@nomad-e/bluma-cli 0.0.106 → 0.0.107

package/dist/config/native_tools.json

@@ -1,40 +1,5 @@
 {
   "nativeTools": [
-    {
-      "type": "function",
-      "function": {
-        "name": "shell_command",
-        "description": "Executes terminal commands in a universal and robust way. Automatically detects the appropriate shell (bash/sh on Linux/macOS, cmd/PowerShell on Windows). Handles timeouts gracefully and captures all output. Use for: installing packages (npm/pip/cargo), running tests, building projects, git operations, and any shell commands.",
-        "parameters": {
-          "type": "object",
-          "properties": {
-            "command": {
-              "type": "string",
-              "description": "The shell command to execute. Examples: 'npm install express', 'git status', 'pytest tests/', 'cargo build --release'. The command will be executed in the appropriate shell for the OS."
-            },
-            "timeout": {
-              "type": "integer",
-              "description": "Maximum execution time in seconds. Default is 300 (5 minutes). Increase for long-running commands like large builds or npm installs. The process will be terminated gracefully if timeout is exceeded.",
-              "default": 300,
-              "minimum": 1,
-              "maximum": 3600
-            },
-            "cwd": {
-              "type": "string",
-              "description": "Working directory for command execution. Must be an absolute path. Defaults to current working directory if not specified. Use this to execute commands in specific project folders."
-            },
-            "verbose": {
-              "type": "boolean",
-              "description": "If true, returns detailed execution report including platform info, duration, and full output. If false, returns concise output with just status, exit code, and stdout/stderr. Use verbose=true for debugging command issues.",
-              "default": false
-            }
-          },
-          "required": [
-            "command"
-          ]
-        }
-      }
-    },
     {
       "type": "function",
       "function": {
@@ -348,22 +313,22 @@
     {
       "type": "function",
       "function": {
-        "name": "run_command_async",
-        "description": "Start a command in background and get a command_id to track it. Use this for long-running commands like npm install, builds, or tests. The command runs asynchronously and you can check its status with command_status.",
+        "name": "shell_command",
+        "description": "Execute a shell command. The command runs in background and returns a command_id. Use command_status to check progress and get output. Security: blocks sudo, rm -rf, fork bombs, and other dangerous commands. Output is limited to 30KB/200 lines to avoid context overflow.",
         "parameters": {
           "type": "object",
           "properties": {
             "command": {
               "type": "string",
-              "description": "The shell command to execute in background."
+              "description": "The shell command to execute. Examples: 'npm install', 'git status', 'docker build', 'pytest'. Cross-platform (bash/sh on Unix, cmd on Windows)."
             },
             "cwd": {
               "type": "string",
-              "description": "Working directory for command execution. Defaults to current directory."
+              "description": "Working directory. Defaults to current directory."
             },
             "timeout": {
               "type": "integer",
-              "description": "Timeout in seconds. 0 means no timeout. Default is 0.",
+              "description": "Timeout in seconds. 0 = no timeout. Default is 0.",
               "default": 0
             }
           },
@@ -377,13 +342,13 @@
       "type": "function",
       "function": {
         "name": "command_status",
-        "description": "Check the status of a background command started with run_command_async. Returns current status, output, and exit code if completed.",
+        "description": "Check the status of a command started with shell_command. Returns status, output, and exit code.",
         "parameters": {
           "type": "object",
           "properties": {
             "command_id": {
               "type": "string",
-              "description": "The command ID returned by run_command_async."
+              "description": "The command ID returned by shell_command."
             },
             "wait_seconds": {
               "type": "integer",

package/dist/main.js

@@ -1316,255 +1316,16 @@ var ConfirmationPrompt = memo4(ConfirmationPromptComponent);
 import OpenAI from "openai";
 import * as dotenv from "dotenv";
 import path15 from "path";
-import os9 from "os";
+import os8 from "os";
 
 // src/app/agent/tool_invoker.ts
 import { promises as fs8 } from "fs";
 import path10 from "path";
 import { fileURLToPath } from "url";
 
