@meowlynxsea/koi 0.1.0

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@meowlynxsea/koi",
+  "version": "0.1.0",
+  "description": "A coding agent built on Pi SDK with TUI + Bun runtime",
+  "module": "src/main.tsx",
+  "type": "module",
+  "license": "GPL-3.0-only",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/meowlynxsea/koi"
+  },
+  "files": ["dist", "bin", "src", "NOTICE"],
+  "scripts": {
+    "dev": "bun run src/main.tsx",
+    "build": "bun build src/main.tsx --outdir dist --target bun",
+    "check": "tsc --noEmit",
+    "lint": "eslint src/",
+    "lint:fix": "eslint src/ --fix"
+  },
+  "bin": {
+    "koi": "./bin/koi"
+  },
+  "devDependencies": {
+    "@types/bun": "latest",
+    "@types/react": "^19.2.14",
+    "@types/turndown": "^5.0.6",
+    "eslint": "^10.3.0",
+    "globals": "^17.6.0",
+    "typescript": "^5",
+    "typescript-eslint": "^8.59.2"
+  },
+  "dependencies": {
+    "@mariozechner/pi-agent-core": "0.73.0",
+    "@mariozechner/pi-ai": "0.73.0",
+    "@mariozechner/pi-coding-agent": "0.73.0",
+    "@mariozechner/pi-tui": "0.73.0",
+    "@modelcontextprotocol/sdk": "1.29.0",
+    "@opentui-ui/dialog": "latest",
+    "@opentui/core": "latest",
+    "@opentui/react": "latest",
+    "@types/diff": "^8.0.0",
+    "axios": "^1.16.0",
+    "bun": "^1.3.12",
+    "commander": "^14.0.3",
+    "diff": "^9.0.0",
+    "fast-glob": "^3.3.3",
+    "jimp": "^1.6.1",
+    "react": "^19.2.6",
+    "turndown": "^7.2.4"
+  }
+}

package/src/agent/check-permissions.ts

@@ -0,0 +1,239 @@
+/**
+ * Permission Checker — 权限检查器
+ *
+ * Supports three decisions per tool call:
+ *   allow → proceed with execution
+ *   deny  → return an error tool result immediately
+ *   ask   → show a confirmation modal and wait for user input
+ */
+
+import { statSync } from "fs";
+import { isPreapprovedDomain, isDangerousHost } from "../tools/webfetch-domains.js";
+
+export type PermissionDecision = "allow" | "deny" | "ask";
+
+export interface PermissionRule {
+  /** Match specific tool name, or omit to match all */
+  toolName?: string;
+  /** Regex to match against stringified args (e.g. command string) */
+  pattern?: RegExp;
+  /** Deny specific file paths (absolute or relative) */
+  denyPaths?: string[];
+  /** Result of this rule */
+  decision: PermissionDecision;
+  reason?: string;
+}
+
+export interface PermissionCheckResult {
+  decision: PermissionDecision;
+  reason?: string;
+}
+
+/**
+ * Static Rule Data
+ *
+ * DANGEROUS_BASH_PATTERNS: commands that can destroy data or rewrite git history.
+ * BLOCKED_PATHS: device/special files that should never be read or written.
+ * SENSITIVE_FILE_PATTERNS: credentials, keys, env files — editing them requires confirmation.
+ * Tool sets are grouped as constants so the default/fallback logic stays readable.
