@unity-china/codely-cli 1.0.0-beta.48 → 1.0.0-beta.50

package/bundle/gemini.js.LEGAL.txt

@@ -3,6 +3,11 @@
  * Copyright 2025 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
+/**
+ * @license
+ * Copyright 2025 Qwen
+ * SPDX-License-Identifier: Apache-2.0
+ */
 /**
  * @license
  * Copyright 2025 Codely
@@ -21,159 +26,25 @@
  */
 /**
  * @license
- * Copyright 2025 Qwen
+ * Copyright 2026 Google LLC
  * SPDX-License-Identifier: Apache-2.0
  */
 /**
  * @license
- * Copyright 2026 Google LLC
+ * Copyright 2026
+ * SPDX-License-Identifier: Apache-2.0
+ */
+/**
+ * @license
+ * Copyright 2026 Codely
  * SPDX-License-Identifier: Apache-2.0
  */
 
 Bundled license information:
 
-react/cjs/react.production.js:
-  /**
-   * @license React
-   * react.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react/cjs/react.development.js:
-  /**
-   * @license React
-   * react.development.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react-reconciler/cjs/react-reconciler-constants.production.js:
-  /**
-   * @license React
-   * react-reconciler-constants.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react-reconciler/cjs/react-reconciler-constants.development.js:
-  /**
-   * @license React
-   * react-reconciler-constants.development.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-scheduler/cjs/scheduler.production.js:
-  /**
-   * @license React
-   * scheduler.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-scheduler/cjs/scheduler.development.js:
-  /**
-   * @license React
-   * scheduler.development.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react-reconciler/cjs/react-reconciler.production.js:
-  /**
-   * @license React
-   * react-reconciler.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react-reconciler/cjs/react-reconciler.development.js:
-  /**
-   * @license React
-   * react-reconciler.development.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
-react-devtools-core/dist/backend.js:
-  /**
-   * @license React
-   * react-debug-tools.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-  /**
-   * @license React
-   * react.production.js
-   *
-   * Copyright (c) Meta Platforms, Inc. and affiliates.
-   *
-   * This source code is licensed under the MIT license found in the
-   * LICENSE file in the root directory of this source tree.
-   */
-
 safe-buffer/index.js:
   /*! safe-buffer. MIT License. Feross Aboukhadijeh <https://feross.org/opensource> */
 
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
-@google/genai/dist/node/index.mjs:
 @google/genai/dist/node/index.mjs:
 @google/genai/dist/node/index.mjs:
   /**
@@ -224,7 +95,6 @@ long/umd/index.js:
    */
 
 uri-js/dist/es5/uri.all.js:
-mcp-proxy/dist/stdio-CfAxSAGj.js:
   /** @license URI.js v4.4.1 (c) 2011 Gary Court. License: http://github.com/garycourt/uri-js */
 
 mime-db/index.js:
@@ -303,10 +173,53 @@ fzf/dist/fzf.es.js:
    * Licensed under BSD 3-Clause
    */
 
-react/cjs/react-jsx-runtime.production.js:
+yargs-parser/build/lib/string-utils.js:
+yargs-parser/build/lib/tokenize-arg-string.js:
+yargs-parser/build/lib/yargs-parser-types.js:
+yargs-parser/build/lib/yargs-parser.js:
+  /**
+   * @license
+   * Copyright (c) 2016, Contributors
+   * SPDX-License-Identifier: ISC
+   */
+
+yargs-parser/build/lib/index.js:
+  /**
+   * @fileoverview Main entrypoint for libraries using yargs-parser in Node.js
+   * CJS and ESM environments.
+   *
+   * @license
+   * Copyright (c) 2016, Contributors
+   * SPDX-License-Identifier: ISC
+   */
+
+mcp-proxy/dist/stdio-CfAxSAGj.js:
+  /*!
+  * depd
+  * Copyright(c) 2014-2018 Douglas Christopher Wilson
+  * MIT Licensed
+  */
+  /** @license URI.js v4.4.1 (c) 2011 Gary Court. License: http://github.com/garycourt/uri-js */
+
+web-streams-polyfill/dist/ponyfill.es2018.js:
+  /**
+   * @license
+   * web-streams-polyfill v3.3.3
+   * Copyright 2024 Mattias Buelens, Diwank Singh Tomer and other contributors.
+   * This code is released under the MIT license.
+   * SPDX-License-Identifier: MIT
+   */
+
+fetch-blob/index.js:
+  /*! fetch-blob. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
+
+node-domexception/index.js:
+  /*! node-domexception. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
+
+react/cjs/react.production.js:
   /**
    * @license React
-   * react-jsx-runtime.production.js
+   * react.production.js
    *
    * Copyright (c) Meta Platforms, Inc. and affiliates.
    *
@@ -314,10 +227,10 @@ react/cjs/react-jsx-runtime.production.js:
    * LICENSE file in the root directory of this source tree.
    */
 
