@qodercn-ai/qoderclicn 0.1.0

package/LICENSE

@@ -0,0 +1,202 @@
+
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright [yyyy] [name of copyright owner]
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.

package/README.md

@@ -0,0 +1,153 @@
+# Qoder CLI
+
+Qoder CLI 是Qoder品牌下的 CLI
+AI 编程助手，将强大的 AI 编程能力直接带入你的终端。
+
+## 🚀 Why Qoder CLI?
+
+- **🧠 强大的 AI 模型** — 支持多种大语言模型，百万级 token 上下文窗口
+- **🔧 内置工具** — 文件操作、Shell 命令执行、Web 搜索、代码搜索
+- **🔌 可扩展** — 支持 MCP (Model Context Protocol) 协议，轻松接入自定义工具
+- **💻 终端优先** — 为命令行开发者设计，高效交互
+
+## 📦 安装
+
+**需要 Node.js >= 20.0.0**
+
+全局安装：
+
+```sh
+npm install -g @qoder-ai/qodercli
+```
+
+## 📋 发布渠道
+
+### Stable（稳定版）
+
+```sh
+npm install -g @qoder-ai/qodercli@latest
+```
+
+### Node原生兼容版（beta）
+
+```sh
+npm install -g @qoder-ai/qodercli@beta
+```
+
+## 🚀 快速开始
+
+### 基本用法
+
+在当前目录启动交互式会话：
+
+```sh
+qodercli
+```
+
+指定模型：
+
+```sh
+qodercli -m <model-name>
+```
+
+非交互模式（适合脚本调用）：
+
+```sh
+qodercli -p "解释这个代码仓库的架构"
+```
+
+### 使用示例
+
+**分析现有代码：**
+
+```sh
+cd your-project/
+qodercli
+> 给我总结一下昨天的所有代码变更
+```
+
+**生成代码：**
+
+```sh
+qodercli
+> 帮我写一个 Express 中间件，实现请求频率限制
+```
+
+**调试问题：**
+
+```sh
+qodercli
+> 这个测试为什么会失败？帮我修复它
+```
+
+## 📋 核心功能
+
+### 代码理解与生成
+
+- 查询和编辑大型代码库
+- 支持多模态输入（图片、PDF 等）生成代码
+- 自然语言调试
+
+### 自动化与集成
+
+- 自动化 Git 操作、PR 处理等任务
+- 通过 MCP 服务器扩展能力
+- 支持非交互模式在脚本中运行
+
+### 高级能力
+
+- Web 搜索获取实时信息
+- 会话检查点（保存/恢复对话）
+- 自定义上下文文件，定制项目行为
+
+## 🔐 认证配置
+
+Qoder CLI 使用自有认证体系，支持以下认证方式：
+
+### 方式一：浏览器登录（推荐）
+
+```sh
+qodercli
+# 首次运行自动打开浏览器引导登录
+```
+
+或显式执行登录命令：
+
+```sh
+qodercli login
+```
+
+后台每 30 分钟自动刷新 token，无需手动干预
+
+> 如果环境不支持自动打开浏览器，设置 `NO_BROWSER=1`
+> 后 CLI 会打印 URL 供手动访问。
+
+### 方式二：Personal Access Token (PAT)
+
+适用于 CI/CD 流水线或无浏览器环境：
+
+```sh
+export QODER_PERSONAL_ACCESS_TOKEN="your-pat-token"
+qodercli
+```
+
+PAT 可在 Qoder 账号设置页 (`https://qoder.com/account/integrations`) 创建和管理。
+
+### 认证相关环境变量
+
+| 环境变量                      | 说明                              |
+| ----------------------------- | --------------------------------- |
+| `QODER_PERSONAL_ACCESS_TOKEN` | PAT 令牌，设置后自动使用 PAT 认证 |
+| `QODER_CONFIG_DIR`            | 自定义配置目录（默认 `~/.qoder`） |
+| `NO_BROWSER`                  | 设置后禁止自动打开浏览器          |
+
+### 会话内命令
+
+| 命令                    | 说明               |
+| ----------------------- | ------------------ |
+| `/login` 或 `/signin`   | 在会话中执行登录   |
+| `/logout` 或 `/signout` | 退出登录（需确认） |
+
+## 🔌 MCP 扩展
+
+在配置文件中添加 MCP 服务器，扩展 CLI 的能力

