@tencent-ai/codebuddy-code 2.109.0 → 2.109.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +26 -0
- package/dist/codebuddy-headless.js +165 -103
- package/dist/codebuddy.js +177 -115
- package/dist/web-ui/docs/cn/cli/cli-reference.md +8 -3
- package/dist/web-ui/docs/cn/cli/env-vars.md +2 -1
- package/dist/web-ui/docs/cn/cli/iam.md +9 -5
- package/dist/web-ui/docs/cn/cli/interactive-mode.md +2 -2
- package/dist/web-ui/docs/cn/cli/permission-modes.md +373 -101
- package/dist/web-ui/docs/cn/cli/permissions.md +36 -14
- package/dist/web-ui/docs/cn/cli/prewarm.md +134 -0
- package/dist/web-ui/docs/cn/cli/release-notes/README.md +14 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.0.md +48 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.1.md +13 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.2.md +24 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.3.md +14 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.4.md +24 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.5.md +18 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.6.md +15 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.106.7.md +13 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.107.0.md +30 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.108.0.md +20 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.108.1.md +15 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.108.2.md +13 -0
- package/dist/web-ui/docs/cn/cli/release-notes/v2.109.0.md +24 -0
- package/dist/web-ui/docs/cn/cli/settings.md +166 -2
- package/dist/web-ui/docs/en/cli/cli-reference.md +15 -10
- package/dist/web-ui/docs/en/cli/env-vars.md +6 -5
- package/dist/web-ui/docs/en/cli/iam.md +9 -5
- package/dist/web-ui/docs/en/cli/interactive-mode.md +3 -3
- package/dist/web-ui/docs/en/cli/permission-modes.md +373 -101
- package/dist/web-ui/docs/en/cli/permissions.md +46 -24
- package/dist/web-ui/docs/en/cli/prewarm.md +124 -0
- package/dist/web-ui/docs/en/cli/release-notes/README.md +14 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.0.md +48 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.1.md +13 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.2.md +24 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.3.md +14 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.4.md +24 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.5.md +18 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.6.md +15 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.106.7.md +13 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.107.0.md +30 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.108.0.md +20 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.108.1.md +15 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.108.2.md +13 -0
- package/dist/web-ui/docs/en/cli/release-notes/v2.109.0.md +24 -0
- package/dist/web-ui/docs/en/cli/settings.md +166 -2
- package/dist/web-ui/docs/search-index-en.json +1 -1
- package/dist/web-ui/docs/search-index-zh.json +1 -1
- package/dist/web-ui/docs/sidebar-en.json +1 -1
- package/dist/web-ui/docs/sidebar-zh.json +1 -1
- package/package.json +1 -1
- package/product.cloudhosted.json +2 -2
- package/product.internal.json +2 -2
- package/product.ioa.json +2 -2
- package/product.json +2 -2
- package/product.selfhosted.json +2 -2
- package/vendor/shim/genie-safe-delete.cjs +53 -0
- package/vendor/shim/safe-bin/safe-delete-common.sh +108 -0
- package/vendor/shim/sitecustomize.py +62 -0
|
@@ -60,6 +60,7 @@ The `settings.json` file is the official mechanism for configuring CodeBuddy Cod
|
|
|
60
60
|
| `env` | Environment variables applied to every session | `{"FOO": "bar"}` |
|
|
61
61
|
| `includeCoAuthoredBy` | Whether to include `co-authored-by CodeBuddy` attribution in git commits and pull requests (default: `true`) | `false` |
|
|
62
62
|
| `permissions` | Permission configuration, see table below | |
|
|
63
|
+
