codemini-cli 0.3.8 → 0.4.0

package/src/core/chat-runtime.js

@@ -10,7 +10,7 @@ import {
 } from './provider/index.js';
 import { isDangerousCommand, runShellCommand } from './shell.js';
 import { getBuiltinTools } from './tools.js';
-import { listSessions, loadSession, pruneSessions, saveSession } from './session-store.js';
+import { createSession, listSessions, loadSession, pruneSessions, saveSession } from './session-store.js';
 import { getConfigValue, loadConfig, resetConfig, setConfigValue } from './config-store.js';
 import { evaluateCommandPolicy } from './command-policy.js';
 import { appendInputHistory, loadInputHistory } from './input-history-store.js';
@@ -25,7 +25,8 @@ import { buildSystemPromptWithSoul } from './soul.js';
 import { getProjectPlansDir, getProjectSpecsDir, getProjectWorkspaceDir, getSessionsDir } from './paths.js';
 import { buildProjectContextSnippet, initializeProjectIndex } from './project-index.js';
 import { buildMemorySnapshot } from './memory-prompt.js';
-import { forgetMemory, listMemories, searchMemories } from './memory-store.js';
+import { forgetMemory, listMemories, searchMemories, captureToInbox, listInbox } from './memory-store.js';
+import { runDreamConsolidation } from './dream-consolidate.js';
 import { normalizePlanState } from './plan-state.js';
 import { countActiveTodos, normalizeTodos } from './todo-state.js';
 
@@ -151,10 +152,12 @@ function getCompletionCopy(language = 'zh') {
         agents: '列出/运行子代理角色',
         config: '设置/读取/列出/重置配置',
         memory: '查看/搜索/删除持久记忆',
+        dream: '整理记忆收件箱（dream consolidation）',
         history: '查看/恢复会话',
         debug: '运行时调试开关',
         retry: '重试上一条用户请求',
         stop: '中止当前回答',
+        new: '开始新会话',
         yes: '确认当前待审批计划并开始执行',
         edit: '修改当前待审批计划',
         reject: '拒绝当前待审批计划'
@@ -168,6 +171,7 @@ function getCompletionCopy(language = 'zh') {
         planCommand: '规划命令',
         agentCommand: '子代理命令',
         memoryCommand: '记忆命令',
+        dreamCommand: '记忆整理命令',
         debugCommand: '调试命令',
         keyboardDebugCommand: '键盘调试命令',
         compactCommand: '上下文压缩命令',
@@ -245,10 +249,12 @@ function getCompletionCopy(language = 'zh') {
         agents: 'run/list sub-agent roles',
         config: 'set/get/list/reset config values',
         memory: 'list/search/delete persistent memories',
+        dream: 'consolidate memory inbox (dream)',
         history: 'list/resume sessions',
         debug: 'runtime debug switches',
         retry: 'retry the last user request',
         stop: 'stop the current response',
+        new: 'start a new session',
         yes: 'approve the pending plan and start execution',
         edit: 'revise the pending plan',
         reject: 'reject the pending plan'
@@ -262,6 +268,7 @@ function getCompletionCopy(language = 'zh') {
         planCommand: 'planning command',
         agentCommand: 'sub-agent command',
         memoryCommand: 'memory command',
+        dreamCommand: 'dream consolidation command',
         debugCommand: 'debug command',
         keyboardDebugCommand: 'keyboard debug command',
         compactCommand: 'context compaction command',
@@ -282,12 +289,12 @@ function describeConfigKey(key, mode = 'set', language = 'zh') {
 }
 
