jinzd-ai-cli 0.4.24 → 0.4.26

package/dist/{run-tests-2S6SYL2M.js → run-tests-25BZE3KQ.js}

@@ -1,7 +1,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-XMTMCMAP.js";
+} from "./chunk-ETMUP3CY.js";
 export {
   executeTests,
   runTestsTool

package/dist/{run-tests-7ZBI4ZTU.js → run-tests-L3JNRB6X.js}

@@ -2,7 +2,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-SD5ICBFP.js → server-SZZXQZWY.js}

@@ -7,7 +7,6 @@ import {
   SessionManager,
   SkillManager,
   TOOL_CALL_REMINDER,
-  checkPermission,
   detectsHallucinatedFileOp,
   formatGitContextForPrompt,
   getContentText,
@@ -15,24 +14,27 @@ import {
   getGitRoot,
   hadPreviousWriteToolCalls,
   loadDevState,
-  renderDiff,
-  runHook,
   setupProxy
-} from "./chunk-GBMVHLPA.js";
+} from "./chunk-SS7BQZ5R.js";
 import {
   AuthManager
 } from "./chunk-BYNY5JPB.js";
 import {
+  ToolExecutor,
   ToolRegistry,
   askUserContext,
+  checkPermission,
   getDangerLevel,
   googleSearchContext,
   isFileWriteTool,
+  renderDiff,
+  runHook,
   setContextWindow,
   spawnAgentContext,
   truncateOutput,
   undoStack
-} from "./chunk-PDVX5QJA.js";
+} from "./chunk-5GZQLJAY.js";
+import "./chunk-4BKXL7SM.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -50,7 +52,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 
 // src/web/server.ts
 import express from "express";
@@ -815,6 +817,7 @@ You have a maximum of ${MAX_TOOL_ROUNDS} tool call rounds for this task. Plan ef
           spawnAgentContext.systemPrompt = systemPrompt;
           spawnAgentContext.modelParams = modelParams;
           spawnAgentContext.configManager = this.config;
+          ToolExecutor.currentMessageIndex = this.sessions.current?.messages.length ?? 0;
           const toolResults = await this.toolExecutor.executeAll(result.toolCalls);
           const reasoningContent = result.reasoningContent;
           const newMsgs = provider.buildToolResultMessages(result.toolCalls, toolResults, reasoningContent);
@@ -1144,6 +1147,8 @@ Tokens: in=${this.sessionTokenUsage.inputTokens} out=${this.sessionTokenUsage.ou
             "  /checkpoint [save|restore|delete] <name> \u2014 Session checkpoints",
             "  /fork [checkpoint]   \u2014 Fork session from checkpoint or current",
             "  /review [--staged]   \u2014 AI code review from git diff",
+            "  /security-review     \u2014 Security vulnerability scan on git diff",
+            "  /rewind [list|<n>]   \u2014 Rewind conversation & restore files to checkpoint",
             "  /test [command]      \u2014 Run project tests",
             "  /init [--force]      \u2014 Generate AICLI.md by scanning project",
             "  /scaffold <desc>     \u2014 Generate project scaffolding with AI",
@@ -1512,11 +1517,96 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
         }
         break;
       }
+      // ── /security-review ──────────────────────────────────────────────
+      case "security-review": {
+        const gitCtx = getGitContext();
+        if (!gitCtx) {
+          this.send({ type: "error", message: "Not a git repository." });
+          break;
+        }
+        const secStaged = args.includes("--staged");
+        let secDiff;
+        try {
+          const cmd = secStaged ? "git diff --staged" : "git diff";
+          secDiff = execSync(cmd, { encoding: "utf-8", timeout: 1e4 }).trim();
+        } catch {
+          this.send({ type: "error", message: "Failed to run git diff." });
+          break;
+        }
+        if (!secDiff) {
+          this.send({ type: "info", message: "No changes to review." + (secStaged ? "" : " Try --staged for staged changes.") });
+          break;
+        }
+        const SEC_MAX_DIFF = 8e3;
+        let secTruncated = false;
+        if (secDiff.length > SEC_MAX_DIFF) {
+          const head = secDiff.slice(0, Math.floor(SEC_MAX_DIFF * 0.7));
+          const tail = secDiff.slice(secDiff.length - Math.floor(SEC_MAX_DIFF * 0.2));
+          secDiff = head + "\n\n... [diff truncated, " + secDiff.length + " chars total] ...\n\n" + tail;
+          secTruncated = true;
+        }
+        const secPrompt = this.buildSecurityReviewPrompt(secDiff, formatGitContextForPrompt(gitCtx));
+        this.send({ type: "info", message: "\u{1F512} Scanning for security vulnerabilities..." });
+        try {
+          const secReview = await this.chatOnce(secPrompt, { temperature: 0.2, maxTokens: 8192 });
+          const secMsg = secTruncated ? secReview + "\n\n\u26A0 Diff was truncated. Consider reviewing smaller changesets." : secReview;
+          this.send({ type: "info", message: secMsg });
+        } catch (err) {
+          this.send({ type: "error", message: `Security review failed: ${err.message}` });
+        }
+        break;
+      }
+      // ── /rewind ────────────────────────────────────────────────────────
+      case "rewind": {
+        const session = this.sessions.current;
+        if (!session || session.messages.length === 0) {
+          this.send({ type: "info", message: "No messages to rewind." });
+          break;
+        }
+        const rewindSub = args[0];
+        if (rewindSub === "list" || !rewindSub) {
+          const lines = [`Conversation messages (${session.messages.length} total):
+`];
+          const cpIndices = (await import("./file-checkpoint-NKBHGC7L.js")).fileCheckpoints.getMessageIndices();
+          for (let i = 0; i < session.messages.length; i++) {
+            const m = session.messages[i];
+            const text = getContentText(m.content).replace(/\n/g, " ").slice(0, 60);
+            const pin = cpIndices.includes(i) ? " \u{1F4CC}" : "";
+            lines.push(`  [${i + 1}] ${m.role.padEnd(10)} ${text}${pin}`);
+          }
+          lines.push("", "Usage: /rewind <n> \u2014 rewind to message N", "\u{1F4CC} = file checkpoint");
+          this.send({ type: "info", message: lines.join("\n") });
+          break;
+        }
+        const rewindN = parseInt(rewindSub, 10);
+        if (isNaN(rewindN) || rewindN < 1 || rewindN > session.messages.length) {
+          this.send({ type: "error", message: `Invalid message number: ${rewindSub}. Range: 1-${session.messages.length}` });
+          break;
+        }
+        const { fileCheckpoints: fc } = await import("./file-checkpoint-NKBHGC7L.js");
+        const rewindRemoved = session.messages.length - rewindN;
+        const rewindResult = fc.restoreToMessageIndex(rewindN);
+        session.messages = session.messages.slice(0, rewindN);
+        session.checkpoints = session.checkpoints.filter((c) => c.messageIndex <= rewindN);
+        session.updated = /* @__PURE__ */ new Date();
+        this.sessions.save();
+        const rewindLines = [`\u2713 Rewound to message ${rewindN}`, `  Messages removed: ${rewindRemoved}`];
+        if (rewindResult.restored > 0 || rewindResult.deleted > 0) {
+          rewindLines.push(`  Files restored: ${rewindResult.restored}, deleted: ${rewindResult.deleted}`);
+          for (const f of rewindResult.files) rewindLines.push(`    ${f}`);
+        } else {
+          rewindLines.push("  No file changes to revert.");
+        }
+        this.send({ type: "info", message: rewindLines.join("\n") });
+        this.sendSessionMessages();
+        this.sendStatus();
+        break;
+      }
       // ── /test ───────────────────────────────────────────────────────
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-7ZBI4ZTU.js");
+          const { executeTests } = await import("./run-tests-L3JNRB6X.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -2320,6 +2410,37 @@ ${diff}
 4. **Highlights** (if any)
 
