jinzd-ai-cli 0.4.215 → 0.4.217

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (31) hide show
  1. package/README.md +5 -2
  2. package/dist/{batch-74H5SA7P.js → batch-YCOVKTXD.js} +2 -2
  3. package/dist/{chat-index-R2E27VXN.js → chat-index-PS274XM7.js} +1 -1
  4. package/dist/{chunk-ZOF5NFKW.js → chunk-524WZOKS.js} +1 -1
  5. package/dist/{ci-3ALK2XJN.js → chunk-KOPUCJXM.js} +40 -46
  6. package/dist/{chunk-6C3JYNM6.js → chunk-MGBMNCHG.js} +279 -54
  7. package/dist/{chunk-KL7UBVSQ.js → chunk-OUAZOE5U.js} +2 -2
  8. package/dist/{chunk-RS4WBI73.js → chunk-QAYOI57M.js} +3 -1
  9. package/dist/{chunk-X6OXS7KU.js → chunk-SNJAOXFT.js} +1 -1
  10. package/dist/{chunk-OQGVGPEK.js → chunk-VHY6NVMQ.js} +2 -0
  11. package/dist/{chunk-3TSHNZKI.js → chunk-VTH7BLXK.js} +1 -1
  12. package/dist/{chunk-2224JGA6.js → chunk-WKOQ5CYC.js} +1 -1
  13. package/dist/chunk-WZ3VKLF3.js +105 -0
  14. package/dist/{chunk-7JES2NWR.js → chunk-XJGEQIYS.js} +3 -1
  15. package/dist/ci-52RZIYWB.js +19 -0
  16. package/dist/ci-format-73UXKE65.js +18 -0
  17. package/dist/{constants-IN2HXJK7.js → constants-DIXAD35W.js} +3 -1
  18. package/dist/{doctor-cli-7XL4TCVT.js → doctor-cli-7GOQPULZ.js} +4 -4
  19. package/dist/electron-server.js +562 -318
  20. package/dist/{hub-VAOG5EY6.js → hub-GIGBITZN.js} +1 -1
  21. package/dist/index.js +169 -73
  22. package/dist/pr-KPQ5RPKB.js +267 -0
  23. package/dist/{run-tests-J2JQ57R3.js → run-tests-K7QR5QN4.js} +1 -1
  24. package/dist/{run-tests-QJD43AML.js → run-tests-ZDSA3QES.js} +2 -2
  25. package/dist/{server-WDLV3W4F.js → server-22YF3U34.js} +5 -4
  26. package/dist/{server-VGPZOISQ.js → server-QT3SC2KI.js} +129 -86
  27. package/dist/{task-orchestrator-QFOCO3N7.js → task-orchestrator-BHQQCVTY.js} +5 -4
  28. package/dist/{usage-IEB476NE.js → usage-WZZFSFLM.js} +2 -2
  29. package/dist/web/client/app.js +53 -2
  30. package/dist/web/client/index.html +11 -1
  31. package/package.json +1 -1
package/README.md CHANGED
@@ -33,7 +33,8 @@
33
33
  - **Semantic Code Search** *(v0.4.77+)* — `search_code` tool finds code by meaning, not name. Local sentence embeddings (multilingual MiniLM, 117 MB one-time download) score symbols by cosine similarity against natural-language queries in English or Chinese ("where are users authenticated", "哪里做了速率限制"). No API key, runs on CPU. Manage with `/index semantic-rebuild|semantic-clear`
34
34
  - **MCP Server Mode** *(v0.4.84+)* — `aicli mcp-serve` reverses ai-cli into an MCP server (JSON-RPC 2.0 over stdio), exposing its 28 built-in tools (incl. `find_symbol` / `search_code` / `run_tests`) to Claude Desktop / Cursor / any MCP client. Opt-in destructive-tool allow, `--tools` whitelist, `--cwd` override
35
35
  - **Session Sensitive-Data Redaction** *(v0.4.88+)* — unified redactor scrubs `password=` / `api_key` / bearer tokens / OpenAI-style keys from every message **before it hits disk**. Query text is redacted too, so secrets never reach embeddings or logs. `/security status` + `/security scan` to audit
36
- - **Human-like Long-Term Memory** *(v0.4.89+, B4)* — semantic index over every past chat session + `recall_memory` AI tool + `/memory rebuild|refresh|status|recall` commands. AI is prompted to auto-recall when it sees "last time" / "之前" / ambiguous references. Reuses the same MiniLM embedder as semantic code search
36
