@semalt-ai/code 1.8.1 → 1.8.3

package/lib/constants.js

@@ -17,18 +17,34 @@ const DEFAULT_CONFIG = {
   temperature: 0.7,
   request_timeout_ms: DEFAULT_API_TIMEOUT_MS,
   stream: true,
+  // native_tools (boolean, default true): when true, the
+  // client sends an OpenAI-format `tools` parameter and
+  // expects structured tool_calls in responses. Set to
+  // false only for models/endpoints that do not support
+  // native function calling (legacy finetunes, XML-only
+  // adapters). Per-profile flag on models[] entries.
   models: [],
   theme: 'dark',
   max_file_size_kb: 512,
   command_timeout_ms: 30000,
   max_output_lines: 50,
+  http_fetch_max_bytes: 262144,
   show_token_count: true,
   show_cost: false,
   system_prompt_mode: 'system_role',
+  repair_malformed_tool_xml: false,
 };
 
 const CONFIG_PATH = path.join(os.homedir(), '.semalt-ai', 'config.json');
 
+// TAG_REGISTRY classifies every XML tag the stream parser may encounter.
+// For 'tool'-type tags, the *parameter schema* lives in lib/tool_specs.js
+// (TOOL_SPECS) — that file is the single source of truth for argument
+// names, types, required flags, and descriptions used to build the
+// native function-calling `tools` array and the system-prompt tag
+// inventory. Adding or renaming a 'tool' entry here requires a matching
+// change in TOOL_SPECS; the assertion at the bottom of this module
+// enforces that parity at load time.
 const TAG_REGISTRY = {
   // Rendered visually in chat, never shown as raw text
   think:      { type: 'visual', streaming: true,  display: 'think_bubble' },
@@ -59,7 +75,6 @@ const TAG_REGISTRY = {
   download:         { type: 'tool', streaming: false, label: 'Downloading' },
   upload:           { type: 'tool', streaming: false, label: 'Uploading' },
   http_get:         { type: 'tool', streaming: false, label: 'Fetching URL' },
-  http_get_next:    { type: 'tool', streaming: false, label: 'Fetching next content chunk' },
   ask_user:         { type: 'tool', streaming: false, label: 'Asking user' },
   store_memory:     { type: 'tool', streaming: false, label: 'Storing memory' },
   recall_memory:    { type: 'tool', streaming: false, label: 'Recalling memory' },
@@ -81,6 +96,14 @@ const TAG_REGISTRY = {
   tool_call:       { type: 'tool', streaming: false, label: 'Using tool' },
   function_call:   { type: 'tool', streaming: false, label: 'Using tool' },
 
+  // Qwen3-Coder / Qwen3.5 XML tool-call format: `<function=tool_name>…</function>`.
+  // The tool name is carried as an `=name` suffix on the opening tag rather
+  // than an attribute; `parameter` (already registered as `strip` above) covers
+  // the matching `<parameter=key>…</parameter>` child tags. StreamParser splits
+  // the tag name on `[\s=]`, so the registry lookup for `<function=read_file>`
+  // resolves here.
+  function: { type: 'tool', streaming: false, label: 'Using tool' },
+
   // Silently stripped — model wrapper artifacts
   answer:    { type: 'strip' },
   response:  { type: 'strip' },
@@ -90,8 +113,35 @@ const TAG_REGISTRY = {
   text:      { type: 'strip' },
   result:    { type: 'strip' },
   code:      { type: 'strip' },
+
+  // Protocol wrapper: the model's declared final reply to the user. Tags are
+  // stripped from rendered output but the inner content IS the user-facing
+  // answer and must stream through onToken, not be buffered like tool blocks.
+  final_answer: { type: 'final', streaming: true, label: 'Final answer' },
 };
 