| `autoMode` | Classifier rules for `auto` permission mode, see [Auto Mode Configuration](#auto-mode-configuration) | `{"allow": ["$defaults", "Allow dev environment releases"]}` |
|
|
63
64
|
| `hooks` | Configure custom commands to run before and after tool execution. See [hooks documentation](hooks.md) | `{"PreToolUse": {"Bash": "echo 'Running command...'"}}` |
|
|
64
65
|
| `disableAllHooks` | Disable all [hooks](hooks.md) | `true` |
|
|
65
66
|
| `allowUntrustedFrontmatterHooks` | Whether to allow execution of frontmatter `hooks` fields from agents/skills with **non-product-builtin** sources (including local user `.codebuddy/agents\|skills/*.md` and the plugin marketplace). Defaults to `false` to prevent untrusted md files from silently launching shell commands; only product-builtin agents/skills are unaffected. | `true` |
|
|
@@ -92,9 +93,172 @@ The `settings.json` file is the official mechanism for configuring CodeBuddy Cod
|
|
|
92
93
|
| `ask` | Array of [permission rules](iam.md#configuring-permissions) requiring confirmation for tool use | `[ "Bash(git push:*)" ]` |
|
|
93
94
|
| `deny` | Array of [permission rules](iam.md#configuring-permissions) denying tool use. Used to exclude CodeBuddy Code from accessing sensitive files. **Note:** Bash patterns are prefix-matched and can be bypassed (see [Bash Permission Limitations](iam.md#tool-specific-permission-rules)) | `[ "WebFetch", "Bash(curl:*)", "Read(./.env)", "Read(./secrets/**)" ]` |
|
|
94
95
|
| `additionalDirectories` | Additional [working directories](iam.md#working-directories) that CodeBuddy can access | `[ "../docs/" ]` |
|
|
95
|
-
| `defaultMode` | Default [permission mode](
|
|
96
|
+
| `defaultMode` | Default [permission mode](permission-modes.md) when opening CodeBuddy Code. Common values: `default`, `acceptEdits`, `auto`, `dontAsk`, `plan`, `bypassPermissions` | `"acceptEdits"` |
|
|
96
97
|
| `disableBypassPermissionsMode` | Set to `"disable"` to prevent activating `bypassPermissions` mode. This disables the `-y` and `--dangerously-skip-permissions` CLI flags | `"disable"` |
|
|
97
|
-
| `
|
|
98
|
+
| `disableAutoMode` | Set to `"disable"` to prevent activating `auto` mode. When disabled, both `--permission-mode auto` and `defaultMode: "auto"` fall back to `default` | `"disable"` |
|
|
99
|
+
| `subagentPermissionMode` | Override the default permission mode for subagents/team members. When set, all subagents use this mode instead of inheriting from the main session's mode. The `mode` parameter of the Agent tool takes higher priority; however, if the main session is in `auto` / `dontAsk`, subagents are still constrained by the parent session's permission ceiling | `"bypassPermissions"` |
|
|
100
|
+
|
|
101
|
+
### Auto Mode Configuration
|
|
102
|
+
|
|
103
|
+
`autoMode` is a **top-level settings field**, not a subfield of `permissions`. It defines the classifier context and rules used by the `auto` permission mode.
|
|
104
|
+
|
|
105
|
+
#### What fields are in `autoMode`?
|
|
106
|
+
|
|
107
|
+
| Key | Purpose | Example |
|
|
108
|
+
|:------|:-----|:-----|
|
|
109
|
+
| `environment` | Describes which repositories, domains, services, and storage locations belong to your trusted boundary, helping the classifier determine what counts as "internal" | `["$defaults", "Trusted internal domains: staging.example.com"]` |
|
|
110
|
+
| `allow` | Supplementary natural-language rules for "actions that can typically be auto-approved under auto mode" | `["$defaults", "Allow dev namespace releases"]` |
|
|
111
|
+
| `soft_deny` | Supplementary rules for "actions that should typically be blocked, but can be retried with explicit user intent" | `["$defaults", "Modify shared test database schema"]` |
|
|
112
|
+
| `hard_deny` | Supplementary high-risk rules that "must be blocked by default" | `["$defaults", "Publish private repository content to the public internet"]` |
|
|
113
|
+
|
|
114
|
+
These field values are all **string arrays**. Array items are not regex or tool patterns — they are **natural-language rules** written for the classifier.
