daedalus-cli 0.4.1 → 0.4.3

package/AGENTS.md

@@ -0,0 +1,34 @@
+# Daedalus — Agent Conventions
+
+## Project Identity
+- **Name:** Daedalus (`daedalus-cli` on npm)
+- **Description:** Local-first AI coding CLI with embedded model router, multi-agent orchestration, and codebase indexing
+- **Language:** TypeScript (ESM, `"type": "module"`)
+- **Node:** >=20
+
+## Code Conventions
+- **No comments** in source files unless absolutely necessary for clarity
+- No emoji in code or docs unless user explicitly requests
+- Exports: named exports only (no default exports)
+- Types: Zod schemas in config files, interfaces in `src/types.ts`
+- Imports: always include `.js` extension in ESM imports (e.g., `'./file.js'`)
+- Error handling: throw typed errors, prefer `result` pattern for tool returns
+
+## Architecture
+- `src/index.ts` — CLI entry point, REPL loop, command dispatch
+- `src/config/` — Zod-schema validated config at `~/.daedalus/config.json`
+- `src/router/` — Model routing (priority/round-robin/fastest), health checks, rate limiting
+- `src/session/` — SQLite-backed session persistence, project memory, JSONL export
+- `src/agents/` — Multi-agent orchestration (planner, coder, reviewer, debugger, researcher)
+- `src/tools/` — 16 built-in tools + MCP transport (stdio + HTTP/SSE)
+- `src/indexing/` — FTS5 codebase indexing (TS/JS, Python, Go, Rust)
+
+## Testing
+- Framework: vitest
+- Run: `npm test` (vitest run)
+- No tests exist yet — add them under `src/` co-located as `*.test.ts`
+
+## important
+- never lint before asking
+- do not add comments
+- never use emojis

package/CHANGELOG.md

@@ -0,0 +1,56 @@
+# Changelog
+
+All notable changes to this project will be documented in this file.
+
+The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
+and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+
+## [Unreleased]
+
+### Added
+
+- CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md — open-source governance docs
+- AGENTS.md — AI assistant conventions for tool-aided development
+- GitHub issue templates (bug report, feature request) and PR template
+- CHANGELOG.md — project changelog
+
+## [0.4.2] - 2026-06-18
+
+### Changed
+
+- Word-wrap box content to terminal width for better readability
+- User top border alignment fix
+- All message boxes share consistent border width
+
+### Added
+
+- Image paste support via `/paste` command
+- Dynamic version read from package.json
+
+## [0.4.1] - 2026-06-18
+
+### Changed
+
+- Made `indexCodebase` fully async so auto-index doesn't block startup
+- Updated README and package metadata
+- Renamed npm package to `daedalus-cli` (name conflict resolution)
+
+## [0.3.0] - 2026-06-18
+
+### Added
+
+- Initial release
+- CLI REPL with command dispatch, streaming chat, and tool execution
+- Model router with priority, round-robin, and fastest-response strategies
+- Health checking and token-bucket rate limiter
+- Session persistence via SQLite with JSONL import/export
+- Project memory — persisted facts and conventions auto-injected every turn
+- 16 built-in tools: file read/write/patch, terminal, git, web, todo, delegation, codebase search, project config
+- Interactive diff UI with y/n/a/s/e/d workflow
+- MCP support: stdio and HTTP/SSE transport
+- Multi-agent orchestration with 6 roles (orchestrator, planner, coder, reviewer, debugger, researcher)
+- Codebase indexing with FTS5 for TS/JS, Python, Go, Rust
+- Auto-discovery of local LLM servers (LM Studio, Ollama, llama.cpp, vLLM)
+- First-run onboarding wizard
+- Syntax highlighting for code blocks
+- Cross-platform support (Windows + Unix)