 const SUB_AGENT_ROLES = ['planner', 'coder', 'reviewer', 'tester', 'summarizer'];
-const ROLE_TOOL_POLICY = {
-  planner: ['read', 'grep', 'list', 'query_project_index', 'tool_search', 'glob', 'ast_query', 'read_ast_node', 'read_plan', 'update_plan'],
-  coder: ['read', 'grep', 'list', 'edit', 'write', 'run', 'ast_query', 'read_ast_node', 'glob', 'tool_search', 'update_todos', 'read_plan', 'update_plan'],
+export const ROLE_TOOL_POLICY = {
+  planner: ['read', 'grep', 'list', 'query_project_index', 'tool_search', 'glob', 'ast_query', 'read_ast_node', 'web_fetch', 'web_search', 'read_plan', 'update_plan'],
+  coder: ['read', 'grep', 'list', 'edit', 'write', 'delete', 'run', 'ast_query', 'read_ast_node', 'glob', 'tool_search', 'web_fetch', 'web_search', 'update_todos', 'read_plan', 'update_plan'],
   reviewer: ['read', 'grep', 'list', 'glob', 'tool_search', 'ast_query', 'read_ast_node', 'read_plan'],
   tester: ['read', 'grep', 'list', 'run', 'glob', 'tool_search', 'read_plan'],
-  summarizer: ['read', 'grep', 'list', 'glob', 'tool_search', 'read_plan', 'update_plan']
+  summarizer: ['read_plan']
 };
 const SUB_AGENT_CONTEXT_MAX_MESSAGES = 4;
 const SUB_AGENT_CONTEXT_MAX_CHARS = 1200;
@@ -1635,6 +1642,18 @@ async function writeMarkdownInProjectDir(subDir, title, body, fallbackName, sess
   return filePath;
 }
 
+async function removePlanFileIfPresent(planState) {
+  const filePath = String(planState?.filePath || '').trim();
+  if (!filePath) return;
+  try {
+    await fs.unlink(filePath);
+  } catch (error) {
+    if (error?.code !== 'ENOENT') {
+      // Best-effort cleanup: keep the main approval flow moving.
+    }
+  }
+}
+
 function buildSpecTemplate(topic) {
   return `
 # Spec: ${topic}
@@ -2152,7 +2171,7 @@ async function askModel({
     ? `${systemPrompt}\n\n${projectContextSnippet}\n\nUse this project context as lightweight guidance and verify important details with fresh reads when needed.`
     : systemPrompt;
 
-  const { definitions, handlers, formatters, deferredDefinitions } = getBuiltinTools({
+  const { definitions, handlers, formatters, deferredDefinitions, dispose: disposeTools } = getBuiltinTools({
     workspaceRoot: process.cwd(),
     config,
     sessionId: session.id,
@@ -2241,6 +2260,7 @@ async function askModel({
     requestToolApproval,
     signal,
     skipAnalysisNudge,
+    config,
     requestCompletion: async ({ messages, tools, model: selectedModel }) => {
       let started = false;
       const startAssistantStream = () => {
@@ -2775,7 +2795,7 @@ export async function createChatRuntime({
   if (initialIndex?.summary) {
     startupEvents.push({
       type: 'system_tool',
-      name: 'project_index(.codemini-project/project-map.json,.codemini-project/file-index.json)',
+      name: 'project_index(.codemini/project-map.json,.codemini/file-index.json)',
       status: 'done',
       summary: initialIndex.summary
     });
@@ -2889,6 +2909,9 @@ export async function createChatRuntime({
     '/status',
     '/config',
     '/memory',
+    '/capture',
+    '/inbox',
+    '/dream',
     '/mode',
     '/plan',
     '/history',
@@ -2896,7 +2919,8 @@ export async function createChatRuntime({
     '/agents',
     '/compact',
     '/debug',
-    '/retry'
+    '/retry',
+    '/new'
   ];
   const configSubcommandPriority = ['/config set', '/config get', '/config list', '/config reset'];
 
