npm - codemini-cli - Versions diffs - 0.5.10 → 0.5.11 - Mend

codemini-cli 0.5.10 → 0.5.11

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (59) hide show

package/OPERATIONS.md +242 -242
package/README.md +588 -588
package/codemini-web/dist/assets/{highlighted-body-OFNGDK62-7HL7yft8.js → highlighted-body-OFNGDK62-CANOG7Xg.js} +1 -1
package/codemini-web/dist/assets/{index-BK75hMb2.js → index-B71xykPM.js} +108 -108
package/codemini-web/dist/assets/index-Dkq1DdDX.css +2 -0
package/codemini-web/dist/assets/mermaid-GHXKKRXX-Z_w7M93P.js +1 -0
package/codemini-web/dist/index.html +23 -23
package/codemini-web/lib/approval-manager.js +32 -32
package/codemini-web/lib/runtime-bridge.js +17 -11
package/codemini-web/server.js +534 -205
package/deployment.md +212 -212
package/package.json +1 -1
package/skills/brainstorm/SKILL.md +77 -77
package/skills/codemini.skills.json +40 -40
package/skills/grill-me/SKILL.md +30 -30
package/skills/superpowers-lite/SKILL.md +82 -82
package/src/cli.js +74 -74
package/src/commands/chat.js +210 -210
package/src/commands/run.js +313 -313
package/src/commands/skill.js +438 -304
package/src/commands/web.js +57 -57
package/src/core/agent-loop.js +980 -980
package/src/core/ast.js +309 -307
package/src/core/chat-runtime.js +6261 -6253
package/src/core/command-evaluator.js +72 -72
package/src/core/command-loader.js +311 -311
package/src/core/command-policy.js +301 -301
package/src/core/command-risk.js +156 -156
package/src/core/config-store.js +289 -289
package/src/core/constants.js +18 -1
package/src/core/context-compact.js +365 -365
package/src/core/default-system-prompt.js +114 -107
package/src/core/dream-audit.js +105 -105
package/src/core/dream-consolidate.js +229 -229
package/src/core/dream-evaluator.js +185 -185
package/src/core/fff-adapter.js +383 -383
package/src/core/memory-store.js +543 -543
package/src/core/project-index.js +737 -548
package/src/core/project-instructions.js +98 -98
package/src/core/provider/anthropic.js +514 -514
package/src/core/provider/openai-compatible.js +501 -501
package/src/core/reflect-skill.js +178 -178
package/src/core/reply-language.js +40 -40
package/src/core/session-store.js +474 -474
package/src/core/shell-profile.js +237 -237
package/src/core/shell.js +323 -323
package/src/core/soul.js +69 -69
package/src/core/system-prompt-composer.js +52 -52
package/src/core/tool-args.js +199 -154
package/src/core/tool-output.js +184 -184
package/src/core/tool-result-store.js +206 -206
package/src/core/tools.js +3024 -2893
package/src/core/version.js +11 -11
package/src/tui/chat-app.js +5171 -5171
package/src/tui/tool-activity/presenters/misc.js +30 -30
package/src/tui/tool-activity/presenters/system.js +20 -20
package/templates/project-requirements/report-shell.html +582 -582
package/codemini-web/dist/assets/index-BSdIdn3L.css +0 -2
package/codemini-web/dist/assets/mermaid-GHXKKRXX-Dg9qh8mg.js +0 -1