-react/cjs/react-jsx-runtime.development.js:
+react/cjs/react.development.js:
   /**
    * @license React
-   * react-jsx-runtime.development.js
+   * react.development.js
    *
    * Copyright (c) Meta Platforms, Inc. and affiliates.
    *
@@ -325,20 +238,113 @@ react/cjs/react-jsx-runtime.development.js:
    * LICENSE file in the root directory of this source tree.
    */
 
-web-streams-polyfill/dist/ponyfill.es2018.js:
+react-reconciler/cjs/react-reconciler-constants.production.js:
   /**
-   * @license
-   * web-streams-polyfill v3.3.3
-   * Copyright 2024 Mattias Buelens, Diwank Singh Tomer and other contributors.
-   * This code is released under the MIT license.
-   * SPDX-License-Identifier: MIT
+   * @license React
+   * react-reconciler-constants.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
    */
 
-fetch-blob/index.js:
-  /*! fetch-blob. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
+react-reconciler/cjs/react-reconciler-constants.development.js:
+  /**
+   * @license React
+   * react-reconciler-constants.development.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
 
-node-domexception/index.js:
-  /*! node-domexception. MIT License. Jimmy Wärting <https://jimmy.warting.se/opensource> */
+scheduler/cjs/scheduler.production.js:
+  /**
+   * @license React
+   * scheduler.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+scheduler/cjs/scheduler.development.js:
+  /**
+   * @license React
+   * scheduler.development.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+react-reconciler/cjs/react-reconciler.production.js:
+  /**
+   * @license React
+   * react-reconciler.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+react-reconciler/cjs/react-reconciler.development.js:
+  /**
+   * @license React
+   * react-reconciler.development.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+react-devtools-core/dist/backend.js:
+  /**
+   * @license React
+   * react-debug-tools.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+  /**
+   * @license React
+   * react.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+react/cjs/react-jsx-runtime.production.js:
+  /**
+   * @license React
+   * react-jsx-runtime.production.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
+
+react/cjs/react-jsx-runtime.development.js:
+  /**
+   * @license React
+   * react-jsx-runtime.development.js
+   *
+   * Copyright (c) Meta Platforms, Inc. and affiliates.
+   *
+   * This source code is licensed under the MIT license found in the
+   * LICENSE file in the root directory of this source tree.
+   */
 
 react-is/cjs/react-is.production.min.js:
   /** @license React v16.13.1
@@ -366,30 +372,3 @@ object-assign/index.js:
   (c) Sindre Sorhus
   @license MIT
   */
-
-yargs-parser/build/lib/string-utils.js:
-yargs-parser/build/lib/tokenize-arg-string.js:
-yargs-parser/build/lib/yargs-parser-types.js:
-yargs-parser/build/lib/yargs-parser.js:
-  /**
-   * @license
-   * Copyright (c) 2016, Contributors
-   * SPDX-License-Identifier: ISC
-   */
-
-yargs-parser/build/lib/index.js:
-  /**
-   * @fileoverview Main entrypoint for libraries using yargs-parser in Node.js
-   * CJS and ESM environments.
-   *
-   * @license
-   * Copyright (c) 2016, Contributors
-   * SPDX-License-Identifier: ISC
-   */
-
-mcp-proxy/dist/stdio-CfAxSAGj.js:
-  /*!
-  * depd
-  * Copyright(c) 2014-2018 Douglas Christopher Wilson
-  * MIT Licensed
-  */

