jinzd-ai-cli 0.4.113 → 0.4.115

package/dist/electron-server.js

@@ -36,7 +36,7 @@ import {
   VERSION,
   buildUserIdentityPrompt,
   runTestsTool
-} from "./chunk-2WAEM5B6.js";
+} from "./chunk-KQZU2VS5.js";
 import {
   hasSemanticIndex,
   semanticSearch
@@ -604,10 +604,20 @@ var ClaudeProvider = class extends BaseProvider {
     ]
   };
   async initialize(apiKey, options) {
-    this.client = new Anthropic({
+    const clientOptions = {
       apiKey,
       baseURL: options?.baseUrl
-    });
+    };
+    const proxyUrl = options?.proxy;
+    try {
+      const { Agent, ProxyAgent, fetch: undiciFetch } = await import("undici");
+      const STREAM_BODY_TIMEOUT = 30 * 60 * 1e3;
+      const STREAM_HEADERS_TIMEOUT = 5 * 60 * 1e3;
+      const dispatcher = proxyUrl ? new ProxyAgent({ uri: proxyUrl, bodyTimeout: STREAM_BODY_TIMEOUT, headersTimeout: STREAM_HEADERS_TIMEOUT }) : new Agent({ bodyTimeout: STREAM_BODY_TIMEOUT, headersTimeout: STREAM_HEADERS_TIMEOUT });
+      clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher }));
+    } catch {
+    }
+    this.client = new Anthropic(clientOptions);
   }
   /**
    * 将内部 MessageContentPart[] 格式转换为 Anthropic SDK 期望的 ContentBlockParam[]。
@@ -1464,13 +1474,20 @@ var OpenAICompatibleProvider = class extends BaseProvider {
       timeout: this.defaultTimeout
     };
     const proxyUrl = options?.proxy;
-    if (proxyUrl) {
-      try {
-        const { ProxyAgent, fetch: undiciFetch } = await import("undici");
-        const agent = new ProxyAgent({ uri: proxyUrl });
-        clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher: agent }));
-      } catch {
-      }
+    try {
+      const { Agent, ProxyAgent, fetch: undiciFetch } = await import("undici");
+      const STREAM_BODY_TIMEOUT = 30 * 60 * 1e3;
+      const STREAM_HEADERS_TIMEOUT = 5 * 60 * 1e3;
+      const dispatcher = proxyUrl ? new ProxyAgent({
+        uri: proxyUrl,
+        bodyTimeout: STREAM_BODY_TIMEOUT,
+        headersTimeout: STREAM_HEADERS_TIMEOUT
+      }) : new Agent({
+        bodyTimeout: STREAM_BODY_TIMEOUT,
+        headersTimeout: STREAM_HEADERS_TIMEOUT
+      });
+      clientOptions.fetch = ((url, init) => undiciFetch(url, { ...init, dispatcher }));
+    } catch {
     }
     this.client = new OpenAI(clientOptions);
   }
@@ -2268,6 +2285,40 @@ function peelMetaNarration(content) {
   }
   return out.trim();
 }
+var META_NARRATION_HARD_MARKERS = [
+  /\[⚠️\s*CONTENT GENERATION MODE\]/,
+  /CONTENT_ONLY_STREAM_REMINDER\b/,
+  /<system-reminder>/i
+];
+var META_NARRATION_HEURISTICS = [
+  /\bthe user (?:is asking me|wants me|is requesting|expects me)\b/i,
+  /\blet me (?:re-?read|re-?consider|reconsider|think about|carefully (?:re-?read|consider))\b/i,
+  /\bI'?m (?:in (?:a )?content-only|in CONTENT-ONLY|currently in)\b/i,
+  /\bI think (?:there might be|I should|I cannot|the (?:user|best)|maybe)\b/i,
+  /\bWait,?\s+let me\b/i,
+  /\bActually,?\s+I\b/i,
+  /\bI need to be honest with the user\b/i,
+  /\bI(?:'m| am) in a special mode\b/i,
+  /\bGiven that I cannot\b/i
+];
+function detectMetaNarration(content) {
+  if (!content) return null;
+  const head = content.slice(0, 2e3);
+  for (const re of META_NARRATION_HARD_MARKERS) {
+    if (re.test(head)) return re.source;
+  }
+  if (/^#{1,3}\s+\S/m.test(head)) return null;
+  let hits = 0;
+  let firstMatch = "";
+  for (const re of META_NARRATION_HEURISTICS) {
+    if (re.test(head)) {
+      hits++;
+      if (!firstMatch) firstMatch = re.source;
+      if (hits >= 2) return `meta-narration:${firstMatch}`;
+    }
+  }
+  return null;
