@semalt-ai/code 1.8.3 → 1.8.5

package/lib/config.js

@@ -20,6 +20,7 @@ function _maybeWarnApiKeyAny(cfg) {
   }
   if (_LOCAL_HOSTS.has(host)) return;
   _apiKeyAnyWarned = true;
+  // audit: allowed — pre-UI startup warning, fires once before TUI initialises.
   process.stderr.write(
     "⚠ api_key='any' against non-local endpoint — requests will likely fail " +
     "with 401. Run 'semalt-code config set api_key <key>' to set a real key.\n"
@@ -110,6 +111,18 @@ function configSet(key, value) {
   return cfg;
 }
 
+// Resolves whether the active profile uses native function calling.
+// Defaults to true if no profile match is found (matches normalizeConfig
+// default and the agent.js lookup fallback).
+function isNativeToolsActive(model) {
+  const cfg = loadConfig();
+  if (!Array.isArray(cfg.models)) return true;
+  const profile = cfg.models.find(
+    (p) => p && p.api_base === cfg.api_base && p.model === model
+  );
+  return !(profile && profile.native_tools === false);
+}
+
 const REDACTED_KEYS = new Set(['api_key', 'auth_token']);
 
 function configShow(systemPromptOverride = null) {
@@ -131,6 +144,7 @@ function configShow(systemPromptOverride = null) {
 module.exports = {
   configSet,
   configShow,
+  isNativeToolsActive,
   loadConfig,
   normalizeConfig,
   saveConfig,

package/lib/constants.js

@@ -12,7 +12,7 @@ const DEFAULT_CONFIG = {
   api_key: 'any',
   dashboard_url: 'https://cli.semalt.ai',
   auth_token: '',
-  default_model: 'default',
+  default_model: '',
   dashboard_model_id: null,
   temperature: 0.7,
   request_timeout_ms: DEFAULT_API_TIMEOUT_MS,

package/lib/debug.js

@@ -0,0 +1,106 @@
+'use strict';
+
+// Two mutually-exclusive debug modes, configured once at startup from the
+// CLI flags (--debug or --debug-file <path>).
+//
+//   off    — no debug output anywhere.
+//   simple — visible inline. Basic per-iteration info routed through
+//            writer.scrollback so the TUI keeps working (no SSE dumps,
+//            no per-chunk noise).
+//   file   — every debug call (basic AND extended) is written to a file.
+//            Nothing debug-related goes to stdout. The TUI stays clean.
+//
+// Two log functions with a clear semantic split:
+//
+//   log(line)         — "always-on" debug. Visible in simple mode (scrollback)
+//                       and file mode (file). Silent in off mode.
+//   logExtended(line) — extended traces (raw SSE, request bodies, delta
+//                       accumulators). Visible only in file mode.
+//
+// File-mode lines are formatted as `[ISO-timestamp] <line>\n` so they're
+// greppable and tail-friendly.
+
+const fs = require('fs');
+
+let mode = 'off';
+let fileStream = null;
+
+function init({ debug, debugFile } = {}) {
+  if (debug && debugFile) {
+    // Belt-and-braces: cli.js (args parser) errors out before this is ever
+    // reached. Throw rather than silently coerce so any internal misuse is
+    // surfaced loudly.
+    throw new Error('debug and debugFile are mutually exclusive');
+  }
+  if (debugFile) {
+    mode = 'file';
+    fileStream = fs.createWriteStream(debugFile, { flags: 'a' });
+    const ts = new Date().toISOString();
+    try {
+      fileStream.write(`\n[${ts}] [session] semalt-code debug session start pid=${process.pid}\n`);
+    } catch {}
+  } else if (debug) {
+    mode = 'simple';
+  } else {
+    mode = 'off';
+  }
+}
+
+function isActive()  { return mode !== 'off'; }
+function isSimple()  { return mode === 'simple'; }
+function isFile()    { return mode === 'file'; }
+function getMode()   { return mode; }
+
+function _writeFile(line) {
+  if (!fileStream) return;
+  const ts = new Date().toISOString();
+  try { fileStream.write(`[${ts}] ${line}\n`); } catch {}
+}
+
+// "Always-on" debug — visible in simple mode (scrollback) and file mode (file).
+// Silent in off mode. Multi-line input gets one timestamp per line in file mode
+// so each line stays greppable.
+function log(line) {
+  if (mode === 'off') return;
+  const s = String(line);
+  if (mode === 'simple') {
+    // Lazy-require to avoid a require cycle: writer pulls in this module
+    // for its own drift diagnostic.
+    const writer = require('./ui/writer');
+    writer.scrollback(s);
+  } else {
+    for (const l of s.split('\n')) _writeFile(l);
+  }
+}
+
+// Extended-only debug — visible in file mode only. Used for high-volume
+// per-chunk traces (raw SSE, request body dumps, accumulator state) that
+// would shred the TUI if printed inline.
+function logExtended(line) {
+  if (mode !== 'file') return;
+  const s = String(line);
+  for (const l of s.split('\n')) _writeFile(l);
+}
+
+function close() {
+  if (fileStream) {
+    try {
+      const ts = new Date().toISOString();
+      fileStream.write(`[${ts}] [session] end pid=${process.pid}\n`);
+      fileStream.end();
+    } catch {}
+    fileStream = null;
+  }
+  mode = 'off';
+}
+
+module.exports = {
+  init,
+  isActive,
+  isSimple,
+  isFile,
+  getMode,
+  log,
+  logExtended,
+  close,
+};

