dominds 0.8.18 → 0.8.20

package/dist/access-control.js

@@ -10,7 +10,7 @@ exports.getAccessDeniedMessage = getAccessDeniedMessage;
 /**
  * Module: access-control
  *
- * Directory-based access control helpers:
+ * Directory/file-extension based access control helpers:
  * - `matchesPattern` for glob-like directory scope matching (supports `*` and `**`)
  * - `hasReadAccess`/`hasWriteAccess` to evaluate member permissions
  * - `getAccessDeniedMessage` to format denial responses
@@ -31,6 +31,41 @@ function isRootDialogsPath(targetPath) {
     const normalized = targetPath.replace(/\\/g, '/').replace(/^\/+/, '');
     return normalized === '.dialogs' || normalized.startsWith('.dialogs/');
 }
+function normalizeFileExtName(raw) {
+    return raw.trim().toLowerCase().replace(/^\.+/, '');
+}
+function extractFileExtName(targetPath) {
+    const normalized = targetPath.replace(/\\/g, '/').replace(/\/+$/g, '');
+    if (normalized === '' || normalized === '.')
+        return undefined;
+    const baseName = normalized.split('/').pop();
+    if (!baseName || baseName === '.' || baseName === '..')
+        return undefined;
+    const dotIndex = baseName.lastIndexOf('.');
+    if (dotIndex <= 0 || dotIndex === baseName.length - 1)
+        return undefined;
+    return normalizeFileExtName(baseName.slice(dotIndex + 1));
+}
+function hasFileExtAccess(fileExtName, whitelist, blacklist) {
+    // Extension rules only apply to file-like paths with a detectable extension.
+    if (!fileExtName)
+        return true;
+    for (const ext of blacklist ?? []) {
+        if (normalizeFileExtName(ext) === fileExtName) {
+            return false;
+        }
+    }
+    const allow = whitelist ?? [];
+    if (allow.length === 0) {
+        return true;
+    }
+    for (const ext of allow) {
+        if (normalizeFileExtName(ext) === fileExtName) {
+            return true;
+        }
+    }
+    return false;
+}
 /**
  * Directory-specific pattern matching for access control.
  * This function determines if a target path (file or directory) should be controlled
@@ -142,8 +177,10 @@ function matchesPattern(targetPath, dirPattern) {
  * Access control logic:
  * 1. Check blacklist first (no_read_dirs) - if path matches any blacklist pattern, deny access
  * 2. Check whitelist (read_dirs) - if path matches any whitelist pattern, allow access
- * 3. If no whitelist patterns are defined, allow access (default allow)
- * 4. If whitelist patterns exist but none match, deny access
+ * 3. Check extension blacklist (no_read_file_ext_names) - if extension matches, deny access
+ * 4. Check extension whitelist (read_file_ext_names)
+ * 5. If no whitelist patterns are defined for a dimension, allow access (default allow)
+ * 6. If whitelist patterns exist but none match, deny access
  */
 function hasReadAccess(member, targetPath) {
     // Get resolved relative path from rtws root
@@ -183,17 +220,19 @@ function hasReadAccess(member, targetPath) {
     const whitelist = member.read_dirs || [];
     // Note: `.minds/**` is handled above as a hard deny (unless internal bypass is enabled).
     // If no whitelist is defined, allow access (after blacklist check)
-    if (whitelist.length === 0) {
-        return true;
-    }
-    // Check if path matches any whitelist pattern
-    for (const pattern of whitelist) {
-        if (matchesPattern(relativePath, pattern)) {
-            return true; // Explicitly allowed
+    let directoryAllowed = whitelist.length === 0;
+    if (!directoryAllowed) {
+        // Check if path matches any whitelist pattern
+        for (const pattern of whitelist) {
+            if (matchesPattern(relativePath, pattern)) {
+                directoryAllowed = true;
+                break;
+            }
         }
     }
-    // Path doesn't match any whitelist pattern
-    return false;
+    if (!directoryAllowed)
+        return false;
+    return hasFileExtAccess(extractFileExtName(relativePath), member.read_file_ext_names, member.no_read_file_ext_names);
 }
 /**
  * Check if a member has write access to a specific path.
@@ -201,8 +240,10 @@ function hasReadAccess(member, targetPath) {
  * Access control logic:
  * 1. Check blacklist first (no_write_dirs) - if path matches any blacklist pattern, deny access
  * 2. Check whitelist (write_dirs) - if path matches any whitelist pattern, allow access
- * 3. If no whitelist patterns are defined, allow access (default allow)
- * 4. If whitelist patterns exist but none match, deny access
+ * 3. Check extension blacklist (no_write_file_ext_names) - if extension matches, deny access
+ * 4. Check extension whitelist (write_file_ext_names)
+ * 5. If no whitelist patterns are defined for a dimension, allow access (default allow)
+ * 6. If whitelist patterns exist but none match, deny access
  */
 function hasWriteAccess(member, targetPath) {
     // Get resolved relative path from rtws root
@@ -242,17 +283,19 @@ function hasWriteAccess(member, targetPath) {
     const whitelist = member.write_dirs || [];
     // Note: `.minds/**` is handled above as a hard deny (unless internal bypass is enabled).
     // If no whitelist is defined, allow access (after blacklist check)
-    if (whitelist.length === 0) {
-        return true;
-    }
-    // Check if path matches any whitelist pattern
-    for (const pattern of whitelist) {
-        if (matchesPattern(relativePath, pattern)) {
-            return true; // Explicitly allowed
+    let directoryAllowed = whitelist.length === 0;
+    if (!directoryAllowed) {
+        // Check if path matches any whitelist pattern
+        for (const pattern of whitelist) {
+            if (matchesPattern(relativePath, pattern)) {
+                directoryAllowed = true;
+                break;
+            }
         }
     }
-    // Path doesn't match any whitelist pattern
-    return false;
+    if (!directoryAllowed)
+        return false;
+    return hasFileExtAccess(extractFileExtName(relativePath), member.write_file_ext_names, member.no_write_file_ext_names);
 }
 /**
  * Get an access denied error message for a specific operation and path.
@@ -308,5 +351,11 @@ function getAccessDeniedMessage(operation, targetPath, language = 'en') {
             lines.push(`- Hint: For Dominds debugging, reproduce in a nested rtws (e.g. \`ux-rtws/.dialogs/\`), which is not covered by this hard deny.`);
         }
     }
+    if (language === 'zh') {
+        lines.push(`- 说明：该路径可能命中目录权限（\`read_dirs/write_dirs/no_*_dirs\`）或扩展名权限（\`*_file_ext_names/no_*_file_ext_names\`）。`);
+    }
+    else {
+        lines.push(`- Note: This path may be blocked by directory rules (\`read_dirs/write_dirs/no_*_dirs\`) or file-extension rules (\`*_file_ext_names/no_*_file_ext_names\`).`);
+    }
     return lines.join('\n');
 }

