npm - jinzd-ai-cli - Versions diffs - 0.2.0 → 0.2.1 - Mend

jinzd-ai-cli 0.2.0 → 0.2.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

package/dist/{chunk-46RYX62R.js → chunk-QXRBUMCB.js} +1 -1
package/dist/{chunk-PBJ4L7SK.js → chunk-Z3JMFVT5.js} +1 -1
package/dist/electron-server.js +291 -24
package/dist/index.js +4 -4
package/dist/{run-tests-6AZTCLL7.js → run-tests-DYALZXPS.js} +1 -1
package/dist/{server-PCSHZ5AI.js → server-SRILYYV3.js} +292 -25
package/dist/web/client/app.js +127 -1
package/dist/web/client/index.html +39 -0
package/dist/web/client/style.css +21 -0
package/package.json +1 -1

package/dist/{chunk-46RYX62R.js → chunk-QXRBUMCB.js} RENAMED Viewed

@@ -8,7 +8,7 @@ import { platform } from "os";
 import chalk from "chalk";
 // src/core/constants.ts
-var VERSION = "0.2.0";
+var VERSION = "0.2.1";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-PBJ4L7SK.js → chunk-Z3JMFVT5.js} RENAMED Viewed

@@ -16,7 +16,7 @@ import {
   SUBAGENT_MAX_ROUNDS_LIMIT,
   VERSION,
   runTestsTool
-} from "./chunk-46RYX62R.js";
+} from "./chunk-QXRBUMCB.js";
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/electron-server.js CHANGED Viewed

