jinzd-ai-cli 0.4.113 → 0.4.115

package/dist/auth-7KK5BOCA.js

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+import {
+  AuthManager,
+  TOKEN_EXPIRY_MS,
+  __resetLoginAttemptsForTests
+} from "./chunk-O7NM4WTS.js";
+import "./chunk-PDX44BCA.js";
+export {
+  AuthManager,
+  TOKEN_EXPIRY_MS,
+  __resetLoginAttemptsForTests
+};

package/dist/{batch-NF26OYWB.js → batch-SHNIUSW2.js}

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import {
   ConfigManager
-} from "./chunk-WLZ2PWQV.js";
+} from "./chunk-UZLNS3QG.js";
 import "./chunk-2ZD3YTVM.js";
-import "./chunk-SRU5SYZI.js";
+import "./chunk-OHUHYWBR.js";
 import "./chunk-PDX44BCA.js";
 
 // src/cli/batch.ts

package/dist/{chunk-TFYDLG7E.js → chunk-FMPWML3F.js}

@@ -2,7 +2,7 @@
 import {
   schemaToJsonSchema,
   truncateForPersist
-} from "./chunk-3GUNDGUV.js";
+} from "./chunk-TJGRPTJS.js";
 import {
   AuthError,
   ProviderError,
@@ -18,7 +18,7 @@ import {
   MCP_PROTOCOL_VERSION,
   MCP_TOOL_PREFIX,
   VERSION
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import {
   redactJson
 } from "./chunk-7ZJN4KLV.js";
@@ -72,10 +72,20 @@ var ClaudeProvider = class extends BaseProvider {
     ]
   };
   async initialize(apiKey, options) {
-    this.client = new Anthropic({
+    const clientOptions = {
       apiKey,
       baseURL: options?.baseUrl
-    });
+    };
+    const proxyUrl = options?.proxy;
+    try {
+      const { Agent, ProxyAgent, fetch: undiciFetch } = await import("undici");
+      const STREAM_BODY_TIMEOUT = 30 * 60 * 1e3;
+      const STREAM_HEADERS_TIMEOUT = 5 * 60 * 1e3;
+      const dispatcher = proxyUrl ? new ProxyAgent({ uri: proxyUrl, bodyTimeout: STREAM_BODY_TIMEOUT, headersTimeout: STREAM_HEADERS_TIMEOUT }) : new Agent({ bodyTimeout: STREAM_BODY_TIMEOUT, headersTimeout: STREAM_HEADERS_TIMEOUT });
+      clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher }));
+    } catch {
+    }
+    this.client = new Anthropic(clientOptions);
   }
   /**
    * 将内部 MessageContentPart[] 格式转换为 Anthropic SDK 期望的 ContentBlockParam[]。
@@ -932,13 +942,20 @@ var OpenAICompatibleProvider = class extends BaseProvider {
       timeout: this.defaultTimeout
     };
     const proxyUrl = options?.proxy;
-    if (proxyUrl) {
-      try {
-        const { ProxyAgent, fetch: undiciFetch } = await import("undici");
-        const agent = new ProxyAgent({ uri: proxyUrl });
-        clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher: agent }));
-      } catch {
-      }
+    try {
+      const { Agent, ProxyAgent, fetch: undiciFetch } = await import("undici");
+      const STREAM_BODY_TIMEOUT = 30 * 60 * 1e3;
+      const STREAM_HEADERS_TIMEOUT = 5 * 60 * 1e3;
+      const dispatcher = proxyUrl ? new ProxyAgent({
+        uri: proxyUrl,
+        bodyTimeout: STREAM_BODY_TIMEOUT,
+        headersTimeout: STREAM_HEADERS_TIMEOUT
+      }) : new Agent({
+        bodyTimeout: STREAM_BODY_TIMEOUT,
+        headersTimeout: STREAM_HEADERS_TIMEOUT
+      });
+      clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher }));
+    } catch {
     }
     this.client = new OpenAI(clientOptions);
   }
@@ -1854,6 +1871,40 @@ function peelMetaNarration(content) {
   }
   return out.trim();
 }
+var META_NARRATION_HARD_MARKERS = [
+  /\[⚠️\s*CONTENT GENERATION MODE\]/,
+  /CONTENT_ONLY_STREAM_REMINDER\b/,
+  /<system-reminder>/i
+];
+var META_NARRATION_HEURISTICS = [
+  /\bthe user (?:is asking me|wants me|is requesting|expects me)\b/i,
+  /\blet me (?:re-?read|re-?consider|reconsider|think about|carefully (?:re-?read|consider))\b/i,
+  /\bI'?m (?:in (?:a )?content-only|in CONTENT-ONLY|currently in)\b/i,
+  /\bI think (?:there might be|I should|I cannot|the (?:user|best)|maybe)\b/i,
+  /\bWait,?\s+let me\b/i,
+  /\bActually,?\s+I\b/i,
+  /\bI need to be honest with the user\b/i,
+  /\bI(?:'m| am) in a special mode\b/i,
+  /\bGiven that I cannot\b/i
+];
+function detectMetaNarration(content) {
+  if (!content) return null;
+  const head = content.slice(0, 2e3);
+  for (const re of META_NARRATION_HARD_MARKERS) {
+    if (re.test(head)) return re.source;
+  }
+  if (/^#{1,3}\s+\S/m.test(head)) return null;
+  let hits = 0;
+  let firstMatch = "";
+  for (const re of META_NARRATION_HEURISTICS) {
+    if (re.test(head)) {
+      hits++;
+      if (!firstMatch) firstMatch = re.source;
+      if (hits >= 2) return `meta-narration:${firstMatch}`;
+    }
+  }
+  return null;
+}
 function looksLikeDocumentBody(content) {
   if (!content || content.length < 200) return false;
   if (/^#{1,6}\s+\S/m.test(content)) return true;
@@ -4156,6 +4207,7 @@ export {
   buildPhantomCorrectionMessage,
   detectPseudoToolCalls,
   stripPseudoToolCalls,
+  detectMetaNarration,
   looksLikeDocumentBody,
   stripToolCallReminder,
   TEE_FINAL_USER_NUDGE,

