npm - chainlesschain - Versions diffs - 0.162.35 → 0.162.37 - Mend

chainlesschain 0.162.35 → 0.162.37

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (193) hide show

package/src/lib/settings-loader.cjs ADDED Viewed

@@ -0,0 +1,244 @@
+"use strict";
+/**
+ * settings-loader — discover + merge `.claude/settings.json` files into a
+ * single permission ruleset, Claude-Code style.
+ *
+ * Precedence (lowest → highest):
+ *   1. ~/.claude/settings.json                 (user, all projects)
+ *   2. <project>/.claude/settings.json         (project, checked in)
+ *   3. <project>/.claude/settings.local.json   (personal override, gitignored)
+ *   4. --settings <file>                       (explicit, CC `--settings` parity)
+ *   5. CC_PERMISSIONS_ALLOW / _ASK / _DENY env (comma-separated, kill-switch)
+ *
+ * Permission arrays are **unioned** across sources — a higher layer can add
+ * rules but never *remove* a lower layer's `deny` (deny can only accrete). The
+ * engine's deny > ask > allow precedence then resolves any overlap, so an
+ * inherited deny always beats a locally added allow.
+ *
+ * Robustness: a missing file is silently skipped; a malformed file warns to
+ * stderr and is skipped (fail-open to the existing risk-tier logic — a broken
+ * settings file must never wedge the agent). All reads are explicit UTF-8.
+ *
+ * `_deps` injection (fs / homedir) follows the CLI testing convention since
+ * `vi.mock` cannot intercept CJS `require`.
+ */
+const fsDefault = require("node:fs");
+const path = require("node:path");
+const os = require("node:os");
+const _deps = { fs: fsDefault, homedir: () => os.homedir() };
+const KINDS = Object.freeze(["allow", "ask", "deny"]);
+/** Read + JSON.parse one settings file. Returns null on missing/bad. */
+function readSettingsFile(file, { onWarn } = {}) {
+  let text;
+  try {
+    if (!_deps.fs.existsSync(file)) return null;
+    text = _deps.fs.readFileSync(file, "utf-8");
+  } catch {
+    return null; // unreadable → treat as absent
+  }
+  try {
+    const parsed = JSON.parse(text);
+    return parsed && typeof parsed === "object" ? parsed : null;
+  } catch (err) {
+    if (typeof onWarn === "function") {
+      onWarn(`settings: ignoring malformed ${file} (${err.message})`);
+    } else {
+      process.stderr.write(
+        `settings: ignoring malformed ${file} (${err.message})\n`,
+      );
+    }
+    return null;
+  }
+}
+/** Push every string of `arr` into `target` + `sources`, de-duped. */
+function accrete(target, sources, arr, file, kind) {
+  if (!Array.isArray(arr)) return;
+  for (const entry of arr) {
+    const rule = String(entry || "").trim();
+    if (!rule) continue;
+    if (!target.includes(rule)) target.push(rule);
+    // First source to introduce a rule wins as its provenance label.
+    const key = `${kind}:${rule}`;
+    if (!sources[key]) sources[key] = file;
+  }
+}
+/** The ordered list of candidate settings files for a cwd. */
+function settingsPaths(cwd, explicitFile) {
+  const home = _deps.homedir();
+  const list = [
+    path.join(home, ".claude", "settings.json"),
+    path.join(cwd, ".claude", "settings.json"),
+    path.join(cwd, ".claude", "settings.local.json"),
+  ];
+  if (explicitFile) list.push(path.resolve(cwd, explicitFile));
+  return list;
+}
+/** Parse a comma/space separated env override into a string[]. */
+function parseEnvList(value) {
+  if (!value) return [];
+  return String(value)
+    .split(/[,\n]+/)
+    .map((s) => s.trim())
+    .filter(Boolean);
+}
+/**
+ * Load + merge the effective permission ruleset for a project.
+ *
+ * @param {object} [opts]
+ * @param {string} [opts.cwd=process.cwd()]
+ * @param {string} [opts.settingsFile]   value of --settings (CC parity)
+ * @param {object} [opts.env=process.env]
+ * @param {(msg:string)=>void} [opts.onWarn]
+ * @returns {{
+ *   rules: { allow:string[], ask:string[], deny:string[] },
+ *   sources: Record<string,string>,    // "kind:rule" → originating file
+ *   files: string[]                     // settings files that contributed
+ * }}
+ */
+function loadSettings(opts = {}) {
+  const cwd = opts.cwd || process.cwd();
+  const env = opts.env || process.env;
+  const onWarn = opts.onWarn;
+  const rules = { allow: [], ask: [], deny: [] };
+  const sources = {};
+  const files = [];
+  for (const file of settingsPaths(cwd, opts.settingsFile)) {
