npm - @shawnstack/quickforge - Versions diffs - 1.3.23 → 1.3.25 - Mend

@shawnstack/quickforge 1.3.23 → 1.3.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (54) hide show

package/README.md +15 -15
package/dist/assets/anthropic-B1_Yrokl.js +39 -0
package/dist/assets/azure-openai-responses-UMiOBCBd.js +1 -0
package/dist/assets/google-BLE_Gcd1.js +1 -0
package/dist/assets/google-shared-Cqjw1plk.js +11 -0
package/dist/assets/google-vertex-6_sIZLVc.js +1 -0
package/dist/assets/{icons-WD3UkVNM.js → icons-Bs7OG8yi.js} +1 -1
package/dist/assets/{index-CjTN0qaQ.js → index-C3bc5C3k.js} +576 -561
package/dist/assets/index-C7oT9Rdw.css +3 -0
package/dist/assets/{mistral-Ber29mja.js → mistral-DmZEmRkv.js} +1 -1
package/dist/assets/openai-codex-responses-i_SmQGzQ.js +7 -0
package/dist/assets/openai-completions-BmmZFDDY.js +5 -0
package/dist/assets/openai-prompt-cache-CErE62Yt.js +1 -0
package/dist/assets/openai-responses-C8tPdeE9.js +1 -0
package/dist/assets/{openai-responses-shared-a_PAPxTO.js → openai-responses-shared-DchtjQNp.js} +1 -1
package/dist/assets/openrouter-CcTv1G_v.js +1 -0
package/dist/assets/react-vendor-Cu-7p9CI.js +61 -0
package/dist/assets/sanitize-unicode-BhyPmlyt.js +1 -0
package/dist/assets/transform-messages-Dhj_4OTw.js +1 -0
package/dist/index.html +4 -4
package/package.json +6 -3
package/server/agent-manager.mjs +144 -151
package/server/ai-http-logger.mjs +20 -5
package/server/approval-store.mjs +63 -0
package/server/custom-commands.mjs +8 -0
package/server/index.mjs +1 -1
package/server/message-converters.mjs +79 -0
package/server/project-config.mjs +7 -9
package/server/routes/agent-profiles.mjs +1 -1
package/server/routes/agent.mjs +15 -1
package/server/routes/filesystem.mjs +18 -2
package/server/routes/project.mjs +33 -1
package/server/routes/scheduled-tasks.mjs +1 -1
package/server/routes/storage.mjs +66 -31
package/server/routes/terminal.mjs +28 -3
package/server/routes/workspace.mjs +43 -1
package/server/session-utils.mjs +1 -1
package/server/storage.mjs +78 -2
package/server/terminal/terminal-manager.mjs +12 -0
package/server/tool-wiring.mjs +87 -0
package/server/utils/workspace.mjs +20 -1
package/dist/assets/anthropic-CDKnv1FQ.js +0 -39
package/dist/assets/azure-openai-responses-BnUwVl-8.js +0 -1
package/dist/assets/google-DOEyCDZy.js +0 -1
package/dist/assets/google-shared-CLc4ziON.js +0 -11
package/dist/assets/google-vertex-BPPf3car.js +0 -1
package/dist/assets/index-eeLjaV06.css +0 -3
package/dist/assets/openai-codex-responses-D8gq8a3l.js +0 -7
package/dist/assets/openai-completions-CATWPFBp.js +0 -5
package/dist/assets/openai-responses-DxcB6Ksu.js +0 -1
package/dist/assets/react-vendor-BcQaTQ90.js +0 -9
package/dist/assets/transform-messages-CmnxG9RB.js +0 -1
/package/dist/assets/{hash-Bt1aVMQ3.js → hash-kZ2KD_no.js} +0 -0
/package/dist/assets/{openai-Cn7eGqwa.js → openai-Bf1npfRy.js} +0 -0

package/dist/assets/sanitize-unicode-BhyPmlyt.js ADDED Viewed

	@@ -0,0 +1 @@
1	+ function e(e){return e.replace(/[\uD800-\uDBFF](?![\uDC00-\uDFFF])\|(?<![\uD800-\uDBFF])[\uDC00-\uDFFF]/g,``)}export{e as t};