@@ -2,8 +2,8 @@
 import express from "express";
 import { createServer } from "http";
 import { WebSocketServer } from "ws";
-import { join as join13, dirname as dirname4, resolve as resolve5, relative as relative3 } from "path";
-import { existsSync as existsSync18, readFileSync as readFileSync13, readdirSync as readdirSync10, statSync as statSync8 } from "fs";
+import { join as join14, dirname as dirname4, resolve as resolve5, relative as relative3 } from "path";
+import { existsSync as existsSync19, readFileSync as readFileSync14, readdirSync as readdirSync11, statSync as statSync8 } from "fs";
 import { networkInterfaces } from "os";
 // src/config/config-manager.ts
@@ -180,7 +180,7 @@ var EnvLoader = class {
 };
 // src/core/constants.ts
-var VERSION = "0.2.0";
+var VERSION = "0.2.1";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";
@@ -7443,6 +7443,180 @@ async function setupProxy(configProxy) {
   }
 }
+// src/web/auth.ts
+import { existsSync as existsSync18, readFileSync as readFileSync13, writeFileSync as writeFileSync9, mkdirSync as mkdirSync10, readdirSync as readdirSync10, copyFileSync } from "fs";
+import { join as join13 } from "path";
+import { createHmac, randomBytes, timingSafeEqual } from "crypto";
+var USERS_FILE = "users.json";
+var TOKEN_EXPIRY_HOURS = 24 * 7;
+var USERS_DIR = "users";
+var AuthManager = class {
+  usersFile;
+  baseDir;
+  db;
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+    this.usersFile = join13(baseDir, USERS_FILE);
+    this.db = this.loadOrCreate();
+  }
+  // ── Public API ─────────────────────────────────────────────────
+  /** Check if any users exist (first-run detection) */
+  hasUsers() {
+    return this.db.users.length > 0;
+  }
+  /** Check if auth is enabled (has users.json with at least 1 user) */
+  isEnabled() {
+    return this.hasUsers();
+  }
+  /** Register a new user. Returns error string or null on success. */
+  register(username, password) {
+    username = username.trim().toLowerCase();
+    if (!username || username.length < 2 || username.length > 32) {
+      return "Username must be 2-32 characters";
+    }
+    if (!/^[a-z0-9_-]+$/.test(username)) {
+      return "Username can only contain a-z, 0-9, _ and -";
+    }
+    if (!password || password.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    if (this.db.users.find((u) => u.username === username)) {
+      return "Username already exists";
+    }
+    const salt = randomBytes(16).toString("hex");
+    const passwordHash = this.hashPassword(password, salt);
+    const dataDir = join13(USERS_DIR, username);
+    const fullDataDir = join13(this.baseDir, dataDir);
+    mkdirSync10(join13(fullDataDir, "history"), { recursive: true });
+    const user = {
+      username,
+      passwordHash,
+      salt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      dataDir
+    };
+    this.db.users.push(user);
+    this.save();
+    return null;
+  }
+  /** Authenticate user. Returns JWT token or null. */
+  login(username, password) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return null;
+    const hash = this.hashPassword(password, user.salt);
+    const a = Buffer.from(hash, "utf-8");
+    const b = Buffer.from(user.passwordHash, "utf-8");
+    if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      return null;
+    }
+    return this.createToken(username);
+  }
+  /** Verify a token. Returns username or null. */
+  verifyToken(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return null;
+      const [payloadB64, signature] = parts;
+      const expectedSig = this.sign(payloadB64);
+      if (signature !== expectedSig) return null;
+      const payload = JSON.parse(
+        Buffer.from(payloadB64, "base64url").toString("utf-8")
+      );
+      if (Date.now() > payload.exp) return null;
+      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      return payload.username;
+    } catch {
+      return null;
+    }
+  }
+  /** Get user's data directory (absolute path) */
+  getUserDataDir(username) {
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) throw new Error(`User not found: ${username}`);
+    return join13(this.baseDir, user.dataDir);
+  }
+  /** List all usernames */
+  listUsers() {
+    return this.db.users.map((u) => u.username);
+  }
+  /** Migrate existing single-user data to a named user account */
+  migrateExistingData(username, password) {
+    const err = this.register(username, password);
+    if (err) return err;
+    const userDir = this.getUserDataDir(username);
+    const globalConfig = join13(this.baseDir, "config.json");
+    if (existsSync18(globalConfig)) {
+      try {
+        const content = readFileSync13(globalConfig, "utf-8");
+        writeFileSync9(join13(userDir, "config.json"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalMemory = join13(this.baseDir, "memory.md");
+    if (existsSync18(globalMemory)) {
+      try {
+        const content = readFileSync13(globalMemory, "utf-8");
+        writeFileSync9(join13(userDir, "memory.md"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalHistory = join13(this.baseDir, "history");
+    if (existsSync18(globalHistory)) {
+      try {
+        const files = readdirSync10(globalHistory).filter((f) => f.endsWith(".json"));
+        const userHistory = join13(userDir, "history");
+        for (const f of files) {
+          try {
+            copyFileSync(join13(globalHistory, f), join13(userHistory, f));
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  }
+  // ── Private methods ────────────────────────────────────────────
+  loadOrCreate() {
+    if (existsSync18(this.usersFile)) {
+      try {
+        return JSON.parse(readFileSync13(this.usersFile, "utf-8"));
+      } catch {
+      }
+    }
+    const db = {
+      version: 1,
+      secret: randomBytes(32).toString("hex"),
+      users: []
+    };
+    this.saveDB(db);
+    return db;
+  }
+  save() {
+    this.saveDB(this.db);
+  }
+  saveDB(db) {
+    mkdirSync10(this.baseDir, { recursive: true });
+    writeFileSync9(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+  }
+  hashPassword(password, salt) {
+    return createHmac("sha256", salt).update(password).digest("hex");
+  }
+  createToken(username) {
+    const payload = {
+      username,
+      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+    };
+    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
+    const signature = this.sign(payloadB64);
+    return `${payloadB64}.${signature}`;
+  }
+  sign(data) {
+    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
+  }
+};
 // src/web/server.ts
 function getModuleDir() {
   try {
@@ -7498,8 +7672,8 @@ async function startWebServer(options = {}) {
     }
   }
   let skillManager = null;
-  const skillsDir = join13(config.getConfigDir(), SKILLS_DIR_NAME);
-  if (existsSync18(skillsDir)) {
+  const skillsDir = join14(config.getConfigDir(), SKILLS_DIR_NAME);
+  if (existsSync19(skillsDir)) {
     skillManager = new SkillManager(skillsDir);
     skillManager.loadSkills();
     const count = skillManager.listSkills().length;
@@ -7519,15 +7693,15 @@ async function startWebServer(options = {}) {
   const server = createServer(app);
   const wss = new WebSocketServer({ server });
   const moduleDir = getModuleDir();
-  let clientDir = join13(moduleDir, "web", "client");
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(moduleDir, "client");
+  let clientDir = join14(moduleDir, "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(moduleDir, "client");