@@ -2915,10 +2939,12 @@ export async function createChatRuntime({
       { name: 'agents', description: completionCopy.commands.agents },
       { name: 'config', description: completionCopy.commands.config },
       { name: 'memory', description: completionCopy.commands.memory },
+      { name: 'dream', description: completionCopy.commands.dream },
       { name: 'history', description: completionCopy.commands.history },
       { name: 'debug', description: completionCopy.commands.debug },
       { name: 'retry', description: completionCopy.commands.retry },
-      { name: 'stop', description: completionCopy.commands.stop }
+      { name: 'stop', description: completionCopy.commands.stop },
+      { name: 'new', description: completionCopy.commands.new }
     ];
     const out = [];
     for (const cmd of commands.values()) {
@@ -2964,6 +2990,7 @@ export async function createChatRuntime({
   const planTemplates = ['/plan <goal>', '/plan auto <goal>', '/plan approve', '/plan from-spec <spec-path?>'];
   const agentTemplates = ['/agents list', '/agents run planner <task>', '/agents run coder <task>', '/agents run reviewer <task>', '/agents run tester <task>', '/agents run summarizer <task>'];
   const debugTemplates = ['/debug keys on', '/debug keys off', '/debug keys status'];
+  const dreamTemplates = ['/dream', '/dream --dry-run', '/dream --scope=project', '/dream --scope=global'];
   const compactTemplates = compactOptions.map((opt) => `/compact ${opt}`);
   const slashTemplates = [
     ...configTemplates,
@@ -2975,6 +3002,7 @@ export async function createChatRuntime({
     ...planTemplates,
     ...agentTemplates,
     ...debugTemplates,
+    ...dreamTemplates,
     ...compactTemplates,
     '/retry',
     '/status'
@@ -3041,6 +3069,7 @@ export async function createChatRuntime({
     }
     for (const template of agentTemplates) registerSuggestion(template, completionCopy.generic.agentCommand);
     for (const template of debugTemplates) registerSuggestion(template, completionCopy.generic.debugCommand);
+    for (const template of dreamTemplates) registerSuggestion(template, completionCopy.generic.dreamCommand);
     for (const template of compactTemplates) registerSuggestion(template, completionCopy.generic.compactCommand);
     registerSuggestion('/retry', completionCopy.generic.retryCommand);
     registerSuggestion('/status', completionCopy.generic.statusCommand);
@@ -3329,6 +3358,38 @@ export async function createChatRuntime({
     const { signal } = activeAbortController;
     const activeReplySystemPrompt = await buildActiveSystemPrompt();
     const parsedInput = parseInput(line);
+    const maybeAutoDreamFromRuntime = async () => {
+      const threshold = Number(config?.memory?.auto_dream_threshold ?? 10);
+      if (!(threshold > 0)) return null;
+      let entries = [];
+      try {
+        entries = await listInbox();
+      } catch {
+        return null;
+      }
+      if (entries.length < threshold) return null;
+      if (onAgentEvent) onAgentEvent({ type: 'dream:auto', message: 'inbox threshold reached' });
+      try {
+        const report = await runDreamConsolidation({
+          dryRun: false,
+          workspaceRoot: process.cwd(),
+          config,
+          writeAudit: true
+        });
+        if (onAgentEvent) {
+          onAgentEvent({ type: 'dream:complete', report });
+        }
+        return report;
+      } catch (error) {
+        if (onAgentEvent) {
+          onAgentEvent({
+            type: 'dream:complete',
+            report: { ok: false, error: String(error?.message || error || 'unknown dream error') }
+          });
+        }
+        return null;
+      }
+    };
     try {
       if (shouldPersistInputHistory(parsedInput)) {
         await appendInputHistory(line);
