jinzd-ai-cli 0.4.209 → 0.4.211
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +104 -6
- package/README.zh-CN.md +45 -5
- package/dist/{batch-45WLJUVP.js → batch-DE4RXKZD.js} +2 -2
- package/dist/{chunk-EN63JA7N.js → chunk-6NS6643Y.js} +1 -1
- package/dist/{chunk-D6M4E7SH.js → chunk-BE6ERF7M.js} +1 -1
- package/dist/{chunk-ATNYI6JL.js → chunk-C3OU2OPF.js} +374 -22
- package/dist/{chunk-UPMBIS4T.js → chunk-E5XCM4A6.js} +5 -3
- package/dist/{chunk-STIEOOOL.js → chunk-JBWA73GK.js} +1 -1
- package/dist/{chunk-DUZRQXIP.js → chunk-UOROWTGG.js} +45 -6
- package/dist/{chunk-JVLRMIHA.js → chunk-ZOPYREL5.js} +312 -38
- package/dist/{chunk-EYID2AIR.js → chunk-ZY2N2N6T.js} +5 -3
- package/dist/{ci-PUE3MQ7J.js → ci-XMUEX526.js} +2 -2
- package/dist/{constants-VTZLKDAG.js → constants-AWTIQIWG.js} +3 -1
- package/dist/{doctor-cli-IU6FSVLF.js → doctor-cli-SSI6ETFT.js} +4 -4
- package/dist/electron-server.js +1006 -471
- package/dist/{hub-4ETK4R2J.js → hub-INUJND2G.js} +1 -1
- package/dist/index.js +137 -367
- package/dist/{run-tests-NDS2IEMK.js → run-tests-3MHWUF43.js} +2 -2
- package/dist/{run-tests-UAS5NJBM.js → run-tests-PACN4UYX.js} +1 -1
- package/dist/{server-72SAPLPS.js → server-7USZJJAH.js} +4 -4
- package/dist/{server-4URLNC7P.js → server-BTSKOPQI.js} +139 -311
- package/dist/{task-orchestrator-6PZTB35T.js → task-orchestrator-OV4O25MX.js} +4 -4
- package/dist/{usage-ZNCKGF6U.js → usage-T2P6FTE7.js} +2 -2
- package/dist/web/client/app.js +1 -1
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -43,7 +43,7 @@
|
|
|
43
43
|
- **MCP Protocol** — Connect external MCP servers for dynamic tool discovery
|
|
44
44
|
- **Multi-User Auth** — Web UI supports multiple users with password authentication
|
|
45
45
|
- **PWA Support** — Install Web UI as a desktop/mobile app, accessible over LAN
|
|
46
|
-
- **Hierarchical Context** — 3-layer context files (global / project / subdirectory) auto-injected
|
|
46
|
+
- **Hierarchical Context** — 3-layer context files (global / project / subdirectory) auto-injected; supports native AICLI.md, Claude-compatible CLAUDE.md, and Codex-compatible AGENTS.md with override files
|
|
47
47
|
- **Headless Mode** — `ai-cli -p "prompt"` for CI/CD pipelines and scripting
|
|
48
48
|
- **44 REPL Commands** — Session management, checkpointing, code review, security review/scan, rewind, scaffolding, cross-session history search, chat-memory recall, smart model routing (`/route`), and more
|
|
49
49
|
- **GitHub Actions CI/CD** — Automated testing on Node 20/22 + npm publish on release tags
|
|
@@ -329,7 +329,65 @@ Control when tools require confirmation. Rules are checked in order — first ma
|
|
|
329
329
|
| `action` | `auto-approve` (skip confirmation), `deny` (block), `confirm` (ask user) |
|
|
330
330
|
| `when.dangerLevel` | Only match when danger level is `safe`, `write`, or `destructive` |
|
|
331
331
|
| `when.pathPattern` | Substring match against tool's `path` or `command` argument |
|
|
332
|
-
|
|
332
|
+
|
|
333
|
+
### Permission Profiles
|
|
334
|
+
|
|
335
|
+
Permission profiles provide coarse-grained safety boundaries before fine-grained `permissionRules` run. The default profile is `legacy`, so existing configs keep their old behavior.