package/dist/assets/transform-messages-Dhj_4OTw.js ADDED Viewed

@@ -0,0 +1 @@

+ function e(e,t,n){return{temperature:t?.temperature,maxTokens:t?.maxTokens,signal:t?.signal,apiKey:n||t?.apiKey,transport:t?.transport,cacheRetention:t?.cacheRetention,sessionId:t?.sessionId,headers:t?.headers,onPayload:t?.onPayload,onResponse:t?.onResponse,timeoutMs:t?.timeoutMs,maxRetries:t?.maxRetries,maxRetryDelayMs:t?.maxRetryDelayMs,metadata:t?.metadata}}function t(e){return e===`xhigh`?`high`:e}function n(e,n,r,i){let a={minimal:1024,low:2048,medium:8192,high:16384,...i}[t(r)],o=e===void 0?n:Math.min(e+a,n);return o<=a&&(a=Math.max(0,o-1024)),{maxTokens:o,thinkingBudget:a}}var r=`(image omitted: model does not support images)`,i=`(tool image omitted: model does not support images)`;function a(e,t){let n=[],r=!1;for(let i of e){if(i.type===`image`){r||n.push({type:`text`,text:t}),r=!0;continue}n.push(i),r=i.text===t}return n}function o(e,t){return t.input.includes(`image`)?e:e.map(e=>e.role===`user`&&Array.isArray(e.content)?{...e,content:a(e.content,r)}:e.role===`toolResult`?{...e,content:a(e.content,i)}:e)}function s(e,t,n){let r=new Map,i=o(e,t).map(e=>{if(e.role===`user`)return e;if(e.role===`toolResult`){let t=r.get(e.toolCallId);return t&&t!==e.toolCallId?{...e,toolCallId:t}:e}if(e.role===`assistant`){let i=e,a=i.provider===t.provider&&i.api===t.api&&i.model===t.id,o=i.content.flatMap(e=>{if(e.type===`thinking`)return e.redacted?a?e:[]:a&&e.thinkingSignature?e:!e.thinking||e.thinking.trim()===``?[]:a?e:{type:`text`,text:e.thinking};if(e.type===`text`)return a?e:{type:`text`,text:e.text};if(e.type===`toolCall`){let o=e,s=o;if(!a&&o.thoughtSignature&&(s={...o},delete s.thoughtSignature),!a&&n){let e=n(o.id,t,i);e!==o.id&&(r.set(o.id,e),s={...s,id:e})}return s}return e});return{...i,content:o}}return e}),a=[],s=[],c=new Set,l=()=>{if(s.length>0){for(let e of s)c.has(e.id)||a.push({role:`toolResult`,toolCallId:e.id,toolName:e.name,content:[{type:`text`,text:`No result provided`}],isError:!0,timestamp:Date.now()});s=[],c=new Set}};for(let e=0;e<i.length;e++){let t=i[e];if(t.role===`assistant`){l();let e=t;if(e.stopReason===`error`||e.stopReason===`aborted`)continue;let n=e.content.filter(e=>e.type===`toolCall`);n.length>0&&(s=n,c=new Set),a.push(t)}else t.role===`toolResult`?(c.add(t.toolCallId),a.push(t)):(t.role===`user`&&l(),a.push(t))}return l(),a}export{n,e as r,s as t};

package/dist/index.html CHANGED Viewed

@@ -11,13 +11,13 @@
     <meta name="apple-mobile-web-app-title" content="QuickForge" />
     <meta name="apple-mobile-web-app-status-bar-style" content="black-translucent" />
     <title>速构 QuickForge</title>
-    <script type="module" crossorigin src="/assets/index-CjTN0qaQ.js"></script>
+    <script type="module" crossorigin src="/assets/index-C3bc5C3k.js"></script>
     <link rel="modulepreload" crossorigin href="/assets/rolldown-runtime-CkqCuyE9.js">
     <link rel="modulepreload" crossorigin href="/assets/lit-vendor-Dr3cpBGF.js">
     <link rel="modulepreload" crossorigin href="/assets/css-utils-rkE68RDy.js">
-    <link rel="modulepreload" crossorigin href="/assets/icons-WD3UkVNM.js">
-    <link rel="modulepreload" crossorigin href="/assets/react-vendor-BcQaTQ90.js">
-    <link rel="stylesheet" crossorigin href="/assets/index-eeLjaV06.css">
+    <link rel="modulepreload" crossorigin href="/assets/icons-Bs7OG8yi.js">
+    <link rel="modulepreload" crossorigin href="/assets/react-vendor-Cu-7p9CI.js">
+    <link rel="stylesheet" crossorigin href="/assets/index-C7oT9Rdw.css">
   </head>
   <body>
     <div id="root"></div>