@@ -3345,10 +3406,27 @@ export async function createChatRuntime({
     }
     if (parsedInput.type === 'slash') {
       if (parsedInput.command === 'exit') return { type: 'exit' };
+      if (parsedInput.command === 'new') {
+        const fresh = await createSession();
+        currentSession = fresh;
+        executionMode = config.execution?.mode || 'auto';
+        compactState.backupMessages = null;
+        setResultDir(path.join(getSessionsDir(), String(fresh.id)));
+        historyIdCache = [fresh.id, ...historyIdCache.filter((id) => id !== fresh.id)];
+        historySessionCache = [
+          { id: fresh.id, messageCount: 0 },
+          ...historySessionCache.filter((s) => s.id !== fresh.id)
+        ];
+        return {
+          type: 'system',
+          text: `New session started: ${fresh.id}`,
+          restoredMessages: []
+        };
+      }
       if (parsedInput.command === 'help') {
         return {
           type: 'system',
-          text: 'Commands: /help /exit /stop /commands /status /mode /compact /checkpoint /spec /plan /yes /edit /reject /agents /config /memory /history /debug /retry /<custom> !<shell>'
+          text: 'Commands: /help /exit /new /stop /commands /status /mode /compact /checkpoint /spec /plan /yes /edit /reject /agents /config /memory /capture /inbox /dream /history /debug /retry /<custom> !<shell>'
         };
       }
       if (parsedInput.command === 'status') {
@@ -3391,6 +3469,7 @@ export async function createChatRuntime({
         });
         activeSubSession = null;
         currentSession.planState = null;
+        await removePlanFileIfPresent(planState);
         executionMode = 'auto';
         await persistAssistantExchange(line, result.text || '', { includeUser: false });
         return { type: 'assistant', text: result.text, aborted: !!result.aborted };
@@ -3420,7 +3499,9 @@ export async function createChatRuntime({
         if (!hasPendingPlanApproval(currentSession)) {
           return { type: 'system', text: 'No pending plan approval.' };
         }
+        const planState = { ...currentSession.planState };
         currentSession.planState = null;
+        await removePlanFileIfPresent(planState);
         executionMode = 'auto';
         const text = 'Pending plan rejected and cleared.';
         await persistLocalExchange(line, text);
@@ -3514,6 +3595,7 @@ export async function createChatRuntime({
           }
           const goal = parsedInput.args.slice(1).join(' ').trim();
           if (!goal) return { type: 'system', text: 'Usage: /plan auto <goal>' };
+          await maybeAutoDreamFromRuntime();
           const auto = await buildAutoPlanAndRun({
             goal,
             session: currentSession,
@@ -3559,6 +3641,7 @@ export async function createChatRuntime({
           });
           activeSubSession = null;
           currentSession.planState = null;
+          await removePlanFileIfPresent(planState);
           executionMode = 'auto';
           await persistAssistantExchange(line, result.text || '', { includeUser: false });
           return { type: 'assistant', text: result.text, aborted: !!result.aborted };
@@ -3750,6 +3833,75 @@ export async function createChatRuntime({
         }
         return { type: 'system', text: `Unknown /memory subcommand: ${sub}` };
       }
+      if (parsedInput.command === 'capture') {
+        const summary = parsedInput.args.join(' ').trim();
+        if (!summary) return { type: 'system', text: 'Usage: /capture <summary> [--scope global|repo|thread] [--type observation|correction|failure|preference|pattern|win|gap|decision]' };
+        let scope = 'global';
+        let capType = 'observation';
+        const filtered = [];
+        for (const arg of parsedInput.args) {