package/dist/llm/defaults.yaml

@@ -63,6 +63,8 @@ providers:
       gpt-5.3-codex:
         name: GPT-5.3 Codex
         optimal_max_tokens: 200000
+        # Caution remediation reinjection cadence in generation turns (default: 10).
+        caution_remediation_cadence_generations: 10
         context_length: 272000
         input_length: 272000
         output_length: 32768
@@ -70,6 +72,8 @@ providers:
       gpt-5.3-codex-spark:
         name: GPT-5.3 Codex Spark
         optimal_max_tokens: 80000
+        # Caution remediation reinjection cadence in generation turns (default: 10).
+        caution_remediation_cadence_generations: 3
         context_length: 128000
         input_length: 128000
         output_length: 32768
@@ -77,6 +81,8 @@ providers:
       gpt-5.2-codex:
         name: GPT-5.2 Codex
         optimal_max_tokens: 200000
+        # Caution remediation reinjection cadence in generation turns (default: 10).
+        caution_remediation_cadence_generations: 10
         context_length: 272000
         input_length: 272000
         output_length: 32768
@@ -84,6 +90,8 @@ providers:
       gpt-5.2:
         name: GPT-5.2
         optimal_max_tokens: 200000
+        # Caution remediation reinjection cadence in generation turns (default: 10).
+        caution_remediation_cadence_generations: 10
         context_length: 272000
         input_length: 272000
         output_length: 32768

package/dist/llm/driver-v2/context-health.js

@@ -1,11 +1,13 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.DRIVER_V2_DEFAULT_CRITICAL_COUNTDOWN_GENERATIONS = void 0;
+exports.DRIVER_V2_DEFAULT_CAUTION_REMEDIATION_CADENCE_GENERATIONS = exports.DRIVER_V2_DEFAULT_CRITICAL_COUNTDOWN_GENERATIONS = void 0;
 exports.resetContextHealthRoundState = resetContextHealthRoundState;
 exports.resolveCriticalCountdownRemaining = resolveCriticalCountdownRemaining;
 exports.consumeCriticalCountdown = consumeCriticalCountdown;
+exports.resolveCautionRemediationCadenceGenerations = resolveCautionRemediationCadenceGenerations;
 exports.decideDriverV2ContextHealth = decideDriverV2ContextHealth;
 exports.DRIVER_V2_DEFAULT_CRITICAL_COUNTDOWN_GENERATIONS = 5;
+exports.DRIVER_V2_DEFAULT_CAUTION_REMEDIATION_CADENCE_GENERATIONS = 10;
 const contextHealthRoundStateByDialogKey = new Map();
 function getContextHealthRoundState(dialogKey) {
     const existing = contextHealthRoundStateByDialogKey.get(dialogKey);
@@ -30,7 +32,6 @@ function resolveCriticalCountdownRemaining(dialogKey, snapshot) {
             return exports.DRIVER_V2_DEFAULT_CRITICAL_COUNTDOWN_GENERATIONS;
         }
         const state = getContextHealthRoundState(dialogKey);
-        state.lastSeenLevel = snapshot.level;
         state.criticalCountdownRemaining = undefined;
         return exports.DRIVER_V2_DEFAULT_CRITICAL_COUNTDOWN_GENERATIONS;
     }
@@ -56,8 +57,18 @@ function consumeCriticalCountdown(dialogKey) {
     state.criticalCountdownRemaining = next;
     return next;
 }
+function resolveCautionRemediationCadenceGenerations(configured) {
+    if (typeof configured !== 'number' || !Number.isFinite(configured)) {
+        return exports.DRIVER_V2_DEFAULT_CAUTION_REMEDIATION_CADENCE_GENERATIONS;
+    }
+    const normalized = Math.floor(configured);
+    if (normalized <= 0) {
+        return exports.DRIVER_V2_DEFAULT_CAUTION_REMEDIATION_CADENCE_GENERATIONS;
+    }
+    return normalized;
+}
 function decideDriverV2ContextHealth(args) {
-    const { snapshot } = args;
+    const { snapshot, dialogKey } = args;
     if (!snapshot || snapshot.kind !== 'available') {
         return { kind: 'proceed' };
     }
@@ -65,11 +76,39 @@ function decideDriverV2ContextHealth(args) {
         return { kind: 'proceed' };
     }
     if (snapshot.level === 'caution') {
-        return args.hadUserPromptThisGen
-            ? { kind: 'proceed' }
-            : { kind: 'continue', reason: 'caution_soft_remediation' };
+        const state = getContextHealthRoundState(dialogKey);
+        const cadence = resolveCautionRemediationCadenceGenerations(args.cautionRemediationCadenceGenerations);
+        const enteringCaution = state.lastSeenLevel !== 'caution';
+        state.lastSeenLevel = 'caution';
+        state.criticalCountdownRemaining = undefined;
+        if (enteringCaution) {
+            state.cautionPromptDue = true;
+            state.cautionGenerationsSincePrompt = 0;
+        }
+        else if (state.cautionPromptDue !== true) {
+            const previous = typeof state.cautionGenerationsSincePrompt === 'number' &&
+                Number.isFinite(state.cautionGenerationsSincePrompt)
+                ? Math.max(0, Math.floor(state.cautionGenerationsSincePrompt))
+                : 0;
+            const next = previous + 1;
+            state.cautionGenerationsSincePrompt = next;
+            if (next >= cadence) {
+                state.cautionPromptDue = true;
+            }
+        }
+        const shouldInjectPrompt = state.cautionPromptDue === true && !args.hadUserPromptThisGen && args.canInjectPromptThisGen;
+        if (!shouldInjectPrompt) {
+            return { kind: 'proceed' };
+        }
+        state.cautionPromptDue = false;
+        state.cautionGenerationsSincePrompt = 0;
+        return { kind: 'continue', reason: 'caution_soft_remediation' };
     }
     if (snapshot.level === 'critical') {
+        const state = getContextHealthRoundState(dialogKey);
+        state.lastSeenLevel = 'critical';
+        state.cautionPromptDue = undefined;
+        state.cautionGenerationsSincePrompt = undefined;
         if (args.criticalCountdownRemaining <= 0) {
             return { kind: 'continue', reason: 'critical_force_new_course' };
         }