package/CODE_OF_CONDUCT.md

@@ -0,0 +1,112 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+We as members, contributors, and leaders pledge to make participation in our
+community a harassment-free experience for everyone, regardless of age, body
+size, visible or invisible disability, ethnicity, sex characteristics, gender
+identity and expression, level of experience, education, socio-economic status,
+nationality, personal appearance, race, religion, or sexual identity
+and orientation.
+
+We pledge to act and interact in ways that contribute to an open, welcoming,
+diverse, inclusive, and healthy community.
+
+## Our Standards
+
+Examples of behavior that contributes to a positive environment for our
+community include:
+
+- Demonstrating empathy and kindness toward other people
+- Being respectful of differing opinions, viewpoints, and experiences
+- Giving and gracefully accepting constructive feedback
+- Accepting responsibility and apologizing to those affected by our mistakes,
+  and learning from the experience
+- Focusing on what is best not just for us as individuals, but for the
+  overall community
+
+Examples of unacceptable behavior include:
+
+- The use of sexualized language or imagery, and sexual attention or
+  advances of any kind
+- Trolling, insulting or derogatory comments, and personal or political attacks
+- Public or private harassment
+- Publishing others' private information, such as a physical or email
+  address, without their explicit permission
+- Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Enforcement Responsibilities
+
+Community leaders are responsible for clarifying and enforcing our standards of
+acceptable behavior and will take appropriate and fair corrective action in
+response to any behavior that they deem inappropriate, threatening, offensive,
+or harmful.
+
+## Scope
+
+This Code of Conduct applies within all community spaces, and also applies when
+an individual is officially representing the community in public spaces.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported to the community leaders responsible for enforcement at
+bgill55_art@outlook.com. All complaints will be reviewed and investigated
+promptly and fairly.
+
+## Enforcement Guidelines
+
+Community leaders will follow these Community Impact Guidelines in determining
+the consequences for any action they deem in violation of this Code of Conduct:
+
+### 1. Correction
+
+**Community Impact:** Use of inappropriate language or other behavior deemed
+unprofessional or unwelcome in the community.
+
+**Consequence:** A private, written warning from community leaders, providing
+clarity around the nature of the violation and an explanation of why the
+behavior was inappropriate. A public apology may be requested.
+
+### 2. Warning
+
+**Community Impact:** A violation through a single incident or series of actions.
+
+**Consequence:** A warning with consequences for continued behavior. No
+interaction with the people involved, including unsolicited interaction with
+those enforcing the Code of Conduct, for a specified period of time. This
+includes avoiding interactions in community spaces as well as external channels
+like social media. Violating these terms may lead to a temporary or
+permanent ban.
+
+### 3. Temporary Ban
+
+**Community Impact:** A serious violation of community standards, including
+sustained inappropriate behavior.
+
+**Consequence:** A temporary ban from any sort of interaction or public
+communication with the community for a specified period of time. No public or
+private interaction with the people involved, including unsolicited interaction
+with those enforcing the Code of Conduct, is allowed during this period.
+Violating these terms may lead to a permanent ban.
+
+### 4. Permanent Ban
+
+**Community Impact:** Demonstrating a pattern of violation of community
+standards, including sustained inappropriate behavior, harassment of an
+individual, or aggression toward or disparagement of classes of individuals.
+
+**Consequence:** A permanent ban from any sort of public interaction within
+the community.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage],
+version 2.1, available at
+https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
+
+[homepage]: https://www.contributor-covenant.org
+
+For answers to common questions about this code of conduct, see the FAQ at
+https://www.contributor-covenant.org/faq.