package/bundle/policies/plan.toml

@@ -0,0 +1,113 @@
+# Plan Mode policy: deny-all + read-only whitelist + plans dir write exception.
+# Active only when ApprovalMode = "plan".
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000
+#   60: Catch-all deny for plan mode (becomes 1.060)
+#   70: Explicit allows for plan mode (becomes 1.070, overrides deny)
+
+# --- Catch-all deny for plan mode ---
+[[rule]]
+decision = "deny"
+priority = 60
+modes = ["plan"]
+deny_message = "You are in Plan Mode. Only read/search tools and writing plans to the plans directory are allowed. Use exit_plan_mode to request approval for your plan."
+
+# --- Read-only tools allowed in plan mode ---
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "search_file_content"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "read_many_files"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "web_search"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "sequential_thinking"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "todo_write"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+# --- Allow writing plan files (.md) to the plans directory only ---
+# The argsPattern matches the JSON-serialized file_path within:
+#   ~/.codely-cli/tmp/<64-hex-project-hash>/plans/<name>.md
+# Supports both / and escaped \\ separators.
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+argsPattern = "\"file_path\"\\s*:\\s*\"[^\"]*[/\\\\]+\\.codely-cli[/\\\\]+tmp[/\\\\]+[a-f0-9]{64}[/\\\\]+plans[/\\\\]+[a-zA-Z0-9_\\-][a-zA-Z0-9_\\-.]*\\.md\""
+
+[[rule]]
+toolName = "replace"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+argsPattern = "\"file_path\"\\s*:\\s*\"[^\"]*[/\\\\]+\\.codely-cli[/\\\\]+tmp[/\\\\]+[a-f0-9]{64}[/\\\\]+plans[/\\\\]+[a-zA-Z0-9_\\-][a-zA-Z0-9_\\-.]*\\.md\""
+
+# --- exit_plan_mode requires user approval ---
+[[rule]]
+toolName = "exit_plan_mode"
+decision = "ask_user"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "ask_user"
+decision = "ask_user"
+priority = 70
+modes = ["plan"]
+
+# --- Task dispatch allowed in plan mode (for exploration / context gathering) ---
+[[rule]]
+toolName = "task"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "task_output"
+decision = "allow"
+priority = 70
+modes = ["plan"]
+
+[[rule]]
+toolName = "task_stop"
+decision = "allow"
+priority = 70
+modes = ["plan"]

package/bundle/policies/read-only.toml

@@ -0,0 +1,61 @@
+# Read-only tools that are always allowed without confirmation.
+# These tools only read data and cannot modify the filesystem or execute commands.
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000 (e.g., priority 50 → 1.050)
+# - User policies (TOML): 2 + priority/1000
+# - Admin policies (TOML): 3 + priority/1000
+
+[[rule]]
+toolName = "glob"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "search_file_content"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "list_directory"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "read_file"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "read_many_files"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "web_search"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "sequential_thinking"
+decision = "allow"
+priority = 50
+
+[[rule]]
+toolName = "analyze_multimedia"
+decision = "allow"
+priority = 50
+
+# todo_write is a planning/tracking tool that doesn't modify the filesystem.
+# It was always auto-approved (shouldConfirmExecute returns false).
+[[rule]]
+toolName = "todo_write"
+decision = "allow"
+priority = 50
+
+# web_fetch is a read operation (fetching content from the web).
+# It was auto-approved in autoEdit mode; treating it as read-equivalent.
+[[rule]]
+toolName = "web_fetch"
+decision = "allow"
+priority = 50

package/bundle/policies/write.toml

@@ -0,0 +1,44 @@
+# Write/mutating tools that require user confirmation by default.
+# In autoEdit mode, replace and write_file are auto-approved.
+#
+# Priority bands (tiers):
+# - Default policies (TOML): 1 + priority/1000
+#   10: Write tools default to ASK_USER (becomes 1.010)
+#   15: Auto-edit tool override (becomes 1.015)
+
+[[rule]]
+toolName = "replace"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "replace"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+
+[[rule]]
+toolName = "write_file"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "write_file"
+decision = "allow"
+priority = 15
+modes = ["autoEdit"]
+
+[[rule]]
+toolName = "run_shell_command"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "save_memory"
+decision = "ask_user"
+priority = 10
+
+[[rule]]
+toolName = "activate_skill"
+decision = "ask_user"
+priority = 10

package/bundle/policies/yolo.toml

@@ -0,0 +1,9 @@
+# YOLO mode: allow all tools without confirmation.
+# This rule has the highest default-tier priority (999 → 1.999).
+# It only applies when the approval mode is "yolo".
+
+[[rule]]
+decision = "allow"
+priority = 999
+modes = ["yolo"]
+allow_redirection = true