npm - deepseek-coder-agent-cli - Versions diffs - 1.0.29 → 1.0.31 - Mend

deepseek-coder-agent-cli 1.0.29 → 1.0.31

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/README.md +86 -66
package/dist/core/sudoPasswordManager.d.ts +52 -0
package/dist/core/sudoPasswordManager.d.ts.map +1 -0
package/dist/core/sudoPasswordManager.js +115 -0
package/dist/core/sudoPasswordManager.js.map +1 -0
package/dist/headless/interactiveShell.d.ts.map +1 -1
package/dist/headless/interactiveShell.js +48 -0
package/dist/headless/interactiveShell.js.map +1 -1
package/dist/tools/bashTools.d.ts.map +1 -1
package/dist/tools/bashTools.js +183 -8
package/dist/tools/bashTools.js.map +1 -1
package/dist/ui/UnifiedUIRenderer.d.ts +1 -0
package/dist/ui/UnifiedUIRenderer.d.ts.map +1 -1
package/dist/ui/UnifiedUIRenderer.js +30 -3
package/dist/ui/UnifiedUIRenderer.js.map +1 -1
package/package.json +1 -1

package/README.md CHANGED Viewed

@@ -1,15 +1,6 @@
 # DeepSeek Coder CLI
-An AI-powered coding assistant for the terminal. Built for developers who prefer working in the command line.
-## Features
-- **Interactive Shell** - Full-featured terminal interface with multi-line input support
-- **Code Editing** - Read, write, and edit files with AI assistance
-- **Bash Integration** - Execute shell commands with real-time status display
-- **Multi-Provider Support** - Works with DeepSeek, OpenAI, Anthropic, Google, and xAI
-- **Session Management** - Save and restore conversation sessions
-- **File Change Tracking** - Revert all changes made during a session with `/revert`
+A multi-provider AI coding agent for the terminal. Switch between DeepSeek, OpenAI, Anthropic, Google, and xAI models with a single command.
 ## Installation
@@ -17,77 +8,94 @@ An AI-powered coding assistant for the terminal. Built for developers who prefer
 npm install -g deepseek-coder-agent-cli
 ```
-## Setup
-Get your API key from [DeepSeek Platform](https://platform.deepseek.com/api_keys), then:
+Requires Node.js 20+.
-```bash
-deepseek --key YOUR_API_KEY
-```
-Or set via environment variable:
+## Quick Start
 ```bash
+# Set your API key
 export DEEPSEEK_API_KEY=your_key_here
-```
-## Usage
-```bash
 # Start interactive mode
 deepseek
-# Start with an initial prompt
+# Or start with a prompt
 deepseek "explain this codebase"
-# Quick mode (non-interactive, single response)
-deepseek -q "list all TypeScript files"
+# Quick mode (single response, then exit)
+deepseek -q "list all files"
 ```
+## Supported Providers
+| Provider | Environment Variable | Models |
+|----------|---------------------|--------|
+| DeepSeek | `DEEPSEEK_API_KEY` | deepseek-reasoner, deepseek-chat |
+| OpenAI | `OPENAI_API_KEY` | gpt-5.2-pro, gpt-5.2-codex, gpt-5.2-codex-mini |
+| Anthropic | `ANTHROPIC_API_KEY` | claude-opus-4-5, claude-sonnet-4-5, claude-haiku-4-5 |
+| Google | `GEMINI_API_KEY` | gemini-3.0-pro, gemini-2.5-flash |
+| xAI | `XAI_API_KEY` | grok-4-1-fast-reasoning, grok-4 |
+| Ollama | `OLLAMA_BASE_URL` | llama3.3:70b, llama3.2:3b (local) |
+| Qwen | `DASHSCOPE_API_KEY` | qwen-max, qwen-turbo |
+Use `/model` to switch providers and models interactively.
 ## Commands
 | Command | Description |
 |---------|-------------|
-| `/help` | Show help information |
-| `/exit` | Exit the shell |
-| `/model` | Switch AI model/provider |
-| `/context` | Refresh workspace context |
-| `/sessions` | Manage conversation sessions |
-| `/revert` | Revert file changes made this session |
-| `/tools` | Show available tools |
-| `/shortcuts` | Show keyboard shortcuts |
+| `/model` | Switch model/provider |
+| `/help` | Show all commands |
+| `/exit` or `/quit` | Exit the CLI |
+| `/clear` | Clear conversation history |
+| `/compact` | Summarize conversation to save context |
+| `/diff` | Show git diff of changes |
+| `/undo` | Undo last turn |
+| `/rewind` | Rewind to a checkpoint |
+| `/sessions` | Manage saved sessions |
+| `/resume` | Resume a previous session |