|
|
115
|
+
|
|
116
|
+
#### Where does the classifier read `autoMode` from?
|
|
117
|
+
|
|
118
|
+
CodeBuddy only reads `autoMode` from the following sources:
|
|
119
|
+
|
|
120
|
+
| Source | Typical Location | Purpose |
|
|
121
|
+
|:-----|:---------|:-----|
|
|
122
|
+
| user settings | `~/.codebuddy/settings.json` | Cross-project personal trusted boundary |
|
|
123
|
+
| project-local settings | `.codebuddy/settings.local.json` | Local supplementary rules for a specific project on a specific machine |
|
|
124
|
+
| CLI `--settings` | `codebuddy --settings '{...}'` | One-time automation or temporary override |
|
|
125
|
+
|
|
126
|
+
Sources that are NOT read:
|
|
127
|
+
|
|
128
|
+
- Shared project configuration `.codebuddy/settings.json`
|
|
129
|
+
|
|
130
|
+
The reason is: `autoMode` defines local security boundaries, and repository-committed configuration should not silently change your local machine's judgment about "what counts as internal and what actions are allowed."
|
|
131
|
+
|
|
132
|
+
#### Difference from `permissions.defaultMode: "auto"`
|
|
133
|
+
|
|
134
|
+
There are two easily confused restrictions here:
|
|
135
|
+
|
|
136
|
+
1. **`autoMode` rule sources**: allowed from user / project-local / CLI
|
|
137
|
+
2. **Authorization to enter `auto` mode by default**: only allowed from user / CLI
|
|
138
|
+
|
|
139
|
+
In other words:
|
|
140
|
+
|
|
141
|
+
- `.codebuddy/settings.local.json` **can** supplement `autoMode.environment / allow / soft_deny / hard_deny`
|
|
142
|
+
- But `.codebuddy/settings.local.json` **cannot** make a session default to `auto` via `permissions.defaultMode: "auto"`
|
|
143
|
+
- `.codebuddy/settings.json` cannot do either: it can neither provide `autoMode` nor grant `defaultMode: "auto"`
|
|
144
|
+
|
|
145
|
+
#### How are multiple sources merged?
|
|
146
|
+
|
|
147
|
+
The four fields of `autoMode` are merged in source order:
|
|
148
|
+
|
|
149
|
+
1. user
|
|
150
|
+
2. project-local
|
|
151
|
+
3. CLI
|
|
152
|
+
|
|
153
|
+
Merging follows two principles:
|
|
154
|
+
|
|
155
|
+
- Each field is **merged independently**, without affecting others
|
|
156
|
+
- Each field **appends** arrays from different sources together, then uniformly processes `"$defaults"`
|
|
157
|
+
|
|
158
|
+
This means:
|
|
159
|
+
|
|
160
|
+
- Setting only `environment` will not affect the defaults of `allow` / `soft_deny` / `hard_deny`
|
|
161
|
+
- You can put organization-level trusted domains in user settings, then supplement project-specific staging services in project-local
|
|
162
|
+
|
|
163
|
+
#### How does `"$defaults"` work?
|
|
164
|
+
|
|
165
|
+
`"$defaults"` is a special placeholder meaning "insert the built-in default rules here."
