@rnbsolucoes/axion-code 0.1.20 → 0.1.22

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/README.md +20 -15
  2. package/npm/releases/linux-x64/axion-code +0 -0
  3. package/npm/releases/win32-x64/axion-code.exe +0 -0
  4. package/package.json +1 -1
package/README.md CHANGED
@@ -287,17 +287,20 @@ Provider stream `tool_call` events now open the TUI approval menu when the
287
287
  active permission mode requires review. Approve/Deny records the audited
288
288
  decision and returns focus to the chat input. When approved, the TUI executes
289
289
  supported guarded-dispatcher tools and prints the bounded result in the
290
- timeline. Unsupported tools remain explicitly pending until a dedicated adapter
291
- exists.
290
+ timeline. Successful supported tool results are then sent back into the active
291
+ provider as a follow-up `tool_result` continuation turn, so the agent can use
292
+ the evidence before answering. Unsupported tools remain explicitly pending until
293
+ a dedicated adapter exists.
292
294
 
293
295
  `axion tool run` exposes the first guarded dispatcher surface. The CLI and TUI
294
- currently support `Read`, `Glob`, `Grep`, `Write` and `Edit` inside the active
295
- workspace. Provider tool aliases such as `read_file` and `write_file` are
296
- normalized to the native tool names before approval/execution. When the active
297
- permission mode requires approval, execution is allowed only if the supplied
298
- approval is already approved and matches the exact redacted tool request.
299
- Shell, MCP, browser, process and unknown tools remain unsupported even when an
300
- approval exists.
296
+ currently support workspace-local `Read`, `Glob`, `Grep`, `Write` and `Edit`,
297
+ plus governed `Shell`/`Bash`/`PowerShell` commands that run from a workspace
298
+ directory with timeout and bounded output. Provider tool aliases such as
299
+ `read_file`, `write_file` and `run_command` are normalized to native tool names
300
+ before approval/execution. When the active permission mode requires approval,
301
+ execution is allowed only if the supplied approval is already approved and
302
+ matches the exact redacted tool request. MCP, browser, process and unknown tools
303
+ remain unsupported even when an approval exists.
301
304
 
302
305
  Examples:
303
306
 
@@ -310,14 +313,15 @@ axion permission approvals --session smoke --decision pending --json
310
313
  axion permission resolve <approval-id> --deny --reason "not needed" --json
311
314
  axion tool run Read "{\"path\":\"README.md\"}" --mode full_permission --json
312
315
  axion tool run Write "{\"path\":\"notes/out.txt\",\"content\":\"approved\"}" --session smoke --turn turn-1 --approval <approval-id> --mode request_permission --json
316
+ axion tool run Shell "{\"command\":\"echo axion-shell\"}" --session smoke --turn turn-1 --approval <approval-id> --mode request_permission --json
313
317
  ```
314
318
 
315
319
  Security invariants:
316
320
 
317
321
  - `Full permission` skips only read and non-destructive write tiers.
318
322
  - package install, network download/egress, destructive commands, process
319
- control, paid generation, browser actions, mutating MCP tools and unknown
320
- tools still require approval under `Full permission`.
323
+ control, shell commands, paid generation, browser actions, mutating MCP tools
324
+ and unknown tools still require approval under `Full permission`.
321
325
  - `YOLO` is the only mode that bypasses every class, and remains explicit user
322
326
  opt-in.
323
327
  - unknown native tools are default-deny until they are classified.
@@ -360,10 +364,11 @@ This is a functional direction MVP, not the full harness:
360
364
  - terminal logo uses Sixel when available and falls back to width-bounded ANSI/block rendering;
361
365
  - initial chat splash shows the Axion logo and system name until the first interaction;
362
366
  - guarded dispatcher execution is limited to workspace-local `Read`, `Glob`,
363
- `Grep`, `Write` and `Edit`; the TUI executes these after approval and shows
364
- the result, but the result is not yet fed back into the provider as an
365
- iterative `tool_result` turn;
366
- - shell, MCP, browser, process and unknown tools remain blocked;
367
+ `Grep`, `Write` and `Edit`, plus governed workspace-scoped shell commands;
368
+ the TUI executes these after approval and shows the result, then feeds
369
+ successful supported results back into the provider as an iterative
370
+ `tool_result` continuation turn;
371
+ - MCP, browser, process and unknown tools remain blocked;
367
372
  - no executable Pi RPC bridge yet;
368
373
  - no MCP transport execution yet;
369
374
  - native subagent execution is prompt-isolated and provider/model-inherited; richer multi-subagent orchestration, streaming and budget telemetry remain next-cycle items.
package/npm/releases/linux-x64/axion-code CHANGED
Binary file
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@rnbsolucoes/axion-code",
3
- "version": "0.1.20",
3
+ "version": "0.1.22",
4
4
  "description": "Axion Code CLI harness for the Axion ecosystem.",
5
5
  "type": "module",
6
6
  "repository": {