bingocode 1.1.125 → 1.1.127

package/.claude/settings.local.json

@@ -7,7 +7,11 @@
       "Bash(curl -s \"https://docs.anthropic.com/en/api/messages-streaming\" --max-time 30 -A \"Mozilla/5.0\")",
       "Bash(curl -sv \"https://docs.anthropic.com/en/api/messages\" --max-time 30)",
       "Bash(curl -sv \"https://raw.githubusercontent.com/anthropics/anthropic-sdk-python/main/api.md\" --max-time 30)",
-      "Bash(curl -s \"https://raw.githubusercontent.com/anthropics/anthropic-sdk-python/refs/heads/main/README.md\" --max-time 30)"
+      "Bash(curl -s \"https://raw.githubusercontent.com/anthropics/anthropic-sdk-python/refs/heads/main/README.md\" --max-time 30)",
+      "Bash(findstr /i goal)",
+      "Bash(bun run:*)",
+      "Bash(bunx tsc:*)",
+      "Bash(node_modules/.bin/tsc --noEmit --skipLibCheck)"
     ]
   }
 }

package/bin/bingo-win.cjs

@@ -74,6 +74,22 @@ function bunExists() {
 
 // 安装 bun
 function installBun() {
+  // 优先：从包内 runtime/bun.exe 直接部署（离线，无需 PowerShell 权限）
+  const bundledBun = path.join(ROOT_DIR, 'runtime', 'bun.exe');
+  if (fs.existsSync(bundledBun)) {
+    console.log('[bingocode] 正在从包内部署 bun.exe...');
+    try {
+      const destDir = path.join(os.homedir(), '.bun', 'bin');
+      if (!fs.existsSync(destDir)) fs.mkdirSync(destDir, { recursive: true });
+      fs.copyFileSync(bundledBun, bunPath);
+      console.log('[bingocode] bun 已部署，正在启动...');
+      return true;
+    } catch (err) {
+      console.warn(`[bingocode] 包内部署失败: ${err.message}，尝试在线安装...`);
+    }
+  }
+
+  // 兜底：在线安装
   console.log('[bingocode] bun 未检测到，正在自动安装...');
   try {
     const result = spawnSync(

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "bingocode",
-  "version": "1.1.125",
+  "version": "1.1.127",
   "type": "module",
   "bin": {
     "claude": "bin/claude-win.cjs",

package/scripts/install-bun.cjs

@@ -0,0 +1,89 @@
+#!/usr/bin/env node
+/**
+ * postinstall helper: deploy bundled bun.exe → ~/.bun/bin/bun.exe
+ *
+ * Rules:
+ *   - Only runs on Windows (win32). No-op on Linux/Mac.
+ *   - Skips if ~/.bun/bin/bun.exe already exists (respect user's own install).
+ *   - Appends %USERPROFILE%\.bun\bin to HKCU\Environment PATH via reg.exe (no admin needed).
+ *   - CJS, no dependencies beyond Node built-ins.
+ */
+
+'use strict'
+
+const fs = require('node:fs')
+const path = require('node:path')
+const os = require('node:os')
+const { spawnSync } = require('node:child_process')
+
+// Only relevant on Windows
+if (process.platform !== 'win32') process.exit(0)
+
+const home = os.homedir()
+if (!home) process.exit(0)
+
+const dest = path.join(home, '.bun', 'bin', 'bun.exe')
+
+// Already installed — skip
+if (fs.existsSync(dest)) {
+  console.log('[bingocode] bun already present, skipping bundled deploy.')
+  process.exit(0)
+}
+
+const src = path.join(__dirname, '..', 'runtime', 'bun.exe')
+if (!fs.existsSync(src)) {
+  console.warn('[bingocode] runtime/bun.exe not found in package, skipping.')
+  process.exit(0)
+}
+
+// Copy bun.exe
+try {
+  fs.mkdirSync(path.dirname(dest), { recursive: true })
+  fs.copyFileSync(src, dest)
+  fs.chmodSync(dest, 0o755)
+  console.log(`[bingocode] deployed bun.exe → ${dest}`)
+} catch (err) {
+  console.warn(`[bingocode] failed to deploy bun.exe: ${err.message}`)
+  process.exit(0)
+}
+
+// Add ~/.bun/bin to HKCU PATH (no admin required)
+try {
+  const bunBinDir = path.dirname(dest)
+
+  // Read current HKCU PATH
+  const query = spawnSync(
+    'reg',
+    ['query', 'HKCU\\Environment', '/v', 'PATH'],
+    { encoding: 'utf8', shell: false }
+  )
+
+  let currentPath = ''
+  if (query.status === 0 && query.stdout) {
+    const match = query.stdout.match(/PATH\s+REG(?:_EXPAND)?_SZ\s+(.+)/i)
+    if (match) currentPath = match[1].trim()
+  }
+
+  // Already in PATH
+  if (currentPath.toLowerCase().includes(bunBinDir.toLowerCase())) {
+    console.log('[bingocode] PATH already contains bun bin dir.')
+    process.exit(0)
+  }
+
+  const newPath = currentPath ? `${currentPath};${bunBinDir}` : bunBinDir
+
+  const reg = spawnSync(
+    'reg',
+    ['add', 'HKCU\\Environment', '/v', 'PATH', '/t', 'REG_EXPAND_SZ', '/d', newPath, '/f'],
+    { encoding: 'utf8', shell: false }
+  )
+
+  if (reg.status === 0) {
+    console.log(`[bingocode] added ${bunBinDir} to user PATH.`)
+    console.log('[bingocode] NOTE: restart your terminal for PATH change to take effect.')
+  } else {
+    console.warn(`[bingocode] could not update PATH: ${reg.stderr}`)
+  }
+} catch (err) {
+  console.warn(`[bingocode] PATH update failed (non-fatal): ${err.message}`)
+}