+}
 function looksLikeDocumentBody(content) {
   if (!content || content.length < 200) return false;
   if (/^#{1,6}\s+\S/m.test(content)) return true;
@@ -3742,10 +3793,36 @@ function currentAbortSignal() {
   return controller.signal;
 }
 
+// src/tools/session-context.ts
+import { AsyncLocalStorage } from "async_hooks";
+var als = new AsyncLocalStorage();
+var DEFAULT_SESSION_KEY = "__default__";
+function getCurrentSessionKey() {
+  const ctx = als.getStore();
+  if (!ctx || !ctx.sessionKey) return DEFAULT_SESSION_KEY;
+  return ctx.sessionKey;
+}
+function runWithSessionKey(sessionKey, fn) {
+  const key = sessionKey && sessionKey.length > 0 ? sessionKey : DEFAULT_SESSION_KEY;
+  return als.run({ sessionKey: key }, fn);
+}
+
 // src/tools/builtin/bash.ts
 var IS_WINDOWS = platform() === "win32";
 var SHELL = IS_WINDOWS ? "powershell.exe" : process.env["SHELL"] ?? "/bin/bash";
-var persistentCwd = process.cwd();
+var cwdBySession = /* @__PURE__ */ new Map();
+function getCwd() {
+  const key = getCurrentSessionKey();
+  let cwd = cwdBySession.get(key);
+  if (!cwd) {
+    cwd = process.cwd();
+    cwdBySession.set(key, cwd);
+  }
+  return cwd;
+}
+function setCwd(next) {
+  cwdBySession.set(getCurrentSessionKey(), next);
+}
 var bashTool = {
   definition: {
     name: "bash",
@@ -3790,17 +3867,19 @@ Important rules:
     if (!command.trim()) {
       throw new ToolError("bash", "command is required");
     }
-    if (!existsSync4(persistentCwd)) {
+    let currentCwd = getCwd();
+    if (!existsSync4(currentCwd)) {
       const fallback = process.cwd();
       process.stderr.write(
-        `[bash] Previous cwd "${persistentCwd}" no longer exists, reset to "${fallback}"
+        `[bash] Previous cwd "${currentCwd}" no longer exists, reset to "${fallback}"
 `
       );
-      persistentCwd = fallback;
+      currentCwd = fallback;
+      setCwd(fallback);
     }
-    let effectiveCwd = persistentCwd;
+    let effectiveCwd = currentCwd;
     if (cwdArg) {
-      const resolved = resolve(persistentCwd, cwdArg);
+      const resolved = resolve(currentCwd, cwdArg);
       if (!existsSync4(resolved)) {
         throw new ToolError(
           "bash",
@@ -3808,7 +3887,7 @@ Important rules:
         );
       }
       effectiveCwd = resolved;
-      persistentCwd = resolved;
+      setCwd(resolved);
     }
     let actualCommand;
     if (IS_WINDOWS) {
@@ -3857,7 +3936,7 @@ Important rules:
       }
       updateCwdFromCommand(command, effectiveCwd);
       pushBashUndoEntries(beforeSnapshot, parsedTargetsBefore, effectiveCwd);
-      const result = IS_WINDOWS && Buffer.isBuffer(stdout) ? stdout.toString("utf-8") : stdout;
+      const result = Buffer.isBuffer(stdout) ? stdout.toString("utf-8") : String(stdout ?? "");
       return result || "(command completed with no output)";
     } catch (err) {
       pushBashUndoEntries(beforeSnapshot, parsedTargetsBefore, effectiveCwd);
@@ -4064,7 +4143,7 @@ function updateCwdFromCommand(command, baseCwd) {
   try {
     const newDir = resolve(baseCwd, target);
     if (existsSync4(newDir)) {
-      persistentCwd = newDir;
+      setCwd(newDir);
     }
   } catch {
   }
@@ -4885,6 +4964,16 @@ var ToolExecutor = class {
    * 通过 /yolo 命令切换。destructive 操作仍会显示警告但不阻塞。
    */
   sessionAutoApprove = false;
+  /**
+   * Logical session key used to scope per-session state in stateful tools
+   * (currently only `bash`'s persistent cwd). Web mode sets this per-tab so
+   * concurrent tabs don't share cwd. CLI/REPL leaves it undefined (the bash
+   * tool falls back to a default key).
