jinzd-ai-cli 0.2.0 → 0.2.2

package/dist/auth-TWWF22YZ.js

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import {
+  AuthManager
+} from "./chunk-CPLT6CD3.js";
+export {
+  AuthManager
+};

package/dist/chunk-CPLT6CD3.js

@@ -0,0 +1,202 @@
+#!/usr/bin/env node
+
+// src/web/auth.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, copyFileSync } from "fs";
+import { join } from "path";
+import { createHmac, randomBytes, timingSafeEqual } from "crypto";
+var USERS_FILE = "users.json";
+var TOKEN_EXPIRY_HOURS = 24 * 7;
+var USERS_DIR = "users";
+var AuthManager = class {
+  usersFile;
+  baseDir;
+  db;
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+    this.usersFile = join(baseDir, USERS_FILE);
+    this.db = this.loadOrCreate();
+  }
+  // ── Public API ─────────────────────────────────────────────────
+  /** Check if any users exist (first-run detection) */
+  hasUsers() {
+    return this.db.users.length > 0;
+  }
+  /** Check if auth is enabled (has users.json with at least 1 user) */
+  isEnabled() {
+    return this.hasUsers();
+  }
+  /** Register a new user. Returns error string or null on success. */
+  register(username, password) {
+    username = username.trim().toLowerCase();
+    if (!username || username.length < 2 || username.length > 32) {
+      return "Username must be 2-32 characters";
+    }
+    if (!/^[a-z0-9_-]+$/.test(username)) {
+      return "Username can only contain a-z, 0-9, _ and -";
+    }
+    if (!password || password.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    if (this.db.users.find((u) => u.username === username)) {
+      return "Username already exists";
+    }
+    const salt = randomBytes(16).toString("hex");
+    const passwordHash = this.hashPassword(password, salt);
+    const dataDir = join(USERS_DIR, username);
+    const fullDataDir = join(this.baseDir, dataDir);
+    mkdirSync(join(fullDataDir, "history"), { recursive: true });
+    const user = {
+      username,
+      passwordHash,
+      salt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      dataDir
+    };
+    this.db.users.push(user);
+    this.save();
+    return null;
+  }
+  /** Authenticate user. Returns JWT token or null. */
+  login(username, password) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return null;
+    const hash = this.hashPassword(password, user.salt);
+    const a = Buffer.from(hash, "utf-8");
+    const b = Buffer.from(user.passwordHash, "utf-8");
+    if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      return null;
+    }
+    return this.createToken(username);
+  }
+  /** Verify a token. Returns username or null. */
+  verifyToken(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return null;
+      const [payloadB64, signature] = parts;
+      const expectedSig = this.sign(payloadB64);
+      if (signature !== expectedSig) return null;
+      const payload = JSON.parse(
+        Buffer.from(payloadB64, "base64url").toString("utf-8")
+      );
+      if (Date.now() > payload.exp) return null;
+      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      return payload.username;
+    } catch {
+      return null;
+    }
+  }
+  /** Get user's data directory (absolute path) */
+  getUserDataDir(username) {
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) throw new Error(`User not found: ${username}`);
+    return join(this.baseDir, user.dataDir);
+  }
+  /** List all usernames */
+  listUsers() {
+    return this.db.users.map((u) => u.username);
+  }
+  /** Delete a user. Returns error string or null on success. */
+  deleteUser(username) {
+    username = username.trim().toLowerCase();
+    const idx = this.db.users.findIndex((u) => u.username === username);
+    if (idx === -1) return `User '${username}' not found`;
+    this.db.users.splice(idx, 1);
+    this.save();
+    return null;
+  }
+  /** Reset a user's password. Returns error string or null on success. */
+  resetPassword(username, newPassword) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return `User '${username}' not found`;
+    if (!newPassword || newPassword.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    const salt = randomBytes(16).toString("hex");
+    user.passwordHash = this.hashPassword(newPassword, salt);
+    user.salt = salt;
+    this.save();
+    return null;
+  }
+  /** Migrate existing single-user data to a named user account */
+  migrateExistingData(username, password) {
+    const err = this.register(username, password);
+    if (err) return err;
+    const userDir = this.getUserDataDir(username);
+    const globalConfig = join(this.baseDir, "config.json");
+    if (existsSync(globalConfig)) {
+      try {
+        const content = readFileSync(globalConfig, "utf-8");
+        writeFileSync(join(userDir, "config.json"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalMemory = join(this.baseDir, "memory.md");
+    if (existsSync(globalMemory)) {
+      try {
+        const content = readFileSync(globalMemory, "utf-8");
+        writeFileSync(join(userDir, "memory.md"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalHistory = join(this.baseDir, "history");
+    if (existsSync(globalHistory)) {
+      try {
+        const files = readdirSync(globalHistory).filter((f) => f.endsWith(".json"));
+        const userHistory = join(userDir, "history");
+        for (const f of files) {
+          try {
+            copyFileSync(join(globalHistory, f), join(userHistory, f));
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  }
+  // ── Private methods ────────────────────────────────────────────
+  loadOrCreate() {
+    if (existsSync(this.usersFile)) {
+      try {
+        return JSON.parse(readFileSync(this.usersFile, "utf-8"));
+      } catch {
+      }
+    }
+    const db = {
+      version: 1,
+      secret: randomBytes(32).toString("hex"),
+      users: []
+    };
+    this.saveDB(db);
+    return db;
+  }
+  save() {
+    this.saveDB(this.db);
+  }
+  saveDB(db) {
+    mkdirSync(this.baseDir, { recursive: true });
+    writeFileSync(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+  }
+  hashPassword(password, salt) {
+    return createHmac("sha256", salt).update(password).digest("hex");
+  }
+  createToken(username) {
+    const payload = {
+      username,
+      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+    };
+    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
+    const signature = this.sign(payloadB64);
+    return `${payloadB64}.${signature}`;
+  }
+  sign(data) {
+    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
+  }
+};
+
+export {
+  AuthManager
+};

