jinzd-ai-cli 0.4.209 → 0.4.211

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -43,7 +43,7 @@
43
43
  - **MCP Protocol** — Connect external MCP servers for dynamic tool discovery
44
44
  - **Multi-User Auth** — Web UI supports multiple users with password authentication
45
45
  - **PWA Support** — Install Web UI as a desktop/mobile app, accessible over LAN
46
- - **Hierarchical Context** — 3-layer context files (global / project / subdirectory) auto-injected
46
+ - **Hierarchical Context** — 3-layer context files (global / project / subdirectory) auto-injected; supports native AICLI.md, Claude-compatible CLAUDE.md, and Codex-compatible AGENTS.md with override files
47
47
  - **Headless Mode** — `ai-cli -p "prompt"` for CI/CD pipelines and scripting
48
48
  - **44 REPL Commands** — Session management, checkpointing, code review, security review/scan, rewind, scaffolding, cross-session history search, chat-memory recall, smart model routing (`/route`), and more
49
49
  - **GitHub Actions CI/CD** — Automated testing on Node 20/22 + npm publish on release tags
@@ -329,7 +329,65 @@ Control when tools require confirmation. Rules are checked in order — first ma
329
329
  | `action` | `auto-approve` (skip confirmation), `deny` (block), `confirm` (ask user) |
330
330
  | `when.dangerLevel` | Only match when danger level is `safe`, `write`, or `destructive` |
331
331
  | `when.pathPattern` | Substring match against tool's `path` or `command` argument |
332
-
332
+
333
+ ### Permission Profiles
334
+
335
+ Permission profiles provide coarse-grained safety boundaries before fine-grained `permissionRules` run. The default profile is `legacy`, so existing configs keep their old behavior.
336
+
337
+ Built-in profiles:
338
+
339
+ | Profile | Behavior |
340
+ |---------|----------|
341
+ | `legacy` | Backward-compatible mode. Uses `permissionRules` and `defaultPermission` as before. |
342
+ | `read-only` | Allows known read-only/safe tools and safe MCP tools; blocks write and destructive tools. |
343
+ | `workspace-write` | Allows explicit file writes only inside the workspace roots or temp dirs; destructive tools still require confirmation. |
344
+ | `danger-full-access` | Auto-approves non-destructive tools by default; destructive tools still require confirmation. Use only in isolated environments. |
345
+
346
+ ```json
347
+ {
348
+ "defaultPermissionProfile": "workspace-write",
349
+ "allowedPermissionProfiles": ["legacy", "read-only", "workspace-write", "danger-full-access"],
350
+ "permissionProfiles": {
351
+ "workspace-write": {
352
+ "workspaceRoots": ["D:/github/ai-cli"],
353
+ "allowTemp": true,
354
+ "rules": [
355
+ { "tool": "read_file", "action": "auto-approve" },
356
+ { "tool": "list_dir", "action": "auto-approve" }
357
+ ]
358
+ }
359
+ },
360
+ "permissionRules": [
361
+ { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } }
362
+ ]
363
+ }
364
+ ```
365
+
366
+ `/status` and `/security status` show the active profile. The Web status payload also includes `permissionProfile` for UI surfaces.
367
+ ### Network Policy
368
+
369
+ `networkPolicy` is disabled by default for backward compatibility. When enabled, it governs network-facing tools before execution: `web_fetch`, `web_search`, `google_search`, MCP tools, and shell commands that look like network access (`curl`, `wget`, `git clone/fetch/pull/push`, package installs, SSH/SCP, etc.).
370
+
371
+ ```json
372
+ {
373
+ "networkPolicy": {
374
+ "enabled": true,
375
+ "defaultAction": "confirm",
376
+ "allowDomains": ["github.com", "docs.anthropic.com", "platform.openai.com"],
377
+ "denyDomains": ["example-danger.test"],
378
+ "allowPrivateNetwork": false,
379
+ "tools": {
380
+ "web_fetch": "confirm",
381
+ "web_search": "allow",
382
+ "google_search": "confirm",
383
+ "shell": "confirm",
384
+ "mcp": "confirm"
385
+ }
386
+ }
387
+ }
388
+ ```
389
+
390
+ Actions are `allow`, `confirm`, or `deny`. Domain entries match the exact host or subdomains; port lists match the resolved URL port. Private/internal hosts such as `localhost`, `127.0.0.1`, `10.0.0.0/8`, `192.168.0.0/16`, and private IPv6 ranges are blocked unless `allowPrivateNetwork` is true.
