jinzd-ai-cli 0.4.218 → 0.4.220

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (33) hide show
  1. package/README.md +102 -99
  2. package/README.zh-CN.md +40 -38
  3. package/dist/{batch-7V7OTMUP.js → batch-QBSKTLTO.js} +3 -3
  4. package/dist/{chunk-TZQHYZKT.js → chunk-5ULLIOVC.js} +1 -0
  5. package/dist/{chunk-P4VBLXKS.js → chunk-5WBNXYDJ.js} +2 -2
  6. package/dist/chunk-ALQN7VUJ.js +604 -0
  7. package/dist/{chunk-C2Z42DI5.js → chunk-CAUHLHDR.js} +1 -1
  8. package/dist/{chunk-GX3HSGJX.js → chunk-IZW5LMI6.js} +166 -638
  9. package/dist/chunk-P3LKFA54.js +639 -0
  10. package/dist/{chunk-5CA2TJ5F.js → chunk-P4DYAGUI.js} +1 -1
  11. package/dist/{chunk-L4UREAID.js → chunk-P4PTXCHY.js} +6 -5
  12. package/dist/{chunk-QMXC327F.js → chunk-PUBCJF7E.js} +213 -175
  13. package/dist/{chunk-NTCB7CMT.js → chunk-QZYNRCPX.js} +1 -1
  14. package/dist/{chunk-H2UIHGHH.js → chunk-VHX7KZDY.js} +29 -189
  15. package/dist/{chunk-VGFTM3XT.js → chunk-Y25MSSUP.js} +1 -1
  16. package/dist/{ci-L6GH2WVC.js → ci-5SNXGM3M.js} +6 -6
  17. package/dist/{ci-format-WW7454AY.js → ci-format-57QQTHQE.js} +2 -2
  18. package/dist/{constants-NCTFSHDU.js → constants-ML5KFEOH.js} +1 -1
  19. package/dist/doctor-cli-ZRH3XZ3R.js +17 -0
  20. package/dist/electron-server.js +836 -470
  21. package/dist/{hub-CDL6T7CP.js → hub-IPLMJ6TJ.js} +1 -1
  22. package/dist/index.js +125 -194
  23. package/dist/{pr-D6PEKEGK.js → pr-GJYDAPK4.js} +8 -7
  24. package/dist/{run-tests-NXVVKAK2.js → run-tests-GK5AIAV2.js} +1 -1
  25. package/dist/{run-tests-SWU2XEV7.js → run-tests-KLQAI5CX.js} +2 -2
  26. package/dist/{server-WUT7VYTD.js → server-5FZDALHH.js} +10 -10
  27. package/dist/{server-LHYSS6CK.js → server-RU36PRSH.js} +74 -83
  28. package/dist/{task-orchestrator-C5AA2BI5.js → task-orchestrator-JMHPVNUO.js} +10 -10
  29. package/dist/{usage-6ZUUJBI2.js → usage-IRMRCCKN.js} +3 -3
  30. package/package.json +1 -1
  31. package/dist/chunk-MWKE2TNS.js +0 -129
  32. package/dist/chunk-OUC75QCF.js +0 -166
  33. package/dist/doctor-cli-EWMFBP5Q.js +0 -226
package/README.md CHANGED
@@ -11,7 +11,7 @@
11
11
  [![GitHub Release](https://img.shields.io/github/v/release/jinzhengdong/ai-cli)](https://github.com/jinzhengdong/ai-cli/releases)
12
12
  [![CI](https://github.com/jinzhengdong/ai-cli/actions/workflows/ci.yml/badge.svg)](https://github.com/jinzhengdong/ai-cli/actions/workflows/ci.yml)
13
13
 
14
- **ai-cli** is a powerful AI assistant that connects to 9 providers (including local Ollama models) and executes tasks autonomously through agentic tool calling. Use it as a terminal REPL, a browser-based Web UI, or a standalone Electron desktop app.
14
+ **ai-cli** is a powerful AI assistant that connects to 10 providers (including local Ollama models) and executes tasks autonomously through agentic tool calling. Use it as a terminal REPL, a browser-based Web UI, or a standalone Electron desktop app.
