npm - jinzd-ai-cli - Versions diffs - 0.2.1 → 0.2.2 - Mend

jinzd-ai-cli 0.2.1 → 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/dist/auth-TWWF22YZ.js +7 -0
package/dist/chunk-CPLT6CD3.js +202 -0
package/dist/{chunk-Z3JMFVT5.js → chunk-NGGVPDNF.js} +1 -1
package/dist/{chunk-QXRBUMCB.js → chunk-YSHQDGVZ.js} +1 -1
package/dist/electron-server.js +45 -2
package/dist/index.js +102 -4
package/dist/{run-tests-DYALZXPS.js → run-tests-3Y3P7QTJ.js} +1 -1
package/dist/{server-SRILYYV3.js → server-KZ472I7D.js} +45 -196
package/dist/web/client/app.js +47 -0
package/dist/web/client/index.html +2 -0
package/package.json +1 -1

package/dist/auth-TWWF22YZ.js ADDED Viewed

@@ -0,0 +1,7 @@
+#!/usr/bin/env node
+import {
+  AuthManager
+} from "./chunk-CPLT6CD3.js";
+export {
+  AuthManager
+};

package/dist/chunk-CPLT6CD3.js ADDED Viewed

@@ -0,0 +1,202 @@
+#!/usr/bin/env node
+// src/web/auth.ts
+import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, copyFileSync } from "fs";
+import { join } from "path";
+import { createHmac, randomBytes, timingSafeEqual } from "crypto";
+var USERS_FILE = "users.json";
+var TOKEN_EXPIRY_HOURS = 24 * 7;
+var USERS_DIR = "users";
+var AuthManager = class {
+  usersFile;
+  baseDir;
+  db;
+  constructor(baseDir) {
+    this.baseDir = baseDir;
+    this.usersFile = join(baseDir, USERS_FILE);
+    this.db = this.loadOrCreate();
+  }
+  // ── Public API ─────────────────────────────────────────────────
+  /** Check if any users exist (first-run detection) */
+  hasUsers() {
+    return this.db.users.length > 0;
+  }
+  /** Check if auth is enabled (has users.json with at least 1 user) */
+  isEnabled() {
+    return this.hasUsers();
+  }
+  /** Register a new user. Returns error string or null on success. */
+  register(username, password) {
+    username = username.trim().toLowerCase();
+    if (!username || username.length < 2 || username.length > 32) {
+      return "Username must be 2-32 characters";
+    }
+    if (!/^[a-z0-9_-]+$/.test(username)) {
+      return "Username can only contain a-z, 0-9, _ and -";
+    }
+    if (!password || password.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    if (this.db.users.find((u) => u.username === username)) {
+      return "Username already exists";
+    }
+    const salt = randomBytes(16).toString("hex");
+    const passwordHash = this.hashPassword(password, salt);
+    const dataDir = join(USERS_DIR, username);
+    const fullDataDir = join(this.baseDir, dataDir);
+    mkdirSync(join(fullDataDir, "history"), { recursive: true });
+    const user = {
+      username,
+      passwordHash,
+      salt,
+      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
+      dataDir
+    };
+    this.db.users.push(user);
+    this.save();
+    return null;
+  }
+  /** Authenticate user. Returns JWT token or null. */
+  login(username, password) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return null;
+    const hash = this.hashPassword(password, user.salt);
+    const a = Buffer.from(hash, "utf-8");
+    const b = Buffer.from(user.passwordHash, "utf-8");
+    if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      return null;
+    }
+    return this.createToken(username);
+  }
+  /** Verify a token. Returns username or null. */
+  verifyToken(token) {
+    try {
+      const parts = token.split(".");
+      if (parts.length !== 2) return null;
+      const [payloadB64, signature] = parts;
+      const expectedSig = this.sign(payloadB64);
+      if (signature !== expectedSig) return null;
+      const payload = JSON.parse(
+        Buffer.from(payloadB64, "base64url").toString("utf-8")
+      );
+      if (Date.now() > payload.exp) return null;
+      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      return payload.username;
+    } catch {
+      return null;
+    }
+  }
+  /** Get user's data directory (absolute path) */
+  getUserDataDir(username) {