package/CONTRIBUTING.md

@@ -0,0 +1,165 @@
+# Contributing to Daedalus
+
+Thanks for your interest in contributing! Daedalus is a local-first AI coding CLI, and we welcome contributions of all kinds — bug fixes, features, documentation, and more.
+
+## Table of Contents
+
+- [Code of Conduct](#code-of-conduct)
+- [Getting Started](#getting-started)
+- [Development Setup](#development-setup)
+- [Project Structure](#project-structure)
+- [Coding Standards](#coding-standards)
+- [Commit Guidelines](#commit-guidelines)
+- [Pull Request Process](#pull-request-process)
+- [Testing](#testing)
+- [Reporting Issues](#reporting-issues)
+
+## Code of Conduct
+
+This project is governed by the [Contributor Covenant](CODE_OF_CONDUCT.md). By participating, you agree to uphold its terms.
+
+## Getting Started
+
+1. Fork the repository
+2. Clone your fork: `git clone https://github.com/<your-username>/daedalus.git`
+3. Create a feature branch: `git checkout -b feat/your-feature-name`
+
+## Development Setup
+
+```bash
+# Install dependencies
+npm install
+
+# Run in dev mode (hot reload)
+npm run dev
+
+# Build
+npm run build
+
+# Type check
+npx tsc --noEmit
+```
+
+### Prerequisites
+
+- Node.js 20+
+- A local LLM server (LM Studio, Ollama, llama.cpp, vLLM) or a remote API key
+
+## Project Structure
+
+```
+src/
+├── index.ts                # CLI entry point, REPL, command dispatch
+├── types.ts                # Shared type definitions
+├── highlight.ts            # Syntax highlighting
+├── config/                 # Configuration loading, schema, discovery
+├── router/                 # Model routing engine
+├── session/                # Session persistence (SQLite, JSONL)
+├── agents/                 # Multi-agent system
+├── tools/                  # Tool system (16 built-in tools + MCP)
+│   ├── builtin/            # File, terminal, git, web, todo, etc.
+│   └── mcp/                # MCP transport (stdio, HTTP/SSE)
+├── indexing/               # FTS5 codebase indexing
+└── onboarding/             # Setup wizard
+```
+
+## Coding Standards
+
+### Language & Runtime
+
+- **TypeScript** with strict mode
+- **ESM** only (`"type": "module"`) — always use `.js` extension in local imports
+- **Node.js 20+** target
+
+### Style
+
+- **No comments** in source code unless the logic is non-obvious
+- **No default exports** — use named exports everywhere
+- **No emoji** in code or documentation
+- **Descriptive names** — prefer clarity over brevity
+
+### Imports
+
+```typescript
+// Local imports must include .js extension
+import { RouterConfig } from '../router/types.js';
+
+// npm imports need no extension
+import { z } from 'zod';
+```
+
+### Error Handling
+
+- Throw typed errors with descriptive messages
+- Tools return `{ success: boolean, content: string, error?: string }`
+
+## Commit Guidelines
+
+We follow [Conventional Commits](https://www.conventionalcommits.org/):
+
+```
+<type>(<scope>): <description>
+
+[optional body]
+```
+
+### Types
+
+| Type     | Usage                        |
+|----------|------------------------------|
+| feat     | New feature                  |
+| fix      | Bug fix                      |
+| docs     | Documentation only           |
+| style    | Formatting, missing semicolons |
+| refactor | Code change that fixes neither bug nor adds feature |
+| perf     | Performance improvement      |
+| test     | Adding or updating tests     |
+| chore    | Build process, tooling, CI   |
+
+### Examples
+
+```
+feat(router): add temperature-per-model support
+fix(indexing): handle symlinked directories
+docs: add contributing guide
+test(session): add SQLite CRUD tests
+```
+
+## Pull Request Process
+
+1. **Small PRs are better** — keep each PR focused on one concern
+2. **Update the CHANGELOG** — add your change under the `[Unreleased]` section
+3. **Include tests** — new features should include tests; bug fixes should add a regression test
+4. **Pass CI** — ensure all checks pass (type check, lint, tests)
+5. **Request review** — tag a maintainer or mention `@bgill55`
+
+### PR Title Format
+
+Same as commit messages: `type(scope): description`
+
+## Testing
+
+```bash
+# Run all tests
+npm test
+
+# Watch mode
+npx vitest
+
+# With coverage
+npx vitest --coverage
+```
+
+Tests are written with [vitest](https://vitest.dev/) and co-located with source files as `*.test.ts`.
+
+## Reporting Issues
+
+- **Bug reports** — use the [bug report template](.github/ISSUE_TEMPLATE/bug_report.md)
+- **Feature requests** — use the [feature request template](.github/ISSUE_TEMPLATE/feature_request.md)
+- **Security issues** — see [SECURITY.md](SECURITY.md)
+
+Before filing, please search [existing issues](https://github.com/bgill55/daedalus/issues) to avoid duplicates.
+
+## Questions?
+
+Open a [Discussion](https://github.com/bgill55/daedalus/discussions) or reach out to the maintainer.