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@shawnstack/quickforge",
-  "version": "1.3.23",
+  "version": "1.3.25",
   "description": "AI chat application with YOLO-mode local workspace tools. React + Vite + Tailwind CSS frontend, local Node.js storage server.",
   "keywords": [
     "ai",
@@ -42,8 +42,11 @@
     "package.json"
   ],
   "dependencies": {
-    "@mariozechner/pi-agent-core": "^0.73.1",
-    "@mariozechner/pi-ai": "^0.73.1",
+    "@dnd-kit/core": "^6.3.1",
+    "@dnd-kit/sortable": "^10.0.0",
+    "@dnd-kit/utilities": "^3.2.2",
+    "@earendil-works/pi-agent-core": "^0.75.3",
+    "@earendil-works/pi-ai": "^0.75.3",
     "@modelcontextprotocol/sdk": "^1.29.0",
     "ws": "^8.20.1"
   },

package/server/agent-manager.mjs CHANGED Viewed

@@ -1,17 +1,17 @@
 import { EventEmitter } from 'node:events'
 import { randomUUID } from 'node:crypto'
-import { Agent } from '@mariozechner/pi-agent-core'
+import { Agent } from '@earendil-works/pi-agent-core'
 import { streamSimpleWithAiHttpLogging } from './ai-http-logger.mjs'
-import { toolHandlers, loadSkillToolContext, abortRunningCommand } from './tools/index.mjs'
+import { loadSkillToolContext, abortRunningCommand } from './tools/index.mjs'
 import { createSkillTools, workspaceTools } from './tools/definitions.mjs'
-import { callMcpTool, createMcpToolDefinitions, isMcpToolName } from './mcp/registry.mjs'
+import { createMcpToolDefinitions, isMcpToolName } from './mcp/registry.mjs'
 import {
   composeSubagentSystemPrompt,
   formatSubagentTask,
 } from './subagents.mjs'
 import { agentProfileSnapshot, getAgentProfile } from './agent-profiles.mjs'
 import { projectContextFromId, readProjectConfig } from './project-config.mjs'
-import { readStore, atomicUpdate, readSessionValue, writeSessionValue, deleteSessionValue } from './storage.mjs'
+import { readStore, atomicUpdate, atomicSessionMetadataUpdate, readSessionValue, writeSessionValue, deleteSessionValue } from './storage.mjs'
 import { logger } from './utils/logger.mjs'
 import { buildSystemPrompt, generateAiTitle, generateTitle } from './session-utils.mjs'
 import { restoreReasoningContentInPayload } from './reasoning-cache.mjs'
@@ -30,70 +30,22 @@ import {
   parseInternalCommandInvocation,
   resolveCustomCommandInvocation,
 } from './custom-commands.mjs'
+import { omitDetailsForLlm, serverConvertToLlm, messageText, lastAssistantText } from './message-converters.mjs'
+import { isPlainObject, mergeQuickForgeTiming, wrapToolDefinition, wrapMcpToolDefinition, sessionSkillsContext } from './tool-wiring.mjs'
+import {
+  APPROVAL_TIMEOUT_MS,
+  commandRestrictedTools,
+  safeReadTools,
+  pendingApprovals,
+  pendingAutoCompactApprovals,
+  commandToolPermissionError,
+  createCommandToolPermissions,
+} from './approval-store.mjs'
 // ---------------------------------------------------------------------------
 // Tool definitions (server-side, no REST roundtrip)
 // ---------------------------------------------------------------------------
-function isPlainObject(value) {
-  return Boolean(value && typeof value === 'object' && !Array.isArray(value))
-}
-function mergeQuickForgeTiming(details, timing) {
-  if (!isPlainObject(details)) return { quickforgeTiming: timing }
-  return { ...details, quickforgeTiming: timing }
-}
-function wrapToolDefinition(definition, context, toolPermissions) {
-  const handler = toolHandlers[definition.name]
-  if (!handler) throw new Error(`Missing handler for tool: ${definition.name}`)
-  return {
-    ...definition,
-    execute: async (_toolCallId, params, signal, onUpdate) => {
-      if (toolPermissions) {
-        const permissionError = toolPermissions(definition.name)
-        if (permissionError) throw new Error(permissionError)
-      }
-      const startedAt = Date.now()
-      const startedAtPerf = performance.now()
-      const result = await handler(params || {}, context, { signal, onUpdate, toolCallId: _toolCallId })
-      const finishedAt = Date.now()
-      const durationMs = Math.max(0, Math.round(performance.now() - startedAtPerf))
-      const details = mergeQuickForgeTiming(result.details, { startedAt, finishedAt, durationMs })
-      return {
-        content: [{ type: 'text', text: result.content }],
-        details: isPlainObject(details) ? { ...details, toolCallId: _toolCallId } : details,
-      }
-    },
-  }
-}
-function wrapMcpToolDefinition(definition, toolPermissions) {
-  return {
-    ...definition,
-    execute: async (_toolCallId, params) => {
-      if (toolPermissions) {
-        const permissionError = toolPermissions(definition.name)
-        if (permissionError) throw new Error(permissionError)
-      }
-      const startedAt = Date.now()
-      const startedAtPerf = performance.now()
-      const result = await callMcpTool(definition.name, params || {})
-      const finishedAt = Date.now()