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) throw new Error(`User not found: ${username}`);
+    return join(this.baseDir, user.dataDir);
+  }
+  /** List all usernames */
+  listUsers() {
+    return this.db.users.map((u) => u.username);
+  }
+  /** Delete a user. Returns error string or null on success. */
+  deleteUser(username) {
+    username = username.trim().toLowerCase();
+    const idx = this.db.users.findIndex((u) => u.username === username);
+    if (idx === -1) return `User '${username}' not found`;
+    this.db.users.splice(idx, 1);
+    this.save();
+    return null;
+  }
+  /** Reset a user's password. Returns error string or null on success. */
+  resetPassword(username, newPassword) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return `User '${username}' not found`;
+    if (!newPassword || newPassword.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    const salt = randomBytes(16).toString("hex");
+    user.passwordHash = this.hashPassword(newPassword, salt);
+    user.salt = salt;
+    this.save();
+    return null;
+  }
+  /** Migrate existing single-user data to a named user account */
+  migrateExistingData(username, password) {
+    const err = this.register(username, password);
+    if (err) return err;
+    const userDir = this.getUserDataDir(username);
+    const globalConfig = join(this.baseDir, "config.json");
+    if (existsSync(globalConfig)) {
+      try {
+        const content = readFileSync(globalConfig, "utf-8");
+        writeFileSync(join(userDir, "config.json"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalMemory = join(this.baseDir, "memory.md");
+    if (existsSync(globalMemory)) {
+      try {
+        const content = readFileSync(globalMemory, "utf-8");
+        writeFileSync(join(userDir, "memory.md"), content, "utf-8");
+      } catch {
+      }
+    }
+    const globalHistory = join(this.baseDir, "history");
+    if (existsSync(globalHistory)) {
+      try {
+        const files = readdirSync(globalHistory).filter((f) => f.endsWith(".json"));
+        const userHistory = join(userDir, "history");
+        for (const f of files) {
+          try {
+            copyFileSync(join(globalHistory, f), join(userHistory, f));
+          } catch {
+          }
+        }
+      } catch {
+      }
+    }
+    return null;
+  }
+  // ── Private methods ────────────────────────────────────────────
+  loadOrCreate() {
+    if (existsSync(this.usersFile)) {
+      try {
+        return JSON.parse(readFileSync(this.usersFile, "utf-8"));
+      } catch {
+      }
+    }
+    const db = {
+      version: 1,
+      secret: randomBytes(32).toString("hex"),
+      users: []
+    };
+    this.saveDB(db);
+    return db;
+  }
+  save() {
+    this.saveDB(this.db);
+  }
+  saveDB(db) {
+    mkdirSync(this.baseDir, { recursive: true });
+    writeFileSync(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+  }
+  hashPassword(password, salt) {
+    return createHmac("sha256", salt).update(password).digest("hex");
+  }
+  createToken(username) {
+    const payload = {
+      username,
+      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+    };
+    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
+    const signature = this.sign(payloadB64);
+    return `${payloadB64}.${signature}`;
+  }
+  sign(data) {
+    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
+  }
+};
+export {
+  AuthManager
+};

package/dist/{chunk-Z3JMFVT5.js → chunk-NGGVPDNF.js} RENAMED Viewed

@@ -16,7 +16,7 @@ import {
   SUBAGENT_MAX_ROUNDS_LIMIT,
   VERSION,
   runTestsTool
-} from "./chunk-QXRBUMCB.js";
+} from "./chunk-YSHQDGVZ.js";
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/{chunk-QXRBUMCB.js → chunk-YSHQDGVZ.js} RENAMED Viewed

@@ -8,7 +8,7 @@ import { platform } from "os";
 import chalk from "chalk";
 // src/core/constants.ts
-var VERSION = "0.2.1";
+var VERSION = "0.2.2";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/electron-server.js CHANGED Viewed

