@semalt-ai/code 1.8.0 → 1.8.3

package/lib/permissions.js

@@ -8,7 +8,6 @@ const TIER_SYS = ['system_info', 'get_env', 'set_env'];
 const TIER_MAP = { fs: TIER_FS, exec: TIER_EXEC, net: TIER_NET, sys: TIER_SYS };
 const READONLY_BLOCKED = new Set(['write_file', 'append_file', 'delete_file', 'move_file', 'copy_file']);
 
-let _permissionCounter = 0;
 let _permissionQueueTail = Promise.resolve();
 
 function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {}) {
@@ -21,8 +20,8 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
   }
 
   const state = {
-    autoApproveShell: false,
-    autoApproveFile: false,
+    autoApproveAll: false,
+    sessionApprovedTags: new Set(),
   };
 
   let uiCallbacks = null;
@@ -40,92 +39,96 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
 
   const MAX_DESC_LINES = 12;
 
-  function requestPermission(description, onAddMessage, onRerenderMessage, onCollapseMessage, onCaptureNavigation) {
+  // The picker renders into the writer's modal region — a live band above
+  // the status bar that redraws in place on every keystroke. Arrow-key
+  // navigation rebuilds the lines array and calls onShowModal again; nothing
+  // lands in scrollback until the user confirms. On resolve/cancel the
+  // modal is cleared and a single summary line is emitted to scrollback
+  // (for multi-line descriptions — e.g. a file-write diff — the full body
+  // is retained so the user can still see what was approved).
+  function requestPermission(description, onShowModal, onCloseModal, onCaptureNavigation) {
     // Serialize dialogs: each permission waits for the previous one to be answered
     const myTurn = _permissionQueueTail;
     let releaseQueue;
     _permissionQueueTail = new Promise((r) => { releaseQueue = r; });
 
     return myTurn.then(() => new Promise((resolve) => {
-      const uniqueId = `perm_${++_permissionCounter}`;
       const options = ['Yes', 'Always', 'No'];
       let selectedIdx = 0;
       const descLines = description.split('\n');
       const truncatable = descLines.length > MAX_DESC_LINES;
 
-      function buildContent() {
-        let visibleDesc;
-        if (truncatable) {
-          visibleDesc = descLines.slice(0, MAX_DESC_LINES).join('\n') +
-            `\n  \x1b[2m… ${descLines.length - MAX_DESC_LINES} more lines\x1b[0m`;
-        } else {
-          visibleDesc = description;
+      function buildModalLines() {
+        const lines = [];
+        const visible = truncatable
+          ? descLines.slice(0, MAX_DESC_LINES).concat([`  \x1b[2m… ${descLines.length - MAX_DESC_LINES} more lines\x1b[0m`])
+          : descLines;
+        // First description line gets the bullet glyph; continuation lines
+        // are indented to align under it. Matches the pre-modal rendering
+        // that went through chatHistory's system-message renderer.
+        const first = visible[0] || '';
+        lines.push(`  \x1b[38;5;244m●\x1b[0m \x1b[38;5;244m${first}\x1b[0m`);
+        for (let i = 1; i < visible.length; i++) {
+          lines.push(`     \x1b[38;5;244m${visible[i]}\x1b[0m`);
         }
-        const parts = [visibleDesc, ''];
+        lines.push('');
         for (let i = 0; i < options.length; i++) {
-          parts.push(i === selectedIdx
+          lines.push(i === selectedIdx
             ? `\x1b[1m\x1b[36m  ►  ${options[i]}\x1b[0m`
             : `     ${options[i]}`
           );
         }
-        return parts.join('\n');
+        return lines;
       }
 