+ - **Human-like Long-Term Memory** *(v0.4.89+, B4)* — semantic index over every past chat session + `recall_memory` AI tool + `/memory rebuild|refresh|status|recall` commands. AI is prompted to auto-recall when it sees "last time" / "之前" / ambiguous references. Reuses the same MiniLM embedder as semantic code search
37
+ - **Governed Persistent Memory** *(v0.4.217+)* — `save_memory` and `/memory add` write auditable `memory.jsonl` entries with id/scope/source/sensitivity/approval/expiry; low-risk entries auto-approve, sensitive entries stay pending until `/memory approve <id>`, and project-scoped memories only inject inside the same project
37
38
  - **Web UI Memory Panel** *(v0.4.90+, B4)* — new 🧠 Memory sidebar tab with semantic search across past chats; each hit has **➕ Inject** (quotes the snippet into the chat input as a markdown blockquote so you can review/edit before sending — no silent context injection) and **↗ Load** (jumps to source session). Bulk "Inject top 3" for recall bundles
38
39
  - **Streaming Tool Use** — Real-time streaming of AI reasoning and tool calls as they happen
39
40
  - **Sub-Agents** — Delegate complex subtasks to isolated child agents with independent tool loops
@@ -47,6 +48,8 @@
47
48
  - **Headless Mode** — `ai-cli -p "prompt"` for CI/CD pipelines and scripting
48
49
  - **44 REPL Commands** — Session management, checkpointing, code review, security review/scan, rewind, scaffolding, cross-session history search, chat-memory recall, smart model routing (`/route`), and more
49
50
  - **GitHub Actions CI/CD** — Automated testing on Node 20/22 + npm publish on release tags
51
+ - **PR Review CLI** *(v0.4.216+)* — `aicli pr review|security-review|summarize` reviews `main...HEAD`, custom `--base/--head`, or GitHub PR URLs; optional `--agents security,bugs,tests,maintainability`; never posts comments unless `--post` is explicit
52
+ - **CI Review Artifacts** *(v0.4.216+)* — `aicli ci` emits Markdown, JSON, or SARIF and gates on security-high, test-failure, and lint-failure findings in read-only review mode
50
53
  - **Cross-Platform** — Windows, macOS, Linux
51
54
 
52
55
  ## Installation
@@ -168,7 +171,7 @@ AI autonomously invokes these 27 tools during conversations:
168
171
  | `run_tests` | safe | Auto-detect and run project tests (JUnit XML parsing) |
169
172
  | `spawn_agent` | safe | Delegate subtasks to named isolated agents (`agent`: explorer/worker/reviewer/security/tester) |
170
173
  | `ask_user` | safe | Pause and ask the user a question |
171
- | `save_memory` | safe | Persist important info across sessions |
174
+ | `save_memory` | safe | Persist governed memory across sessions; sensitive entries require `/memory approve <id>` |
172
175
  | `write_todos` | safe | Task breakdown with live progress rendering |
173
176
  | `save_last_response` | write | Save AI response to file |
174
177
  | `task_create` | write | Start a command running in the background |
@@ -1,9 +1,9 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  ConfigManager
4
- } from "./chunk-2224JGA6.js";
4
+ } from "./chunk-WKOQ5CYC.js";
5
5
  import "./chunk-TZQHYZKT.js";
6
- import "./chunk-7JES2NWR.js";
6
+ import "./chunk-XJGEQIYS.js";
7
7
  import {
8
8
  atomicWriteFileSync
9
9
  } from "./chunk-IW3Q7AE5.js";
@@ -5,7 +5,7 @@ import {
5
5
  getChatIndexStatus,
6
6
  loadChatIndex,
7
7
  searchChatMemory
8
- } from "./chunk-OQGVGPEK.js";
8
+ } from "./chunk-VHY6NVMQ.js";
9
9
  import "./chunk-JV5N65KN.js";
10
10
  import "./chunk-6BUTA5VW.js";
11
11
  export {