@@ -180,7 +180,7 @@ var EnvLoader = class {
 };
 // src/core/constants.ts
-var VERSION = "0.2.1";
+var VERSION = "0.2.2";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";
@@ -7540,6 +7540,29 @@ var AuthManager = class {
   listUsers() {
     return this.db.users.map((u) => u.username);
   }
+  /** Delete a user. Returns error string or null on success. */
+  deleteUser(username) {
+    username = username.trim().toLowerCase();
+    const idx = this.db.users.findIndex((u) => u.username === username);
+    if (idx === -1) return `User '${username}' not found`;
+    this.db.users.splice(idx, 1);
+    this.save();
+    return null;
+  }
+  /** Reset a user's password. Returns error string or null on success. */
+  resetPassword(username, newPassword) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return `User '${username}' not found`;
+    if (!newPassword || newPassword.length < 4) {
+      return "Password must be at least 4 characters";
+    }
+    const salt = randomBytes(16).toString("hex");
+    user.passwordHash = this.hashPassword(newPassword, salt);
+    user.salt = salt;
+    this.save();
+    return null;
+  }
   /** Migrate existing single-user data to a named user account */
   migrateExistingData(username, password) {
     const err = this.register(username, password);
@@ -7714,9 +7737,29 @@ async function startWebServer(options = {}) {
         models: p.info.models.map((m) => ({ id: m.id, name: m.name ?? m.id }))
       })),
       tools: toolRegistry.getDefinitions().length,
-      cwd: process.cwd()
+      cwd: process.cwd(),
+      auth: {
+        enabled: authManager.isEnabled(),
+        userCount: authManager.listUsers().length
+      }
     });
   });
+  app.use(express.json());
+  app.post("/api/auth/register", (req, res) => {
+    const { username, password } = req.body ?? {};
+    if (!username || !password) {
+      res.status(400).json({ error: "Username and password required" });
+      return;
+    }
+    const err = authManager.register(username, password);
+    if (err) {
+      res.status(400).json({ error: err });
+      return;
+    }
+    const token = authManager.login(username, password);
+    console.log(`   \u2713 User registered via API: ${username}`);
+    res.json({ success: true, token, username });
+  });
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";

package/dist/index.js CHANGED Viewed

@@ -35,7 +35,7 @@ import {
   theme,
   truncateOutput,
   undoStack
-} from "./chunk-Z3JMFVT5.js";
+} from "./chunk-NGGVPDNF.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -55,7 +55,7 @@ import {
   REPO_URL,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-QXRBUMCB.js";
+} from "./chunk-YSHQDGVZ.js";
 // src/index.ts
 import { program } from "commander";
@@ -1904,7 +1904,7 @@ ${hint}` : "")
       description: "Run project tests and show structured report",
       usage: "/test [command|filter]",
       async execute(args, _ctx) {
-        const { executeTests } = await import("./run-tests-DYALZXPS.js");
+        const { executeTests } = await import("./run-tests-3Y3P7QTJ.js");
         const argStr = args.join(" ").trim();
         let testArgs = {};
         if (argStr) {
@@ -5292,9 +5292,107 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-SRILYYV3.js");
+  const { startWebServer } = await import("./server-KZ472I7D.js");
   await startWebServer({ port, host: options.host });
 });
+program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {
+  const { AuthManager } = await import("./auth-TWWF22YZ.js");
+  const config = new ConfigManager();
+  const auth = new AuthManager(config.getConfigDir());
+  if (!action || action === "list") {
+    const users = auth.listUsers();
+    if (users.length === 0) {
+      console.log("\nNo users registered. Auth is disabled (single-user mode).");
+      console.log("Create a user to enable multi-user auth: aicli user create <username>\n");
+    } else {
+      console.log(`
+${users.length} user(s) registered (auth enabled):
+`);
+      for (const u of users) {
+        console.log(`  \u2022 ${u}`);
+      }
+      console.log();
+    }
+    return;
+  }
+  async function askPassword(msg) {
+    const { password: pwFn } = await import("@inquirer/prompts");
+    return pwFn({ message: msg, mask: "*" });
+  }
+  if (action === "create") {
+    if (!username) {
+      console.error("Usage: aicli user create <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`Password for ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.register(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' created. Auth is now enabled for Web UI.`);
+    return;
+  }
+  if (action === "delete") {
+    if (!username) {
+      console.error("Usage: aicli user delete <username>");
+      process.exit(1);
+    }
+    const err = auth.deleteUser(username);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' deleted.`);
+    if (!auth.hasUsers()) {
+      console.log("  No users remaining \u2014 auth is now disabled (single-user mode).");
+    }
+    return;
+  }
+  if (action === "reset-password") {
+    if (!username) {
+      console.error("Usage: aicli user reset-password <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`New password for ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.resetPassword(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 Password reset for '${username}'.`);
+    return;
+  }
+  if (action === "migrate") {
+    if (!username) {
+      console.error("Usage: aicli user migrate <username>");
+      process.exit(1);
+    }
+    const pw = await askPassword(`Password for new user ${username}:`);
+    if (!pw || pw.length < 4) {
+      console.error("Password must be at least 4 characters.");
+      process.exit(1);
+    }
+    const err = auth.migrateExistingData(username, pw);
+    if (err) {
+      console.error(`Error: ${err}`);
+      process.exit(1);
+    }
+    console.log(`\u2713 User '${username}' created with existing data migrated.`);
+    return;
+  }
+  console.error(`Unknown action: ${action}`);
+  console.error("Available: list, create, delete, reset-password, migrate");
+  process.exit(1);
+});
 program.command("sessions").description("List recent conversation sessions").action(async () => {
   const config = new ConfigManager();
   const sessions = new SessionManager(config);