+ */
+
+const DANGEROUS_BASH_PATTERNS = [
+  /\brm\s+-(rf|fr|r\s+f|f\s+r)\b/i,
+  /\bgit\s+reset\s+--hard\b/i,
+  /\bgit\s+push\s+--force\b/i,
+  /\bgit\s+clean\s+-[fd]\b/i,
+  /\bgit\s+checkout\s+--\s+\.\b/i,
+  /\bgit\s+restore\s+--\s+\.\b/i,
+  /\b(git\s+stash\s+drop|git\s+stash\s+clear)\b/i,
+  /\b(git\s+branch\s+-D|git\s+branch\s+--delete)\b/i,
+  /\b(git\s+(commit|push|merge)\s+--no-verify)\b/i,
+  /\b(git\s+commit\s+--amend)\b/i,
+  /\bDROP\s+TABLE\b/i,
+  /\bTRUNCATE\s+TABLE\b/i,
+  /\bDELETE\s+FROM\b/i,
+  /\bkubectl\s+delete\b/i,
+  /\bterraform\s+destroy\b/i,
+];
+
+const BLOCKED_PATHS = [
+  "/dev/zero", "/dev/random", "/dev/urandom", "/dev/full",
+  "/dev/stdin", "/dev/tty", "/dev/console", "/dev/stdout", "/dev/stderr",
+];
+
+const SENSITIVE_FILE_PATTERNS = [
+  /\.env$/i, /\.env\./i, /secret/i, /private.*key/i,
+  /id_rsa/i, /id_ed25519/i, /\.ssh\//i, /credentials/i,
+  /token/i, /password/i,
+];
+
+const ALWAYS_ALLOW_TOOLS = new Set(["taskCreate", "taskGet", "taskList", "taskUpdate"]);
+const PATH_TOOLS = new Set(["read", "bash", "edit", "write"]);
+const DESTRUCTIVE_TOOLS = new Set(["bash", "write"]);
+const WRITE_TOOLS = new Set(["edit", "write"]);
+
+/**
+ * String & Path Helpers
+ *
+ * stringifyArgs normalizes tool arguments so regex rules can match against a plain string.
+ * extractPath is a convenience helper because different tools use "path" vs "file_path" keys.
+ */
+
+export function isDangerousBashCommand(command: string): boolean {
+  return DANGEROUS_BASH_PATTERNS.some((p) => p.test(command));
+}
+
+function stringifyArgs(toolName: string, args: unknown): string {
+  if (typeof args === "string") return args;
+  if (args && typeof args === "object") {
+    const obj = args as Record<string, unknown>;
+    if (toolName === "bash" && typeof obj["command"] === "string") return obj["command"];
+    if (typeof obj["path"] === "string") return obj["path"];
+    if (typeof obj["file_path"] === "string") return obj["file_path"];
+    return JSON.stringify(args);
+  }
+  return String(args);
+}
+
+function matchesBlockedPath(path: string): boolean {
+  const normalized = path.toLowerCase().replace(/\\/g, "/");
+  return BLOCKED_PATHS.some((blocked) => normalized.startsWith(blocked.toLowerCase()));
+}
+
+function isSensitiveFile(path: string): boolean {
+  return SENSITIVE_FILE_PATTERNS.some((p) => p.test(path));
+}
+
+function extractPath(args: unknown): string | undefined {
+  const obj = args as Record<string, unknown> | undefined;
+  if (typeof obj?.["path"] === "string") return obj["path"];
+  if (typeof obj?.["file_path"] === "string") return obj["file_path"];
+  return undefined;
+}
+
+/**
+ * Tool-Specific Checkers
+ *
+ * Each checker returns a PermissionCheckResult when it matches, or null to let the next checker run.
+ * They are evaluated in order (toolCheckers array below) — first match wins.
