npm - @nalvietnam/avatar-cli - Versions diffs - 1.6.3 → 1.7.0 - Mend

@nalvietnam/avatar-cli 1.6.3 → 1.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.js +140 -17
package/dist/index.js.map +1 -1
package/dist/lib/print-welcome-screen.js +1 -1
package/dist/lib/print-welcome-screen.js.map +1 -1
package/dist/templates/gitignore.tpl +5 -0
package/package.json +1 -1
package/src/templates/gitignore.tpl +5 -0

package/dist/index.js CHANGED Viewed

@@ -761,6 +761,14 @@ async function writeClaudeSettings(workspacePath, input6) {
 // src/lib/run-ai-setup-phase.ts
 var SUBSCRIPTION_DEFAULT_MODEL = "sonnet";
+function warnAboutPlaintextSecret(providerLabel) {
+  log.warn(
+    `\u{1F512} ${providerLabel} key \u0111\xE3 l\u01B0u PLAINTEXT v\xE0o .claude/settings.json.
+   File n\xE0y \u0111\u01B0\u1EE3c gitignore t\u1EEB Avatar v1.7.0, nh\u01B0ng workspace c\u0169 c\xF3 th\u1EC3 CH\u01AFA.
+   Ki\u1EC3m tra: grep '.claude/settings.json' .gitignore
+   N\u1EBFu ch\u01B0a c\xF3 \u2192 TH\xCAM NGAY, tr\xE1nh leak key khi commit/push.`
+  );
+}
 async function runAiSetupPhase(args) {
   try {
     log.info("Setup AI provider cho workspace...");
@@ -819,6 +827,7 @@ async function runAiSetupPhase(args) {
           `provider=llmlite,result=ok,model=${llmConfig.model},base=${llmConfig.baseUrl}`
         );
         log.success(`AI ready \xB7 LLMLite \xB7 model=${llmConfig.model} \xB7 ${llmConfig.baseUrl}`);
+        warnAboutPlaintextSecret("LLMLite");
         return { ok: true, provider: "llmlite", model: llmConfig.model };
       }
       case "anthropic": {
@@ -836,6 +845,7 @@ async function runAiSetupPhase(args) {
         log.success(
           `AI ready \xB7 Anthropic Direct \xB7 model=${anthropicConfig.model} \xB7 ${anthropicConfig.baseUrl}`
         );
+        warnAboutPlaintextSecret("Anthropic Direct API");
         return { ok: true, provider: "anthropic", model: anthropicConfig.model };
       }
       case "use-global": {
@@ -1494,11 +1504,12 @@ async function runChecks(cwd) {
     });
   }
   const gitignorePath = join11(cwd, ".gitignore");
+  let gitignoreContent = "";
   if (gitRepo) {
     let gitignoreOk = false;
     if (await pathExists(gitignorePath)) {
-      const content = await fs6.readFile(gitignorePath, "utf8");
-      gitignoreOk = content.includes(".claude/_pending/");
+      gitignoreContent = await fs6.readFile(gitignorePath, "utf8");
+      gitignoreOk = gitignoreContent.includes(".claude/_pending/");
     }
     checks.push({
       name: ".gitignore Avatar entries",
@@ -1506,6 +1517,66 @@ async function runChecks(cwd) {
       detail: gitignoreOk ? "c\xF3 .claude/_pending/, .claude/_backup/" : "thi\u1EBFu entries",
       fixable: false
     });
+    const settingsGitignored = gitignoreContent.includes(".claude/settings.json") || gitignoreContent.includes("/.claude/settings.json") || gitignoreContent.includes(".claude/*.json");
+    checks.push({
+      name: "\u{1F512} settings.json gitignored",
+      status: settingsGitignored ? "ok" : "fail",
+      detail: settingsGitignored ? "an to\xE0n \u2014 settings.json kh\xF4ng commit nh\u1EA7m" : "CRITICAL: settings.json ch\u1EE9a API key \u2014 ch\u1EA1y 'avatar doctor --fix' \u0111\u1EC3 add gitignore",
