deepcode-ai 1.1.26 → 1.1.28

package/dist/index.js

@@ -2281,8 +2281,8 @@ var PermissionDeniedError = class extends DeepCodeError {
   }
 };
 var PathNotAllowedError = class extends DeepCodeError {
-  constructor(path15, reason) {
-    super(`Path is not allowed: ${path15}. ${reason}`, "PATH_NOT_ALLOWED");
+  constructor(path152, reason) {
+    super(`Path is not allowed: ${path152}. ${reason}`, "PATH_NOT_ALLOWED");
     this.name = "PathNotAllowedError";
   }
 };
@@ -3489,7 +3489,7 @@ Caminho: ${selectedPath}`;
     const effectiveModel = resolvedModel;
     if (!effectiveModel) {
       throw new Error(
-        "No model configured. Set 'defaultModel'/'defaultModels' in .deepcode/config.json or DEEPCODE_MODEL environment variable."
+        `No model configured for ${resolvedTarget.provider}. Run /model or set defaultModels.${resolvedTarget.provider} in .deepcode/config.json, or set DEEPCODE_MODEL.`
       );
     }
     session.status = "planning";
@@ -3552,7 +3552,7 @@ Caminho: ${selectedPath}`;
     const model = options.model ?? session.model ?? resolveConfiguredModelForProvider(this.config, providerId);
     if (!model) {
       throw new Error(
-        "No model configured. Set 'defaultModel'/'defaultModels' in .deepcode/config.json or DEEPCODE_MODEL environment variable."
+        `No model configured for ${providerId}. Run /model or set defaultModels.${providerId} in .deepcode/config.json, or set DEEPCODE_MODEL.`
       );
     }
     const alreadyTrackingBudget = this.activeBudgets.has(session.id);
@@ -3919,6 +3919,7 @@ ${assistantText}` : assistantText;
         errorMessage: `Invalid arguments for ${call.name}: ${parsed.error.message}`
       };
     }
+    const scopedSecurity = this.securityForSession(session);
     const context = {
       sessionId: session.id,
       messageId: createId("msg"),
@@ -3928,8 +3929,8 @@ ${assistantText}` : assistantText;
       config: this.config,
       agentMode: mode,
       cache: this.cache,
-      permissions: this.permissions,
-      pathSecurity: this.pathSecurity,
+      permissions: scopedSecurity.permissions,
+      pathSecurity: scopedSecurity.pathSecurity,
       logActivity: (activity) => {
         const full = { ...activity, id: createId("activity"), createdAt: nowIso() };
         session.activities.push(full);
@@ -3979,6 +3980,13 @@ ${assistantText}` : assistantText;
       };
     }
   }
+  securityForSession(session) {
+    const pathSecurity = this.pathSecurity.forWorktree(session.worktree);
+    return {
+      pathSecurity,
+      permissions: this.permissions.forPathSecurity(pathSecurity)
+    };
+  }
   logToolActivity(session, activity) {
     const full = { ...activity, id: createId("activity"), createdAt: nowIso() };
     session.activities.push(full);
@@ -4234,8 +4242,9 @@ ${assistantText}` : assistantText;
       return "Git nao esta instalado. Quer que eu instale?";
     }
     const scanInput = inputPath === "." ? process.env.HOME ?? inputPath : inputPath;
-    const rootPath = await this.pathSecurity.normalize(scanInput, { enforceAccess: false });
-    await this.permissions.ensure({ operation: "list_projects", kind: "read", path: rootPath });
+    const security = this.securityForSession(session);
+    const rootPath = await security.pathSecurity.normalize(scanInput, { enforceAccess: false });
+    await security.permissions.ensure({ operation: "list_projects", kind: "read", path: rootPath });
     const results = [];
     await this.walkForProjects(rootPath, 3, results, /* @__PURE__ */ new Set());
     if (results.length === 0) {
@@ -5043,13 +5052,13 @@ var GitHubClient = class {
     }
     return parseGitHubRemote(result.stdout.trim());
   }
-  async request(path15, init = {}) {
+  async request(path152, init = {}) {
     if (!this.options.token) {
       throw new Error(
         "GitHub token is required. Set GITHUB_TOKEN or .deepcode/config.json github.token."