15
15
 
16
16
  <p align="center">
17
17
  <img src="https://img.shields.io/badge/CLI-Terminal-blue" alt="CLI" />
@@ -21,7 +21,7 @@
21
21
 
22
22
  ## Highlights
23
23
 
24
- - **9 Built-in Providers** — Claude, Gemini, DeepSeek, OpenAI, Zhipu GLM, Kimi, **MiniMax (海螺)**, OpenRouter (300+ models), **Ollama** (local models, no API key needed)
24
+ - **10 Built-in Providers** — Claude, Gemini, DeepSeek, OpenAI, Zhipu GLM, Kimi, Qwen, **MiniMax (海螺)**, OpenRouter (300+ models), **Ollama** (local models, no API key needed)
25
25
  - **3 Interfaces** — Terminal CLI, browser Web UI (`aicli web`), Electron desktop app
26
26
  - **Agentic Tool Calling** — AI autonomously runs shell commands, reads/writes files, searches code, fetches web, runs tests (default 200 rounds, configurable up to 10000 via `config.maxToolRounds` or `--max-tool-rounds`)
27
27
  - **Prompt Caching** *(v0.4.70+)* — System prompt split into stable/volatile halves so Claude caches the stable part with `cache_control: ephemeral`; cached tokens bill at ~10% of the input price
@@ -33,8 +33,8 @@
33
33
  - **Semantic Code Search** *(v0.4.77+)* — `search_code` tool finds code by meaning, not name. Local sentence embeddings (multilingual MiniLM, 117 MB one-time download) score symbols by cosine similarity against natural-language queries in English or Chinese ("where are users authenticated", "哪里做了速率限制"). No API key, runs on CPU. Manage with `/index semantic-rebuild|semantic-clear`
34
34
  - **MCP Server Mode** *(v0.4.84+)* — `aicli mcp-serve` reverses ai-cli into an MCP server (JSON-RPC 2.0 over stdio), exposing its 28 built-in tools (incl. `find_symbol` / `search_code` / `run_tests`) to Claude Desktop / Cursor / any MCP client. Opt-in destructive-tool allow, `--tools` whitelist, `--cwd` override
35
35
  - **Session Sensitive-Data Redaction** *(v0.4.88+)* — unified redactor scrubs `password=` / `api_key` / bearer tokens / OpenAI-style keys from every message **before it hits disk**. Query text is redacted too, so secrets never reach embeddings or logs. `/security status` + `/security scan` to audit
36
- - **Human-like Long-Term Memory** *(v0.4.89+, B4)* — semantic index over every past chat session + `recall_memory` AI tool + `/memory rebuild|refresh|status|recall` commands. AI is prompted to auto-recall when it sees "last time" / "之前" / ambiguous references. Reuses the same MiniLM embedder as semantic code search
37
- - **Governed Persistent Memory** *(v0.4.217+)* — `save_memory` and `/memory add` write auditable `memory.jsonl` entries with id/scope/source/sensitivity/approval/expiry; low-risk entries auto-approve, sensitive entries stay pending until `/memory approve <id>`, and project-scoped memories only inject inside the same project
36
+ - **Human-like Long-Term Memory** *(v0.4.89+, B4)* — semantic index over every past chat session + `recall_memory` AI tool + `/memory rebuild|refresh|status|recall` commands. AI is prompted to auto-recall when it sees "last time" / "之前" / ambiguous references. Reuses the same MiniLM embedder as semantic code search
37
+ - **Governed Persistent Memory** *(v0.4.217+)* — `save_memory` and `/memory add` write auditable `memory.jsonl` entries with id/scope/source/sensitivity/approval/expiry; low-risk entries auto-approve, sensitive entries stay pending until `/memory approve <id>`, and project-scoped memories only inject inside the same project
38
38
  - **Package Plugin Ecosystem** *(v0.4.218+)* — install shareable .aicli-plugin/plugin.json packages with skills, hooks, commands, MCP servers, agents, and permission hints; only trusted+enabled plugins load, hooks still require hook trust, and MCP/tools remain under permission profiles/network policy
39
39
  - **Web UI Memory Panel** *(v0.4.90+, B4)* — new 🧠 Memory sidebar tab with semantic search across past chats; each hit has **➕ Inject** (quotes the snippet into the chat input as a markdown blockquote so you can review/edit before sending — no silent context injection) and **↗ Load** (jumps to source session). Bulk "Inject top 3" for recall bundles
40
40
  - **Streaming Tool Use** — Real-time streaming of AI reasoning and tool calls as they happen
@@ -127,10 +127,11 @@ aicli user delete x # Delete user
127
127
  | **Claude** | Opus 4, Sonnet 4, Haiku 4 | [console.anthropic.com](https://console.anthropic.com) |
128
128
  | **Gemini** | 2.5 Pro, 2.5 Flash | [aistudio.google.com](https://aistudio.google.com) |
129
129
  | **DeepSeek** | DeepSeek-Chat (V3), Reasoner (R1) | [platform.deepseek.com](https://platform.deepseek.com) |
130
- | **OpenAI** | GPT-5.4, GPT-4o, o3, o4-mini | [platform.openai.com](https://platform.openai.com) |
130
+ | **OpenAI** | GPT-5.4, GPT-5, GPT-4.1, o3, o4-mini | [platform.openai.com](https://platform.openai.com) |
131
131
  | **OpenRouter** | 300+ models (Claude, GPT, Gemini, Llama, Qwen, Mistral...) | [openrouter.ai](https://openrouter.ai) |
132
132
  | **Zhipu** | GLM-4, GLM-5 | [open.bigmodel.cn](https://open.bigmodel.cn) |
133
- | **Kimi** | Moonshot, Kimi-K2 | [platform.moonshot.cn](https://platform.moonshot.cn) |
133
+ | **Kimi** | Kimi K2.6, K2.5, K2 Thinking | [platform.moonshot.cn](https://platform.moonshot.cn) |
134
+ | **Qwen** | qwen-plus, qwen-max, qwen-turbo, qwen-coder-plus | [bailian.console.aliyun.com](https://bailian.console.aliyun.com) |
134
135
  | **Ollama** | Any locally installed model (Llama, Qwen, Gemma, Mistral...) | No API key — [ollama.com](https://ollama.com) |
135
136
 
136
137
  Any OpenAI-compatible API can also be used via `customBaseUrls` in config.
