@phi-code-admin/phi-code 0.76.7 → 0.76.8

package/extensions/phi/models.ts

@@ -15,7 +15,7 @@
  * it appear everywhere without restarting Phi Code.
  */
 
-import { ApiKeyStore, type ExtensionAPI, getApiKeyStore } from "phi-code";
+import { ApiKeyStore, type ConfigWatcher, type ExtensionAPI, getApiKeyStore, getConfigWatcher } from "phi-code";
 import { fetchLiveModels, peekCache, resetLiveModelsCache, toPersistedModel } from "./providers/live-models.js";
 
 const PROVIDER_DISPLAY: Record<string, string> = {
@@ -44,6 +44,7 @@ interface RefreshOutcome {
 
 async function refreshOne(
 	store: ApiKeyStore,
+	watcher: ConfigWatcher,
 	providerId: string,
 ): Promise<RefreshOutcome> {
 	const stored = store.getProvider(providerId);
@@ -96,6 +97,11 @@ async function refreshOne(
 		return { provider: providerId, source: "skipped", count: 0, error: "unknown baseUrl" };
 	}
 
+	// Mute the config watcher so it does not echo this programmatic write back
+	// as a models_json_changed event (which would trigger a spurious reload +
+	// "Keys reloaded" notification). Mute per-write because refresh loops can
+	// exceed the ignore window between providers (cf. keys.ts).
+	watcher.muteForWrite("models_json_changed");
 	store.setKey(providerId, stored?.apiKey ?? "local", {
 		baseUrl,
 		api: stored?.api,
@@ -107,6 +113,7 @@ async function refreshOne(
 
 export default function modelsExtension(pi: ExtensionAPI) {
 	const store = getApiKeyStore();
+	const watcher = getConfigWatcher();
 
 	pi.registerCommand("models", {
 		description: "List or refresh the live model catalog (use `/models refresh` after a provider adds a new model)",
@@ -183,7 +190,7 @@ export default function modelsExtension(pi: ExtensionAPI) {
 		void (async () => {
 			let changed = 0;
 			for (const id of providers) {
-				const outcome = await refreshOne(store, id).catch(() => undefined);
+				const outcome = await refreshOne(store, watcher, id).catch(() => undefined);
 				if (outcome && outcome.source === "live" && outcome.count > 0) changed++;
 			}
 			if (changed > 0) {
@@ -214,7 +221,7 @@ export default function modelsExtension(pi: ExtensionAPI) {
 
 		const outcomes: RefreshOutcome[] = [];
 		for (const id of providers) {
-			const outcome = await refreshOne(store, id).catch((err) => ({
+			const outcome = await refreshOne(store, watcher, id).catch((err) => ({
 				provider: id,
 				source: "skipped" as const,
 				count: 0,

package/extensions/phi/orchestrator.ts

@@ -750,9 +750,9 @@ Tag the note with relevant keywords for vector search.
 			const content = typeof msg.content === 'string' ? msg.content : JSON.stringify(msg.content || '');
 			return content.includes('401') && (content.includes('invalid access token') || content.includes('token expired') || content.includes('Unauthorized'));
 		});
-		if (hasAuthError || (toolCallCount === 0 && messages.length > 0)) {
-			const errorMsg = hasAuthError ? 'API authentication error (401)' : 'Phase produced 0 tool calls — possible API or model error';
-			ctx.ui.notify(`\n❌ **Orchestrator aborted:** ${errorMsg}\nCheck your API key and model configuration.`, "error");
+		// Only a genuine auth failure (401) is fatal — abort the whole workflow.
+		if (hasAuthError) {
+			ctx.ui.notify(`\n❌ **Orchestrator aborted:** API authentication error (401)\nCheck your API key and model configuration.`, "error");
 			setOrchestrationActive(false);
 			phasePending = false;
 			deactivateAgent();
@@ -760,6 +760,16 @@ Tag the note with relevant keywords for vector search.
 			return;
 		}
 
+		// A phase that made 0 tool calls is NOT fatal: a model may legitimately
+		// answer with text only (e.g. an inline plan). Warn and continue rather
+		// than killing phases 2-5, mirroring the graceful phase-timeout path.
+		if (toolCallCount === 0 && messages.length > 0) {
+			ctx.ui.notify(`\n⚠️ **Phase made 0 tool calls** — it may have responded with text only. Continuing to the next phase.`, "warning");
+			if (phaseQueue.length > 0) {
+				phaseQueue[0].instruction += `\n\n**Note:** The previous phase made 0 tool calls and may have responded with text only. Make sure you actually call the required tools.`;
+			}
+		}
+
 		// Build the summary
 		const summaryParts: string[] = [];
 		summaryParts.push(`Tool calls: ${toolCallCount}`);

package/extensions/phi/web-search.ts

@@ -10,6 +10,8 @@
  * Optional: set BRAVE_API_KEY for Brave Search as extra fallback.
  */
 