   }
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(moduleDir, "..", "..", "src", "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(moduleDir, "..", "..", "src", "web", "client");
   }
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(process.cwd(), "src", "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(process.cwd(), "src", "web", "client");
   }
   console.log(`   Static files: ${clientDir}`);
   app.use(express.static(clientDir));
@@ -7546,17 +7720,17 @@ async function startWebServer(options = {}) {
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";
-    const targetDir = join13(cwd, prefix);
+    const targetDir = join14(cwd, prefix);
     if (!resolve5(targetDir).startsWith(resolve5(cwd))) {
       res.json({ files: [] });
       return;
     }
     try {
       const SKIP = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "dist-cjs", "release", "__pycache__", ".next", ".nuxt", "coverage", ".cache"]);
-      const entries = readdirSync10(targetDir, { withFileTypes: true });
+      const entries = readdirSync11(targetDir, { withFileTypes: true });
       const files = entries.filter((e) => !SKIP.has(e.name) && !e.name.startsWith(".")).slice(0, 50).map((e) => ({
         name: e.name,
-        path: relative3(cwd, join13(targetDir, e.name)).replace(/\\/g, "/"),
+        path: relative3(cwd, join14(targetDir, e.name)).replace(/\\/g, "/"),
         isDir: e.isDirectory()
       }));
       res.json({ files });
@@ -7588,7 +7762,7 @@ async function startWebServer(options = {}) {
       return;
     }
     const cwd = process.cwd();
-    const fullPath = resolve5(join13(cwd, filePath));
+    const fullPath = resolve5(join14(cwd, filePath));
     if (!fullPath.startsWith(resolve5(cwd))) {
       res.json({ error: "Access denied" });
       return;
@@ -7599,26 +7773,76 @@ async function startWebServer(options = {}) {
         res.json({ error: `File too large (${(stat.size / 1024).toFixed(0)} KB, max 512 KB)` });
         return;
       }
-      const content = readFileSync13(fullPath, "utf-8");
+      const content = readFileSync14(fullPath, "utf-8");
       res.json({ content, size: stat.size });
     } catch (err) {
       res.json({ error: `Cannot read: ${err.message}` });
     }
   });
+  const authManager = new AuthManager(config.getConfigDir());
+  if (authManager.isEnabled()) {
+    console.log(`   Auth: ${authManager.listUsers().length} user(s) registered`);
+  } else {
+    console.log(`   Auth: disabled (no users registered)`);
+  }
+  const userResources = /* @__PURE__ */ new Map();
+  function getUserShared(username) {
+    const cached = userResources.get(username);
+    if (cached) return cached;
+    const userDataDir = authManager.getUserDataDir(username);
+    const userConfig = new ConfigManager(userDataDir);
+    const userSessions = new SessionManager(userConfig);
+    const userShared = {
+      config: userConfig,
+      providers,
+      // Shared — providers re-read API keys per call
+      sessions: userSessions,
+      toolRegistry,
+      // Shared
+      mcpManager,
+      // Shared
+      skillManager
+      // Shared
+    };
+    userResources.set(username, userShared);
+    return userShared;
+  }
   const handlers = /* @__PURE__ */ new Map();
   wss.on("connection", (ws, req) => {
     const urlStr = req.url ?? "";
     const qMark = urlStr.indexOf("?");
     const params = new URLSearchParams(qMark >= 0 ? urlStr.slice(qMark + 1) : "");
     const tabId = params.get("tabId") || `tab-${Date.now()}`;
+    const token = params.get("token") || "";
     const existing = handlers.get(tabId);
     if (existing) {
       existing.onDisconnect();
       handlers.delete(tabId);
     }
-    console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (total: ${handlers.size + 1})`);
-    const handler = new SessionHandler(ws, shared);
-    handlers.set(tabId, handler);
+    let authenticatedUser = null;
+    let handler = null;
+    if (token) {
+      authenticatedUser = authManager.verifyToken(token);
+    }
+    const authRequired = authManager.isEnabled();
+    if (!authRequired) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (no auth) (total: ${handlers.size + 1})`);
+      handler = new SessionHandler(ws, shared);
+      handlers.set(tabId, handler);
+    } else if (authenticatedUser) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (user: ${authenticatedUser}) (total: ${handlers.size + 1})`);
+      const userShared = getUserShared(authenticatedUser);
+      handler = new SessionHandler(ws, userShared);
+      handlers.set(tabId, handler);
+    } else {
+      console.log(`   \u23F3 Tab waiting auth: ${tabId.slice(0, 12)}`);
+      if (ws.readyState === ws.OPEN) {
+        ws.send(JSON.stringify({
+          type: "auth_required",
+          hasUsers: authManager.hasUsers()
+        }));
+      }
+    }
     ws.on("message", async (data) => {
       try {
         const raw = data.toString();
@@ -7629,6 +7853,49 @@ async function startWebServer(options = {}) {
           }
           return;
         }
+        if (parsed.type === "auth") {
+          const { action, username, password } = parsed;
+          if (action === "register") {
+            const err = authManager.register(username, password);
+            if (err) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: err }));
+              return;
+            }
+            const newToken = authManager.login(username, password);
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User registered & connected: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: newToken, username }));
+            return;
+          }
+          if (action === "login") {
+            const loginToken = authManager.login(username, password);
+            if (!loginToken) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Invalid username or password" }));
+              return;
+            }
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User logged in: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: loginToken, username }));
+            return;
+          }
+          ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Unknown auth action" }));
+          return;
+        }
+        if (!handler) {
+          if (ws.readyState === ws.OPEN) {
+            ws.send(JSON.stringify({
+              type: "auth_required",
+              hasUsers: authManager.hasUsers()
+            }));
+          }
+          return;
+        }
         await handler.handleMessage(raw);
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
@@ -7640,7 +7907,7 @@ async function startWebServer(options = {}) {
     });
     ws.on("close", () => {
       console.log(`   \u2717 Tab disconnected: ${tabId.slice(0, 12)} (total: ${handlers.size - 1})`);
-      handler.onDisconnect();
+      if (handler) handler.onDisconnect();
       handlers.delete(tabId);
     });
     ws.on("error", (err) => {
@@ -7700,10 +7967,10 @@ function loadProjectMcpConfig() {
   const cwd = process.cwd();
   const gitRoot = getGitRoot(cwd);
   const projectRoot = gitRoot ?? cwd;
-  const configPath = join13(projectRoot, MCP_PROJECT_CONFIG_NAME);
-  if (!existsSync18(configPath)) return null;
+  const configPath = join14(projectRoot, MCP_PROJECT_CONFIG_NAME);
+  if (!existsSync19(configPath)) return null;
   try {
-    const raw = JSON.parse(readFileSync13(configPath, "utf-8"));
+    const raw = JSON.parse(readFileSync14(configPath, "utf-8"));
     return raw.mcpServers ?? raw;
   } catch {
     return null;