@@ -195,7 +196,7 @@ AI autonomously invokes these 27 tools during conversations:
195
196
  | Command | Description |
196
197
  |---------|-------------|
197
198
  | `/provider` | Switch AI provider |
198
- | `/model` | Switch model |
199
+ | `/model` | Switch model; `/model refresh [provider]` refreshes live model cache |
199
200
  | `/plan` | Enter read-only planning mode |
200
201
  | `/think` | Toggle Claude extended thinking |
201
202
  | `/test` | Auto-detect and run project tests |
@@ -334,98 +335,98 @@ Control when tools require confirmation. Rules are checked in order — first ma
334
335
  | `action` | `auto-approve` (skip confirmation), `deny` (block), `confirm` (ask user) |
335
336
  | `when.dangerLevel` | Only match when danger level is `safe`, `write`, or `destructive` |
336
337
  | `when.pathPattern` | Substring match against tool's `path` or `command` argument |
337
-
338
- ### Permission Profiles
339
-
340
- Permission profiles provide coarse-grained safety boundaries before fine-grained `permissionRules` run. The default profile is `legacy`, so existing configs keep their old behavior.
341
-
342
- Built-in profiles:
343
-
344
- | Profile | Behavior |
345
- |---------|----------|
346
- | `legacy` | Backward-compatible mode. Uses `permissionRules` and `defaultPermission` as before. |
347
- | `read-only` | Allows known read-only/safe tools and safe MCP tools; blocks write and destructive tools. |
348
- | `workspace-write` | Allows explicit file writes only inside the workspace roots or temp dirs; destructive tools still require confirmation. |
349
- | `danger-full-access` | Auto-approves non-destructive tools by default; destructive tools still require confirmation. Use only in isolated environments. |
350
-
351
- ```json
352
- {
353
- "defaultPermissionProfile": "workspace-write",
354
- "allowedPermissionProfiles": ["legacy", "read-only", "workspace-write", "danger-full-access"],
355
- "permissionProfiles": {
356
- "workspace-write": {
357
- "workspaceRoots": ["D:/github/ai-cli"],
358
- "allowTemp": true,
359
- "rules": [
360
- { "tool": "read_file", "action": "auto-approve" },
361
- { "tool": "list_dir", "action": "auto-approve" }
362
- ]
363
- }
364
- },
365
- "permissionRules": [
366
- { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } }
367
- ]
368
- }
369
- ```
370
-
338
+
339
+ ### Permission Profiles
340
+
341
+ Permission profiles provide coarse-grained safety boundaries before fine-grained `permissionRules` run. The default profile is `legacy`, so existing configs keep their old behavior.
342
+
343
+ Built-in profiles:
344
+
345
+ | Profile | Behavior |
346
+ |---------|----------|
347
+ | `legacy` | Backward-compatible mode. Uses `permissionRules` and `defaultPermission` as before. |
348
+ | `read-only` | Allows known read-only/safe tools and safe MCP tools; blocks write and destructive tools. |
349
+ | `workspace-write` | Allows explicit file writes only inside the workspace roots or temp dirs; destructive tools still require confirmation. |
350
+ | `danger-full-access` | Auto-approves non-destructive tools by default; destructive tools still require confirmation. Use only in isolated environments. |
351
+
352
+ ```json
353
+ {
354
+ "defaultPermissionProfile": "workspace-write",
355
+ "allowedPermissionProfiles": ["legacy", "read-only", "workspace-write", "danger-full-access"],
356
+ "permissionProfiles": {
357
+ "workspace-write": {
358
+ "workspaceRoots": ["D:/github/ai-cli"],
359
+ "allowTemp": true,
360
+ "rules": [
361
+ { "tool": "read_file", "action": "auto-approve" },
362
+ { "tool": "list_dir", "action": "auto-approve" }
363
+ ]
364
+ }
365
+ },
366
+ "permissionRules": [
367
+ { "tool": "bash", "action": "deny", "when": { "pathPattern": "rm -rf" } }
368
+ ]
369
+ }
370
+ ```
371
+
371
372
  `/status` and `/security status` show the active profile. The Web status payload also includes `permissionProfile` for UI surfaces.