package/dist/llm/driver-v2/core.js

@@ -819,10 +819,15 @@ async function driveDialogStreamCoreV2(dlg, humanPrompt, driveOptions, callbacks
             if (genIterNo > 1) {
                 const snapshot = dlg.getLastContextHealth();
                 const hasQueuedUpNext = dlg.hasUpNext() || pendingPrompt !== undefined;
+                const modelInfoForRemediation = resolveModelInfo(providerCfg, model);
+                const cautionRemediationCadenceGenerations = (0, context_health_1.resolveCautionRemediationCadenceGenerations)(modelInfoForRemediation?.caution_remediation_cadence_generations);
                 const criticalCountdownRemaining = (0, context_health_1.resolveCriticalCountdownRemaining)(dlg.id.key(), snapshot);
                 const healthDecision = (0, context_health_1.decideDriverV2ContextHealth)({
+                    dialogKey: dlg.id.key(),
                     snapshot,
                     hadUserPromptThisGen: isUserOriginPrompt(pendingPrompt),
+                    canInjectPromptThisGen: !hasQueuedUpNext,
+                    cautionRemediationCadenceGenerations,
                     criticalCountdownRemaining,
                 });
                 if (healthDecision.kind === 'suspend') {

package/dist/llm/driver-v2/round.js

@@ -10,6 +10,7 @@ const persistence_1 = require("../../persistence");
 const driver_messages_1 = require("../../shared/i18n/driver-messages");
 const runtime_language_1 = require("../../shared/runtime-language");
 const id_1 = require("../../shared/utils/id");
+const client_1 = require("../client");
 const context_health_1 = require("./context-health");
 const core_1 = require("./core");
 const policy_1 = require("./policy");
@@ -164,10 +165,21 @@ async function executeDriveRound(args) {
         }
         const snapshot = dialog.getLastContextHealth();
         const hasQueuedUpNext = dialog.hasUpNext();
+        const provider = policy.effectiveAgent.provider ?? minds.team.memberDefaults.provider;
+        const model = policy.effectiveAgent.model ?? minds.team.memberDefaults.model;
+        let cautionRemediationCadenceGenerations = (0, context_health_1.resolveCautionRemediationCadenceGenerations)(undefined);
+        if (provider && model) {
+            const llmCfg = await client_1.LlmConfig.load();
+            const providerCfg = llmCfg.getProvider(provider);
+            cautionRemediationCadenceGenerations = (0, context_health_1.resolveCautionRemediationCadenceGenerations)(providerCfg?.models[model]?.caution_remediation_cadence_generations);
+        }
         const criticalCountdownRemaining = (0, context_health_1.resolveCriticalCountdownRemaining)(dialog.id.key(), snapshot);
         const healthDecision = (0, context_health_1.decideDriverV2ContextHealth)({
+            dialogKey: dialog.id.key(),
             snapshot,
             hadUserPromptThisGen: humanPrompt !== undefined,
+            canInjectPromptThisGen: !hasQueuedUpNext,
+            cautionRemediationCadenceGenerations,
             criticalCountdownRemaining,
         });
         if (healthDecision.kind === 'suspend') {