package/dist/index.js CHANGED Viewed

@@ -35,7 +35,7 @@ import {
   theme,
   truncateOutput,
   undoStack
-} from "./chunk-PBJ4L7SK.js";
+} from "./chunk-Z3JMFVT5.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -55,7 +55,7 @@ import {
   REPO_URL,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-46RYX62R.js";
+} from "./chunk-QXRBUMCB.js";
 // src/index.ts
 import { program } from "commander";
@@ -1904,7 +1904,7 @@ ${hint}` : "")
       description: "Run project tests and show structured report",
       usage: "/test [command|filter]",
       async execute(args, _ctx) {
-        const { executeTests } = await import("./run-tests-6AZTCLL7.js");
+        const { executeTests } = await import("./run-tests-DYALZXPS.js");
         const argStr = args.join(" ").trim();
         let testArgs = {};
         if (argStr) {
@@ -5292,7 +5292,7 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-PCSHZ5AI.js");
+  const { startWebServer } = await import("./server-SRILYYV3.js");
   await startWebServer({ port, host: options.host });
 });
 program.command("sessions").description("List recent conversation sessions").action(async () => {

package/dist/{run-tests-6AZTCLL7.js → run-tests-DYALZXPS.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-46RYX62R.js";
+} from "./chunk-QXRBUMCB.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-PCSHZ5AI.js → server-SRILYYV3.js} RENAMED Viewed