372
- ### Auto Mode
373
-
374
- `/auto on|off|status` enables a session-scoped, rule-based action classifier. It is designed to reduce confirmation fatigue without widening `/yolo`: `/yolo` still only skips write confirmations, while destructive tools still require confirmation.
375
-
376
- Auto Mode may auto-approve low-risk actions such as explicit writes inside the workspace/temp roots, read-only HTTP tools, plain non-force `git push`, and dependency installs already declared in `package.json` or a lockfile. It denies high-risk shapes such as `curl | bash`, force push, and likely secret exfiltration. Production deploys, database migrations, IaC destroy, credential/permission changes, and third-party agent loops fall back to confirmation.
377
-
378
- Auto Mode is not enabled by project config. Use `/permissions recently-denied` to inspect actions it blocked, or `/permissions clear-denied` to clear that session list.
379
- ### Agent Team
380
-
381
- `spawn_agent` can now use named roles from built-ins or JSON configs in `~/.aicli/agents/` and `.aicli/agents/`. Built-ins are `explorer`, `worker`, `reviewer`, `security`, and `tester`. Agent configs may set description, provider/model, system instructions, allowed/blocked tools, permission profile, max tool rounds, and context policy; they can only narrow the inherited sub-agent safety boundary. Use `/agent list|switch|stop|summary` to inspect roles and recent sub-agent runs.
382
-
383
- ### Network Policy
384
- `networkPolicy` is disabled by default for backward compatibility. When enabled, it governs network-facing tools before execution: `web_fetch`, `web_search`, `google_search`, MCP tools, and shell commands that look like network access (`curl`, `wget`, `git clone/fetch/pull/push`, package installs, SSH/SCP, etc.).
385
-
386
- ```json
387
- {
388
- "networkPolicy": {
389
- "enabled": true,
390
- "defaultAction": "confirm",
391
- "allowDomains": ["github.com", "docs.anthropic.com", "platform.openai.com"],
392
- "denyDomains": ["example-danger.test"],
393
- "allowPrivateNetwork": false,
394
- "tools": {
395
- "web_fetch": "confirm",
396
- "web_search": "allow",
397
- "google_search": "confirm",
398
- "shell": "confirm",
399
- "mcp": "confirm"
400
- }
401
- }
402
- }
403
- ```
404
-
405
- Actions are `allow`, `confirm`, or `deny`. Domain entries match the exact host or subdomains; port lists match the resolved URL port. Private/internal hosts such as `localhost`, `127.0.0.1`, `10.0.0.0/8`, `192.168.0.0/16`, and private IPv6 ranges are blocked unless `allowPrivateNetwork` is true.
406
- ### Trusted Hooks Lifecycle
407
-
408
- Legacy `preToolExecution` / `postToolExecution` hooks still work. New lifecycle hooks live under `hooks.events.<EventName>` and receive a JSON payload through `AICLI_HOOK_EVENT_JSON`; if the command prints JSON, ai-cli reads decisions such as `allow`, `deny`, `ask`, `warning`, or `warnings`.
409
-
410
- ```json
411
- {
412
- "hooks": {
413
- "events": {
414
- "PreToolUse": {
415
- "command": "node ./scripts/aicli-pre-tool-hook.mjs",
416
- "source": "project",
417
- "description": "Block unsafe local commands"
418
- },
419
- "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
420
- "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
421
- }
422
- }
423
- }
424
- ```
425
-
426
- Supported lifecycle names are `SessionStart`, `UserPromptSubmit`, `PreToolUse`, `PermissionRequest`, `PostToolUse`, `PreCompact`, `PostCompact`, `Stop`, `SubagentStart`, and `SubagentStop`. Project-sourced hooks must be trusted before execution; ai-cli stores trust records locally under the user config directory, keyed by hook hash, so changing hook content requires re-trust.
427
-
428
- Use `/hooks list`, `/hooks inspect <id>`, `/hooks trust <id>`, `/hooks untrust <id>`, and `/hooks disable` to manage them. `/status`, `/security status`, and Web status show pending project hooks that require trust.
373
+ ### Auto Mode
374
+
375
+ `/auto on|off|status` enables a session-scoped, rule-based action classifier. It is designed to reduce confirmation fatigue without widening `/yolo`: `/yolo` still only skips write confirmations, while destructive tools still require confirmation.