@@ -2,7 +2,7 @@
2
2
  import {
3
3
  CONFIG_DIR_NAME,
4
4
  VERSION
5
- } from "./chunk-7JES2NWR.js";
5
+ } from "./chunk-XJGEQIYS.js";
6
6
 
7
7
  // src/diagnostics/crash-log.ts
8
8
  import {
@@ -1,4 +1,8 @@
1
1
  #!/usr/bin/env node
2
+ import {
3
+ evaluateCiGate,
4
+ normalizeCiThresholds
5
+ } from "./chunk-WZ3VKLF3.js";
2
6
  import {
3
7
  buildReviewPrompt,
4
8
  buildSecurityReviewPrompt,
@@ -7,19 +11,30 @@ import {
7
11
  import {
8
12
  ProviderRegistry
9
13
  } from "./chunk-QMXC327F.js";
10
- import "./chunk-XPBEJB27.js";
11
14
  import {
12
15
  ConfigManager
13
- } from "./chunk-2224JGA6.js";
14
- import "./chunk-TZQHYZKT.js";
16
+ } from "./chunk-WKOQ5CYC.js";
15
17
  import {
16
18
  VERSION
17
- } from "./chunk-7JES2NWR.js";
18
- import "./chunk-IW3Q7AE5.js";
19
+ } from "./chunk-XJGEQIYS.js";
19
20
 
20
21
  // src/cli/ci.ts
21
22
  import { execFileSync } from "child_process";
22
23
  var CI_COMMENT_MARKER = "<!-- aicli-ci-review -->";
24
+ function zeroSeverity() {
25
+ return { critical: 0, high: 0, warning: 0, info: 0 };
26
+ }
27
+ function earlyResult(exitCode, markdown, thresholds) {
28
+ const gate = evaluateCiGate(markdown, thresholds);
29
+ return {
30
+ exitCode: exitCode === 0 && gate.failed ? 1 : exitCode,
31
+ markdown,
32
+ posted: false,
33
+ severity: zeroSeverity(),
34
+ gate,
35
+ meta: { mode: "read-only", thresholds }
36
+ };
37
+ }
23
38
  function fetchDiff(opts) {
24
39
  if (opts.diffOverride != null) return opts.diffOverride;
25
40
  if (opts.pr != null) {
@@ -48,9 +63,7 @@ function fetchDiff(opts) {
48
63
  throw new Error("aicli ci: must supply --pr <num> or --base <ref> to determine the diff source");
49
64
  }
50
65
  function validateGitRef(ref) {
51
- if (!/^[A-Za-z0-9._/\-]+$/.test(ref)) {
52
- throw new Error(`unsafe ref: ${ref}`);
53
- }
66
+ if (!/^[A-Za-z0-9._/\-]+$/.test(ref)) throw new Error(`unsafe ref: ${ref}`);
54
67
  }
55
68
  function buildGitContextStr(opts) {
56
69
  const parts = [];
@@ -62,6 +75,7 @@ function buildGitContextStr(opts) {
62
75
  } catch {
63
76
  }
64
77
  parts.push(`Reviewer: aicli v${VERSION}`);
78
+ parts.push("Mode: read-only CI review (no tools executed)");
65
79
  return parts.join(" | ");
66
80
  }
67
81
  function countSeverity(md) {
@@ -118,9 +132,7 @@ ${CI_COMMENT_MARKER}`;
118
132
  function gqlIdToRest(graphqlId) {
119
133
  if (/^\d+$/.test(graphqlId)) return graphqlId;
120
134
  const query = `query($id:ID!){ node(id:$id){ ... on IssueComment { databaseId } } }`;
121
- const out = execFileSync("gh", ["api", "graphql", "-f", `query=${query}`, "-F", `id=${graphqlId}`], {
122
- encoding: "utf-8"
123
- });
135
+ const out = execFileSync("gh", ["api", "graphql", "-f", `query=${query}`, "-F", `id=${graphqlId}`], { encoding: "utf-8" });
124
136
  const parsed = JSON.parse(out);
125
137
  const id = parsed.data?.node?.databaseId;
126
138
  if (!id) throw new Error(`could not resolve comment id ${graphqlId}`);
@@ -128,25 +140,14 @@ function gqlIdToRest(graphqlId) {
128
140
  }
129
141
  async function runCi(opts) {
130
142
  const maxDiff = opts.maxDiffChars ?? 3e4;
143
+ const thresholds = normalizeCiThresholds(opts.thresholds);
131
144
  let diff;
132
145
  try {
133
146
  diff = fetchDiff(opts).trim();
134
147
  } catch (err) {
135
- return {
136
- exitCode: 2,
137
- markdown: `\u274C ${err.message}`,
138
- posted: false,
139
- severity: { critical: 0, high: 0, warning: 0, info: 0 }