package/lib/permissions.js

@@ -1,5 +1,8 @@
 'use strict';
 
+const writer = require('./ui/writer');
+const messages = require('./ui/messages');
+
 const TIER_FS = ['read_file', 'write_file', 'append_file', 'delete_file', 'list_dir', 'make_dir', 'move_file', 'copy_file', 'file_stat', 'search_files', 'store_memory', 'recall_memory'];
 const TIER_EXEC = ['exec'];
 const TIER_NET = ['http_get', 'download'];
@@ -117,7 +120,7 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
     if (uiCallbacks) {
       uiCallbacks.onAddMessage({ role: 'system', content: `✓ Auto-approved: ${description}` });
     } else {
-      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approved: ${description}${RST}`);
+      messages.sysSuccess(`Auto-approved: ${description}`);
     }
   }
 
@@ -133,7 +136,7 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
     }
 
     if (!process.stdout.isTTY || !process.stdin.isTTY) {
-      process.stdout.write(`  [non-TTY] Auto-approving: ${description}\n`);
+      writer.scrollback(`  [non-TTY] Auto-approving: ${description}`);
       return true;
     }
 
@@ -155,13 +158,11 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
       return true;
     }
 
-    // Fallback: legacy TTY interactive select (used outside of chat UI)
+    // Fallback: TTY interactive select (used outside of chat UI)
     const alwaysLabel = tag ? `Yes, always for <${tag}>` : 'Yes, always';
     const choices = ['Yes', alwaysLabel, 'No'];
 
-    console.log();
-    console.log(`  ${FG_YELLOW}${BOLD}⚠ Permission required${RST}`);
-    console.log(`  ${FG_GRAY}${actionType}: ${description}${RST}`);
+    writer.scrollback(`\n  ${FG_YELLOW}${BOLD}⚠ Permission required${RST}\n  ${FG_GRAY}${actionType}: ${description}${RST}`);
 
     const selectedIndex = await interactiveSelect(
       choices,
@@ -174,13 +175,13 @@ function createPermissionManager(ui, { allowedTiers = [], readonly = false } = {
     );
 
     if (selectedIndex === null || selectedIndex === 2) {
-      console.log(`  ${FG_RED}✗${RST} ${FG_DARK}Denied${RST}`);
+      writer.scrollback(`  ${FG_RED}✗${RST} ${FG_DARK}Denied${RST}`);
       return false;
     }
 
     if (selectedIndex === 1 && tag) {
       state.sessionApprovedTags.add(tag);
-      console.log(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for <${tag}> this session${RST}`);
+      writer.scrollback(`  ${FG_GREEN}✓${RST} ${FG_DARK}Auto-approve enabled for <${tag}> this session${RST}`);
     }
 
     return true;

