jinzd-ai-cli 0.4.210 → 0.4.212

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (27) hide show
  1. package/README.md +122 -1
  2. package/README.zh-CN.md +63 -0
  3. package/dist/{batch-MFPYHOIL.js → batch-WIKFEOAZ.js} +2 -2
  4. package/dist/{chat-index-UBCWHBLR.js → chat-index-R2E27VXN.js} +1 -1
  5. package/dist/{chunk-GRJNQJA5.js → chunk-GBBVCZ4W.js} +1 -1
  6. package/dist/{chunk-7JWT3KXO.js → chunk-HW2ALWQJ.js} +2 -2
  7. package/dist/{chunk-E2ZWWE6Q.js → chunk-HX6N6QEY.js} +1 -1
  8. package/dist/{chunk-DJ35G5VO.js → chunk-IFZX26K7.js} +1 -1
  9. package/dist/{chunk-HZQVX7VF.js → chunk-KE4B3NOQ.js} +1 -1
  10. package/dist/{chunk-NWP7C6CC.js → chunk-LU6FBJQ5.js} +1 -1
  11. package/dist/{chunk-NEPFADHX.js → chunk-N5LB3PPL.js} +567 -87
  12. package/dist/{chunk-P6MTFCXB.js → chunk-NYCBOVNF.js} +62 -5
  13. package/dist/{chunk-W7UKO3PS.js → chunk-OQGVGPEK.js} +5 -0
  14. package/dist/{ci-QLJUDLMY.js → ci-X3LNUFZV.js} +2 -2
  15. package/dist/{constants-47OR72MV.js → constants-KDWG4KR4.js} +1 -1
  16. package/dist/{doctor-cli-32COMA5K.js → doctor-cli-TJTWIW7U.js} +4 -4
  17. package/dist/electron-server.js +947 -280
  18. package/dist/{hub-3NWJUCLK.js → hub-JWSV4MKC.js} +1 -1
  19. package/dist/index.js +160 -18
  20. package/dist/{run-tests-NT2UIUVB.js → run-tests-D7YBY4XB.js} +1 -1
  21. package/dist/{run-tests-UT7RZ7Y3.js → run-tests-H4Q2PRX6.js} +2 -2
  22. package/dist/{server-AIHVMLNU.js → server-OFKGDRYI.js} +4 -4
  23. package/dist/{server-E5D54DIZ.js → server-VNCN7AY5.js} +187 -29
  24. package/dist/{task-orchestrator-BFDSTSOH.js → task-orchestrator-AL2E642M.js} +4 -4
  25. package/dist/{usage-P4B2RZKL.js → usage-LB6REWPO.js} +2 -2
  26. package/dist/web/client/app.js +1 -1
  27. package/package.json +1 -1
package/README.md CHANGED
@@ -329,7 +329,88 @@ Control when tools require confirmation. Rules are checked in order — first ma
329
329
  | `action` | `auto-approve` (skip confirmation), `deny` (block), `confirm` (ask user) |
330
330
  | `when.dangerLevel` | Only match when danger level is `safe`, `write`, or `destructive` |
331
331
  | `when.pathPattern` | Substring match against tool's `path` or `command` argument |
332
-
332
+
333
+ ### Permission Profiles
334
+
335
+ Permission profiles provide coarse-grained safety boundaries before fine-grained `permissionRules` run. The default profile is `legacy`, so existing configs keep their old behavior.
336
+
337
+ Built-in profiles:
338
+
339
+ | Profile | Behavior |
340
+ |---------|----------|
341
+ | `legacy` | Backward-compatible mode. Uses `permissionRules` and `defaultPermission` as before. |
342
+ | `read-only` | Allows known read-only/safe tools and safe MCP tools; blocks write and destructive tools. |
343
+ | `workspace-write` | Allows explicit file writes only inside the workspace roots or temp dirs; destructive tools still require confirmation. |
344
+ | `danger-full-access` | Auto-approves non-destructive tools by default; destructive tools still require confirmation. Use only in isolated environments. |
345
+
346
+ ```json
347
+ {
348
+ "defaultPermissionProfile": "workspace-write",
349
+ "allowedPermissionProfiles": ["legacy", "read-only", "workspace-write", "danger-full-access"],
350
+ "permissionProfiles": {
351
+ "workspace-write": {
352
+ "workspaceRoots": ["D:/github/ai-cli"],
353
+ "allowTemp": true,
354
+ "rules": [
355
+ { "tool": "read_file", "action": "auto-approve" },
356
+ { "tool": "list_dir", "action": "auto-approve" }
357
+ ]
358
+ }
359
+ },
360
+ "permissionRules": [
361
+ { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } }
362
+ ]
363
+ }
364
+ ```
365
+
366
+ `/status` and `/security status` show the active profile. The Web status payload also includes `permissionProfile` for UI surfaces.
367
+ ### Network Policy
368
+
369
+ `networkPolicy` is disabled by default for backward compatibility. When enabled, it governs network-facing tools before execution: `web_fetch`, `web_search`, `google_search`, MCP tools, and shell commands that look like network access (`curl`, `wget`, `git clone/fetch/pull/push`, package installs, SSH/SCP, etc.).
370
+
371
+ ```json
372
+ {
373
+ "networkPolicy": {
374
+ "enabled": true,
375
+ "defaultAction": "confirm",
376
+ "allowDomains": ["github.com", "docs.anthropic.com", "platform.openai.com"],
377
+ "denyDomains": ["example-danger.test"],
378
+ "allowPrivateNetwork": false,
379
+ "tools": {
380
+ "web_fetch": "confirm",
381
+ "web_search": "allow",
382
+ "google_search": "confirm",
383
+ "shell": "confirm",
384
+ "mcp": "confirm"
385
+ }
386
+ }
387
+ }
388
+ ```
389
+
390
+ Actions are `allow`, `confirm`, or `deny`. Domain entries match the exact host or subdomains; port lists match the resolved URL port. Private/internal hosts such as `localhost`, `127.0.0.1`, `10.0.0.0/8`, `192.168.0.0/16`, and private IPv6 ranges are blocked unless `allowPrivateNetwork` is true.
391
+ ### Trusted Hooks Lifecycle
392
+
393
+ Legacy `preToolExecution` / `postToolExecution` hooks still work. New lifecycle hooks live under `hooks.events.<EventName>` and receive a JSON payload through `AICLI_HOOK_EVENT_JSON`; if the command prints JSON, ai-cli reads decisions such as `allow`, `deny`, `ask`, `warning`, or `warnings`.
394
+
395
+ ```json
396
+ {
397
+ "hooks": {
398
+ "events": {
399
+ "PreToolUse": {
400
+ "command": "node ./scripts/aicli-pre-tool-hook.mjs",
401
+ "source": "project",
402
+ "description": "Block unsafe local commands"
403
+ },
404
+ "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
405
+ "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
406
+ }
407
+ }
408
+ }
409
+ ```
410
+
411
+ Supported lifecycle names are `SessionStart`, `UserPromptSubmit`, `PreToolUse`, `PermissionRequest`, `PostToolUse`, `PreCompact`, `PostCompact`, `Stop`, `SubagentStart`, and `SubagentStop`. Project-sourced hooks must be trusted before execution; ai-cli stores trust records locally under the user config directory, keyed by hook hash, so changing hook content requires re-trust.
412
+
413
+ Use `/hooks list`, `/hooks inspect <id>`, `/hooks trust <id>`, `/hooks untrust <id>`, and `/hooks disable` to manage them. `/status`, `/security status`, and Web status show pending project hooks that require trust.
333
414
  **Recommended minimal config** — auto-approve all read-only tools to reduce y/N prompts:
334
415
 