+    const data = readSettingsFile(file, { onWarn });
+    if (!data) continue;
+    const perms =
+      data.permissions && typeof data.permissions === "object"
+        ? data.permissions
+        : {};
+    let contributed = false;
+    for (const kind of KINDS) {
+      const before = rules[kind].length;
+      accrete(rules[kind], sources, perms[kind], file, kind);
+      if (rules[kind].length !== before) contributed = true;
+    }
+    if (contributed) files.push(file);
+  }
+  // env kill-switch layer (highest precedence source label)
+  const envMap = {
+    allow: parseEnvList(env.CC_PERMISSIONS_ALLOW),
+    ask: parseEnvList(env.CC_PERMISSIONS_ASK),
+    deny: parseEnvList(env.CC_PERMISSIONS_DENY),
+  };
+  let envContributed = false;
+  for (const kind of KINDS) {
+    const before = rules[kind].length;
+    accrete(rules[kind], sources, envMap[kind], "<env>", kind);
+    if (rules[kind].length !== before) envContributed = true;
+  }
+  if (envContributed) files.push("<env>");
+  return { rules, sources, files };
+}
+/** Look up the source file a matched `{ kind, rule }` came from. */
+function ruleSource(sources, kind, rule) {
+  return (sources && sources[`${kind}:${rule}`]) || null;
+}
+/** Resolve a write target file for a scope (project | local | user). */
+function scopeFile(cwd, scope) {
+  if (scope === "user") {
+    return path.join(_deps.homedir(), ".claude", "settings.json");
+  }
+  if (scope === "local") {
+    return path.join(cwd, ".claude", "settings.local.json");
+  }
+  return path.join(cwd, ".claude", "settings.json"); // project (default)
+}
+/**
+ * Append a permission rule to a settings file (idempotent). Used by
+ * `cc permissions add` and the REPL "always allow" flow.
+ *
+ * @returns {{ file:string, added:boolean }} added=false → already present.
+ * @throws if the target file exists but is malformed JSON (refuse to clobber).
+ */
+function addRule({ cwd = process.cwd(), kind, rule, scope = "project" } = {}) {
+  if (!KINDS.includes(kind)) {
+    throw new Error(`kind must be allow | ask | deny (got "${kind}")`);
+  }
+  const file = scopeFile(cwd, scope);
+  let data = {};
+  if (_deps.fs.existsSync(file)) {
+    const text = _deps.fs.readFileSync(file, "utf-8");
+    try {
+      data = JSON.parse(text) || {};
+    } catch (err) {
+      throw new Error(`refusing to overwrite malformed ${file} (${err.message})`);
+    }
+  }
+  if (!data.permissions || typeof data.permissions !== "object") {
+    data.permissions = {};
+  }
+  if (!Array.isArray(data.permissions[kind])) data.permissions[kind] = [];
+  if (data.permissions[kind].includes(rule)) return { file, added: false };
+  data.permissions[kind].push(rule);
+  _deps.fs.mkdirSync(path.dirname(file), { recursive: true });
+  _deps.fs.writeFileSync(file, JSON.stringify(data, null, 2) + "\n", "utf-8");
+  return { file, added: true };
+}
+/**
+ * Native-config overrides from the same settings files loadSettings reads
+ * (user → project → local → explicit --settings, last-write-wins). Mirrors
+ * Claude-Code settings.json `model` + `env`. Permissions stay with
+ * loadSettings; this is the config-override half — a one-shot way to set the
+ * model / env vars for a run without editing .chainlesschain/config.json.
+ *
+ * @param {object} [opts] { cwd, settingsFile, onWarn }
+ * @returns {{ model: string|null, env: Record<string,string>, files: string[] }}
+ */
+function loadSettingsConfig(opts = {}) {
+  const cwd = opts.cwd || process.cwd();
+  let model = null;
+  const env = {};
+  const files = [];
+  for (const file of settingsPaths(cwd, opts.settingsFile)) {
+    const data = readSettingsFile(file, { onWarn: opts.onWarn });
+    if (!data) continue;
+    let contributed = false;
+    if (typeof data.model === "string" && data.model.trim()) {
+      model = data.model.trim();
+      contributed = true;
+    }
+    if (data.env && typeof data.env === "object" && !Array.isArray(data.env)) {
+      for (const [k, v] of Object.entries(data.env)) {
+        if (typeof v === "string") {
+          env[k] = v;
+          contributed = true;
+        }
+      }
+    }
+    if (contributed) files.push(file);
+  }
+  return { model, env, files };
+}
+module.exports = {
+  loadSettings,
+  loadSettingsConfig,
+  readSettingsFile,
+  settingsPaths,
+  parseEnvList,
+  ruleSource,
+  addRule,
+  scopeFile,
+  KINDS,
+  _deps,
+};

