jinzd-ai-cli 0.4.153 → 0.4.155

package/dist/{chunk-TURORFH2.js → chunk-D6GJTJQH.js}

@@ -2,7 +2,7 @@
 import {
   CONFIG_DIR_NAME,
   VERSION
-} from "./chunk-D62BVFP7.js";
+} from "./chunk-B3LFGPU2.js";
 
 // src/diagnostics/crash-log.ts
 import {

package/dist/{chunk-OP3I24WL.js → chunk-E5ICQT3P.js}

@@ -5,10 +5,10 @@ import {
 } from "./chunk-HDSKW7Q3.js";
 import {
   runTestsTool
-} from "./chunk-OT2HLGSO.js";
+} from "./chunk-JOJRBV2K.js";
 import {
   runTool
-} from "./chunk-EYJQJZJ6.js";
+} from "./chunk-NFRTSL3N.js";
 import {
   getDangerLevel,
   isFileWriteTool
@@ -25,14 +25,14 @@ import {
   SUBAGENT_ALLOWED_TOOLS,
   SUBAGENT_DEFAULT_MAX_ROUNDS,
   SUBAGENT_MAX_ROUNDS_LIMIT
-} from "./chunk-D62BVFP7.js";
+} from "./chunk-B3LFGPU2.js";
 import {
   fileCheckpoints
 } from "./chunk-4BKXL7SM.js";
 import {
   loadChatIndex,
   searchChatMemory
-} from "./chunk-RXM76HB7.js";
+} from "./chunk-U5MY24UZ.js";
 import {
   indexProject
 } from "./chunk-VNNYHW6N.js";

package/dist/{chunk-UWW3EWER.js → chunk-IBBYW6PM.js}

@@ -8,7 +8,7 @@ import {
   CONFIG_FILE_NAME,
   HISTORY_DIR_NAME,
   PLUGINS_DIR_NAME
-} from "./chunk-D62BVFP7.js";
+} from "./chunk-B3LFGPU2.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";

package/dist/{chunk-OT2HLGSO.js → chunk-JOJRBV2K.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   TEST_TIMEOUT
-} from "./chunk-D62BVFP7.js";
+} from "./chunk-B3LFGPU2.js";
 
 // src/tools/builtin/run-tests.ts
 import { execSync, spawnSync } from "child_process";

package/dist/{chunk-LJPB4ZER.js → chunk-JXSWY54M.js}

@@ -6,7 +6,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.4.153";
+var VERSION = "0.4.155";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-EYJQJZJ6.js → chunk-NFRTSL3N.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   CONFIG_DIR_NAME
-} from "./chunk-D62BVFP7.js";
+} from "./chunk-B3LFGPU2.js";
 
 // src/diagnostics/tool-stats.ts
 import { existsSync, readFileSync, writeFileSync, mkdirSync, renameSync } from "fs";