@@ -23,7 +23,7 @@ import {
   setupProxy,
   spawnAgentContext,
   truncateOutput
-} from "./chunk-PBJ4L7SK.js";
+} from "./chunk-Z3JMFVT5.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   CONTEXT_FILE_CANDIDATES,
@@ -35,14 +35,14 @@ import {
   PLAN_MODE_SYSTEM_ADDON,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-46RYX62R.js";
+} from "./chunk-QXRBUMCB.js";
 // src/web/server.ts
 import express from "express";
 import { createServer } from "http";
 import { WebSocketServer } from "ws";
-import { join as join3, dirname, resolve as resolve2, relative } from "path";
-import { existsSync as existsSync4, readFileSync as readFileSync4, readdirSync, statSync } from "fs";
+import { join as join4, dirname, resolve as resolve2, relative } from "path";
+import { existsSync as existsSync5, readFileSync as readFileSync5, readdirSync as readdirSync2, statSync } from "fs";
 import { networkInterfaces } from "os";
 // src/web/tool-executor-web.ts
@@ -1353,6 +1353,180 @@ ${activated.meta.description || ""}` });
   }
 };
+// src/web/auth.ts
+import { existsSync as existsSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, readdirSync, copyFileSync } from "fs";
+import { join as join3 } from "path";
+import { createHmac, randomBytes, timingSafeEqual } from "crypto";
+var USERS_FILE = "users.json";
+var TOKEN_EXPIRY_HOURS = 24 * 7;
+var USERS_DIR = "users";
+var AuthManager = class {
+  usersFile;
+  baseDir;
+  db;
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+    this.usersFile = join3(baseDir, USERS_FILE);
+    this.db = this.loadOrCreate();
+  }
+  // ── Public API ─────────────────────────────────────────────────
+  /** Check if any users exist (first-run detection) */
+  hasUsers() {
+    return this.db.users.length > 0;
+  }
+  /** Check if auth is enabled (has users.json with at least 1 user) */
+  isEnabled() {
+    return this.hasUsers();
+  }
+  /** Register a new user. Returns error string or null on success. */
+  register(username, password) {
+    username = username.trim().toLowerCase();
+    if (!username || username.length < 2 || username.length > 32) {
+      return "Username must be 2-32 characters";
+    }
+    if (!/^[a-z0-9_-]+$/.test(username)) {
+      return "Username can only contain a-z, 0-9, _ and -";
+    }
+    if (!password || password.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    if (this.db.users.find((u) => u.username === username)) {
+      return "Username already exists";
+    }
+    const salt = randomBytes(16).toString("hex");
+    const passwordHash = this.hashPassword(password, salt);
+    const dataDir = join3(USERS_DIR, username);
+    const fullDataDir = join3(this.baseDir, dataDir);
+    mkdirSync2(join3(fullDataDir, "history"), { recursive: true });
+    const user = {
+      username,
+      passwordHash,
+      salt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      dataDir
+    };
+    this.db.users.push(user);
+    this.save();
+    return null;
+  }
+  /** Authenticate user. Returns JWT token or null. */
+  login(username, password) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return null;
+    const hash = this.hashPassword(password, user.salt);
+    const a = Buffer.from(hash, "utf-8");
+    const b = Buffer.from(user.passwordHash, "utf-8");
+    if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      return null;
+    }
+    return this.createToken(username);
+  }
+  /** Verify a token. Returns username or null. */
+  verifyToken(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return null;
+      const [payloadB64, signature] = parts;
+      const expectedSig = this.sign(payloadB64);
+      if (signature !== expectedSig) return null;
+      const payload = JSON.parse(
+        Buffer.from(payloadB64, "base64url").toString("utf-8")
+      );
+      if (Date.now() > payload.exp) return null;
+      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      return payload.username;
+    } catch {
+      return null;
+    }
+  }
+  /** Get user's data directory (absolute path) */
+  getUserDataDir(username) {
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) throw new Error(`User not found: ${username}`);
+    return join3(this.baseDir, user.dataDir);
+  }
+  /** List all usernames */
+  listUsers() {
+    return this.db.users.map((u) => u.username);
+  }
+  /** Migrate existing single-user data to a named user account */
+  migrateExistingData(username, password) {
+    const err = this.register(username, password);
+    if (err) return err;
+    const userDir = this.getUserDataDir(username);
+    const globalConfig = join3(this.baseDir, "config.json");
+    if (existsSync4(globalConfig)) {
+      try {
+        const content = readFileSync4(globalConfig, "utf-8");
+        writeFileSync2(join3(userDir, "config.json"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalMemory = join3(this.baseDir, "memory.md");
+    if (existsSync4(globalMemory)) {
+      try {
+        const content = readFileSync4(globalMemory, "utf-8");
+        writeFileSync2(join3(userDir, "memory.md"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalHistory = join3(this.baseDir, "history");
+    if (existsSync4(globalHistory)) {
+      try {
+        const files = readdirSync(globalHistory).filter((f) => f.endsWith(".json"));
+        const userHistory = join3(userDir, "history");
+        for (const f of files) {
+          try {
+            copyFileSync(join3(globalHistory, f), join3(userHistory, f));
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  }
+  // ── Private methods ────────────────────────────────────────────
+  loadOrCreate() {
+    if (existsSync4(this.usersFile)) {
+      try {
+        return JSON.parse(readFileSync4(this.usersFile, "utf-8"));
+      } catch {
+      }
+    }
+    const db = {
+      version: 1,
+      secret: randomBytes(32).toString("hex"),
+      users: []
+    };
+    this.saveDB(db);
+    return db;
+  }
+  save() {
+    this.saveDB(this.db);
+  }
+  saveDB(db) {
+    mkdirSync2(this.baseDir, { recursive: true });
+    writeFileSync2(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+  }
+  hashPassword(password, salt) {
+    return createHmac("sha256", salt).update(password).digest("hex");
+  }
+  createToken(username) {
+    const payload = {
+      username,
+      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+    };
+    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
+    const signature = this.sign(payloadB64);
+    return `${payloadB64}.${signature}`;
+  }
+  sign(data) {
+    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
+  }
+};
 // src/web/server.ts
 function getModuleDir() {
   try {
@@ -1408,8 +1582,8 @@ async function startWebServer(options = {}) {
     }
   }
   let skillManager = null;
-  const skillsDir = join3(config.getConfigDir(), SKILLS_DIR_NAME);
-  if (existsSync4(skillsDir)) {
+  const skillsDir = join4(config.getConfigDir(), SKILLS_DIR_NAME);
+  if (existsSync5(skillsDir)) {
     skillManager = new SkillManager(skillsDir);
     skillManager.loadSkills();
     const count = skillManager.listSkills().length;
@@ -1429,15 +1603,15 @@ async function startWebServer(options = {}) {
   const server = createServer(app);
   const wss = new WebSocketServer({ server });
   const moduleDir = getModuleDir();
-  let clientDir = join3(moduleDir, "web", "client");
-  if (!existsSync4(clientDir)) {
-    clientDir = join3(moduleDir, "client");
+  let clientDir = join4(moduleDir, "web", "client");
+  if (!existsSync5(clientDir)) {
+    clientDir = join4(moduleDir, "client");