-// src/app/agent/tools/natives/shell_command.ts
-import os from "os";
-import { spawn } from "child_process";
-var MAX_OUTPUT_SIZE = 1e5;
-var OUTPUT_TRUNCATION_MESSAGE = "\n\n[OUTPUT TRUNCATED - exceeded 100KB limit. Use pagination or redirect to file for full output.]";
-var DANGEROUS_PATTERNS = [
-  // === ELEVAÇÃO DE PRIVILÉGIOS ===
-  /^sudo\s+/i,
-  // sudo commands
-  /^doas\s+/i,
-  // doas (BSD sudo alternative)
-  /^su\s+/i,
-  // switch user
-  /^pkexec\s+/i,
-  // PolicyKit execution
-  /\|\s*sudo\s+/i,
-  // piped to sudo
-  /;\s*sudo\s+/i,
-  // chained with sudo
-  /&&\s*sudo\s+/i,
-  // AND chained with sudo
-  // === COMANDOS DESTRUTIVOS ===
-  /\brm\s+(-[rf]+\s+)*[\/~]/i,
-  // rm com paths perigosos (/, ~)
-  /\brm\s+-[rf]*\s+\*/i,
-  // rm -rf *
-  /\bchmod\s+(777|666)\s+\//i,
-  // chmod 777/666 em paths root
-  /\bchown\s+.*\s+\//i,
-  // chown em paths root
-  /\bdd\s+.*of=\/dev\/(sd|hd|nvme)/i,
-  // dd para discos
-  /\bmkfs\./i,
-  // format filesystem
-  />\s*\/dev\/(sd|hd|nvme)/i,
-  // redirect para disco
-  /\bshred\s+/i,
-  // secure delete
-  // === FORK BOMB / RESOURCE EXHAUSTION ===
-  /:\(\)\s*\{\s*:\|:&\s*\}\s*;:/,
-  // fork bomb clássico
-  /\bwhile\s+true\s*;\s*do/i,
-  // infinite loop
-  /\byes\s+\|/i,
-  // yes piped (resource exhaustion)
-  // === NETWORK PERIGOSO ===
-  /\bcurl\s+.*\|\s*(ba)?sh/i,
-  // curl | bash (remote code exec)
-  /\bwget\s+.*\|\s*(ba)?sh/i,
-  // wget | bash
-  /\bnc\s+-[el]/i
-  // netcat listener (backdoor)
-];
-var INTERACTIVE_PATTERNS = [
-  /^(vim|vi|nano|emacs|pico)\s*/i,
-  // editors
-  /^(less|more|most)\s*/i,
-  // pagers
-  /^(top|htop|btop|atop|nmon)\s*/i,
-  // monitoring tools
-  /^(ssh|telnet|ftp|sftp)\s+/i,
-  // remote connections
-  /^(mysql|psql|redis-cli|mongo|mongosh)\s*$/i,
-  // database CLIs (sem script)
-  /^(python|python3|node|ruby|irb|lua)\s*$/i,
-  // REPLs sem script
-  /^(gdb|lldb)\s*/i,
-  // debuggers
-  /^(bc|dc)\s*$/i
-  // calculators
-];
-function shellCommand(args) {
-  const {
-    command,
-    timeout = 300,
-    // 5 minutos por padrão
-    cwd = process.cwd(),
-    verbose = false
-  } = args;
-  return new Promise((resolve) => {
-    const startTime = Date.now();
-    const platform = os.platform();
-    const commandTrimmed = command.trim();
-    for (const pattern of DANGEROUS_PATTERNS) {
-      if (pattern.test(commandTrimmed)) {
-        const result = {
-          status: "blocked",
-          exitCode: null,
-          stdout: "",
-          stderr: `Command blocked: "${commandTrimmed}" requires elevated privileges (sudo/doas). These commands require interactive password input which cannot be handled. Alternatives:
-1. Run the command manually in terminal
-2. Configure passwordless sudo for this specific command
-3. Run BluMa as root (not recommended)`,
-          command,
-          cwd,
-          platform,
-          duration: Date.now() - startTime,
-          blockedReason: "requires_sudo"
-        };
-        return resolve(formatResult(result, verbose));
-      }
-    }
-    for (const pattern of INTERACTIVE_PATTERNS) {
-      if (pattern.test(commandTrimmed)) {
-        const result = {
-          status: "blocked",
-          exitCode: null,
-          stdout: "",
-          stderr: `Command blocked: "${commandTrimmed}" is an interactive command. Interactive commands require user input and cannot be handled by the agent. Alternatives:
-1. Use non-interactive alternatives (e.g., 'cat' instead of 'less')
-2. Run the command manually in terminal
-3. For editors, use edit_tool instead`,
-          command,
-          cwd,
-          platform,
-          duration: Date.now() - startTime,
-          blockedReason: "interactive_command"
-        };
-        return resolve(formatResult(result, verbose));
-      }
-    }
-    let shellCmd;
-    let shellArgs;
-    if (platform === "win32") {
-      shellCmd = process.env.COMSPEC || "cmd.exe";
-      shellArgs = ["/c", command];
-    } else {