+// Load-time parity check: every 'tool'-type tag in TAG_REGISTRY must have a
+// matching entry in TOOL_SPECS, and TOOL_SPECS must not declare phantom
+// tools that aren't registered. Requiring tool_specs.js here (rather than
+// at the top of the file) keeps the module boundary one-directional —
+// tool_specs.js does not depend on this file.
+const { TOOL_SPECS } = require('./tool_specs');
+(function assertToolSpecParity() {
+  const registryTools = Object.entries(TAG_REGISTRY)
+    .filter(([, v]) => v.type === 'tool')
+    .map(([k]) => k)
+    .sort();
+  const specTools = Object.keys(TOOL_SPECS).sort();
+  const missing = registryTools.filter((k) => !Object.prototype.hasOwnProperty.call(TOOL_SPECS, k));
+  const extra = specTools.filter((k) => !(k in TAG_REGISTRY) || TAG_REGISTRY[k].type !== 'tool');
+  if (missing.length || extra.length) {
+    const parts = [];
+    if (missing.length) parts.push(`missing in TOOL_SPECS: ${missing.join(', ')}`);
+    if (extra.length) parts.push(`extra in TOOL_SPECS: ${extra.join(', ')}`);
+    throw new Error(`TAG_REGISTRY ↔ TOOL_SPECS mismatch — ${parts.join('; ')}`);
+  }
+})();
+
 module.exports = {
   CONFIG_PATH,
   DEFAULT_API_TIMEOUT_MS,

package/lib/metrics.js

@@ -32,13 +32,22 @@ class Metrics {
   }
 
   tokenLimitStatus() {
-    if (this.modelTokenLimit === null) return null;
     const used = this.contextTokens();
+    if (this.modelTokenLimit == null) {
+      // No known limit — still expose `used` once we have a turn's prompt_tokens
+      // so the UI can render "N tok · limit unknown" instead of hiding the line.
+      if (!this.turns.length || !used) return null;
+      return { used, limit: null, pct: null, bar: null };
+    }
     const pct = Math.round((used / this.modelTokenLimit) * 100);
     const bar = this._buildBar(pct, 10);
     return { used, limit: this.modelTokenLimit, pct, bar };
   }
 
+  setModelTokenLimit(limit) {
+    this.modelTokenLimit = Number.isInteger(limit) && limit > 0 ? limit : null;
+  }
+
   _buildBar(pct, width) {
     const filled = Math.min(Math.round((pct / 100) * width), width);
     const empty = Math.max(0, width - filled);
@@ -79,8 +88,12 @@ class Metrics {
 
     const status = this.tokenLimitStatus();
     if (status !== null) {
-      lines.push(row(`  Context used:  ${this.contextTokens()}`));
-      lines.push(row(`  Token limit:   ${status.used}/${status.limit} (${status.pct}%)`));
+      if (status.limit === null) {
+        lines.push(row(`  Context used:  ${status.used} (limit unknown)`));
+      } else {
+        lines.push(row(`  Context used:  ${this.contextTokens()}`));
+        lines.push(row(`  Token limit:   ${status.used}/${status.limit} (${status.pct}%)`));
+      }
     }
 
     lines.push(row(`  Duration:      ${durationStr}`));

package/lib/permissions.js

@@ -8,7 +8,6 @@ const TIER_SYS = ['system_info', 'get_env', 'set_env'];
 const TIER_MAP = { fs: TIER_FS, exec: TIER_EXEC, net: TIER_NET, sys: TIER_SYS };
 const READONLY_BLOCKED = new Set(['write_file', 'append_file', 'delete_file', 'move_file', 'copy_file']);
 
-let _permissionCounter = 0;
 let _permissionQueueTail = Promise.resolve();
 
 function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {}) {
@@ -21,8 +20,8 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
   }
 
   const state = {
-    autoApproveShell: false,
-    autoApproveFile: false,
+    autoApproveAll: false,
+    sessionApprovedTags: new Set(),
   };
 
   let uiCallbacks = null;
@@ -40,92 +39,96 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
 
   const MAX_DESC_LINES = 12;
 