-      const durationMs = Math.max(0, Math.round(performance.now() - startedAtPerf))
-      if (result.isError) {
-        throw new Error(result.content || `MCP tool failed: ${definition.name}`)
-      }
-      return {
-        content: [{ type: 'text', text: result.content }],
-        details: mergeQuickForgeTiming(result.details, { startedAt, finishedAt, durationMs }),
-      }
-    },
-  }
-}
 function wrapSubagentToolDefinition(definition, parentSessionId) {
   return {
     ...definition,
@@ -154,13 +106,6 @@ async function createServerTools(projectId, projectContext, skillsContext, inclu
   return tools
 }
-function sessionSkillsContext(session) {
-  return {
-    globalSkillNames: session.globalSkillNames,
-    projectSkillNames: session.projectSkillNames,
-  }
-}
 async function rebuildSessionTools(session) {
   session.agent.state.tools = await createServerTools(
     session.projectId,
@@ -181,26 +126,8 @@ const agentSessions = new Map()
 /** @typedef {{ agent: Agent, projectContext: object|null, projectId: string|null, yoloMode: boolean, model: object, thinkingLevel: string, scope: string, title: string, createdAt: string, status: string, startedAt: string|null, finishedAt: string|null, listeners: Set<function>, idleTimer: NodeJS.Timeout|null, eventBus: EventEmitter }} AgentSession */
 const IDLE_TIMEOUT_MS = 30 * 60 * 1000 // 30 minutes
-const APPROVAL_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes for tool approval
 const SUBAGENT_DEFAULT_TIMEOUT_MS = 30 * 60 * 1000
-const commandRestrictedTools = new Set(['write_file', 'edit_file', 'run_command'])
-const safeReadTools = new Set(['read_file', 'grep_files'])
-const pendingApprovals = new Map() // toolCallId → { resolve, reject, sessionId, toolName, args, source, timeout }
-const pendingAutoCompactApprovals = new Map() // approvalId → { resolve, reject, sessionId, timeout }
-function createCommandToolPermissions(session) {
-  return (toolName) => {
-    const permissions = session.activeCommandPermissions
-    if (!permissions || !commandRestrictedTools.has(toolName)) return null
-    if (toolName === 'run_command' && permissions.allowCommands === false) {
-      return `Custom command /${session.activeCommandName} does not allow running shell commands.`
-    }
-    if ((toolName === 'write_file' || toolName === 'edit_file') && permissions.allowEdit === false) {
-      return `Custom command /${session.activeCommandName} does not allow editing files.`
-    }
-    return null
-  }
-}
+const SUBAGENT_TRACE_THROTTLE_MS = 150
 /**
  * Create a Promise that only resolves when the user accepts or rejects the tool call.
@@ -219,8 +146,14 @@ function createApprovalPromise(session, toolCallId, toolName, args, source) {
       resolve({ block: true, reason: `Approval timeout for ${toolName}` })
     }, APPROVAL_TIMEOUT_MS)
+    let onAbort = null
     const cleanup = () => {
       clearTimeout(timeout)
+      if (onAbort) {
+        session.agent.signal?.removeEventListener('abort', onAbort)
+        onAbort = null
+      }
       if (settled) return
       settled = true
       pendingApprovals.delete(toolCallId)
@@ -234,7 +167,7 @@ function createApprovalPromise(session, toolCallId, toolName, args, source) {
         reject(new Error('Run aborted'))
         return
       }
-      const onAbort = () => {
+      onAbort = () => {
         cleanup()
         reject(new Error('Run aborted'))
       }
@@ -284,8 +217,14 @@ function createAutoCompactApprovalPromise(session, details = {}) {
       resolve(false)
     }, APPROVAL_TIMEOUT_MS)
+    let onAbort = null
     const cleanup = () => {
       clearTimeout(timeout)
+      if (onAbort) {
+        session.agent.signal?.removeEventListener('abort', onAbort)
+        onAbort = null
+      }
       if (settled) return
       settled = true
       pendingAutoCompactApprovals.delete(approvalId)
@@ -298,7 +237,7 @@ function createAutoCompactApprovalPromise(session, details = {}) {
         reject(new Error('Run aborted'))
         return
       }
-      const onAbort = () => {
+      onAbort = () => {
         cleanup()
         reject(new Error('Run aborted'))
       }
@@ -606,6 +545,14 @@ async function resolveCommandState(session, userMessage) {
   if (typeof internalResponse === 'string') return { textResponse: internalResponse }
   if (internalResponse?.clear) return { clear: internalResponse }
   if (internalResponse?.compact) return { compact: internalResponse }
+  if (internalResponse?.plan) {
+    return {
+      userMessage,
+      commandPrompt: formatPlanCommandPrompt(internalResponse.args),
+      permissions: { allowEdit: false, allowCommands: false },
+      commandName: 'plan',
+    }
+  }
   if (!session.projectContext?.workspaceRoot) return { userMessage }
@@ -624,65 +571,32 @@ async function resolveCommandState(session, userMessage) {
   }
 }
-function omitDetailsForLlm(message) {