package/dist/{run-tests-DYALZXPS.js → run-tests-3Y3P7QTJ.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-QXRBUMCB.js";
+} from "./chunk-YSHQDGVZ.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-SRILYYV3.js → server-KZ472I7D.js} RENAMED Viewed

@@ -23,7 +23,7 @@ import {
   setupProxy,
   spawnAgentContext,
   truncateOutput
-} from "./chunk-Z3JMFVT5.js";
+} from "./chunk-NGGVPDNF.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   CONTEXT_FILE_CANDIDATES,
@@ -35,14 +35,17 @@ import {
   PLAN_MODE_SYSTEM_ADDON,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-QXRBUMCB.js";
+} from "./chunk-YSHQDGVZ.js";
+import {
+  AuthManager
+} from "./chunk-CPLT6CD3.js";
 // src/web/server.ts
 import express from "express";
 import { createServer } from "http";
 import { WebSocketServer } from "ws";
-import { join as join4, dirname, resolve as resolve2, relative } from "path";
-import { existsSync as existsSync5, readFileSync as readFileSync5, readdirSync as readdirSync2, statSync } from "fs";
+import { join as join3, dirname, resolve as resolve2, relative } from "path";
+import { existsSync as existsSync4, readFileSync as readFileSync4, readdirSync, statSync } from "fs";
 import { networkInterfaces } from "os";
 // src/web/tool-executor-web.ts
@@ -1353,180 +1356,6 @@ ${activated.meta.description || ""}` });
   }
 };
-// src/web/auth.ts
-import { existsSync as existsSync4, readFileSync as readFileSync4, writeFileSync as writeFileSync2, mkdirSync as mkdirSync2, readdirSync, copyFileSync } from "fs";
-import { join as join3 } from "path";
-import { createHmac, randomBytes, timingSafeEqual } from "crypto";
-var USERS_FILE = "users.json";
-var TOKEN_EXPIRY_HOURS = 24 * 7;
-var USERS_DIR = "users";
-var AuthManager = class {
-  usersFile;
-  baseDir;
-  db;
-  constructor(baseDir) {
-    this.baseDir = baseDir;
-    this.usersFile = join3(baseDir, USERS_FILE);
-    this.db = this.loadOrCreate();
-  }
-  // ── Public API ─────────────────────────────────────────────────
-  /** Check if any users exist (first-run detection) */
-  hasUsers() {
-    return this.db.users.length > 0;
-  }
-  /** Check if auth is enabled (has users.json with at least 1 user) */
-  isEnabled() {
-    return this.hasUsers();
-  }
-  /** Register a new user. Returns error string or null on success. */
-  register(username, password) {
-    username = username.trim().toLowerCase();
-    if (!username || username.length < 2 || username.length > 32) {
-      return "Username must be 2-32 characters";
-    }
-    if (!/^[a-z0-9_-]+$/.test(username)) {
-      return "Username can only contain a-z, 0-9, _ and -";
-    }
-    if (!password || password.length < 4) {
-      return "Password must be at least 4 characters";
-    }
-    if (this.db.users.find((u) => u.username === username)) {
-      return "Username already exists";
-    }
-    const salt = randomBytes(16).toString("hex");
-    const passwordHash = this.hashPassword(password, salt);
-    const dataDir = join3(USERS_DIR, username);
-    const fullDataDir = join3(this.baseDir, dataDir);
-    mkdirSync2(join3(fullDataDir, "history"), { recursive: true });
-    const user = {
-      username,
-      passwordHash,
-      salt,
-      createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-      dataDir
-    };
-    this.db.users.push(user);
-    this.save();
-    return null;
-  }
-  /** Authenticate user. Returns JWT token or null. */
-  login(username, password) {
-    username = username.trim().toLowerCase();
-    const user = this.db.users.find((u) => u.username === username);
-    if (!user) return null;
-    const hash = this.hashPassword(password, user.salt);
-    const a = Buffer.from(hash, "utf-8");
-    const b = Buffer.from(user.passwordHash, "utf-8");
-    if (a.length !== b.length || !timingSafeEqual(a, b)) {
-      return null;
-    }
-    return this.createToken(username);
-  }
-  /** Verify a token. Returns username or null. */
-  verifyToken(token) {
-    try {
-      const parts = token.split(".");
