npm - jinzd-ai-cli - Versions diffs - 0.4.23 → 0.4.25 - Mend

jinzd-ai-cli 0.4.23 → 0.4.25

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/chunk-4BKXL7SM.js +98 -0
package/dist/{chunk-PDVX5QJA.js → chunk-5GZQLJAY.js} +1068 -201
package/dist/{chunk-UA4BVWKV.js → chunk-AHH5I2U6.js} +1 -1
package/dist/{chunk-XMTMCMAP.js → chunk-ETMUP3CY.js} +1 -1
package/dist/chunk-SKET65WZ.js +96 -0
package/dist/{chunk-GBMVHLPA.js → chunk-SS7BQZ5R.js} +2 -198
package/dist/{hub-YN245LMP.js → hub-JOYPSPR2.js} +1 -1
package/dist/index.js +170 -500
package/dist/{run-tests-2S6SYL2M.js → run-tests-25BZE3KQ.js} +1 -1
package/dist/{run-tests-7ZBI4ZTU.js → run-tests-L3JNRB6X.js} +1 -1
package/dist/{server-SD5ICBFP.js → server-V3IZSAMO.js} +126 -7
package/dist/{task-orchestrator-C472QXTJ.js → task-orchestrator-4N5UUA6L.js} +3 -2
package/dist/web/client/app.js +16 -3
package/package.json +1 -1

package/dist/{run-tests-2S6SYL2M.js → run-tests-25BZE3KQ.js} RENAMED Viewed

@@ -1,7 +1,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-XMTMCMAP.js";
+} from "./chunk-ETMUP3CY.js";
 export {
   executeTests,
   runTestsTool

package/dist/{run-tests-7ZBI4ZTU.js → run-tests-L3JNRB6X.js} RENAMED Viewed

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-SD5ICBFP.js → server-V3IZSAMO.js} RENAMED Viewed