-  if (!message || typeof message !== 'object' || message.details === undefined) return message
-  const copy = { ...message }
-  delete copy.details
-  return copy
-}
+function formatPlanCommandPrompt(task) {
+  const taskText = String(task || '').trim()
+  return `<plan_command_invocation name="plan">
+This /plan command applies only to the current user request. Generate an implementation plan before execution.
-/**
- * Convert AgentMessage[] to LLM-compatible Message[].
- * Handles "user-with-attachments" → "user" with multi-modal content blocks.
- * Without this the default pi-agent-core convertToLlm silently drops
- * user-with-attachments messages, so the LLM never sees attachments.
- */
-function serverConvertToLlm(messages) {
-  return messages
-    .filter(m => m.role !== 'artifact')
-    .map(m => {
-      if (m.role === 'user-with-attachments') {
-        const textContent = typeof m.content === 'string'
-          ? [{ type: 'text', text: m.content }]
-          : [...m.content]
-        if (Array.isArray(m.attachments)) {
-          for (const att of m.attachments) {
-            if (att.type === 'image' && att.content) {
-              textContent.push({ type: 'image', data: att.content, mimeType: att.mimeType })
-            } else if (att.type === 'document' && att.extractedText) {
-              textContent.push({ type: 'text', text: `\n\n[Document: ${att.fileName}]\n${att.extractedText}` })
-            }
-          }
-        }
-        return omitDetailsForLlm({ ...m, role: 'user', content: textContent })
-      }
-      if (m.role === 'user' || m.role === 'assistant' || m.role === 'toolResult') return omitDetailsForLlm(m)
-      return null
-    })
-    .filter(Boolean)
-}
+Rules for this turn:
+- Do not modify files.
+- Do not create files.
+- Do not run shell commands.
+- Do not use write_file, edit_file, run_command, or any other state-changing tool.
+- You may use read-only tools such as read_file and grep_files if needed to inspect the project.
+- Output the plan and then stop. Do not start implementation.
-function messageText(message) {
-  const content = message?.content
-  if (typeof content === 'string') return content
-  if (Array.isArray(content)) {
-    return content
-      .filter((block) => block?.type === 'text')
-      .map((block) => block.text ?? '')
-      .join('\n')
-      .trim()
-  }
-  return ''
-}
+Plan should include:
+1. Task understanding
+2. Relevant files or areas to inspect/change
+3. Step-by-step implementation plan
+4. Risks or assumptions
+5. Validation commands/checks to run after implementation
+6. Whether documentation/wiki updates are needed
-function lastAssistantText(messages) {
-  for (let index = messages.length - 1; index >= 0; index--) {
-    const message = messages[index]
-    if (message?.role !== 'assistant') continue
-    const text = messageText(message)
-    if (text) return text
-  }
-  return ''
+End by telling the user they can reply “允许”, “按计划执行”, or an equivalent approval phrase to continue in a normal follow-up turn.
+User task:
+${taskText}
+</plan_command_invocation>`
 }
 async function runSubagent(parentSession, params, parentSignal, onUpdate) {
@@ -714,6 +628,9 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   let latestMessages = []
   let latestPendingToolCalls = []
   let toolsForClient = []
+  let lastTraceAt = 0
+  let tracePending = false
+  let traceTimer = null
   const tools = await createServerTools(
     parentSession.projectId,
@@ -733,6 +650,12 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   toolsForClient = tools.map(({ execute, prepareArguments, ...tool }) => tool)
   const emitSubagentTrace = () => {
+    if (traceTimer) {
+      clearTimeout(traceTimer)
+      traceTimer = null
+    }
+    tracePending = false
+    lastTraceAt = Date.now()
     onUpdate?.({
       content: [],
       details: {
@@ -751,6 +674,19 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
     })
   }
+  const emitSubagentTraceThrottled = () => {
+    const elapsed = Date.now() - lastTraceAt
+    if (elapsed >= SUBAGENT_TRACE_THROTTLE_MS) {
+      emitSubagentTrace()
+      return
+    }
+    tracePending = true
+    if (traceTimer) return
+    traceTimer = setTimeout(() => {
+      if (tracePending) emitSubagentTrace()
+    }, SUBAGENT_TRACE_THROTTLE_MS - elapsed)
+  }
   const systemPrompt = composeSubagentSystemPrompt({
     definition,
     parentSystemPrompt: parentSession.agent.state.systemPrompt,
@@ -807,7 +743,11 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
         latestMessages = [...latestMessages, event.message]
       }
     }
-    emitSubagentTrace()
+    if (event.type === 'tool_execution_start' || event.type === 'tool_execution_end' || event.type === 'message_end') {
+      emitSubagentTrace()
+    } else {
+      emitSubagentTraceThrottled()
+    }
   })
   let timedOut = false
@@ -825,6 +765,7 @@ async function runSubagent(parentSession, params, parentSignal, onUpdate) {