       );
     }
-    const response = await fetch(`${this.apiBase}${path15}`, {
+    const response = await fetch(`${this.apiBase}${path152}`, {
       ...init,
       headers: {
         accept: "application/vnd.github+json",
@@ -5065,13 +5074,13 @@ var GitHubClient = class {
     if (response.status === 204) return void 0;
     return await response.json();
   }
-  async requestText(path15, init = {}) {
+  async requestText(path152, init = {}) {
     if (!this.options.token) {
       throw new Error(
         "GitHub token is required. Set GITHUB_TOKEN or .deepcode/config.json github.token."
       );
     }
-    const response = await fetch(`${this.apiBase}${path15}`, {
+    const response = await fetch(`${this.apiBase}${path152}`, {
       ...init,
       headers: {
         accept: "application/vnd.github+json",
@@ -5539,12 +5548,12 @@ function fromFileUri(uri) {
 var SECRET_KEY_PATTERN = /(api[_-]?key|token|authorization|secret|password|passwd|credential|private[_-]?key)/i;
 var MIN_SECRET_VALUE_LENGTH = 4;
 function redactSecrets(value, options = {}) {
-  const path15 = options.path ?? [];
+  const path152 = options.path ?? [];
   const secretPlaceholder = options.secretPlaceholder ?? "[redacted]";
   const emptySecretPlaceholder = options.emptySecretPlaceholder ?? "[empty]";
   const secretValues = options.secretValues ?? collectSecretValues();
   if (typeof value === "string") {
-    if (isSecretPath(path15)) {
+    if (isSecretPath(path152)) {
       return value.length > 0 ? secretPlaceholder : emptySecretPlaceholder;
     }
     return redactText(value, secretValues, secretPlaceholder);
@@ -5553,7 +5562,7 @@ function redactSecrets(value, options = {}) {
     return value.map(
       (item, index) => redactSecrets(item, {
         ...options,
-        path: [...path15, String(index)],
+        path: [...path152, String(index)],
         secretValues
       })
     );
@@ -5564,7 +5573,7 @@ function redactSecrets(value, options = {}) {
         key,
         redactSecrets(item, {
           ...options,
-          path: [...path15, key],
+          path: [...path152, key],
           secretValues
         })
       ])
@@ -5602,8 +5611,8 @@ function collectSecretValues(config) {
   }
   return [...values].sort((left, right) => right.length - left.length);
 }
-function isSecretPath(path15) {
-  const key = path15[path15.length - 1] ?? "";
+function isSecretPath(path152) {
+  const key = path152[path152.length - 1] ?? "";
   if (/(api[_-]?key|token|secret|credential).*file/i.test(key)) return false;
   return SECRET_KEY_PATTERN.test(key);
 }
@@ -6485,10 +6494,14 @@ function globToRegex(glob) {
   }
   return new RegExp(`^${globPatternToRegexSource(glob)}$`);
 }
-var PathSecurity = class {
+var PathSecurity = class _PathSecurity {
   constructor(worktree, rules) {
     this.worktree = worktree;
     this.home = process.env.HOME ?? os2.homedir();
+    this.sourceRules = {
+      whitelist: [...rules.whitelist],
+      blacklist: [...rules.blacklist]
+    };
     this.rules = {
       whitelist: rules.whitelist.map((rule) => this.expand(rule, this.home)),
       blacklist: rules.blacklist.map((rule) => this.expand(rule, this.home))
@@ -6496,7 +6509,11 @@ var PathSecurity = class {
   }
   worktree;
   rules;
+  sourceRules;
   home;
+  forWorktree(worktree) {
+    return new _PathSecurity(path7.resolve(worktree), this.sourceRules);
+  }
   async normalize(inputPath, options = {}) {
     const enforceAccess = options.enforceAccess ?? true;
     const resolved = await this.resolvePath(inputPath);
@@ -6556,13 +6573,16 @@ var PathSecurity = class {
     return targetPath;
   }
 };
-var PermissionGateway = class {
-  constructor(config, pathSecurity, audit, eventBus, interactive = false) {