package/dist/{chunk-M4GJOBWN.js → chunk-O6MLS5QO.js}

@@ -1,7 +1,33 @@
 #!/usr/bin/env node
 
+// src/hub/convergence.ts
+function convergenceThreshold(total) {
+  if (total <= 0) return Infinity;
+  return Math.ceil(total * 2 / 3);
+}
+function isConverged(convergedCount, total) {
+  if (convergedCount <= 0) return false;
+  return convergedCount >= convergenceThreshold(total);
+}
+var CONVERGED_MARKER = /\[CONVERGED\]/i;
+function hasConvergedMarker(content) {
+  return CONVERGED_MARKER.test(content);
+}
+function stripConvergedMarker(content) {
+  return content.replace(/\s*\[CONVERGED\]\s*/gi, " ").trim();
+}
+
 // src/hub/agent.ts
 var PASS_MARKER = "[PASS]";
+function parseTurn(raw) {
+  const trimmed = raw.trim();
+  const upper = trimmed.toUpperCase();
+  if (upper.startsWith(PASS_MARKER) || upper === PASS_MARKER) {
+    return { content: "", passed: true, converged: false };
+  }
+  const converged = hasConvergedMarker(trimmed);
+  return { content: converged ? stripConvergedMarker(trimmed) : trimmed, passed: false, converged };
+}
 var HubAgent = class {
   role;
   providers;
@@ -27,12 +53,12 @@ var HubAgent = class {
    *
    * Returns a DiscussionMessage, with `passed: true` if the agent outputs [PASS].
    */
-  async speak(topic, history, round, maxRounds) {
+  async speak(topic, history, round, maxRounds, opts) {
     const provider = this.providers.get(this.providerId);
     if (!provider) {
       throw new Error(`Provider "${this.providerId}" not available for agent "${this.role.id}"`);
     }
-    const systemPrompt = this.buildSystemPrompt(topic, round, maxRounds);
+    const systemPrompt = this.buildSystemPrompt(topic, round, maxRounds, opts?.voteConverge);
     const messages = this.buildMessages(history);
     const response = await provider.chat({
       messages,
@@ -42,31 +68,31 @@ var HubAgent = class {
       temperature: 0.7,
       maxTokens: 4096
     });
-    const content = response.content.trim();
-    const passed = content.toUpperCase().startsWith(PASS_MARKER) || content.toUpperCase() === PASS_MARKER;
+    const { content, passed, converged } = parseTurn(response.content);
     return {
       speaker: this.role.id,
       speakerName: this.role.name,
-      content: passed ? "" : content,
+      content,
       timestamp: /* @__PURE__ */ new Date(),
-      passed
+      passed,
+      converged
     };
   }
   /**
    * Streaming version of speak() — yields tokens as they arrive.
    * Falls back to non-streaming speak() if the provider doesn't support chatStream.
    */
-  async speakStream(topic, history, round, maxRounds, onToken) {
+  async speakStream(topic, history, round, maxRounds, onToken, opts) {
     const provider = this.providers.get(this.providerId);
     if (!provider) {
       throw new Error(`Provider "${this.providerId}" not available for agent "${this.role.id}"`);
     }
     if (!provider.chatStream) {
-      return this.speak(topic, history, round, maxRounds);
+      return this.speak(topic, history, round, maxRounds, opts);
     }
-    const systemPrompt = this.buildSystemPrompt(topic, round, maxRounds);
+    const systemPrompt = this.buildSystemPrompt(topic, round, maxRounds, opts?.voteConverge);
     const messages = this.buildMessages(history);
-    let content = "";
+    let raw = "";
     const stream = provider.chatStream({
       messages,
       model: this.modelId,
@@ -77,18 +103,18 @@ var HubAgent = class {
     });
     for await (const chunk of stream) {
       if (chunk.delta) {
-        content += chunk.delta;
+        raw += chunk.delta;
         onToken?.(chunk.delta);
       }
     }
-    content = content.trim();
-    const passed = content.toUpperCase().startsWith(PASS_MARKER) || content.toUpperCase() === PASS_MARKER;
+    const { content, passed, converged } = parseTurn(raw);
     return {
       speaker: this.role.id,
       speakerName: this.role.name,
-      content: passed ? "" : content,
+      content,
       timestamp: /* @__PURE__ */ new Date(),
-      passed
+      passed,
+      converged
     };
   }
   /**
@@ -116,11 +142,13 @@ var HubAgent = class {
     return response.content.trim();
   }
   // ── Private ──────────────────────────────────────────────────────
-  buildSystemPrompt(topic, round, maxRounds) {
+  buildSystemPrompt(topic, round, maxRounds, voteConverge) {
     const contextSection = this.context ? `
 
 ## Reference Documents
 ${this.context}` : "";
+    const convergeRule = voteConverge ? `
+- If you believe the group has reached a sufficient conclusion and further rounds would add little, append the marker [CONVERGED] at the very end of your message (you may still make your substantive point above it). When a 2/3 majority converges, the discussion ends.` : "";
     return `# Multi-Agent Discussion \u2014 Role: ${this.role.name}
 
 ${this.role.persona}
@@ -130,7 +158,7 @@ ${this.role.persona}
 - You can see what other participants have said. Build on their ideas, challenge them, or add your own perspective.
 - Stay in character as ${this.role.name}. Respond from your role's expertise and viewpoint.
 - Keep responses concise and focused (2-6 paragraphs). Do not repeat what others have already said.
-- If you have nothing meaningful to add (others have covered your points), respond with exactly: [PASS]
+- If you have nothing meaningful to add (others have covered your points), respond with exactly: [PASS]${convergeRule}
 - This is round ${round} of ${maxRounds}. ${round >= maxRounds - 1 ? "This is one of the final rounds \u2014 try to converge on conclusions." : ""}
 - Use the language that the topic is written in (if the topic is in Chinese, respond in Chinese).
 