   } finally {
     clearTimeout(timeout)
     parentSignal?.removeEventListener?.('abort', onParentAbort)
+    emitSubagentTrace()
   }
   const content = lastAssistantText(subagent.state.messages) || `Subagent ${definition.name} completed without a text response.`
@@ -1050,9 +991,11 @@ export async function createAgent(sessionId, config = {}) {
     beforeToolCall: async (context) => {
       const toolName = context.toolCall?.name
       const toolCallId = context.toolCall?.id
+      const currentSession = agentSessions.get(sessionId)
+      const commandPermissionError = commandToolPermissionError(currentSession, toolName)
+      if (commandPermissionError) return { block: true, reason: commandPermissionError }
       const isSkillTool = toolName === 'activate_skill' || toolName === 'read_skill_resource'
       if (isSkillTool) return undefined
-      const currentSession = agentSessions.get(sessionId)
       if (profileToolNames && !profileToolNames.includes(toolName)) return { block: true, reason: `Agent profile ${agentProfile.name} is not allowed to use ${toolName}.` }
       if (toolName === 'run_subagent') return undefined
       if (isMcpToolName(toolName)) {
@@ -1138,6 +1081,7 @@ export async function createAgent(sessionId, config = {}) {
     if (event.type === 'agent_end') {
       session.status = session.agent.state.errorMessage ? 'error' : 'idle'
       session.finishedAt = new Date().toISOString()
+      session.toolTimings?.clear()
       resetIdleTimer(session)
       // Persist after run ends
@@ -1194,7 +1138,7 @@ async function persistSession(session) {
   if (messages.length === 0) {
     try {
       await deleteSessionValue(sessionId)
-      await atomicUpdate('sessions-metadata', (data) => {
+      await atomicSessionMetadataUpdate(scope, projectId, (data) => {
         delete data[sessionId]
         return data
       })
@@ -1281,7 +1225,7 @@ async function persistSession(session) {
   // Write to storage atomically (read-modify-write within queue)
   try {
     await writeSessionValue(sessionId, sessionData)
-    await atomicUpdate('sessions-metadata', (data) => {
+    await atomicSessionMetadataUpdate(scope, projectId, (data) => {
       data[sessionId] = {
         ...metadata,
         pinnedAt: data[sessionId]?.pinnedAt,
@@ -1383,6 +1327,10 @@ export async function runPrompt(sessionId, message) {
     throw Object.assign(new Error('Session not found'), { statusCode: 404 })
   }
+  if (session.agent.state.isStreaming) {
+    throw Object.assign(new Error('Generation is still running. Stop it or wait until it finishes.'), { statusCode: 409 })
+  }
   resetIdleTimer(session)
   // Build user message
@@ -1454,6 +1402,50 @@ export async function runPrompt(sessionId, message) {
   return { sessionId, status: session.status }
 }
+/**
+ * Continue generation from the current last message (must be a user or
+ * tool-result message).  Used by the retry button to regenerate a response
+ * in-place without appending a new user message.
+ *
+ * Trims messages to keep up to and including the last user message,
+ * removing the assistant response that follows it.
+ */
+export async function continueSession(sessionId) {
+  const session = agentSessions.get(sessionId)
+  if (!session) {
+    throw Object.assign(new Error('Session not found'), { statusCode: 404 })
+  }
+  if (session.agent.state.isStreaming) {
+    throw Object.assign(new Error('Generation is still running. Stop it or wait until it finishes.'), { statusCode: 409 })
+  }
+  const messages = Array.isArray(session.agent.state.messages) ? session.agent.state.messages : []
+  // Find the last user message and trim everything after it (the assistant response)
+  let lastUserIndex = -1
+  for (let i = messages.length - 1; i >= 0; i--) {
+    if (messages[i].role === 'user' || messages[i].role === 'user-with-attachments') {
+      lastUserIndex = i
+      break
+    }
+  }
+  if (lastUserIndex < 0) {
+    throw Object.assign(new Error('Cannot continue: no user message found.'), { statusCode: 400 })
+  }
+  const trimmedMessages = messages.slice(0, lastUserIndex + 1)
+  updateSessionMessages(session, trimmedMessages)
+  resetSessionCompaction(session)
+  resetIdleTimer(session)
+  session.agent.continue().catch((err) => {
+    logger.error(`Agent continue error for session ${sessionId}:`, err, { sessionId })
+    emitSessionEvent(session, { type: 'error', error: err.message || 'Unknown error' })
+  })
+  return { sessionId, status: 'running' }
+}
 /**
  * Abort the current agent run.
  */
@@ -1614,6 +1606,7 @@ export async function destroyAgent(sessionId) {
   logger.info(`Destroying session ${sessionId} (status: ${session.status})`, { sessionId, status: session.status })
   if (session.idleTimer) clearTimeout(session.idleTimer)
+  session.toolTimings?.clear()
   try {
     session.agent.abort()