+import { lookup } from "node:dns/promises";
+import { isIP } from "node:net";
 import { Type } from "@sinclair/typebox";
 import type { ExtensionAPI } from "phi-code";
 
@@ -342,15 +344,82 @@ export default function webSearchExtension(pi: ExtensionAPI) {
 		}
 	}
 
+	// ─── Garde SSRF ──────────────────────────────────────────────────────────
+	// Bloque les IP privees / loopback / link-local / metadata cloud pour que le
+	// tool fetch_url (URL choisie par le LLM, parfois issue de contenu non fiable)
+	// ne puisse pas atteindre localhost, le reseau interne ou 169.254.169.254.
+	function isBlockedIp(ip: string): boolean {
+		const family = isIP(ip);
+		if (family === 4) {
+			const o = ip.split(".").map(Number);
+			if (o[0] === 127 || o[0] === 10 || o[0] === 0) return true; // loopback / 10/8 / 0/8
+			if (o[0] === 172 && o[1] >= 16 && o[1] <= 31) return true; // 172.16/12
+			if (o[0] === 192 && o[1] === 168) return true; // 192.168/16
+			if (o[0] === 169 && o[1] === 254) return true; // link-local + metadata cloud
+			if (o[0] === 100 && o[1] >= 64 && o[1] <= 127) return true; // CGNAT 100.64/10
+			return false;
+		}
+		if (family === 6) {
+			const a = ip.toLowerCase();
+			if (a === "::1" || a === "::") return true; // loopback / unspecified
+			if (a.startsWith("::ffff:")) return isBlockedIp(a.slice(7)); // IPv4-mapped
+			if (a.startsWith("fc") || a.startsWith("fd")) return true; // fc00::/7 ULA
+			if (a.startsWith("fe80") || a.startsWith("fe9") || a.startsWith("fea") || a.startsWith("feb")) return true; // link-local
+			return false;
+		}
+		return false;
+	}
+
+	async function assertPublicUrl(rawUrl: string): Promise<void> {
+		let u: URL;
+		try {
+			u = new URL(rawUrl);
+		} catch {
+			throw new Error(`URL invalide: ${rawUrl}`);
+		}
+		if (u.protocol !== "http:" && u.protocol !== "https:") {
+			throw new Error(`Schema d'URL non autorise (${u.protocol}); seuls http et https sont permis`);
+		}
+		const host = u.hostname.replace(/^\[|\]$/g, "").toLowerCase();
+		if (host === "localhost" || host.endsWith(".localhost") || host.endsWith(".internal") || host.endsWith(".local")) {
+			throw new Error(`Hote interne bloque (SSRF): ${host}`);
+		}
+		if (isIP(host)) {
+			if (isBlockedIp(host)) throw new Error(`Adresse IP interne bloquee (SSRF): ${host}`);
+			return;
+		}
+		// Resout l'hote et rejette si une IP resolue est interne. Note: ne protege
+		// pas a 100% du DNS-rebinding (le fetch resout de nouveau), mais bloque les
+		// cas usuels (metadata cloud, localhost, RFC1918) fournis par le LLM.
+		const addrs = await lookup(host, { all: true });
+		for (const a of addrs) {
+			if (isBlockedIp(a.address)) {
+				throw new Error(`Hote resolvant vers une IP interne bloquee (SSRF): ${host} -> ${a.address}`);
+			}
+		}
+	}
+
 	async function fetchUrl(url: string, maxLength: number = 8000): Promise<string> {
-		const response = await fetch(url, {
-			headers: {
-				"User-Agent": randomUA(),
-				"Accept": "text/html,application/xhtml+xml,text/plain,application/json",
-			},
-			signal: AbortSignal.timeout(HTTP_TIMEOUT),
-		});
+		// Valide l'URL initiale ET chaque saut de redirection (redirect manuel),
+		// sinon une redirection 30x vers une cible interne contournerait la garde.
+		let currentUrl = url;
+		let response: Response | undefined;
+		for (let hop = 0; hop < 6; hop++) {
+			await assertPublicUrl(currentUrl);
+			response = await fetch(currentUrl, {
+				headers: {
+					"User-Agent": randomUA(),
+					"Accept": "text/html,application/xhtml+xml,text/plain,application/json",
+				},
+				redirect: "manual",
+				signal: AbortSignal.timeout(HTTP_TIMEOUT),
+			});
+			const location = response.status >= 300 && response.status < 400 ? response.headers.get("location") : null;
+			if (!location) break;
+			currentUrl = new URL(location, currentUrl).toString();
+		}
 