+ */
+
+type ToolChecker = (toolName: string, args: unknown, argStr: string) => PermissionCheckResult | null;
+
+/** Blocks access to device/special paths (e.g. /dev/zero) for read/bash/edit/write tools. */
+const checkBlockedPaths: ToolChecker = (toolName, args) => {
+  if (!PATH_TOOLS.has(toolName)) return null;
+  const path = extractPath(args);
+  if (path && matchesBlockedPath(path)) {
+    return { decision: "deny", reason: `Access to device/special path blocked: ${path}` };
+  }
+  return null;
+};
+
+/** Flags destructive bash commands (rm -rf, git reset --hard, DROP TABLE, etc.) for confirmation. */
+const checkDangerousBash: ToolChecker = (toolName, _args, argStr) => {
+  if (toolName !== "bash") return null;
+  if (isDangerousBashCommand(argStr)) {
+    return {
+      decision: "ask",
+      reason: `Destructive command detected: "${argStr.trim()}". Confirm to proceed.`,
+    };
+  }
+  return null;
+};
+
+/** Requires confirmation before editing credentials, keys, or .env files. */
+const checkSensitiveFiles: ToolChecker = (toolName, args) => {
+  if (!WRITE_TOOLS.has(toolName)) return null;
+  const path = extractPath(args);
+  if (path && isSensitiveFile(path)) {
+    return { decision: "ask", reason: `Editing sensitive file: ${path}. Confirm to proceed.` };
+  }
+  return null;
+};
+
+/** Asks before reading files larger than 1 GiB (to avoid accidental OOM / long blocks). */
+const checkLargeFileRead: ToolChecker = (toolName, args) => {
+  if (toolName !== "read") return null;
+  const path = extractPath(args);
+  if (!path) return null;
+  try {
+    const stats = statSync(path);
+    if (stats.size > 1024 * 1024 * 1024) {
+      return { decision: "ask", reason: `File is very large (${(stats.size / 1024 / 1024).toFixed(0)} MiB). Confirm to read.` };
+    }
+  } catch {
+    // Don't trigger permission prompt for stat failures (e.g., file not found).
+    // The read tool itself will handle file-not-found errors with a proper error message.
+    return null;
+  }
+  return null;
+};
+
+/** Blocks dangerous hosts (localhost, IPs) and asks for non-preapproved domains. */
+const checkWebFetch: ToolChecker = (_toolName, args) => {
+  const url = (args as Record<string, unknown>)?.["url"];
+  if (typeof url !== "string") return null;
+  try {
+    const parsed = new URL(url);
+    const hostname = parsed.hostname.toLowerCase();
+    if (isDangerousHost(hostname)) {
+      return { decision: "deny", reason: `Access to local/IP/internal host blocked: ${hostname}` };
+    }
+    if (!isPreapprovedDomain(url)) {
+      return { decision: "ask", reason: `Fetching from non-preapproved domain: ${hostname}. Confirm to proceed.` };
+    }
+  } catch {
+    return { decision: "deny", reason: "Invalid URL format" };
+  }
+  return null;
+};
+
+const toolCheckers: ToolChecker[] = [
+  checkBlockedPaths,
+  checkDangerousBash,
+  checkSensitiveFiles,
+  checkLargeFileRead,
+  checkWebFetch,
+];
+
+/**
+ * Main API
+ *
+ * Evaluates toolCheckers in order. If none match:
+ *   • read-only tools → allow
+ *   • destructive tools (bash, write) → ask
+ *   • edit → allow (already vetted by checkSensitiveFiles if needed)
+ */
+
+/**
+ * Check permission for a tool call.
+ *
+ * Rules are evaluated in order; the first matching rule wins.
+ * If no rule matches, destructive tools default to "ask",
+ * read-only tools default to "allow".
+ */
+export function checkPermission(
+  toolName: string,
+  args: unknown,
+  _customRules?: PermissionRule[]
+): PermissionCheckResult {
+  // Task management tools are in-memory only — no permission needed
+  if (ALWAYS_ALLOW_TOOLS.has(toolName)) {
+    return { decision: "allow" };
+  }
+
+  const argStr = stringifyArgs(toolName, args);
+
+  for (const checker of toolCheckers) {
+    const result = checker(toolName, args, argStr);
+    if (result) return result;
+  }
+
+  // Default: read-only allow, destructive ask
+  const isDestructive = DESTRUCTIVE_TOOLS.has(toolName);
+  if (isDestructive) {
+    return { decision: "ask", reason: `${toolName} is a destructive operation. Confirm to proceed.` };
+  }
+  return { decision: "allow" };
+}

package/src/agent/hooks/message-utils.ts

@@ -0,0 +1,305 @@
+/**
+ * Message Utilities
+ *
+ * Pure utility functions for message extraction, transformation, and reconstruction.
