jinzd-ai-cli 0.2.12 → 0.2.14

package/README.md

@@ -237,6 +237,50 @@ Configuration is stored at `~/.aicli/config.json`. Run `aicli config` for the in
 }
 ```
 
+### Permission Rules
+
+Control when tools require confirmation. Rules are checked in order — first match wins:
+
+```json
+{
+  "permissionRules": [
+    { "tool": "read_file", "action": "auto-approve" },
+    { "tool": "list_dir", "action": "auto-approve" },
+    { "tool": "grep_files", "action": "auto-approve" },
+    { "tool": "glob_files", "action": "auto-approve" },
+    { "tool": "write_todos", "action": "auto-approve" },
+    { "tool": "bash", "action": "auto-approve", "when": { "dangerLevel": "safe" } },
+    { "tool": "write_file", "action": "auto-approve", "when": { "pathPattern": "src/" } },
+    { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } },
+    { "tool": "*", "action": "confirm" }
+  ]
+}
+```
+
+| Field | Description |
+|-------|-------------|
+| `tool` | Tool name, or `*` for all tools |
+| `action` | `auto-approve` (skip confirmation), `deny` (block), `confirm` (ask user) |
+| `when.dangerLevel` | Only match when danger level is `safe`, `write`, or `destructive` |
+| `when.pathPattern` | Substring match against tool's `path` or `command` argument |
+
+**Recommended minimal config** — auto-approve all read-only tools to reduce y/N prompts:
+
+```json
+{
+  "permissionRules": [
+    { "tool": "read_file", "action": "auto-approve" },
+    { "tool": "list_dir", "action": "auto-approve" },
+    { "tool": "grep_files", "action": "auto-approve" },
+    { "tool": "glob_files", "action": "auto-approve" },
+    { "tool": "web_fetch", "action": "auto-approve" },
+    { "tool": "write_todos", "action": "auto-approve" },
+    { "tool": "ask_user", "action": "auto-approve" },
+    { "tool": "run_tests", "action": "auto-approve" }
+  ]
+}
+```
+
 ### Environment Variables
 
 Environment variables take precedence over config file values:

package/README.zh-CN.md

@@ -252,6 +252,50 @@ aicli
 HTTPS_PROXY=http://127.0.0.1:10809 aicli
 ```
 
+### 权限规则（Permission Rules）
+
+控制工具何时需要用户确认。规则按顺序匹配，第一条命中的生效：
+
+```json
+{
+  "permissionRules": [
+    { "tool": "read_file", "action": "auto-approve" },
+    { "tool": "list_dir", "action": "auto-approve" },
+    { "tool": "grep_files", "action": "auto-approve" },
+    { "tool": "glob_files", "action": "auto-approve" },
+    { "tool": "write_todos", "action": "auto-approve" },
+    { "tool": "bash", "action": "auto-approve", "when": { "dangerLevel": "safe" } },
+    { "tool": "write_file", "action": "auto-approve", "when": { "pathPattern": "src/" } },
+    { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } },
+    { "tool": "*", "action": "confirm" }
+  ]
+}
+```
+
+| 字段 | 说明 |
+|------|------|
+| `tool` | 工具名，`*` 匹配所有工具 |
+| `action` | `auto-approve`（跳过确认自动执行）、`deny`（拒绝）、`confirm`（需用户确认） |
+| `when.dangerLevel` | 仅当危险级别为 `safe`、`write` 或 `destructive` 时匹配 |
+| `when.pathPattern` | 子串匹配工具的 `path` 或 `command` 参数 |
+
+**推荐配置** — 自动放行所有只读工具，减少 y/N 确认次数：
+
+```json
+{
+  "permissionRules": [
+    { "tool": "read_file", "action": "auto-approve" },
+    { "tool": "list_dir", "action": "auto-approve" },
+    { "tool": "grep_files", "action": "auto-approve" },
+    { "tool": "glob_files", "action": "auto-approve" },
+    { "tool": "web_fetch", "action": "auto-approve" },
+    { "tool": "write_todos", "action": "auto-approve" },
+    { "tool": "ask_user", "action": "auto-approve" },
+    { "tool": "run_tests", "action": "auto-approve" }
+  ]
+}
+```
+
 ### 环境变量
 
 | 变量 | 说明 |

package/dist/{chunk-GGAA3JRD.js → chunk-EVOOSNVZ.js}

@@ -8,7 +8,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.2.12";
+var VERSION = "0.2.14";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-IGZDXYIX.js → chunk-S6ZN53TH.js}

@@ -16,7 +16,7 @@ import {
   SUBAGENT_MAX_ROUNDS_LIMIT,
   VERSION,
   runTestsTool
-} from "./chunk-GGAA3JRD.js";
+} from "./chunk-EVOOSNVZ.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/index.js

@@ -35,7 +35,7 @@ import {
   theme,
   truncateOutput,
   undoStack
-} from "./chunk-IGZDXYIX.js";
+} from "./chunk-S6ZN53TH.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -55,7 +55,7 @@ import {
   REPO_URL,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-GGAA3JRD.js";
+} from "./chunk-EVOOSNVZ.js";
 