-      shellCmd = process.env.SHELL || "/bin/bash";
-      shellArgs = ["-c", command];
-    }
-    let stdout = "";
-    let stderr = "";
-    let stdoutTruncated = false;
-    let stderrTruncated = false;
-    let timedOut = false;
-    let finished = false;
-    const childProcess = spawn(shellCmd, shellArgs, {
-      cwd,
-      env: process.env,
-      // Importante: no Windows, precisamos do shell, mas spawn já lida com isso
-      windowsHide: true
-    });
-    const timeoutId = setTimeout(() => {
-      if (!finished) {
-        timedOut = true;
-        childProcess.kill("SIGTERM");
-        setTimeout(() => {
-          if (!finished) {
-            childProcess.kill("SIGKILL");
-          }
-        }, 2e3);
-      }
-    }, timeout * 1e3);
-    if (childProcess.stdout) {
-      childProcess.stdout.on("data", (data) => {
-        if (!stdoutTruncated) {
-          stdout += data.toString();
-          if (stdout.length > MAX_OUTPUT_SIZE) {
-            stdout = stdout.substring(0, MAX_OUTPUT_SIZE) + OUTPUT_TRUNCATION_MESSAGE;
-            stdoutTruncated = true;
-          }
-        }
-      });
-    }
-    if (childProcess.stderr) {
-      childProcess.stderr.on("data", (data) => {
-        if (!stderrTruncated) {
-          stderr += data.toString();
-          if (stderr.length > MAX_OUTPUT_SIZE) {
-            stderr = stderr.substring(0, MAX_OUTPUT_SIZE) + OUTPUT_TRUNCATION_MESSAGE;
-            stderrTruncated = true;
-          }
-        }
-      });
-    }
-    childProcess.on("error", (error) => {
-      if (!finished) {
-        finished = true;
-        clearTimeout(timeoutId);
-        const result = {
-          status: "error",
-          exitCode: null,
-          stdout: stdout.trim(),
-          stderr: `Failed to execute command: ${error.message}`,
-          command,
-          cwd,
-          platform,
-          duration: Date.now() - startTime
-        };
-        resolve(formatResult(result, verbose));
-      }
-    });
-    childProcess.on("close", (code, signal) => {
-      if (!finished) {
-        finished = true;
-        clearTimeout(timeoutId);
-        const result = {
-          status: timedOut ? "timeout" : code === 0 ? "success" : "error",
-          exitCode: code,
-          stdout: stdout.trim(),
-          stderr: timedOut ? `Command timed out after ${timeout} seconds
-${stderr.trim()}` : stderr.trim(),
-          command,
-          cwd,
-          platform,
-          duration: Date.now() - startTime,
-          truncated: stdoutTruncated || stderrTruncated
-        };
-        resolve(formatResult(result, verbose));
-      }
-    });
-  });
-}
-function formatResult(result, verbose) {
-  if (verbose) {
-    return JSON.stringify(result, null, 2);
-  }
-  const output = {
-    status: result.status,
-    exitCode: result.exitCode
-  };
-  if (result.stdout) {
-    output.stdout = result.stdout;
-  }
-  if (result.stderr) {
-    output.stderr = result.stderr;
-  }
-  if (result.status === "timeout") {
-    output.message = `Command exceeded timeout of ${result.duration / 1e3}s`;
-  }
-  if (result.status === "blocked" && result.blockedReason) {
-    output.blockedReason = result.blockedReason;
-  }
-  if (result.truncated) {
-    output.warning = "Output was truncated due to size limits (100KB max per stream)";
-  }
-  return JSON.stringify(output, null, 2);
-}
-
 // src/app/agent/tools/natives/edit.ts
 import path3 from "path";
-import os2 from "os";
+import os from "os";
 import { promises as fs2 } from "fs";
 import { diffLines } from "diff";
 var MAX_DIFF_SIZE = 5e4;
@@ -1572,7 +1333,7 @@ var MAX_FILE_SIZE = 10 * 1024 * 1024;
 function normalizePath(filePath) {
   try {
     filePath = filePath.trim();
-    if (os2.platform() === "win32") {
+    if (os.platform() === "win32") {
       const winDriveRegex = /^\/([a-zA-Z])[:/]/;
       const match = filePath.match(winDriveRegex);
       if (match) {
@@ -2993,23 +2754,42 @@ async function viewFileOutline(args) {
 }
 