335
416
  ```json
@@ -422,6 +503,46 @@ npm run test:watch # Watch mode
422
503
 
423
504
  79 offline test files covering: authentication, sessions, tool types & danger levels, permissions, output truncation, diff rendering, edit-file similarity, error hierarchy, config management, env loading, provider registry, web-fetch, grep-files, hub renderer, hub discussion, hub presets, dev-state, token estimator, tool registry budget, parallel tool execution, cost tracker, session tool history.
424
505
 
506
+ ## Releasing (Version Bump → npm Publish → GitHub Push)
507
+
508
+ > **For contributors and AI agents: the entire release is driven by [`scripts/release.mjs`](scripts/release.mjs). Never manually bump the version or run `npm publish` yourself** — a hand-publish of `0.4.207` shipped a version that reported the wrong number and forced a corrective re-release (`0.4.208`). The script's guards exist precisely to stop that.
509
+
510
+ **Prerequisites**
511
+
512
+ - You are on the `main` branch and the changes to ship are already in the working tree.
513
+ - `npx tsc --noEmit` is clean and `npm test` is green (the script enforces both and rolls the bump back on failure).
514
+ - You are logged into npm as the package owner (`npm whoami`).
515
+ - You have push access to the GitHub remote.
516
+
517
+ **Step 1 — Write the milestone entry FIRST (Guard A).** Add a one-line entry to the `## 最近里程碑` section of [`CLAUDE.md`](CLAUDE.md) that contains the exact full-width-parenthesis marker `(vX.Y.Z)` for the target version. The script refuses to start without it. (Full narrative goes in `CHANGELOG.md`; this section is just the index line.)
518
+
519
+ **Step 2 — Run the release script.**
520
+
521
+ ```bash
522
+ # patch: 0.4.209 → 0.4.210 (also accepts: minor / major / an explicit x.y.z)
523
+ node scripts/release.mjs patch -m "fix(scope): one-line commit title"
524
+
525
+ # preview only — validates guards, writes nothing:
526
+ node scripts/release.mjs patch -m "..." --dry-run
527
+ ```
528
+
529
+ - Do **not** put a `(vX.Y.Z)` suffix in `-m`; the script appends it automatically.
530
+ - On Windows PowerShell, call `node` directly — `npm run release -- -m ...` swallows the `-m` argument.
531
+
532
+ **What the script does, in order:**
533
+
534
+ 1. **Guard A** — asserts `CLAUDE.md` contains the `(vX.Y.Z)` milestone entry.
535
+ 2. Bumps the version in **three** places: `package.json`, `src/core/constants.ts` (`VERSION`), and `CLAUDE.md` (`**当前版本**`).
536
+ 3. **Guard B** — re-reads all three files from disk and asserts every bump landed.
537
+ 4. **Guard C** — `tsc --noEmit` must be zero-error (rolls the bump back on failure).
538
+ 5. `npm test` must pass (rolls the bump back on failure).
539
+ 6. Prints the exact file list entering the release commit and blocks if any looks sensitive (`.env`, `*.pem`, `*.key`, `secret`, …). Override consciously with `--allow-sensitive`.
540
+ 7. `git add -A` + commit `"<title> (vX.Y.Z)"` (message passed via argv, not shell-interpolated).
541
+ 8. `npm publish` (the build runs automatically via `prepublishOnly`), then re-queries the registry to confirm the new version is live.
542
+ 9. `git push` to `main`.
543
+
544
+ **Optional flags:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`.
545
+
425
546
  ## Documentation
426
547
 
427
548
  - [`docs/USAGE.md`](docs/USAGE.md) — Complete reference manual (commands, tools, config)
package/README.zh-CN.md CHANGED
@@ -370,6 +370,29 @@ HTTPS_PROXY=http://127.0.0.1:10809 aicli
370
370
  }
371
371
  ```
372
372
 