333
391
  **Recommended minimal config** — auto-approve all read-only tools to reduce y/N prompts:
334
392
 
335
393
  ```json
@@ -370,11 +428,11 @@ ai-cli automatically discovers and injects context files into the system prompt:
370
428
 
371
429
  | Layer | Path | Purpose |
372
430
  |-------|------|---------|
373
- | Global | `~/.aicli/AICLI.md` | Personal preferences across all projects |
374
- | Project | `<git-root>/AICLI.md` | Project rules (commit to git for team sharing) |
375
- | Subdirectory | `<cwd>/AICLI.md` | Directory-specific instructions |
431
+ | Global | `~/.aicli/<context-file>` | Personal preferences across all projects |
432
+ | Project | `<git-root>/<context-file>` | Project rules (commit to git for team sharing) |
433
+ | Subdirectory | `<cwd>/<context-file>` | Directory-specific instructions |
376
434
 
377
- Also supports `CLAUDE.md` as an alternative filename at each layer.
435
+ At each layer, ai-cli loads the first non-empty file in this priority order: `AICLI.override.md`, `AGENTS.override.md`, `AICLI.md`, `CLAUDE.md`, `AGENTS.md`. `AICLI.md` is the native filename; `CLAUDE.md` and `AGENTS.md` are compatibility filenames for Claude Code and Codex-style projects.
378
436
 
379
437
  ### MCP Integration
380
438
 
@@ -422,6 +480,46 @@ npm run test:watch # Watch mode
422
480
 
423
481
  79 offline test files covering: authentication, sessions, tool types & danger levels, permissions, output truncation, diff rendering, edit-file similarity, error hierarchy, config management, env loading, provider registry, web-fetch, grep-files, hub renderer, hub discussion, hub presets, dev-state, token estimator, tool registry budget, parallel tool execution, cost tracker, session tool history.
424
482
 
483
+ ## Releasing (Version Bump → npm Publish → GitHub Push)
484
+
485
+ > **For contributors and AI agents: the entire release is driven by [`scripts/release.mjs`](scripts/release.mjs). Never manually bump the version or run `npm publish` yourself** — a hand-publish of `0.4.207` shipped a version that reported the wrong number and forced a corrective re-release (`0.4.208`). The script's guards exist precisely to stop that.
486
+
487
+ **Prerequisites**
488
+
489
+ - You are on the `main` branch and the changes to ship are already in the working tree.
490
+ - `npx tsc --noEmit` is clean and `npm test` is green (the script enforces both and rolls the bump back on failure).
491
+ - You are logged into npm as the package owner (`npm whoami`).
492
+ - You have push access to the GitHub remote.
493
+
494
+ **Step 1 — Write the milestone entry FIRST (Guard A).** Add a one-line entry to the `## 最近里程碑` section of [`CLAUDE.md`](CLAUDE.md) that contains the exact full-width-parenthesis marker `(vX.Y.Z)` for the target version. The script refuses to start without it. (Full narrative goes in `CHANGELOG.md`; this section is just the index line.)
495
+
496
+ **Step 2 — Run the release script.**
497
+
498
+ ```bash
499
+ # patch: 0.4.209 → 0.4.210 (also accepts: minor / major / an explicit x.y.z)
500
+ node scripts/release.mjs patch -m "fix(scope): one-line commit title"
501
+
502
+ # preview only — validates guards, writes nothing:
503
+ node scripts/release.mjs patch -m "..." --dry-run
504
+ ```
505
+
506
+ - Do **not** put a `(vX.Y.Z)` suffix in `-m`; the script appends it automatically.
507
+ - On Windows PowerShell, call `node` directly — `npm run release -- -m ...` swallows the `-m` argument.
508
+
509
+ **What the script does, in order:**
510
+
511
+ 1. **Guard A** — asserts `CLAUDE.md` contains the `(vX.Y.Z)` milestone entry.
512
+ 2. Bumps the version in **three** places: `package.json`, `src/core/constants.ts` (`VERSION`), and `CLAUDE.md` (`**当前版本**`).