|
|
336
|
+
|
|
337
|
+
Built-in profiles:
|
|
338
|
+
|
|
339
|
+
| Profile | Behavior |
|
|
340
|
+
|---------|----------|
|
|
341
|
+
| `legacy` | Backward-compatible mode. Uses `permissionRules` and `defaultPermission` as before. |
|
|
342
|
+
| `read-only` | Allows known read-only/safe tools and safe MCP tools; blocks write and destructive tools. |
|
|
343
|
+
| `workspace-write` | Allows explicit file writes only inside the workspace roots or temp dirs; destructive tools still require confirmation. |
|
|
344
|
+
| `danger-full-access` | Auto-approves non-destructive tools by default; destructive tools still require confirmation. Use only in isolated environments. |
|
|
345
|
+
|
|
346
|
+
```json
|
|
347
|
+
{
|
|
348
|
+
"defaultPermissionProfile": "workspace-write",
|
|
349
|
+
"allowedPermissionProfiles": ["legacy", "read-only", "workspace-write", "danger-full-access"],
|
|
350
|
+
"permissionProfiles": {
|
|
351
|
+
"workspace-write": {
|
|
352
|
+
"workspaceRoots": ["D:/github/ai-cli"],
|
|
353
|
+
"allowTemp": true,
|
|
354
|
+
"rules": [
|
|
355
|
+
{ "tool": "read_file", "action": "auto-approve" },
|
|
356
|
+
{ "tool": "list_dir", "action": "auto-approve" }
|
|
357
|
+
]
|
|
358
|
+
}
|
|
359
|
+
},
|
|
360
|
+
"permissionRules": [
|
|
361
|
+
{ "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } }
|
|
362
|
+
]
|
|
363
|
+
}
|
|
364
|
+
```
|
|
365
|
+
|
|
366
|
+
`/status` and `/security status` show the active profile. The Web status payload also includes `permissionProfile` for UI surfaces.
|
|
367
|
+
### Network Policy
|
|
368
|
+
|
|
369
|
+
`networkPolicy` is disabled by default for backward compatibility. When enabled, it governs network-facing tools before execution: `web_fetch`, `web_search`, `google_search`, MCP tools, and shell commands that look like network access (`curl`, `wget`, `git clone/fetch/pull/push`, package installs, SSH/SCP, etc.).
|
|
370
|
+
|
|
371
|
+
```json
|
|
372
|
+
{
|
|
373
|
+
"networkPolicy": {
|
|
374
|
+
"enabled": true,
|
|
375
|
+
"defaultAction": "confirm",
|
|
376
|
+
"allowDomains": ["github.com", "docs.anthropic.com", "platform.openai.com"],
|
|
377
|
+
"denyDomains": ["example-danger.test"],
|
|
378
|
+
"allowPrivateNetwork": false,
|
|
379
|
+
"tools": {
|
|
380
|
+
"web_fetch": "confirm",
|
|
381
|
+
"web_search": "allow",
|
|
382
|
+
"google_search": "confirm",
|
|
383
|
+
"shell": "confirm",
|
|
384
|
+
"mcp": "confirm"
|
|
385
|
+
}
|
|
386
|
+
}
|
|
387
|
+
}
|
|
388
|
+
```
|
|
389
|
+
|
|
390
|
+
Actions are `allow`, `confirm`, or `deny`. Domain entries match the exact host or subdomains; port lists match the resolved URL port. Private/internal hosts such as `localhost`, `127.0.0.1`, `10.0.0.0/8`, `192.168.0.0/16`, and private IPv6 ranges are blocked unless `allowPrivateNetwork` is true.
|
|
333
391
|
**Recommended minimal config** — auto-approve all read-only tools to reduce y/N prompts:
|
|
334
392
|
|
|
335
393
|
```json
|
|
@@ -370,11 +428,11 @@ ai-cli automatically discovers and injects context files into the system prompt:
|
|
|
370
428
|
|
|
371
429
|
| Layer | Path | Purpose |
|
|
372
430
|
|-------|------|---------|
|
|
373
|
-
| Global | `~/.aicli
|
|
374
|
-
| Project | `<git-root
|
|
375
|
-
| Subdirectory | `<cwd
|
|
431
|
+
| Global | `~/.aicli/<context-file>` | Personal preferences across all projects |
|
|
432
|
+
| Project | `<git-root>/<context-file>` | Project rules (commit to git for team sharing) |
|
|
433
|
+
| Subdirectory | `<cwd>/<context-file>` | Directory-specific instructions |
|
|
376
434
|
|
|
377
|
-
|
|
435
|
+
At each layer, ai-cli loads the first non-empty file in this priority order: `AICLI.override.md`, `AGENTS.override.md`, `AICLI.md`, `CLAUDE.md`, `AGENTS.md`. `AICLI.md` is the native filename; `CLAUDE.md` and `AGENTS.md` are compatibility filenames for Claude Code and Codex-style projects.