package/README.md

@@ -249,6 +249,20 @@ It's for local-first, private, customizable AI coding — with the power to grow
 
 ---
 
+## Contributing
+
+Contributions are welcome! See [CONTRIBUTING.md](CONTRIBUTING.md) for our contribution guidelines, coding standards, and pull request process.
+
+This project is governed by a [Code of Conduct](CODE_OF_CONDUCT.md). Please report any unacceptable behavior.
+
+## Changelog
+
+See [CHANGELOG.md](CHANGELOG.md) for the project history.
+
+## Security
+
+Report security vulnerabilities privately to bgill55_art@outlook.com — see [SECURITY.md](SECURITY.md) for details.
+
 ## License
 
 MIT

package/SECURITY.md

@@ -0,0 +1,52 @@
+# Security Policy
+
+## Supported Versions
+
+We release patches for security vulnerabilities. This table shows which versions are currently supported:
+
+| Version | Supported          |
+|---------|--------------------|
+| 0.4.x   | :white_check_mark: |
+| < 0.4   | :x:                |
+
+## Reporting a Vulnerability
+
+We take security seriously. If you discover a security vulnerability in Daedalus, please **do not** open a public issue.
+
+Instead, send a private report to **bgill55_art@outlook.com** with:
+
+- A description of the vulnerability
+- Steps to reproduce it
+- Affected versions
+- Any potential mitigations you've identified
+
+You should receive a response within 48 hours. If you don't, please follow up to ensure we received your message.
+
+### What to expect
+
+1. **Acknowledgment** — we'll confirm receipt within 48 hours
+2. **Assessment** — we'll investigate and determine impact and severity
+3. **Fix** — we'll develop and test a patch
+4. **Release** — we'll publish a security advisory and a patched release
+
+### Disclosure
+
+We ask that you allow us reasonable time to fix and release a patch before publicly disclosing the vulnerability.
+
+## Security Best Practices
+
+When using Daedalus:
+
+- **API keys** are stored in `~/.daedalus/config.json` — keep this file secure
+- **Local LLM servers** should be bound to localhost (127.0.0.1) to avoid network exposure
+- **Review tool execution** — Daedalus runs terminal commands you approve; review them before confirming
+- Keep Daedalus updated to the latest version to receive security patches
+
+## Scope
+
+The following are **out of scope**:
+
+- Social engineering attacks against Daedalus maintainers
+- Attacks requiring physical access to the victim's machine
+- Vulnerabilities in third-party LLM servers or providers
+- Denial of service against local services

package/dist/config/index.d.ts

@@ -354,6 +354,7 @@ export declare const ConfigSchema: z.ZodObject<{
         includeGitDiff: boolean;
         includeIndex: boolean;
     };
+    version: number;
     tools: {
         builtin: string[];
         mcpServers: Record<string, {
@@ -365,7 +366,6 @@ export declare const ConfigSchema: z.ZodObject<{
             headers?: Record<string, string> | undefined;
         }>;
     };
-    version: number;
     router: {
         strategy: "priority" | "round-robin" | "fastest";
         chain: {
@@ -436,6 +436,7 @@ export declare const ConfigSchema: z.ZodObject<{
         includeGitDiff?: boolean | undefined;
         includeIndex?: boolean | undefined;
     } | undefined;
+    version?: number | undefined;
     tools?: {
         builtin?: string[] | undefined;
         mcpServers?: Record<string, {
@@ -447,7 +448,6 @@ export declare const ConfigSchema: z.ZodObject<{
             headers?: Record<string, string> | undefined;
         }> | undefined;
     } | undefined;
-    version?: number | undefined;
     agents?: {
         default?: string | undefined;
         available?: string[] | undefined;