376
+
377
+ Auto Mode may auto-approve low-risk actions such as explicit writes inside the workspace/temp roots, read-only HTTP tools, plain non-force `git push`, and dependency installs already declared in `package.json` or a lockfile. It denies high-risk shapes such as `curl | bash`, force push, and likely secret exfiltration. Production deploys, database migrations, IaC destroy, credential/permission changes, and third-party agent loops fall back to confirmation.
378
+
379
+ Auto Mode is not enabled by project config. Use `/permissions recently-denied` to inspect actions it blocked, or `/permissions clear-denied` to clear that session list.
380
+ ### Agent Team
381
+
382
+ `spawn_agent` can now use named roles from built-ins or JSON configs in `~/.aicli/agents/` and `.aicli/agents/`. Built-ins are `explorer`, `worker`, `reviewer`, `security`, and `tester`. Agent configs may set description, provider/model, system instructions, allowed/blocked tools, permission profile, max tool rounds, and context policy; they can only narrow the inherited sub-agent safety boundary. Use `/agent list|switch|stop|summary` to inspect roles and recent sub-agent runs.
383
+
384
+ ### Network Policy
385
+ `networkPolicy` is disabled by default for backward compatibility. When enabled, it governs network-facing tools before execution: `web_fetch`, `web_search`, `google_search`, MCP tools, and shell commands that look like network access (`curl`, `wget`, `git clone/fetch/pull/push`, package installs, SSH/SCP, etc.).
386
+
387
+ ```json
388
+ {
389
+ "networkPolicy": {
390
+ "enabled": true,
391
+ "defaultAction": "confirm",
392
+ "allowDomains": ["github.com", "docs.anthropic.com", "platform.openai.com"],
393
+ "denyDomains": ["example-danger.test"],
394
+ "allowPrivateNetwork": false,
395
+ "tools": {
396
+ "web_fetch": "confirm",
397
+ "web_search": "allow",
398
+ "google_search": "confirm",
399
+ "shell": "confirm",
400
+ "mcp": "confirm"
401
+ }
402
+ }
403
+ }
404
+ ```
405
+
406
+ Actions are `allow`, `confirm`, or `deny`. Domain entries match the exact host or subdomains; port lists match the resolved URL port. Private/internal hosts such as `localhost`, `127.0.0.1`, `10.0.0.0/8`, `192.168.0.0/16`, and private IPv6 ranges are blocked unless `allowPrivateNetwork` is true.
407
+ ### Trusted Hooks Lifecycle
408
+
409
+ Legacy `preToolExecution` / `postToolExecution` hooks still work. New lifecycle hooks live under `hooks.events.<EventName>` and receive a JSON payload through `AICLI_HOOK_EVENT_JSON`; if the command prints JSON, ai-cli reads decisions such as `allow`, `deny`, `ask`, `warning`, or `warnings`.
410
+
411
+ ```json
412
+ {
413
+ "hooks": {
414
+ "events": {
415
+ "PreToolUse": {
416
+ "command": "node ./scripts/aicli-pre-tool-hook.mjs",
417
+ "source": "project",
418
+ "description": "Block unsafe local commands"
419
+ },
420
+ "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
421
+ "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
422
+ }
423
+ }
424
+ }
425
+ ```
426
+
427
+ Supported lifecycle names are `SessionStart`, `UserPromptSubmit`, `PreToolUse`, `PermissionRequest`, `PostToolUse`, `PreCompact`, `PostCompact`, `Stop`, `SubagentStart`, and `SubagentStop`. Project-sourced hooks must be trusted before execution; ai-cli stores trust records locally under the user config directory, keyed by hook hash, so changing hook content requires re-trust.
428
+
429
+ Use `/hooks list`, `/hooks inspect <id>`, `/hooks trust <id>`, `/hooks untrust <id>`, and `/hooks disable` to manage them. `/status`, `/security status`, and Web status show pending project hooks that require trust.