   }
-  if (!existsSync4(clientDir)) {
-    clientDir = join3(moduleDir, "..", "..", "src", "web", "client");
+  if (!existsSync5(clientDir)) {
+    clientDir = join4(moduleDir, "..", "..", "src", "web", "client");
   }
-  if (!existsSync4(clientDir)) {
-    clientDir = join3(process.cwd(), "src", "web", "client");
+  if (!existsSync5(clientDir)) {
+    clientDir = join4(process.cwd(), "src", "web", "client");
   }
   console.log(`   Static files: ${clientDir}`);
   app.use(express.static(clientDir));
@@ -1456,17 +1630,17 @@ async function startWebServer(options = {}) {
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";
-    const targetDir = join3(cwd, prefix);
+    const targetDir = join4(cwd, prefix);
     if (!resolve2(targetDir).startsWith(resolve2(cwd))) {
       res.json({ files: [] });
       return;
     }
     try {
       const SKIP = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "dist-cjs", "release", "__pycache__", ".next", ".nuxt", "coverage", ".cache"]);
-      const entries = readdirSync(targetDir, { withFileTypes: true });
+      const entries = readdirSync2(targetDir, { withFileTypes: true });
       const files = entries.filter((e) => !SKIP.has(e.name) && !e.name.startsWith(".")).slice(0, 50).map((e) => ({
         name: e.name,
-        path: relative(cwd, join3(targetDir, e.name)).replace(/\\/g, "/"),
+        path: relative(cwd, join4(targetDir, e.name)).replace(/\\/g, "/"),
         isDir: e.isDirectory()
       }));
       res.json({ files });
@@ -1498,7 +1672,7 @@ async function startWebServer(options = {}) {
       return;
     }
     const cwd = process.cwd();
-    const fullPath = resolve2(join3(cwd, filePath));
+    const fullPath = resolve2(join4(cwd, filePath));
     if (!fullPath.startsWith(resolve2(cwd))) {
       res.json({ error: "Access denied" });
       return;
@@ -1509,26 +1683,76 @@ async function startWebServer(options = {}) {
         res.json({ error: `File too large (${(stat.size / 1024).toFixed(0)} KB, max 512 KB)` });
         return;
       }
-      const content = readFileSync4(fullPath, "utf-8");
+      const content = readFileSync5(fullPath, "utf-8");
       res.json({ content, size: stat.size });
     } catch (err) {
       res.json({ error: `Cannot read: ${err.message}` });
     }
   });
+  const authManager = new AuthManager(config.getConfigDir());
+  if (authManager.isEnabled()) {
+    console.log(`   Auth: ${authManager.listUsers().length} user(s) registered`);
+  } else {
+    console.log(`   Auth: disabled (no users registered)`);
+  }
+  const userResources = /* @__PURE__ */ new Map();
+  function getUserShared(username) {
+    const cached = userResources.get(username);
+    if (cached) return cached;
+    const userDataDir = authManager.getUserDataDir(username);
+    const userConfig = new ConfigManager(userDataDir);
+    const userSessions = new SessionManager(userConfig);
+    const userShared = {
+      config: userConfig,
+      providers,
+      // Shared — providers re-read API keys per call
+      sessions: userSessions,
+      toolRegistry,
+      // Shared
+      mcpManager,
+      // Shared
+      skillManager
+      // Shared
+    };
+    userResources.set(username, userShared);
+    return userShared;
+  }
   const handlers = /* @__PURE__ */ new Map();
   wss.on("connection", (ws, req) => {
     const urlStr = req.url ?? "";
     const qMark = urlStr.indexOf("?");
     const params = new URLSearchParams(qMark >= 0 ? urlStr.slice(qMark + 1) : "");
     const tabId = params.get("tabId") || `tab-${Date.now()}`;
+    const token = params.get("token") || "";
     const existing = handlers.get(tabId);
     if (existing) {
       existing.onDisconnect();
       handlers.delete(tabId);
     }
-    console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (total: ${handlers.size + 1})`);
-    const handler = new SessionHandler(ws, shared);
-    handlers.set(tabId, handler);
+    let authenticatedUser = null;
+    let handler = null;
+    if (token) {
+      authenticatedUser = authManager.verifyToken(token);
+    }
+    const authRequired = authManager.isEnabled();
+    if (!authRequired) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (no auth) (total: ${handlers.size + 1})`);
+      handler = new SessionHandler(ws, shared);
+      handlers.set(tabId, handler);
+    } else if (authenticatedUser) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (user: ${authenticatedUser}) (total: ${handlers.size + 1})`);
+      const userShared = getUserShared(authenticatedUser);
+      handler = new SessionHandler(ws, userShared);
+      handlers.set(tabId, handler);
+    } else {
+      console.log(`   \u23F3 Tab waiting auth: ${tabId.slice(0, 12)}`);
+      if (ws.readyState === ws.OPEN) {
+        ws.send(JSON.stringify({
+          type: "auth_required",
+          hasUsers: authManager.hasUsers()
+        }));
+      }
+    }
     ws.on("message", async (data) => {
       try {
         const raw = data.toString();
@@ -1539,6 +1763,49 @@ async function startWebServer(options = {}) {
           }
           return;
         }
+        if (parsed.type === "auth") {
+          const { action, username, password } = parsed;
+          if (action === "register") {
+            const err = authManager.register(username, password);
+            if (err) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: err }));
+              return;
+            }
+            const newToken = authManager.login(username, password);
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User registered & connected: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: newToken, username }));
+            return;
+          }
+          if (action === "login") {
+            const loginToken = authManager.login(username, password);
+            if (!loginToken) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Invalid username or password" }));
+              return;
+            }
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User logged in: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: loginToken, username }));
+            return;
+          }
+          ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Unknown auth action" }));
+          return;
+        }
+        if (!handler) {
+          if (ws.readyState === ws.OPEN) {
+            ws.send(JSON.stringify({
+              type: "auth_required",
+              hasUsers: authManager.hasUsers()
+            }));
+          }
+          return;
+        }
         await handler.handleMessage(raw);
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
@@ -1550,7 +1817,7 @@ async function startWebServer(options = {}) {
     });
     ws.on("close", () => {
       console.log(`   \u2717 Tab disconnected: ${tabId.slice(0, 12)} (total: ${handlers.size - 1})`);
-      handler.onDisconnect();
+      if (handler) handler.onDisconnect();
       handlers.delete(tabId);
     });
     ws.on("error", (err) => {
@@ -1610,10 +1877,10 @@ function loadProjectMcpConfig() {
   const cwd = process.cwd();
   const gitRoot = getGitRoot(cwd);
   const projectRoot = gitRoot ?? cwd;
-  const configPath = join3(projectRoot, MCP_PROJECT_CONFIG_NAME);
-  if (!existsSync4(configPath)) return null;
+  const configPath = join4(projectRoot, MCP_PROJECT_CONFIG_NAME);
+  if (!existsSync5(configPath)) return null;
   try {
-    const raw = JSON.parse(readFileSync4(configPath, "utf-8"));
+    const raw = JSON.parse(readFileSync5(configPath, "utf-8"));
     return raw.mcpServers ?? raw;
   } catch {
     return null;