|
|
378
436
|
|
|
379
437
|
### MCP Integration
|
|
380
438
|
|
|
@@ -422,6 +480,46 @@ npm run test:watch # Watch mode
|
|
|
422
480
|
|
|
423
481
|
79 offline test files covering: authentication, sessions, tool types & danger levels, permissions, output truncation, diff rendering, edit-file similarity, error hierarchy, config management, env loading, provider registry, web-fetch, grep-files, hub renderer, hub discussion, hub presets, dev-state, token estimator, tool registry budget, parallel tool execution, cost tracker, session tool history.
|
|
424
482
|
|
|
483
|
+
## Releasing (Version Bump → npm Publish → GitHub Push)
|
|
484
|
+
|
|
485
|
+
> **For contributors and AI agents: the entire release is driven by [`scripts/release.mjs`](scripts/release.mjs). Never manually bump the version or run `npm publish` yourself** — a hand-publish of `0.4.207` shipped a version that reported the wrong number and forced a corrective re-release (`0.4.208`). The script's guards exist precisely to stop that.
|
|
486
|
+
|
|
487
|
+
**Prerequisites**
|
|
488
|
+
|
|
489
|
+
- You are on the `main` branch and the changes to ship are already in the working tree.
|
|
490
|
+
- `npx tsc --noEmit` is clean and `npm test` is green (the script enforces both and rolls the bump back on failure).
|
|
491
|
+
- You are logged into npm as the package owner (`npm whoami`).
|
|
492
|
+
- You have push access to the GitHub remote.
|
|
493
|
+
|
|
494
|
+
**Step 1 — Write the milestone entry FIRST (Guard A).** Add a one-line entry to the `## 最近里程碑` section of [`CLAUDE.md`](CLAUDE.md) that contains the exact full-width-parenthesis marker `(vX.Y.Z)` for the target version. The script refuses to start without it. (Full narrative goes in `CHANGELOG.md`; this section is just the index line.)
|
|
495
|
+
|
|
496
|
+
**Step 2 — Run the release script.**
|
|
497
|
+
|
|
498
|
+
```bash
|
|
499
|
+
# patch: 0.4.209 → 0.4.210 (also accepts: minor / major / an explicit x.y.z)
|
|
500
|
+
node scripts/release.mjs patch -m "fix(scope): one-line commit title"
|
|
501
|
+
|
|
502
|
+
# preview only — validates guards, writes nothing:
|
|
503
|
+
node scripts/release.mjs patch -m "..." --dry-run
|
|
504
|
+
```
|
|
505
|
+
|
|
506
|
+
- Do **not** put a `(vX.Y.Z)` suffix in `-m`; the script appends it automatically.
|
|
507
|
+
- On Windows PowerShell, call `node` directly — `npm run release -- -m ...` swallows the `-m` argument.
|
|
508
|
+
|
|
509
|
+
**What the script does, in order:**
|
|
510
|
+
|
|
511
|
+
1. **Guard A** — asserts `CLAUDE.md` contains the `(vX.Y.Z)` milestone entry.
|
|
512
|
+
2. Bumps the version in **three** places: `package.json`, `src/core/constants.ts` (`VERSION`), and `CLAUDE.md` (`**当前版本**`).
|
|
513
|
+
3. **Guard B** — re-reads all three files from disk and asserts every bump landed.
|
|
514
|
+
4. **Guard C** — `tsc --noEmit` must be zero-error (rolls the bump back on failure).
|
|
515
|
+
5. `npm test` must pass (rolls the bump back on failure).