-      const permMsg = { role: 'system', id: uniqueId, content: buildContent() };
-      onAddMessage(permMsg);
+      onShowModal(buildModalLines());
+
+      function finish(result) {
+        const chosen = result === 'cancel' ? 'no' : options[selectedIdx].toLowerCase();
+        const glyph = (chosen === 'no') ? '✗' : '✓';
+        // The full `description` is preserved in the summary so multi-line
+        // bodies (e.g. file-write diffs) remain visible in scrollback after
+        // the modal closes. chatHistory's system-message renderer styles the
+        // first line by the leading glyph and indents continuations.
+        onCloseModal(`${glyph} ${description}`);
+        releaseQueue();
+        resolve(chosen);
+      }
 
       const releaseNav = onCaptureNavigation((action) => {
         if (action === 'next') {
           selectedIdx = (selectedIdx + 1) % options.length;
-          permMsg.content = buildContent();
-          onRerenderMessage(uniqueId);
+          onShowModal(buildModalLines());
         } else if (action === 'prev') {
           selectedIdx = (selectedIdx - 1 + options.length) % options.length;
-          permMsg.content = buildContent();
-          onRerenderMessage(uniqueId);
+          onShowModal(buildModalLines());
         } else if (action === 'select') {
-          const chosen = options[selectedIdx];
           releaseNav();
-          permMsg.content = chosen === 'No' ? `✗ ${description}` : `✓ ${description}`;
-          onCollapseMessage(uniqueId);
-          releaseQueue();
-          resolve(chosen.toLowerCase());
+          finish('select');
         } else if (action === 'cancel') {
           releaseNav();
-          permMsg.content = `✗ ${description}`;
-          onCollapseMessage(uniqueId);
-          releaseQueue();
-          resolve('no');
+          finish('cancel');
         }
       });
     }));
   }
 
-  async function askPermission(actionType, description, tag) {
-    if (tag && autoApprovedTags.has(tag)) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
-      return true;
+  function _emitAutoApproved(description) {
+    if (uiCallbacks) {
+      uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
+    } else {
+      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
     }
+  }
 
-    if (actionType === 'shell' && state.autoApproveShell) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
+  async function askPermission(actionType, description, tag) {
+    if (state.autoApproveAll) {
+      _emitAutoApproved(description);
       return true;
     }
 
-    if (actionType === 'file' && state.autoApproveFile) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
+    if (tag && (autoApprovedTags.has(tag) || state.sessionApprovedTags.has(tag))) {
+      _emitAutoApproved(description);
       return true;
     }
 
@@ -137,25 +140,23 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
     if (uiCallbacks) {
       const result = await requestPermission(
         `${actionType}: ${description}`,
-        uiCallbacks.onAddMessage,
-        uiCallbacks.onRerenderMessage,
-        uiCallbacks.onCollapseMessage,
+        uiCallbacks.onShowModal,
+        uiCallbacks.onCloseModal,
         uiCallbacks.onCaptureNavigation,
       );
 
       if (result === 'no') return false;
 
-      if (result === 'always') {
-        if (actionType === 'shell') state.autoApproveShell = true;
-        else state.autoApproveFile = true;
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approve enabled for ${actionType} operations` });
+      if (result === 'always' && tag) {
+        state.sessionApprovedTags.add(tag);
+        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approve enabled for \`${tag}\` this session` });
       }
 
       return true;
     }
 
     // Fallback: legacy TTY interactive select (used outside of chat UI)
-    const alwaysLabel = actionType === 'shell' ? 'Yes, always for shell' : 'Yes, always for files';
+    const alwaysLabel = tag ? `Yes, always for <${tag}>` : 'Yes, always';
     const choices = ['Yes', alwaysLabel, 'No'];
 
     console.log();
@@ -177,10 +178,9 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
       return false;
     }
 
-    if (selectedIndex === 1) {
-      if (actionType === 'shell') state.autoApproveShell = true;
-      else state.autoApproveFile = true;
-      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for ${actionType} operations${RST}`);
+    if (selectedIndex === 1 && tag) {
+      state.sessionApprovedTags.add(tag);
+      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for <${tag}> this session${RST}`);
     }
 
     return true;
@@ -194,14 +194,13 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
   }
 
   function clear() {
-    state.autoApproveShell = false;
-    state.autoApproveFile = false;
+    state.autoApproveAll = false;
+    state.sessionApprovedTags.clear();
   }
 
   function toggleAll() {
-    state.autoApproveShell = !state.autoApproveShell;
-    state.autoApproveFile = !state.autoApproveFile;
-    return state.autoApproveShell;
+    state.autoApproveAll = !state.autoApproveAll;
+    return state.autoApproveAll;
   }
 
   return {

package/lib/prompts.js

@@ -1,105 +1,119 @@
 'use strict';
 