-  function requestPermission(description, onAddMessage, onRerenderMessage, onCollapseMessage, onCaptureNavigation) {
+  // The picker renders into the writer's modal region — a live band above
+  // the status bar that redraws in place on every keystroke. Arrow-key
+  // navigation rebuilds the lines array and calls onShowModal again; nothing
+  // lands in scrollback until the user confirms. On resolve/cancel the
+  // modal is cleared and a single summary line is emitted to scrollback
+  // (for multi-line descriptions — e.g. a file-write diff — the full body
+  // is retained so the user can still see what was approved).
+  function requestPermission(description, onShowModal, onCloseModal, onCaptureNavigation) {
     // Serialize dialogs: each permission waits for the previous one to be answered
     const myTurn = _permissionQueueTail;
     let releaseQueue;
     _permissionQueueTail = new Promise((r) => { releaseQueue = r; });
 
     return myTurn.then(() => new Promise((resolve) => {
-      const uniqueId = `perm_${++_permissionCounter}`;
       const options = ['Yes', 'Always', 'No'];
       let selectedIdx = 0;
       const descLines = description.split('\n');
       const truncatable = descLines.length > MAX_DESC_LINES;
 
-      function buildContent() {
-        let visibleDesc;
-        if (truncatable) {
-          visibleDesc = descLines.slice(0, MAX_DESC_LINES).join('\n') +
-            `\n  \x1b[2m… ${descLines.length - MAX_DESC_LINES} more lines\x1b[0m`;
-        } else {
-          visibleDesc = description;
+      function buildModalLines() {
+        const lines = [];
+        const visible = truncatable
+          ? descLines.slice(0, MAX_DESC_LINES).concat([`  \x1b[2m… ${descLines.length - MAX_DESC_LINES} more lines\x1b[0m`])
+          : descLines;
+        // First description line gets the bullet glyph; continuation lines
+        // are indented to align under it. Matches the pre-modal rendering
+        // that went through chatHistory's system-message renderer.
+        const first = visible[0] || '';
+        lines.push(`  \x1b[38;5;244m●\x1b[0m \x1b[38;5;244m${first}\x1b[0m`);
+        for (let i = 1; i < visible.length; i++) {
+          lines.push(`     \x1b[38;5;244m${visible[i]}\x1b[0m`);
         }
-        const parts = [visibleDesc, ''];
+        lines.push('');
         for (let i = 0; i < options.length; i++) {
-          parts.push(i === selectedIdx
+          lines.push(i === selectedIdx
             ? `\x1b[1m\x1b[36m  ►  ${options[i]}\x1b[0m`
             : `     ${options[i]}`
           );
         }
-        return parts.join('\n');
+        return lines;
       }
 
-      const permMsg = { role: 'system', id: uniqueId, content: buildContent() };
-      onAddMessage(permMsg);
+      onShowModal(buildModalLines());
+
+      function finish(result) {
+        const chosen = result === 'cancel' ? 'no' : options[selectedIdx].toLowerCase();
+        const glyph = (chosen === 'no') ? '✗' : '✓';
+        // The full `description` is preserved in the summary so multi-line
+        // bodies (e.g. file-write diffs) remain visible in scrollback after
+        // the modal closes. chatHistory's system-message renderer styles the
+        // first line by the leading glyph and indents continuations.
+        onCloseModal(`${glyph} ${description}`);
+        releaseQueue();
+        resolve(chosen);
+      }
 
       const releaseNav = onCaptureNavigation((action) => {
         if (action === 'next') {
           selectedIdx = (selectedIdx + 1) % options.length;
-          permMsg.content = buildContent();
-          onRerenderMessage(uniqueId);
+          onShowModal(buildModalLines());
         } else if (action === 'prev') {
           selectedIdx = (selectedIdx - 1 + options.length) % options.length;
-          permMsg.content = buildContent();
-          onRerenderMessage(uniqueId);
+          onShowModal(buildModalLines());
         } else if (action === 'select') {
-          const chosen = options[selectedIdx];
           releaseNav();
-          permMsg.content = chosen === 'No' ? `✗ ${description}` : `✓ ${description}`;
-          onCollapseMessage(uniqueId);
-          releaseQueue();
-          resolve(chosen.toLowerCase());
+          finish('select');
         } else if (action === 'cancel') {
           releaseNav();
-          permMsg.content = `✗ ${description}`;
-          onCollapseMessage(uniqueId);
-          releaseQueue();
-          resolve('no');
+          finish('cancel');
         }
       });
     }));
   }
 