package/bundle/builtin/agent-creator/SKILL.md

@@ -0,0 +1,327 @@
+---
+name: agent-creator
+description:
+  Guide for creating custom agents. Use when users want to create a new agent
+  that runs in an isolated context with custom system prompts and
+  specific tool access.
+allowed-tools: Edit, Write
+---
+
+# Creating Custom Agents for Qoder CLI
+
+This skill guides you through creating custom agents. Agents are
+specialized AI assistants that run in isolated contexts with custom system
+prompts, specific tool access, and independent permissions.
+
+## When to Use Agents
+
+Use agents when you need:
+
+- **Context isolation** for long research or exploration tasks
+- **Parallel execution** of multiple independent workstreams
+- **Specialized expertise** with custom prompts for specific domains
+- **Reusable configurations** across projects
+
+**When NOT to use agents:**
+
+- Simple, single-purpose tasks (use skills instead)
+- Tasks requiring frequent back-and-forth with the user
+- Quick, targeted changes
+
+## Agent Locations
+
+| Location                         | Scope             | Priority |
+| -------------------------------- | ----------------- | -------- |
+| `<project>/${QODER_CONFIG_DIR}/agents/` | Current project   | Higher   |
+| `~/${QODER_CONFIG_DIR}/agents/`         | All your projects | Lower    |
+
+**Project agents** (`${QODER_CONFIG_DIR}/agents/`): Ideal for codebase-specific
+agents. Check into version control to share with your team.
+
+**User agents** (`~/${QODER_CONFIG_DIR}/agents/`): Personal agents available across
+all your projects.
+
+## Agent File Format
+
+Each agent is a Markdown file with YAML frontmatter:
+
+```markdown
+---
+name: agent-name
+description: When to use this agent. Be specific!
+---
+
+You are a [role]. When invoked:
+
+1. [First step]
+2. [Second step]
+3. [Output format]
+```
+
+### Required Fields
+
+| Field         | Description                                                                |
+| ------------- | -------------------------------------------------------------------------- |
+| `name`        | Unique identifier (lowercase letters and hyphens only)                     |
+| `description` | When to delegate to this agent (be specific). Including trigger scenarios. |
+
+## Writing Effective Descriptions
+
+The description is **critical**. Include "use proactively" to encourage
+automatic delegation - Qoder CLI uses it to decide when to delegate.
+
+```yaml
+# Bad - Too vague
+description: Helps with code
+
+# Good - Specific and actionable
+description: Expert code review specialist. Proactively reviews code for quality, security, and maintainability. Use immediately after writing or modifying code.
+```
+
+### Optional Fields
+
+| Field            | Description                                                                         |
+| ---------------- | ----------------------------------------------------------------------------------- |
+| `tools`          | Tools the agent can use (string or array)                                           |
+| `disallowedTools`| Tools to explicitly deny (string or array)                                          |
+| `model`          | Model to use: `inherit` (default), `sonnet`, `opus`, `haiku`                        |
+| `color`          | Display color: `red`, `blue`, `green`, `yellow`, `purple`, `orange`, `pink`, `cyan` |
+| `displayName`    | Human-friendly display name                                                         |
+| `maxTurns`       | Maximum conversation turns (positive integer)                                       |
+| `timeoutMins`    | Timeout in minutes (positive integer)                                               |
+| `effort`         | Thinking effort: `low`, `medium`, `high`, `max`                                     |
+| `skills`         | Skills the agent can use (string or array)                                          |
+
+#### Tools
+
+Specify which tools the agent has access to. This limits the agent's
+capabilities for security and focus.
+
+```yaml
+# Read-only access
+tools: Read, Grep, Glob
+
+# Full development access
+tools: Bash, Read, Write, Edit, Glob, Grep
+
+# Web research capabilities
+tools: Read, WebSearch, WebFetch
+```
+
+**Available Tools:**
+
+- `Bash` - Execute shell commands
+- `Read` - Read file contents
+- `Write` - Create new files
+- `Edit` - Modify existing files
+- `Glob` - Find files by pattern
+- `Grep` - Search file contents
+- `WebSearch` - Search the web
+- `WebFetch` - Fetch web page content
+
+If not specified, the agent inherits default tool access.
+
+## Agent Creation Workflow
+
+### Step 1: Decide the Scope
+
+If not sure where to create the agent, ask the user with two options:
+
+- **Project-level** (`.agents/`): For team-shared, codebase-specific agents