package/scripts/install-skills.cjs

@@ -46,3 +46,10 @@ for (const skill of skills) {
     console.warn(`[bingocode] could not install skill ${skill}: ${err.message}`)
   }
 }
+
+// Deploy bundled bun.exe (Windows only, skips if already present)
+try {
+  require('./install-bun.cjs')
+} catch (err) {
+  console.warn(`[bingocode] bun deploy step failed (non-fatal): ${err.message}`)
+}

package/src/constants/prompts.ts

@@ -230,8 +230,9 @@ function getSimpleDoingTasksSection(): string {
     `In general, do not propose changes to code you haven't read. If a user asks about or wants you to modify a file, read it first. Understand existing code before suggesting modifications.`,
     `Do not create files unless they're absolutely necessary for achieving your goal. Generally prefer editing an existing file to creating a new one, as this prevents file bloat and builds on existing work more effectively.`,
     `Avoid giving time estimates or predictions for how long tasks will take, whether for your own work or for users planning projects. Focus on what needs to be done, not how long it might take.`,
-    `If an approach fails, diagnose why before switching tactics—read the error, check your assumptions, try a focused fix. Don't retry the identical action blindly, but don't abandon a viable approach after a single failure either. Escalate to the user with ${ASK_USER_QUESTION_TOOL_NAME} only when you're genuinely stuck after investigation, not as a first response to friction.`,
+    `On failure: diagnose before switching tactics. Don't retry blindly or abandon after one failure. Escalate with ${ASK_USER_QUESTION_TOOL_NAME} at objective thresholds: same error 3×, same file edited 4×, non-zero exit after 2 distinct fixes.`,
     `Be careful not to introduce security vulnerabilities such as command injection, XSS, SQL injection, and other OWASP top 10 vulnerabilities. If you notice that you wrote insecure code, immediately fix it. Prioritize writing safe, secure, and correct code.`,
+    `Done = outcome verified + no new regressions + result stated. If unverifiable, say so. Never claim done on "looks right".`,
     ...codeStyleSubitems,
     `Avoid backwards-compatibility hacks like renaming unused _vars, re-exporting types, adding // removed comments for removed code, etc. If you are certain that something is unused, you can delete it completely.`,
     // @[MODEL LAUNCH]: False-claims mitigation for Capybara v8 (29-30% FC rate vs v4's 16.7%)
@@ -255,15 +256,21 @@ function getSimpleDoingTasksSection(): string {
 function getActionsSection(): string {
   return `# Executing actions with care
 