+| `/export` | Export conversation to file |
+| `/context` | Refresh workspace snapshot |
+| `/status` | Show session config and token usage |
+| `/cost` | Show API cost breakdown |
+| `/tools` | Enable/disable tools |
+| `/secrets` | Configure API keys |
+| `/providers` | List configured providers |
+| `/refresh-models` | Discover new models from APIs |
+| `/doctor` | Check environment and tool readiness |
+| `/thinking` | Toggle thinking mode (balanced/extended) |
+| `/vim` | Toggle vim-style input editing |
 ## Keyboard Shortcuts
 | Shortcut | Action |
 |----------|--------|
-| `Ctrl+C` | Cancel current operation / Exit |
+| `Ctrl+C` | Interrupt / Double-press to exit |
+| `Ctrl+D` | Exit (when input empty) |
 | `Ctrl+U` | Clear input line |
+| `Esc` | Interrupt AI response |
 | `Option+A` | Toggle auto-approve mode |
 | `Option+G` | Toggle agentic mode |
-| `Option+T` | Toggle thinking depth |
+| `Option+T` | Cycle thinking depth |
+## Tools
-## Tools Available to AI
+The AI has access to these tools:
 | Tool | Description |
 |------|-------------|
-| `read_file` | Read file contents with line numbers |
-| `write_file` | Create or overwrite files |
-| `edit_file` | Make precise edits to existing files |
-| `bash` | Execute shell commands |
-| `search` | Search for files by pattern |
-| `grep` | Search file contents with regex |
-| `web_search` | Search the web for information |
-## Supported Providers
-| Provider | Environment Variable | Models |
-|----------|---------------------|--------|
-| DeepSeek | `DEEPSEEK_API_KEY` | DeepSeek V3, DeepSeek Coder |
-| OpenAI | `OPENAI_API_KEY` | GPT-4, GPT-4o |
-| Anthropic | `ANTHROPIC_API_KEY` | Claude 3.5 Sonnet, Claude 3 Opus |
-| Google | `GOOGLE_API_KEY` | Gemini 2.0 |
-| xAI | `XAI_API_KEY` | Grok |
+| `Read` | Read file contents |
+| `Write` | Create or overwrite files |
+| `Edit` | Make precise edits to files |
+| `Bash` | Execute shell commands |
+| `Glob` | Find files by pattern |
+| `Grep` | Search file contents |
+| `WebSearch` | Search the web |
+| `WebFetch` | Fetch and analyze URLs |
+| `LSP` | Language server operations (go to definition, find references) |
+| `Task` | Launch background agents |
+| `TodoWrite` | Track task progress |
+| `HITL_Decision` | Request human input for decisions |
 ## CLI Options
@@ -95,27 +103,39 @@ deepseek -q "list all TypeScript files"
 deepseek [options] [prompt]
 Options:
-  -v, --version      Show version
-  -h, --help         Show help
-  -q, --quick        Quick mode (non-interactive)
-  --provider <id>    Select provider
-  --model <name>     Select model
-  --key <api-key>    Set API key
-  --debug            Enable debug logging
+  -v, --version       Show version
+  -h, --help          Show help
+  -q, --quick         Quick mode (non-interactive)
+  --provider <id>     Select provider (deepseek, openai, anthropic, google, xai)
+  --model <name>      Select model
+  --profile <name>    Use agent profile
+  --debug             Enable debug logging
 ```
+## Configuration
+Settings are stored in `~/.agi/`:
+- `settings.json` - Model preferences per profile
+- `secrets.json` - Encrypted API keys
+- `discovered-models.json` - Cached model discovery
+## Features
+- **Multi-provider**: Switch between 7 AI providers seamlessly
+- **HITL (Human-in-the-Loop)**: AI requests approval for important decisions
+- **Session persistence**: Save and resume conversations
+- **Checkpoint/Rewind**: Undo changes and revert to previous states
+- **Streaming**: Real-time response streaming with interrupt support
+- **Context management**: Automatic summarization to stay within limits
+- **Tool permissions**: Configure which tools require approval
 ## Development
 ```bash
-# Clone and install
-git clone https://github.com/anthropics/deepseek-cli.git
+git clone <repo-url>
 cd deepseek-cli
 npm install
-# Build
 npm run build
-# Run locally
 npm start
 ```