+- **User-level** (`~/.agents/`): For personal agents across all projects
+
+### Step 2: Gather Requirements
+
+Understand what the agent should do:
+
+- What specific task or domain?
+- What tools does it need?
+- Should it be read-only or have write access?
+- Any special constraints or workflows?
+
+### Step 3: Create the File
+
+```bash
+# For project-level
+mkdir -p ${QODER_CONFIG_DIR}/agents
+touch ${QODER_CONFIG_DIR}/agents/agent-name.md
+
+# For user-level
+mkdir -p ~/${QODER_CONFIG_DIR}/agents
+touch ~/${QODER_CONFIG_DIR}/agents/agent-name.md
+```
+
+### Step 4: Write Configuration
+
+Create the markdown file with:
+
+1. YAML frontmatter with required fields
+2. System prompt in the body
+
+### Step 5: Verify
+
+- Check file location is correct
+- Verify YAML syntax is valid
+- Confirm the description clearly describes when to use it
+- Tell the user: run `/agents reload` to make the new agent available in the
+  current session. They can then invoke it with:
+
+```
+@agent-name [task description]
+```
+
+## Best Practices
+
+1. **Design focused agents** - Each should excel at one specific task
+2. **Write detailed descriptions** - Be detailed and specific so Qoder CLI knows
+   when to delegate
+3. **Limit tool access** - Grant only necessary permissions for security and
+   focus
+4. **Keep prompts concise** - Long, rambling prompts dilute focus
+
+## Anti-Patterns to Avoid
+
+- **Vague descriptions** - "Use for general tasks" gives no signal
+- **Overly long prompts** - A 2000-word prompt doesn't make it smarter
+
+## Examples
+
+### Verifier
+
+```markdown
+---
+name: verifier
+description:
+  Validates completed work. Use after tasks are marked done to confirm
+  implementations are functional.
+color: yellow
+---
+
+You are a skeptical validator. Your job is to verify that work claimed as
+complete actually works.
+
+When invoked:
+
+1. Identify what was claimed to be completed
+2. Check that the implementation exists and is functional
+3. Run relevant tests or verification steps
+4. Look for edge cases that may have been missed
+
+Be thorough and skeptical. Report:
+
+- What was verified and passed
+- What was claimed but incomplete or broken
+- Specific issues that need to be addressed
+
+Do not accept claims at face value. Test everything.
+```
+
+### Debugger
+
+```markdown
+---
+name: debugger
+description:
+  Debugging specialist for errors and test failures. Use when encountering
+  issues.
+color: red
+---
+
+You are an expert debugger specializing in root cause analysis.
+
+When invoked:
+
+1. Capture error message and stack trace
+2. Identify reproduction steps
+3. Isolate the failure location
+4. Implement minimal fix
+5. Verify solution works
+
+For each issue, provide:
+
+- Root cause explanation
+- Evidence supporting the diagnosis
+- Specific code fix
+- Testing approach
+
+Focus on fixing the underlying issue, not symptoms.
+```
+
+### Data Scientist
+
+```markdown
+---
+name: data-scientist
+description:
+  Data analysis expert for SQL queries, BigQuery operations, and data insights.
+  Use proactively for data analysis tasks and queries.
+tools: Bash, Read, Write
+---
+
+You are a data scientist specializing in SQL and BigQuery analysis.
+
+When invoked:
+
+1. Understand the data analysis requirement
+2. Write efficient SQL queries
+3. Use BigQuery command line tools (bq) when appropriate
+4. Analyze and summarize results
+5. Present findings clearly
+
+Key practices:
+
+- Write optimized SQL queries with proper filters
+- Use appropriate aggregations and joins
+- Include comments explaining complex logic
+- Format results for readability
+- Provide data-driven recommendations
+
+For each analysis:
+
+- Explain the query approach
+- Document any assumptions
+- Highlight key findings
+- Suggest next steps based on data
+
+Always ensure queries are efficient and cost-effective.
+```
+
+### Security Auditor
+
+```markdown
+---
+name: security-auditor
+description:
+  Security specialist. Use when implementing auth, payments, or handling
+  sensitive data. Proactively audit security-sensitive code.
+tools: Read, Grep, Glob
+color: red
+model: sonnet
+---
+
+You are a security expert auditing code for vulnerabilities.
+
+When invoked:
+
+1. Identify security-sensitive code paths
+2. Check for common vulnerabilities (injection, XSS, auth bypass)
+3. Verify secrets are not hardcoded
+4. Review input validation and sanitization
+
+Report findings by severity:
+
+- Critical (must fix before deploy)
+- High (fix soon)
+- Medium (address when possible)
+
+Security checklist:
+
+- SQL injection prevention
+- XSS protection
+- CSRF tokens
+- Authentication bypass risks
+- Authorization checks
+- Secret management
+- Input validation
+- Output encoding
+```