-const SYSTEM_PROMPT = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. You have the ability to execute shell commands and file operations.
-
-IMPORTANT: You CAN execute commands on the user's system. When you need to run a command, use this exact format:
-
-To run a shell command:
-<exec>command here</exec>
-
-To read a file:
-<read_file>/path/to/file</read_file>
-
-To write a file (also accepted as <create_file path="...">...</create_file>):
-<write_file path="/path/to/file">file content here</write_file>
-
-To append content to an existing file:
-<append_file path="/path/to/file">content to append</append_file>
-
-To delete a file:
-<delete_file>/path/to/file</delete_file>
-
-To list a directory (entries marked [F] file, [D] dir, [L] symlink):
-<list_dir>/path/to/dir</list_dir>
-
-To create a directory (including parents):
-<make_dir>/path/to/new/dir</make_dir>
-
-To remove a directory and all its contents:
-<remove_dir>/path/to/dir</remove_dir>
-
-To move or rename a file:
-<move_file src="/old/path" dst="/new/path"></move_file>
-
-To copy a file:
-<copy_file src="/source/path" dst="/destination/path"></copy_file>
-
-To get file metadata (size, type, permissions, modification time):
-<file_stat>/path/to/file</file_stat>
-
-To search for files matching a glob pattern (supports * and **):
-<search_files pattern="**/*.js" dir="/path/to/search"></search_files>
-
-To search for a regex pattern within a file (returns matching lines):
-<search_in_file path="/path/to/file">regex pattern</search_in_file>
+const { TAG_REGISTRY } = require('./constants');
+
+const WRAPPER_NAMES = new Set([
+  'minimax:tool_call',
+  'qwen:tool_call',
+  'invoke',
+  'parameter',
+  'tool_call',
+  'function_call',
+]);
+
+// For each tool tag: required attributes and a one-line purpose.
+// Required attributes are derived from the matchers in `extractToolCalls`
+// (lib/tools.js). Where a tag accepts either an attribute or inline content,
+// the attribute is marked optional.
+const TOOL_TAG_SPECS = {
+  exec:            { attrs: [],                     purpose: 'Run a shell command (inline content).' },
+  shell:           { attrs: [],                     purpose: 'Run a shell command (inline content).' },
+  read_file:       { attrs: ['path?'],              purpose: 'Read a file (path attr or inline content).' },
+  write_file:      { attrs: ['path'],               purpose: 'Write file with inline content (overwrites).' },
+  create_file:     { attrs: ['path'],               purpose: 'Create file with inline content.' },
+  append_file:     { attrs: ['path'],               purpose: 'Append inline content to file.' },
+  delete_file:     { attrs: [],                     purpose: 'Delete a file (inline content = path).' },
+  list_dir:        { attrs: [],                     purpose: 'List directory contents (inline content = path).' },
+  make_dir:        { attrs: [],                     purpose: 'Create directory recursively (inline content = path).' },
+  remove_dir:      { attrs: [],                     purpose: 'Remove directory recursively (inline content = path).' },
+  move_file:       { attrs: ['src', 'dst'],         purpose: 'Move or rename a file.' },
+  copy_file:       { attrs: ['src', 'dst'],         purpose: 'Copy a file.' },
+  file_stat:       { attrs: [],                     purpose: 'Stat a file (inline content = path).' },
+  edit_file:       { attrs: ['path', 'line'],       purpose: 'Replace a single line in a file (inline content = new line).' },
+  search_files:    { attrs: ['pattern?', 'dir?'],   purpose: 'Find files by glob pattern.' },
+  search_in_file:  { attrs: ['path'],               purpose: 'Regex search inside a file (inline content = pattern).' },
+  replace_in_file: { attrs: ['path', 'search', 'replace'], purpose: 'Regex replace inside a file.' },
+  get_env:         { attrs: [],                     purpose: 'Read an env var (inline content = name).' },
+  set_env:         { attrs: ['name', 'value'],      purpose: 'Set an env var for this process.' },
+  download:        { attrs: [],                     purpose: 'HTTP download to the CWD (inline content = URL).' },
+  upload:          { attrs: ['path'],               purpose: 'Write base64-encoded content to file.' },
+  http_get:        { attrs: ['url'],                purpose: 'HTTP GET; returns the response body (truncated to a byte cap with an explicit notice when oversized).' },
+  ask_user:        { attrs: ['question'],           purpose: 'Ask the user a question and receive an answer.' },
+  store_memory:    { attrs: ['key'],                purpose: 'Persist a key/value to local memory (inline content = value).' },
+  recall_memory:   { attrs: ['key'],                purpose: 'Read a key from local memory.' },
+  list_memories:   { attrs: [],                     purpose: 'List memory keys.' },
+  system_info:     { attrs: [],                     purpose: 'Return platform, arch, host, memory, node version, cwd.' },
+};
 