 // src/app/agent/tools/natives/async_command.ts
-import os3 from "os";
-import { spawn as spawn2 } from "child_process";
+import os2 from "os";
+import { spawn } from "child_process";
 import { v4 as uuidv42 } from "uuid";
 var runningCommands = /* @__PURE__ */ new Map();
-var MAX_OUTPUT_SIZE2 = 1e5;
+var MAX_OUTPUT_SIZE = 3e4;
 var MAX_STORED_COMMANDS = 50;
-var OUTPUT_TRUNCATION_MSG = "\n[OUTPUT TRUNCATED]";
-var DANGEROUS_PATTERNS2 = [
+var OUTPUT_TRUNCATION_MSG = "\n[OUTPUT TRUNCATED - 30KB/200 lines max]";
+var DANGEROUS_PATTERNS = [
+  // Elevação de privilégios
   /^sudo\s+/i,
   /^doas\s+/i,
   /^su\s+/i,
-  /\|\s*sudo\s+/i
+  /^pkexec\s+/i,
+  /\|\s*sudo\s+/i,
+  /;\s*sudo\s+/i,
+  /&&\s*sudo\s+/i,
+  // Comandos destrutivos
+  /\brm\s+(-[rf]+\s+)*[\/~]/i,
+  /\brm\s+-[rf]*\s+\*/i,
+  /\bchmod\s+(777|666)\s+\//i,
+  /\bdd\s+.*of=\/dev\/(sd|hd|nvme)/i,
+  /\bmkfs\./i,
+  // Fork bombs
+  /:\(\)\s*\{\s*:\|:&\s*\}\s*;:/,
+  // Remote code exec
+  /\bcurl\s+.*\|\s*(ba)?sh/i,
+  /\bwget\s+.*\|\s*(ba)?sh/i
 ];
-var INTERACTIVE_PATTERNS2 = [
-  /^(vim|vi|nano|emacs|less|more)\s*/i,
-  /^(top|htop|btop)\s*/i,
-  /^(mysql|psql|redis-cli|mongo)\s*$/i
+var INTERACTIVE_PATTERNS = [
+  /^(vim|vi|nano|emacs|pico)\s*/i,
+  /^(less|more|most)\s*/i,
+  /^(top|htop|btop|atop|nmon)\s*/i,
+  /^(ssh|telnet|ftp|sftp)\s+/i,
+  /^(mysql|psql|redis-cli|mongo|mongosh)\s*$/i,
+  /^(python|python3|node|ruby|irb|lua)\s*$/i,
+  /^(gdb|lldb)\s*/i
 ];
 function cleanupOldCommands() {
   if (runningCommands.size <= MAX_STORED_COMMANDS) return;
@@ -3021,12 +2801,12 @@ function cleanupOldCommands() {
 }
 function isDangerousCommand(command) {
   const trimmed = command.trim();
-  for (const pattern of DANGEROUS_PATTERNS2) {
+  for (const pattern of DANGEROUS_PATTERNS) {
     if (pattern.test(trimmed)) {
       return "Command requires elevated privileges (sudo/doas) which cannot be handled in async mode";
     }
   }
-  for (const pattern of INTERACTIVE_PATTERNS2) {
+  for (const pattern of INTERACTIVE_PATTERNS) {
     if (pattern.test(trimmed)) {
       return "Interactive commands are not supported in async mode";
     }
@@ -3054,7 +2834,7 @@ async function runCommandAsync(args) {
       };
     }
     const commandId = uuidv42().substring(0, 8);
-    const platform = os3.platform();
+    const platform = os2.platform();
     let shellCmd;
     let shellArgs;
     if (platform === "win32") {
@@ -3074,7 +2854,7 @@ async function runCommandAsync(args) {
       startTime: Date.now(),
       process: null
     };
-    const child = spawn2(shellCmd, shellArgs, {
+    const child = spawn(shellCmd, shellArgs, {
       cwd,
       env: process.env,
       windowsHide: true
@@ -3084,8 +2864,8 @@ async function runCommandAsync(args) {
     child.stdout?.on("data", (data) => {
       if (!stdoutTruncated) {
         entry.stdout += data.toString();
-        if (entry.stdout.length > MAX_OUTPUT_SIZE2) {
-          entry.stdout = entry.stdout.substring(0, MAX_OUTPUT_SIZE2) + OUTPUT_TRUNCATION_MSG;
+        if (entry.stdout.length > MAX_OUTPUT_SIZE) {
+          entry.stdout = entry.stdout.substring(0, MAX_OUTPUT_SIZE) + OUTPUT_TRUNCATION_MSG;
           stdoutTruncated = true;
         }
       }
@@ -3094,8 +2874,8 @@ async function runCommandAsync(args) {
     child.stderr?.on("data", (data) => {
       if (!stderrTruncated) {
         entry.stderr += data.toString();
-        if (entry.stderr.length > MAX_OUTPUT_SIZE2) {