373
+ ### 可信 Hooks 生命周期
374
+
375
+ 旧版 `preToolExecution` / `postToolExecution` 仍然兼容。新版生命周期 hooks 配置在 `hooks.events.<EventName>` 下,通过 `AICLI_HOOK_EVENT_JSON` 接收 JSON 事件;命令 stdout 如果输出 JSON,ai-cli 会读取 `allow`、`deny`、`ask`、`warning` 或 `warnings` 等决策。
376
+
377
+ ```json
378
+ {
379
+ "hooks": {
380
+ "events": {
381
+ "PreToolUse": {
382
+ "command": "node ./scripts/aicli-pre-tool-hook.mjs",
383
+ "source": "project",
384
+ "description": "Block unsafe local commands"
385
+ },
386
+ "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
387
+ "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
388
+ }
389
+ }
390
+ }
391
+ ```
392
+
393
+ 支持的事件包括 `SessionStart`、`UserPromptSubmit`、`PreToolUse`、`PermissionRequest`、`PostToolUse`、`PreCompact`、`PostCompact`、`Stop`、`SubagentStart`、`SubagentStop`。`source: "project"` 的 hook 默认不会执行,必须通过 `/hooks trust <id>` 写入本地信任记录;命令内容变化后 hash 会变化,需要重新信任。
394
+
395
+ 使用 `/hooks list`、`/hooks inspect <id>`、`/hooks trust <id>`、`/hooks untrust <id>`、`/hooks disable` 管理 hooks。`/status`、`/security status` 和 Web 状态栏会显示待信任项目 hooks 数量。
373
396
  ### 环境变量
374
397
 