package/dist/{chunk-PBJ4L7SK.js → chunk-NGGVPDNF.js}

@@ -16,7 +16,7 @@ import {
   SUBAGENT_MAX_ROUNDS_LIMIT,
   VERSION,
   runTestsTool
-} from "./chunk-46RYX62R.js";
+} from "./chunk-YSHQDGVZ.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/{chunk-46RYX62R.js → chunk-YSHQDGVZ.js}

@@ -8,7 +8,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.2.0";
+var VERSION = "0.2.2";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/electron-server.js

@@ -2,8 +2,8 @@
 import express from "express";
 import { createServer } from "http";
 import { WebSocketServer } from "ws";
-import { join as join13, dirname as dirname4, resolve as resolve5, relative as relative3 } from "path";
-import { existsSync as existsSync18, readFileSync as readFileSync13, readdirSync as readdirSync10, statSync as statSync8 } from "fs";
+import { join as join14, dirname as dirname4, resolve as resolve5, relative as relative3 } from "path";
+import { existsSync as existsSync19, readFileSync as readFileSync14, readdirSync as readdirSync11, statSync as statSync8 } from "fs";
 import { networkInterfaces } from "os";
 
 // src/config/config-manager.ts
@@ -180,7 +180,7 @@ var EnvLoader = class {
 };
 
 // src/core/constants.ts
-var VERSION = "0.2.0";
+var VERSION = "0.2.2";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";
@@ -7443,6 +7443,203 @@ async function setupProxy(configProxy) {
   }
 }
 