package/server/ai-http-logger.mjs CHANGED Viewed

@@ -2,7 +2,7 @@ import fs from 'node:fs'
 import path from 'node:path'
 import { AsyncLocalStorage } from 'node:async_hooks'
 import { randomUUID } from 'node:crypto'
-import { streamSimple } from '@mariozechner/pi-ai'
+import { streamSimple } from '@earendil-works/pi-ai'
 import { logsDir } from './storage.mjs'
 const PATCH_MARKER = Symbol.for('quickforge.aiHttpLogger.fetchPatched')
@@ -16,16 +16,31 @@ function currentLogFile() {
   return path.join(logsDir, `ai-http-${date}.jsonl`)
 }
-function writeAiHttpRecord(record) {
-  if (!aiHttpLogEnabled) return
+let logsDirEnsured = false
+async function ensureLogsDir() {
+  if (logsDirEnsured) return
   try {
-    fs.mkdirSync(logsDir, { recursive: true })
-    fs.appendFile(currentLogFile(), `${JSON.stringify({ ts: new Date().toISOString(), ...record })}\n`, () => {})
+    const { promises: fsp } = await import('node:fs')
+    await fsp.mkdir(logsDir, { recursive: true })
+    logsDirEnsured = true
   } catch {
     // Keep AI calls working even when diagnostic logging fails.
   }
 }
+function writeAiHttpRecord(record) {
+  if (!aiHttpLogEnabled) return
+  // Schedule async write — never blocks the event loop
+  void ensureLogsDir().then(() => {
+    try {
+      fs.appendFile(currentLogFile(), `${JSON.stringify({ ts: new Date().toISOString(), ...record })}\n`, () => {})
+    } catch {
+      // Keep AI calls working even when diagnostic logging fails.
+    }
+  })
+}
 function headersToRecord(headers) {
   const result = {}
   if (!headers) return result

