@semalt-ai/code 1.8.1 → 1.8.4

package/.claude/settings.local.json

@@ -2,7 +2,20 @@
   "permissions": {
     "allow": [
       "Bash(grep -oP '.{0,120}chat:stash.{0,120}' /usr/local/lib/node_modules/@anthropic-ai/claude-code/cli.js)",
-      "Bash(grep -oP '.{0,100}externalEditor.{0,100}' /usr/local/lib/node_modules/@anthropic-ai/claude-code/cli.js)"
+      "Bash(grep -oP '.{0,100}externalEditor.{0,100}' /usr/local/lib/node_modules/@anthropic-ai/claude-code/cli.js)",
+      "Bash(node *)",
+      "Bash(git -C /srv/www/ai/semalt-code diff lib/constants.js lib/agent.js lib/prompts.js lib/tools.js)",
+      "Bash(git *)",
+      "WebFetch(domain:api.github.com)",
+      "WebFetch(domain:raw.githubusercontent.com)",
+      "WebFetch(domain:github.com)",
+      "Bash(xargs -I{} sh -c 'head -c 3000 \"$1\"' _ {})",
+      "Bash(xargs -I{} sh -c 'echo \"=== $1 ===\"; head -c 500 \"$1\"; echo' _ {})",
+      "Bash(xargs -I{} sh -c 'echo \"=== $1 ===\"; python3 -c \"import json,sys; d=json.load\\(open\\(\\\\\"$1\\\\\"\\)\\); print\\(len\\(d.get\\(\\\\\"messages\\\\\",[]\\)\\), \\\\\"msgs; roles:\\\\\", [m.get\\(\\\\\"role\\\\\"\\) for m in d.get\\(\\\\\"messages\\\\\",[]\\)[:20]]\\)\"' _ {})",
+      "Bash(python3 *)",
+      "Read(//tmp/**)",
+      "Bash(sed -i \"s/addMessage\\('>>> AI MSG 2'.*$/addMessage\\('>>> AI MSG 2',   ['response body 2a', 'response body 2b']\\);\\\\nfor \\(let k = 3; k <= 8; k++\\) { addMessage\\('>>> USER MSG ' + k, ['line body ' + k]\\); addMessage\\('>>> AI MSG ' + k, ['response body ' + k + 'a', 'response body ' + k + 'b']\\); }/\" scroll-capture.js)",
+      "Bash(echo \"exit=$?\")"
     ]
   }
 }

package/CLAUDE.md

@@ -299,7 +299,7 @@ Managed by `lib/config.js`. Normalized on every load. The config directory is cr
 - `max_output_lines` caps shell and HTTP response lines returned to the agent (default 50).
 - `show_token_count` controls whether token count is shown in the status bar.
 - `show_cost` reserved for future cost-display feature.
-- `context_length` / `models[].context_length` — token limit used for context-usage bar and warnings.
+- `context_length` / `models[].context_length` — token limit used for context-usage bar, warnings, and proactive trimming. Self-calibrating: when a request triggers a context-overflow 400 (`"context length is only N"`), `api.js` parses the real window, persists it to `config.context_length` (and to the matching `models[]` entry), and trims to ~90% of it on subsequent calls. The value is never cached in memory only — a restart keeps the learned limit.
 - Local `models[]` entries override dashboard models when selected.
 
 ---
@@ -311,6 +311,7 @@ Managed by `lib/config.js`. Normalized on every load. The config directory is cr
 - **Streaming**: `api.js` manually parses `text/event-stream`. The parser in `chatStream()` handles partial JSON lines — be careful editing it.
 - **Permissions are per-session**: `PermissionManager` resets on each CLI invocation. Approvals never persist to disk. In non-TTY mode all tool calls are auto-approved with a warning.
 - **Token counting is approximate**: `estimateTokens()` divides char count by 4. It is used only for the `/compact` display — do not rely on it for hard limits.
+- **Context trimming is proactive when a limit is known**: `chatStream()` uses the in-process `_sessionInputLimits` learned from a prior 400 overflow first, then falls back to `config.context_length * 0.9`. When neither is set, no pre-flight trim runs and the client relies on the reactive 400/413 handler (which then persists the discovered window). `Metrics.tokenLimitStatus()` returns `{ used, limit: null }` until a limit is learned, so the status bar shows "N tok · limit unknown" instead of hiding the line.
 - **Tool output is truncated**: `tools.js` caps output at `max_output_lines` (default 50). Configurable via config.
 - **Max 10 agent iterations**: hard-coded in `agent.js`. Prevents runaway loops.
 - **Malformed tags are skipped**: each tool dispatch in the agent loop is wrapped in try/catch; errors emit a warning line and continue to the next tool call.