429
430
  **Recommended minimal config** — auto-approve all read-only tools to reduce y/N prompts:
430
431
 
431
432
  ```json
@@ -455,7 +456,8 @@ Environment variables take precedence over config file values:
455
456
  | `AICLI_API_KEY_OPENAI` | OpenAI API Key |
456
457
  | `AICLI_API_KEY_OPENROUTER` | OpenRouter API Key |
457
458
  | `AICLI_API_KEY_ZHIPU` | Zhipu API Key |
458
- | `AICLI_API_KEY_KIMI` | Kimi API Key |
459
+ | `AICLI_API_KEY_KIMI` | Kimi API Key |
460
+ | `AICLI_API_KEY_QWEN` | Qwen / Alibaba Cloud API Key |
459
461
  | `AICLI_PROVIDER` | Default provider ID |
460
462
  | `AICLI_NO_STREAM` | Set to `1` to disable streaming |
461
463
  | `HTTPS_PROXY` / `HTTP_PROXY` | Proxy URL |
@@ -563,6 +565,7 @@ node scripts/release.mjs patch -m "..." --dry-run
563
565
  - [`docs/USAGE.md`](docs/USAGE.md) — Complete reference manual (commands, tools, config)
564
566
  - [`docs/TUTORIAL.md`](docs/TUTORIAL.md) — Hands-on tutorial, zero to fluent in an hour
565
567
  - [`docs/ADVANCED.md`](docs/ADVANCED.md) — Architecture and internals (for developers)
568
+ - [`docs/MIGRATION.md`](docs/MIGRATION.md) — Migration guide from Claude Code, Codex, Claude Desktop, and Cursor
566
569
  - [`docs/RECIPES.md`](docs/RECIPES.md) — Practical recipes by scenario
567
570
  - [`docs/SECURITY.md`](docs/SECURITY.md) — **Security model, deployment checklist, audit history.** Read before exposing `aicli web` to a network.
568
571
  - [`CHANGELOG.md`](CHANGELOG.md) — Per-version change log
package/README.zh-CN.md CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  # ai-cli
4
4
 
5
- > 跨平台 AI 编程助手 — CLI 终端、Web 界面、桌面应用三合一,支持 9 大 Provider(含本地 Ollama)与 Agentic 工具调用
5
+ > 跨平台 AI 编程助手 — CLI 终端、Web 界面、桌面应用三合一,支持 10 大 Provider(含本地 Ollama)与 Agentic 工具调用
6
6
 
7
7
  [![npm version](https://img.shields.io/npm/v/jinzd-ai-cli)](https://www.npmjs.com/package/jinzd-ai-cli)
8
8
  [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
@@ -13,7 +13,7 @@
13
13
 
14
14
  ## 特性亮点
15
15
 
16
- - **9 大内置 Provider** — Claude、Gemini、DeepSeek、OpenAI、智谱 GLM、Kimi、**MiniMax(海螺)**、OpenRouter(300+ 模型)、**Ollama**(本地模型,无需 API Key)
16
+ - **10 大内置 Provider** — Claude、Gemini、DeepSeek、OpenAI、智谱 GLM、Kimi、Qwen、**MiniMax(海螺)**、OpenRouter(300+ 模型)、**Ollama**(本地模型,无需 API Key)
17
17
  - **三种使用方式** — 终端 CLI、浏览器 Web UI(`aicli web`)、Electron 桌面应用
18
18
  - **Agentic 工具调用** — AI 自主执行 bash 命令、读写文件、搜索代码、抓取网页、运行测试(默认 200 轮,可通过 `config.maxToolRounds` 或 `--max-tool-rounds` 调整,上限 10000)
19
19
  - **Prompt Caching**(v0.4.70+)— system prompt 拆分稳定/易变两段,Claude 对稳定段启用 `cache_control: ephemeral`,命中时按 10% 计费
@@ -115,10 +115,11 @@ aicli user delete x # 删除用户
115
115
  | **Claude** | Opus 4, Sonnet 4, Haiku 4 | [console.anthropic.com](https://console.anthropic.com) |
116
116
  | **Gemini** | 2.5 Pro, 2.5 Flash | [aistudio.google.com](https://aistudio.google.com) |
117
117
  | **DeepSeek** | DeepSeek-Chat (V3), Reasoner (R1) | [platform.deepseek.com](https://platform.deepseek.com) |
118
- | **OpenAI** | GPT-5.4, GPT-4o, o3, o4-mini | [platform.openai.com](https://platform.openai.com) |
118
+ | **OpenAI** | GPT-5.4, GPT-5, GPT-4.1, o3, o4-mini | [platform.openai.com](https://platform.openai.com) |
119
119