package/dist/core/sudoPasswordManager.d.ts ADDED Viewed

@@ -0,0 +1,52 @@
+/**
+ * Sudo Password Manager - handles sudo password caching and prompting
+ *
+ * This module provides a singleton manager for sudo passwords, allowing
+ * bash commands to run with sudo privileges by prompting the user for
+ * their password when needed.
+ */
+import { EventEmitter } from 'node:events';
+declare class SudoPasswordManager extends EventEmitter {
+    private cachedPassword;
+    private passwordValidUntil;
+    private readonly CACHE_DURATION_MS;
+    private pendingRequest;
+    /**
+     * Get the cached sudo password if still valid
+     */
+    getCachedPassword(): string | null;
+    /**
+     * Cache a sudo password
+     */
+    cachePassword(password: string): void;
+    /**
+     * Invalidate the cached password (e.g., if sudo fails)
+     */
+    invalidatePassword(): void;
+    /**
+     * Request a sudo password - emits 'password-needed' event
+     * Returns the password or null if cancelled
+     */
+    requestPassword(): Promise<string | null>;
+    /**
+     * Provide the password in response to a 'password-needed' event
+     */
+    providePassword(password: string | null): void;
+    /**
+     * Cancel the pending password request
+     */
+    cancelRequest(): void;
+    /**
+     * Check if there's a pending password request
+     */
+    hasPendingRequest(): boolean;
+}
+export declare const sudoPasswordManager: SudoPasswordManager;
+export declare function getSudoPassword(): Promise<string | null>;
+export declare function setCachedSudoPassword(password: string): void;
+export declare function invalidateSudoPassword(): void;
+export declare function onSudoPasswordNeeded(callback: () => void): void;
+export declare function offSudoPasswordNeeded(callback: () => void): void;
+export declare function provideSudoPassword(password: string | null): void;
+export {};
+//# sourceMappingURL=sudoPasswordManager.d.ts.map

package/dist/core/sudoPasswordManager.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sudoPasswordManager.d.ts","sourceRoot":"","sources":["../../src/core/sudoPasswordManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAO3C,cAAM,mBAAoB,SAAQ,YAAY;IAC5C,OAAO,CAAC,cAAc,CAAuB;IAC7C,OAAO,CAAC,kBAAkB,CAAa;IACvC,OAAO,CAAC,QAAQ,CAAC,iBAAiB,CAAiB;IACnD,OAAO,CAAC,cAAc,CAAoC;IAE1D;;OAEG;IACH,iBAAiB,IAAI,MAAM,GAAG,IAAI;IAOlC;;OAEG;IACH,aAAa,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI;IAKrC;;OAEG;IACH,kBAAkB,IAAI,IAAI;IAK1B;;;OAGG;IACG,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC;IA0B/C;;OAEG;IACH,eAAe,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI;IAY9C;;OAEG;IACH,aAAa,IAAI,IAAI;IAQrB;;OAEG;IACH,iBAAiB,IAAI,OAAO;CAG7B;AAGD,eAAO,MAAM,mBAAmB,qBAA4B,CAAC;AAG7D,wBAAgB,eAAe,IAAI,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAExD;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,CAE5D;AAED,wBAAgB,sBAAsB,IAAI,IAAI,CAE7C;AAED,wBAAgB,oBAAoB,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAE/D;AAED,wBAAgB,qBAAqB,CAAC,QAAQ,EAAE,MAAM,IAAI,GAAG,IAAI,CAEhE;AAED,wBAAgB,mBAAmB,CAAC,QAAQ,EAAE,MAAM,GAAG,IAAI,GAAG,IAAI,CAEjE"}

