jinzd-ai-cli 0.4.87 → 0.4.88

package/dist/{batch-FNHSLCMV.js → batch-7XCYSPJU.js}

@@ -1,9 +1,9 @@
 #!/usr/bin/env node
 import {
   ConfigManager
-} from "./chunk-Y75YPB5F.js";
+} from "./chunk-QT2KNL3V.js";
 import "./chunk-2ZD3YTVM.js";
-import "./chunk-BAOIXQHD.js";
+import "./chunk-VGXNE37B.js";
 
 // src/cli/batch.ts
 import Anthropic from "@anthropic-ai/sdk";

package/dist/{chunk-3DGNN4RM.js → chunk-L3MBIO36.js}

@@ -2,7 +2,7 @@
 import {
   schemaToJsonSchema,
   truncateForPersist
-} from "./chunk-SP6RFAKW.js";
+} from "./chunk-YDHIU24C.js";
 import {
   AuthError,
   ProviderError,
@@ -18,7 +18,7 @@ import {
   MCP_PROTOCOL_VERSION,
   MCP_TOOL_PREFIX,
   VERSION
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/providers/claude.ts
 import Anthropic from "@anthropic-ai/sdk";
@@ -2655,6 +2655,108 @@ var Session = class _Session {
   }
 };
 
+// src/security/redactor.ts
+var DEFAULT_PATTERNS = [
+  // password: xxx / password = xxx / password="xxx"
+  // Covers YAML / JSON / shell-ish / env-file forms.
+  { kind: "password", regex: /\b(password|passwd|pwd)\s*[:=]\s*["']?([^\s"',;{}]{4,200})["']?/gi },
+  // PGPASSWORD=xxx (explicit bash env-var form, separate rule because no quotes usually)
+  { kind: "pgpassword-env", regex: /\b(PGPASSWORD)=([^\s"']{4,200})/g },
+  // JDBC/PG/MySQL/Mongo connection strings with inline credentials
+  // postgresql://user:pass@host/db → redact pass
+  { kind: "db-uri-password", regex: /(\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis|amqp|mssql):\/\/[^:\s]+:)([^@\s]+)(@)/gi },
+  // Anthropic API keys
+  { kind: "anthropic-key", regex: /(sk-ant-[a-zA-Z0-9_-]{90,})/g },
+  // OpenAI / generic sk- keys — requires length ≥32 to avoid eating short identifiers
+  { kind: "openai-key", regex: /(sk-(?:proj-)?[a-zA-Z0-9_-]{32,})/g },
+  // GitHub personal access tokens
+  { kind: "github-pat", regex: /\b(ghp_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-oauth", regex: /\b(gho_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-install", regex: /\b(ghs_[a-zA-Z0-9]{36})\b/g },
+  // Slack tokens
+  { kind: "slack-bot", regex: /\b(xoxb-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  { kind: "slack-user", regex: /\b(xoxp-\d+-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  // AWS access key IDs (AKIA...) and secret access keys are context-dependent;
+  // we only catch the ID because secret key alone is indistinguishable from random base64.
+  { kind: "aws-access-key-id", regex: /\b(AKIA[0-9A-Z]{16})\b/g },
+  // Google API keys
+  { kind: "google-api-key", regex: /\b(AIza[0-9A-Za-z_-]{35})\b/g },
+  // Generic "api_key": "..." / "apiKey": "..." / api-key=xxx
+  { kind: "api-key", regex: /\b(api[_-]?key)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{16,200})["']?/gi },
+  // Generic token: xxx (only when value looks token-shaped; avoids eating human prose)
+  { kind: "token", regex: /\b(token|access[_-]?token|bearer[_-]?token)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{20,300})["']?/gi },
+  // Bearer <token> in Authorization headers
+  { kind: "bearer", regex: /\b(Authorization:\s*Bearer\s+)([a-zA-Z0-9_\-.=]{20,500})/g },
+  // Private key PEM blocks — catch the header+footer together
+  { kind: "private-key", regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g }
+];
+function render(placeholder, kind) {
+  return placeholder.replace("{kind}", kind);
+}
+function redactString(input, options) {
+  if (!options.enabled || !input) return { redacted: input, hits: [] };
+  const placeholder = options.placeholder ?? "[REDACTED:{kind}]";
+  const patterns = [
+    ...options.patterns ?? DEFAULT_PATTERNS,
+    ...(options.customRegexes ?? []).flatMap((src, i) => {
+      try {
+        const flags = src.match(/^\/.*\/([gimsuy]*)$/)?.[1] ?? "";
+        const body = src.replace(/^\/(.*)\/[gimsuy]*$/, "$1");
+        const regex = new RegExp(body, flags.includes("g") ? flags : flags + "g");
+        return [{ kind: `custom-${i}`, regex }];
+      } catch {
+        return [];
+      }
+    })
+  ];
+  let redacted = input;
+  const hits = [];
+  for (const { kind, regex } of patterns) {
+    const rx = new RegExp(regex.source, regex.flags);
+    redacted = redacted.replace(rx, (...args) => {
+      const match = args[0];
+      const probe = new RegExp(rx.source).exec(match);
+      const captureCount = probe ? probe.length - 1 : 0;
+      const g1 = captureCount >= 1 ? args[1] : void 0;
+      const g2 = captureCount >= 2 ? args[2] : void 0;
+      const offset = args[1 + captureCount];
+      if (captureCount >= 2 && typeof g2 === "string") {
+        hits.push({ kind, start: offset + (g1?.length ?? 0), length: g2.length, secret: g2 });
+        return `${g1}${render(placeholder, kind)}`;
+      }
+      hits.push({ kind, start: offset, length: match.length, secret: g1 ?? match });
+      return render(placeholder, kind);
+    });
+  }
+  return { redacted, hits };
+}
+function redactJson(value, options) {
+  if (!options.enabled) return { value, hits: [] };
+  const allHits = [];
+  function walk(v) {
+    if (typeof v === "string") {
+      const r = redactString(v, options);
+      allHits.push(...r.hits);
+      return r.redacted;
+    }
+    if (Array.isArray(v)) return v.map(walk);
+    if (v && typeof v === "object") {
+      const out = {};
+      for (const [k, vv] of Object.entries(v)) {
+        out[k] = walk(vv);
+      }
+      return out;
+    }
+    return v;
+  }
+  const redacted = walk(value);
+  return { value: redacted, hits: allHits };
+}
+function scanString(input, options) {
+  const { hits } = redactString(input, { ...options, enabled: true });
+  return hits;
+}
+
 // src/session/session-manager.ts
 function safeDate(value) {
   const d = new Date(value);
@@ -2668,9 +2770,27 @@ function extractJsonField(header, field) {
 var SessionManager = class {
   _current = null;
   historyDir;
+  config;
+  /** Last save's redaction hit count — exposed for /security status reporting */
+  lastRedactionHits = 0;
   constructor(config) {
+    this.config = config;
     this.historyDir = config.getHistoryDir();
   }
+  /**
+   * Build redaction options from config. Returns `{ enabled: false }` when
+   * `security.redactOnSave` is off or `security.mode` is 'off'.
+   */
+  redactOptionsForSave() {
+    const security = this.config.get("security");
+    if (!security || !security.redactOnSave || security.mode === "off") {
+      return { enabled: false };
+    }
+    return {
+      enabled: true,
+      customRegexes: security.customPatterns ?? []
+    };
+  }
   get current() {
     return this._current;
   }
@@ -2696,8 +2816,12 @@ var SessionManager = class {
     if (!this._current) return;
     mkdirSync(this.historyDir, { recursive: true });
     const filePath = join(this.historyDir, `${this._current.id}.json`);
+    const raw = this._current.toJSON();
+    const opts = this.redactOptionsForSave();
+    const { value: payload, hits } = redactJson(raw, opts);
+    this.lastRedactionHits = hits.length;
     const tmpPath = filePath + ".tmp";
-    writeFileSync(tmpPath, JSON.stringify(this._current.toJSON(), null, 2), "utf-8");
+    writeFileSync(tmpPath, JSON.stringify(payload, null, 2), "utf-8");
     renameSync(tmpPath, filePath);
   }
   loadSession(id) {
@@ -3975,6 +4099,8 @@ export {
   buildPhantomCorrectionMessage,
   ProviderRegistry,
   getContentText,
+  DEFAULT_PATTERNS,
+  scanString,
   SessionManager,
   getGitRoot,
   getGitContext,