-  async function askPermission(actionType, description, tag) {
-    if (tag && autoApprovedTags.has(tag)) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
-      return true;
+  function _emitAutoApproved(description) {
+    if (uiCallbacks) {
+      uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
+    } else {
+      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
     }
+  }
 
-    if (actionType === 'shell' && state.autoApproveShell) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
+  async function askPermission(actionType, description, tag) {
+    if (state.autoApproveAll) {
+      _emitAutoApproved(description);
       return true;
     }
 
-    if (actionType === 'file' && state.autoApproveFile) {
-      if (uiCallbacks) {
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
-      } else {
-        console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
-      }
+    if (tag && (autoApprovedTags.has(tag) || state.sessionApprovedTags.has(tag))) {
+      _emitAutoApproved(description);
       return true;
     }
 
@@ -137,25 +140,23 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
     if (uiCallbacks) {
       const result = await requestPermission(
         `${actionType}: ${description}`,
-        uiCallbacks.onAddMessage,
-        uiCallbacks.onRerenderMessage,
-        uiCallbacks.onCollapseMessage,
+        uiCallbacks.onShowModal,
+        uiCallbacks.onCloseModal,
         uiCallbacks.onCaptureNavigation,
       );
 
       if (result === 'no') return false;
 
-      if (result === 'always') {
-        if (actionType === 'shell') state.autoApproveShell = true;
-        else state.autoApproveFile = true;
-        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approve enabled for ${actionType} operations` });
+      if (result === 'always' && tag) {
+        state.sessionApprovedTags.add(tag);
+        uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approve enabled for \`${tag}\` this session` });
       }
 
       return true;
     }
 
     // Fallback: legacy TTY interactive select (used outside of chat UI)
-    const alwaysLabel = actionType === 'shell' ? 'Yes, always for shell' : 'Yes, always for files';
+    const alwaysLabel = tag ? `Yes, always for <${tag}>` : 'Yes, always';
     const choices = ['Yes', alwaysLabel, 'No'];
 
     console.log();
@@ -177,10 +178,9 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
       return false;
     }
 
-    if (selectedIndex === 1) {
-      if (actionType === 'shell') state.autoApproveShell = true;
-      else state.autoApproveFile = true;
-      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for ${actionType} operations${RST}`);
+    if (selectedIndex === 1 && tag) {
+      state.sessionApprovedTags.add(tag);
+      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for <${tag}> this session${RST}`);
     }
 
     return true;
@@ -194,14 +194,13 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
   }
 
   function clear() {
-    state.autoApproveShell = false;
-    state.autoApproveFile = false;
+    state.autoApproveAll = false;
+    state.sessionApprovedTags.clear();
   }
 
   function toggleAll() {
-    state.autoApproveShell = !state.autoApproveShell;
-    state.autoApproveFile = !state.autoApproveFile;
-    return state.autoApproveShell;
+    state.autoApproveAll = !state.autoApproveAll;
+    return state.autoApproveAll;
   }
 
   return {

package/lib/prompts.js

@@ -1,112 +1,119 @@
 'use strict';
 