-      if (parts.length !== 2) return null;
-      const [payloadB64, signature] = parts;
-      const expectedSig = this.sign(payloadB64);
-      if (signature !== expectedSig) return null;
-      const payload = JSON.parse(
-        Buffer.from(payloadB64, "base64url").toString("utf-8")
-      );
-      if (Date.now() > payload.exp) return null;
-      if (!this.db.users.find((u) => u.username === payload.username)) return null;
-      return payload.username;
-    } catch {
-      return null;
-    }
-  }
-  /** Get user's data directory (absolute path) */
-  getUserDataDir(username) {
-    const user = this.db.users.find((u) => u.username === username);
-    if (!user) throw new Error(`User not found: ${username}`);
-    return join3(this.baseDir, user.dataDir);
-  }
-  /** List all usernames */
-  listUsers() {
-    return this.db.users.map((u) => u.username);
-  }
-  /** Migrate existing single-user data to a named user account */
-  migrateExistingData(username, password) {
-    const err = this.register(username, password);
-    if (err) return err;
-    const userDir = this.getUserDataDir(username);
-    const globalConfig = join3(this.baseDir, "config.json");
-    if (existsSync4(globalConfig)) {
-      try {
-        const content = readFileSync4(globalConfig, "utf-8");
-        writeFileSync2(join3(userDir, "config.json"), content, "utf-8");
-      } catch {
-      }
-    }
-    const globalMemory = join3(this.baseDir, "memory.md");
-    if (existsSync4(globalMemory)) {
-      try {
-        const content = readFileSync4(globalMemory, "utf-8");
-        writeFileSync2(join3(userDir, "memory.md"), content, "utf-8");
-      } catch {
-      }
-    }
-    const globalHistory = join3(this.baseDir, "history");
-    if (existsSync4(globalHistory)) {
-      try {
-        const files = readdirSync(globalHistory).filter((f) => f.endsWith(".json"));
-        const userHistory = join3(userDir, "history");
-        for (const f of files) {
-          try {
-            copyFileSync(join3(globalHistory, f), join3(userHistory, f));
-          } catch {
-          }
-        }
-      } catch {
-      }
-    }
-    return null;
-  }
-  // ── Private methods ────────────────────────────────────────────
-  loadOrCreate() {
-    if (existsSync4(this.usersFile)) {
-      try {
-        return JSON.parse(readFileSync4(this.usersFile, "utf-8"));
-      } catch {
-      }
-    }
-    const db = {
-      version: 1,
-      secret: randomBytes(32).toString("hex"),
-      users: []
-    };
-    this.saveDB(db);
-    return db;
-  }
-  save() {
-    this.saveDB(this.db);
-  }
-  saveDB(db) {
-    mkdirSync2(this.baseDir, { recursive: true });
-    writeFileSync2(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
-  }
-  hashPassword(password, salt) {
-    return createHmac("sha256", salt).update(password).digest("hex");
-  }
-  createToken(username) {
-    const payload = {
-      username,
-      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
-    };
-    const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
-    const signature = this.sign(payloadB64);
-    return `${payloadB64}.${signature}`;
-  }
-  sign(data) {
-    return createHmac("sha256", this.db.secret).update(data).digest("base64url");
-  }
-};
 // src/web/server.ts
 function getModuleDir() {
   try {
@@ -1582,8 +1411,8 @@ async function startWebServer(options = {}) {
     }
   }
   let skillManager = null;
-  const skillsDir = join4(config.getConfigDir(), SKILLS_DIR_NAME);
-  if (existsSync5(skillsDir)) {
+  const skillsDir = join3(config.getConfigDir(), SKILLS_DIR_NAME);
+  if (existsSync4(skillsDir)) {
     skillManager = new SkillManager(skillsDir);
     skillManager.loadSkills();
     const count = skillManager.listSkills().length;
@@ -1603,15 +1432,15 @@ async function startWebServer(options = {}) {
   const server = createServer(app);
   const wss = new WebSocketServer({ server });
   const moduleDir = getModuleDir();
-  let clientDir = join4(moduleDir, "web", "client");
-  if (!existsSync5(clientDir)) {