package/src/lib/slash-commands.js CHANGED Viewed

@@ -63,7 +63,11 @@ export const BANG_TIMEOUT_MS = 10_000;
 export function commandDirs(cwd = process.cwd(), opts = {}) {
   const path = opts.deps?.path || _deps.path;
   const home = opts.home || homedir();
+  // Project-native `.chainlesschain/commands/` takes precedence, then the
+  // Claude-Code-portable `.claude/commands/` (so existing definitions work
+  // unchanged), then personal. Both project dirs share the "project" scope.
   return [
+    { dir: path.join(cwd, ".chainlesschain", "commands"), scope: "project" },
     { dir: path.join(cwd, ".claude", "commands"), scope: "project" },
     { dir: path.join(home, ".claude", "commands"), scope: "personal" },
   ];

package/src/lib/status-line.cjs ADDED Viewed

@@ -0,0 +1,204 @@
+"use strict";
+/**
+ * status-line — Claude-Code `statusLine` parity. A user command rendered into
+ * a status line shown above the REPL prompt each turn (model / branch / cost /
+ * whatever the script prints).
+ *
+ * Config lives in the `.claude/settings.json` hierarchy under `statusLine`:
+ *   { "statusLine": { "type": "command", "command": "~/.claude/status.sh" } }
+ * (a bare string is also accepted as the command). The command receives a JSON
+ * context on stdin — `{ session_id, model:{id}, workspace:{current_dir,
+ * project_dir}, cwd }` — and its first stdout line becomes the status line.
+ *
+ * Best-effort throughout: a missing config, a broken command, or a timeout just
+ * yields no status line — it never blocks or breaks the REPL. `_deps` injection
+ * (spawnSync / settings reader) for tests.
+ */
+const cpDefault = require("node:child_process");
+const path = require("node:path");
+const { settingsPaths, readSettingsFile } = require("./settings-loader.cjs");
+const _deps = {
+  spawnSync: cpDefault.spawnSync,
+  // injectable so tests don't touch real settings files
+  readSettings: (cwd, settingsFile) => {
+    const out = [];
+    for (const file of settingsPaths(cwd, settingsFile)) {
+      const data = readSettingsFile(file);
+      if (data) out.push(data);
+    }
+    return out;
+  },
+};
+/**
+ * Load the effective `statusLine` config (last layer wins). Returns
+ * `{ command, type, padding }` or null.
+ */
+function loadStatusLineConfig({ cwd = process.cwd(), settingsFile } = {}) {
+  let cfg = null;
+  for (const data of _deps.readSettings(cwd, settingsFile)) {
+    if (!data || data.statusLine == null) continue;
+    const sl = data.statusLine;
+    if (typeof sl === "string" && sl.trim()) {
+      cfg = { type: "command", command: sl.trim(), padding: 0 };
+    } else if (sl && typeof sl === "object" && typeof sl.command === "string") {
+      cfg = {
+        type: sl.type || "command",
+        command: sl.command,
+        padding: Number(sl.padding) || 0,
+      };
+    } else if (sl === false || sl === null) {
+      cfg = null; // an explicit disable in a higher layer wins
+    }
+  }
+  return cfg && cfg.command ? cfg : null;
+}
+/**
+ * Build the JSON context handed to the status-line command on stdin (and used
+ * by the built-in renderer). Carries context-window usage so a custom command —
+ * or the built-in line — can show how full the window is. Additive: the prior
+ * fields are unchanged; `context` + `turn` are new.
+ */
+function buildContext({
+  sessionId,
+  model,
+  provider,
+  cwd,
+  projectDir,
+  usedTokens = 0,
+  contextWindow = 0,
+  turn = 0,
+} = {}) {
+  const used = Math.max(0, Number(usedTokens) || 0);
+  const window = Math.max(0, Number(contextWindow) || 0);
+  const pct = window > 0 ? Math.min(100, Math.round((used / window) * 100)) : 0;
+  return {
+    hook_event_name: "Status",
+    session_id: sessionId || null,
+    model: { id: model || null, display_name: model || null },
+    provider: provider || null,
+    workspace: {
+      current_dir: cwd || process.cwd(),
+      project_dir: projectDir || cwd || process.cwd(),
+    },
+    cwd: cwd || process.cwd(),
+    context: { used_tokens: used, window, pct },
+    turn: Math.max(0, Number(turn) || 0),
+  };
+}
+/** Compact a token count: 950 → "950", 12345 → "12.3k", 1500000 → "1.5M". */