+ * These functions are designed to be tree-shakable and independently testable.
+ */
+
+import type { AssistantMessage, UserMessage } from "@mariozechner/pi-ai";
+import type { AgentMessage } from "@mariozechner/pi-agent-core";
+import type { UIMessage } from "../../tui/components/chat-panel.js";
+
+// ============================================================================
+// Types
+// ============================================================================
+
+interface ThinkingBlock {
+  type: "thinking";
+  thinking: string;
+}
+
+export interface CustomPlanMessage {
+  role: "custom";
+  customType: "plan";
+  content: string | unknown[];
+  display: boolean;
+  timestamp: number;
+}
+
+// ============================================================================
+// ID Generation
+// ============================================================================
+
+/**
+ * Generates a collision-resistant ID for UI message keys within a single session.
+ */
+export function generateId(prefix: string): string {
+  return `${prefix}-${Date.now()}-${Math.random().toString(36).slice(2, 7)}`;
+}
+
+// ============================================================================
+// Type Guards
+// ============================================================================
+
+export function isAssistantMessage(msg: unknown): msg is AssistantMessage {
+  return (
+    typeof msg === "object" &&
+    msg !== null &&
+    "role" in msg &&
+    (msg as Record<string, unknown>)["role"] === "assistant"
+  );
+}
+
+export function isUserMessage(msg: unknown): msg is UserMessage {
+  return (
+    typeof msg === "object" &&
+    msg !== null &&
+    "role" in msg &&
+    (msg as Record<string, unknown>)["role"] === "user"
+  );
+}
+
+export function isThinkingBlock(block: { type: string }): block is ThinkingBlock {
+  return block.type === "thinking" && "thinking" in block;
+}
+
+export function isCustomPlanMessage(msg: unknown): msg is CustomPlanMessage {
+  return (
+    typeof msg === "object" &&
+    msg !== null &&
+    "role" in msg &&
+    (msg as unknown as Record<string, unknown>)["role"] === "custom" &&
+    "customType" in msg &&
+    (msg as unknown as Record<string, unknown>)["customType"] === "plan"
+  );
+}
+
+// ============================================================================
+// Content Extraction
+// ============================================================================
+
+export function getUserMessageContent(msg: UserMessage): string {
+  if (typeof msg.content === "string") {
+    return msg.content;
+  }
+  return msg.content
+    .filter((b): b is Extract<typeof b, { type: "text" }> => b.type === "text")
+    .map((b) => b.text)
+    .join("");
+}
+
+export function extractCustomPlanContent(msg: { content: string | unknown[] }): string {
+  if (typeof msg.content === "string") return msg.content;
+  if (Array.isArray(msg.content)) {
+    return msg.content
+      .filter((c): c is { type: "text"; text: string } =>
+        typeof c === "object" && c !== null && "type" in c && (c as unknown as Record<string, unknown>)["type"] === "text"
+      )
+      .map((c) => c.text)
+      .join("");
+  }
+  return "";
+}
+
+export function extractTextAndThinking(msg: AssistantMessage): {
+  text: string;
+  thinking: string;
+} {
+  let text = "";
+  let thinking = "";
+  for (const block of msg.content) {
+    if (block.type === "text") {
+      text += block.text;
+    } else if (isThinkingBlock(block)) {
+      thinking += block.thinking || "";
+    }
+  }
+  return { text, thinking };
+}
+
+// ============================================================================
+// Message State Transformation
+// ============================================================================
+
+/**
+ * Computes the next agent message state during a streaming message_update event.
+ * Tracks thinking start/end timestamps so the UI can show a "Thinking..." spinner
+ * and collapse/expand the reasoning block after generation finishes.