|
|
516
|
+
6. Prints the exact file list entering the release commit and blocks if any looks sensitive (`.env`, `*.pem`, `*.key`, `secret`, …). Override consciously with `--allow-sensitive`.
|
|
517
|
+
7. `git add -A` + commit `"<title> (vX.Y.Z)"` (message passed via argv, not shell-interpolated).
|
|
518
|
+
8. `npm publish` (the build runs automatically via `prepublishOnly`), then re-queries the registry to confirm the new version is live.
|
|
519
|
+
9. `git push` to `main`.
|
|
520
|
+
|
|
521
|
+
**Optional flags:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`.
|
|
522
|
+
|
|
425
523
|
## Documentation
|
|
426
524
|
|
|
427
525
|
- [`docs/USAGE.md`](docs/USAGE.md) — Complete reference manual (commands, tools, config)
|
package/README.zh-CN.md
CHANGED
|
@@ -35,7 +35,7 @@
|
|
|
35
35
|
- **MCP 协议** — 接入外部 MCP 服务器,动态发现工具
|
|
36
36
|
- **多用户认证** — Web UI 支持多用户密码登录
|
|
37
37
|
- **PWA 支持** — Web UI 可安装为桌面/移动应用,支持局域网访问
|
|
38
|
-
- **三层级上下文** — 全局 / 项目 /
|
|
38
|
+
- **三层级上下文** — 全局 / 项目 / 子目录上下文文件自动注入;支持原生 `AICLI.md`、Claude 兼容 `CLAUDE.md`、Codex 兼容 `AGENTS.md` 及 override 文件
|
|
39
39
|
- **无头模式** — `aicli -p "提示词"` 用于 CI/CD 管道和脚本
|
|
40
40
|
- **44 个 REPL 命令** — 会话管理、检查点、代码审查、安全审查/扫描、对话回退、脚手架、聊天记忆召回、智能模型路由(`/route`)等
|
|
41
41
|
- **GitHub Actions CI/CD** — Node 20/22 自动测试 + Release tag 自动发布 npm
|
|
@@ -391,11 +391,11 @@ ai-cli 自动发现并注入上下文文件到 system prompt:
|
|
|
391
391
|
|
|
392
392
|
| 层级 | 路径 | 用途 |
|
|
393
393
|
|------|------|------|
|
|
394
|
-
| 全局层 | `~/.aicli
|
|
395
|
-
| 项目层 | `<git-root
|
|
396
|
-
| 子目录层 | `<cwd
|
|
394
|
+
| 全局层 | `~/.aicli/<context-file>` | 所有项目通用的个人偏好 |
|
|
395
|
+
| 项目层 | `<git-root>/<context-file>` | 项目级规则(提交到 git 供团队共享) |
|
|
396
|
+
| 子目录层 | `<cwd>/<context-file>` | 当前子目录的特定指令 |
|
|
397
397
|
|
|
398
|
-
|
|
398
|
+
每层按以下优先级加载第一个非空文件:`AICLI.override.md` → `AGENTS.override.md` → `AICLI.md` → `CLAUDE.md` → `AGENTS.md`。`AICLI.md` 是 ai-cli 原生文件名;`CLAUDE.md` 和 `AGENTS.md` 分别用于兼容 Claude Code 与 Codex 风格项目。
|
|
399
399
|
|
|
400
400
|
### MCP 集成
|
|
401
401
|
|
|
@@ -441,6 +441,46 @@ npm run test:watch # 监听模式
|
|
|
441
441
|
|
|
442
442
|
26 个测试套件覆盖:认证、会话、工具类型与危险级别、权限、输出截断、diff 渲染、edit-file 相似度、错误层级、配置管理、环境变量、Provider 注册、web-fetch、grep-files、Hub 渲染、Hub 讨论、Hub 预设、开发状态、Token 估算、工具注册表预算、并行工具执行、费用追踪、会话工具历史。
|
|
443
443
|
|
|
444
|
+
## 发布(版本提升 → npm 发布 → 推送 GitHub)
|
|
445
|
+
|
|