+// src/web/auth.ts
+import { existsSync as existsSync18, readFileSync as readFileSync13, writeFileSync as writeFileSync9, mkdirSync as mkdirSync10, readdirSync as readdirSync10, copyFileSync } from "fs";
+import { join as join13 } from "path";
+import { createHmac, randomBytes, timingSafeEqual } from "crypto";
+var USERS_FILE = "users.json";
+var TOKEN_EXPIRY_HOURS = 24 * 7;
+var USERS_DIR = "users";
+var AuthManager = class {
+  usersFile;
+  baseDir;
+  db;
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+    this.usersFile = join13(baseDir, USERS_FILE);
+    this.db = this.loadOrCreate();
+  }
+  // ── Public API ─────────────────────────────────────────────────
+  /** Check if any users exist (first-run detection) */
+  hasUsers() {
+    return this.db.users.length > 0;
+  }
+  /** Check if auth is enabled (has users.json with at least 1 user) */
+  isEnabled() {
+    return this.hasUsers();
+  }
+  /** Register a new user. Returns error string or null on success. */
+  register(username, password) {
+    username = username.trim().toLowerCase();
+    if (!username || username.length < 2 || username.length > 32) {
+      return "Username must be 2-32 characters";
+    }
+    if (!/^[a-z0-9_-]+$/.test(username)) {
+      return "Username can only contain a-z, 0-9, _ and -";
+    }
+    if (!password || password.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    if (this.db.users.find((u) => u.username === username)) {
+      return "Username already exists";
+    }
+    const salt = randomBytes(16).toString("hex");
+    const passwordHash = this.hashPassword(password, salt);
+    const dataDir = join13(USERS_DIR, username);
+    const fullDataDir = join13(this.baseDir, dataDir);
+    mkdirSync10(join13(fullDataDir, "history"), { recursive: true });
+    const user = {
+      username,
+      passwordHash,
+      salt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      dataDir
+    };
+    this.db.users.push(user);
+    this.save();
+    return null;
+  }
+  /** Authenticate user. Returns JWT token or null. */
+  login(username, password) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return null;
+    const hash = this.hashPassword(password, user.salt);
+    const a = Buffer.from(hash, "utf-8");
+    const b = Buffer.from(user.passwordHash, "utf-8");
+    if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      return null;
+    }
+    return this.createToken(username);
+  }
+  /** Verify a token. Returns username or null. */
+  verifyToken(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return null;
+      const [payloadB64, signature] = parts;
+      const expectedSig = this.sign(payloadB64);
+      if (signature !== expectedSig) return null;
+      const payload = JSON.parse(
+        Buffer.from(payloadB64, "base64url").toString("utf-8")
+      );
+      if (Date.now() > payload.exp) return null;
+      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      return payload.username;
+    } catch {
+      return null;
+    }
+  }
+  /** Get user's data directory (absolute path) */
+  getUserDataDir(username) {
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) throw new Error(`User not found: ${username}`);
+    return join13(this.baseDir, user.dataDir);
+  }
+  /** List all usernames */
+  listUsers() {
+    return this.db.users.map((u) => u.username);
+  }
+  /** Delete a user. Returns error string or null on success. */
+  deleteUser(username) {
+    username = username.trim().toLowerCase();
+    const idx = this.db.users.findIndex((u) => u.username === username);
+    if (idx === -1) return `User '${username}' not found`;
+    this.db.users.splice(idx, 1);
+    this.save();
+    return null;
+  }
+  /** Reset a user's password. Returns error string or null on success. */
+  resetPassword(username, newPassword) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return `User '${username}' not found`;
+    if (!newPassword || newPassword.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    const salt = randomBytes(16).toString("hex");
+    user.passwordHash = this.hashPassword(newPassword, salt);
+    user.salt = salt;
+    this.save();
+    return null;
+  }
+  /** Migrate existing single-user data to a named user account */
+  migrateExistingData(username, password) {
+    const err = this.register(username, password);
+    if (err) return err;
+    const userDir = this.getUserDataDir(username);
+    const globalConfig = join13(this.baseDir, "config.json");
+    if (existsSync18(globalConfig)) {
+      try {
+        const content = readFileSync13(globalConfig, "utf-8");
+        writeFileSync9(join13(userDir, "config.json"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalMemory = join13(this.baseDir, "memory.md");
+    if (existsSync18(globalMemory)) {
+      try {
+        const content = readFileSync13(globalMemory, "utf-8");
+        writeFileSync9(join13(userDir, "memory.md"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalHistory = join13(this.baseDir, "history");
+    if (existsSync18(globalHistory)) {
+      try {
+        const files = readdirSync10(globalHistory).filter((f) => f.endsWith(".json"));
+        const userHistory = join13(userDir, "history");
+        for (const f of files) {
+          try {
+            copyFileSync(join13(globalHistory, f), join13(userHistory, f));
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  }
+  // ── Private methods ────────────────────────────────────────────
+  loadOrCreate() {
+    if (existsSync18(this.usersFile)) {
+      try {
+        return JSON.parse(readFileSync13(this.usersFile, "utf-8"));
+      } catch {
+      }
+    }
+    const db = {
+      version: 1,
+      secret: randomBytes(32).toString("hex"),
+      users: []
+    };
+    this.saveDB(db);
+    return db;
+  }
+  save() {
+    this.saveDB(this.db);
+  }
+  saveDB(db) {
+    mkdirSync10(this.baseDir, { recursive: true });
+    writeFileSync9(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+  }
+  hashPassword(password, salt) {
+    return createHmac("sha256", salt).update(password).digest("hex");
+  }
+  createToken(username) {
+    const payload = {
+      username,
+      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+    };
+    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
+    const signature = this.sign(payloadB64);
+    return `${payloadB64}.${signature}`;
+  }
+  sign(data) {
+    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
+  }
+};
+
 // src/web/server.ts
 function getModuleDir() {
   try {
@@ -7498,8 +7695,8 @@ async function startWebServer(options = {}) {
     }
   }
   let skillManager = null;
-  const skillsDir = join13(config.getConfigDir(), SKILLS_DIR_NAME);
-  if (existsSync18(skillsDir)) {
+  const skillsDir = join14(config.getConfigDir(), SKILLS_DIR_NAME);
+  if (existsSync19(skillsDir)) {
     skillManager = new SkillManager(skillsDir);
     skillManager.loadSkills();
     const count = skillManager.listSkills().length;
@@ -7519,15 +7716,15 @@ async function startWebServer(options = {}) {
   const server = createServer(app);
   const wss = new WebSocketServer({ server });
   const moduleDir = getModuleDir();
-  let clientDir = join13(moduleDir, "web", "client");
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(moduleDir, "client");
+  let clientDir = join14(moduleDir, "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(moduleDir, "client");
   }
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(moduleDir, "..", "..", "src", "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(moduleDir, "..", "..", "src", "web", "client");
   }
-  if (!existsSync18(clientDir)) {
-    clientDir = join13(process.cwd(), "src", "web", "client");
+  if (!existsSync19(clientDir)) {
+    clientDir = join14(process.cwd(), "src", "web", "client");
   }
   console.log(`   Static files: ${clientDir}`);
   app.use(express.static(clientDir));