+ */
+export function buildAgentMessageUpdate(
+  prevMsg: UIMessage & { type: "agent" },
+  text: string,
+  thinking: string,
+  assistantEvent?: { type: string }
+): UIMessage {
+  const thinkingStarted = thinking.length > 0 && !prevMsg.thinkingStartTime;
+  const thinkingJustEnded =
+    prevMsg.thinkingStartTime &&
+    !prevMsg.thinkingEndTime &&
+    (assistantEvent?.type === "thinking_end" ||
+      assistantEvent?.type === "text_start" ||
+      assistantEvent?.type === "text_delta" ||
+      assistantEvent?.type === "toolcall_start" ||
+      assistantEvent?.type === "toolcall_delta");
+
+  return {
+    ...prevMsg,
+    content: text,
+    thinking: thinking.length > 0 ? thinking : undefined,
+    thinkingStartTime: thinkingStarted ? Date.now() : prevMsg.thinkingStartTime,
+    thinkingEndTime: thinkingJustEnded ? Date.now() : prevMsg.thinkingEndTime,
+  };
+}
+
+export function updateAgentMessage(
+  messages: UIMessage[],
+  msgId: string,
+  updater: (msg: UIMessage & { type: "agent" }) => UIMessage
+): UIMessage[] {
+  const next = [...messages];
+  const idx = next.findIndex((m) => m.id === msgId && m.type === "agent");
+  if (idx >= 0) {
+    next[idx] = updater(next[idx] as UIMessage & { type: "agent" });
+  }
+  return next;
+}
+
+export function removeAgentMessageIfEmpty(
+  messages: UIMessage[],
+  msgId: string,
+  text: string,
+  thinking: string
+): UIMessage[] {
+  const next = [...messages];
+  const idx = next.findIndex((m) => m.id === msgId && m.type === "agent");
+  if (idx >= 0) {
+    if (text.length === 0 && thinking.length === 0) {
+      next.splice(idx, 1);
+    } else {
+      const prevMsg = next[idx] as UIMessage & { type: "agent" };
+      next[idx] = {
+        ...prevMsg,
+        content: text,
+        thinking: thinking.length > 0 ? thinking : undefined,
+        thinkingEndTime:
+          thinking.length > 0 && !prevMsg.thinkingEndTime
+            ? Date.now()
+            : prevMsg.thinkingEndTime,
+      };
+    }
+  }
+  return next;
+}
+
+// ============================================================================
+// Message Reconstruction
+// ============================================================================
+
+/**
+ * Rebuilds the UI message list from Pi's session history (`event.messages`),
+ * preserving existing UI state (thinkingCollapsed, expanded, etc.) for matched messages.
+ * Unmatched messages from the current UI (e.g. tool_call, tool_result) are appended at the end.
+ */
+export function rebuildMessagesFromHistory(
+  currentMessages: UIMessage[],
+  historyMessages: AgentMessage[],
+  pendingMsgId?: string | null
+): UIMessage[] {
+  const reordered: UIMessage[] = [];
+  const usedIndices = new Set<number>();
+
+  for (const histMsg of historyMessages) {
+    if (isUserMessage(histMsg)) {
+      const content = getUserMessageContent(histMsg);
+      const idx = currentMessages.findIndex(
+        (m, i) => !usedIndices.has(i) && m.type === "user" && m.content === content
+      );
+      if (idx >= 0) {
+        usedIndices.add(idx);
+        reordered.push(currentMessages[idx]!);
+      } else {
+        reordered.push({ id: generateId("user"), type: "user", content });
+      }
+    } else if (isAssistantMessage(histMsg)) {
+      const { text, thinking } = extractTextAndThinking(histMsg);
+
+      // If the pending streaming agent message ended up empty, skip it
+      // so we don't resurrect a removed placeholder.