+      fixable: !settingsGitignored,
+      fix: settingsGitignored ? void 0 : async () => {
+        const addition = "\n# Avatar v1.7.0 \u2014 Security: settings.json ch\u1EE9a raw API key, KH\xD4NG commit.\n.claude/settings.json\n.claude/settings.json.backup-*\n";
+        await fs6.appendFile(gitignorePath, addition);
+      }
+    });
+  }
+  const pythonCheck = spawnSync6("which", ["python"]);
+  const python3Check = spawnSync6("which", ["python3"]);
+  const hasPython = pythonCheck.status === 0;
+  const hasPython3 = python3Check.status === 0;
+  if (hasPython3 && !hasPython) {
+    checks.push({
+      name: "Python binary alias",
+      status: "warn",
+      detail: `Ch\u1EC9 c\xF3 python3 (modern macOS). Pack scripts th\u01B0\u1EDDng ref 'python' \u2192 suggest: ln -s ${python3Check.stdout.toString().trim()} ~/.local/bin/python`,
+      fixable: false
+    });
+  } else if (hasPython) {
+    checks.push({
+      name: "Python binary",
+      status: "ok",
+      detail: `python: ${pythonCheck.stdout.toString().trim()}`,
+      fixable: false
+    });
+  } else if (hasPython3) {
+    checks.push({
+      name: "Python binary",
+      status: "ok",
+      detail: `python3: ${python3Check.stdout.toString().trim()}`,
+      fixable: false
+    });
+  }
+  const settingsPath = join11(cwd, ".claude", "settings.json");
+  if (await pathExists(settingsPath)) {
+    try {
+      const settingsRaw = await fs6.readFile(settingsPath, "utf8");
+      const settings = JSON.parse(settingsRaw);
+      if (settings.statusLine?.command) {
+        const cmd = settings.statusLine.command.trim();
+        const match = cmd.match(/^(node|python|python3|bash|sh)\s+([^\s]+)/);
+        if (match) {
+          const refFile = match[2];
+          const fullPath = refFile.startsWith("/") ? refFile : join11(cwd, refFile);
+          const fileExists = await pathExists(fullPath);
+          checks.push({
+            name: "statusLine command",
+            status: fileExists ? "ok" : "fail",
+            detail: fileExists ? `ref OK: ${refFile}` : `BROKEN: settings.json ref '${refFile}' nh\u01B0ng file kh\xF4ng t\u1ED3n t\u1EA1i. Strip field statusLine ho\u1EB7c fix path.`,
+            fixable: false
+          });
+        }
+      }
+    } catch {
+    }
   }
   const which = spawnSync6("which", ["claude"]);
   const hasClaudeCli = which.status === 0;
@@ -1850,6 +1921,28 @@ import { spawnSync as spawnSync10 } from "child_process";
 import { existsSync as existsSync5 } from "fs";
 import { join as join14 } from "path";
 import { confirm as confirm2 } from "@inquirer/prompts";
+// src/lib/detect-reasoning-model-from-name.ts
+var REASONING_PATTERNS = [
+  // Anthropic Claude 4+ với extended thinking.
+  // Match: claude-opus-4-7, claude-opus-4-8, claude-sonnet-4-5, claude-opus-4-1, ...
+  /^claude-(opus|sonnet)-4/i,
+  // Anthropic Claude 5+ (future-proof — assume reasoning theo trend).
+  /^claude-(opus|sonnet|haiku)-[5-9]/i,
+  // OpenAI o-series (o1, o3, o4).
+  /^o1(-|$)/i,
+  /^o3(-|$)/i,
+  /^o4(-|$)/i,
+  // LLMLite NAL alias mapping — phổ biến nal-claude-opus-* trỏ tới opus-4+.
+  // (Conservative: chỉ match nếu name có chứa opus/sonnet + version số.)