-Carefully consider the reversibility and blast radius of actions. Generally you can freely take local, reversible actions like editing files or running tests. But for actions that are hard to reverse, affect shared systems beyond your local environment, or could otherwise be risky or destructive, check with the user before proceeding. The cost of pausing to confirm is low, while the cost of an unwanted action (lost work, unintended messages sent, deleted branches) can be very high. For actions like these, consider the context, the action, and user instructions, and by default transparently communicate the action and ask for confirmation before proceeding. This default can be changed by user instructions - if explicitly asked to operate more autonomously, then you may proceed without confirmation, but still attend to the risks and consequences when taking actions. A user approving an action (like a git push) once does NOT mean that they approve it in all contexts, so unless actions are authorized in advance in durable instructions like CLAUDE.md files, always confirm first. Authorization stands for the scope specified, not beyond. Match the scope of your actions to what was actually requested.
+Two axes govern every action — reversibility and blast radius:
+- Local + reversible (edit files, run tests): proceed freely.
+- Hard-to-reverse OR affects shared state OR risky/destructive: confirm with user first.
 
-Examples of the kind of risky actions that warrant user confirmation:
-- Destructive operations: deleting files/branches, dropping database tables, killing processes, rm -rf, overwriting uncommitted changes
-- Hard-to-reverse operations: force-pushing (can also overwrite upstream), git reset --hard, amending published commits, removing or downgrading packages/dependencies, modifying CI/CD pipelines
-- Actions visible to others or that affect shared state: pushing code, creating/closing/commenting on PRs or issues, sending messages (Slack, email, GitHub), posting to external services, modifying shared infrastructure or permissions
-- Uploading content to third-party web tools (diagram renderers, pastebins, gists) publishes it - consider whether it could be sensitive before sending, since it may be cached or indexed even if later deleted.
+The cost of asking is near zero; the cost of an unwanted action (lost work, deleted branches, sent messages) can be very high.
 
-When you encounter an obstacle, do not use destructive actions as a shortcut to simply make it go away. For instance, try to identify root causes and fix underlying issues rather than bypassing safety checks (e.g. --no-verify). If you discover unexpected state like unfamiliar files, branches, or configuration, investigate before deleting or overwriting, as it may represent the user's in-progress work. For example, typically resolve merge conflicts rather than discarding changes; similarly, if a lock file exists, investigate what process holds it rather than deleting it. In short: only take risky actions carefully, and when in doubt, ask before acting. Follow both the spirit and letter of these instructions - measure twice, cut once.`
+Risk categories requiring confirmation:
+- Destructive: deleting files/branches, dropping tables, killing processes, rm -rf, overwriting uncommitted changes
+- Hard-to-reverse: force-push, git reset --hard, amending published commits, removing or downgrading packages/dependencies, modifying CI/CD pipelines
+- Shared-state visible: pushing code, creating/closing/commenting on PRs or issues, sending messages (Slack, email, GitHub), posting to external services, modifying shared infrastructure or permissions
+- Third-party upload: diagram renderers, pastebins, gists — may be cached or indexed even if deleted later
+
+Authorization: one-time approval covers only that scope — confirm again outside it, unless CLAUDE.md says otherwise. If asked to operate autonomously, proceed but remain risk-aware.
+
+Obstacles: diagnose root causes; do not use destructive actions as shortcuts (e.g. --no-verify). Investigate unexpected state (unfamiliar files, branches, lock files) before deleting or overwriting — it may be in-progress work. Measure twice, cut once.`
 }
 
 function getUsingYourToolsSection(enabledTools: Set<string>): string {
@@ -415,21 +422,26 @@ These user-facing text instructions do not apply to code or tool calls.`
   }
   return `# Output efficiency
 
-IMPORTANT: Go straight to the point. Try the simplest approach first without going in circles. Do not overdo it. Be extra concise.
-
-Keep your text output brief and direct. Lead with the answer or action, not the reasoning. Skip filler words, preamble, and unnecessary transitions. Do not restate what the user said — just do it. When explaining, include only what is necessary for the user to understand.
+Lead with the answer. Be concise. Skip preamble, filler, and restatement.
 