-const SYSTEM_PROMPT = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. You have the ability to execute shell commands and file operations.
-
-IMPORTANT: You CAN execute commands on the user's system. When you need to run a command, use this exact format:
-
-To run a shell command:
-<exec>command here</exec>
-
-To read a file:
-<read_file>/path/to/file</read_file>
-
-To write a file (also accepted as <create_file path="...">...</create_file>):
-<write_file path="/path/to/file">file content here</write_file>
-
-To append content to an existing file:
-<append_file path="/path/to/file">content to append</append_file>
-
-To delete a file:
-<delete_file>/path/to/file</delete_file>
-
-To list a directory (entries marked [F] file, [D] dir, [L] symlink):
-<list_dir>/path/to/dir</list_dir>
-
-To create a directory (including parents):
-<make_dir>/path/to/new/dir</make_dir>
-
-To remove a directory and all its contents:
-<remove_dir>/path/to/dir</remove_dir>
-
-To move or rename a file:
-<move_file src="/old/path" dst="/new/path"></move_file>
-
-To copy a file:
-<copy_file src="/source/path" dst="/destination/path"></copy_file>
-
-To get file metadata (size, type, permissions, modification time):
-<file_stat>/path/to/file</file_stat>
-
-To search for files matching a glob pattern (supports * and **):
-<search_files pattern="**/*.js" dir="/path/to/search"></search_files>
-
-To search for a regex pattern within a file (returns matching lines):
-<search_in_file path="/path/to/file">regex pattern</search_in_file>
-
-To replace text in a file using a regex pattern:
-<replace_in_file path="/path/to/file" search="old pattern" replace="new text"></replace_in_file>
-
-To replace a specific line in a file:
-<edit_file path="/path/to/file" line="42">replacement line content</edit_file>
-
-To fetch a URL over HTTP or HTTPS (HTML pages are auto-converted to plain text):
-<http_get url="https://example.com/api/data"></http_get>
-
-To fetch raw HTML when you need to parse markup, extract links, or inspect structure:
-<http_get url="https://example.com/" raw="true"></http_get>
-
-If the response is large it will be delivered in numbered parts. To retrieve the next part:
-<http_get_next key="https://example.com/api/data"/>
-
-To download a file from a URL (saved to current directory):
-<download>https://example.com/file.zip</download>
-
-To write base64-encoded content to a file:
-<upload path="/path/to/file">base64encodedcontent</upload>
-
-To ask the user a question and receive their typed answer:
-<ask_user question="Which directory should I use?"></ask_user>
+const { TAG_REGISTRY } = require('./constants');
+
+const WRAPPER_NAMES = new Set([
+  'minimax:tool_call',
+  'qwen:tool_call',
+  'invoke',
+  'parameter',
+  'tool_call',
+  'function_call',
+]);
+
+// For each tool tag: required attributes and a one-line purpose.
+// Required attributes are derived from the matchers in `extractToolCalls`
+// (lib/tools.js). Where a tag accepts either an attribute or inline content,
+// the attribute is marked optional.
+const TOOL_TAG_SPECS = {
+  exec:            { attrs: [],                     purpose: 'Run a shell command (inline content).' },
+  shell:           { attrs: [],                     purpose: 'Run a shell command (inline content).' },
+  read_file:       { attrs: ['path?'],              purpose: 'Read a file (path attr or inline content).' },
+  write_file:      { attrs: ['path'],               purpose: 'Write file with inline content (overwrites).' },
+  create_file:     { attrs: ['path'],               purpose: 'Create file with inline content.' },
+  append_file:     { attrs: ['path'],               purpose: 'Append inline content to file.' },
+  delete_file:     { attrs: [],                     purpose: 'Delete a file (inline content = path).' },
+  list_dir:        { attrs: [],                     purpose: 'List directory contents (inline content = path).' },
+  make_dir:        { attrs: [],                     purpose: 'Create directory recursively (inline content = path).' },
+  remove_dir:      { attrs: [],                     purpose: 'Remove directory recursively (inline content = path).' },
+  move_file:       { attrs: ['src', 'dst'],         purpose: 'Move or rename a file.' },
+  copy_file:       { attrs: ['src', 'dst'],         purpose: 'Copy a file.' },
+  file_stat:       { attrs: [],                     purpose: 'Stat a file (inline content = path).' },
+  edit_file:       { attrs: ['path', 'line'],       purpose: 'Replace a single line in a file (inline content = new line).' },
+  search_files:    { attrs: ['pattern?', 'dir?'],   purpose: 'Find files by glob pattern.' },
+  search_in_file:  { attrs: ['path'],               purpose: 'Regex search inside a file (inline content = pattern).' },
+  replace_in_file: { attrs: ['path', 'search', 'replace'], purpose: 'Regex replace inside a file.' },
+  get_env:         { attrs: [],                     purpose: 'Read an env var (inline content = name).' },
+  set_env:         { attrs: ['name', 'value'],      purpose: 'Set an env var for this process.' },
+  download:        { attrs: [],                     purpose: 'HTTP download to the CWD (inline content = URL).' },
+  upload:          { attrs: ['path'],               purpose: 'Write base64-encoded content to file.' },
+  http_get:        { attrs: ['url'],                purpose: 'HTTP GET; returns the response body (truncated to a byte cap with an explicit notice when oversized).' },
+  ask_user:        { attrs: ['question'],           purpose: 'Ask the user a question and receive an answer.' },
+  store_memory:    { attrs: ['key'],                purpose: 'Persist a key/value to local memory (inline content = value).' },
+  recall_memory:   { attrs: ['key'],                purpose: 'Read a key from local memory.' },
+  list_memories:   { attrs: [],                     purpose: 'List memory keys.' },
+  system_info:     { attrs: [],                     purpose: 'Return platform, arch, host, memory, node version, cwd.' },
+};
 