 Severity: \u{1F534} Critical / \u{1F7E1} Warning / \u{1F535} Info`;
+  }
+  buildSecurityReviewPrompt(diff, gitContextStr) {
+    return `# Security Vulnerability Review
+
+Analyze the following code changes **exclusively for security vulnerabilities**.
+
+## Categories
+1. Injection (SQL, command, path traversal, XSS)
+2. Auth & Authorization (hardcoded creds, missing checks)
+3. Secrets & Sensitive Data (API keys, tokens in code)
+4. Input Validation (missing validation, unsafe deserialization)
+5. Cryptography (weak algorithms, hardcoded IVs)
+6. File System (path traversal, symlink attacks)
+7. Network (SSRF, insecure protocols)
+
+## Git Status
+${gitContextStr}
+
+## Code Changes
+\`\`\`diff
+${diff}
+\`\`\`
+
+## Output Format
+For each finding:
+- **Severity**: \u{1F534} CRITICAL / \u{1F7E0} HIGH / \u{1F7E1} MEDIUM / \u{1F535} LOW
+- **Category** + **File:line**
+- **Description** + exploitation scenario
+- **Recommended fix**
+
+If none found: "\u2705 No security vulnerabilities detected"`;
   }
   loadContextFiles() {
     const parts = [];

package/dist/{task-orchestrator-C472QXTJ.js → task-orchestrator-4N5UUA6L.js}

@@ -4,10 +4,11 @@ import {
   getDangerLevel,
   googleSearchContext,
   truncateOutput
-} from "./chunk-PDVX5QJA.js";
+} from "./chunk-5GZQLJAY.js";
+import "./chunk-4BKXL7SM.js";
 import {
   SUBAGENT_ALLOWED_TOOLS
-} from "./chunk-UA4BVWKV.js";
+} from "./chunk-AHH5I2U6.js";
 
 // src/hub/task-orchestrator.ts
 import { createInterface } from "readline";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.4.24",
+  "version": "0.4.26",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",