+var PermissionGateway = class _PermissionGateway {
+  constructor(config, pathSecurity, audit, eventBus, interactive = false, state) {
     this.config = config;
     this.pathSecurity = pathSecurity;
     this.audit = audit;
     this.eventBus = eventBus;
     this.interactive = interactive;
+    this.sessionAllowSet = state?.sessionAllowSet ?? /* @__PURE__ */ new Set();
+    this.alwaysAllowSet = state?.alwaysAllowSet ?? /* @__PURE__ */ new Set();
+    this.pendingApprovals = state?.pendingApprovals ?? /* @__PURE__ */ new Map();
   }
   config;
   pathSecurity;
@@ -6570,11 +6590,25 @@ var PermissionGateway = class {
   eventBus;
   interactive;
   /** Set of operation+path keys that were approved for the current session */
-  sessionAllowSet = /* @__PURE__ */ new Set();
+  sessionAllowSet;
   /** Set of operation+path keys that were approved permanently (always) */
-  alwaysAllowSet = /* @__PURE__ */ new Set();
+  alwaysAllowSet;
   /** Map of pending approval requests by request ID */
-  pendingApprovals = /* @__PURE__ */ new Map();
+  pendingApprovals;
+  forPathSecurity(pathSecurity) {
+    return new _PermissionGateway(
+      this.config,
+      pathSecurity,
+      this.audit,
+      this.eventBus,
+      this.interactive,
+      {
+        sessionAllowSet: this.sessionAllowSet,
+        alwaysAllowSet: this.alwaysAllowSet,
+        pendingApprovals: this.pendingApprovals
+      }
+    );
+  }
   /** Clear all session-scoped permissions (e.g., when session ends) */
   clearSessionAllowSet() {
     this.sessionAllowSet.clear();
@@ -7824,8 +7858,8 @@ import { useState as useState22, useEffect as useEffect22, useCallback as useCal
 import { Box as Box2, Text as Text22, useInput as useInput2, useApp as useApp2 } from "ink";
 import path42 from "path";
 import { jsx as jsx2, jsxs as jsxs2 } from "react/jsx-runtime";
-import fs7 from "fs";
-import path142 from "path";
+import fs8 from "fs";
+import path15 from "path";
 import { isValidElement, useCallback as useCallback26, useEffect as useEffect27, useMemo as useMemo18, useRef as useRef17, useState as useState29 } from "react";
 import { Box as Box42, Text as Text50, useInput as useInput6, useStdin as useStdin3 } from "ink";
 import os4 from "os";
@@ -9810,6 +9844,9 @@ import { jsx as jsx39, jsxs as jsxs35 } from "react/jsx-runtime";
 import { Box as Box31, Text as Text39 } from "ink";
 import { jsx as jsx40, jsxs as jsxs36 } from "react/jsx-runtime";
 import { jsx as jsx41, jsxs as jsxs37 } from "react/jsx-runtime";
+import fs6 from "fs";
+import os5 from "os";
+import path132 from "path";
 import { Box as Box33, Text as Text41 } from "ink";
 import { jsx as jsx42, jsxs as jsxs38 } from "react/jsx-runtime";
 import { useCallback as useCallback19, useMemo as useMemo11, useRef as useRef14 } from "react";
@@ -9827,8 +9864,8 @@ import { jsx as jsx46, jsxs as jsxs42 } from "react/jsx-runtime";
 import { useCallback as useCallback23, useEffect as useEffect25, useMemo as useMemo15, useRef as useRef16, useState as useState27 } from "react";
 import { Box as Box38, Text as Text46, useInput as useInput4 } from "ink";
 import { jsx as jsx47, jsxs as jsxs43 } from "react/jsx-runtime";
-import fs6 from "fs";
-import path132 from "path";
+import fs7 from "fs";
+import path142 from "path";
 import { useCallback as useCallback24, useMemo as useMemo16 } from "react";
 import { Box as Box39, Text as Text47 } from "ink";
 import { jsx as jsx48, jsxs as jsxs44 } from "react/jsx-runtime";
@@ -28039,6 +28076,109 @@ var compactCommand = {
     await context.ui.compact();
   }
 };
+var CACHE_TTL_MS = 24 * 60 * 60 * 1e3;
+var PACKAGE_NAME = "deepcode-ai";
+function cachePath() {
+  const cacheHome = process.env["XDG_CACHE_HOME"] ?? path132.join(os5.homedir(), ".cache");