-To store a value in persistent memory across sessions:
-<store_memory key="project_name">my-app</store_memory>
+function buildTagInventory() {
+  const lines = [];
+  for (const tag of Object.keys(TAG_REGISTRY)) {
+    const entry = TAG_REGISTRY[tag];
+    if (entry.type !== 'tool') continue;
+    if (WRAPPER_NAMES.has(tag)) continue;
+    const spec = TOOL_TAG_SPECS[tag] || { attrs: [], purpose: '' };
+    const attrPart = spec.attrs.length
+      ? ` [attrs: ${spec.attrs.join(', ')}]`
+      : '';
+    lines.push(`- <${tag}>${attrPart} — ${spec.purpose}`);
+  }
+  return lines.join('\n');
+}
 
-To retrieve a previously stored memory value:
-<recall_memory key="project_name"></recall_memory>
+const TAG_INVENTORY = buildTagInventory();
 
-To list all keys stored in persistent memory:
-<list_memories></list_memories>
+const SYSTEM_PROMPT_TEMPLATE = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. You have the ability to execute shell commands and file operations.
 
-To get system information (OS, CPU arch, memory, hostname, user):
-<system_info></system_info>
+## Available tool tags:
 
-To read an environment variable:
-<get_env>VARIABLE_NAME</get_env>
+${TAG_INVENTORY}
 
-To set an environment variable for the current session:
-<set_env name="VARIABLE_NAME" value="value"/>
+## Tool call syntax — use EXACTLY these forms:
 
-To plan your next action before executing a tool (hidden from user by default):
-<plan>your reasoning and planned next step here</plan>
+- Single-value inline-content tags: put the value directly between the tags as plain text. **Do NOT nest pseudo-tags like \`<path>\`, \`<command>\`, \`<url>\`, \`<key>\`, \`<name>\`, \`<pattern>\`, or \`<question>\` inside the body** — the parser treats the body as the literal value.
+  - Correct: \`<list_dir>/tmp/foo</list_dir>\`, \`<shell>ls -la</shell>\`, \`<read_file>/etc/hosts</read_file>\`, \`<download>https://x.com/f.zip</download>\`
+  - Wrong:   \`<list_dir><path>/tmp/foo</path></list_dir>\`, \`<shell><command>ls</command></shell>\`
+- Attribute tags: parameters go as quoted attributes on the opening tag; the body is either empty (self-closed) or real payload content (e.g. file bytes for \`write_file\`).
+  - Correct: \`<write_file path="/tmp/a.txt">actual file contents here</write_file>\`, \`<http_get url="https://example.com"/>\`, \`<move_file src="/a" dst="/b"/>\`
+  - Wrong:   \`<write_file><path>/tmp/a.txt</path><content>...</content></write_file>\`
 
