@nalvietnam/avatar-cli 1.6.4 → 1.7.0

package/dist/index.js

@@ -761,6 +761,14 @@ async function writeClaudeSettings(workspacePath, input6) {
 
 // src/lib/run-ai-setup-phase.ts
 var SUBSCRIPTION_DEFAULT_MODEL = "sonnet";
+function warnAboutPlaintextSecret(providerLabel) {
+  log.warn(
+    `\u{1F512} ${providerLabel} key \u0111\xE3 l\u01B0u PLAINTEXT v\xE0o .claude/settings.json.
+   File n\xE0y \u0111\u01B0\u1EE3c gitignore t\u1EEB Avatar v1.7.0, nh\u01B0ng workspace c\u0169 c\xF3 th\u1EC3 CH\u01AFA.
+   Ki\u1EC3m tra: grep '.claude/settings.json' .gitignore
+   N\u1EBFu ch\u01B0a c\xF3 \u2192 TH\xCAM NGAY, tr\xE1nh leak key khi commit/push.`
+  );
+}
 async function runAiSetupPhase(args) {
   try {
     log.info("Setup AI provider cho workspace...");
@@ -819,6 +827,7 @@ async function runAiSetupPhase(args) {
           `provider=llmlite,result=ok,model=${llmConfig.model},base=${llmConfig.baseUrl}`
         );
         log.success(`AI ready \xB7 LLMLite \xB7 model=${llmConfig.model} \xB7 ${llmConfig.baseUrl}`);
+        warnAboutPlaintextSecret("LLMLite");
         return { ok: true, provider: "llmlite", model: llmConfig.model };
       }
       case "anthropic": {
@@ -836,6 +845,7 @@ async function runAiSetupPhase(args) {
         log.success(
           `AI ready \xB7 Anthropic Direct \xB7 model=${anthropicConfig.model} \xB7 ${anthropicConfig.baseUrl}`
         );
+        warnAboutPlaintextSecret("Anthropic Direct API");
         return { ok: true, provider: "anthropic", model: anthropicConfig.model };
       }
       case "use-global": {
@@ -1494,11 +1504,12 @@ async function runChecks(cwd) {
     });
   }
   const gitignorePath = join11(cwd, ".gitignore");
+  let gitignoreContent = "";
   if (gitRepo) {
     let gitignoreOk = false;
     if (await pathExists(gitignorePath)) {
-      const content = await fs6.readFile(gitignorePath, "utf8");
-      gitignoreOk = content.includes(".claude/_pending/");
+      gitignoreContent = await fs6.readFile(gitignorePath, "utf8");
+      gitignoreOk = gitignoreContent.includes(".claude/_pending/");
     }
     checks.push({
       name: ".gitignore Avatar entries",
@@ -1506,6 +1517,66 @@ async function runChecks(cwd) {
       detail: gitignoreOk ? "c\xF3 .claude/_pending/, .claude/_backup/" : "thi\u1EBFu entries",
       fixable: false
     });
+    const settingsGitignored = gitignoreContent.includes(".claude/settings.json") || gitignoreContent.includes("/.claude/settings.json") || gitignoreContent.includes(".claude/*.json");
+    checks.push({
+      name: "\u{1F512} settings.json gitignored",
+      status: settingsGitignored ? "ok" : "fail",
+      detail: settingsGitignored ? "an to\xE0n \u2014 settings.json kh\xF4ng commit nh\u1EA7m" : "CRITICAL: settings.json ch\u1EE9a API key \u2014 ch\u1EA1y 'avatar doctor --fix' \u0111\u1EC3 add gitignore",
+      fixable: !settingsGitignored,
+      fix: settingsGitignored ? void 0 : async () => {
+        const addition = "\n# Avatar v1.7.0 \u2014 Security: settings.json ch\u1EE9a raw API key, KH\xD4NG commit.\n.claude/settings.json\n.claude/settings.json.backup-*\n";
+        await fs6.appendFile(gitignorePath, addition);
+      }
+    });
+  }
+  const pythonCheck = spawnSync6("which", ["python"]);
+  const python3Check = spawnSync6("which", ["python3"]);
+  const hasPython = pythonCheck.status === 0;
+  const hasPython3 = python3Check.status === 0;
+  if (hasPython3 && !hasPython) {
+    checks.push({
+      name: "Python binary alias",
+      status: "warn",
+      detail: `Ch\u1EC9 c\xF3 python3 (modern macOS). Pack scripts th\u01B0\u1EDDng ref 'python' \u2192 suggest: ln -s ${python3Check.stdout.toString().trim()} ~/.local/bin/python`,
+      fixable: false
+    });
+  } else if (hasPython) {
+    checks.push({
+      name: "Python binary",
+      status: "ok",
+      detail: `python: ${pythonCheck.stdout.toString().trim()}`,
+      fixable: false
+    });
+  } else if (hasPython3) {
+    checks.push({
+      name: "Python binary",
+      status: "ok",
+      detail: `python3: ${python3Check.stdout.toString().trim()}`,
+      fixable: false
+    });
+  }
+  const settingsPath = join11(cwd, ".claude", "settings.json");
+  if (await pathExists(settingsPath)) {
+    try {
+      const settingsRaw = await fs6.readFile(settingsPath, "utf8");
+      const settings = JSON.parse(settingsRaw);
+      if (settings.statusLine?.command) {
+        const cmd = settings.statusLine.command.trim();
+        const match = cmd.match(/^(node|python|python3|bash|sh)\s+([^\s]+)/);
+        if (match) {
+          const refFile = match[2];
+          const fullPath = refFile.startsWith("/") ? refFile : join11(cwd, refFile);
+          const fileExists = await pathExists(fullPath);
+          checks.push({
+            name: "statusLine command",
+            status: fileExists ? "ok" : "fail",
+            detail: fileExists ? `ref OK: ${refFile}` : `BROKEN: settings.json ref '${refFile}' nh\u01B0ng file kh\xF4ng t\u1ED3n t\u1EA1i. Strip field statusLine ho\u1EB7c fix path.`,
+            fixable: false
+          });
+        }
+      }
+    } catch {
+    }
   }
   const which = spawnSync6("which", ["claude"]);
   const hasClaudeCli = which.status === 0;
@@ -3097,6 +3168,16 @@ function linkExistingRemoteToWorkspace(args) {
 // src/lib/merge-pack-settings-into-project-settings.ts
 import { promises as fs9 } from "fs";
 import { join as join17 } from "path";
+async function isStatusLineCommandResolvable(workspacePath, command) {
+  const trimmed = command.trim();
+  const match = trimmed.match(/^(node|python|python3|bash|sh)\s+([^\s]+)/);
+  if (!match) {
+    return true;
+  }
+  const filePath = match[2];
+  const fullPath = filePath.startsWith("/") ? filePath : join17(workspacePath, filePath);
+  return await pathExists(fullPath);
+}
 function backupFilename(originalPath) {
   const d = /* @__PURE__ */ new Date();
   const stamp = `${d.getFullYear().toString().slice(-2) + String(d.getMonth() + 1).padStart(2, "0") + String(d.getDate()).padStart(2, "0")}-${String(d.getHours()).padStart(2, "0")}${String(d.getMinutes()).padStart(2, "0")}`;
@@ -3157,8 +3238,18 @@ async function mergePackSettingsIntoProjectSettings(workspacePath) {
   const changes = [];
   const merged = { ...userSettings };
   if (packTemplate.statusLine && !userSettings.statusLine) {
-    merged.statusLine = packTemplate.statusLine;
-    changes.push("statusLine added");
+    const statusLineOk = await isStatusLineCommandResolvable(
+      workspacePath,
+      packTemplate.statusLine.command
+    );
+    if (statusLineOk) {
+      merged.statusLine = packTemplate.statusLine;
+      changes.push("statusLine added");
+    } else {
+      changes.push(
+        `statusLine SKIPPED (file ref '${packTemplate.statusLine.command}' kh\xF4ng t\u1ED3n t\u1EA1i)`
+      );
+    }
   }
   if (typeof packTemplate.includeCoAuthoredBy === "boolean" && typeof userSettings.includeCoAuthoredBy !== "boolean") {
     merged.includeCoAuthoredBy = packTemplate.includeCoAuthoredBy;
@@ -4840,7 +4931,7 @@ async function removeSubmoduleEntry(gitmodulesPath, submodulePath) {
 }
 