+   */
+  sessionKey;
+  setSessionKey(key) {
+    this.sessionKey = key;
+  }
   /**
    * 由外部（repl.ts SIGINT handler）调用，将当前 confirm() 等待视为用户按 N 取消。
    * 若当前没有 confirm() 进行中，无操作。
@@ -4917,6 +5006,9 @@ var ToolExecutor = class {
     if (opts.defaultPermission) this.defaultPermission = opts.defaultPermission;
   }
   async execute(call) {
+    return runWithSessionKey(this.sessionKey, () => this.executeInner(call));
+  }
+  async executeInner(call) {
     const tool = this.registry.get(call.name);
     if (!tool) {
       return {
@@ -10046,6 +10138,7 @@ var SessionHandler = class _SessionHandler {
     this.mcpManager = shared.mcpManager;
     this.skillManager = shared.skillManager;
     this.toolExecutor = new ToolExecutorWeb(shared.toolRegistry, ws);
+    this.toolExecutor.setSessionKey(`web-${Math.random().toString(36).slice(2)}-${Date.now()}`);
     this.currentProvider = this.config.get("defaultProvider");
     const allDefaultModels = this.config.get("defaultModels");
     try {
@@ -10800,6 +10893,31 @@ ${summaryResult.content}`,
       await new Promise((resolve7, reject) => {
         fileStream.end((err) => err ? reject(err) : resolve7());
       });
+      const metaMatch = detectMetaNarration(fullContent);
+      if (metaMatch) {
+        try {
+          unlinkSync4(saveToFile);
+        } catch {
+        }
+        isError = true;
+        summary = `[save_last_response REJECTED] Your output was internal reasoning / meta-narration (e.g. "Let me re-read\u2026", "the user is asking me to\u2026") instead of the requested document body (matched: ${metaMatch}). ${saveToFile} was NOT saved.
+
+This fresh stream has NO tools. Produce ONLY the document body: start with a markdown heading and write the full content. Do NOT narrate that you will produce the document \u2014 produce it.`;
+        if (teeUsage) {
+          roundUsage.inputTokens += teeUsage.inputTokens;
+          roundUsage.outputTokens += teeUsage.outputTokens;
+          roundUsage.cacheCreationTokens += teeUsage.cacheCreationTokens ?? 0;
+          roundUsage.cacheReadTokens += teeUsage.cacheReadTokens ?? 0;
+        }
+        this.send({
+          type: "tool_call_result",
+          callId: call.id,
+          result: summary,
+          isError: true,
+          endTime: Date.now()
+        });
+        return { content: "", summary, isError: true };
+      }
       const pseudoMatch = detectPseudoToolCalls(fullContent);
       if (pseudoMatch) {
         const cleaned = stripPseudoToolCalls(fullContent);
@@ -10837,9 +10955,13 @@ ${summaryResult.content}`,
         } catch {
         }
       }
+      try {
+        unlinkSync4(saveToFile);
+      } catch {
+      }
       isError = true;
       const msg = err instanceof Error ? err.message : String(err);
-      summary = `[save_last_response failed] ${msg}`;
+      summary = `[save_last_response failed] streaming was interrupted: ${msg}. ${saveToFile} (partial) was deleted. Retry \u2014 and consider producing a more compact output (split very large reports across multiple save_last_response calls if the previous attempt timed out).`;
     }
     this.send({
       type: "tool_call_result",
@@ -11918,7 +12040,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-YOBAV24V.js");
+          const { executeTests } = await import("./run-tests-7VYL7OVA.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -12902,12 +13024,16 @@ async function setupProxy(configProxy) {
 }
 
 // src/web/auth.ts
-import { existsSync as existsSync21, readFileSync as readFileSync14, writeFileSync as writeFileSync9, mkdirSync as mkdirSync10, readdirSync as readdirSync10, copyFileSync } from "fs";
+import { existsSync as existsSync21, readFileSync as readFileSync14, writeFileSync as writeFileSync9, mkdirSync as mkdirSync10, readdirSync as readdirSync10, copyFileSync, renameSync as renameSync2, unlinkSync as unlinkSync5 } from "fs";
 import { join as join14 } from "path";
 import { createHmac, randomBytes, timingSafeEqual, pbkdf2Sync } from "crypto";
 var USERS_FILE = "users.json";
-var TOKEN_EXPIRY_HOURS = 24 * 7;
+var TOKEN_EXPIRY_HOURS = 24;
+var TOKEN_EXPIRY_MS = TOKEN_EXPIRY_HOURS * 3600 * 1e3;
 var USERS_DIR = "users";
+var LOGIN_MAX_FAILS = 5;
+var LOGIN_LOCKOUT_MS = 15 * 60 * 1e3;
+var loginAttempts = /* @__PURE__ */ new Map();
 var AuthManager = class {
   usersFile;
   baseDir;
@@ -12958,16 +13084,30 @@ var AuthManager = class {
     this.save();
     return null;
   }
-  /** Authenticate user. Returns JWT token or null. */
+  /**
+   * Authenticate user. Returns JWT token or null on failure.