+          if (arg.startsWith('--scope=')) { scope = arg.slice(7); continue; }
+          if (arg.startsWith('--type=')) { capType = arg.slice(7); continue; }
+          if (arg === '--scope') { scope = ''; continue; }
+          if (arg === '--type') { capType = ''; continue; }
+          filtered.push(arg);
+        }
+        const capSummary = filtered.join(' ').trim();
+        if (!capSummary) return { type: 'system', text: 'Usage: /capture <summary>' };
+        try {
+          const entry = await captureToInbox({ summary: capSummary, scope, type: capType, source: 'slash' });
+          const text = `Captured to inbox: ${entry.id} [${entry.lifecycle}] ${entry.summary}`;
+          return { type: 'system', text };
+        } catch (err) {
+          return { type: 'system', text: `Capture failed: ${err.message}` };
+        }
+      }
+      if (parsedInput.command === 'inbox') {
+        const since = parsedInput.args[0] || '';
+        try {
+          const entries = await listInbox({ since: since || undefined });
+          if (entries.length === 0) return { type: 'system', text: 'Inbox is empty.' };
+          const rows = entries.map((e) => `[${e.lifecycle}] ${e.scope}/${e.type}: ${e.summary} (${e.id})`);
+          return { type: 'system', text: `Inbox (${entries.length}):\n${rows.join('\n')}` };
+        } catch (err) {
+          return { type: 'system', text: `Failed to list inbox: ${err.message}` };
+        }
+      }
+      if (parsedInput.command === 'dream') {
+        let dryRun = false;
+        let scope = null;
+        for (const arg of parsedInput.args) {
+          if (arg === '--dry-run') {
+            dryRun = true;
+            continue;
+          }
+          if (arg.startsWith('--scope=')) {
+            scope = arg.slice(8) || null;
+          }
+        }
+        try {
+          const report = await runDreamConsolidation({
+            dryRun,
+            scope,
+            workspaceRoot: process.cwd(),
+            config,
+            writeAudit: true
+          });
+          const summary = [
+            `Dream done${dryRun ? ' (dry-run)' : ''}.`,
+            `Candidates: ${Number(report.candidatesGenerated || 0)}`,
+            `Promotions: ${Array.isArray(report.promotions) ? report.promotions.length : 0}`,
+            `Rejections: ${Array.isArray(report.rejections) ? report.rejections.length : 0}`,
+            `Archives: ${Array.isArray(report.archives) ? report.archives.length : 0}`,
+            report.auditReport ? `Audit: ${report.auditReport}` : ''
+          ]
+            .filter(Boolean)
+            .join('\n');
+          return { type: 'system', text: summary };
+        } catch (err) {
+          return { type: 'system', text: `Dream failed: ${err.message}` };
+        }
+      }
       if (parsedInput.command === 'retry') {
         const lastUser = [...currentSession.messages].reverse().find((m) => m.role === 'user');
         if (!lastUser?.content) {
@@ -3987,6 +4139,7 @@ export async function createChatRuntime({
     const expandedText = await expandFileMentions(parsedInput.text, process.cwd());
     const autoRoute = classifyAutoRoute(expandedText);
     if (autoRoute.autoPlan) {
+      await maybeAutoDreamFromRuntime();
       const auto = await buildAutoPlanAndRun({
         goal: expandedText,
         session: currentSession,
@@ -4057,6 +4210,12 @@ export async function createChatRuntime({
       activeRequestToolApproval = typeof handler === 'function' ? handler : null;
       return true;
     },
+    dispose: async () => {
+      if (typeof disposeTools === 'function') {
+        await disposeTools();
+      }
+      return true;
+    },
     getRuntimeState: () =>
       buildRuntimeStateSnapshot({
         currentSession,