-To replace text in a file using a regex pattern:
-<replace_in_file path="/path/to/file" search="old pattern" replace="new text"></replace_in_file>
+function buildTagInventory() {
+  const lines = [];
+  for (const tag of Object.keys(TAG_REGISTRY)) {
+    const entry = TAG_REGISTRY[tag];
+    if (entry.type !== 'tool') continue;
+    if (WRAPPER_NAMES.has(tag)) continue;
+    const spec = TOOL_TAG_SPECS[tag] || { attrs: [], purpose: '' };
+    const attrPart = spec.attrs.length
+      ? ` [attrs: ${spec.attrs.join(', ')}]`
+      : '';
+    lines.push(`- <${tag}>${attrPart} — ${spec.purpose}`);
+  }
+  return lines.join('\n');
+}
 
-To replace a specific line in a file:
-<edit_file path="/path/to/file" line="42">replacement line content</edit_file>
+const TAG_INVENTORY = buildTagInventory();
 
-To fetch a URL over HTTP or HTTPS (HTML pages are auto-converted to plain text):
-<http_get url="https://example.com/api/data"></http_get>
+const SYSTEM_PROMPT_TEMPLATE = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. You have the ability to execute shell commands and file operations.
 
-To fetch raw HTML when you need to parse markup, extract links, or inspect structure:
-<http_get url="https://example.com/" raw="true"></http_get>
+## Available tool tags:
 
-If the response is large it will be delivered in numbered parts. To retrieve the next part:
-<http_get_next key="https://example.com/api/data"/>
+${TAG_INVENTORY}
 
-To download a file from a URL (saved to current directory):
-<download>https://example.com/file.zip</download>
+## Tool call syntax — use EXACTLY these forms:
 
-To write base64-encoded content to a file:
-<upload path="/path/to/file">base64encodedcontent</upload>
+- Single-value inline-content tags: put the value directly between the tags as plain text. **Do NOT nest pseudo-tags like \`<path>\`, \`<command>\`, \`<url>\`, \`<key>\`, \`<name>\`, \`<pattern>\`, or \`<question>\` inside the body** — the parser treats the body as the literal value.
+  - Correct: \`<list_dir>/tmp/foo</list_dir>\`, \`<shell>ls -la</shell>\`, \`<read_file>/etc/hosts</read_file>\`, \`<download>https://x.com/f.zip</download>\`
+  - Wrong:   \`<list_dir><path>/tmp/foo</path></list_dir>\`, \`<shell><command>ls</command></shell>\`
+- Attribute tags: parameters go as quoted attributes on the opening tag; the body is either empty (self-closed) or real payload content (e.g. file bytes for \`write_file\`).
+  - Correct: \`<write_file path="/tmp/a.txt">actual file contents here</write_file>\`, \`<http_get url="https://example.com"/>\`, \`<move_file src="/a" dst="/b"/>\`
+  - Wrong:   \`<write_file><path>/tmp/a.txt</path><content>...</content></write_file>\`
 
-To ask the user a question and receive their typed answer:
-<ask_user question="Which directory should I use?"></ask_user>
+## Reasoning vs planning — IMPORTANT:
 
-To store a value in persistent memory across sessions:
-<store_memory key="project_name">my-app</store_memory>
+- Your internal chain-of-thought reasoning uses your native \`<think>...</think>\` block. Use it normally for deliberation. Do NOT treat \`<think>\` as a user-facing tool and do NOT try to emit \`<think>\` as an action — it is reserved for your own reasoning and is handled by the runtime.
+- When you need to explicitly record a short plan that the agent framework can see (for logging or hand-off between steps), use \`<plan>...</plan>\` instead. \`<plan>\` is a tool tag; \`<think>\` is not.
+- Never emit \`<think>\` as an action. The valid action tags are the ones listed above.
 