package/dist/team.js

@@ -94,6 +94,14 @@ exports.Team = Team;
                 this.no_read_dirs = params.no_read_dirs;
             if (params.no_write_dirs !== undefined)
                 this.no_write_dirs = params.no_write_dirs;
+            if (params.read_file_ext_names !== undefined)
+                this.read_file_ext_names = params.read_file_ext_names;
+            if (params.write_file_ext_names !== undefined)
+                this.write_file_ext_names = params.write_file_ext_names;
+            if (params.no_read_file_ext_names !== undefined)
+                this.no_read_file_ext_names = params.no_read_file_ext_names;
+            if (params.no_write_file_ext_names !== undefined)
+                this.no_write_file_ext_names = params.no_write_file_ext_names;
             if (params.icon !== undefined)
                 this.icon = params.icon;
             if (params.streaming !== undefined)
@@ -119,6 +127,10 @@ exports.Team = Team;
                 'write_dirs',
                 'no_read_dirs',
                 'no_write_dirs',
+                'read_file_ext_names',
+                'write_file_ext_names',
+                'no_read_file_ext_names',
+                'no_write_file_ext_names',
                 'icon',
                 'streaming',
                 'hidden',
@@ -224,6 +236,34 @@ exports.Team = Team;
             }
             this.no_write_dirs = noWriteDirs;
         }
+        setReadFileExtNames(readFileExtNames) {
+            if (readFileExtNames === undefined) {
+                delete this.read_file_ext_names;
+                return;
+            }
+            this.read_file_ext_names = readFileExtNames;
+        }
+        setWriteFileExtNames(writeFileExtNames) {
+            if (writeFileExtNames === undefined) {
+                delete this.write_file_ext_names;
+                return;
+            }
+            this.write_file_ext_names = writeFileExtNames;
+        }
+        setNoReadFileExtNames(noReadFileExtNames) {
+            if (noReadFileExtNames === undefined) {
+                delete this.no_read_file_ext_names;
+                return;
+            }
+            this.no_read_file_ext_names = noReadFileExtNames;
+        }
+        setNoWriteFileExtNames(noWriteFileExtNames) {
+            if (noWriteFileExtNames === undefined) {
+                delete this.no_write_file_ext_names;
+                return;
+            }
+            this.no_write_file_ext_names = noWriteFileExtNames;
+        }
         setIcon(icon) {
             if (icon === undefined) {
                 delete this.icon;
@@ -798,6 +838,10 @@ exports.Team = Team;
         'write_dirs',
         'no_read_dirs',
         'no_write_dirs',
+        'read_file_ext_names',
+        'write_file_ext_names',
+        'no_read_file_ext_names',
+        'no_write_file_ext_names',
         'icon',
         'streaming',
         'hidden',
@@ -1117,6 +1161,38 @@ exports.Team = Team;
                 errors.push(asErrorText(err));
             }
         }
+        if (hasOwnKey(rv, 'read_file_ext_names')) {
+            try {
+                overrides.read_file_ext_names = requireDefined(asOptionalStringArray(rv['read_file_ext_names'], `${at}.read_file_ext_names`), `${at}.read_file_ext_names`);
+            }
+            catch (err) {
+                errors.push(asErrorText(err));
+            }
+        }
+        if (hasOwnKey(rv, 'write_file_ext_names')) {
+            try {
+                overrides.write_file_ext_names = requireDefined(asOptionalStringArray(rv['write_file_ext_names'], `${at}.write_file_ext_names`), `${at}.write_file_ext_names`);
+            }
+            catch (err) {
+                errors.push(asErrorText(err));
+            }
+        }
+        if (hasOwnKey(rv, 'no_read_file_ext_names')) {
+            try {
+                overrides.no_read_file_ext_names = requireDefined(asOptionalStringArray(rv['no_read_file_ext_names'], `${at}.no_read_file_ext_names`), `${at}.no_read_file_ext_names`);
+            }
+            catch (err) {
+                errors.push(asErrorText(err));
+            }
+        }
+        if (hasOwnKey(rv, 'no_write_file_ext_names')) {
+            try {
+                overrides.no_write_file_ext_names = requireDefined(asOptionalStringArray(rv['no_write_file_ext_names'], `${at}.no_write_file_ext_names`), `${at}.no_write_file_ext_names`);
+            }
+            catch (err) {
+                errors.push(asErrorText(err));
+            }
+        }
         if (hasOwnKey(rv, 'icon')) {
             try {
                 overrides.icon = requireDefined(asOptionalString(rv['icon'], `${at}.icon`), `${at}.icon`);
@@ -1174,6 +1250,14 @@ exports.Team = Team;
             member.setNoReadDirs(overrides.no_read_dirs);
         if (overrides.no_write_dirs !== undefined)
             member.setNoWriteDirs(overrides.no_write_dirs);
+        if (overrides.read_file_ext_names !== undefined)
+            member.setReadFileExtNames(overrides.read_file_ext_names);
+        if (overrides.write_file_ext_names !== undefined)
+            member.setWriteFileExtNames(overrides.write_file_ext_names);
+        if (overrides.no_read_file_ext_names !== undefined)
+            member.setNoReadFileExtNames(overrides.no_read_file_ext_names);
+        if (overrides.no_write_file_ext_names !== undefined)
+            member.setNoWriteFileExtNames(overrides.no_write_file_ext_names);
         if (overrides.icon !== undefined)
             member.setIcon(overrides.icon);
         if (overrides.streaming !== undefined)

package/dist/tools/prompts/team_mgmt/en/index.md

@@ -30,6 +30,7 @@ team_mgmt is Dominds' toolset for managing `.minds/` (team configuration and rtw
 - **Only operates in `.minds/`**: This toolset only operates within the `.minds/` subtree and should not touch other rtws files
 - **Shell guardrail**: toolset `os` includes `shell_cmd` / `stop_daemon` / `get_daemon_output`; any member with these shell tools must be listed in top-level `shell_specialists`
 - **Member assets recommended**: strongly recommend `persona/knowledge/lessons` files for every `members.<id>` to define ownership, boundaries, and reusable lessons
+- **Default responder recommendation**: `default_responder` is not technically required, but should be set explicitly to avoid implicit fallback drift
 
 ## Quick Navigation
 

package/dist/tools/prompts/team_mgmt/en/tools.md

@@ -61,6 +61,7 @@
   - Must run after modifying `team.yaml`
   - Clear all team.yaml errors in Problems panel before proceeding
   - Also reads declarations from `.minds/mcp.yaml` for toolset binding checks; even when MCP toolsets are not loaded in the current scene (e.g. read-mind flows), it still detects unknown/invalid MCP serverId references in `members.<id>.toolsets`
+  - Also recommended to confirm `default_responder` is explicitly set (not hard-required, but best practice)
 - `team_mgmt_validate_mcp_cfg({})`: Validate `.minds/mcp.yaml` and MCP-related problems
   - Must run after modifying `mcp.yaml`
   - Clear all MCP-related errors in Problems panel before proceeding

package/dist/tools/prompts/team_mgmt/zh/index.md

@@ -30,6 +30,7 @@ team_mgmt 是 Dominds 用于管理 `.minds/`（团队配置与 rtws 记忆）的
 - **只操作 `.minds/`**：该 toolset 只允许操作 `.minds/` 子树，不会也不应触碰 rtws 其他文件
 - **shell 权限约束**：`os` toolset 包含 `shell_cmd` / `stop_daemon` / `get_daemon_output`；任何拿到这些工具的成员都必须出现在顶层 `shell_specialists`
 - **成员资产推荐**：强烈建议为每个 `members.<id>` 配置 `persona/knowledge/lessons` 资产文件，显式定义角色职责、边界和经验复用
+- **默认响应者建议**：`default_responder` 虽非技术必填，但强烈建议显式配置，避免隐式兜底带来的行为漂移
 