@@ -7540,23 +7737,43 @@ async function startWebServer(options = {}) {
         models: p.info.models.map((m) => ({ id: m.id, name: m.name ?? m.id }))
       })),
       tools: toolRegistry.getDefinitions().length,
-      cwd: process.cwd()
+      cwd: process.cwd(),
+      auth: {
+        enabled: authManager.isEnabled(),
+        userCount: authManager.listUsers().length
+      }
     });
   });
+  app.use(express.json());
+  app.post("/api/auth/register", (req, res) => {
+    const { username, password } = req.body ?? {};
+    if (!username || !password) {
+      res.status(400).json({ error: "Username and password required" });
+      return;
+    }
+    const err = authManager.register(username, password);
+    if (err) {
+      res.status(400).json({ error: err });
+      return;
+    }
+    const token = authManager.login(username, password);
+    console.log(`   \u2713 User registered via API: ${username}`);
+    res.json({ success: true, token, username });
+  });
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";
-    const targetDir = join13(cwd, prefix);
+    const targetDir = join14(cwd, prefix);
     if (!resolve5(targetDir).startsWith(resolve5(cwd))) {
       res.json({ files: [] });
       return;
     }
     try {
       const SKIP = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "dist-cjs", "release", "__pycache__", ".next", ".nuxt", "coverage", ".cache"]);
-      const entries = readdirSync10(targetDir, { withFileTypes: true });
+      const entries = readdirSync11(targetDir, { withFileTypes: true });
       const files = entries.filter((e) => !SKIP.has(e.name) && !e.name.startsWith(".")).slice(0, 50).map((e) => ({
         name: e.name,
-        path: relative3(cwd, join13(targetDir, e.name)).replace(/\\/g, "/"),
+        path: relative3(cwd, join14(targetDir, e.name)).replace(/\\/g, "/"),
         isDir: e.isDirectory()
       }));
       res.json({ files });
@@ -7588,7 +7805,7 @@ async function startWebServer(options = {}) {
       return;
     }
     const cwd = process.cwd();
-    const fullPath = resolve5(join13(cwd, filePath));
+    const fullPath = resolve5(join14(cwd, filePath));
     if (!fullPath.startsWith(resolve5(cwd))) {
       res.json({ error: "Access denied" });
       return;
@@ -7599,26 +7816,76 @@ async function startWebServer(options = {}) {
         res.json({ error: `File too large (${(stat.size / 1024).toFixed(0)} KB, max 512 KB)` });
         return;
       }
-      const content = readFileSync13(fullPath, "utf-8");
+      const content = readFileSync14(fullPath, "utf-8");
       res.json({ content, size: stat.size });
     } catch (err) {
       res.json({ error: `Cannot read: ${err.message}` });
     }
   });
+  const authManager = new AuthManager(config.getConfigDir());
+  if (authManager.isEnabled()) {
+    console.log(`   Auth: ${authManager.listUsers().length} user(s) registered`);
+  } else {
+    console.log(`   Auth: disabled (no users registered)`);
+  }
+  const userResources = /* @__PURE__ */ new Map();
+  function getUserShared(username) {
+    const cached = userResources.get(username);
+    if (cached) return cached;
+    const userDataDir = authManager.getUserDataDir(username);
+    const userConfig = new ConfigManager(userDataDir);
+    const userSessions = new SessionManager(userConfig);
+    const userShared = {
+      config: userConfig,
+      providers,
+      // Shared — providers re-read API keys per call
+      sessions: userSessions,
+      toolRegistry,
+      // Shared
+      mcpManager,
+      // Shared
+      skillManager
+      // Shared
+    };
+    userResources.set(username, userShared);
+    return userShared;
+  }
   const handlers = /* @__PURE__ */ new Map();
   wss.on("connection", (ws, req) => {
     const urlStr = req.url ?? "";
     const qMark = urlStr.indexOf("?");
     const params = new URLSearchParams(qMark >= 0 ? urlStr.slice(qMark + 1) : "");
     const tabId = params.get("tabId") || `tab-${Date.now()}`;
+    const token = params.get("token") || "";
     const existing = handlers.get(tabId);
     if (existing) {
       existing.onDisconnect();
       handlers.delete(tabId);
     }
-    console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (total: ${handlers.size + 1})`);
-    const handler = new SessionHandler(ws, shared);
-    handlers.set(tabId, handler);
+    let authenticatedUser = null;
+    let handler = null;
+    if (token) {
+      authenticatedUser = authManager.verifyToken(token);
+    }
+    const authRequired = authManager.isEnabled();
+    if (!authRequired) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (no auth) (total: ${handlers.size + 1})`);
+      handler = new SessionHandler(ws, shared);
+      handlers.set(tabId, handler);
+    } else if (authenticatedUser) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (user: ${authenticatedUser}) (total: ${handlers.size + 1})`);
+      const userShared = getUserShared(authenticatedUser);
+      handler = new SessionHandler(ws, userShared);
+      handlers.set(tabId, handler);
+    } else {
+      console.log(`   \u23F3 Tab waiting auth: ${tabId.slice(0, 12)}`);
+      if (ws.readyState === ws.OPEN) {
+        ws.send(JSON.stringify({
+          type: "auth_required",
+          hasUsers: authManager.hasUsers()
+        }));
+      }
+    }
     ws.on("message", async (data) => {
       try {
         const raw = data.toString();
@@ -7629,6 +7896,49 @@ async function startWebServer(options = {}) {
           }
           return;
         }
+        if (parsed.type === "auth") {
+          const { action, username, password } = parsed;
+          if (action === "register") {
+            const err = authManager.register(username, password);
+            if (err) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: err }));
+              return;
+            }
+            const newToken = authManager.login(username, password);
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User registered & connected: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: newToken, username }));
+            return;
+          }
+          if (action === "login") {
+            const loginToken = authManager.login(username, password);
+            if (!loginToken) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Invalid username or password" }));
+              return;
+            }
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User logged in: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: loginToken, username }));
+            return;
+          }
+          ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Unknown auth action" }));
+          return;
+        }
+        if (!handler) {
+          if (ws.readyState === ws.OPEN) {
+            ws.send(JSON.stringify({
+              type: "auth_required",
+              hasUsers: authManager.hasUsers()
+            }));
+          }
+          return;
+        }
         await handler.handleMessage(raw);
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
@@ -7640,7 +7950,7 @@ async function startWebServer(options = {}) {
     });
     ws.on("close", () => {
       console.log(`   \u2717 Tab disconnected: ${tabId.slice(0, 12)} (total: ${handlers.size - 1})`);
-      handler.onDisconnect();
+      if (handler) handler.onDisconnect();
       handlers.delete(tabId);
     });
     ws.on("error", (err) => {
@@ -7700,10 +8010,10 @@ function loadProjectMcpConfig() {
   const cwd = process.cwd();
   const gitRoot = getGitRoot(cwd);
   const projectRoot = gitRoot ?? cwd;
-  const configPath = join13(projectRoot, MCP_PROJECT_CONFIG_NAME);
-  if (!existsSync18(configPath)) return null;
+  const configPath = join14(projectRoot, MCP_PROJECT_CONFIG_NAME);
+  if (!existsSync19(configPath)) return null;
   try {
-    const raw = JSON.parse(readFileSync13(configPath, "utf-8"));
+    const raw = JSON.parse(readFileSync14(configPath, "utf-8"));
     return raw.mcpServers ?? raw;
   } catch {
     return null;