  | **OpenRouter** | 300+ 模型(Claude/GPT/Gemini/Llama/Qwen/Mistral...) | [openrouter.ai](https://openrouter.ai) |
120
120
  | **智谱清言** | GLM-4, GLM-5 | [open.bigmodel.cn](https://open.bigmodel.cn) |
121
- | **Kimi** | Moonshot, Kimi-K2 | [platform.moonshot.cn](https://platform.moonshot.cn) |
121
+ | **Kimi** | Kimi K2.6, K2.5, K2 Thinking | [platform.moonshot.cn](https://platform.moonshot.cn) |
122
+ | **Qwen** | qwen-plus, qwen-max, qwen-turbo, qwen-coder-plus | [bailian.console.aliyun.com](https://bailian.console.aliyun.com) |
122
123
  | **Ollama** | 任意本地模型(Llama、Qwen、Gemma、Mistral...) | 无需 API Key — [ollama.com](https://ollama.com) |
123
124
 
124
125
  也可通过 `customBaseUrls` 配置接入任意 OpenAI 兼容 API。
@@ -370,39 +371,39 @@ HTTPS_PROXY=http://127.0.0.1:10809 aicli
370
371
  }
371
372
  ```
372
373
 
373
- ### Auto Mode
374
-
375
- `/auto on|off|status` 会开启会话级规则分类器,用来减少确认疲劳,但不会扩大 `/yolo` 的边界:`/yolo` 仍然只跳过 write 确认,destructive 仍需确认。
376
-
377
- Auto Mode 可自动通过低风险动作,例如 workspace/temp 根目录内的显式写入、只读 HTTP 工具、非 force 的普通 `git push`、已经写在 `package.json` 或 lockfile 中的依赖安装。它会拒绝 `curl | bash`、force push、疑似 secret 外传;生产部署、数据库迁移、IaC destroy、IAM/token/key/权限变更、第三方 agent loop 默认进入确认。
378
-
379
- Auto Mode 不会被项目配置静默开启。用 `/permissions recently-denied` 查看最近被 Auto Mode 拒绝的动作,用 `/permissions clear-denied` 清空本会话列表。
380
- ### Agent Team
381
-
382
- `spawn_agent` 现在支持命名角色,来源包括内置角色以及 `~/.aicli/agents/`、`.aicli/agents/` 下的 JSON 配置。内置角色包括 `explorer`、`worker`、`reviewer`、`security`、`tester`。agent 配置可声明 description、provider/model、system instructions、allowed/blocked tools、permission profile、max tool rounds、context policy;这些配置只能在继承的子代理安全边界内继续收窄,不能越权放宽。使用 `/agent list|switch|stop|summary` 查看角色和最近子代理运行记录。
383
-
384
- ### 可信 Hooks 生命周期
385
- 旧版 `preToolExecution` / `postToolExecution` 仍然兼容。新版生命周期 hooks 配置在 `hooks.events.<EventName>` 下,通过 `AICLI_HOOK_EVENT_JSON` 接收 JSON 事件;命令 stdout 如果输出 JSON,ai-cli 会读取 `allow`、`deny`、`ask`、`warning` 或 `warnings` 等决策。
386
-
387
- ```json
388
- {
389
- "hooks": {
390
- "events": {
391
- "PreToolUse": {
392
- "command": "node ./scripts/aicli-pre-tool-hook.mjs",
393
- "source": "project",
394
- "description": "Block unsafe local commands"
395
- },
396
- "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
397
- "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
398
- }
399
- }
400
- }
401
- ```
402
-
403
- 支持的事件包括 `SessionStart`、`UserPromptSubmit`、`PreToolUse`、`PermissionRequest`、`PostToolUse`、`PreCompact`、`PostCompact`、`Stop`、`SubagentStart`、`SubagentStop`。`source: "project"` 的 hook 默认不会执行,必须通过 `/hooks trust <id>` 写入本地信任记录;命令内容变化后 hash 会变化,需要重新信任。
404
-
405
- 使用 `/hooks list`、`/hooks inspect <id>`、`/hooks trust <id>`、`/hooks untrust <id>`、`/hooks disable` 管理 hooks。`/status`、`/security status` 和 Web 状态栏会显示待信任项目 hooks 数量。
374
+ ### Auto Mode
375
+
376
+ `/auto on|off|status` 会开启会话级规则分类器,用来减少确认疲劳,但不会扩大 `/yolo` 的边界:`/yolo` 仍然只跳过 write 确认,destructive 仍需确认。
377
+
378
+ Auto Mode 可自动通过低风险动作,例如 workspace/temp 根目录内的显式写入、只读 HTTP 工具、非 force 的普通 `git push`、已经写在 `package.json` 或 lockfile 中的依赖安装。它会拒绝 `curl | bash`、force push、疑似 secret 外传;生产部署、数据库迁移、IaC destroy、IAM/token/key/权限变更、第三方 agent loop 默认进入确认。
379
+
380
+ Auto Mode 不会被项目配置静默开启。用 `/permissions recently-denied` 查看最近被 Auto Mode 拒绝的动作,用 `/permissions clear-denied` 清空本会话列表。