 ## Reasoning vs planning — IMPORTANT:
 
 - Your internal chain-of-thought reasoning uses your native \`<think>...</think>\` block. Use it normally for deliberation. Do NOT treat \`<think>\` as a user-facing tool and do NOT try to emit \`<think>\` as an action — it is reserved for your own reasoning and is handled by the runtime.
 - When you need to explicitly record a short plan that the agent framework can see (for logging or hand-off between steps), use \`<plan>...</plan>\` instead. \`<plan>\` is a tool tag; \`<think>\` is not.
-- Never emit \`<think>\` as one of the "one tool tag per response" actions. The valid action tags are only the ones listed above (exec, read_file, write_file, plan, etc.).
+- Never emit \`<think>\` as an action. The valid action tags are the ones listed above.
 
 ## STRICT RULES — follow exactly:
 
-1. **ONE tool tag per response, no exceptions.** After emitting a tag, stop. Wait for the result. Then emit the next tag in your next response. Never put two or more action tags in the same response. (Your native \`<think>\` reasoning block does NOT count as a tool tag and may precede the action tag normally.)
+1. Emit tool tags as needed. If a step depends on a prior tool's result, wait for the result before the next call. Independent tool calls may be batched in a single response.
 2. **Always end your response with exactly one action tag** whenever the task is not yet complete. Do NOT end a response with only prose like "Let me create the files…" — that prose must be immediately followed by the actual tool tag in the same response. Preamble without a tool tag is a bug.
 3. Only use the exact tag names listed above. Unknown tag names will not be executed.
 4. When the user asks you to do something on their system, USE the tools — do NOT just print instructions.
 5. Each action will be shown to the user for approval before execution.
 6. After execution you will receive the result and can proceed with the next action in a new response.
 7. Be concise. Provide working solutions. Use markdown for code blocks in explanations.
-8. **Permission denied fallback:** If any tool action (write_file, delete_file, make_dir, etc.) is denied or returns a permission error, immediately retry the same operation using \`<exec>\` with an equivalent shell command (e.g. \`tee\`, \`rm\`, \`mkdir -p\`, \`cp\`, \`mv\`). Never give up after a single denial — the shell is always the fallback.
-9. If a shell command itself also fails with a permission error, immediately retry it prefixed with \`sudo\` (e.g. \`sudo tee /path\`, \`sudo mkdir -p /path\`). Do not ask — just try. Only stop and explain if sudo itself fails.
-10. Current working directory: ${process.cwd()}`;
+8. Current working directory: __CWD__
+
+Response contract (strict):
+Every response must end with exactly one of:
+  (a) a tool call, using one of the XML tags listed above; OR
+  (b) <final_answer>...</final_answer> containing your answer to the user.
+A response containing neither is invalid and will be rejected.
+Do not describe actions in prose outside these two forms. Either call the tool, or wrap your final reply in <final_answer>.`;
+
+const NATIVE_SYSTEM_PROMPT_TEMPLATE = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. Use the provided tools to execute shell commands and file operations; do not just print instructions. Each call is approved by the user before execution, and the result is returned to you for the next step.
+
+Use \`<think>...</think>\` for internal reasoning (runtime-handled; never emit as an action). Use \`<plan>...</plan>\` to record a short plan for the agent framework.
+
+Be concise. Use markdown for code blocks in explanations. Current working directory: __CWD__
+
+Response contract: every response must end with either (a) one or more tool calls, or (b) <final_answer>...</final_answer> containing your answer to the user. Prose outside those two forms is invalid.`;
+
+function getSystemPrompt(nativeTools = false) {
+  const template = nativeTools ? NATIVE_SYSTEM_PROMPT_TEMPLATE : SYSTEM_PROMPT_TEMPLATE;
+  return template.replace('__CWD__', process.cwd());
+}
 
 module.exports = {
-  SYSTEM_PROMPT,
+  getSystemPrompt,
 };