package/dist/index.js

@@ -35,7 +35,7 @@ import {
   theme,
   truncateOutput,
   undoStack
-} from "./chunk-PBJ4L7SK.js";
+} from "./chunk-NGGVPDNF.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -55,7 +55,7 @@ import {
   REPO_URL,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-46RYX62R.js";
+} from "./chunk-YSHQDGVZ.js";
 
 // src/index.ts
 import { program } from "commander";
@@ -1904,7 +1904,7 @@ ${hint}` : "")
       description: "Run project tests and show structured report",
       usage: "/test [command|filter]",
       async execute(args, _ctx) {
-        const { executeTests } = await import("./run-tests-6AZTCLL7.js");
+        const { executeTests } = await import("./run-tests-3Y3P7QTJ.js");
         const argStr = args.join(" ").trim();
         let testArgs = {};
         if (argStr) {
@@ -5292,9 +5292,107 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-PCSHZ5AI.js");
+  const { startWebServer } = await import("./server-KZ472I7D.js");
   await startWebServer({ port, host: options.host });
 });
+program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {
+  const { AuthManager } = await import("./auth-TWWF22YZ.js");
+  const config = new ConfigManager();
+  const auth = new AuthManager(config.getConfigDir());
+  if (!action || action === "list") {
+    const users = auth.listUsers();
+    if (users.length === 0) {
+      console.log("\nNo users registered. Auth is disabled (single-user mode).");
+      console.log("Create a user to enable multi-user auth: aicli user create <username>\n");
+    } else {
+      console.log(`
+${users.length} user(s) registered (auth enabled):
+`);
+      for (const u of users) {
+        console.log(`  \u2022 ${u}`);
+      }
+      console.log();
+    }
+    return;
+  }
+  async function askPassword(msg) {
+    const { password: pwFn } = await import("@inquirer/prompts");
+    return pwFn({ message: msg, mask: "*" });
+  }
+  if (action === "create") {
+    if (!username) {
+      console.error("Usage: aicli user create <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`Password for ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.register(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' created. Auth is now enabled for Web UI.`);
+    return;
+  }
+  if (action === "delete") {
+    if (!username) {
+      console.error("Usage: aicli user delete <username>");
+      process.exit(1);
+    }
+    const err = auth.deleteUser(username);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' deleted.`);
+    if (!auth.hasUsers()) {
+      console.log("  No users remaining \u2014 auth is now disabled (single-user mode).");
+    }
+    return;
+  }
+  if (action === "reset-password") {
+    if (!username) {
+      console.error("Usage: aicli user reset-password <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`New password for ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.resetPassword(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 Password reset for '${username}'.`);
+    return;
+  }
+  if (action === "migrate") {
+    if (!username) {
+      console.error("Usage: aicli user migrate <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`Password for new user ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.migrateExistingData(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' created with existing data migrated.`);
+    return;
+  }
+  console.error(`Unknown action: ${action}`);
+  console.error("Available: list, create, delete, reset-password, migrate");
+  process.exit(1);
+});
 program.command("sessions").description("List recent conversation sessions").action(async () => {
   const config = new ConfigManager();
   const sessions = new SessionManager(config);

package/dist/{run-tests-6AZTCLL7.js → run-tests-3Y3P7QTJ.js}

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-46RYX62R.js";
+} from "./chunk-YSHQDGVZ.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-PCSHZ5AI.js → server-KZ472I7D.js}

@@ -23,7 +23,7 @@ import {
   setupProxy,
   spawnAgentContext,
   truncateOutput
-} from "./chunk-PBJ4L7SK.js";
+} from "./chunk-NGGVPDNF.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   CONTEXT_FILE_CANDIDATES,
@@ -35,7 +35,10 @@ import {
   PLAN_MODE_SYSTEM_ADDON,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-46RYX62R.js";
+} from "./chunk-YSHQDGVZ.js";
+import {
+  AuthManager
+} from "./chunk-CPLT6CD3.js";
 