@@ -184,13 +212,15 @@ ${topic}
 ${transcript}
 
 ## Instructions
-Produce a summary that includes:
-1. **Key Points of Agreement** \u2014 what all participants agreed on
-2. **Points of Debate** \u2014 where participants disagreed and the different perspectives
-3. **Conclusions & Recommendations** \u2014 actionable takeaways
-4. **Open Questions** \u2014 unresolved issues that need further discussion
+Produce a structured, decision-oriented synthesis with these exact sections:
+
+1. **Decision / Recommendation** \u2014 the single clearest recommendation the discussion points to. If the group genuinely did not converge, say so and give the leading option plus what would settle it.
+2. **Key Points of Agreement** \u2014 what participants agreed on.
+3. **Points of Debate** \u2014 where they disagreed, with the competing perspectives.
+4. **Action Items** \u2014 concrete next steps as a checklist. For each, suggest which role/expertise should own it, e.g. "- [ ] (\u67B6\u6784\u5E08) \u8BC4\u4F30\u670D\u52A1\u62C6\u5206\u8FB9\u754C".
+5. **Risks & Open Questions** \u2014 unresolved issues and what to watch.
 
-Keep the summary concise (within 500 words). Use the same language as the discussion.`;
+Keep it tight (within ~600 words). Use the same language as the discussion.`;
   }
 };
 
@@ -358,9 +388,18 @@ function renderHubEvent(event) {
       clearSpeakingLine();
       streamHeaderPrinted = false;
       break;
+    case "converge_vote":
+      console.log(chalk.dim(`  \u{1F5F3}  Convergence vote: ${event.converged}/${event.total} agent(s) marked [CONVERGED]`));
+      break;
+    case "human_steer":
+      console.log(chalk.cyan(`  \u{1F9ED} You steered: ${truncate(event.message, 80)}`));
+      console.log();
+      break;
     case "discussion_end":
       if (event.reason === "consensus") renderConsensus();
+      else if (event.reason === "vote_converged") console.log(chalk.bold.green("\n  \u2713 Converged by vote (2/3 majority).\n"));
       else if (event.reason === "max_rounds") renderMaxRounds(event.maxRounds ?? 0);
+      else if (event.reason === "human_stop") console.log(chalk.bold.yellow("\n  \u23F9  Stopped by you \u2014 generating summary.\n"));
       else renderUserInterrupt();
       break;
     case "summary":
@@ -379,6 +418,7 @@ function stripAnsi(s) {
 }
 