package/dist/core/sudoPasswordManager.js ADDED Viewed

@@ -0,0 +1,115 @@
+/**
+ * Sudo Password Manager - handles sudo password caching and prompting
+ *
+ * This module provides a singleton manager for sudo passwords, allowing
+ * bash commands to run with sudo privileges by prompting the user for
+ * their password when needed.
+ */
+import { EventEmitter } from 'node:events';
+class SudoPasswordManager extends EventEmitter {
+    cachedPassword = null;
+    passwordValidUntil = 0;
+    CACHE_DURATION_MS = 5 * 60 * 1000; // 5 minutes (matches typical sudo timeout)
+    pendingRequest = null;
+    /**
+     * Get the cached sudo password if still valid
+     */
+    getCachedPassword() {
+        if (this.cachedPassword && Date.now() < this.passwordValidUntil) {
+            return this.cachedPassword;
+        }
+        return null;
+    }
+    /**
+     * Cache a sudo password
+     */
+    cachePassword(password) {
+        this.cachedPassword = password;
+        this.passwordValidUntil = Date.now() + this.CACHE_DURATION_MS;
+    }
+    /**
+     * Invalidate the cached password (e.g., if sudo fails)
+     */
+    invalidatePassword() {
+        this.cachedPassword = null;
+        this.passwordValidUntil = 0;
+    }
+    /**
+     * Request a sudo password - emits 'password-needed' event
+     * Returns the password or null if cancelled
+     */
+    async requestPassword() {
+        // Check cache first
+        const cached = this.getCachedPassword();
+        if (cached) {
+            return cached;
+        }
+        // If there's already a pending request, wait for it
+        if (this.pendingRequest) {
+            return new Promise((resolve, reject) => {
+                // Subscribe to the same request
+                const originalResolve = this.pendingRequest.resolve;
+                this.pendingRequest.resolve = (password) => {
+                    originalResolve(password);
+                    resolve(password);
+                };
+            });
+        }
+        // Create new request
+        return new Promise((resolve, reject) => {
+            this.pendingRequest = { resolve, reject };
+            this.emit('password-needed');
+        });
+    }
+    /**
+     * Provide the password in response to a 'password-needed' event
+     */
+    providePassword(password) {
+        if (this.pendingRequest) {
+            const request = this.pendingRequest;
+            this.pendingRequest = null;
+            if (password) {
+                this.cachePassword(password);
+            }
+            request.resolve(password);
+        }
+    }
+    /**
+     * Cancel the pending password request
+     */
+    cancelRequest() {
+        if (this.pendingRequest) {
+            const request = this.pendingRequest;
+            this.pendingRequest = null;
+            request.resolve(null);
+        }
+    }
+    /**
+     * Check if there's a pending password request
+     */
+    hasPendingRequest() {
+        return this.pendingRequest !== null;
+    }
+}
+// Singleton instance
+export const sudoPasswordManager = new SudoPasswordManager();
+// Convenience exports
+export function getSudoPassword() {
+    return sudoPasswordManager.requestPassword();
+}
+export function setCachedSudoPassword(password) {
+    sudoPasswordManager.cachePassword(password);
+}
+export function invalidateSudoPassword() {
+    sudoPasswordManager.invalidatePassword();
+}
+export function onSudoPasswordNeeded(callback) {
+    sudoPasswordManager.on('password-needed', callback);
+}
+export function offSudoPasswordNeeded(callback) {
+    sudoPasswordManager.off('password-needed', callback);
+}
+export function provideSudoPassword(password) {
+    sudoPasswordManager.providePassword(password);
+}
+//# sourceMappingURL=sudoPasswordManager.js.map