 ## 快速导航
 

package/dist/tools/prompts/team_mgmt/zh/tools.md

@@ -61,6 +61,7 @@
   - 修改完 `team.yaml` 后必须运行
   - 清空 Problems 面板里的 team.yaml 错误后再继续
   - 会读取 `.minds/mcp.yaml` 声明做 toolset 绑定校验；即使当前场景未加载 MCP toolsets（例如 read mind），也会检查 `members.<id>.toolsets` 是否引用了不存在/无效的 MCP serverId
+  - 同时建议检查是否显式设置了 `default_responder`（不是硬性必填，但推荐）
 - `team_mgmt_validate_mcp_cfg({})`：验证 `.minds/mcp.yaml` 配置与 MCP 相关问题
   - 修改完 `mcp.yaml` 后必须运行
   - 清空 Problems 面板里的 MCP 相关错误后再继续

package/dist/tools/team_mgmt.js

@@ -2698,7 +2698,7 @@ function renderMemberProperties(language) {
                 '`diligence-push-max`：鞭策 上限（number）。也接受兼容别名 `diligence_push_max`，但请优先用 `diligence-push-max`。',
                 '`streaming`：是否启用流式输出。注意：若该成员解析后的 provider 的 `apiType` 是 `codex`，则 `streaming: false` 属于配置错误（Codex 仅支持流式）；会在 team 校验与运行期被视为严重问题并中止请求。',
                 '`hidden`（影子/隐藏成员：不出现在系统提示的团队目录里，但仍可被诉请）',
-                '`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`（冲突规则见 `team_mgmt_manual({ topics: ["permissions"] })`；read 与 write 是独立控制，别默认 write implies read）',
+                '`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs` / `read_file_ext_names` / `write_file_ext_names` / `no_read_file_ext_names` / `no_write_file_ext_names`（冲突规则见 `team_mgmt_manual({ topics: ["permissions"] })`；read 与 write 是独立控制，别默认 write implies read）',
             ]));
     }
     return (fmtHeader('Member Properties (members.<id>)') +
@@ -2711,12 +2711,13 @@ function renderMemberProperties(language) {
             '`diligence-push-max`: Diligence Push cap (number). Compatibility alias `diligence_push_max` is accepted, but prefer `diligence-push-max`.',
             '`streaming`: whether to enable streaming output. Note: if the member resolves to a provider whose `apiType` is `codex`, then `streaming: false` is a configuration error (Codex is streaming-only); it is treated as a severe issue during validation/runtime and the request will be aborted.',
             '`hidden` (shadow/hidden member: excluded from system-prompt team directory, but callable)',
-            '`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`（冲突规则见 `team_mgmt_manual({ topics: ["permissions"] })`；read 与 write 是独立控制，别默认 write implies read）',
+            '`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs` / `read_file_ext_names` / `write_file_ext_names` / `no_read_file_ext_names` / `no_write_file_ext_names`（冲突规则见 `team_mgmt_manual({ topics: ["permissions"] })`；read 与 write 是独立控制，别默认 write implies read）',
         ]));
 }
 function renderTeamManual(language) {
     const common = [
         'member_defaults: strongly recommended to set provider/model explicitly (omitting may fall back to built-in defaults)',
+        'default_responder: not a hard requirement, but strongly recommended to set explicitly to avoid implicit fallback responder selection and cross-run drift',
         'members: per-agent overrides inherit from member_defaults via prototype fallback',
         'after every modification to `.minds/team.yaml`: you must run `team_mgmt_validate_team_cfg({})` and resolve any Problems panel errors before proceeding to avoid runtime issues (e.g., wrong field types, missing fields, or broken path bindings)',
         'when changing provider/model: validate provider exists + env var is configured (use `team_mgmt_check_provider({ provider_key: "<providerKey>", model: "", all_models: false, live: false, max_models: 0 })`)',
@@ -2731,6 +2732,7 @@ function renderTeamManual(language) {
             fmtList([
                 '团队定义入口文件是 `.minds/team.yaml`（当前没有 `.minds/team.yml` / `.minds/team.json` 等别名；也不使用 `.minds/team.yaml` 以外的“等效入口”）。',
                 '强烈建议显式设置 `member_defaults.provider` 与 `member_defaults.model`：如果省略，可能会使用实现内置的默认值（以当前实现为准），但可移植性/可复现性会变差，也更容易在环境变量未配置时把系统刷成板砖。',
+                '`default_responder` 虽然不是技术必填项，但实践上强烈建议显式设置：否则会退回到实现内置的响应者选择逻辑（例如按可见成员/内置成员兜底），容易造成跨环境或跨轮次行为漂移。',
                 '每次修改 `.minds/team.yaml` 必须运行 `team_mgmt_validate_team_cfg({})`，并在继续之前先清空 Problems 面板里的 team.yaml 相关错误，避免潜在错误进入运行期（例如字段类型错误/字段缺失/路径绑定错误）。',
                 '强烈建议为每个成员配置 `.minds/team/<id>/{persona,knowledge,lessons}.*.md` 三类资产，用来明确角色职责、工作边界与可复用经验；同一个 `<id>` 必须在 `team.yaml` 的 `members` 里出现，且在 `.minds/team/<id>/` 下存在对应的 mind 文件。',
                 '典型内容示例（可直接作为起点，按团队语境改写）：\n```markdown\n# .minds/team/coder/persona.zh.md\n# @coder 角色设定\n## 核心身份\n- 专业程序员，负责按规格完成代码开发。\n## 工作边界\n- 不负责需求分析或产品策略决策。\n- 只根据已确认的开发规格进行实现与重构。\n## 交付标准\n- 输出可运行代码，并附关键验证步骤。\n```\n```markdown\n# .minds/team/coder/lessons.zh.md\n# @coder 经验教训\n- 修改前先定位调用链与数据流，避免“只改表面”。\n- 涉及权限/配置时，改完立即运行对应校验工具并清空 Problems。\n- 涉及高风险改动时，先给最小可审查方案，再逐步扩展。\n```',
@@ -2798,6 +2800,7 @@ function renderTeamManual(language) {
     return (fmtHeader('.minds/team.yaml') +
         fmtList(common.concat([
             'The team definition entrypoint is `.minds/team.yaml` (no `.minds/team.yml` alias today).',