513
+ 3. **Guard B** — re-reads all three files from disk and asserts every bump landed.
514
+ 4. **Guard C** — `tsc --noEmit` must be zero-error (rolls the bump back on failure).
515
+ 5. `npm test` must pass (rolls the bump back on failure).
516
+ 6. Prints the exact file list entering the release commit and blocks if any looks sensitive (`.env`, `*.pem`, `*.key`, `secret`, …). Override consciously with `--allow-sensitive`.
517
+ 7. `git add -A` + commit `"<title> (vX.Y.Z)"` (message passed via argv, not shell-interpolated).
518
+ 8. `npm publish` (the build runs automatically via `prepublishOnly`), then re-queries the registry to confirm the new version is live.
519
+ 9. `git push` to `main`.
520
+
521
+ **Optional flags:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`.
522
+
425
523
  ## Documentation
426
524
 
427
525
  - [`docs/USAGE.md`](docs/USAGE.md) — Complete reference manual (commands, tools, config)
package/README.zh-CN.md CHANGED
@@ -35,7 +35,7 @@
35
35
  - **MCP 协议** — 接入外部 MCP 服务器,动态发现工具
36
36
  - **多用户认证** — Web UI 支持多用户密码登录
37
37
  - **PWA 支持** — Web UI 可安装为桌面/移动应用,支持局域网访问
38
- - **三层级上下文** — 全局 / 项目 / 子目录上下文文件自动注入
38
+ - **三层级上下文** — 全局 / 项目 / 子目录上下文文件自动注入;支持原生 `AICLI.md`、Claude 兼容 `CLAUDE.md`、Codex 兼容 `AGENTS.md` 及 override 文件
39
39
  - **无头模式** — `aicli -p "提示词"` 用于 CI/CD 管道和脚本
40
40
  - **44 个 REPL 命令** — 会话管理、检查点、代码审查、安全审查/扫描、对话回退、脚手架、聊天记忆召回、智能模型路由(`/route`)等
41
41
  - **GitHub Actions CI/CD** — Node 20/22 自动测试 + Release tag 自动发布 npm
@@ -391,11 +391,11 @@ ai-cli 自动发现并注入上下文文件到 system prompt:
391
391
 
392
392
  | 层级 | 路径 | 用途 |
393
393
  |------|------|------|
394
- | 全局层 | `~/.aicli/AICLI.md` | 所有项目通用的个人偏好 |
395
- | 项目层 | `<git-root>/AICLI.md` | 项目级规则(提交到 git 供团队共享) |
396
- | 子目录层 | `<cwd>/AICLI.md` | 当前子目录的特定指令 |
394
+ | 全局层 | `~/.aicli/<context-file>` | 所有项目通用的个人偏好 |
395
+ | 项目层 | `<git-root>/<context-file>` | 项目级规则(提交到 git 供团队共享) |
396
+ | 子目录层 | `<cwd>/<context-file>` | 当前子目录的特定指令 |
397
397
 
398
- 每层也支持 `CLAUDE.md` 作为备选文件名。
398
+ 每层按以下优先级加载第一个非空文件:`AICLI.override.md` `AGENTS.override.md` → `AICLI.md` → `CLAUDE.md` → `AGENTS.md`。`AICLI.md` 是 ai-cli 原生文件名;`CLAUDE.md` 和 `AGENTS.md` 分别用于兼容 Claude Code 与 Codex 风格项目。
399
399
 
400
400
  ### MCP 集成
401
401
 
@@ -441,6 +441,46 @@ npm run test:watch # 监听模式
441
441
 
442
442
  26 个测试套件覆盖:认证、会话、工具类型与危险级别、权限、输出截断、diff 渲染、edit-file 相似度、错误层级、配置管理、环境变量、Provider 注册、web-fetch、grep-files、Hub 渲染、Hub 讨论、Hub 预设、开发状态、Token 估算、工具注册表预算、并行工具执行、费用追踪、会话工具历史。
443
443
 
444
+ ## 发布(版本提升 → npm 发布 → 推送 GitHub)
445
+
446