+		if (!response) throw new Error("Aucune reponse HTTP");
 		if (!response.ok) throw new Error(`HTTP ${response.status} ${response.statusText}`);
 
 		const contentType = response.headers.get("content-type") || "";

package/package.json

@@ -1,6 +1,6 @@
 {
 	"name": "@phi-code-admin/phi-code",
-	"version": "0.76.7",
+	"version": "0.76.8",
 	"description": "Coding agent CLI with persistent memory, sub-agents, intelligent routing, and orchestration",
 	"type": "module",
 	"piConfig": {
@@ -38,7 +38,7 @@
 		"clean": "shx rm -rf dist",
 		"dev": "tsgo -p tsconfig.build.json --watch --preserveWatchOutput",
 		"build": "tsgo -p tsconfig.build.json && shx chmod +x dist/cli.js && npm run copy-assets",
-		"build:binary": "npm --prefix ../tui run build && npm --prefix ../ai run build && npm --prefix ../agent run build && npm run build && bun build --compile ./dist/cli.js --outfile dist/pi && npm run copy-binary-assets",
+		"build:binary": "npm --prefix ../tui run build && npm --prefix ../ai run build && npm --prefix ../agent run build && npm run build && bun build --compile --external koffi ./dist/bun/cli.js --outfile dist/pi && npm run copy-binary-assets",
 		"copy-assets": "shx mkdir -p dist/modes/interactive/theme dist/core/export-html/vendor dist/core && shx cp src/modes/interactive/theme/*.json dist/modes/interactive/theme/ && shx cp src/core/default-models.json dist/core/ && shx cp src/core/export-html/template.html src/core/export-html/template.css src/core/export-html/template.js dist/core/export-html/ && shx cp src/core/export-html/vendor/*.js dist/core/export-html/vendor/",
 		"copy-binary-assets": "shx cp package.json dist/ && shx cp README.md dist/ && shx cp CHANGELOG.md dist/ && shx mkdir -p dist/theme && shx cp src/modes/interactive/theme/*.json dist/theme/ && shx mkdir -p dist/assets && shx cp -r src/modes/interactive/assets dist/ 2>/dev/null || true && shx mkdir -p dist/export-html/vendor && shx cp src/core/export-html/template.html dist/export-html/ && shx cp src/core/export-html/vendor/*.js dist/export-html/vendor/ && shx cp -r docs dist/ && shx cp -r examples dist/ && shx cp ../../node_modules/@silvia-odwyer/photon-node/photon_rs_bg.wasm dist/",
 		"test": "vitest --run",

package/scripts/postinstall.cjs

@@ -10,6 +10,12 @@ const { homedir } = require("os");
 const agentDir = join(homedir(), ".phi", "agent");
 const packageDir = __dirname.replace(/[\\/]scripts$/, "");
 
+// Opt-out / CI guard: skip the home-directory scaffolding under CI or sandbox
+// installs (and when explicitly disabled) to avoid polluting ~/.phi there.
+if (process.env.PHI_SKIP_POSTINSTALL || process.env.CI) {
+	process.exit(0);
+}
+
 // 1. Copy extensions, agents, skills
 const copies = [
   { src: "extensions/phi", dest: join(agentDir, "extensions"), label: "extensions" },
@@ -23,13 +29,23 @@ for (const { src, dest, label } of copies) {
   mkdirSync(dest, { recursive: true });
   const files = readdirSync(srcDir);
   let copied = 0;
+  const failures = [];
   for (const file of files) {
     try {
       cpSync(join(srcDir, file), join(dest, file), { recursive: true, force: true });
       copied++;
-    } catch (e) { /* skip */ }
+    } catch (e) {
+      failures.push({ file, err: e && e.message ? e.message : String(e) });
+    }
   }
   if (copied > 0) console.log(`  Φ Installed ${copied} ${label} to ${dest}`);
+  // Surface failures without re-throwing (must not fail the npm install).
+  if (failures.length > 0) {
+    console.warn(`  ⚠ ${failures.length} ${label} failed to install (run with PHI_POSTINSTALL_DEBUG=1 for details)`);
+    if (process.env.PHI_POSTINSTALL_DEBUG) {
+      for (const f of failures) console.warn(`    - ${f.file}: ${f.err}`);
+    }
+  }
 }
 
 // 2. Make sigma packages resolvable from ~/.phi/agent/extensions/