-          entry.stderr = entry.stderr.substring(0, MAX_OUTPUT_SIZE2) + OUTPUT_TRUNCATION_MSG;
+        if (entry.stderr.length > MAX_OUTPUT_SIZE) {
+          entry.stderr = entry.stderr.substring(0, MAX_OUTPUT_SIZE) + OUTPUT_TRUNCATION_MSG;
           stderrTruncated = true;
         }
       }
@@ -3280,12 +3060,12 @@ async function killCommand(args) {
 // src/app/agent/tools/natives/task_boundary.ts
 import path9 from "path";
 import { promises as fs7 } from "fs";
-import os4 from "os";
+import os3 from "os";
 var currentTask = null;
 var artifactsDir = null;
 async function getArtifactsDir() {
   if (artifactsDir) return artifactsDir;
-  const homeDir = os4.homedir();
+  const homeDir = os3.homedir();
   const baseDir = path9.join(homeDir, ".bluma", "artifacts");
   const sessionId2 = Date.now().toString(36) + Math.random().toString(36).substr(2, 5);
   artifactsDir = path9.join(baseDir, sessionId2);
@@ -3640,7 +3420,6 @@ var ToolInvoker = class {
    * Este método mapeia o nome da ferramenta (string) para a função TypeScript que a executa.
    */
   registerTools() {
-    this.toolImplementations.set("shell_command", shellCommand);
     this.toolImplementations.set("edit_tool", editTool);
     this.toolImplementations.set("ls_tool", ls);
     this.toolImplementations.set("count_file_lines", countLines);
@@ -3648,7 +3427,7 @@ var ToolInvoker = class {
     this.toolImplementations.set("find_by_name", findByName);
     this.toolImplementations.set("grep_search", grepSearch);
     this.toolImplementations.set("view_file_outline", viewFileOutline);
-    this.toolImplementations.set("run_command_async", runCommandAsync);
+    this.toolImplementations.set("shell_command", runCommandAsync);
     this.toolImplementations.set("command_status", commandStatus);
     this.toolImplementations.set("send_command_input", sendCommandInput);
     this.toolImplementations.set("kill_command", killCommand);
@@ -3690,7 +3469,7 @@ var ToolInvoker = class {
 // src/app/agent/tools/mcp/mcp_client.ts
 import { promises as fs9 } from "fs";
 import path11 from "path";
-import os5 from "os";
+import os4 from "os";
 import { fileURLToPath as fileURLToPath2 } from "url";
 import { Client } from "@modelcontextprotocol/sdk/client/index.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
@@ -3719,7 +3498,7 @@ var MCPClient = class {
     const __filename = fileURLToPath2(import.meta.url);
     const __dirname = path11.dirname(__filename);
     const defaultConfigPath = path11.resolve(__dirname, "config", "bluma-mcp.json");
-    const userConfigPath = path11.join(os5.homedir(), ".bluma-cli", "bluma-mcp.json");
+    const userConfigPath = path11.join(os4.homedir(), ".bluma-cli", "bluma-mcp.json");
     const defaultConfig = await this.loadMcpConfig(defaultConfigPath, "Default");
     const userConfig = await this.loadMcpConfig(userConfigPath, "User");
     const mergedConfig = {
@@ -3772,7 +3551,7 @@ var MCPClient = class {
   async connectToStdioServer(serverName, config2) {
     let commandToExecute = config2.command;
     let argsToExecute = config2.args || [];
-    const isWindows = os5.platform() === "win32";
+    const isWindows = os4.platform() === "win32";
     if (!isWindows && commandToExecute.toLowerCase() === "cmd") {
       if (argsToExecute.length >= 2 && argsToExecute[0].toLowerCase() === "/c") {
         commandToExecute = argsToExecute[1];
@@ -3892,7 +3671,7 @@ import path14 from "path";
 