+            '`default_responder` is not technically required, but strongly recommended in practice: without it, runtime falls back to implementation-defined responder selection (for example visible-member/built-in fallback), which can drift across environments/runs.',
             'Strongly recommended: for each member, configure `.minds/team/<id>/{persona,knowledge,lessons}.*.md` assets to define role ownership, work boundaries, and reusable lessons. The same `<id>` must exist in `members.<id>` in `team.yaml`.',
             'Typical content examples (use as a starting point, then adapt to your team context):\n```markdown\n# .minds/team/coder/persona.en.md\n# @coder Persona\n## Core Identity\n- Professional programmer responsible for implementing approved development specs.\n## Work Boundaries\n- Not responsible for requirement discovery or product strategy.\n- Implements/refactors only against confirmed specs.\n## Delivery Standard\n- Deliver runnable code plus key verification steps.\n```\n```markdown\n# .minds/team/coder/lessons.en.md\n# @coder Lessons\n- Trace call chain and data flow before editing; avoid patching only symptoms.\n- After changing permissions/config, run corresponding validators and clear Problems.\n- For high-risk changes, start with a minimal reviewable plan before expansion.\n```',
             'The team mechanism default is long-lived agents (long-lived teammates): `members` is a stable roster of callable teammates, not “on-demand sub-roles”. This is a product mechanism, not a deployment preference.\nTo pick who acts, use `-m/--member <id>` in CLI/TUI.\n`members.<id>.gofor` is a responsibility flashcard / scope / deliverables summary (≤ 5 lines). Use it for fast routing/reminders; put detailed specs in Markdown assets like `.minds/team/<id>/*` or `.minds/team/domains/*.md`.\nExample (`gofor`):\n```yaml\nmembers:\n  qa_guard:\n    name: QA Guard\n    gofor:\n      - Own release regression checklist and pass/fail gate\n      - Maintain runnable smoke tests and docs\n      - Flag high-risk changes and required manual checks\n```\nExample (`gofor`, object; rendered in YAML key order):\n```yaml\nmembers:\n  qa_guard:\n    name: QA Guard\n    gofor:\n      Scope: release regression gate\n      Deliverables: checklist + runnable scripts\n      Non-goals: feature dev\n      Interfaces: coordinates with server/webui owners\n```',
@@ -2853,7 +2856,7 @@ async function renderMcpManual(language) {
                 '默认按“每个对话租用一个 MCP client”运行（更安全）：首次使用该 toolset 会产生 sticky reminder，完成后用 `mcp_release` 释放；如确实是无状态服务器，可配置 `truely-stateless: true` 允许跨对话共享。',
                 'stdio 配置格式：`command` 必须是字符串（可执行命令），参数放在 `args`（string[]，可省略，默认空数组）。`cwd` 可选（字符串）：用于固定相对路径解析目录。',
                 '用 `tools.whitelist/blacklist` 控制暴露的工具，用 `transform` 做命名变换。',
-                '常见坑：stdio transport 需要可执行命令路径正确，且受成员目录权限（`read_dirs/write_dirs/no_*`）约束；HTTP transport 需要服务可达（url/端口/网络）。',
+                '常见坑：stdio transport 需要可执行命令路径正确，且受成员权限（目录 + 扩展名：`*_dirs/no_*_dirs/*_file_ext_names/no_*_file_ext_names`）约束；HTTP transport 需要服务可达（url/端口/网络）。',
                 '高频坑（stdio 路径）：若未设置 `cwd`，相对路径按 Dominds 进程工作目录（通常 rtws 根目录）解析；建议显式配置 `cwd` 或直接使用绝对路径。`cwd` 必须存在且是目录。',
                 '最小诊断流程（建议顺序）：1) 先用 `team_mgmt_check_provider({ provider_key: \"<providerKey>\", model: \"\", all_models: false, live: false, max_models: 0 })` 确认 LLM provider 可用；2) 再检查该成员的目录权限（`team_mgmt_manual({ topics: [\"permissions\"] })`）；3) 运行 `team_mgmt_validate_mcp_cfg({})` 汇总 `.minds/mcp.yaml` 与 MCP 问题；4) 必要时 `mcp_restart`，用完记得 `mcp_release`。',
             ]) +
@@ -2903,7 +2906,7 @@ async function renderMcpManual(language) {
             "Default is per-dialog MCP client leasing (safer): first use adds a sticky reminder; call `mcp_release` when you're sure you won't need the toolset soon. If the server is truly stateless, set `truely-stateless: true` to allow cross-dialog sharing.",
             'Stdio shape: `command` must be a string executable; parameters go in `args` (string[], optional, defaults to empty). Optional `cwd` (string) fixes the working directory used for relative paths.',
             'Use `tools.whitelist/blacklist` for exposure control and `transform` for naming transforms.',
-            'Common pitfalls: stdio transport needs a correct executable/command path, and is subject to member directory permissions (`read_dirs/write_dirs/no_*`); HTTP transport requires the server URL to be reachable.',
+            'Common pitfalls: stdio transport needs a correct executable/command path, and is subject to member permissions (directory + extension: `*_dirs/no_*_dirs/*_file_ext_names/no_*_file_ext_names`); HTTP transport requires the server URL to be reachable.',