+  return path132.join(cacheHome, "deepcode-ai", "update.json");
+}
+function readCache() {
+  try {
+    const raw = fs6.readFileSync(cachePath(), "utf8");
+    const parsed = JSON.parse(raw);
+    if (typeof parsed.checkedAt !== "number" || typeof parsed.latest !== "string" || Date.now() - parsed.checkedAt >= CACHE_TTL_MS) {
+      return null;
+    }
+    return {
+      checkedAt: parsed.checkedAt,
+      latest: parsed.latest,
+      stable: typeof parsed.stable === "string" ? parsed.stable : null
+    };
+  } catch {
+    return null;
+  }
+}
+function writeCache(cache) {
+  try {
+    const filePath = cachePath();
+    fs6.mkdirSync(path132.dirname(filePath), { recursive: true });
+    fs6.writeFileSync(filePath, `${JSON.stringify(cache)}
+`, "utf8");
+  } catch {
+  }
+}
+async function checkForUpdate(_currentVersion, options = {}) {
+  if (process.env["CI"] || process.env["NODE_ENV"] === "test" || process.env["DEEPCODE_DISABLE_UPDATE_CHECK"] === "1") {
+    return null;
+  }
+  if (!options.force) {
+    const cached = readCache();
+    if (cached) {
+      return { latest: cached.latest, stable: cached.stable };
+    }
+  }
+  try {
+    const response = await fetch(
+      `https://registry.npmjs.org/-/package/${PACKAGE_NAME}/dist-tags`,
+      { signal: AbortSignal.timeout(3e3) }
+    );
+    if (!response.ok) return null;
+    const tags = await response.json();
+    const latest = tags["latest"];
+    if (typeof latest !== "string" || latest.length === 0) return null;
+    const stable = typeof tags["stable"] === "string" && tags["stable"].length > 0 ? tags["stable"] : null;
+    const update = { latest, stable };
+    writeCache({ ...update, checkedAt: Date.now() });
+    return update;
+  } catch {
+    return null;
+  }
+}
+function isNewer(current, candidate) {
+  const currentParts = parseVersion2(current);
+  const candidateParts = parseVersion2(candidate);
+  if (!currentParts || !candidateParts) return false;
+  for (let index = 0; index < 3; index += 1) {
+    const currentPart = currentParts[index] ?? 0;
+    const candidatePart = candidateParts[index] ?? 0;
+    if (candidatePart !== currentPart) {
+      return candidatePart > currentPart;
+    }
+  }
+  return false;
+}
+function parseVersion2(version) {
+  const match = version.trim().match(/^v?(\d+)\.(\d+)\.(\d+)(?:[-+].*)?$/);
+  if (!match) return null;
+  return [Number(match[1]), Number(match[2]), Number(match[3])];
+}
+var VERSION = "1.1.28".length > 0 ? "1.1.28" : "0.0.0-dev";
+var updateCommand = {
+  name: "update",
+  description: "Check published DeepCode versions",
+  kind: "built-in",
+  supportedModes: ["interactive"],
+  action: async () => {
+    const update = await checkForUpdate(VERSION, { force: true });
+    const lines = [`Current version: ${VERSION}`];
+    if (!update) {
+      lines.push("Could not reach the npm registry right now.");
+    } else {
+      const latestStatus = isNewer(VERSION, update.latest) ? "available" : "current or older";
+      lines.push(`Latest version:  ${update.latest} (${latestStatus})`);
+      if (update.stable) {
+        const stableStatus = isNewer(VERSION, update.stable) ? "available" : "current or older";
+        lines.push(`Stable version:  ${update.stable} (${stableStatus})`);
+      } else {
+        lines.push("Stable version:  not published yet");
+      }
+    }
+    lines.push("");
+    lines.push("Install latest:  npm install -g deepcode-ai@latest");
+    lines.push("Install stable:  npm install -g deepcode-ai@stable");
+    return { type: "message", messageType: "info", content: lines.join("\n") };
+  }
+};
 function sessionNotReady() {
   return {
     type: "message",
@@ -29093,11 +29233,11 @@ var RATINGS = [
 ];
 var CANCEL_VALUE2 = "__cancel__";