 // src/index.ts
 import { program } from "commander";
@@ -1904,7 +1904,7 @@ ${hint}` : "")
       description: "Run project tests and show structured report",
       usage: "/test [command|filter]",
       async execute(args, _ctx) {
-        const { executeTests } = await import("./run-tests-R2BHDFGB.js");
+        const { executeTests } = await import("./run-tests-Y6KJ7XIU.js");
         const argStr = args.join(" ").trim();
         let testArgs = {};
         if (argStr) {
@@ -4812,11 +4812,22 @@ Session '${this.resumeSessionId}' not found.
     const apiMessages = [...messages];
     const extraMessages = [];
     const baseSystemPrompt = (this.buildCurrentSystemPrompt() ?? "") + TOOL_CALL_REMINDER;
-    const roundBudgetHint = `
+    const roundBudgetHint = this.planMode ? `
+
+[Tool Round Budget \u2014 Plan Mode]
+You have a maximum of ${MAX_TOOL_ROUNDS} tool call rounds. You are in READ-ONLY Plan Mode:
+- Only use: read_file, list_dir, grep_files, glob_files, ask_user, write_todos
+- Do NOT attempt to call bash, write_file, edit_file \u2014 they are disabled
+- Do NOT write shell commands or code blocks as a substitute for tool calls
+- Do NOT read the same file more than once
+- Call write_todos ONCE to present your plan, then give a text summary
+- If the user asks you to execute anything, respond: "Please type /plan execute to switch to execute mode."
+- Every ${AUTO_PAUSE_INTERVAL} rounds the user will be asked whether to continue.` : `
 
 [Tool Round Budget]
 You have a maximum of ${MAX_TOOL_ROUNDS} tool call rounds for this task. Plan efficiently:
 - Prefer batch operations (e.g. global find-and-replace) over repetitive single edits.
+- Do NOT read the same file more than once \u2014 use the content from previous reads.
 - Prioritize the most critical tasks first in case rounds run out.
 - When remaining rounds are low (\u22645), focus on completing the current task and summarizing.
 - Every ${AUTO_PAUSE_INTERVAL} rounds the user will be asked whether to continue \u2014 use this as a natural checkpoint to report progress.`;
@@ -5052,10 +5063,32 @@ You have a maximum of ${MAX_TOOL_ROUNDS} tool call rounds for this task. Plan ef
           process.stdin.removeListener("data", this._interjectionHandler);
         }
         const toolResults = await this.toolExecutor.executeAll(result.toolCalls);
-        roundToolHistory.push({
-          round: round + 1,
-          tools: result.toolCalls.map((tc) => tc.name)
-        });
+        const thisRoundTools = result.toolCalls.map((tc) => tc.name);
+        roundToolHistory.push({ round: round + 1, tools: thisRoundTools });
+        const readFileCalls = result.toolCalls.filter((tc) => tc.name === "read_file");
+        for (const rfc of readFileCalls) {
+          const filePath = rfc.arguments?.path;
+          if (filePath) {
+            const key = `read_file:${filePath}`;
+            const prevCount = roundToolHistory.flat().length > 0 ? roundToolHistory.filter((rh) => rh.tools.includes("read_file")).length : 0;
+            const fileReadCount = extraMessages.filter((msg) => {
+              const m = msg;
+              if (m.role !== "assistant") return false;
+              const tcs = m.tool_calls;
+              if (!Array.isArray(tcs)) return false;
+              return tcs.some((tc) => {
+                const fn = tc.function;
+                return fn?.name === "read_file" && JSON.stringify(fn?.arguments ?? "").includes(filePath);
+              });
+            }).length;
+            if (fileReadCount >= 2) {
+              extraMessages.push({
+                role: "user",
+                content: `\u26A0\uFE0F You have read the file "${filePath}" ${fileReadCount + 1} times already. The content hasn't changed \u2014 do NOT read it again. Use the information you already have.`
+              });
+            }
+          }
+        }
         if (this._interjectionHandler) {
           process.stdin.on("data", this._interjectionHandler);
           process.stdin.resume();
@@ -5474,7 +5507,7 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-Z3UV3EZB.js");
+  const { startWebServer } = await import("./server-QEAEWP4S.js");
   await startWebServer({ port, host: options.host });
 });
 program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {

package/dist/{run-tests-R2BHDFGB.js → run-tests-Y6KJ7XIU.js}

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-GGAA3JRD.js";
+} from "./chunk-EVOOSNVZ.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-Z3UV3EZB.js → server-QEAEWP4S.js}

@@ -23,7 +23,7 @@ import {
   setupProxy,
   spawnAgentContext,
   truncateOutput
-} from "./chunk-IGZDXYIX.js";
+} from "./chunk-S6ZN53TH.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   CONTEXT_FILE_CANDIDATES,
@@ -35,7 +35,7 @@ import {
   PLAN_MODE_SYSTEM_ADDON,
   SKILLS_DIR_NAME,
   VERSION
-} from "./chunk-GGAA3JRD.js";
+} from "./chunk-EVOOSNVZ.js";
 import {
   AuthManager
 } from "./chunk-CPLT6CD3.js";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.2.12",
+  "version": "0.2.14",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",