 // src/app/agent/session_manager/session_manager.ts
 import path12 from "path";
-import os6 from "os";
+import os5 from "os";
 import { promises as fs10 } from "fs";
 var fileLocks = /* @__PURE__ */ new Map();
 async function withFileLock(file, fn) {
@@ -3908,15 +3687,32 @@ async function withFileLock(file, fn) {
     if (fileLocks.get(file) === p) fileLocks.delete(file);
   }
 }
+var pendingSaves = /* @__PURE__ */ new Map();
+var DEBOUNCE_DELAY_MS = 100;
+function debouncedSave(sessionFile, history) {
+  const existing = pendingSaves.get(sessionFile);
+  if (existing) {
+    clearTimeout(existing.timer);
+  }
+  const timer = setTimeout(async () => {
+    pendingSaves.delete(sessionFile);
+    try {
+      await doSaveSessionHistory(sessionFile, history);
+    } catch (e) {
+      console.warn(`Debounced save failed for ${sessionFile}: ${e.message}`);
+    }
+  }, DEBOUNCE_DELAY_MS);
+  pendingSaves.set(sessionFile, { history: [...history], timer });
+}
 function expandHome(p) {
   if (!p) return p;
   if (p.startsWith("~")) {
-    return path12.join(os6.homedir(), p.slice(1));
+    return path12.join(os5.homedir(), p.slice(1));
   }
   return p;
 }
 function getPreferredAppDir() {
-  const fixed = path12.join(os6.homedir(), ".bluma-cli");
+  const fixed = path12.join(os5.homedir(), ".bluma-cli");
   return path12.resolve(expandHome(fixed));
 }
 async function safeRenameWithRetry(src, dest, maxRetries = 6) {
@@ -3925,25 +3721,36 @@ async function safeRenameWithRetry(src, dest, maxRetries = 6) {
   const isWin = process.platform === "win32";
   while (attempt <= maxRetries) {
     try {
+      const dir = path12.dirname(dest);
+      await fs10.mkdir(dir, { recursive: true }).catch(() => {
+      });
       await fs10.rename(src, dest);
       return;
     } catch (e) {
       lastErr = e;
       const code = e && e.code || "";
-      const transient = code === "EPERM" || code === "EBUSY" || code === "ENOTEMPTY" || code === "EACCES";
-      if (!(isWin && transient) || attempt === maxRetries) break;
+      const transient = code === "EPERM" || code === "EBUSY" || code === "ENOTEMPTY" || code === "EACCES" || code === "ENOENT";
+      if (!transient || attempt === maxRetries) break;
       const backoff = Math.min(1e3, 50 * Math.pow(2, attempt));
       await new Promise((r) => setTimeout(r, backoff));
       attempt++;
     }
   }
   try {
+    await fs10.access(src);
     const data = await fs10.readFile(src);
+    const dir = path12.dirname(dest);
+    await fs10.mkdir(dir, { recursive: true }).catch(() => {
+    });
     await fs10.writeFile(dest, data);
     await fs10.unlink(src).catch(() => {
     });
     return;
   } catch (fallbackErr) {
+    if (fallbackErr?.code === "ENOENT") {
+      console.warn(`Session temp file disappeared: ${src}`);
+      return;
+    }
     throw lastErr || fallbackErr;
   }
 }
@@ -3971,7 +3778,7 @@ async function loadOrcreateSession(sessionId2) {
     return [sessionFile, [], []];
   }
 }
-async function saveSessionHistory(sessionFile, history) {
+async function doSaveSessionHistory(sessionFile, history) {
   await withFileLock(sessionFile, async () => {
     let sessionData;
     try {
@@ -4021,9 +3828,12 @@ async function saveSessionHistory(sessionFile, history) {
     }
   });
 }
+async function saveSessionHistory(sessionFile, history) {
+  debouncedSave(sessionFile, history);
+}
 