@@ -7,7 +7,6 @@ import {
   SessionManager,
   SkillManager,
   TOOL_CALL_REMINDER,
-  checkPermission,
   detectsHallucinatedFileOp,
   formatGitContextForPrompt,
   getContentText,
@@ -15,24 +14,27 @@ import {
   getGitRoot,
   hadPreviousWriteToolCalls,
   loadDevState,
-  renderDiff,
-  runHook,
   setupProxy
-} from "./chunk-GBMVHLPA.js";
+} from "./chunk-SS7BQZ5R.js";
 import {
   AuthManager
 } from "./chunk-BYNY5JPB.js";
 import {
+  ToolExecutor,
   ToolRegistry,
   askUserContext,
+  checkPermission,
   getDangerLevel,
   googleSearchContext,
   isFileWriteTool,
+  renderDiff,
+  runHook,
   setContextWindow,
   spawnAgentContext,
   truncateOutput,
   undoStack
-} from "./chunk-PDVX5QJA.js";
+} from "./chunk-5GZQLJAY.js";
+import "./chunk-4BKXL7SM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -50,7 +52,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 // src/web/server.ts
 import express from "express";
@@ -815,6 +817,7 @@ You have a maximum of ${MAX_TOOL_ROUNDS} tool call rounds for this task. Plan ef
           spawnAgentContext.systemPrompt = systemPrompt;
           spawnAgentContext.modelParams = modelParams;
           spawnAgentContext.configManager = this.config;
+          ToolExecutor.currentMessageIndex = this.sessions.current?.messages.length ?? 0;
           const toolResults = await this.toolExecutor.executeAll(result.toolCalls);
           const reasoningContent = result.reasoningContent;
           const newMsgs = provider.buildToolResultMessages(result.toolCalls, toolResults, reasoningContent);
@@ -1512,11 +1515,96 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
         }
         break;
       }
+      // ── /security-review ──────────────────────────────────────────────
+      case "security-review": {
+        const gitCtx = getGitContext();
+        if (!gitCtx) {
+          this.send({ type: "error", message: "Not a git repository." });
+          break;
+        }
+        const secStaged = args.includes("--staged");
+        let secDiff;
+        try {
+          const cmd = secStaged ? "git diff --staged" : "git diff";
+          secDiff = execSync(cmd, { encoding: "utf-8", timeout: 1e4 }).trim();
+        } catch {
+          this.send({ type: "error", message: "Failed to run git diff." });
+          break;
+        }
+        if (!secDiff) {
+          this.send({ type: "info", message: "No changes to review." + (secStaged ? "" : " Try --staged for staged changes.") });
+          break;
+        }
+        const SEC_MAX_DIFF = 8e3;
+        let secTruncated = false;
+        if (secDiff.length > SEC_MAX_DIFF) {
+          const head = secDiff.slice(0, Math.floor(SEC_MAX_DIFF * 0.7));
+          const tail = secDiff.slice(secDiff.length - Math.floor(SEC_MAX_DIFF * 0.2));
+          secDiff = head + "\n\n... [diff truncated, " + secDiff.length + " chars total] ...\n\n" + tail;
+          secTruncated = true;
+        }
+        const secPrompt = this.buildSecurityReviewPrompt(secDiff, formatGitContextForPrompt(gitCtx));
+        this.send({ type: "info", message: "\u{1F512} Scanning for security vulnerabilities..." });
+        try {
+          const secReview = await this.chatOnce(secPrompt, { temperature: 0.2, maxTokens: 8192 });
+          const secMsg = secTruncated ? secReview + "\n\n\u26A0 Diff was truncated. Consider reviewing smaller changesets." : secReview;
+          this.send({ type: "info", message: secMsg });
+        } catch (err) {
+          this.send({ type: "error", message: `Security review failed: ${err.message}` });
+        }
+        break;
+      }
+      // ── /rewind ────────────────────────────────────────────────────────
+      case "rewind": {
+        const session = this.sessions.current;
+        if (!session || session.messages.length === 0) {
+          this.send({ type: "info", message: "No messages to rewind." });
+          break;
+        }
+        const rewindSub = args[0];
+        if (rewindSub === "list" || !rewindSub) {
+          const lines = [`Conversation messages (${session.messages.length} total):
+`];
+          const cpIndices = (await import("./file-checkpoint-NKBHGC7L.js")).fileCheckpoints.getMessageIndices();
+          for (let i = 0; i < session.messages.length; i++) {
+            const m = session.messages[i];
+            const text = getContentText(m.content).replace(/\n/g, " ").slice(0, 60);
+            const pin = cpIndices.includes(i) ? " \u{1F4CC}" : "";
+            lines.push(`  [${i + 1}] ${m.role.padEnd(10)} ${text}${pin}`);
+          }
+          lines.push("", "Usage: /rewind <n> \u2014 rewind to message N", "\u{1F4CC} = file checkpoint");
+          this.send({ type: "info", message: lines.join("\n") });
+          break;
+        }
+        const rewindN = parseInt(rewindSub, 10);
+        if (isNaN(rewindN) || rewindN < 1 || rewindN > session.messages.length) {
+          this.send({ type: "error", message: `Invalid message number: ${rewindSub}. Range: 1-${session.messages.length}` });
+          break;
+        }
+        const { fileCheckpoints: fc } = await import("./file-checkpoint-NKBHGC7L.js");
+        const rewindRemoved = session.messages.length - rewindN;
+        const rewindResult = fc.restoreToMessageIndex(rewindN);
+        session.messages = session.messages.slice(0, rewindN);
+        session.checkpoints = session.checkpoints.filter((c) => c.messageIndex <= rewindN);
+        session.updated = /* @__PURE__ */ new Date();
+        this.sessions.save();
+        const rewindLines = [`\u2713 Rewound to message ${rewindN}`, `  Messages removed: ${rewindRemoved}`];
+        if (rewindResult.restored > 0 || rewindResult.deleted > 0) {
+          rewindLines.push(`  Files restored: ${rewindResult.restored}, deleted: ${rewindResult.deleted}`);
+          for (const f of rewindResult.files) rewindLines.push(`    ${f}`);
+        } else {
+          rewindLines.push("  No file changes to revert.");
+        }
+        this.send({ type: "info", message: rewindLines.join("\n") });
+        this.sendSessionMessages();
+        this.sendStatus();
+        break;
+      }
       // ── /test ───────────────────────────────────────────────────────
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-7ZBI4ZTU.js");
+          const { executeTests } = await import("./run-tests-L3JNRB6X.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -2320,6 +2408,37 @@ ${diff}
 4. **Highlights** (if any)
 Severity: \u{1F534} Critical / \u{1F7E1} Warning / \u{1F535} Info`;
+  }
+  buildSecurityReviewPrompt(diff, gitContextStr) {
+    return `# Security Vulnerability Review
+Analyze the following code changes **exclusively for security vulnerabilities**.
+## Categories
+1. Injection (SQL, command, path traversal, XSS)
+2. Auth & Authorization (hardcoded creds, missing checks)
+3. Secrets & Sensitive Data (API keys, tokens in code)
+4. Input Validation (missing validation, unsafe deserialization)
+5. Cryptography (weak algorithms, hardcoded IVs)
+6. File System (path traversal, symlink attacks)
+7. Network (SSRF, insecure protocols)
+## Git Status
+${gitContextStr}
+## Code Changes
+\`\`\`diff
+${diff}
+\`\`\`
+## Output Format
+For each finding:
+- **Severity**: \u{1F534} CRITICAL / \u{1F7E0} HIGH / \u{1F7E1} MEDIUM / \u{1F535} LOW
+- **Category** + **File:line**
+- **Description** + exploitation scenario
+- **Recommended fix**
+If none found: "\u2705 No security vulnerabilities detected"`;
   }
   loadContextFiles() {
     const parts = [];