package/dist/{chunk-2WAEM5B6.js → chunk-KQZU2VS5.js}

@@ -6,7 +6,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.4.113";
+var VERSION = "0.4.115";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-BYNY5JPB.js → chunk-O7NM4WTS.js}

@@ -1,12 +1,19 @@
 #!/usr/bin/env node
 
 // src/web/auth.ts
-import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, copyFileSync } from "fs";
+import { existsSync, readFileSync, writeFileSync, mkdirSync, readdirSync, copyFileSync, renameSync, unlinkSync } from "fs";
 import { join } from "path";
 import { createHmac, randomBytes, timingSafeEqual, pbkdf2Sync } from "crypto";
 var USERS_FILE = "users.json";
-var TOKEN_EXPIRY_HOURS = 24 * 7;
+var TOKEN_EXPIRY_HOURS = 24;
+var TOKEN_EXPIRY_MS = TOKEN_EXPIRY_HOURS * 3600 * 1e3;
 var USERS_DIR = "users";
+var LOGIN_MAX_FAILS = 5;
+var LOGIN_LOCKOUT_MS = 15 * 60 * 1e3;
+var loginAttempts = /* @__PURE__ */ new Map();
+function __resetLoginAttemptsForTests() {
+  loginAttempts.clear();
+}
 var AuthManager = class {
   usersFile;
   baseDir;
@@ -57,16 +64,30 @@ var AuthManager = class {
     this.save();
     return null;
   }
-  /** Authenticate user. Returns JWT token or null. */
+  /**
+   * Authenticate user. Returns JWT token or null on failure.
+   *
+   * Audit closure (5th audit, v0.4.114): integrates failed-login lockout
+   * (CWE-307). After {@link LOGIN_MAX_FAILS} consecutive failures within a
+   * lockout window, further attempts return null without checking the
+   * password (avoiding pbkdf2 work + leaking timing). Successful login
+   * resets the counter.
+   */
   login(username, password) {
     username = username.trim().toLowerCase();
+    const lockState = this.getLockState(username);
+    if (lockState.locked) return null;
     const user = this.db.users.find((u) => u.username === username);
-    if (!user) return null;
+    if (!user) {
+      this.recordFailedLogin(username);
+      return null;
+    }
     const isLegacy = !user.hashVersion || user.hashVersion < 2;
     const hash = isLegacy ? this.hashPasswordLegacy(password, user.salt) : this.hashPassword(password, user.salt);
     const a = Buffer.from(hash, "utf-8");
     const b = Buffer.from(user.passwordHash, "utf-8");
     if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      this.recordFailedLogin(username);
       return null;
     }
     if (isLegacy) {
@@ -76,8 +97,34 @@ var AuthManager = class {
       user.hashVersion = 2;
       this.save();
     }
+    loginAttempts.delete(username);
     return this.createToken(username);
   }
+  /**
+   * Returns current lockout state for a username and lazily expires it.
+   * Exposed (read-only) for tests and the `aicli user` CLI status output.
+   */
+  getLockState(username) {
+    username = username.trim().toLowerCase();
+    const state = loginAttempts.get(username);
+    if (!state) return { locked: false, remainingMs: 0, fails: 0 };
+    if (state.lockedUntil > 0 && Date.now() >= state.lockedUntil) {
+      loginAttempts.delete(username);
+      return { locked: false, remainingMs: 0, fails: 0 };