+   *
+   * Audit closure (5th audit, v0.4.114): integrates failed-login lockout
+   * (CWE-307). After {@link LOGIN_MAX_FAILS} consecutive failures within a
+   * lockout window, further attempts return null without checking the
+   * password (avoiding pbkdf2 work + leaking timing). Successful login
+   * resets the counter.
+   */
   login(username, password) {
     username = username.trim().toLowerCase();
+    const lockState = this.getLockState(username);
+    if (lockState.locked) return null;
     const user = this.db.users.find((u) => u.username === username);
-    if (!user) return null;
+    if (!user) {
+      this.recordFailedLogin(username);
+      return null;
+    }
     const isLegacy = !user.hashVersion || user.hashVersion < 2;
     const hash = isLegacy ? this.hashPasswordLegacy(password, user.salt) : this.hashPassword(password, user.salt);
     const a = Buffer.from(hash, "utf-8");
     const b = Buffer.from(user.passwordHash, "utf-8");
     if (a.length !== b.length || !timingSafeEqual(a, b)) {
+      this.recordFailedLogin(username);
       return null;
     }
     if (isLegacy) {
@@ -12977,8 +13117,34 @@ var AuthManager = class {
       user.hashVersion = 2;
       this.save();
     }
+    loginAttempts.delete(username);
     return this.createToken(username);
   }
+  /**
+   * Returns current lockout state for a username and lazily expires it.
+   * Exposed (read-only) for tests and the `aicli user` CLI status output.
+   */
+  getLockState(username) {
+    username = username.trim().toLowerCase();
+    const state = loginAttempts.get(username);
+    if (!state) return { locked: false, remainingMs: 0, fails: 0 };
+    if (state.lockedUntil > 0 && Date.now() >= state.lockedUntil) {
+      loginAttempts.delete(username);
+      return { locked: false, remainingMs: 0, fails: 0 };
+    }
+    if (state.lockedUntil > 0) {
+      return { locked: true, remainingMs: state.lockedUntil - Date.now(), fails: state.fails };
+    }
+    return { locked: false, remainingMs: 0, fails: state.fails };
+  }
+  recordFailedLogin(username) {
+    const state = loginAttempts.get(username) ?? { fails: 0, lockedUntil: 0 };
+    state.fails += 1;
+    if (state.fails >= LOGIN_MAX_FAILS) {
+      state.lockedUntil = Date.now() + LOGIN_LOCKOUT_MS;
+    }
+    loginAttempts.set(username, state);
+  }
   /** Verify a token. Returns username or null. */
   verifyToken(token) {
     try {
@@ -12991,12 +13157,29 @@ var AuthManager = class {
         Buffer.from(payloadB64, "base64url").toString("utf-8")
       );
       if (Date.now() > payload.exp) return null;
-      if (!this.db.users.find((u) => u.username === payload.username)) return null;
+      const user = this.db.users.find((u) => u.username === payload.username);
+      if (!user) return null;
+      if (user.tokensRevokedBefore && (!payload.iat || payload.iat < user.tokensRevokedBefore)) {
+        return null;
+      }
       return payload.username;
     } catch {
       return null;
     }
   }
+  /**
+   * Revoke every outstanding token for the given user by bumping the
+   * `tokensRevokedBefore` watermark to now. Audit closure (5th audit,
+   * v0.4.114). Returns true if the user existed.