 // src/web/server.ts
 import express from "express";
@@ -1450,9 +1453,29 @@ async function startWebServer(options = {}) {
         models: p.info.models.map((m) => ({ id: m.id, name: m.name ?? m.id }))
       })),
       tools: toolRegistry.getDefinitions().length,
-      cwd: process.cwd()
+      cwd: process.cwd(),
+      auth: {
+        enabled: authManager.isEnabled(),
+        userCount: authManager.listUsers().length
+      }
     });
   });
+  app.use(express.json());
+  app.post("/api/auth/register", (req, res) => {
+    const { username, password } = req.body ?? {};
+    if (!username || !password) {
+      res.status(400).json({ error: "Username and password required" });
+      return;
+    }
+    const err = authManager.register(username, password);
+    if (err) {
+      res.status(400).json({ error: err });
+      return;
+    }
+    const token = authManager.login(username, password);
+    console.log(`   \u2713 User registered via API: ${username}`);
+    res.json({ success: true, token, username });
+  });
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";
@@ -1515,20 +1538,70 @@ async function startWebServer(options = {}) {
       res.json({ error: `Cannot read: ${err.message}` });
     }
   });
+  const authManager = new AuthManager(config.getConfigDir());
+  if (authManager.isEnabled()) {
+    console.log(`   Auth: ${authManager.listUsers().length} user(s) registered`);
+  } else {
+    console.log(`   Auth: disabled (no users registered)`);
+  }
+  const userResources = /* @__PURE__ */ new Map();
+  function getUserShared(username) {
+    const cached = userResources.get(username);
+    if (cached) return cached;
+    const userDataDir = authManager.getUserDataDir(username);
+    const userConfig = new ConfigManager(userDataDir);
+    const userSessions = new SessionManager(userConfig);
+    const userShared = {
+      config: userConfig,
+      providers,
+      // Shared — providers re-read API keys per call
+      sessions: userSessions,
+      toolRegistry,
+      // Shared
+      mcpManager,
+      // Shared
+      skillManager
+      // Shared
+    };
+    userResources.set(username, userShared);
+    return userShared;
+  }
   const handlers = /* @__PURE__ */ new Map();
   wss.on("connection", (ws, req) => {
     const urlStr = req.url ?? "";
     const qMark = urlStr.indexOf("?");
     const params = new URLSearchParams(qMark >= 0 ? urlStr.slice(qMark + 1) : "");
     const tabId = params.get("tabId") || `tab-${Date.now()}`;
+    const token = params.get("token") || "";
     const existing = handlers.get(tabId);
     if (existing) {
       existing.onDisconnect();
       handlers.delete(tabId);
     }
-    console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (total: ${handlers.size + 1})`);
-    const handler = new SessionHandler(ws, shared);
-    handlers.set(tabId, handler);
+    let authenticatedUser = null;
+    let handler = null;
+    if (token) {
+      authenticatedUser = authManager.verifyToken(token);
+    }
+    const authRequired = authManager.isEnabled();
+    if (!authRequired) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (no auth) (total: ${handlers.size + 1})`);
+      handler = new SessionHandler(ws, shared);
+      handlers.set(tabId, handler);
+    } else if (authenticatedUser) {
+      console.log(`   \u2713 Tab connected: ${tabId.slice(0, 12)} (user: ${authenticatedUser}) (total: ${handlers.size + 1})`);
+      const userShared = getUserShared(authenticatedUser);
+      handler = new SessionHandler(ws, userShared);
+      handlers.set(tabId, handler);
+    } else {
+      console.log(`   \u23F3 Tab waiting auth: ${tabId.slice(0, 12)}`);
+      if (ws.readyState === ws.OPEN) {
+        ws.send(JSON.stringify({
+          type: "auth_required",
+          hasUsers: authManager.hasUsers()
+        }));
+      }
+    }
     ws.on("message", async (data) => {
       try {
         const raw = data.toString();
@@ -1539,6 +1612,49 @@ async function startWebServer(options = {}) {
           }
           return;
         }
+        if (parsed.type === "auth") {
+          const { action, username, password } = parsed;
+          if (action === "register") {
+            const err = authManager.register(username, password);
+            if (err) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: err }));
+              return;
+            }
+            const newToken = authManager.login(username, password);
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User registered & connected: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: newToken, username }));
+            return;
+          }
+          if (action === "login") {
+            const loginToken = authManager.login(username, password);
+            if (!loginToken) {
+              ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Invalid username or password" }));
+              return;
+            }
+            authenticatedUser = username;
+            const userShared = getUserShared(username);
+            handler = new SessionHandler(ws, userShared);
+            handlers.set(tabId, handler);
+            console.log(`   \u2713 User logged in: ${username} (tab: ${tabId.slice(0, 12)})`);
+            ws.send(JSON.stringify({ type: "auth_result", success: true, token: loginToken, username }));
+            return;
+          }
+          ws.send(JSON.stringify({ type: "auth_result", success: false, error: "Unknown auth action" }));
+          return;
+        }
+        if (!handler) {
+          if (ws.readyState === ws.OPEN) {
+            ws.send(JSON.stringify({
+              type: "auth_required",
+              hasUsers: authManager.hasUsers()
+            }));
+          }
+          return;
+        }
         await handler.handleMessage(raw);
       } catch (err) {
         const message = err instanceof Error ? err.message : String(err);
@@ -1550,7 +1666,7 @@ async function startWebServer(options = {}) {
     });
     ws.on("close", () => {
       console.log(`   \u2717 Tab disconnected: ${tabId.slice(0, 12)} (total: ${handlers.size - 1})`);
-      handler.onDisconnect();
+      if (handler) handler.onDisconnect();
       handlers.delete(tabId);
     });
     ws.on("error", (err) => {

package/dist/web/client/app.js

@@ -8,6 +8,9 @@
 let ws = null;
 let connected = false;
 let processing = false;
+let authToken = localStorage.getItem('aicli-auth-token') || '';
+let authUsername = localStorage.getItem('aicli-auth-user') || '';
+let authMode = 'login'; // 'login' or 'register'
 let currentAssistantEl = null;
 let currentAssistantContent = '';
 let currentThinkingEl = null;
@@ -73,7 +76,8 @@ let reconnectDelay = 1000; // Start at 1s, exponential backoff
 