-To retrieve a previously stored memory value:
-<recall_memory key="project_name"></recall_memory>
+## STRICT RULES — follow exactly:
 
-To list all keys stored in persistent memory:
-<list_memories></list_memories>
+1. Emit tool tags as needed. If a step depends on a prior tool's result, wait for the result before the next call. Independent tool calls may be batched in a single response.
+2. **Always end your response with exactly one action tag** whenever the task is not yet complete. Do NOT end a response with only prose like "Let me create the files…" — that prose must be immediately followed by the actual tool tag in the same response. Preamble without a tool tag is a bug.
+3. Only use the exact tag names listed above. Unknown tag names will not be executed.
+4. When the user asks you to do something on their system, USE the tools — do NOT just print instructions.
+5. Each action will be shown to the user for approval before execution.
+6. After execution you will receive the result and can proceed with the next action in a new response.
+7. Be concise. Provide working solutions. Use markdown for code blocks in explanations.
+8. Current working directory: __CWD__
 
-To get system information (OS, CPU arch, memory, hostname, user):
-<system_info></system_info>
+Response contract (strict):
+Every response must end with exactly one of:
+  (a) a tool call, using one of the XML tags listed above; OR
+  (b) <final_answer>...</final_answer> containing your answer to the user.
+A response containing neither is invalid and will be rejected.
+Do not describe actions in prose outside these two forms. Either call the tool, or wrap your final reply in <final_answer>.`;
 
-To read an environment variable:
-<get_env>VARIABLE_NAME</get_env>
+const NATIVE_SYSTEM_PROMPT_TEMPLATE = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. Use the provided tools to execute shell commands and file operations; do not just print instructions. Each call is approved by the user before execution, and the result is returned to you for the next step.
 
-To set an environment variable for the current session:
-<set_env name="VARIABLE_NAME" value="value"/>
+Use \`<think>...</think>\` for internal reasoning (runtime-handled; never emit as an action). Use \`<plan>...</plan>\` to record a short plan for the agent framework.
 
-To reason or think before acting (hidden from user by default):
-<think>your reasoning here</think>
+Be concise. Use markdown for code blocks in explanations. Current working directory: __CWD__
 
-## STRICT RULES — follow exactly:
+Response contract: every response must end with either (a) one or more tool calls, or (b) <final_answer>...</final_answer> containing your answer to the user. Prose outside those two forms is invalid.`;
 
-1. **ONE tool tag per response, no exceptions.** After emitting a tag, stop. Wait for the result. Then emit the next tag in your next response. Never put two or more action tags in the same response.
-2. Only use the exact tag names listed above. Unknown tag names will not be executed.
-3. When the user asks you to do something on their system, USE the tools — do NOT just print instructions.
-4. Each action will be shown to the user for approval before execution.
-5. After execution you will receive the result and can proceed.
-6. Be concise. Provide working solutions. Use markdown for code blocks in explanations.
-7. **Permission denied fallback:** If any tool action (write_file, delete_file, make_dir, etc.) is denied or returns a permission error, immediately retry the same operation using \`<exec>\` with an equivalent shell command (e.g. \`tee\`, \`rm\`, \`mkdir -p\`, \`cp\`, \`mv\`). Never give up after a single denial — the shell is always the fallback.
-8. If a shell command itself also fails with a permission error, immediately retry it prefixed with \`sudo\` (e.g. \`sudo tee /path\`, \`sudo mkdir -p /path\`). Do not ask — just try. Only stop and explain if sudo itself fails.
-9. Current working directory: ${process.cwd()}`;
+function getSystemPrompt(nativeTools = false) {
+  const template = nativeTools ? NATIVE_SYSTEM_PROMPT_TEMPLATE : SYSTEM_PROMPT_TEMPLATE;
+  return template.replace('__CWD__', process.cwd());
+}
 
 module.exports = {
-  SYSTEM_PROMPT,
+  getSystemPrompt,
 };