package/src/core/command-evaluator.js

@@ -0,0 +1,66 @@
+import { createChatCompletion } from './provider/index.js';
+
+const EVAL_TIMEOUT_MS = 15000;
+
+const SYSTEM_PROMPT = `You are a command safety evaluator for a coding assistant. Analyze the shell command and respond with valid JSON only, no markdown fences:
+{"risk":"low|medium|high","description":"what this command does in one sentence","sideEffects":"potential side effects in one sentence, or none","recommendation":"allow|deny"}
+
+Rules:
+- Read-only commands (ls, cat, git status, git diff, grep, find, etc.) are low risk and allow.
+- Commands that install/uninstall packages, modify files, push code, start servers, or have network side effects are medium or high.
+- Destructive commands (rm -rf, format, sudo, dd) are high risk and deny.
+- Consider the workspace context: the command runs in the project directory.
+- Be concise. Maximum 1 sentence per field.`;
+
+const FAIL_CLOSED_RESULT = Object.freeze({
+  risk: 'high',
+  description: '',
+  sideEffects: '',
+  recommendation: 'deny'
+});
+
+function parseEvaluation(text) {
+  try {
+    const json = JSON.parse(text);
+    const risk = String(json?.risk || '').toLowerCase();
+    const recommendation = String(json?.recommendation || '').toLowerCase();
+    return {
+      risk: ['low', 'medium', 'high'].includes(risk) ? risk : 'high',
+      description: String(json?.description || '').slice(0, 200),
+      sideEffects: String(json?.sideEffects || '').slice(0, 200),
+      recommendation: recommendation === 'allow' ? 'allow' : 'deny'
+    };
+  } catch {
+    return { ...FAIL_CLOSED_RESULT };
+  }
+}
+
+/**
+ * 用轻量 LLM 调用评估命令风险。
+ * @param {{ command: string, config: object, workspaceRoot?: string }} params
+ * @returns {Promise<{ risk: 'low'|'medium'|'high', description: string, sideEffects: string, recommendation: 'allow'|'deny' }>}
+ */
+export async function evaluateCommandWithLLM({ command, config, workspaceRoot }) {
+  const cmd = String(command || '').trim();
+  if (!cmd) return { ...FAIL_CLOSED_RESULT };
+
+  try {
+    const result = await createChatCompletion({
+      sdkProvider: config?.sdk?.provider,
+      baseUrl: config?.gateway?.base_url,
+      apiKey: config?.gateway?.api_key,
+      model: config?.model?.name,
+      messages: [
+        { role: 'system', content: SYSTEM_PROMPT },
+        { role: 'user', content: `Command: ${cmd}\nWorkspace: ${workspaceRoot || process.cwd()}` }
+      ],
+      temperature: 0,
+      timeoutMs: EVAL_TIMEOUT_MS
+    });
+
+    const text = result?.text || '';
+    return parseEvaluation(text);
+  } catch {
+    return { ...FAIL_CLOSED_RESULT };
+  }
+}

package/src/core/command-policy.js

@@ -169,8 +169,22 @@ function includesAny(haystackLower, patterns = []) {
   return patterns.some((p) => haystackLower.includes(String(p).toLowerCase()));
 }
 
+/** bash 下会被阻止的删除类命令 token */
+const BASH_DELETE_TOKENS = new Set(['rm', 'rmdir']);
+/** PowerShell 下会被阻止的删除类命令 token */
+const POWERSHELL_DELETE_TOKENS = new Set(['del', 'erase', 'rmdir', 'rd', 'remove-item', 'ri']);
+
 function suggestionForToken(token, config) {
   const shell = String(config?.shell?.default || '').toLowerCase();
+
+  /* 删除类命令：优先引导 LLM 使用 delete 工具 */
+  if (
+    (shell !== 'powershell' && BASH_DELETE_TOKENS.has(token)) ||
+    (shell === 'powershell' && POWERSHELL_DELETE_TOKENS.has(token))
+  ) {
+    return 'Use the delete tool to remove files or directories inside the workspace. Do not use shell commands for deletion.';
+  }
+
   if (token === 'find' || token === 'grep') {
     return shell === 'powershell'
       ? 'Prefer structured tools like grep, list, read, and edit first. If you need shell fallback, use allowed search and context commands such as Get-ChildItem, Select-String, Get-Content, or rg when available.'
@@ -259,3 +273,5 @@ export function evaluateCommandPolicy(command, config, workspaceRoot = process.c
 
   return { allowed: true };
 }
+
+export { collectCommandTokens, firstToken };