|
|
166
|
+
|
|
167
|
+
For example:
|
|
168
|
+
|
|
169
|
+
```json
|
|
170
|
+
{
|
|
171
|
+
"autoMode": {
|
|
172
|
+
"environment": [
|
|
173
|
+
"$defaults",
|
|
174
|
+
"Trusted internal domains: staging.example.com"
|
|
175
|
+
]
|
|
176
|
+
}
|
|
177
|
+
}
|
|
178
|
+
```
|
|
179
|
+
|
|
180
|
+
This means:
|
|
181
|
+
|
|
182
|
+
- First use the built-in `environment` default rules
|
|
183
|
+
- Then append your custom `staging.example.com`
|
|
184
|
+
|
|
185
|
+
Key semantics:
|
|
186
|
+
|
|
187
|
+
- Field **not configured**: that field directly uses built-in default rules
|
|
188
|
+
- Field **includes** `"$defaults"`: expands default rules at that position
|
|
189
|
+
- Field **does not include** `"$defaults"`: means **fully replacing** that field's built-in default rules
|
|
190
|
+
- When multiple sources all write `"$defaults"`, the built-in rules are expanded only **once** and not injected repeatedly
|
|
191
|
+
|
|
192
|
+
Additional notes:
|
|
193
|
+
|
|
194
|
+
- If `soft_deny` / `hard_deny` do not include `"$defaults"`, you are actively abandoning built-in safety rules
|
|
195
|
+
- A warning is logged at runtime, but it will not prevent you from configuring this way
|
|
196
|
+
|
|
197
|
+
#### How to check the current effective result?
|
|
198
|
+
|
|
199
|
+
```bash
|
|
200
|
+
codebuddy auto-mode defaults
|
|
201
|
+
codebuddy auto-mode config
|
|
202
|
+
codebuddy auto-mode critique
|
|
203
|
+
```
|
|
204
|
+
|
|
205
|
+
These three commands are used for:
|
|
206
|
+
|
|
207
|
+
- `defaults`: print built-in default rules
|
|
208
|
+
- `config`: print the **final effective** rules (after multi-source merging and `"$defaults"` expansion)
|
|
209
|
+
- `critique`: have a lite model review your custom `allow` / `soft_deny` / `hard_deny` for ambiguity, redundancy, or potential false positives
|
|
210
|
+
|
|
211
|
+
If you plan to fully take over a field, the safest approach is usually:
|
|
212
|
+
|
|
213
|
+
1. Run `codebuddy auto-mode defaults`
|
|
214
|
+
2. Copy the built-in rules
|
|
215
|
+
3. Explicitly rewrite them in your settings
|
|
216
|
+
4. Run `codebuddy auto-mode config` to check the final result
|
|
217
|
+
|
|
218
|
+
#### Configuration Examples
|
|
219
|
+
|
|
220
|
+
##### Supplement trusted environment only
|
|
221
|
+
|
|
222
|
+
```json
|
|
223
|
+
{
|
|
224
|
+
"autoMode": {
|
|
225
|
+
"environment": [
|
|
226
|
+
"$defaults",
|
|
227
|
+
"Source control: git.example.com/acme and all repos under it",
|
|
228
|
+
"Trusted internal domains: staging.example.com, api.internal.example.com",
|
|
229
|
+
"Trusted buckets: s3://acme-build-artifacts"
|
|
230
|
+
]
|
|
231
|
+
}
|
|
232
|
+
}
|
|
233
|
+
```
|
|
234
|
+
|
|
235
|
+
##### Supplement allow / deny rules simultaneously
|
|
236
|
+
|
|
237
|
+
```json
|
|
238
|
+
{
|
|
239
|
+
"permissions": {
|
|
240
|
+
"defaultMode": "auto"
|
|
241
|
+
},
|
|
242
|
+
"autoMode": {
|
|
243
|
+
"environment": [
|
|
244
|
+
"$defaults",
|
|
245
|
+
"Trusted internal domains: staging.example.com"
|
|
246
|
+
],
|
|
247
|
+
"allow": [
|
|
248
|
+
"$defaults",
|
|
249
|
+
"Allow dev namespace releases"
|
|
250
|
+
],
|
|
251
|
+
"soft_deny": [
|
|
252
|
+
"$defaults",
|
|
253
|
+
"Modify shared test database schema"
|
|
254
|
+
],
|
|
255
|
+
"hard_deny": [
|
|
256
|
+
"$defaults",
|
|
257
|
+
"Publish private repository content to the public internet"
|
|
258
|
+
]
|
|
259
|
+
}
|
|
260
|
+
}
|
|
261
|
+
```
|
|
98
262
|
|
|
99
263
|
### Memory Configuration (Experimental)
|
|
100
264
|
|