 export {
+  isConverged,
   HubAgent,
   assignRoleColors,
   renderHubBanner,

package/dist/chunk-SLSWPBK3.js

@@ -0,0 +1,120 @@
+#!/usr/bin/env node
+
+// src/security/redactor.ts
+var DEFAULT_PATTERNS = [
+  // password: xxx / password = xxx / password="xxx"
+  // Covers YAML / JSON / shell-ish / env-file forms.
+  { kind: "password", regex: /\b(password|passwd|pwd)\s*[:=]\s*["']?([^\s"',;{}]{4,200})["']?/gi },
+  // PGPASSWORD=xxx (explicit bash env-var form, separate rule because no quotes usually)
+  { kind: "pgpassword-env", regex: /\b(PGPASSWORD)=([^\s"']{4,200})/g },
+  // JDBC/PG/MySQL/Mongo connection strings with inline credentials
+  // postgresql://user:pass@host/db → redact pass
+  { kind: "db-uri-password", regex: /(\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis|amqp|mssql):\/\/[^:\s]+:)([^@\s]+)(@)/gi },
+  // Anthropic API keys
+  { kind: "anthropic-key", regex: /(sk-ant-[a-zA-Z0-9_-]{90,})/g },
+  // L6 (v0.4.108): Zhipu / GLM API keys — `<24+ hex/base64-ish>.<32+>`
+  // Two segments separated by a dot, each safely identifiable by length
+  // and char class. Conservative on the lower bound so we don't eat
+  // version strings like `1.0.0` or filenames.
+  { kind: "zhipu-key", regex: /\b([a-zA-Z0-9]{24,}\.[a-zA-Z0-9]{32,})\b/g },
+  // OpenAI / generic sk- keys — requires length ≥32 to avoid eating short identifiers
+  { kind: "openai-key", regex: /(sk-(?:proj-)?[a-zA-Z0-9_-]{32,})/g },
+  // GitHub personal access tokens
+  { kind: "github-pat", regex: /\b(ghp_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-oauth", regex: /\b(gho_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-install", regex: /\b(ghs_[a-zA-Z0-9]{36})\b/g },
+  // Slack tokens
+  { kind: "slack-bot", regex: /\b(xoxb-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  { kind: "slack-user", regex: /\b(xoxp-\d+-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  // AWS access key IDs (AKIA...) and secret access keys are context-dependent;
+  // we only catch the ID because secret key alone is indistinguishable from random base64.
+  { kind: "aws-access-key-id", regex: /\b(AKIA[0-9A-Z]{16})\b/g },
+  // Google API keys
+  { kind: "google-api-key", regex: /\b(AIza[0-9A-Za-z_-]{35})\b/g },
+  // Generic "api_key": "..." / "apiKey": "..." / api-key=xxx
+  { kind: "api-key", regex: /\b(api[_-]?key)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{16,200})["']?/gi },
+  // Generic token: xxx (only when value looks token-shaped; avoids eating human prose)
+  { kind: "token", regex: /\b(token|access[_-]?token|bearer[_-]?token)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{20,300})["']?/gi },
+  // Bearer <token> in Authorization headers
+  { kind: "bearer", regex: /\b(Authorization:\s*Bearer\s+)([a-zA-Z0-9_\-.=]{20,500})/g },
+  // Private key PEM blocks — catch the header+footer together
+  { kind: "private-key", regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g }
+];
+var MAX_CUSTOM = 32;
+var MAX_PATTERN_LEN = 500;
+var SUSPICIOUS_REDOS = /\([^)]*[+*][^)]*\)\s*[+*{]/;
+function render(placeholder, kind) {
+  return placeholder.replace("{kind}", kind);
+}
+function redactString(input, options) {
+  if (!options.enabled || !input) return { redacted: input, hits: [] };
+  const placeholder = options.placeholder ?? "[REDACTED:{kind}]";
+  const customSrcs = (options.customRegexes ?? []).slice(0, MAX_CUSTOM);
+  const patterns = [
+    ...options.patterns ?? DEFAULT_PATTERNS,
+    ...customSrcs.flatMap((src, i) => {
+      if (typeof src !== "string" || src.length === 0 || src.length > MAX_PATTERN_LEN) return [];
+      try {
+        const flags = src.match(/^\/.*\/([gimsuy]*)$/)?.[1] ?? "";
+        const body = src.replace(/^\/(.*)\/[gimsuy]*$/, "$1");
+        if (SUSPICIOUS_REDOS.test(body)) return [];
+        const regex = new RegExp(body, flags.includes("g") ? flags : flags + "g");
+        return [{ kind: `custom-${i}`, regex }];
+      } catch {
+        return [];
+      }
+    })
+  ];
+  let redacted = input;
+  const hits = [];
+  for (const { kind, regex } of patterns) {
+    const rx = new RegExp(regex.source, regex.flags);
+    const captureCount = new RegExp(rx.source + "|").exec("").length - 1;
+    redacted = redacted.replace(rx, (...args) => {
+      const match = args[0];
+      const g1 = captureCount >= 1 ? args[1] : void 0;
+      const g2 = captureCount >= 2 ? args[2] : void 0;
+      const offset = args[1 + captureCount];
+      if (captureCount >= 2 && typeof g2 === "string") {
+        hits.push({ kind, start: offset + (g1?.length ?? 0), length: g2.length, secret: g2 });
+        return `${g1}${render(placeholder, kind)}`;
+      }
+      hits.push({ kind, start: offset, length: match.length, secret: g1 ?? match });
+      return render(placeholder, kind);
+    });
+  }
+  return { redacted, hits };
+}
+function redactJson(value, options) {
+  if (!options.enabled) return { value, hits: [] };
+  const allHits = [];
+  function walk(v) {
+    if (typeof v === "string") {
+      const r = redactString(v, options);
+      allHits.push(...r.hits);
+      return r.redacted;
+    }
+    if (Array.isArray(v)) return v.map(walk);
+    if (v && typeof v === "object") {
+      const out = {};
+      for (const [k, vv] of Object.entries(v)) {
+        out[k] = walk(vv);
+      }
+      return out;
+    }
+    return v;
+  }
+  const redacted = walk(value);
+  return { value: redacted, hits: allHits };
+}
+function scanString(input, options) {
+  const { hits } = redactString(input, { ...options, enabled: true });
+  return hits;
+}
+
+export {
+  DEFAULT_PATTERNS,
+  redactString,
+  redactJson,
+  scanString
+};