+  /nal-claude-(opus|sonnet)-?4/i
+];
+function isReasoningModel(modelName) {
+  if (!modelName) return false;
+  return REASONING_PATTERNS.some((pattern) => pattern.test(modelName));
+}
+// src/lib/run-gitnexus-wiki-conditional.ts
 var WIKI_TIMEOUT_MS = 15 * 60 * 1e3;
 var FALLBACK_LLMLITE_MODEL = "nal-claude";
 var FALLBACK_ANTHROPIC_MODEL = "claude-sonnet-4-5";
@@ -1919,19 +2012,29 @@ async function runGitnexusWikiConditional(workspacePath) {
     );
     return { ran: false, skipped: true, reason: "user-declined" };
   }
+  const reasoningMode = isReasoningModel(creds.model);
+  const args = [
+    "wiki",
+    ".",
+    "--api-key",
+    creds.apiKey,
+    "--base-url",
+    creds.baseUrl,
+    "--model",
+    creds.model
+  ];
+  if (reasoningMode) {
+    args.push("--reasoning-model");
+  }
   const sp = spinnerWithElapsed(
-    `Generating wiki via ${creds.baseUrl} (${creds.provider}) model=${creds.model}`
-  );
-  const result = spawnSync10(
-    "gitnexus",
-    ["wiki", ".", "--api-key", creds.apiKey, "--base-url", creds.baseUrl, "--model", creds.model],
-    {
-      cwd: workspacePath,
-      stdio: ["ignore", "pipe", "pipe"],
-      timeout: WIKI_TIMEOUT_MS,
-      encoding: "utf8"
-    }
+    `Generating wiki via ${creds.baseUrl} (${creds.provider}) model=${creds.model}${reasoningMode ? " [reasoning]" : ""}`
   );
+  const result = spawnSync10("gitnexus", args, {
+    cwd: workspacePath,
+    stdio: ["ignore", "pipe", "pipe"],
+    timeout: WIKI_TIMEOUT_MS,
+    encoding: "utf8"
+  });
   if (result.status !== 0 || result.signal === "SIGTERM") {
     const reason = result.signal === "SIGTERM" ? "timeout" : "non-zero-exit";
     sp.fail(`Wiki gen ${reason} (exit ${result.status ?? "null"})`);
@@ -3065,6 +3168,16 @@ function linkExistingRemoteToWorkspace(args) {
 // src/lib/merge-pack-settings-into-project-settings.ts
 import { promises as fs9 } from "fs";
 import { join as join17 } from "path";
+async function isStatusLineCommandResolvable(workspacePath, command) {
+  const trimmed = command.trim();
+  const match = trimmed.match(/^(node|python|python3|bash|sh)\s+([^\s]+)/);
+  if (!match) {
+    return true;
+  }
+  const filePath = match[2];
+  const fullPath = filePath.startsWith("/") ? filePath : join17(workspacePath, filePath);
+  return await pathExists(fullPath);
+}
 function backupFilename(originalPath) {
   const d = /* @__PURE__ */ new Date();
   const stamp = `${d.getFullYear().toString().slice(-2) + String(d.getMonth() + 1).padStart(2, "0") + String(d.getDate()).padStart(2, "0")}-${String(d.getHours()).padStart(2, "0")}${String(d.getMinutes()).padStart(2, "0")}`;
@@ -3125,8 +3238,18 @@ async function mergePackSettingsIntoProjectSettings(workspacePath) {
   const changes = [];
   const merged = { ...userSettings };
   if (packTemplate.statusLine && !userSettings.statusLine) {
-    merged.statusLine = packTemplate.statusLine;
-    changes.push("statusLine added");
+    const statusLineOk = await isStatusLineCommandResolvable(
+      workspacePath,
+      packTemplate.statusLine.command
+    );
+    if (statusLineOk) {
+      merged.statusLine = packTemplate.statusLine;
+      changes.push("statusLine added");
+    } else {
+      changes.push(
+        `statusLine SKIPPED (file ref '${packTemplate.statusLine.command}' kh\xF4ng t\u1ED3n t\u1EA1i)`
+      );
+    }
   }
   if (typeof packTemplate.includeCoAuthoredBy === "boolean" && typeof userSettings.includeCoAuthoredBy !== "boolean") {
     merged.includeCoAuthoredBy = packTemplate.includeCoAuthoredBy;
@@ -4808,7 +4931,7 @@ async function removeSubmoduleEntry(gitmodulesPath, submodulePath) {
 }
 // src/commands/uninstall.ts
-var CLI_VERSION = "1.6.3";
+var CLI_VERSION = "1.7.0";
 function registerUninstallCommand(program2) {
   program2.command("uninstall").description("G\u1EE1 Avatar kh\u1ECFi project \u2014 backup t\u1EF1 \u0111\u1ED9ng (M11)").option("--yes", "Skip confirm prompt").option("--no-backup", "Kh\xF4ng t\u1EA1o backup tr\u01B0\u1EDBc khi x\xF3a (nguy hi\u1EC3m)").option("--keep-submodule", "Gi\u1EEF submodule .claude/pack/").option("--keep-hooks", "Gi\u1EEF git hooks post-merge, pre-push").option("--dry-run", "Hi\u1EC3n th\u1ECB danh s\xE1ch s\u1EBD x\xF3a, kh\xF4ng th\u1EF1c thi").action(async (opts) => {
     try {
@@ -4890,7 +5013,7 @@ function printUninstallSuccessBox(backupPath) {
 }
 // src/index.ts
-var CLI_VERSION2 = "1.6.3";
+var CLI_VERSION2 = "1.7.0";
 var program = new Command();
 program.name("avatar").description("AI harness CLI for NAL Vietnam engineering").version(CLI_VERSION2, "-v, --version", "Hi\u1EC3n th\u1ECB phi\xEAn b\u1EA3n Avatar CLI").addHelpText(
   "beforeAll",