381
+ ### Agent Team
382
+
383
+ `spawn_agent` 现在支持命名角色,来源包括内置角色以及 `~/.aicli/agents/`、`.aicli/agents/` 下的 JSON 配置。内置角色包括 `explorer`、`worker`、`reviewer`、`security`、`tester`。agent 配置可声明 description、provider/model、system instructions、allowed/blocked tools、permission profile、max tool rounds、context policy;这些配置只能在继承的子代理安全边界内继续收窄,不能越权放宽。使用 `/agent list|switch|stop|summary` 查看角色和最近子代理运行记录。
384
+
385
+ ### 可信 Hooks 生命周期
386
+ 旧版 `preToolExecution` / `postToolExecution` 仍然兼容。新版生命周期 hooks 配置在 `hooks.events.<EventName>` 下,通过 `AICLI_HOOK_EVENT_JSON` 接收 JSON 事件;命令 stdout 如果输出 JSON,ai-cli 会读取 `allow`、`deny`、`ask`、`warning` 或 `warnings` 等决策。
387
+
388
+ ```json
389
+ {
390
+ "hooks": {
391
+ "events": {
392
+ "PreToolUse": {
393
+ "command": "node ./scripts/aicli-pre-tool-hook.mjs",
394
+ "source": "project",
395
+ "description": "Block unsafe local commands"
396
+ },
397
+ "UserPromptSubmit": "node ./scripts/aicli-prompt-hook.mjs",
398
+ "Stop": { "command": "npm test -- --runInBand", "timeoutMs": 10000 }
399
+ }
400
+ }
401
+ }
402
+ ```
403
+
404
+ 支持的事件包括 `SessionStart`、`UserPromptSubmit`、`PreToolUse`、`PermissionRequest`、`PostToolUse`、`PreCompact`、`PostCompact`、`Stop`、`SubagentStart`、`SubagentStop`。`source: "project"` 的 hook 默认不会执行,必须通过 `/hooks trust <id>` 写入本地信任记录;命令内容变化后 hash 会变化,需要重新信任。
405
+
406
+ 使用 `/hooks list`、`/hooks inspect <id>`、`/hooks trust <id>`、`/hooks untrust <id>`、`/hooks disable` 管理 hooks。`/status`、`/security status` 和 Web 状态栏会显示待信任项目 hooks 数量。
406
407
  ### 环境变量
407
408
 
408
409
  | 变量 | 说明 |
@@ -413,7 +414,8 @@ Auto Mode 不会被项目配置静默开启。用 `/permissions recently-denied`
413
414
  | `AICLI_API_KEY_OPENAI` | OpenAI API Key |
414
415
  | `AICLI_API_KEY_OPENROUTER` | OpenRouter API Key |
415
416
  | `AICLI_API_KEY_ZHIPU` | 智谱 API Key |
416
- | `AICLI_API_KEY_KIMI` | Kimi API Key |
417
+ | `AICLI_API_KEY_KIMI` | Kimi API Key |
418
+ | `AICLI_API_KEY_QWEN` | Qwen / Alibaba Cloud API Key |
417
419
  | `AICLI_PROVIDER` | 默认 Provider |
418
420
  | `AICLI_NO_STREAM` | 设为 `1` 禁用流式输出 |
419
421
  | `HTTPS_PROXY` / `HTTP_PROXY` | 代理地址 |
@@ -1,9 +1,9 @@
1
1
  #!/usr/bin/env node
2
2
  import {
3
3
  ConfigManager
4
- } from "./chunk-P4VBLXKS.js";
5
- import "./chunk-TZQHYZKT.js";
6
- import "./chunk-NTCB7CMT.js";
4
+ } from "./chunk-5WBNXYDJ.js";
5
+ import "./chunk-5ULLIOVC.js";
6
+ import "./chunk-QZYNRCPX.js";
7
7
  import {
8
8
  atomicWriteFileSync
9
9
  } from "./chunk-IW3Q7AE5.js";
@@ -8,6 +8,7 @@ var ENV_KEY_MAP = {
8
8
  zhipu: "AICLI_API_KEY_ZHIPU",
9
9
  kimi: "AICLI_API_KEY_KIMI",
10
10
  minimax: "AICLI_API_KEY_MINIMAX",
11
+ qwen: "AICLI_API_KEY_QWEN",
11
12
  openai: "AICLI_API_KEY_OPENAI",
12
13
  openrouter: "AICLI_API_KEY_OPENROUTER",
13
14
  "google-search": "AICLI_API_KEY_GOOGLESEARCH",
@@ -2,13 +2,13 @@
2
2
  import {
3
3
  ConfigError,
4
4
  EnvLoader
5
- } from "./chunk-TZQHYZKT.js";
5
+ } from "./chunk-5ULLIOVC.js";
6
6
  import {
7
7
  CONFIG_DIR_NAME,
8
8
  CONFIG_FILE_NAME,
9
9
  HISTORY_DIR_NAME,
10
10
  PLUGINS_DIR_NAME
11
- } from "./chunk-NTCB7CMT.js";
11
+ } from "./chunk-QZYNRCPX.js";
12
12
  import {
13
13
  atomicWriteFileSync
14
14
  } from "./chunk-IW3Q7AE5.js";