+   */
+  logoutAll(username) {
+    username = username.trim().toLowerCase();
+    const user = this.db.users.find((u) => u.username === username);
+    if (!user) return false;
+    user.tokensRevokedBefore = Date.now() + 1;
+    this.save();
+    return true;
+  }
   /** Get user's data directory (absolute path) */
   getUserDataDir(username) {
     const user = this.db.users.find((u) => u.username === username);
@@ -13028,6 +13211,7 @@ var AuthManager = class {
     user.passwordHash = this.hashPassword(newPassword, salt);
     user.salt = salt;
     user.hashVersion = 2;
+    user.tokensRevokedBefore = Date.now() + 1;
     this.save();
     return null;
   }
@@ -13089,7 +13273,17 @@ var AuthManager = class {
   }
   saveDB(db) {
     mkdirSync10(this.baseDir, { recursive: true });
-    writeFileSync9(this.usersFile, JSON.stringify(db, null, 2), "utf-8");
+    const tmp = `${this.usersFile}.tmp`;
+    try {
+      writeFileSync9(tmp, JSON.stringify(db, null, 2), "utf-8");
+      renameSync2(tmp, this.usersFile);
+    } catch (err) {
+      try {
+        unlinkSync5(tmp);
+      } catch {
+      }
+      throw err;
+    }
   }
   /** Legacy hash — kept only for migrating old users (v0.2.x) */
   hashPasswordLegacy(password, salt) {
@@ -13099,9 +13293,11 @@ var AuthManager = class {
     return pbkdf2Sync(password, salt, 1e5, 64, "sha512").toString("hex");
   }
   createToken(username) {
+    const now = Date.now();
     const payload = {
       username,
-      exp: Date.now() + TOKEN_EXPIRY_HOURS * 3600 * 1e3
+      iat: now,
+      exp: now + TOKEN_EXPIRY_HOURS * 3600 * 1e3
     };
     const payloadB64 = Buffer.from(JSON.stringify(payload), "utf-8").toString("base64url");
     const signature = this.sign(payloadB64);
@@ -13196,6 +13392,27 @@ async function startWebServer(options = {}) {
     skillManager
   };
   const app = express();
+  app.use((_req, res, next) => {
+    res.setHeader(
+      "Content-Security-Policy",
+      [
+        "default-src 'self'",
+        "script-src 'self'",
+        "style-src 'self' 'unsafe-inline'",
+        "img-src 'self' data: blob:",
+        "font-src 'self' data:",
+        "connect-src 'self' ws: wss:",
+        "frame-ancestors 'none'",
+        "base-uri 'self'",
+        "form-action 'self'"
+      ].join("; ")
+    );
+    res.setHeader("X-Content-Type-Options", "nosniff");
+    res.setHeader("Referrer-Policy", "no-referrer");
+    res.setHeader("X-Frame-Options", "DENY");
+    res.setHeader("Permissions-Policy", "geolocation=(), microphone=(), camera=()");
+    next();
+  });
   const server = createServer(app);
   const WS_MAX_PAYLOAD = 1 * 1024 * 1024;
   const WS_MSG_RATE_PER_SEC = 30;
@@ -13280,7 +13497,7 @@ async function startWebServer(options = {}) {
     }
     const token = authManager.login(username, password);
     console.log(`   \u2713 User registered via API: ${username}${firstRun ? " (first-run)" : ""}`);
-    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: 7 * 24 * 3600 * 1e3 });
+    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: TOKEN_EXPIRY_MS });
     res.json({ success: true, username });
   });
   app.post("/api/auth/login", (req, res) => {
@@ -13294,7 +13511,7 @@ async function startWebServer(options = {}) {
       res.status(401).json({ error: "Invalid username or password" });
       return;
     }
-    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: 7 * 24 * 3600 * 1e3 });
+    res.cookie("aicli_token", token, { httpOnly: true, sameSite: "strict", maxAge: TOKEN_EXPIRY_MS });
     res.json({ success: true, username });
   });
   app.post("/api/auth/logout", (_req, res) => {

package/dist/{hub-KRNH76Y3.js → hub-E3WMJGYK.js}

@@ -386,7 +386,7 @@ ${content}`);
   }
 }
 async function runTaskMode(config, providers, configManager, topic) {
-  const { TaskOrchestrator } = await import("./task-orchestrator-KZISH5DT.js");
+  const { TaskOrchestrator } = await import("./task-orchestrator-24IGVXYP.js");
   const orchestrator = new TaskOrchestrator(config, providers, configManager);
   let interrupted = false;
   const onSigint = () => {