package/src/core/command-evaluator.js CHANGED Viewed

@@ -1,72 +1,72 @@
-import { createChatCompletion } from './provider/index.js';
-import { getReadOnlyCommandTokens } from './command-risk.js';
-const EVAL_TIMEOUT_MS = 15000;
-function buildSystemPrompt() {
-  const readOnlyTokens = getReadOnlyCommandTokens().join(', ');
-  return `You are a command safety evaluator for a coding assistant. Analyze the shell command and respond with valid JSON only, no markdown fences:
-{"risk":"low|medium|high","description":"what this command does in one sentence","sideEffects":"potential side effects in one sentence, or none","recommendation":"allow|deny"}
-Rules:
-- Read-only command tokens are low risk and allow when used without write/network side effects: ${readOnlyTokens}.
-- Treat common read-only subcommands such as git status, git diff, git log, git show, npm list, npm view, node --version, python --version, rg, fd, bat, Get-ChildItem, Get-Content, Select-String, and Test-Path as low risk.
-- Consider the active shell and OS context, including Windows PowerShell command names and aliases.
-- Commands that install/uninstall packages, modify files, push code, start servers, or have network side effects are medium or high.
-- Destructive commands (rm -rf, format, sudo, dd) are high risk and deny.
-- Consider the workspace context: the command runs in the project directory.
-- Be concise. Maximum 1 sentence per field.`;
-}
-const FAIL_CLOSED_RESULT = Object.freeze({
-  risk: 'high',
-  description: '',
-  sideEffects: '',
-  recommendation: 'deny'
-});
-function parseEvaluation(text) {
-  try {
-    const json = JSON.parse(text);
-    const risk = String(json?.risk || '').toLowerCase();
-    const recommendation = String(json?.recommendation || '').toLowerCase();
-    return {
-      risk: ['low', 'medium', 'high'].includes(risk) ? risk : 'high',
-      description: String(json?.description || '').slice(0, 200),
-      sideEffects: String(json?.sideEffects || '').slice(0, 200),
-      recommendation: recommendation === 'allow' ? 'allow' : 'deny'
-    };
-  } catch {
-    return { ...FAIL_CLOSED_RESULT };
-  }
-}
-/**
- * 用轻量 LLM 调用评估命令风险。
- * @param {{ command: string, config: object, workspaceRoot?: string }} params
- * @returns {Promise<{ risk: 'low'|'medium'|'high', description: string, sideEffects: string, recommendation: 'allow'|'deny' }>}
- */
-export async function evaluateCommandWithLLM({ command, config, workspaceRoot }) {
-  const cmd = String(command || '').trim();
-  if (!cmd) return { ...FAIL_CLOSED_RESULT };
-  try {
-    const result = await createChatCompletion({
-      sdkProvider: config?.sdk?.provider,
-      baseUrl: config?.gateway?.base_url,
-      apiKey: config?.gateway?.api_key,
-      model: config?.model?.name,
-      messages: [
-        { role: 'system', content: buildSystemPrompt() },
-        { role: 'user', content: `Command: ${cmd}\nWorkspace: ${workspaceRoot || process.cwd()}` }
-      ],
-      temperature: 0,
-      timeoutMs: EVAL_TIMEOUT_MS
-    });
-    const text = result?.text || '';
-    return parseEvaluation(text);
-  } catch {
-    return { ...FAIL_CLOSED_RESULT };
-  }
-}
+import { createChatCompletion } from './provider/index.js';
+import { getReadOnlyCommandTokens } from './command-risk.js';
+const EVAL_TIMEOUT_MS = 15000;
+function buildSystemPrompt() {
+  const readOnlyTokens = getReadOnlyCommandTokens().join(', ');
+  return `You are a command safety evaluator for a coding assistant. Analyze the shell command and respond with valid JSON only, no markdown fences:
+{"risk":"low|medium|high","description":"what this command does in one sentence","sideEffects":"potential side effects in one sentence, or none","recommendation":"allow|deny"}
+Rules:
+- Read-only command tokens are low risk and allow when used without write/network side effects: ${readOnlyTokens}.
+- Treat common read-only subcommands such as git status, git diff, git log, git show, npm list, npm view, node --version, python --version, rg, fd, bat, Get-ChildItem, Get-Content, Select-String, and Test-Path as low risk.
+- Consider the active shell and OS context, including Windows PowerShell command names and aliases.
+- Commands that install/uninstall packages, modify files, push code, start servers, or have network side effects are medium or high.
+- Destructive commands (rm -rf, format, sudo, dd) are high risk and deny.
+- Consider the workspace context: the command runs in the project directory.
+- Be concise. Maximum 1 sentence per field.`;
+}
+const FAIL_CLOSED_RESULT = Object.freeze({
+  risk: 'high',
+  description: '',
+  sideEffects: '',
+  recommendation: 'deny'
+});
+function parseEvaluation(text) {
+  try {
+    const json = JSON.parse(text);
+    const risk = String(json?.risk || '').toLowerCase();
+    const recommendation = String(json?.recommendation || '').toLowerCase();
+    return {
+      risk: ['low', 'medium', 'high'].includes(risk) ? risk : 'high',
+      description: String(json?.description || '').slice(0, 200),
+      sideEffects: String(json?.sideEffects || '').slice(0, 200),
+      recommendation: recommendation === 'allow' ? 'allow' : 'deny'
+    };
+  } catch {
+    return { ...FAIL_CLOSED_RESULT };
+  }
+}
+/**
+ * 用轻量 LLM 调用评估命令风险。
+ * @param {{ command: string, config: object, workspaceRoot?: string }} params
+ * @returns {Promise<{ risk: 'low'|'medium'|'high', description: string, sideEffects: string, recommendation: 'allow'|'deny' }>}
+ */
+export async function evaluateCommandWithLLM({ command, config, workspaceRoot }) {
+  const cmd = String(command || '').trim();
+  if (!cmd) return { ...FAIL_CLOSED_RESULT };
+  try {
+    const result = await createChatCompletion({
+      sdkProvider: config?.sdk?.provider,
+      baseUrl: config?.gateway?.base_url,
+      apiKey: config?.gateway?.api_key,
+      model: config?.model?.name,
+      messages: [
+        { role: 'system', content: buildSystemPrompt() },
+        { role: 'user', content: `Command: ${cmd}\nWorkspace: ${workspaceRoot || process.cwd()}` }
+      ],
+      temperature: 0,
+      timeoutMs: EVAL_TIMEOUT_MS
+    });
+    const text = result?.text || '';
+    return parseEvaluation(text);
+  } catch {
+    return { ...FAIL_CLOSED_RESULT };
+  }
+}