package/dist/{task-orchestrator-C472QXTJ.js → task-orchestrator-4N5UUA6L.js} RENAMED Viewed

@@ -4,10 +4,11 @@ import {
   getDangerLevel,
   googleSearchContext,
   truncateOutput
-} from "./chunk-PDVX5QJA.js";
+} from "./chunk-5GZQLJAY.js";
+import "./chunk-4BKXL7SM.js";
 import {
   SUBAGENT_ALLOWED_TOOLS
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 // src/hub/task-orchestrator.ts
 import { createInterface } from "readline";

package/dist/web/client/app.js CHANGED Viewed

@@ -782,27 +782,40 @@ function renderFilteredSessions(filter) {
     </div>`;
   }).join('');
-  // Click to load session (only in normal mode)
+  // Click to load session / double-click title to rename
   sessionListEl.querySelectorAll('.session-item').forEach(el => {
+    let clickTimer = null;
     el.addEventListener('click', (e) => {
       if (e.target.closest('.session-delete-btn') || e.target.closest('.session-batch-cb') || e.target.closest('.session-rename-input')) return;
       if (batchSelectMode) {
-        // In batch mode, clicking the row toggles the checkbox
         const cb = el.querySelector('.session-batch-cb');
         if (cb) { cb.checked = !cb.checked; cb.dispatchEvent(new Event('change')); }
         return;
       }
+      // If clicking on the title text, delay to allow dblclick detection
+      if (!batchSelectMode && e.target.closest('.session-title')) {
+        if (clickTimer) return; // Already waiting
+        clickTimer = setTimeout(() => {
+          clickTimer = null;
+          const id = el.dataset.sessionId;
+          if (id) send({ type: 'command', name: 'session', args: ['load', id] });
+        }, 300);
+        return;
+      }
+      // Clicking elsewhere on the item — load immediately
       const id = el.dataset.sessionId;
       if (!id) return;
       send({ type: 'command', name: 'session', args: ['load', id] });
     });
-    // Double-click session title to rename
     if (!batchSelectMode) {
       const titleEl = el.querySelector('.session-title');
       if (titleEl) {
         titleEl.addEventListener('dblclick', (e) => {
           e.stopPropagation();
+          e.preventDefault();
+          if (clickTimer) { clearTimeout(clickTimer); clickTimer = null; }
           startSessionRename(el, titleEl);
         });
       }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.4.23",
+  "version": "0.4.25",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",