 function connect() {
   const protocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
-  ws = new WebSocket(`${protocol}//${location.host}?tabId=${tabId}`);
+  const tokenParam = authToken ? `&token=${encodeURIComponent(authToken)}` : '';
+  ws = new WebSocket(`${protocol}//${location.host}?tabId=${tabId}${tokenParam}`);
 
   ws.onopen = () => {
     connected = true;
@@ -81,6 +85,7 @@ function connect() {
     connectionStatus.textContent = '🟢 Connected';
     connectionStatus.className = 'status-connected';
     requestSessionList();
+    checkAuthStatus();
     // Start heartbeat ping every 30s
     clearInterval(heartbeatTimer);
     heartbeatTimer = setInterval(() => {
@@ -153,6 +158,8 @@ function handleServerMessage(msg) {
     case 'tools_list':      renderToolsList(msg); switchSidebarTab('tools'); break;
     case 'export_data':     handleExportData(msg); break;
     case 'memory_content':  handleMemoryContent(msg); break;
+    case 'auth_required':   showAuthScreen(msg.hasUsers); break;
+    case 'auth_result':     handleAuthResult(msg); break;
     case 'info':            addInfoMessage(msg.message); break;
     case 'error':           addErrorMessage(msg.message); hideRoundProgress(); clearAllToolTimers(); setProcessing(false); break;
     case 'round_progress':  handleRoundProgress(msg); break;
@@ -1791,3 +1798,169 @@ if (sessionListEl) {
     }
   });
 }
+
+// ── Auth: Login / Register / Logout ─────────────────────────────────
+
+function showAuthScreen(hasUsers) {
+  // Clear any stale token
+  authToken = '';
+  authUsername = '';
+  localStorage.removeItem('aicli-auth-token');
+  localStorage.removeItem('aicli-auth-user');
+
+  const screen = document.getElementById('auth-screen');
+  const app = document.getElementById('app');
+  screen.classList.remove('hidden');
+  app.style.display = 'none';
+
+  // If no users registered, show register form by default
+  if (!hasUsers) {
+    authMode = 'register';
+    updateAuthForm();
+  } else {
+    authMode = 'login';
+    updateAuthForm();
+  }
+  // Focus username
+  setTimeout(() => document.getElementById('auth-username')?.focus(), 100);
+}
+
+function hideAuthScreen() {
+  const screen = document.getElementById('auth-screen');
+  const app = document.getElementById('app');
+  screen.classList.add('hidden');
+  app.style.display = '';
+  // Show user menu
+  updateUserMenu();
+}
+
+function updateAuthForm() {
+  const subtitle = document.getElementById('auth-subtitle');
+  const submit = document.getElementById('auth-submit');
+  const toggle = document.getElementById('auth-toggle');
+  const errorEl = document.getElementById('auth-error');
+
+  errorEl.classList.add('hidden');
+
+  if (authMode === 'register') {
+    subtitle.textContent = 'Create your account to get started';
+    submit.textContent = 'Create Account';
+    toggle.innerHTML = 'Already have an account? <span class="text-primary">Sign In</span>';
+  } else {
+    subtitle.textContent = 'Sign in to continue';
+    submit.textContent = 'Sign In';
+    toggle.innerHTML = 'Don\'t have an account? <span class="text-primary">Register</span>';
+  }
+}
+
+function toggleAuthMode() {
+  authMode = authMode === 'login' ? 'register' : 'login';
+  updateAuthForm();
+}
+
+function handleAuth(event) {
+  event.preventDefault();
+  const username = document.getElementById('auth-username').value.trim();
+  const password = document.getElementById('auth-password').value;
+  const errorEl = document.getElementById('auth-error');
+
+  if (!username || !password) {
+    errorEl.textContent = 'Please enter username and password';
+    errorEl.classList.remove('hidden');
+    return;
+  }
+
+  errorEl.classList.add('hidden');
+  document.getElementById('auth-submit').disabled = true;
+
+  send({ type: 'auth', action: authMode, username, password });
+}
+
+function handleAuthResult(msg) {
+  const errorEl = document.getElementById('auth-error');
+  const submitBtn = document.getElementById('auth-submit');
+  submitBtn.disabled = false;
+
+  if (msg.success) {
+    authToken = msg.token;
+    authUsername = msg.username;
+    localStorage.setItem('aicli-auth-token', msg.token);
+    localStorage.setItem('aicli-auth-user', msg.username);
+    hideAuthScreen();
+    // Request session list now that we're authenticated
+    requestSessionList();
+  } else {
+    errorEl.textContent = msg.error || 'Authentication failed';
+    errorEl.classList.remove('hidden');
+  }
+}
+
+function updateUserMenu() {
+  const userMenu = document.getElementById('user-menu');
+  const userDisplay = document.getElementById('user-display');
+  const userLabel = document.getElementById('user-label');
+
+  if (authUsername) {
+    userMenu.classList.remove('hidden');
+    userDisplay.textContent = '👤 ' + authUsername;
+    userLabel.textContent = authUsername;
+  } else {
+    userMenu.classList.add('hidden');
+  }
+}
+
+function handleLogout() {
+  authToken = '';
+  authUsername = '';
+  localStorage.removeItem('aicli-auth-token');
+  localStorage.removeItem('aicli-auth-user');
+  sessionStorage.removeItem('aicli-active-session');
+  // Reconnect — server will send auth_required
+  if (ws) ws.close();
+}
+
+// ── Enable Auth (register first user from Web UI) ────────────────────
+
+async function checkAuthStatus() {
+  try {
+    const res = await fetch('/api/status');
+    const data = await res.json();
+    const btn = document.getElementById('btn-enable-auth');
+    if (data.auth && !data.auth.enabled && !authUsername) {
+      btn.classList.remove('hidden');
+    } else {
+      btn.classList.add('hidden');
+    }
+  } catch { /* ignore */ }
+}
+
+function showEnableAuthDialog() {
+  const username = prompt('Create admin account — Username (2-32 chars, a-z/0-9/_/-):');
+  if (!username) return;
+  const password = prompt('Password (min 4 chars):');
+  if (!password) return;
+
+  fetch('/api/auth/register', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ username, password }),
+  })
+    .then(r => r.json())
+    .then(data => {
+      if (data.error) {
+        alert('Error: ' + data.error);
+        return;
+      }
+      // Save token and reconnect with auth
+      authToken = data.token;
+      authUsername = data.username;
+      localStorage.setItem('aicli-auth-token', data.token);
+      localStorage.setItem('aicli-auth-user', data.username);
+      document.getElementById('btn-enable-auth').classList.add('hidden');
+      updateUserMenu();
+      // Reconnect with new token
+      if (ws) ws.close();
+      alert('✓ Auth enabled! User "' + data.username + '" created. Other users can register from the login screen.');
+    })
+    .catch(err => alert('Failed: ' + err.message));
+}