             'High-frequency pitfall (stdio paths): if `cwd` is omitted, relative paths are resolved from Dominds process cwd (usually rtws root). Prefer setting `cwd` explicitly or use absolute paths. `cwd` must exist and be a directory.',
             'Minimal diagnostic flow: 1) run `team_mgmt_check_provider({ provider_key: \"<providerKey>\", model: \"\", all_models: false, live: false, max_models: 0 })` to confirm the LLM provider works; 2) review member directory permissions (`team_mgmt_manual({ topics: [\"permissions\"] })`); 3) run `team_mgmt_validate_mcp_cfg({})` to summarize `.minds/mcp.yaml` + MCP issues; 4) use `mcp_restart` if needed, and `mcp_release` when done.',
         ]) +
@@ -2948,12 +2951,15 @@ async function renderMcpManual(language) {
 }
 function renderPermissionsManual(language) {
     if (language === 'zh') {
-        return (fmtHeader('目录权限（read_dirs / write_dirs）') +
+        return (fmtHeader('权限（目录 + 扩展名）') +
             fmtList([
-                '权限字段：`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`。',
-                'deny-list（no_*）优先于 allow-list（*_dirs）。',
-                '若未配置 allow-list，则默认允许（在 deny-list 不命中的前提下）。这很方便，但也更容易“权限过大”；如需最小权限，建议显式收敛 allow-list 并对敏感目录加 deny-list。',
+                '目录字段：`read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`。',
+                '扩展名字段：`read_file_ext_names` / `write_file_ext_names` / `no_read_file_ext_names` / `no_write_file_ext_names`。',
+                'deny-list（`no_*`）优先于 allow-list（`*`）。目录与扩展名两个维度都需要通过。',
+                '若某维度未配置 allow-list，则该维度默认允许（在 deny-list 不命中的前提下）。这很方便，但也更容易“权限过大”；如需最小权限，建议显式收敛 allow-list 并对敏感目录/扩展名加 deny-list。',
                 '`read_dirs` 与 `write_dirs` 是独立控制：不要默认 write implies read（以当前实现的权限检查为准）。',
+                '`read_file_ext_names` 与 `write_file_ext_names` 同样是独立控制。',
+                '扩展名按文件名后缀精确匹配（大小写不敏感，配置项可写 `ts` 或 `.ts`）。',
                 '模式支持 `*` 和 `**`，按“目录范围”语义匹配（按目录/路径前缀范围来理解）。',
                 '示例：`dominds/**` 会匹配 `dominds/README.md`、`dominds/main/server.ts`、`dominds/webapp/src/...` 等路径。',
                 '示例：`.minds/**` 会匹配 `.minds/team.yaml`、`.minds/team/<id>/persona.zh.md` 等；常用于限制普通成员访问 minds 资产。',
@@ -2971,12 +2977,15 @@ function renderPermissionsManual(language) {
                 '    no_write_dirs: [".minds/**"]',
             ]));
     }
-    return (fmtHeader('Directory Permissions (read_dirs / write_dirs)') +
+    return (fmtHeader('Permissions (Directory + Extension)') +
         fmtList([
-            'Fields: `read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`.',
-            'Deny-lists (no_*) override allow-lists (*_dirs).',
-            'If no allow-list is configured, access defaults to allow (after deny-list check). This is convenient but can be overly permissive; for least privilege, explicitly narrow allow-lists and deny sensitive directories.',
+            'Directory fields: `read_dirs` / `write_dirs` / `no_read_dirs` / `no_write_dirs`.',
+            'Extension fields: `read_file_ext_names` / `write_file_ext_names` / `no_read_file_ext_names` / `no_write_file_ext_names`.',
+            'Deny-lists (`no_*`) override allow-lists (`*`). Both directory and extension dimensions must pass.',
+            'If a dimension has no allow-list, that dimension defaults to allow (after deny-list check). This is convenient but can be overly permissive; for least privilege, explicitly narrow allow-lists and deny sensitive directories/extensions.',
             '`read_dirs` and `write_dirs` are controlled independently (do not assume write implies read; follow current implementation).',
+            '`read_file_ext_names` and `write_file_ext_names` are also controlled independently.',
+            'Extension names are exact suffix matches (case-insensitive; config accepts `ts` or `.ts`).',
             'Patterns support `*` and `**` with directory-scope semantics (think directory/path-range matching).',
             'Example: `dominds/**` matches `dominds/README.md`, `dominds/main/server.ts`, `dominds/webapp/src/...`, etc.',
             'Example: `.minds/**` matches `.minds/team.yaml` and `.minds/team/<id>/persona.*.md`; commonly used to restrict normal members from minds assets.',
@@ -3114,7 +3123,7 @@ function renderTroubleshooting(language) {
                 '症状：提示“缺少 provider/model” → 原因：`member_defaults` 或成员覆盖缺失 → 步骤：检查 `.minds/team.yaml` 的 `member_defaults.provider/model`（以及 `members.<id>.provider/model` 是否写错）。',
                 '症状：提示“Provider not found” → 原因：provider key 未定义/拼写错误/未按预期合并 defaults → 步骤：检查 `.minds/llm.yaml` 的 provider keys，并确认 `.minds/team.yaml` 引用的 key 存在。',
                 '症状：提示“Model not found” → 原因：model key 未定义/拼写错误/不在该 provider 下 → 步骤：用 `team_mgmt_list_models({ provider_pattern: \"<providerKey>\", model_pattern: \"*\" })` 查已有模型 key，再修正 `.minds/team.yaml` 引用或补全 `.minds/llm.yaml`。',
-                '症状：提示“permission denied / forbidden / not allowed” → 原因：目录权限（read/write/no_*）命中 deny-list 或未被 allow-list 覆盖 → 步骤：用 `team_mgmt_manual({ topics: [\"permissions\"] })` 复核规则，并检查该成员的 `read_dirs/write_dirs/no_*` 配置。',