446
|
+
> **给贡献者与 AI 模型:整个发布流程一律走 [`scripts/release.mjs`](scripts/release.mjs),切勿手动 bump 版本号或自己跑 `npm publish`。** 曾经手工 publish 的 `0.4.207` 装上后 `--version` 报错版本号,被迫补发 `0.4.208` 对齐——脚本的四道守卫就是为拦住这类事故而存在。
|
|
447
|
+
|
|
448
|
+
**前置条件**
|
|
449
|
+
|
|
450
|
+
- 当前在 `main` 分支,待发布的改动已在工作区。
|
|
451
|
+
- `npx tsc --noEmit` 零错误、`npm test` 全绿(脚本会强制校验,失败自动回滚版本号)。
|
|
452
|
+
- 已登录 npm 且是包的 owner(`npm whoami`)。
|
|
453
|
+
- 有 GitHub 远端推送权限。
|
|
454
|
+
|
|
455
|
+
**第 1 步 —— 先写里程碑条目(Guard A)。** 在 [`CLAUDE.md`](CLAUDE.md) 的 `## 最近里程碑` 一节加一行,条目中必须含目标版本的**全角括号**标记 `(vX.Y.Z)`,否则脚本拒绝启动。(完整叙事写进 `CHANGELOG.md`,本节只留一行式索引。)
|
|
456
|
+
|
|
457
|
+
**第 2 步 —— 运行发布脚本。**
|
|
458
|
+
|
|
459
|
+
```bash
|
|
460
|
+
# patch:0.4.209 → 0.4.210(也支持 minor / major / 显式 x.y.z)
|
|
461
|
+
node scripts/release.mjs patch -m "fix(scope): 一句话 commit 标题"
|
|
462
|
+
|
|
463
|
+
# 仅预览,只校验守卫、不改任何文件:
|
|
464
|
+
node scripts/release.mjs patch -m "..." --dry-run
|
|
465
|
+
```
|
|
466
|
+
|
|
467
|
+
- `-m` 里**不要**自带 `(vX.Y.Z)` 后缀,脚本会自动追加。
|
|
468
|
+
- Windows PowerShell 下请直接用 `node` 调用——`npm run release -- -m ...` 会把 `-m` 参数吞掉。
|
|
469
|
+
|
|
470
|
+
**脚本执行顺序:**
|
|
471
|
+
|
|
472
|
+
1. **Guard A** —— 断言 `CLAUDE.md` 已含 `(vX.Y.Z)` 里程碑条目。
|
|
473
|
+
2. bump **三处**版本号:`package.json`、`src/core/constants.ts`(`VERSION`)、`CLAUDE.md`(`**当前版本**`)。
|
|
474
|
+
3. **Guard B** —— 从磁盘重读这三处,逐一断言都真的改到了。
|
|
475
|
+
4. **Guard C** —— `tsc --noEmit` 必须零错误(失败则回滚版本号)。
|
|
476
|
+
5. `npm test` 必须全绿(失败则回滚版本号)。
|
|
477
|
+
6. 打印进入发布 commit 的完整文件清单,若含疑似敏感文件(`.env`、`*.pem`、`*.key`、`secret`…)直接拦下,确认无误加 `--allow-sensitive`。
|
|
478
|
+
7. `git add -A` + commit `"<标题> (vX.Y.Z)"`(消息走 argv 传参,不经 shell 拼接)。
|
|
479
|
+
8. `npm publish`(build 经 `prepublishOnly` 自动跑),再回查 registry 确认新版本已上线。
|
|
480
|
+
9. `git push` 推送 `main`。
|
|
481
|
+
|
|
482
|
+
**可选 flag:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`。
|
|
483
|
+
|
|
444
484
|
## 文档
|
|
445
485
|
|
|
446
486
|
- [English README](README.md) — English documentation
|
|
@@ -1,9 +1,9 @@
|
|
|
1
1
|
#!/usr/bin/env node
|
|
2
2
|
import {
|
|
3
3
|
ConfigManager
|
|
4
|
-
} from "./chunk-
|
|
4
|
+
} from "./chunk-UOROWTGG.js";
|
|
5
5
|
import "./chunk-TZQHYZKT.js";
|
|
6
|
-
import "./chunk-
|
|
6
|
+
import "./chunk-E5XCM4A6.js";
|
|
7
7
|
import {
|
|
8
8
|
atomicWriteFileSync
|
|
9
9
|
} from "./chunk-IW3Q7AE5.js";
|