions from the terminal",
   "license": "MIT",
   "author": "cli@uselumo.ai",