+ > **给贡献者与 AI 模型:整个发布流程一律走 [`scripts/release.mjs`](scripts/release.mjs),切勿手动 bump 版本号或自己跑 `npm publish`。** 曾经手工 publish 的 `0.4.207` 装上后 `--version` 报错版本号,被迫补发 `0.4.208` 对齐——脚本的四道守卫就是为拦住这类事故而存在。
447
+
448
+ **前置条件**
449
+
450
+ - 当前在 `main` 分支,待发布的改动已在工作区。
451
+ - `npx tsc --noEmit` 零错误、`npm test` 全绿(脚本会强制校验,失败自动回滚版本号)。
452
+ - 已登录 npm 且是包的 owner(`npm whoami`)。
453
+ - 有 GitHub 远端推送权限。
454
+
455
+ **第 1 步 —— 先写里程碑条目(Guard A)。** 在 [`CLAUDE.md`](CLAUDE.md) 的 `## 最近里程碑` 一节加一行,条目中必须含目标版本的**全角括号**标记 `(vX.Y.Z)`,否则脚本拒绝启动。(完整叙事写进 `CHANGELOG.md`,本节只留一行式索引。)
456
+
457
+ **第 2 步 —— 运行发布脚本。**
458
+
459
+ ```bash
460
+ # patch:0.4.209 → 0.4.210(也支持 minor / major / 显式 x.y.z)
461
+ node scripts/release.mjs patch -m "fix(scope): 一句话 commit 标题"
462
+
463
+ # 仅预览,只校验守卫、不改任何文件:
464
+ node scripts/release.mjs patch -m "..." --dry-run
465
+ ```
466
+
467
+ - `-m` 里**不要**自带 `(vX.Y.Z)` 后缀,脚本会自动追加。
468
+ - Windows PowerShell 下请直接用 `node` 调用——`npm run release -- -m ...` 会把 `-m` 参数吞掉。
469
+
470
+ **脚本执行顺序:**
471
+
472
+ 1. **Guard A** —— 断言 `CLAUDE.md` 已含 `(vX.Y.Z)` 里程碑条目。
473
+ 2. bump **三处**版本号:`package.json`、`src/core/constants.ts`(`VERSION`)、`CLAUDE.md`(`**当前版本**`)。
474
+ 3. **Guard B** —— 从磁盘重读这三处,逐一断言都真的改到了。
475
+ 4. **Guard C** —— `tsc --noEmit` 必须零错误(失败则回滚版本号)。
476
+ 5. `npm test` 必须全绿(失败则回滚版本号)。
477
+ 6. 打印进入发布 commit 的完整文件清单,若含疑似敏感文件(`.env`、`*.pem`、`*.key`、`secret`…)直接拦下,确认无误加 `--allow-sensitive`。
478
+ 7. `git add -A` + commit `"<标题> (vX.Y.Z)"`(消息走 argv 传参,不经 shell 拼接)。
479
+ 8. `npm publish`(build 经 `prepublishOnly` 自动跑),再回查 registry 确认新版本已上线。
480
+ 9. `git push` 推送 `main`。
481
+
482
+ **可选 flag:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`。
483
+
444
484
  ## 文档
445
485
 
446
486
  - [English README](README.md) — English documentation
@@ -1,9 +1,9 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  ConfigManager
4
- } from "./chunk-DUZRQXIP.js";
4
+ } from "./chunk-UOROWTGG.js";
5
5
  import "./chunk-TZQHYZKT.js";
6
- import "./chunk-UPMBIS4T.js";
6
+ import "./chunk-E5XCM4A6.js";
7
7
  import {
8
8
  atomicWriteFileSync
9
9
  } from "./chunk-IW3Q7AE5.js";
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  TEST_TIMEOUT
4
- } from "./chunk-UPMBIS4T.js";
4
+ } from "./chunk-E5XCM4A6.js";
5
5
 
6
6
  // src/tools/builtin/run-tests.ts
7
7
  import { execSync, spawnSync } from "child_process";
@@ -2,7 +2,7 @@
2
2
  import {
3
3
  CONFIG_DIR_NAME,
4
4
  VERSION
5
- } from "./chunk-UPMBIS4T.js";
5
+ } from "./chunk-E5XCM4A6.js";
6
6
 
7
7
  // src/diagnostics/crash-log.ts
8
8
  import {