package/dist/web/client/app.js CHANGED Viewed

@@ -8,6 +8,9 @@
 let ws = null;
 let connected = false;
 let processing = false;
+let authToken = localStorage.getItem('aicli-auth-token') || '';
+let authUsername = localStorage.getItem('aicli-auth-user') || '';
+let authMode = 'login'; // 'login' or 'register'
 let currentAssistantEl = null;
 let currentAssistantContent = '';
 let currentThinkingEl = null;
@@ -73,7 +76,8 @@ let reconnectDelay = 1000; // Start at 1s, exponential backoff
 function connect() {
   const protocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
-  ws = new WebSocket(`${protocol}//${location.host}?tabId=${tabId}`);
+  const tokenParam = authToken ? `&token=${encodeURIComponent(authToken)}` : '';
+  ws = new WebSocket(`${protocol}//${location.host}?tabId=${tabId}${tokenParam}`);
   ws.onopen = () => {
     connected = true;
@@ -153,6 +157,8 @@ function handleServerMessage(msg) {
     case 'tools_list':      renderToolsList(msg); switchSidebarTab('tools'); break;
     case 'export_data':     handleExportData(msg); break;
     case 'memory_content':  handleMemoryContent(msg); break;
+    case 'auth_required':   showAuthScreen(msg.hasUsers); break;
+    case 'auth_result':     handleAuthResult(msg); break;
     case 'info':            addInfoMessage(msg.message); break;
     case 'error':           addErrorMessage(msg.message); hideRoundProgress(); clearAllToolTimers(); setProcessing(false); break;
     case 'round_progress':  handleRoundProgress(msg); break;
@@ -1791,3 +1797,123 @@ if (sessionListEl) {
     }
   });
 }
+// ── Auth: Login / Register / Logout ─────────────────────────────────
+function showAuthScreen(hasUsers) {
+  // Clear any stale token
+  authToken = '';
+  authUsername = '';
+  localStorage.removeItem('aicli-auth-token');
+  localStorage.removeItem('aicli-auth-user');
+  const screen = document.getElementById('auth-screen');
+  const app = document.getElementById('app');
+  screen.classList.remove('hidden');
+  app.style.display = 'none';
+  // If no users registered, show register form by default
+  if (!hasUsers) {
+    authMode = 'register';
+    updateAuthForm();
+  } else {
+    authMode = 'login';
+    updateAuthForm();
+  }
+  // Focus username
+  setTimeout(() => document.getElementById('auth-username')?.focus(), 100);
+}
+function hideAuthScreen() {
+  const screen = document.getElementById('auth-screen');
+  const app = document.getElementById('app');
+  screen.classList.add('hidden');
+  app.style.display = '';
+  // Show user menu
+  updateUserMenu();
+}
+function updateAuthForm() {
+  const subtitle = document.getElementById('auth-subtitle');
+  const submit = document.getElementById('auth-submit');
+  const toggle = document.getElementById('auth-toggle');
+  const errorEl = document.getElementById('auth-error');
+  errorEl.classList.add('hidden');
+  if (authMode === 'register') {
+    subtitle.textContent = 'Create your account to get started';
+    submit.textContent = 'Create Account';
+    toggle.innerHTML = 'Already have an account? <span class="text-primary">Sign In</span>';
+  } else {
+    subtitle.textContent = 'Sign in to continue';
+    submit.textContent = 'Sign In';
+    toggle.innerHTML = 'Don\'t have an account? <span class="text-primary">Register</span>';
+  }
+}
+function toggleAuthMode() {
+  authMode = authMode === 'login' ? 'register' : 'login';
+  updateAuthForm();
+}
+function handleAuth(event) {
+  event.preventDefault();
+  const username = document.getElementById('auth-username').value.trim();
+  const password = document.getElementById('auth-password').value;
+  const errorEl = document.getElementById('auth-error');
+  if (!username || !password) {
+    errorEl.textContent = 'Please enter username and password';
+    errorEl.classList.remove('hidden');
+    return;
+  }
+  errorEl.classList.add('hidden');
+  document.getElementById('auth-submit').disabled = true;
+  send({ type: 'auth', action: authMode, username, password });
+}
+function handleAuthResult(msg) {
+  const errorEl = document.getElementById('auth-error');
+  const submitBtn = document.getElementById('auth-submit');
+  submitBtn.disabled = false;
+  if (msg.success) {
+    authToken = msg.token;
+    authUsername = msg.username;
+    localStorage.setItem('aicli-auth-token', msg.token);
+    localStorage.setItem('aicli-auth-user', msg.username);
+    hideAuthScreen();
+    // Request session list now that we're authenticated
+    requestSessionList();
+  } else {
+    errorEl.textContent = msg.error || 'Authentication failed';
+    errorEl.classList.remove('hidden');
+  }
+}
+function updateUserMenu() {
+  const userMenu = document.getElementById('user-menu');
+  const userDisplay = document.getElementById('user-display');
+  const userLabel = document.getElementById('user-label');
+  if (authUsername) {
+    userMenu.classList.remove('hidden');
+    userDisplay.textContent = '👤 ' + authUsername;
+    userLabel.textContent = authUsername;
+  } else {
+    userMenu.classList.add('hidden');
+  }
+}
+function handleLogout() {
+  authToken = '';
+  authUsername = '';
+  localStorage.removeItem('aicli-auth-token');
+  localStorage.removeItem('aicli-auth-user');
+  sessionStorage.removeItem('aicli-active-session');
+  // Reconnect — server will send auth_required
+  if (ws) ws.close();
+}