+                '症状：提示“permission denied / forbidden / not allowed” → 原因：权限规则（目录或扩展名）命中 deny-list 或未被 allow-list 覆盖 → 步骤：用 `team_mgmt_manual({ topics: [\"permissions\"] })` 复核规则，并检查该成员的 `*_dirs/no_*_dirs/*_file_ext_names/no_*_file_ext_names` 配置。',
                 '症状：MCP 不生效 → 原因：mcp 配置错误/服务不可用/租用未释放 → 步骤：先运行 `team_mgmt_validate_mcp_cfg({})` 汇总错误；必要时用 `mcp_restart`；完成后用 `mcp_release` 释放租用。',
             ]));
     }
@@ -3124,7 +3133,7 @@ function renderTroubleshooting(language) {
             'Symptom: "Missing provider/model" → Cause: missing `member_defaults` or member overrides → Steps: check `.minds/team.yaml` `member_defaults.provider/model` (and `members.<id>.provider/model`).',
             'Symptom: "Provider not found" → Cause: provider key not defined / typo / unexpected merge with defaults → Steps: check `.minds/llm.yaml` provider keys and ensure `.minds/team.yaml` references an existing key.',
             'Symptom: "Model not found" → Cause: model key not defined / typo / not under that provider → Steps: run `team_mgmt_list_models({ provider_pattern: \"<providerKey>\", model_pattern: \"*\" })` and fix `.minds/team.yaml` references or update `.minds/llm.yaml`.',
-            'Symptom: "permission denied / forbidden / not allowed" → Cause: directory permissions (read/write/no_*) hit deny-list or not covered by allow-list → Steps: review `team_mgmt_manual({ topics: [\"permissions\"] })` and the member `read_dirs/write_dirs/no_*` config.',
+            'Symptom: "permission denied / forbidden / not allowed" → Cause: permission rules (directory or extension) hit deny-list or are not covered by allow-list → Steps: review `team_mgmt_manual({ topics: [\"permissions\"] })` and the member `*_dirs/no_*_dirs/*_file_ext_names/no_*_file_ext_names` config.',
             'Symptom: MCP not working → Cause: bad config / server down / leasing issues → Steps: run `team_mgmt_validate_mcp_cfg({})` first, then use `mcp_restart` if needed; call `mcp_release` when done.',
         ]));
 }
@@ -3802,7 +3811,7 @@ exports.teamMgmtManualTool = {
                         `\`team_mgmt_manual({ topics: ["team"] })\`：${topicTitle('team')} — .minds/team.yaml（团队花名册、工具集、目录权限入口）`,
                         `\`team_mgmt_manual({ topics: ["minds"] })\`：${topicTitle('minds')} — .minds/team/<id>/*（persona/knowledge/lessons 资产怎么写）`,
                         `\`team_mgmt_manual({ topics: ["env"] })\`：${topicTitle('env')} — .minds/env.*.md（运行环境提示：在团队介绍之前注入）`,
-                        `\`team_mgmt_manual({ topics: ["permissions"] })\`：${topicTitle('permissions')} — 目录权限（read_dirs/write_dirs/no_* 语义与冲突规则）`,
+                        `\`team_mgmt_manual({ topics: ["permissions"] })\`：${topicTitle('permissions')} — 目录+扩展名权限（*_dirs/no_*_dirs/*_file_ext_names/no_*_file_ext_names 语义与冲突规则）`,
                         `\`team_mgmt_manual({ topics: ["toolsets"] })\`：${topicTitle('toolsets')} — toolsets 列表（当前已注册 toolsets；常见三种授权模式）`,
                         `\`team_mgmt_manual({ topics: ["llm"] })\`：${topicTitle('llm')} — .minds/llm.yaml（provider key 如何定义/引用；env var 安全边界）`,
                         `\`team_mgmt_manual({ topics: ["mcp"] })\`：${topicTitle('mcp')} — .minds/mcp.yaml（MCP serverId→toolset；热重载与租用；可复制最小模板）`,
@@ -3822,7 +3831,7 @@ exports.teamMgmtManualTool = {
                     `\`team_mgmt_manual({ topics: ["team"] })\`: ${topicTitle('team')} — .minds/team.yaml (roster/toolsets/permissions entrypoint)`,
                     `\`team_mgmt_manual({ topics: ["minds"] })\`: ${topicTitle('minds')} — .minds/team/<id>/* (persona/knowledge/lessons assets)`,
                     `\`team_mgmt_manual({ topics: ["env"] })\`: ${topicTitle('env')} — .minds/env.*.md (runtime intro injected before Team Directory)`,
-                    `\`team_mgmt_manual({ topics: ["permissions"] })\`: ${topicTitle('permissions')} — directory permissions (semantics + conflict rules)`,
+                    `\`team_mgmt_manual({ topics: ["permissions"] })\`: ${topicTitle('permissions')} — directory + extension permissions (semantics + conflict rules)`,
                     `\`team_mgmt_manual({ topics: ["toolsets"] })\`: ${topicTitle('toolsets')} — toolsets list (registered toolsets + common patterns)`,
                     `\`team_mgmt_manual({ topics: ["llm"] })\`: ${topicTitle('llm')} — .minds/llm.yaml (provider keys, env var boundaries)`,
                     `\`team_mgmt_manual({ topics: ["mcp"] })\`: ${topicTitle('mcp')} — .minds/mcp.yaml (serverId→toolset, hot reload, leasing, minimal templates)`,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "dominds",
-  "version": "0.8.18",
+  "version": "0.8.20",
   "description": "DevOps Mindsets — Sustainable Agentic Product Lifecycle",
   "type": "commonjs",
   "private": false,