+    }
+    if (state.lockedUntil > 0) {
+      return { locked: true, remainingMs: state.lockedUntil - Date.now(), fails: state.fails };
+    }
+    return { locked: false, remainingMs: 0, fails: state.fails };
+  }
+  recordFailedLogin(username) {
+    const state = loginAttempts.get(username) ?? { fails: 0, lockedUntil: 0 };
+    state.fails += 1;
+    if (state.fails >= LOGIN_MAX_FAILS) {
+      state.lockedUntil = Date.now() + LOGIN_LOCKOUT_MS;
+    }
+    loginAttempts.set(username, state);
+  }
   /** Verify a token. Returns username or null. */
   verifyToken(token) {
     try {
@@ -90,12 +137,29 @@ var AuthManager = class {
         Buffer.from(payloadB64, "base64url").toString("utf-8")
       );
       if (Date.now() > payload.exp) return null;
-      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      const user = this.db.users.find((u) => u.username === payload.username);
+      if (!user) return null;
+      if (user.tokensRevokedBefore && (!payload.iat || payload.iat < user.tokensRevokedBefore)) {
+        return null;
+      }
       return payload.username;
     } catch {
       return null;
     }
   }
+  /**
+   * Revoke every outstanding token for the given user by bumping the
+   * `tokensRevokedBefore` watermark to now. Audit closure (5th audit,
+   * v0.4.114). Returns true if the user existed.
+   */
+  logoutAll(username) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return false;
+    user.tokensRevokedBefore = Date.now() + 1;
+    this.save();
+    return true;
+  }
   /** Get user's data directory (absolute path) */
   getUserDataDir(username) {
     const user = this.db.users.find((u) => u.username === username);
@@ -127,6 +191,7 @@ var AuthManager = class {
     user.passwordHash = this.hashPassword(newPassword, salt);
     user.salt = salt;
     user.hashVersion = 2;
+    user.tokensRevokedBefore = Date.now() + 1;
     this.save();
     return null;
   }
@@ -188,7 +253,17 @@ var AuthManager = class {
   }
   saveDB(db) {
     mkdirSync(this.baseDir, { recursive: true });
-    writeFileSync(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+    const tmp = `${this.usersFile}.tmp`;
+    try {
+      writeFileSync(tmp, JSON.stringify(db, null, 2), "utf-8");
+      renameSync(tmp, this.usersFile);
+    } catch (err) {
+      try {
+        unlinkSync(tmp);
+      } catch {
+      }
+      throw err;
+    }
   }
   /** Legacy hash — kept only for migrating old users (v0.2.x) */
   hashPasswordLegacy(password, salt) {
@@ -198,9 +273,11 @@ var AuthManager = class {
     return pbkdf2Sync(password, salt, 1e5, 64, "sha512").toString("hex");
   }
   createToken(username) {
+    const now = Date.now();
     const payload = {
       username,
-      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+      iat: now,
+      exp: now + TOKEN_EXPIRY_HOURS * 3600 * 1e3
     };
     const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
     const signature = this.sign(payloadB64);
@@ -212,5 +289,7 @@ var AuthManager = class {
 };
 