-    clientDir = join4(moduleDir, "client");
+  let clientDir = join3(moduleDir, "web", "client");
+  if (!existsSync4(clientDir)) {
+    clientDir = join3(moduleDir, "client");
   }
-  if (!existsSync5(clientDir)) {
-    clientDir = join4(moduleDir, "..", "..", "src", "web", "client");
+  if (!existsSync4(clientDir)) {
+    clientDir = join3(moduleDir, "..", "..", "src", "web", "client");
   }
-  if (!existsSync5(clientDir)) {
-    clientDir = join4(process.cwd(), "src", "web", "client");
+  if (!existsSync4(clientDir)) {
+    clientDir = join3(process.cwd(), "src", "web", "client");
   }
   console.log(`   Static files: ${clientDir}`);
   app.use(express.static(clientDir));
@@ -1624,23 +1453,43 @@ async function startWebServer(options = {}) {
         models: p.info.models.map((m) => ({ id: m.id, name: m.name ?? m.id }))
       })),
       tools: toolRegistry.getDefinitions().length,
-      cwd: process.cwd()
+      cwd: process.cwd(),
+      auth: {
+        enabled: authManager.isEnabled(),
+        userCount: authManager.listUsers().length
+      }
     });
   });
+  app.use(express.json());
+  app.post("/api/auth/register", (req, res) => {
+    const { username, password } = req.body ?? {};
+    if (!username || !password) {
+      res.status(400).json({ error: "Username and password required" });
+      return;
+    }
+    const err = authManager.register(username, password);
+    if (err) {
+      res.status(400).json({ error: err });
+      return;
+    }
+    const token = authManager.login(username, password);
+    console.log(`   \u2713 User registered via API: ${username}`);
+    res.json({ success: true, token, username });
+  });
   app.get("/api/files", (req, res) => {
     const cwd = process.cwd();
     const prefix = req.query.prefix || "";
-    const targetDir = join4(cwd, prefix);
+    const targetDir = join3(cwd, prefix);
     if (!resolve2(targetDir).startsWith(resolve2(cwd))) {
       res.json({ files: [] });
       return;
     }
     try {
       const SKIP = /* @__PURE__ */ new Set(["node_modules", ".git", "dist", "dist-cjs", "release", "__pycache__", ".next", ".nuxt", "coverage", ".cache"]);
-      const entries = readdirSync2(targetDir, { withFileTypes: true });
+      const entries = readdirSync(targetDir, { withFileTypes: true });
       const files = entries.filter((e) => !SKIP.has(e.name) && !e.name.startsWith(".")).slice(0, 50).map((e) => ({
         name: e.name,
-        path: relative(cwd, join4(targetDir, e.name)).replace(/\\/g, "/"),
+        path: relative(cwd, join3(targetDir, e.name)).replace(/\\/g, "/"),
         isDir: e.isDirectory()
       }));
       res.json({ files });
@@ -1672,7 +1521,7 @@ async function startWebServer(options = {}) {
       return;
     }
     const cwd = process.cwd();
-    const fullPath = resolve2(join4(cwd, filePath));
+    const fullPath = resolve2(join3(cwd, filePath));
     if (!fullPath.startsWith(resolve2(cwd))) {
       res.json({ error: "Access denied" });
       return;
@@ -1683,7 +1532,7 @@ async function startWebServer(options = {}) {
         res.json({ error: `File too large (${(stat.size / 1024).toFixed(0)} KB, max 512 KB)` });
         return;
       }
-      const content = readFileSync5(fullPath, "utf-8");
+      const content = readFileSync4(fullPath, "utf-8");
       res.json({ content, size: stat.size });
     } catch (err) {
       res.json({ error: `Cannot read: ${err.message}` });
@@ -1877,10 +1726,10 @@ function loadProjectMcpConfig() {
   const cwd = process.cwd();
   const gitRoot = getGitRoot(cwd);
   const projectRoot = gitRoot ?? cwd;
-  const configPath = join4(projectRoot, MCP_PROJECT_CONFIG_NAME);
-  if (!existsSync5(configPath)) return null;
+  const configPath = join3(projectRoot, MCP_PROJECT_CONFIG_NAME);
+  if (!existsSync4(configPath)) return null;
   try {
-    const raw = JSON.parse(readFileSync5(configPath, "utf-8"));
+    const raw = JSON.parse(readFileSync4(configPath, "utf-8"));
     return raw.mcpServers ?? raw;
   } catch {
     return null;