package/dist/web/client/index.html CHANGED Viewed

@@ -22,6 +22,35 @@
   <link rel="stylesheet" href="style.css">
 </head>
 <body class="bg-base-300 h-screen overflow-hidden">
+  <!-- ── Login / Register Screen (shown when auth required) ──── -->
+  <div id="auth-screen" class="auth-screen hidden">
+    <div class="auth-card">
+      <div class="text-center mb-6">
+        <div class="text-4xl mb-2">🤖</div>
+        <h1 class="text-2xl font-bold text-primary">ai-cli</h1>
+        <p id="auth-subtitle" class="text-sm text-base-content/60 mt-1">Sign in to continue</p>
+      </div>
+      <div id="auth-error" class="alert alert-error text-sm mb-4 hidden"></div>
+      <form id="auth-form" onsubmit="handleAuth(event)">
+        <div class="form-control mb-3">
+          <label class="label"><span class="label-text">Username</span></label>
+          <input id="auth-username" type="text" class="input input-bordered w-full" placeholder="username" autocomplete="username" required minlength="2" maxlength="32">
+        </div>
+        <div class="form-control mb-4">
+          <label class="label"><span class="label-text">Password</span></label>
+          <input id="auth-password" type="password" class="input input-bordered w-full" placeholder="password" autocomplete="current-password" required minlength="4">
+        </div>
+        <button id="auth-submit" type="submit" class="btn btn-primary w-full">Sign In</button>
+      </form>
+      <div class="text-center mt-4">
+        <button id="auth-toggle" class="btn btn-ghost btn-sm" onclick="toggleAuthMode()">
+          Don't have an account? <span class="text-primary">Register</span>
+        </button>
+      </div>
+    </div>
+  </div>
   <div id="app" class="flex flex-col h-screen">
     <!-- ── Navbar ─────────────────────────────────────── -->
@@ -53,6 +82,16 @@
             <li><a onclick="setTheme('nord')">❄️ Nord</a></li>
           </ul>
         </div>
+        <!-- User menu (shown when authenticated) -->
+        <div id="user-menu" class="dropdown dropdown-end hidden">
+          <div tabindex="0" role="button" class="btn btn-sm btn-ghost gap-1">
+            <span id="user-display">👤</span>
+          </div>
+          <ul tabindex="0" class="dropdown-content menu bg-base-200 rounded-box z-10 w-40 p-2 shadow-lg border border-base-content/10">
+            <li><a id="user-label" class="text-sm font-semibold pointer-events-none"></a></li>
+            <li><a onclick="handleLogout()">🚪 Logout</a></li>
+          </ul>
+        </div>
       </div>
     </div>

package/dist/web/client/style.css CHANGED Viewed

@@ -1,5 +1,26 @@
 /* ai-cli Web UI — Custom styles (DaisyUI handles base theme) */
+/* ── Auth Screen ───────────────────────────────────── */
+.auth-screen {
+  position: fixed;
+  inset: 0;
+  z-index: 9999;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background: oklch(var(--b3));
+  backdrop-filter: blur(8px);
+}
+.auth-card {
+  background: oklch(var(--b1));
+  border: 1px solid oklch(var(--bc) / 0.1);
+  border-radius: var(--rounded-box, 1rem);
+  padding: 2rem;
+  width: 100%;
+  max-width: 380px;
+  box-shadow: 0 25px 50px -12px rgba(0,0,0,0.25);
+}
 /* ── Scrollbar ──────────────────────────────────────── */
 #chat-area::-webkit-scrollbar { width: 6px; }
 #chat-area::-webkit-scrollbar-track { background: transparent; }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",