 export {
+  TOKEN_EXPIRY_MS,
+  __resetLoginAttemptsForTests,
   AuthManager
 };

package/dist/{chunk-SRU5SYZI.js → chunk-OHUHYWBR.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/core/constants.ts
-var VERSION = "0.4.113";
+var VERSION = "0.4.115";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-SIDKPVRD.js → chunk-PEMNYHIS.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   TEST_TIMEOUT
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 
 // src/tools/builtin/run-tests.ts
 import { execSync, spawnSync } from "child_process";

package/dist/{chunk-3GUNDGUV.js → chunk-TJGRPTJS.js}

@@ -5,7 +5,7 @@ import {
 } from "./chunk-3BICTI5M.js";
 import {
   runTestsTool
-} from "./chunk-SIDKPVRD.js";
+} from "./chunk-PEMNYHIS.js";
 import {
   EnvLoader,
   NetworkError,
@@ -18,7 +18,7 @@ import {
   SUBAGENT_ALLOWED_TOOLS,
   SUBAGENT_DEFAULT_MAX_ROUNDS,
   SUBAGENT_MAX_ROUNDS_LIMIT
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import {
   fileCheckpoints
 } from "./chunk-4BKXL7SM.js";
@@ -229,10 +229,36 @@ function resetInterrupt() {
   interrupted = false;
 }
 