package/src/core/command-risk.js

@@ -0,0 +1,148 @@
+import { collectCommandTokens, firstToken } from './command-policy.js';
+
+/* ── 只读命令 token ───────────────────────────────────────────── */
+const READ_ONLY_TOKENS = new Set([
+  'ls', 'cat', 'head', 'tail', 'pwd', 'wc', 'sort', 'uniq',
+  'cut', 'tr', 'basename', 'dirname', 'test', 'true', 'false',
+  'whoami', 'uname', 'date', 'env', 'printenv', 'hostname',
+  'rg', 'find', 'grep', 'ag', 'ack', 'fd', 'bat',
+  'git', 'node', 'npm', 'npx', 'python', 'python3', 'py', 'pip', 'pip3',
+  'echo', 'printf', 'seq', 'yes'
+]);
+
+/* 只读时需要检查子命令的 token */
+const READ_ONLY_SUBCOMMANDS = {
+  git: new Set([
+    'status', 'log', 'diff', 'branch', 'show', 'tag', 'stash',
+    'list', 'remote', 'rev-parse', 'describe', 'blame',
+    'shortlog', 'count', 'ls-files', 'ls-remote', 'ls-tree',
+    'config', '--version', 'var', 'for-each-ref', 'name-rev',
+    'merge-base', 'cherry'
+  ]),
+  node: new Set(['--version', '-v', '-e', '--eval', '--print', '-p', '--help']),
+  npm: new Set([
+    '--version', '-v', 'view', 'info', 'list', 'ls', 'll', 'la',
+    'outdated', 'audit', 'pack', 'cache', 'config', 'doctor',
+    'help', 'explore', 'run', 'run-script', 'start', 'test',
+    'restart', 'stop', 'version', 'whoami'
+  ]),
+  npx: new Set(['--version', '-v', '--help']),
+  python: new Set(['--version', '-V', '--help', '-c', '-m']),
+  python3: new Set(['--version', '-V', '--help', '-c', '-m']),
+  py: new Set(['--version', '-V', '--help', '-c', '-m']),
+  pip: new Set(['--version', '-V', 'list', 'show', 'search', 'check', 'debug', 'help']),
+  pip3: new Set(['--version', '-V', 'list', 'show', 'search', 'check', 'debug', 'help'])
+};
+
+/* ── 高风险 pattern ────────────────────────────────────────────── */
+const HIGH_RISK_PATTERNS = [
+  /\binstall\b/i,
+  /\bpublish\b/i,
+  /\bpush\b/i,
+  /\bcommit\b/i,
+  /\brebase\b/i,
+  /\breset\s/i,
+  /\bcheckout\s+--/i,
+  /\brm\b/i,
+  /\bdel\b/i,
+  /\bmkdi[ri]\b/i,
+  /\btouch\b/i,
+  /\bcp\b/i,
+  /\bmv\b/i,
+  /\bchmod\b/i,
+  /\bchown\b/i,
+  /\bmktemp\b/i,
+  /\btee\b/i,
+  /\bsudo\b/i,
+  /\bsu\b/,
+  /\bkill\b/i,
+  /\bpkill\b/i,
+  /\bcurl\s+.*-[A-Z]\s*(POST|PUT|DELETE|PATCH)/i,
+  /\bwget\b/i,
+  /\bdocker\s+(rm|stop|kill|rmi)\b/i,
+  /\bsystemctl\b/i,
+  /\bservice\b/i,
+  /\blaunchctl\b/i,
+  />\s*\S/,
+  />>\s*\S/,
+  /\|&\s*\S/
+];
+
+/* ── 核心分类逻辑 ──────────────────────────────────────────────── */
+
+/**
+ * 判断单个 token 是否为只读命令（含子命令检查）。
+ */
+function isReadOnlyToken(token, rawSegment) {
+  if (!READ_ONLY_TOKENS.has(token)) return false;
+
+  /* 需要 子命令 校验的 token */
+  const allowedSubs = READ_ONLY_SUBCOMMANDS[token];
+  if (!allowedSubs) return true; // 如 ls, pwd 等本身只读
+
+  /* 提取子命令：去掉 token 后第一个非 flag 参数 */
+  const rest = String(rawSegment || '').trim().slice(token.length).trim();
+  const parts = rest.split(/\s+/).filter(Boolean);
+  /* 以 - 开头的 flag 视为安全，取第一个非 flag 参数 */
+  let subcmd = '';
+  for (const part of parts) {
+    if (part.startsWith('-')) continue;
+    subcmd = part;
+    break;
+  }
+  /* 只有 token 本身或全部是 flags → 视为安全 */
+  if (!subcmd) return true;
+  if (allowedSubs.has(subcmd)) return true;
+  /* 子命令 不在白名单 → 不确定 */
+  return false;
+}
+
+/**
+ * 对命令文本做快速 高风险 pattern 扫描。
+ */
+function matchesHighRiskPattern(text) {
+  return HIGH_RISK_PATTERNS.some((p) => p.test(text));
+}
+
+/**
+ * 分类命令风险等级。
+ * @param {string} command
+ * @param {string} [shellName='bash']
+ * @returns {'read-only'|'write-high-risk'|'ambiguous'}
+ */
+export function classifyCommandRisk(command, shellName = 'bash') {
+  const cmd = String(command || '').trim();
+  if (!cmd) return 'read-only';
+
+  /* 高风险 pattern 优先判断 */
+  if (matchesHighRiskPattern(cmd)) return 'write-high-risk';
+
+  /* 解析链式命令的每个 segment */
+  const tokens = collectCommandTokens(cmd);
+  if (tokens.length === 0) return 'ambiguous';
+
+  let highestRisk = 'read-only';
+  const RISK_ORDER = { 'read-only': 0, ambiguous: 1, 'write-high-risk': 2 };
+
+  for (const { token, raw } of tokens) {
+    if (isReadOnlyToken(token, raw)) {
+      /* 保持当前级别 */
+    } else {
+      /* 不在只读集合 → 至少 ambiguous */
+      const segRisk = matchesHighRiskPattern(raw) ? 'write-high-risk' : 'ambiguous';
+      if (RISK_ORDER[segRisk] > RISK_ORDER[highestRisk]) {
+        highestRisk = segRisk;
+      }
+    }
+  }
+
+  return highestRisk;
+}
+
+/**
+ * 是否需要进入审批评估流程。
+ * 只读命令跳过，其余都需要。
+ */
+export function requiresApprovalEvaluation(command, shellName = 'bash') {
+  return classifyCommandRisk(command, shellName) !== 'read-only';
+}