package/dist/web/client/index.html

@@ -22,6 +22,35 @@
   <link rel="stylesheet" href="style.css">
 </head>
 <body class="bg-base-300 h-screen overflow-hidden">
+
+  <!-- ── Login / Register Screen (shown when auth required) ──── -->
+  <div id="auth-screen" class="auth-screen hidden">
+    <div class="auth-card">
+      <div class="text-center mb-6">
+        <div class="text-4xl mb-2">🤖</div>
+        <h1 class="text-2xl font-bold text-primary">ai-cli</h1>
+        <p id="auth-subtitle" class="text-sm text-base-content/60 mt-1">Sign in to continue</p>
+      </div>
+      <div id="auth-error" class="alert alert-error text-sm mb-4 hidden"></div>
+      <form id="auth-form" onsubmit="handleAuth(event)">
+        <div class="form-control mb-3">
+          <label class="label"><span class="label-text">Username</span></label>
+          <input id="auth-username" type="text" class="input input-bordered w-full" placeholder="username" autocomplete="username" required minlength="2" maxlength="32">
+        </div>
+        <div class="form-control mb-4">
+          <label class="label"><span class="label-text">Password</span></label>
+          <input id="auth-password" type="password" class="input input-bordered w-full" placeholder="password" autocomplete="current-password" required minlength="4">
+        </div>
+        <button id="auth-submit" type="submit" class="btn btn-primary w-full">Sign In</button>
+      </form>
+      <div class="text-center mt-4">
+        <button id="auth-toggle" class="btn btn-ghost btn-sm" onclick="toggleAuthMode()">
+          Don't have an account? <span class="text-primary">Register</span>
+        </button>
+      </div>
+    </div>
+  </div>
+
   <div id="app" class="flex flex-col h-screen">
 
     <!-- ── Navbar ─────────────────────────────────────── -->
@@ -53,6 +82,18 @@
             <li><a onclick="setTheme('nord')">❄️ Nord</a></li>
           </ul>
         </div>
+        <!-- Enable Auth button (shown when no users registered) -->
+        <button id="btn-enable-auth" class="btn btn-sm btn-ghost hidden" title="Enable multi-user auth" onclick="showEnableAuthDialog()">👤 Enable Auth</button>
+        <!-- User menu (shown when authenticated) -->
+        <div id="user-menu" class="dropdown dropdown-end hidden">
+          <div tabindex="0" role="button" class="btn btn-sm btn-ghost gap-1">
+            <span id="user-display">👤</span>
+          </div>
+          <ul tabindex="0" class="dropdown-content menu bg-base-200 rounded-box z-10 w-40 p-2 shadow-lg border border-base-content/10">
+            <li><a id="user-label" class="text-sm font-semibold pointer-events-none"></a></li>
+            <li><a onclick="handleLogout()">🚪 Logout</a></li>
+          </ul>
+        </div>
       </div>
     </div>
 

package/dist/web/client/style.css

@@ -1,5 +1,26 @@
 /* ai-cli Web UI — Custom styles (DaisyUI handles base theme) */
 
+/* ── Auth Screen ───────────────────────────────────── */
+.auth-screen {
+  position: fixed;
+  inset: 0;
+  z-index: 9999;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  background: oklch(var(--b3));
+  backdrop-filter: blur(8px);
+}
+.auth-card {
+  background: oklch(var(--b1));
+  border: 1px solid oklch(var(--bc) / 0.1);
+  border-radius: var(--rounded-box, 1rem);
+  padding: 2rem;
+  width: 100%;
+  max-width: 380px;
+  box-shadow: 0 25px 50px -12px rgba(0,0,0,0.25);
+}
+
 /* ── Scrollbar ──────────────────────────────────────── */
 #chat-area::-webkit-scrollbar { width: 6px; }
 #chat-area::-webkit-scrollbar-track { background: transparent; }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.2.0",
+  "version": "0.2.2",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",