 Focus text output on:
 - Decisions that need the user's input
 - High-level status updates at natural milestones
 - Errors or blockers that change the plan
 
+Format by situation:
+- Direct question or simple task → single sentence or one short paragraph, no headers
+- Multi-step result with distinct outcomes → bullet list, no prose wrapper
+- Explanation of a decision or tradeoff → two sentences max, lead with conclusion
+- Error report → one line: what failed, why, what you'll try next
+
 If you can say it in one sentence, don't use three. Prefer short, direct sentences over long explanations. This does not apply to code or tool calls.`
 }
 
 function getSimpleToneAndStyleSection(): string {
   const items = [
     `Only use emojis if the user explicitly requests it. Avoid using emojis in all communication unless asked.`,
+    `Mirror the user's language in all responses unless a language preference is configured.`,
     process.env.USER_TYPE === 'ant'
       ? null
       : `Your responses should be short and concise.`,
@@ -838,7 +850,7 @@ function getFunctionResultClearingSection(model: string): string | null {
 Old tool results will be automatically cleared from context to free up space. The ${config.keepRecent} most recent results are always kept.`
 }
 
-const SUMMARIZE_TOOL_RESULTS_SECTION = `When working with tool results, write down any important information you might need later in your response, as the original tool result may be cleared later.`
+const SUMMARIZE_TOOL_RESULTS_SECTION = `When working with tool results, write down any important information you might need later in your response, as the original tool result may be cleared later. After compaction: don't assume prior state holds — re-read files and re-run verifications before continuing.`
 
 function getBriefSection(): string | null {
   if (!(feature('KAIROS') || feature('KAIROS_BRIEF'))) return null

package/src/ink/terminal.ts

@@ -173,8 +173,14 @@ export function supportsExtendedKeys(): boolean {
  *  SetConsoleCursorPosition follows the cursor into scrollback
  *  (microsoft/terminal#14774), yanking users to the top of their buffer
  *  mid-stream. WT_SESSION catches WSL-in-Windows-Terminal where platform
- *  is linux but output still routes through conhost. */
+ *  is linux but output still routes through conhost.
+ *
+ *  xterm.js (VS Code, Cursor, Windsurf integrated terminals) does NOT have
+ *  this bug — cursor-up (CSI A) clamps at viewport top without yanking into
+ *  scrollback. Even when WT_SESSION is set (e.g. VS Code running inside
+ *  Windows Terminal), the actual pty renderer is xterm.js, so we exempt it. */
 export function hasCursorUpViewportYankBug(): boolean {
+  if (isXtermJs()) return false
   return process.platform === 'win32' || !!process.env.WT_SESSION
 }
 

package/src/server/proxy/streaming/openaiChatStreamToAnthropic.ts

@@ -478,7 +478,7 @@ function handleFinishReason(
   const stopReason = mapFinishReason(finishReason)
 
   // Capture input_tokens if available in this chunk
-  if (chunk.usage?.prompt_tokens) state.inputTokens = chunk.usage.prompt_tokens
+  if (chunk.usage?.prompt_tokens != null) state.inputTokens = chunk.usage.prompt_tokens
 
   const usage = chunk.usage
     ? { input_tokens: chunk.usage.prompt_tokens || 0, output_tokens: chunk.usage.completion_tokens || 0 }
@@ -509,7 +509,7 @@ function mergeUsageIntoHeldDelta(
 ): void {
   if (!state.heldMessageDelta) return
 
-  if (usage.prompt_tokens) state.inputTokens = usage.prompt_tokens
+  if (usage.prompt_tokens != null) state.inputTokens = usage.prompt_tokens
   const data = state.heldMessageDelta.data as Record<string, unknown>
   data.usage = { input_tokens: state.inputTokens, output_tokens: usage.completion_tokens || 0 }
   state.messageDeltaSent = true

package/src/server/proxy/transform/anthropicToOpenaiChat.ts

@@ -88,7 +88,7 @@ export function anthropicToOpenaiChat(body: AnthropicRequest): OpenAIChatRequest
   }
 
   // thinking → reasoning_effort
-  if (body.thinking && !body.model.toLowerCase().includes('deepseek')) {
+  if (body.thinking) {
     const budget = body.thinking.budget_tokens
     if (budget !== undefined) {
       if (budget <= 1024) result.reasoning_effort = 'low'

package/src/utils/goalEvaluator.ts

@@ -19,7 +19,10 @@ export async function evaluateGoal(
   goalCondition: string,
   messages: MessageType[],
 ): Promise<GoalEvalResult> {
-  const client = new Anthropic()
+  const client = new Anthropic({
+    baseURL: process.env.ANTHROPIC_BASE_URL ?? undefined,
+    apiKey: process.env.ANTHROPIC_API_KEY ?? 'dummy',
+  })
 
   const recentAssistantTexts = messages
     .filter(m => m.type === 'assistant' || m.role === 'assistant')