package/dist/web/client/app.js CHANGED Viewed

@@ -85,6 +85,7 @@ function connect() {
     connectionStatus.textContent = '🟢 Connected';
     connectionStatus.className = 'status-connected';
     requestSessionList();
+    checkAuthStatus();
     // Start heartbeat ping every 30s
     clearInterval(heartbeatTimer);
     heartbeatTimer = setInterval(() => {
@@ -1917,3 +1918,49 @@ function handleLogout() {
   // Reconnect — server will send auth_required
   if (ws) ws.close();
 }
+// ── Enable Auth (register first user from Web UI) ────────────────────
+async function checkAuthStatus() {
+  try {
+    const res = await fetch('/api/status');
+    const data = await res.json();
+    const btn = document.getElementById('btn-enable-auth');
+    if (data.auth && !data.auth.enabled && !authUsername) {
+      btn.classList.remove('hidden');
+    } else {
+      btn.classList.add('hidden');
+    }
+  } catch { /* ignore */ }
+}
+function showEnableAuthDialog() {
+  const username = prompt('Create admin account — Username (2-32 chars, a-z/0-9/_/-):');
+  if (!username) return;
+  const password = prompt('Password (min 4 chars):');
+  if (!password) return;
+  fetch('/api/auth/register', {
+    method: 'POST',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify({ username, password }),
+  })
+    .then(r => r.json())
+    .then(data => {
+      if (data.error) {
+        alert('Error: ' + data.error);
+        return;
+      }
+      // Save token and reconnect with auth
+      authToken = data.token;
+      authUsername = data.username;
+      localStorage.setItem('aicli-auth-token', data.token);
+      localStorage.setItem('aicli-auth-user', data.username);
+      document.getElementById('btn-enable-auth').classList.add('hidden');
+      updateUserMenu();
+      // Reconnect with new token
+      if (ws) ws.close();
+      alert('✓ Auth enabled! User "' + data.username + '" created. Other users can register from the login screen.');
+    })
+    .catch(err => alert('Failed: ' + err.message));
+}

package/dist/web/client/index.html CHANGED Viewed

@@ -82,6 +82,8 @@
             <li><a onclick="setTheme('nord')">❄️ Nord</a></li>
           </ul>
         </div>
+        <!-- Enable Auth button (shown when no users registered) -->
+        <button id="btn-enable-auth" class="btn btn-sm btn-ghost hidden" title="Enable multi-user auth" onclick="showEnableAuthDialog()">👤 Enable Auth</button>
         <!-- User menu (shown when authenticated) -->
         <div id="user-menu" class="dropdown dropdown-end hidden">
           <div tabindex="0" role="button" class="btn btn-sm btn-ghost gap-1">

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.2.1",
+  "version": "0.2.2",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",