package/lib/proc.js

@@ -0,0 +1,96 @@
+'use strict';
+
+const dbg = require('./debug');
+
+// Platform-aware subprocess spawn + tree-kill helpers.
+//
+// Why this module exists: when a child is started with `shell: true`, the
+// PID Node hands back is the shell wrapper (`sh -c "..."` on POSIX, `cmd.exe
+// /c "..."` on Windows). Calling `child.kill()` kills the wrapper, but its
+// descendants (the actual `find`, `grep`, `bash` pipeline) become orphans
+// and keep running. To abort cleanly we have to kill the whole process tree.
+//
+// Constraint from the project: no other file imports `process.kill` or
+// `child.kill` directly — those calls live here. `tools.js` (and any future
+// caller) only knows about `spawnWithGroup` and `killTreeEscalating`.
+
+const isWindows = process.platform === 'win32';
+
+// Wrap `child_process.spawn` so the resulting child is addressable as a
+// process group. POSIX: `detached: true` makes the child a process-group
+// leader, so `process.kill(-pid, sig)` reaches all descendants. Windows:
+// taskkill /T walks the PID hierarchy itself, so `detached` is unnecessary
+// and actively harmful — it would spawn the child in a new console window.
+function spawnWithGroup(spawn, command, args, opts = {}) {
+  const finalOpts = { ...opts };
+  if (!isWindows) finalOpts.detached = true;
+  return spawn(command, args, finalOpts);
+}
+
+function killTree(child, signal) {
+  if (!child || child.killed || child.exitCode !== null || child.pid == null) return;
+  if (isWindows) {
+    // taskkill /T = traverse children, /F = force. windowsHide prevents the
+    // brief CMD window flash. Fire and forget — taskkill exits on its own
+    // and we don't care about its result code (the child's `exit` event is
+    // the authoritative signal).
+    const { spawn } = require('child_process');
+    try {
+      const args = ['/PID', String(child.pid), '/T'];
+      if (signal === 'SIGKILL') args.push('/F');
+      const tk = spawn('taskkill', args, { windowsHide: true, stdio: 'ignore' });
+      tk.on('error', () => {});
+      tk.unref();
+    } catch {
+      // taskkill failed to launch (PID already gone, or taskkill missing on
+      // a stripped-down Windows image). The child's exit event will still
+      // fire if the process is gone; nothing else to do here.
+    }
+  } else {
+    try {
+      // Negative PID = whole process group. Requires detached:true at spawn.
+      process.kill(-child.pid, signal || 'SIGTERM');
+    } catch (err) {
+      // ESRCH = process group already gone. Anything else is unexpected but
+      // not fatal — surface only when debug is active for triage.
+      if (err.code !== 'ESRCH') {
+        dbg.log(`[killTree] kill failed: ${err.code} ${err.message}`);
+      }
+    }
+  }
+}
+
+// Send SIGTERM (or taskkill graceful), wait 2s, escalate to SIGKILL (or
+// taskkill /F) if the tree didn't exit. Hard-coded 2s grace per the abort
+// requirements — long enough for well-behaved children to clean up, short
+// enough that a stuck `trap "" TERM` process doesn't tie up the agent.
+function killTreeEscalating(child) {
+  killTree(child, 'SIGTERM');
+  const escalation = setTimeout(() => {
+    if (child.exitCode === null && !child.killed) killTree(child, 'SIGKILL');
+  }, 2000);
+  // Don't keep the event loop alive solely for the escalation timer; if the
+  // process exits naturally first, the `once('exit')` listener clears it.
+  escalation.unref();
+  child.once('exit', () => clearTimeout(escalation));
+}
+
+// Future Windows-enablement notes:
+//   - Job objects (CreateJobObject API via a native binding) give stronger
+//     tree-kill guarantees than taskkill, especially for grandchild
+//     processes that detach themselves. Consider migrating if taskkill
+//     proves unreliable for nested children.
+//   - Windows has no SIGTERM/SIGKILL distinction at the OS level for
+//     spawned processes. taskkill (without /F) attempts WM_CLOSE-style
+//     graceful close; /F is a hard terminate. The 2s escalation here maps
+//     to "graceful taskkill, then forceful taskkill" — same shape as POSIX.
+//   - shell: true on Windows uses cmd.exe by default. Cross-platform
+//     command translation (find, grep, etc.) is the tool layer's problem,
+//     not this module's.
+
+module.exports = {
+  spawnWithGroup,
+  killTree,
+  killTreeEscalating,
+  isWindows,
+};

package/lib/prompts.js

@@ -9,6 +9,7 @@ const WRAPPER_NAMES = new Set([
   'parameter',
   'tool_call',
   'function_call',
+  'function',
 ]);
 
 // For each tool tag: required attributes and a one-line purpose.
@@ -32,7 +33,7 @@ const TOOL_TAG_SPECS = {
   edit_file:       { attrs: ['path', 'line'],       purpose: 'Replace a single line in a file (inline content = new line).' },
   search_files:    { attrs: ['pattern?', 'dir?'],   purpose: 'Find files by glob pattern.' },
   search_in_file:  { attrs: ['path'],               purpose: 'Regex search inside a file (inline content = pattern).' },
-  replace_in_file: { attrs: ['path', 'search', 'replace'], purpose: 'Regex replace inside a file.' },
+  replace_in_file: { attrs: ['path', 'search', 'replace'], purpose: 'Regex replace inside a file; inline content is interpreted as regex flags (e.g. g, i, gi).' },
   get_env:         { attrs: [],                     purpose: 'Read an env var (inline content = name).' },
   set_env:         { attrs: ['name', 'value'],      purpose: 'Set an env var for this process.' },
   download:        { attrs: [],                     purpose: 'HTTP download to the CWD (inline content = URL).' },
@@ -80,8 +81,8 @@ ${TAG_INVENTORY}
 ## Reasoning vs planning — IMPORTANT:
 
 - Your internal chain-of-thought reasoning uses your native \`<think>...</think>\` block. Use it normally for deliberation. Do NOT treat \`<think>\` as a user-facing tool and do NOT try to emit \`<think>\` as an action — it is reserved for your own reasoning and is handled by the runtime.
-- When you need to explicitly record a short plan that the agent framework can see (for logging or hand-off between steps), use \`<plan>...</plan>\` instead. \`<plan>\` is a tool tag; \`<think>\` is not.
-- Never emit \`<think>\` as an action. The valid action tags are the ones listed above.
+- When you need to explicitly record a short plan that the agent framework can see (for logging or hand-off between steps), use \`<plan>...</plan>\` instead. Both \`<think>\` and \`<plan>\` are display-only tags handled by the runtime — never emit either as an action.
+- The valid action tags are the ones listed above.
 