 function appendFeedbackEntry(cwd, rating, label) {
-  const file = path132.join(cwd, ".deepcode", "feedback.log");
+  const file = path142.join(cwd, ".deepcode", "feedback.log");
   const entry = JSON.stringify({ ts: (/* @__PURE__ */ new Date()).toISOString(), rating, label });
   try {
-    fs6.mkdirSync(path132.dirname(file), { recursive: true });
-    fs6.appendFileSync(file, `${entry}
+    fs7.mkdirSync(path142.dirname(file), { recursive: true });
+    fs7.appendFileSync(file, `${entry}
 `, "utf8");
   } catch {
   }
@@ -29591,6 +29731,7 @@ Follow-up suggestion:`;
     return null;
   }
 }
+var APPROVAL_ENTER_ARM_DELAY_MS = 350;
 var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
   const historyManager = useHistory();
   const addHistoryItem = historyManager.addItem;
@@ -29652,6 +29793,7 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
   const messageQueueRef = useRef17([]);
   const sessionShellAllowlistRef = useRef17(/* @__PURE__ */ new Set());
   const mainControlsRef = useRef17(null);
+  const approvalPromptVisibleAtRef = useRef17(null);
   const { stdin, setRawMode } = useStdin3();
   const { columns: terminalWidth, rows: terminalHeight } = useTerminalSize();
   const mainAreaWidth = Math.min(Math.max(terminalWidth - 4, 20), 120);
@@ -29674,12 +29816,12 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
   const configAdapter = configAdapterRef.current ?? new DeepCodeConfigAdapter(cwd);
   const isValidPath = useCallback26(
     (candidate) => {
-      const resolved = path142.resolve(cwd, candidate);
-      const relative2 = path142.relative(cwd, resolved);
-      if (relative2.startsWith("..") || path142.isAbsolute(relative2)) {
+      const resolved = path15.resolve(cwd, candidate);
+      const relative2 = path15.relative(cwd, resolved);
+      if (relative2.startsWith("..") || path15.isAbsolute(relative2)) {
         return false;
       }
-      return fs7.existsSync(resolved);
+      return fs8.existsSync(resolved);
     },
     [cwd]
   );
@@ -29709,6 +29851,7 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
       modelCommand,
       modeCommand,
       renameCommand,
+      updateCommand,
       settingsDialogCommand,
       themeDialogCommand,
       permissionsDialogCommand,
@@ -29878,12 +30021,14 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
   }, [messageQueue]);
   useEffect27(() => {
     if (approvalQueue.length > 0) {
+      approvalPromptVisibleAtRef.current ??= Date.now();
       setStreamingState(
         "waiting_for_confirmation"
         /* WaitingForConfirmation */
       );
       return;
     }
+    approvalPromptVisibleAtRef.current = null;
     if (isRunning) {
       setStreamingState(
         "responding"
@@ -30091,6 +30236,25 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
           );
         }
         setIsInitializing(false);
+        checkForUpdate(VERSION).then((update) => {
+          if (!mounted || !update) return;
+          const available = [];
+          if (isNewer(VERSION, update.latest)) {
+            available.push(`latest v${update.latest}`);
+          }
+          if (update.stable && isNewer(VERSION, update.stable)) {
+            available.push(`stable v${update.stable}`);
+          }
+          if (available.length === 0) return;
+          addHistoryItem(
+            {
+              type: "info",
+              text: `Update available: ${available.join(", ")}. Run /update for install commands.`
+            },
+            Date.now()
+          );
+        }).catch(() => {
+        });
       } catch (error) {
         if (!mounted) return;
         const message = error instanceof Error ? error.message : String(error);
@@ -30290,6 +30454,8 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