 // src/app/agent/core/prompt/prompt_builder.ts
-import os7 from "os";
+import os6 from "os";
 import fs11 from "fs";
 import path13 from "path";
 import { execSync } from "child_process";
@@ -4218,12 +4028,6 @@ You are a **teammate who writes tests**, not an assistant who skips them.
 - **For edit_tool**: Provide exact content with correct whitespace (read first!)
 - **Check file exists** before attempting edits
 
-### Shell Commands:
-- **NEVER use sudo** - Commands requiring sudo will be blocked
-- **Long commands**: Set appropriate timeout (default 300s)
-- **Interactive commands** (vim, less, ssh) are blocked - use alternatives
-- **Large outputs** will be truncated at 100KB
-
 ### Safe Auto-Approved Tools (no confirmation needed):
 - message_notify_user
 - ls_tool
@@ -4239,6 +4043,97 @@ You are a **teammate who writes tests**, not an assistant who skips them.
 
 ---
 
+<shell_command>
+## Shell Command System (CRITICAL TO UNDERSTAND)
+
+The \`shell_command\` tool runs commands in **background** and returns a \`command_id\`.
+You MUST use \`command_status\` to get the output.
+
+### Workflow:
+\`\`\`
+1. shell_command({ command: "npm install" })
+   \u2192 Returns: { success: true, command_id: "abc123" }
+
+2. command_status({ command_id: "abc123", wait_seconds: 60 })
+   \u2192 Returns: { status: "completed", stdout: "...", exit_code: 0 }
+\`\`\`
+
+### Security Rules (BLOCKED COMMANDS):
+- [BLOCKED] \`sudo\`, \`doas\`, \`su\`, \`pkexec\` - Elevation blocked
+- [BLOCKED] \`rm -rf /\`, \`rm -rf *\`, \`rm -rf ~\` - Destructive
+- [BLOCKED] \`chmod 777 /\`, \`chmod 666 /\` - Insecure permissions
+- [BLOCKED] \`curl ... | bash\`, \`wget ... | sh\` - Remote code execution
+- [BLOCKED] \`vim\`, \`nano\`, \`less\`, \`ssh\`, \`mysql\` - Interactive prompts
+- [BLOCKED] Fork bombs, \`dd\` to disk, \`mkfs.*\` - System destruction
+
+### Output Limits:
+- Maximum 30KB or 200 lines per output
+- Long outputs are truncated (head + tail shown)
+- For large outputs, use: \`command | head -n 50\` or redirect to file
+
+### Examples:
+
+**[OK] Install dependencies:**
+\`\`\`
+[Step 1] shell_command({ command: "npm install", cwd: "/project" })
+\u2192 { command_id: "cmd_001" }
+
+[Step 2] command_status({ command_id: "cmd_001", wait_seconds: 120 })
+\u2192 { status: "completed", exit_code: 0, stdout: "added 150 packages..." }
+
+[Step 3] message_notify_user("Dependencies installed successfully.")
+\`\`\`
+
+**[OK] Run tests:**
+\`\`\`
+[Step 1] shell_command({ command: "npm test" })
+\u2192 { command_id: "cmd_002" }
+
+[Step 2] command_status({ command_id: "cmd_002", wait_seconds: 60 })
+\u2192 { status: "completed", exit_code: 0, stdout: "47 tests passed" }
+\`\`\`
+
+**[OK] Quick command (git status):**
+\`\`\`
+[Step 1] shell_command({ command: "git status --short" })
+\u2192 { command_id: "cmd_003" }
+
+[Step 2] command_status({ command_id: "cmd_003", wait_seconds: 5 })
+\u2192 { status: "completed", stdout: "M src/index.ts\\nA src/utils.ts" }
+\`\`\`
+
+**[OK] Long build with timeout:**
+\`\`\`
+[Step 1] shell_command({ command: "docker build -t myapp .", timeout: 600 })
+\u2192 { command_id: "cmd_004" }
+
+[Step 2] command_status({ command_id: "cmd_004", wait_seconds: 300 })
+\u2192 { status: "completed", exit_code: 0, truncated: true, stdout: "..." }
+\`\`\`
+
+**[WRONG] Never forget command_status:**
+\`\`\`
+shell_command({ command: "npm install" })
+message_notify_user("Installed!") // WRONG: You don't know if it succeeded!
+\`\`\`
+
+**[WRONG] Never use blocked commands:**
+\`\`\`
+shell_command({ command: "sudo apt install ..." }) // BLOCKED
+shell_command({ command: "rm -rf /" })             // BLOCKED
+shell_command({ command: "vim file.txt" })         // BLOCKED (interactive)
+\`\`\`
+
+### Tips:
+- Always check \`exit_code\` - 0 means success, non-zero is error
+- If \`status: "running"\`, call command_status again with longer wait
+- If \`truncated: true\`, the output was too long - use \`| head\` or \`| tail\`
+- Use \`send_command_input\` for commands that need input (y/n prompts)
+- Use \`kill_command\` to stop a stuck command
+</shell_command>
+
+---
+
 <communication_style>
 ## How You Communicate
 
@@ -4330,12 +4225,12 @@ Let's build something great, {username}.
 function getUnifiedSystemPrompt() {
   const cwd = process.cwd();
   const env = {
-    os_type: os7.type(),
-    os_version: os7.release(),
-    architecture: os7.arch(),
+    os_type: os6.type(),
+    os_version: os6.release(),
+    architecture: os6.arch(),
     workdir: cwd,
     shell_type: process.env.SHELL || process.env.COMSPEC || "unknown",
-    username: os7.userInfo().username,
+    username: os6.userInfo().username,
     current_date: (/* @__PURE__ */ new Date()).toISOString().split("T")[0],
     timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
     is_git_repo: isGitRepo(cwd) ? "yes" : "no",
@@ -4721,7 +4616,7 @@ function getSubAgentByCommand(cmd) {
 }
 
 // src/app/agent/subagents/init/init_system_prompt.ts
-import os8 from "os";
+import os7 from "os";
 var SYSTEM_PROMPT2 = `
 