 ## STRICT RULES — follow exactly:
 
@@ -94,12 +95,9 @@ ${TAG_INVENTORY}
 7. Be concise. Provide working solutions. Use markdown for code blocks in explanations.
 8. Current working directory: __CWD__
 
-Response contract (strict):
-Every response must end with exactly one of:
-  (a) a tool call, using one of the XML tags listed above; OR
-  (b) <final_answer>...</final_answer> containing your answer to the user.
-A response containing neither is invalid and will be rejected.
-Do not describe actions in prose outside these two forms. Either call the tool, or wrap your final reply in <final_answer>.`;
+Response contract:
+- If the task requires an action, emit the appropriate tool tag(s) — do not narrate intended actions in prose without the tag.
+- If the task is complete or the user's question can be answered directly without running a tool, reply in plain prose. No special wrapper is needed.`;
 
 const NATIVE_SYSTEM_PROMPT_TEMPLATE = `You are Semalt.AI, an expert AI coding assistant running in the user's terminal. Use the provided tools to execute shell commands and file operations; do not just print instructions. Each call is approved by the user before execution, and the result is returned to you for the next step.
 
@@ -107,7 +105,7 @@ Use \`<think>...</think>\` for internal reasoning (runtime-handled; never emit a
 
 Be concise. Use markdown for code blocks in explanations. Current working directory: __CWD__
 
-Response contract: every response must end with either (a) one or more tool calls, or (b) <final_answer>...</final_answer> containing your answer to the user. Prose outside those two forms is invalid.`;
+Response contract: if the task requires an action, emit one or more tool calls — do not narrate intended actions in prose without the tool call. Otherwise, answer in plain prose; no special wrapper is needed.`;
 
 function getSystemPrompt(nativeTools = false) {
   const template = nativeTools ? NATIVE_SYSTEM_PROMPT_TEMPLATE : SYSTEM_PROMPT_TEMPLATE;

package/lib/tool_specs.js

@@ -75,9 +75,10 @@ const TOOL_SPECS = {
         content: {
           type: 'string',
           description: 'Full UTF-8 text to write as the new file contents',
+          default: '',
         },
       },
-      required: ['path', 'content'],
+      required: ['path'],
     },
   },
 
@@ -93,9 +94,10 @@ const TOOL_SPECS = {
         content: {
           type: 'string',
           description: 'Full UTF-8 text to write as the initial file contents',
+          default: '',
         },
       },
-      required: ['path', 'content'],
+      required: ['path'],
     },
   },
 
@@ -111,9 +113,10 @@ const TOOL_SPECS = {
         content: {
           type: 'string',
           description: 'UTF-8 text to append to the end of the file',
+          default: '',
         },
       },
-      required: ['path', 'content'],
+      required: ['path'],
     },
   },
 
@@ -241,9 +244,10 @@ const TOOL_SPECS = {
         content: {
           type: 'string',
           description: 'New text for the target line; trailing newline is added automatically when the file is rejoined',
+          default: '',
         },
       },
-      required: ['path', 'line', 'content'],
+      required: ['path', 'line'],
     },
   },
 
@@ -255,6 +259,7 @@ const TOOL_SPECS = {
         pattern: {
           type: 'string',
           description: 'Glob pattern such as "*.ts" or "src/**/*.js"; matches against the basename when the pattern contains no slash, otherwise against the relative path',
+          default: '*',
         },
         dir: {
           type: 'string',
@@ -262,7 +267,7 @@ const TOOL_SPECS = {
           default: '.',
         },
       },
-      required: ['pattern'],
+      required: [],
     },
   },
 
@@ -300,6 +305,7 @@ const TOOL_SPECS = {
         replace: {
           type: 'string',
           description: 'Replacement string; supports the standard $1, $2, $& back-references',
+          default: '',
         },
         flags: {
           type: 'string',
@@ -307,7 +313,7 @@ const TOOL_SPECS = {
           default: '',
         },
       },
-      required: ['path', 'search', 'replace'],
+      required: ['path', 'search'],
     },
   },
 
@@ -370,9 +376,10 @@ const TOOL_SPECS = {
         content: {
           type: 'string',
           description: 'Base64-encoded payload to decode and write as the file contents',
+          default: '',
         },
       },
-      required: ['path', 'content'],
+      required: ['path'],
     },
   },