       let status = "Success";
       let resultDisplay = "(no output)";
       try {
+        const pathSecurity = runtime.pathSecurity.forWorktree(session.worktree);
+        const permissions = runtime.permissions.forPathSecurity(pathSecurity);
         const result = await runToolEffect(
           tool.execute(parsed.data, {
             sessionId: session.id,
@@ -30300,8 +30466,8 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
             config: runtime.config,
             agentMode,
             cache: runtime.cache,
-            permissions: runtime.permissions,
-            pathSecurity: runtime.pathSecurity,
+            permissions,
+            pathSecurity,
             logActivity: (activity) => {
               runtime.events.emit("activity", {
                 id: createId("activity"),
@@ -30847,10 +31013,12 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
     }
     if (approvalQueue.length > 0) {
       const pressed = input.toLowerCase();
-      if (pressed === "y" || key.return) {
+      const enterArmed = approvalPromptVisibleAtRef.current !== null && Date.now() - approvalPromptVisibleAtRef.current >= APPROVAL_ENTER_ARM_DELAY_MS;
+      if (pressed === "y" || key.return && enterArmed) {
         resolveApproval({ allowed: true, scope: "once", reason: "Approved in TUI" });
         return;
       }
+      if (key.return) return;
       if (pressed === "s") {
         resolveApproval({ allowed: true, scope: "session", reason: "Approved for session in TUI" });
         return;
@@ -30963,7 +31131,7 @@ var AppContainer = ({ cwd, config, provider, model, resumeSessionId }) => {
       mainControlsRef,
       constrainHeight: false,
       currentModel,
-      sessionName: path142.basename(cwd),
+      sessionName: path15.basename(cwd),
       isConfigInitialized: !isInitializing && !initError,
       sessionStats: {
         lastPromptTokenCount,
@@ -31202,11 +31370,11 @@ function isInteractiveDialog(dialog) {
   return dialog === "theme" || dialog === "permissions" || dialog === "auth" || dialog === "provider" || dialog === "model" || dialog === "feedback" || dialog === "sessions";
 }
 function tuiThemeFilePath(cwd) {
-  return path142.join(cwd, ".deepcode", "tui-theme.json");
+  return path15.join(cwd, ".deepcode", "tui-theme.json");
 }
 function readSavedTheme(cwd) {
   try {
-    const parsed = JSON.parse(fs7.readFileSync(tuiThemeFilePath(cwd), "utf8"));
+    const parsed = JSON.parse(fs8.readFileSync(tuiThemeFilePath(cwd), "utf8"));
     return typeof parsed.theme === "string" ? parsed.theme : null;
   } catch {
     return null;
@@ -31214,8 +31382,8 @@ function readSavedTheme(cwd) {
 }
 function writeSavedTheme(cwd, themeName) {
   const file = tuiThemeFilePath(cwd);
-  fs7.mkdirSync(path142.dirname(file), { recursive: true });
-  fs7.writeFileSync(file, `${JSON.stringify({ theme: themeName }, null, 2)}
+  fs8.mkdirSync(path15.dirname(file), { recursive: true });
+  fs8.writeFileSync(file, `${JSON.stringify({ theme: themeName }, null, 2)}
 `);
 }
 function errorMessage(error) {
@@ -31354,7 +31522,7 @@ function createProgram() {
     writeOut: writeStdoutSync,
     writeErr: writeStderrSync
   });
-  program.name("deepcode").description("AI coding agent for the terminal").version("1.0.0").option("-C, --cwd <path>", "working directory", process.cwd()).option("--config <path>", "config file path");
+  program.name("deepcode").description("AI coding agent for the terminal").version(VERSION).option("-C, --cwd <path>", "working directory", process.cwd()).option("--config <path>", "config file path");
   program.command("init").description("create .deepcode/config.json").action(async () => {
     await initCommand(program.opts().cwd);
   });