@semalt-ai/code 1.8.3 → 1.8.5

package/.claude/settings.local.json

@@ -15,7 +15,9 @@
       "Bash(python3 *)",
       "Read(//tmp/**)",
       "Bash(sed -i \"s/addMessage\\('>>> AI MSG 2'.*$/addMessage\\('>>> AI MSG 2',   ['response body 2a', 'response body 2b']\\);\\\\nfor \\(let k = 3; k <= 8; k++\\) { addMessage\\('>>> USER MSG ' + k, ['line body ' + k]\\); addMessage\\('>>> AI MSG ' + k, ['response body ' + k + 'a', 'response body ' + k + 'b']\\); }/\" scroll-capture.js)",
-      "Bash(echo \"exit=$?\")"
+      "Bash(echo \"exit=$?\")",
+      "Bash(echo \"---grep done, exit=$?---\")",
+      "Bash(grep *)"
     ]
   }
 }

package/CLAUDE.md

@@ -87,7 +87,10 @@ semalt-code config [set <key> <val>]   # show or update config keys
 --dashboard-url <url>     dashboard base URL (overrides config)
 --default-model <name>    set default model in config
 --show-think              display model reasoning (thinking) content
---debug                   print raw AI response (stderr) each iteration
+--debug                   inline debug: per-iteration debug block in chat history (TUI-safe)
+--debug-file <path>       extended debug: per-iteration block + raw SSE chunks
+                          + request body dumps written to <path>, nothing to stdout.
+                          Mutually exclusive with --debug.
 --allow-fs                auto-approve all filesystem operations
 --allow-exec              auto-approve shell command execution
 --allow-net               auto-approve network operations

package/TECHNICAL_DEBT.md

@@ -0,0 +1,66 @@
+## Activity region in-place update breaks when a modal is open
+
+When a modal occupies screen lines below an active activity bubble, the
+activity region's redraw mechanism appears to fall back to scrollback
+append per tick instead of in-place rewrite. Surfaced via the `ask_user`
+ticking-timer bug; mitigated by making `ask_user` a static bubble.
+
+Latent: any future long-running tool that opens a modal concurrently
+(none today) will reproduce the fragmentation. Fix likely involves
+making the activity region modal-aware in `lib/ui/writer.js` — when a
+modal region is active, route activity updates through a path that
+clears modal, redraws activity, redraws modal — or reserves activity
+above the modal in a way that survives modal lifecycle.
+
+Not blocking. Revisit if a second use-case appears.
+
+## `cmdShell` and `chatStream` write to stdout bypassing the writer
+
+Several call sites currently emit directly to `process.stdout.write`
+without going through `lib/ui/writer.js`:
+
+- `lib/commands.js` (`cmdShell`)
+- `lib/api.js` (streaming output path)
+
+These were flagged during the Phase 2 writer audit and annotated as
+`// audit: allowed` because they need to interleave with synchronous
+writes from `StreamRenderer`. Routing them through the writer today
+would require buffering or sequencing changes that don't compose with
+how `StreamRenderer` flushes content per chunk.
+
+Resolves when: `StreamRenderer` itself is migrated to write through
+the writer. After that, the bypass annotations can be removed and
+these call sites become normal `writer.scrollback(...)` calls.
+
+Not blocking. The audit annotation makes the bypass intentional and
+greppable. Revisit when `StreamRenderer` migration is on the table.
+
+## Tool result storage: single `content` field used for both model and UI
+
+Storage (PHP backend, MySQL `messages` table) holds one `content` field
+per tool result. The full payload is required for the model on
+subsequent turns, but the UI needs a compact summary (e.g. `net · GET
+https://... · 200 · 256 KB`).
+
+Today this is handled UI-side: `summarizeToolResult` in
+`lib/ui/format.js` runs read-side heuristics on the raw `content` every
+time `/history` renders. Heuristics cover HTTP, exec, file ops, with
+a fallback for unknown shapes. They work in practice but are a
+compromise — any tool whose output format drifts will fall through to
+the generic fallback until the heuristic is updated.
+
+Full fix: storage holds both `content` (full, model-bound) and
+`display` (pre-rendered summary, UI-bound). Summary is generated
+write-side at tool execution time, when the live activity bubble
+already produces the right string — that string just needs to be
+captured and persisted alongside the full content.
+
+Resolves when: backend schema migration for native function calling
+lands (Phase 2.2 of the native-tools plan, which already touches the
+`messages` table). Adding a `display` column in the same migration is
+cheap; doing it as a separate migration later is not. When this lands,
+`summarizeToolResult` becomes unnecessary for new tool results; it
+stays only as a fallback for legacy rows lacking `display`.
+
+Not blocking — current heuristics cover all 33 tools' output shapes.
+Track until Phase 2.2 lands.