 ### YOU ARE BluMa CLI \u2014 INIT SUBAGENT \u2014 AUTONOMOUS SENIOR SOFTWARE ENGINEER @ NOMADENGENUITY
@@ -4884,12 +4779,12 @@ Rule Summary:
 function getInitPrompt() {
   const now = /* @__PURE__ */ new Date();
   const collectedData = {
-    os_type: os8.type(),
-    os_version: os8.release(),
-    architecture: os8.arch(),
+    os_type: os7.type(),
+    os_version: os7.release(),
+    architecture: os7.arch(),
     workdir: process.cwd(),
     shell_type: process.env.SHELL || process.env.COMSPEC || "Unknown",
-    username: os8.userInfo().username || "Unknown",
+    username: os7.userInfo().username || "Unknown",
     current_date: now.toISOString().split("T")[0],
     // Formato YYYY-MM-DD
     timezone: Intl.DateTimeFormat().resolvedOptions().timeZone || "Unknown",
@@ -5142,7 +5037,7 @@ var SubAgentsBluMa = class {
 };
 
 // src/app/agent/agent.ts
-var globalEnvPath = path15.join(os9.homedir(), ".bluma-cli", ".env");
+var globalEnvPath = path15.join(os8.homedir(), ".bluma-cli", ".env");
 dotenv.config({ path: globalEnvPath });
 var Agent = class {
   sessionId;
@@ -5520,18 +5415,6 @@ var renderViewFileOutline = ({ args }) => {
     ] })
   ] });
 };
-var renderRunCommandAsync = ({ args }) => {
-  const parsed = parseArgs(args);
-  const command = parsed.command || "[no command]";
-  return /* @__PURE__ */ jsxs8(Box8, { paddingX: 1, children: [
-    /* @__PURE__ */ jsx8(Text8, { color: "white", bold: true, children: "async" }),
-    /* @__PURE__ */ jsx8(Text8, { color: "white", bold: true, children: " $" }),
-    /* @__PURE__ */ jsxs8(Text8, { children: [
-      " ",
-      truncate(command, 50)
-    ] })
-  ] });
-};
 var renderCommandStatus = ({ args }) => {
   const parsed = parseArgs(args);
   const id = parsed.command_id || "[no id]";
@@ -5607,7 +5490,6 @@ var ToolRenderDisplay = {
   find_by_name: renderFindByName,
   grep_search: renderGrepSearch,
   view_file_outline: renderViewFileOutline,
-  run_command_async: renderRunCommandAsync,
   command_status: renderCommandStatus,
   task_boundary: renderTaskBoundary,
   search_web: renderSearchWeb
@@ -5837,10 +5719,20 @@ var ToolResultDisplayComponent = ({ toolName, result }) => {
       ] })
     ] });
   }
-  if ((toolName.includes("shell_command") || toolName.includes("run_command")) && parsed) {
+  if ((toolName.includes("shell_command") || toolName.includes("run_command") || toolName.includes("command_status")) && parsed) {
     const output = parsed.stdout || parsed.output || "";
     const stderr = parsed.stderr || "";
     const exitCode = parsed.exit_code ?? parsed.exitCode ?? 0;
+    const status = parsed.status || "";
+    if (parsed.command_id && !output && !stderr && !status) {
+      return /* @__PURE__ */ jsx11(Box11, { paddingLeft: 3, children: /* @__PURE__ */ jsxs10(Text10, { dimColor: true, children: [
+        "started #",
+        parsed.command_id.slice(0, 8)
+      ] }) });
+    }
+    if (status === "running") {
+      return /* @__PURE__ */ jsx11(Box11, { paddingLeft: 3, children: /* @__PURE__ */ jsx11(Text10, { dimColor: true, color: "yellow", children: "still running..." }) });
+    }
     if (!output && !stderr) return null;
     const { lines, truncated } = truncateLines(output || stderr, MAX_LINES);
     const isError = exitCode !== 0 || stderr;
@@ -5850,6 +5742,10 @@ var ToolResultDisplayComponent = ({ toolName, result }) => {
         "... +",
         truncated,
         " lines"
+      ] }),
+      exitCode !== 0 && /* @__PURE__ */ jsxs10(Text10, { dimColor: true, color: "red", children: [
+        "exit code: ",
+        exitCode
       ] })
     ] });
   }

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@nomad-e/bluma-cli",
-	"version": "0.0.106",
+	"version": "0.0.107",
 	"description": "BluMa independent agent for automation and advanced software engineering.",
 	"author": "Alex Fonseca",
 	"license": "Apache-2.0",