package/dist/core/sudoPasswordManager.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sudoPasswordManager.js","sourceRoot":"","sources":["../../src/core/sudoPasswordManager.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AAO3C,MAAM,mBAAoB,SAAQ,YAAY;IACpC,cAAc,GAAkB,IAAI,CAAC;IACrC,kBAAkB,GAAW,CAAC,CAAC;IACtB,iBAAiB,GAAG,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAC,2CAA2C;IACvF,cAAc,GAA+B,IAAI,CAAC;IAE1D;;OAEG;IACH,iBAAiB;QACf,IAAI,IAAI,CAAC,cAAc,IAAI,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,kBAAkB,EAAE,CAAC;YAChE,OAAO,IAAI,CAAC,cAAc,CAAC;QAC7B,CAAC;QACD,OAAO,IAAI,CAAC;IACd,CAAC;IAED;;OAEG;IACH,aAAa,CAAC,QAAgB;QAC5B,IAAI,CAAC,cAAc,GAAG,QAAQ,CAAC;QAC/B,IAAI,CAAC,kBAAkB,GAAG,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,iBAAiB,CAAC;IAChE,CAAC;IAED;;OAEG;IACH,kBAAkB;QAChB,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;QAC3B,IAAI,CAAC,kBAAkB,GAAG,CAAC,CAAC;IAC9B,CAAC;IAED;;;OAGG;IACH,KAAK,CAAC,eAAe;QACnB,oBAAoB;QACpB,MAAM,MAAM,GAAG,IAAI,CAAC,iBAAiB,EAAE,CAAC;QACxC,IAAI,MAAM,EAAE,CAAC;YACX,OAAO,MAAM,CAAC;QAChB,CAAC;QAED,oDAAoD;QACpD,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,OAAO,IAAI,OAAO,CAAC,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;gBACrC,gCAAgC;gBAChC,MAAM,eAAe,GAAG,IAAI,CAAC,cAAe,CAAC,OAAO,CAAC;gBACrD,IAAI,CAAC,cAAe,CAAC,OAAO,GAAG,CAAC,QAAQ,EAAE,EAAE;oBAC1C,eAAe,CAAC,QAAQ,CAAC,CAAC;oBAC1B,OAAO,CAAC,QAAQ,CAAC,CAAC;gBACpB,CAAC,CAAC;YACJ,CAAC,CAAC,CAAC;QACL,CAAC;QAED,qBAAqB;QACrB,OAAO,IAAI,OAAO,CAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,EAAE;YACpD,IAAI,CAAC,cAAc,GAAG,EAAE,OAAO,EAAE,MAAM,EAAE,CAAC;YAC1C,IAAI,CAAC,IAAI,CAAC,iBAAiB,CAAC,CAAC;QAC/B,CAAC,CAAC,CAAC;IACL,CAAC;IAED;;OAEG;IACH,eAAe,CAAC,QAAuB;QACrC,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC;YACpC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAE3B,IAAI,QAAQ,EAAE,CAAC;gBACb,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;YAC/B,CAAC;YACD,OAAO,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QAC5B,CAAC;IACH,CAAC;IAED;;OAEG;IACH,aAAa;QACX,IAAI,IAAI,CAAC,cAAc,EAAE,CAAC;YACxB,MAAM,OAAO,GAAG,IAAI,CAAC,cAAc,CAAC;YACpC,IAAI,CAAC,cAAc,GAAG,IAAI,CAAC;YAC3B,OAAO,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QACxB,CAAC;IACH,CAAC;IAED;;OAEG;IACH,iBAAiB;QACf,OAAO,IAAI,CAAC,cAAc,KAAK,IAAI,CAAC;IACtC,CAAC;CACF;AAED,qBAAqB;AACrB,MAAM,CAAC,MAAM,mBAAmB,GAAG,IAAI,mBAAmB,EAAE,CAAC;AAE7D,sBAAsB;AACtB,MAAM,UAAU,eAAe;IAC7B,OAAO,mBAAmB,CAAC,eAAe,EAAE,CAAC;AAC/C,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAgB;IACpD,mBAAmB,CAAC,aAAa,CAAC,QAAQ,CAAC,CAAC;AAC9C,CAAC;AAED,MAAM,UAAU,sBAAsB;IACpC,mBAAmB,CAAC,kBAAkB,EAAE,CAAC;AAC3C,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,QAAoB;IACvD,mBAAmB,CAAC,EAAE,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;AACtD,CAAC;AAED,MAAM,UAAU,qBAAqB,CAAC,QAAoB;IACxD,mBAAmB,CAAC,GAAG,CAAC,iBAAiB,EAAE,QAAQ,CAAC,CAAC;AACvD,CAAC;AAED,MAAM,UAAU,mBAAmB,CAAC,QAAuB;IACzD,mBAAmB,CAAC,eAAe,CAAC,QAAQ,CAAC,CAAC;AAChD,CAAC"}