package/index.js

@@ -18,6 +18,7 @@ const { createCommands } = require('./lib/commands');
 const { parseArgs } = require('./lib/args');
 const { CONFIG_PATH } = require('./lib/constants');
 const { AUDIT_LOG } = require('./lib/audit');
+const writer = require('./lib/ui/writer');
 
 // Install process-wide signal handlers so every exit path (normal, SIGINT,
 // SIGHUP, SIGTERM, uncaught exception) restores the terminal. Safe to call
@@ -48,7 +49,7 @@ if (_argv.includes('--allow-all')) {
 const _readonly = _argv.includes('--readonly');
 
 const permissionManager = createPermissionManager(ui, { allowedTiers: _allowedTiers, readonly: _readonly });
-const { agentExecShell, agentExecFile } = createToolExecutor(permissionManager, ui, getConfig);
+const { agentExecShell, agentExecFile, describePermission } = createToolExecutor(permissionManager, ui, getConfig);
 const apiClient = createApiClient({
   getConfig,
   saveConfig: (nextConfig) => {
@@ -65,6 +66,8 @@ const { runAgentLoop } = createAgentRunner({
   }),
   agentExecShell,
   agentExecFile,
+  describePermission,
+  permissionManager,
   ui,
   getConfig,
 });
@@ -90,7 +93,7 @@ async function main() {
   const command = rawArgs[0];
 
   if (command === '--help' || command === '-h') {
-    console.log(`
+    writer.scrollback(`
 Semalt.AI — Self-hosted AI Coding Assistant
 
 Usage: semalt-code [command] [options]
@@ -118,7 +121,12 @@ Options:
   --dashboard-url <url>   Dashboard URL           (init)
   --default-model <name>  Default model           (init)
   --show-think            Display model reasoning (thinking) content
-  --debug                 Print messages sent to agent + raw AI response (stderr) each iteration
+  --debug                 Inline debug output: per-iteration debug block in the
+                          chat history. TUI-safe; no per-chunk noise.
+  --debug-file <path>     Extended debug to file: per-iteration block PLUS raw
+                          SSE chunks, request body dumps, accumulator state,
+                          and other high-volume traces. Nothing prints to stdout
+                          — the TUI stays clean. Mutually exclusive with --debug.
   --allow-fs              Auto-approve all filesystem operations
   --allow-exec            Auto-approve shell command execution
   --allow-net             Auto-approve network operations
@@ -130,11 +138,13 @@ Options:
 
 Config: ${CONFIG_PATH}
 `);
+    await writer.flush();
     return;
   }
 
   if (command === '--version' || command === '-v') {
-    console.log(PACKAGE_JSON.version);
+    writer.scrollback(PACKAGE_JSON.version);
+    await writer.flush();
     return;
   }
 
@@ -170,20 +180,22 @@ Config: ${CONFIG_PATH}
         try {
           const entry = JSON.parse(line);
           const icon = entry.approved ? `${ui.FG_GREEN}✓${ui.RST}` : `${ui.FG_RED}✗${ui.RST}`;
-          console.log(`${icon} ${line}`);
+          writer.scrollback(`${icon} ${line}`);
         } catch {
-          console.log(line);
+          writer.scrollback(line);
         }
       }
     } catch {
-      console.log('No audit log found.');
+      writer.scrollback('No audit log found.');
     }
+    await writer.flush();
   } else if (command === 'config') {
     const sub = rawArgs[1];
     if (sub === 'set') {
       const key = rawArgs[2];
       const value = rawArgs[3];
       if (!key || value === undefined) {
+        // audit: allowed — pre-UI argparse usage error to stderr; exits immediately.
         process.stderr.write(`Usage: semalt-code config set <key> <value>\n`);
         process.exit(1);
       }
@@ -194,11 +206,12 @@ Config: ${CONFIG_PATH}
         parsed = value;
       }
       configSet(key, parsed);
-      console.log(`Set ${key} = ${JSON.stringify(parsed)}`);
+      writer.scrollback(`Set ${key} = ${JSON.stringify(parsed)}`);
     } else {
       // default: "show" or bare "config"
-      console.log(configShow());
+      writer.scrollback(configShow());
     }
+    await writer.flush();
   } else {
     const { opts } = parseArgs(rawArgs);
     await commands.cmdChat(opts);
@@ -209,6 +222,7 @@ main().catch((error) => {
   // Tear down the TUI synchronously so the error message lands below the
   // last scrollback line, not on top of a still-rendered live region.
   try { ui.teardownTerminal(); } catch {}
+  // audit: allowed — fatal error message to stderr after writer teardown.
   process.stderr.write(`\n  ${ui.FG_RED}✗ Fatal: ${error.message}${ui.RST}\n\n`);
   process.exit(1);
 });