+// src/tools/session-context.ts
+import { AsyncLocalStorage } from "async_hooks";
+var als = new AsyncLocalStorage();
+var DEFAULT_SESSION_KEY = "__default__";
+function getCurrentSessionKey() {
+  const ctx = als.getStore();
+  if (!ctx || !ctx.sessionKey) return DEFAULT_SESSION_KEY;
+  return ctx.sessionKey;
+}
+function runWithSessionKey(sessionKey, fn) {
+  const key = sessionKey && sessionKey.length > 0 ? sessionKey : DEFAULT_SESSION_KEY;
+  return als.run({ sessionKey: key }, fn);
+}
+
 // src/tools/builtin/bash.ts
 var IS_WINDOWS = platform() === "win32";
 var SHELL = IS_WINDOWS ? "powershell.exe" : process.env["SHELL"] ?? "/bin/bash";
-var persistentCwd = process.cwd();
+var cwdBySession = /* @__PURE__ */ new Map();
+function getCwd() {
+  const key = getCurrentSessionKey();
+  let cwd = cwdBySession.get(key);
+  if (!cwd) {
+    cwd = process.cwd();
+    cwdBySession.set(key, cwd);
+  }
+  return cwd;
+}
+function setCwd(next) {
+  cwdBySession.set(getCurrentSessionKey(), next);
+}
 var bashTool = {
   definition: {
     name: "bash",
@@ -277,17 +303,19 @@ Important rules:
     if (!command.trim()) {
       throw new ToolError("bash", "command is required");
     }
-    if (!existsSync2(persistentCwd)) {
+    let currentCwd = getCwd();
+    if (!existsSync2(currentCwd)) {
       const fallback = process.cwd();
       process.stderr.write(
-        `[bash] Previous cwd "${persistentCwd}" no longer exists, reset to "${fallback}"
+        `[bash] Previous cwd "${currentCwd}" no longer exists, reset to "${fallback}"
 `
       );
-      persistentCwd = fallback;
+      currentCwd = fallback;
+      setCwd(fallback);
     }
-    let effectiveCwd = persistentCwd;
+    let effectiveCwd = currentCwd;
     if (cwdArg) {
-      const resolved = resolve(persistentCwd, cwdArg);
+      const resolved = resolve(currentCwd, cwdArg);
       if (!existsSync2(resolved)) {
         throw new ToolError(
           "bash",
@@ -295,7 +323,7 @@ Important rules:
         );
       }
       effectiveCwd = resolved;
-      persistentCwd = resolved;
+      setCwd(resolved);
     }
     let actualCommand;
     if (IS_WINDOWS) {
@@ -344,7 +372,7 @@ Important rules:
       }
       updateCwdFromCommand(command, effectiveCwd);
       pushBashUndoEntries(beforeSnapshot, parsedTargetsBefore, effectiveCwd);
-      const result = IS_WINDOWS && Buffer.isBuffer(stdout) ? stdout.toString("utf-8") : stdout;
+      const result = Buffer.isBuffer(stdout) ? stdout.toString("utf-8") : String(stdout ?? "");
       return result || "(command completed with no output)";
     } catch (err) {
       pushBashUndoEntries(beforeSnapshot, parsedTargetsBefore, effectiveCwd);
@@ -551,7 +579,7 @@ function updateCwdFromCommand(command, baseCwd) {
   try {
     const newDir = resolve(baseCwd, target);
     if (existsSync2(newDir)) {
-      persistentCwd = newDir;
+      setCwd(newDir);
     }
   } catch {
   }
@@ -1411,6 +1439,16 @@ var ToolExecutor = class {
    * 通过 /yolo 命令切换。destructive 操作仍会显示警告但不阻塞。
    */
   sessionAutoApprove = false;
+  /**
+   * Logical session key used to scope per-session state in stateful tools
+   * (currently only `bash`'s persistent cwd). Web mode sets this per-tab so
+   * concurrent tabs don't share cwd. CLI/REPL leaves it undefined (the bash
+   * tool falls back to a default key).
+   */
+  sessionKey;
+  setSessionKey(key) {
+    this.sessionKey = key;
+  }
   /**
    * 由外部（repl.ts SIGINT handler）调用，将当前 confirm() 等待视为用户按 N 取消。
    * 若当前没有 confirm() 进行中，无操作。
@@ -1443,6 +1481,9 @@ var ToolExecutor = class {
     if (opts.defaultPermission) this.defaultPermission = opts.defaultPermission;
   }
   async execute(call) {
+    return runWithSessionKey(this.sessionKey, () => this.executeInner(call));
+  }
+  async executeInner(call) {
     const tool = this.registry.get(call.name);
     if (!tool) {
       return {

package/dist/{chunk-WLZ2PWQV.js → chunk-UZLNS3QG.js}

@@ -8,7 +8,7 @@ import {
   CONFIG_FILE_NAME,
   HISTORY_DIR_NAME,
   PLUGINS_DIR_NAME
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/{constants-2Z7YP252.js → constants-Y6LRE5TI.js}

@@ -36,7 +36,7 @@ import {
   TEST_TIMEOUT,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-SRU5SYZI.js";
+} from "./chunk-OHUHYWBR.js";
 import "./chunk-PDX44BCA.js";
 export {
   AGENTIC_BEHAVIOR_GUIDELINE,