375
398
  | 变量 | 说明 |
@@ -441,6 +464,46 @@ npm run test:watch # 监听模式
441
464
 
442
465
  26 个测试套件覆盖:认证、会话、工具类型与危险级别、权限、输出截断、diff 渲染、edit-file 相似度、错误层级、配置管理、环境变量、Provider 注册、web-fetch、grep-files、Hub 渲染、Hub 讨论、Hub 预设、开发状态、Token 估算、工具注册表预算、并行工具执行、费用追踪、会话工具历史。
443
466
 
467
+ ## 发布(版本提升 → npm 发布 → 推送 GitHub)
468
+
469
+ > **给贡献者与 AI 模型:整个发布流程一律走 [`scripts/release.mjs`](scripts/release.mjs),切勿手动 bump 版本号或自己跑 `npm publish`。** 曾经手工 publish 的 `0.4.207` 装上后 `--version` 报错版本号,被迫补发 `0.4.208` 对齐——脚本的四道守卫就是为拦住这类事故而存在。
470
+
471
+ **前置条件**
472
+
473
+ - 当前在 `main` 分支,待发布的改动已在工作区。
474
+ - `npx tsc --noEmit` 零错误、`npm test` 全绿(脚本会强制校验,失败自动回滚版本号)。
475
+ - 已登录 npm 且是包的 owner(`npm whoami`)。
476
+ - 有 GitHub 远端推送权限。
477
+
478
+ **第 1 步 —— 先写里程碑条目(Guard A)。** 在 [`CLAUDE.md`](CLAUDE.md) 的 `## 最近里程碑` 一节加一行,条目中必须含目标版本的**全角括号**标记 `(vX.Y.Z)`,否则脚本拒绝启动。(完整叙事写进 `CHANGELOG.md`,本节只留一行式索引。)
479
+
480
+ **第 2 步 —— 运行发布脚本。**
481
+
482
+ ```bash
483
+ # patch:0.4.209 → 0.4.210(也支持 minor / major / 显式 x.y.z)
484
+ node scripts/release.mjs patch -m "fix(scope): 一句话 commit 标题"
485
+
486
+ # 仅预览,只校验守卫、不改任何文件:
487
+ node scripts/release.mjs patch -m "..." --dry-run
488
+ ```
489
+
490
+ - `-m` 里**不要**自带 `(vX.Y.Z)` 后缀,脚本会自动追加。
491
+ - Windows PowerShell 下请直接用 `node` 调用——`npm run release -- -m ...` 会把 `-m` 参数吞掉。
492
+
493
+ **脚本执行顺序:**
494
+
495
+ 1. **Guard A** —— 断言 `CLAUDE.md` 已含 `(vX.Y.Z)` 里程碑条目。
496
+ 2. bump **三处**版本号:`package.json`、`src/core/constants.ts`(`VERSION`)、`CLAUDE.md`(`**当前版本**`)。
497
+ 3. **Guard B** —— 从磁盘重读这三处,逐一断言都真的改到了。
498
+ 4. **Guard C** —— `tsc --noEmit` 必须零错误(失败则回滚版本号)。
499
+ 5. `npm test` 必须全绿(失败则回滚版本号)。
500
+ 6. 打印进入发布 commit 的完整文件清单,若含疑似敏感文件(`.env`、`*.pem`、`*.key`、`secret`…)直接拦下,确认无误加 `--allow-sensitive`。
501
+ 7. `git add -A` + commit `"<标题> (vX.Y.Z)"`(消息走 argv 传参,不经 shell 拼接)。
502
+ 8. `npm publish`(build 经 `prepublishOnly` 自动跑),再回查 registry 确认新版本已上线。
503
+ 9. `git push` 推送 `main`。
504
+
505
+ **可选 flag:** `--dry-run` · `--skip-tests` · `--no-publish` · `--no-push` · `--allow-sensitive`。
506
+
444
507
  ## 文档
445
508
 