package/src/core/config-store.js

@@ -66,6 +66,7 @@ const DEFAULT_CONFIG = {
     enabled: true,
     auto_write: true,
     inject_on_session_start: true,
+    auto_dream_threshold: 10,
     max_items_per_scope: 12,
     max_prompt_chars: 4000,
     max_user_chars: 1375,
@@ -77,6 +78,9 @@ const DEFAULT_CONFIG = {
     preset: 'default',
     custom_path: ''
   },
+  web: {
+    search_enabled: true
+  },
   policy: {
     safe_mode: true,
     allow_dangerous_commands: false,
@@ -163,6 +167,7 @@ function normalizePolicyLists(config) {
   next.memory.auto_write = next.memory.auto_write !== false;
   next.memory.inject_on_session_start = next.memory.inject_on_session_start !== false;
   next.memory.max_items_per_scope = Math.max(1, Number(next.memory.max_items_per_scope || 12));
+  next.memory.auto_dream_threshold = Number(next.memory.auto_dream_threshold ?? 10);
   next.memory.max_prompt_chars = Math.max(200, Number(next.memory.max_prompt_chars || 4000));
   next.memory.max_user_chars = Math.max(80, Number(next.memory.max_user_chars || 1375));
   next.memory.max_global_chars = Math.max(80, Number(next.memory.max_global_chars || 2200));
@@ -170,6 +175,8 @@ function normalizePolicyLists(config) {
   next.memory.project_binding = ['path', 'alias', 'path-or-alias'].includes(String(next.memory.project_binding || ''))
     ? String(next.memory.project_binding)
     : 'path-or-alias';
+  next.web = next.web || {};
+  next.web.search_enabled = next.web.search_enabled !== false;
   next.policy = next.policy || {};
   next.policy.command_allowlist = uniqueStrings(
     Array.isArray(next.policy.command_allowlist) ? next.policy.command_allowlist : []

package/src/core/constants.js

@@ -18,7 +18,6 @@ export const INDEX_SKIP_DIRS = new Set([
   '.git',
   'node_modules',
   '.codemini',
-  '.codemini-project',
   '.codemini-global',
   'dist',
   'coverage',