package/index.js

@@ -8,6 +8,7 @@ const path = require('path');
 const { PACKAGE_JSON } = require('./lib/constants');
 const { loadConfig, saveConfig, configSet, configShow } = require('./lib/config');
 const ui = require('./lib/ui');
+const { registerTerminalCleanup } = require('./lib/ui/terminal');
 const { createPermissionManager } = require('./lib/permissions');
 const { createToolExecutor, extractToolCalls } = require('./lib/tools');
 const { readFileContext } = require('./lib/context');
@@ -17,6 +18,12 @@ const { createCommands } = require('./lib/commands');
 const { parseArgs } = require('./lib/args');
 const { CONFIG_PATH } = require('./lib/constants');
 const { AUDIT_LOG } = require('./lib/audit');
+const writer = require('./lib/ui/writer');
+
+// Install process-wide signal handlers so every exit path (normal, SIGINT,
+// SIGHUP, SIGTERM, uncaught exception) restores the terminal. Safe to call
+// from multiple entrypoints — the function is internally idempotent.
+registerTerminalCleanup();
 
 let config = loadConfig();
 
@@ -53,10 +60,14 @@ const apiClient = createApiClient({
 });
 const { runAgentLoop } = createAgentRunner({
   chatStream: apiClient.chatStream,
-  extractToolCalls,
+  extractToolCalls: (reply, options = {}) => extractToolCalls(reply, {
+    repairMalformedXml: !!getConfig().repair_malformed_tool_xml,
+    ...options,
+  }),
   agentExecShell,
   agentExecFile,
   ui,
+  getConfig,
 });
 const commands = createCommands({
   getConfig,
@@ -80,7 +91,7 @@ async function main() {
   const command = rawArgs[0];
 
   if (command === '--help' || command === '-h') {
-    console.log(`
+    writer.scrollback(`
 Semalt.AI — Self-hosted AI Coding Assistant
 
 Usage: semalt-code [command] [options]
@@ -113,17 +124,20 @@ Options:
   --allow-exec            Auto-approve shell command execution
   --allow-net             Auto-approve network operations
   --allow-all             Auto-approve everything (use carefully)
+  --allow-anywhere        Allow writes outside the project CWD and in sensitive dirs
   --readonly              Block all write operations
   --new                   Skip session resume prompt
   -v, --version           Show CLI version
 
 Config: ${CONFIG_PATH}
 `);
+    await writer.flush();
     return;
   }
 
   if (command === '--version' || command === '-v') {
-    console.log(PACKAGE_JSON.version);
+    writer.scrollback(PACKAGE_JSON.version);
+    await writer.flush();
     return;
   }
 
@@ -159,20 +173,22 @@ Config: ${CONFIG_PATH}
         try {
           const entry = JSON.parse(line);
           const icon = entry.approved ? `${ui.FG_GREEN}✓${ui.RST}` : `${ui.FG_RED}✗${ui.RST}`;
-          console.log(`${icon} ${line}`);
+          writer.scrollback(`${icon} ${line}`);
         } catch {
-          console.log(line);
+          writer.scrollback(line);
         }
       }
     } catch {
-      console.log('No audit log found.');
+      writer.scrollback('No audit log found.');
     }
+    await writer.flush();
   } else if (command === 'config') {
     const sub = rawArgs[1];
     if (sub === 'set') {
       const key = rawArgs[2];
       const value = rawArgs[3];
       if (!key || value === undefined) {
+        // audit: allowed — pre-UI argparse usage error to stderr; exits immediately.
         process.stderr.write(`Usage: semalt-code config set <key> <value>\n`);
         process.exit(1);
       }
@@ -183,11 +199,12 @@ Config: ${CONFIG_PATH}
         parsed = value;
       }
       configSet(key, parsed);
-      console.log(`Set ${key} = ${JSON.stringify(parsed)}`);
+      writer.scrollback(`Set ${key} = ${JSON.stringify(parsed)}`);
     } else {
       // default: "show" or bare "config"
-      console.log(configShow());
+      writer.scrollback(configShow());
     }
+    await writer.flush();
   } else {
     const { opts } = parseArgs(rawArgs);
     await commands.cmdChat(opts);
@@ -195,6 +212,10 @@ Config: ${CONFIG_PATH}
 }
 
 main().catch((error) => {
+  // Tear down the TUI synchronously so the error message lands below the
+  // last scrollback line, not on top of a still-rendered live region.
+  try { ui.teardownTerminal(); } catch {}
+  // audit: allowed — fatal error message to stderr after writer teardown.
   process.stderr.write(`\n  ${ui.FG_RED}✗ Fatal: ${error.message}${ui.RST}\n\n`);
   process.exit(1);
 });