package/server/approval-store.mjs ADDED Viewed

@@ -0,0 +1,63 @@
+/**
+ * Tool approval store — shared state and permission helpers.
+ *
+ * Manages the pending approval queues and command-tool permission checks.
+ * The Promise-based approval functions (createApprovalPromise,
+ * createAutoCompactApprovalPromise) remain in agent-manager.mjs because
+ * they depend on the agent event buses.
+ */
+// ---------------------------------------------------------------------------
+// Constants
+// ---------------------------------------------------------------------------
+export const APPROVAL_TIMEOUT_MS = 5 * 60 * 1000 // 5 minutes for tool approval
+// ---------------------------------------------------------------------------
+// Tool categories
+// ---------------------------------------------------------------------------
+export const commandRestrictedTools = new Set([
+  'write_file',
+  'edit_file',
+  'run_command',
+  'run_subagent',
+])
+export const safeReadTools = new Set([
+  'read_file',
+  'grep_files',
+])
+// ---------------------------------------------------------------------------
+// Pending approval queues
+// ---------------------------------------------------------------------------
+/** toolCallId → { resolve, reject, sessionId, toolName, args, source, timeout } */
+export const pendingApprovals = new Map()
+/** approvalId → { resolve, reject, sessionId, timeout } */
+export const pendingAutoCompactApprovals = new Map()
+// ---------------------------------------------------------------------------
+// Permission helpers
+// ---------------------------------------------------------------------------
+export function commandToolPermissionError(session, toolName) {
+  const permissions = session?.activeCommandPermissions
+  if (!permissions || !commandRestrictedTools.has(toolName)) return null
+  if (toolName === 'run_command' && permissions.allowCommands === false) {
+    return `Command /${session.activeCommandName} does not allow running shell commands.`
+  }
+  if (toolName === 'run_subagent' && permissions.allowCommands === false) {
+    return `Command /${session.activeCommandName} does not allow running subagents.`
+  }
+  if ((toolName === 'write_file' || toolName === 'edit_file') && permissions.allowEdit === false) {
+    return `Command /${session.activeCommandName} does not allow editing files.`
+  }
+  return null
+}
+export function createCommandToolPermissions(session) {
+  return (toolName) => commandToolPermissionError(session, toolName)
+}

package/server/custom-commands.mjs CHANGED Viewed

@@ -251,6 +251,9 @@ export function parseInternalCommandInvocation(message) {
   if (/^\/clear\s*$/i.test(text)) return { type: 'clear' }
   if (/^\/clear(?:\s+[\s\S]+)$/i.test(text)) return { type: 'invalid-clear-args' }
+  const planMatch = text.match(/^\/plan(?:\s+([\s\S]*))?$/i)
+  if (planMatch) return { type: 'plan', args: (planMatch[1] || '').trim() }
   const compactMatch = text.match(/^\/compact(?:\s+([\s\S]*))?$/i)
   if (compactMatch) return { type: 'compact', args: (compactMatch[1] || '').trim() }
@@ -270,6 +273,11 @@ export async function handleInternalCommand(invocation, workspaceRoot, commandDi
     return { compact: true, args: invocation.args || '' }
   }
+  if (invocation.type === 'plan') {
+    if (!invocation.args) return 'Usage: /plan <task>'
+    return { plan: true, args: invocation.args }
+  }
   if (invocation.type === 'clear') {
     return { clear: true }
   }

package/server/index.mjs CHANGED Viewed

@@ -234,7 +234,7 @@ async function handleApi(req, res, url) {
   }
   // Project workspace inspector routes
-  if (pathname === '/api/workspace/tree' || pathname === '/api/workspace/file') {
+  if (pathname === '/api/workspace/tree' || pathname === '/api/workspace/file' || pathname === '/api/workspace/resolve-path') {
     await handleWorkspaceApi(req, res, url)
     return
   }