package/dist/headless/interactiveShell.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"interactiveShell.d.ts","sourceRoot":"","sources":["../../src/headless/interactiveShell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;~~AAwJH~~,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAOD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuDzF"}
1	+ {"version":3,"file":"interactiveShell.d.ts","sourceRoot":"","sources":["../../src/headless/interactiveShell.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;GAaG;AAyJH,MAAM,WAAW,uBAAuB;IACtC,IAAI,EAAE,MAAM,EAAE,CAAC;CAChB;AAOD;;GAEG;AACH,wBAAsB,mBAAmB,CAAC,OAAO,EAAE,uBAAuB,GAAG,OAAO,CAAC,IAAI,CAAC,CAuDzF"}

package/dist/headless/interactiveShell.js CHANGED Viewed

@@ -49,6 +49,7 @@ import { getSelfUpgrade, SelfUpgrade, resumeAfterUpgrade } from '../core/selfUpg
 import { getHotReload } from '../core/hotReload.js';
 import { theme } from '../ui/theme.js';
 import { startNewRun } from '../tools/fileChangeTracker.js';
+import { onSudoPasswordNeeded, offSudoPasswordNeeded, provideSudoPassword } from '../core/sudoPasswordManager.js';
 // Timeout constants for attack tournament - balanced for model response time
 const ATTACK_AGENT_STEP_TIMEOUT_MS = 24 * 60 * 60 * 1000; // 24 hours per agent step - effectively infinite
 const ATTACK_REASONING_TIMEOUT_MS = 24 * 60 * 60 * 1000; // 24 hours max for reasoning-only before forcing action
@@ -384,6 +385,8 @@ class InteractiveShell {
         // Start the UI
         this.promptController.start();
         this.applyDebugState(this.debugEnabled);
+        // Set up sudo password prompt handler
+        this.setupSudoPasswordHandler();
         // Set initial status
         this.promptController.setChromeMeta({
             profile: this.profile,
@@ -474,6 +477,50 @@ class InteractiveShell {
             // Ignore errors clearing pinned prompt
         }
     }
+    /**
+     * Set up handler for sudo password prompts from bash tool execution.
+     * When a sudo command needs a password, this prompts the user securely.
+     */
+    sudoPasswordHandler = null;
+    setupSudoPasswordHandler() {
+        this.sudoPasswordHandler = async () => {
+            const renderer = this.promptController?.getRenderer();
+            if (!renderer) {
+                provideSudoPassword(null);
+                return;
+            }
+            try {
+                // Show password prompt
+                renderer.addEvent('system', chalk.yellow('🔐 Sudo password required'));
+                renderer.setSecretMode(true);
+                renderer.clearBuffer();
+                // Capture password input
+                const password = await renderer.captureInput({ allowEmpty: false, trim: true, resetBuffer: true });
+                // Hide password mode
+                renderer.setSecretMode(false);
+                if (password) {
+                    provideSudoPassword(password);
+                    renderer.addEvent('system', chalk.green('✓ Password provided'));
+                }
+                else {
+                    provideSudoPassword(null);
+                    renderer.addEvent('system', chalk.yellow('Sudo cancelled'));
+                }
+            }
+            catch (error) {
+                renderer.setSecretMode(false);
+                provideSudoPassword(null);
+                renderer.addEvent('system', chalk.red('Password prompt cancelled'));
+            }
+        };
+        onSudoPasswordNeeded(this.sudoPasswordHandler);
+    }
+    cleanupSudoPasswordHandler() {
+        if (this.sudoPasswordHandler) {
+            offSudoPasswordNeeded(this.sudoPasswordHandler);
+            this.sudoPasswordHandler = null;
+        }
+    }
     applyDebugState(enabled, statusMessage) {
         this.debugEnabled = enabled;
         setDebugMode(enabled);
@@ -3727,6 +3774,7 @@ Any text response is a failure. Only tool calls are accepted.`;
     }
     handleExit() {
         this.shouldExit = true;
+        this.cleanupSudoPasswordHandler();
         this.promptController?.stop();
         void authorizedShutdown(0);
     }