 // src/commands/uninstall.ts
-var CLI_VERSION = "1.6.4";
+var CLI_VERSION = "1.7.0";
 function registerUninstallCommand(program2) {
   program2.command("uninstall").description("G\u1EE1 Avatar kh\u1ECFi project \u2014 backup t\u1EF1 \u0111\u1ED9ng (M11)").option("--yes", "Skip confirm prompt").option("--no-backup", "Kh\xF4ng t\u1EA1o backup tr\u01B0\u1EDBc khi x\xF3a (nguy hi\u1EC3m)").option("--keep-submodule", "Gi\u1EEF submodule .claude/pack/").option("--keep-hooks", "Gi\u1EEF git hooks post-merge, pre-push").option("--dry-run", "Hi\u1EC3n th\u1ECB danh s\xE1ch s\u1EBD x\xF3a, kh\xF4ng th\u1EF1c thi").action(async (opts) => {
     try {
@@ -4922,7 +5013,7 @@ function printUninstallSuccessBox(backupPath) {
 }
 
 // src/index.ts
-var CLI_VERSION2 = "1.6.4";
+var CLI_VERSION2 = "1.7.0";
 var program = new Command();
 program.name("avatar").description("AI harness CLI for NAL Vietnam engineering").version(CLI_VERSION2, "-v, --version", "Hi\u1EC3n th\u1ECB phi\xEAn b\u1EA3n Avatar CLI").addHelpText(
   "beforeAll",