+      const pendingIdx = currentMessages.findIndex(
+        (m, i) => !usedIndices.has(i) && m.type === "agent" && m.id === pendingMsgId
+      );
+      const isEmptyPending = pendingIdx >= 0 && text.length === 0 && thinking.length === 0;
+      if (isEmptyPending) {
+        usedIndices.add(pendingIdx);
+        continue;
+      }
+
+      const idx = currentMessages.findIndex(
+        (m, i) => !usedIndices.has(i) && m.type === "agent" && m.content === text
+      );
+      if (idx >= 0) {
+        usedIndices.add(idx);
+        reordered.push(currentMessages[idx]!);
+
+        // Pull any trailing tool_call / tool_result messages that immediately
+        // followed this agent message in the old UI order so they stay together.
+        for (let i = idx + 1; i < currentMessages.length; i++) {
+          if (usedIndices.has(i)) break;
+          const m = currentMessages[i];
+          if (!m) break;
+          if (m.type === "tool_call") {
+            usedIndices.add(i);
+            reordered.push(m);
+          } else {
+            break;
+          }
+        }
+      } else {
+        reordered.push({
+          id: generateId("agent"),
+          type: "agent",
+          content: text,
+          thinking: thinking || undefined,
+          thinkingCollapsed: true,
+        });
+      }
+    } else if (isCustomPlanMessage(histMsg)) {
+      const content = extractCustomPlanContent(histMsg);
+      const idx = currentMessages.findIndex(
+        (m, i) => !usedIndices.has(i) && m.type === "plan"
+      );
+      if (idx >= 0) {
+        usedIndices.add(idx);
+        reordered.push(currentMessages[idx]!);
+      } else {
+        reordered.push({
+          id: generateId("plan"),
+          type: "plan",
+          content,
+        });
+      }
+    }
+  }
+
+  // Append any unmatched current messages (tool_call, etc.)
+  for (let i = 0; i < currentMessages.length; i++) {
+    if (!usedIndices.has(i)) {
+      reordered.push(currentMessages[i]!);
+    }
+  }
+
+  // Deduplicate plan messages: only the latest plan is kept.
+  const planIndices: number[] = [];
+  for (let i = 0; i < reordered.length; i++) {
+    if (reordered[i]!.type === "plan") {
+      planIndices.push(i);
+    }
+  }
+  if (planIndices.length > 1) {
+    for (let i = planIndices.length - 2; i >= 0; i--) {
+      reordered.splice(planIndices[i]!, 1);
+    }
+  }
+
+  return reordered;
+}

package/src/agent/hooks/types.ts

@@ -0,0 +1,32 @@
+/**
+ * Shared Type Definitions for Hooks
+ */
+
+import type { AgentSession } from "@mariozechner/pi-coding-agent";
+import type { UIMessage } from "../../tui/components/chat-panel.js";
+
+/**
+ * Context passed to event handlers.
+ * Contains React setters and refs to avoid stale closures.
+ */
+export interface EventHandlerContext {
+  setMessages: React.Dispatch<React.SetStateAction<UIMessage[]>>;
+  setIsStreaming: React.Dispatch<React.SetStateAction<boolean>>;
+  streamingMsgIdRef: React.MutableRefObject<string | null>;
+  pendingToolsRef: React.MutableRefObject<Map<string, string>>;
+  setSessionTitleState: React.Dispatch<React.SetStateAction<string>>;
+  setSessionTitle: (title: string) => void;
+  allExpandedRef: React.MutableRefObject<boolean>;
+  setSteeringMessages: React.Dispatch<React.SetStateAction<readonly string[]>>;
+  setFollowUpMessages: React.Dispatch<React.SetStateAction<readonly string[]>>;
+  localSteerQueueRef: React.MutableRefObject<string[]>;
+  localFollowUpQueueRef: React.MutableRefObject<string[]>;
+  hasToolCallsRef: React.MutableRefObject<boolean>;
+  sessionRef: React.MutableRefObject<AgentSession | null>;
+}
+
+/**
+ * Session tree node type derived from AgentSession's sessionManager.
+ */
+export type SessionManagerType = AgentSession["sessionManager"];
+export type SessionTreeNode = ReturnType<SessionManagerType["getTree"]>[number];