140
- };
141
- }
142
- if (!diff) {
143
- return {
144
- exitCode: 0,
145
- markdown: "\u2705 No changes to review.",
146
- posted: false,
147
- severity: { critical: 0, high: 0, warning: 0, info: 0 }
148
- };
148
+ return earlyResult(2, `\u274C ${err.message}`, thresholds);
149
149
  }
150
+ if (!diff) return earlyResult(0, "\u2705 No changes to review.", thresholds);
150
151
  const { diff: trimmedDiff, truncated } = truncateDiff(diff, maxDiff);
151
152
  const gitCtx = buildGitContextStr(opts);
152
153
  const config = new ConfigManager();
@@ -162,18 +163,14 @@ async function runCi(opts) {
162
163
  );
163
164
  const providerId = opts.provider ?? config.getDefaultProvider();
164
165
  if (!registry.has(providerId)) {
165
- return {
166
- exitCode: 2,
167
- markdown: `\u274C Provider '${providerId}' is not configured. Set the right AICLI_API_KEY_* env var or pass --provider.`,
168
- posted: false,
169
- severity: { critical: 0, high: 0, warning: 0, info: 0 }
170
- };
166
+ return earlyResult(2, `\u274C Provider '${providerId}' is not configured. Set the right AICLI_API_KEY_* env var or pass --provider.`, thresholds);
171
167
  }
172
168
  const providerInfo = registry.get(providerId).info;
173
169
  const modelId = opts.model ?? config.get("defaultModels")[providerId] ?? providerInfo.defaultModel;
170
+ const meta = { provider: providerId, model: modelId, mode: "read-only", thresholds };
174
171
  const sections = [];
175
- sections.push(`## \u{1F916} aicli code review`);
176
- sections.push(`*Provider: \`${providerId}\` \xB7 Model: \`${modelId}\` \xB7 aicli v${VERSION}*`);
172
+ sections.push("## \u{1F916} aicli code review");
173
+ sections.push(`*Provider: \`${providerId}\` \xB7 Model: \`${modelId}\` \xB7 Mode: \`read-only CI review\` \xB7 aicli v${VERSION}*`);
177
174
  sections.push("");
178
175
  try {
179
176
  if (!opts.skipCode) {
@@ -195,14 +192,15 @@ async function runCi(opts) {
195
192
  exitCode: 2,
196
193
  markdown: `\u274C Review call failed: ${err.message}`,
197
194
  posted: false,
198
- severity: { critical: 0, high: 0, warning: 0, info: 0 }
195
+ severity: zeroSeverity(),
196
+ gate: evaluateCiGate("", thresholds),
197
+ meta
199
198
  };
200
199
  }
201
- if (truncated) {
202
- sections.push(`> \u26A0 Diff was truncated to ${maxDiff} chars (original: ${diff.length}). Consider splitting large PRs.`);
203
- }
200
+ if (truncated) sections.push(`> \u26A0 Diff was truncated to ${maxDiff} chars (original: ${diff.length}). Consider splitting large PRs.`);
204
201
  const markdown = sections.join("\n");
205
202
  const severity = countSeverity(markdown);
203
+ const gate = evaluateCiGate(markdown, thresholds);
206
204
  let posted = false;
207
205
  let updatedCommentId;
208
206
  if (opts.post && opts.pr != null && !opts.dryRun) {
@@ -219,19 +217,15 @@ async function runCi(opts) {
219
217
 
220
218
  \u274C Failed to post comment: ${err.message}`,
221
219
  posted: false,
222
- severity
220
+ severity,
221
+ gate,
222
+ meta
223
223
  };
224
224
  }
225
225
  }
226
- const hasBlocker = severity.critical > 0 || severity.high > 0;
227
- return {
228
- exitCode: hasBlocker ? 1 : 0,
229
- markdown,
230
- posted,
231
- updatedCommentId,
232
- severity
233
- };
226
+ return { exitCode: gate.failed ? 1 : 0, markdown, posted, updatedCommentId, severity, gate, meta };
234
227
  }
228
+
235
229
  export {
236
230
  CI_COMMENT_MARKER,
237
231
  countSeverity,