+function formatTokens(n) {
+  const v = Number(n) || 0;
+  if (v < 1000) return String(Math.max(0, Math.round(v)));
+  if (v < 1_000_000) {
+    const k = v / 1000;
+    return (k >= 100 ? Math.round(k) : Number(k.toFixed(1))) + "k";
+  }
+  return Number((v / 1_000_000).toFixed(1)) + "M";
+}
+/** Home-relative compact path: the home dir collapses to "~". */
+function shortenPath(p) {
+  const cwd = String(p || "");
+  let home = "";
+  try {
+    home = require("node:os").homedir() || "";
+  } catch {
+    home = "";
+  }
+  if (
+    home &&
+    (cwd === home || cwd.startsWith(home + "/") || cwd.startsWith(home + "\\"))
+  ) {
+    return "~" + cwd.slice(home.length);
+  }
+  return cwd;
+}
+/**
+ * Built-in context-usage line shown when no custom `statusLine` command is
+ * configured: "model · ⛁ used/window (pct%) · cwd · turn N". No color — the
+ * caller dims it. Returns "" when there's genuinely nothing to show.
+ */
+function renderDefaultStatusLine(context = {}) {
+  const c = context.context || {};
+  const parts = [];
+  if (context.model && context.model.id) parts.push(context.model.id);
+  if (c.window > 0) {
+    parts.push(
+      `⛁ ${formatTokens(c.used_tokens)}/${formatTokens(c.window)} (${c.pct}%)`,
+    );
+  } else if (c.used_tokens > 0) {
+    parts.push(`⛁ ${formatTokens(c.used_tokens)}`);
+  }
+  if (context.cwd) parts.push(shortenPath(context.cwd));
+  if (context.turn) parts.push(`turn ${context.turn}`);
+  return parts.join("  ·  ");
+}
+/**
+ * Whether the user explicitly disabled the status line via `statusLine: false`
+ * in the effective (last-layer-wins) settings. Lets the REPL suppress even the
+ * built-in line, while a mere absence of config still shows the built-in.
+ */
+function isStatusLineDisabled({ cwd = process.cwd(), settingsFile } = {}) {
+  let disabled = false;
+  for (const data of _deps.readSettings(cwd, settingsFile)) {
+    if (!data || !("statusLine" in data)) continue;
+    disabled = data.statusLine === false;
+  }
+  return disabled;
+}
+/**
+ * Render the status line by running the command with the JSON context on stdin.
+ * Returns the first stdout line (trimmed, ANSI preserved) or null.
+ */
+function renderStatusLine(config, context = {}, { cwd, timeout = 5000 } = {}) {
+  if (!config || !config.command) return null;
+  let res;
+  try {
+    res = _deps.spawnSync(config.command, {
+      input: JSON.stringify(context),
+      cwd: cwd || process.cwd(),
+      encoding: "utf-8",
+      timeout,
+      shell: true,
+      maxBuffer: 1024 * 1024,
+    });
+  } catch {
+    return null; // spawn failure → no status line
+  }
+  if (res.error || res.status !== 0) return null;
+  const out = String(res.stdout || "");
+  const firstLine = out.split(/\r?\n/)[0];
+  const line = (firstLine || "").trim();
+  if (!line) return null;
+  const pad = config.padding > 0 ? " ".repeat(config.padding) : "";
+  return pad + line;
+}
+/** Convenience: load + render in one call (used by the REPL each turn). */
+function getStatusLine({ cwd, settingsFile, sessionId, model, provider, projectDir, timeout } = {}) {
+  const config = loadStatusLineConfig({ cwd, settingsFile });
+  if (!config) return null;
+  const context = buildContext({ sessionId, model, provider, cwd, projectDir });
+  return renderStatusLine(config, context, { cwd, timeout });
+}
+module.exports = {
+  loadStatusLineConfig,
+  buildContext,
+  renderStatusLine,
+  getStatusLine,
+  formatTokens,
+  shortenPath,
+  renderDefaultStatusLine,
+  isStatusLineDisabled,
+  _deps,
+};

package/src/lib/sub-agent-profiles.js CHANGED Viewed

@@ -21,6 +21,7 @@ const READONLY_TOOLS = Object.freeze([
   "search_files",
   "search_sessions",
   "web_fetch",
+  "web_search",
   "list_skills",
 ]);
@@ -38,6 +39,7 @@ const FULL_TOOLS = Object.freeze([
   "run_skill",
   "list_skills",
   "web_fetch",
+  "web_search",
   "todo_write",
   "ask_user_question",
 ]);
@@ -50,6 +52,7 @@ const DESIGN_TOOLS = Object.freeze([
   "list_dir",
   "search_files",
   "web_fetch",
+  "web_search",
   "run_skill",
   "list_skills",
   "todo_write",