446
509
  - [English README](README.md) — English documentation
@@ -1,9 +1,9 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  ConfigManager
4
- } from "./chunk-P6MTFCXB.js";
4
+ } from "./chunk-NYCBOVNF.js";
5
5
  import "./chunk-TZQHYZKT.js";
6
- import "./chunk-GRJNQJA5.js";
6
+ import "./chunk-GBBVCZ4W.js";
7
7
  import {
8
8
  atomicWriteFileSync
9
9
  } from "./chunk-IW3Q7AE5.js";
@@ -5,7 +5,7 @@ import {
5
5
  getChatIndexStatus,
6
6
  loadChatIndex,
7
7
  searchChatMemory
8
- } from "./chunk-W7UKO3PS.js";
8
+ } from "./chunk-OQGVGPEK.js";
9
9
  import "./chunk-JV5N65KN.js";
10
10
  import "./chunk-6BUTA5VW.js";
11
11
  export {
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
 
3
3
  // src/core/constants.ts
4
- var VERSION = "0.4.210";
4
+ var VERSION = "0.4.212";
5
5
  var APP_NAME = "ai-cli";
6
6
  var CONFIG_DIR_NAME = ".aicli";
7
7
  var CONFIG_FILE_NAME = "config.json";
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  truncateForPersist
4
- } from "./chunk-NEPFADHX.js";
4
+ } from "./chunk-N5LB3PPL.js";
5
5
  import {
6
6
  APP_NAME,
7
7
  CONFIG_DIR_NAME,
@@ -13,7 +13,7 @@ import {
13
13
  MCP_PROTOCOL_VERSION,
14
14
  MCP_TOOL_PREFIX,
15
15
  VERSION
16
- } from "./chunk-GRJNQJA5.js";
16
+ } from "./chunk-GBBVCZ4W.js";
17
17
  import {
18
18
  atomicWriteFileSync
19
19
  } from "./chunk-IW3Q7AE5.js";
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  TEST_TIMEOUT
4
- } from "./chunk-GRJNQJA5.js";
4
+ } from "./chunk-GBBVCZ4W.js";
5
5
 
6
6
  // src/tools/builtin/run-tests.ts
7
7
  import { execSync, spawnSync } from "child_process";
@@ -1,7 +1,7 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  CONFIG_DIR_NAME
4
- } from "./chunk-GRJNQJA5.js";
4
+ } from "./chunk-GBBVCZ4W.js";
5
5
  import {
6
6
  atomicWriteFileSync
7
7
  } from "./chunk-IW3Q7AE5.js";
@@ -6,7 +6,7 @@ import { platform } from "os";
6
6
  import chalk from "chalk";
7
7
 
8
8
  // src/core/constants.ts
9
- var VERSION = "0.4.210";
9
+ var VERSION = "0.4.212";
10
10
  var APP_NAME = "ai-cli";
11
11
  var CONFIG_DIR_NAME = ".aicli";
12
12
  var CONFIG_FILE_NAME = "config.json";
@@ -2,7 +2,7 @@
2
2
  import {
3
3
  CONFIG_DIR_NAME,
4
4
  VERSION
5
- } from "./chunk-GRJNQJA5.js";
5
+ } from "./chunk-GBBVCZ4W.js";
6
6
 
7
7
  // src/diagnostics/crash-log.ts
8
8
  import {