package/dist/{chunk-AQX3GYRD.js → chunk-P6EQZKKG.js}

@@ -6,7 +6,7 @@ import { platform } from "os";
 import chalk from "chalk";
 
 // src/core/constants.ts
-var VERSION = "0.4.87";
+var VERSION = "0.4.88";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-Y75YPB5F.js → chunk-QT2KNL3V.js}

@@ -8,7 +8,7 @@ import {
   CONFIG_FILE_NAME,
   HISTORY_DIR_NAME,
   PLUGINS_DIR_NAME
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/config/config-manager.ts
 import { readFileSync, writeFileSync, existsSync, mkdirSync } from "fs";
@@ -179,6 +179,24 @@ var ConfigSchema = z.object({
   // 必须确认插件来源可信后，再设为 true 启用。
   // 可通过 /config 命令或直接编辑 ~/.aicli/config.json 开启。
   allowPlugins: z.boolean().default(false),
+  // 敏感信息脱敏（v0.4.88+，2026-04 凭据泄漏事件后引入）
+  // 会话保存到磁盘 / 发送给 Provider 前，自动将 API key、密码、PEM 私钥等
+  // 按正则替换为 [REDACTED:kind] 占位符。模式定义在 src/security/redactor.ts。
+  //
+  // redactOnSave 默认 true：保存到 ~/.aicli/history/*.json 时脱敏（推荐开启）
+  // redactOnSend 默认 false：发送到 Provider 时脱敏（激进，可能影响工具结果）
+  // mode:
+  //   'default' — 使用内置 13 条模式（推荐）
+  //   'strict'  — 同 default，但阈值更低（更激进，可能误报）
+  //   'off'     — 禁用所有模式（等同 redactOnSave=false）
+  // customPatterns — 用户补充正则字符串（支持 /pattern/flags 形式），
+  //                  无效正则会静默跳过，不会中断保存。
+  security: z.object({
+    redactOnSave: z.boolean().default(true),
+    redactOnSend: z.boolean().default(false),
+    mode: z.enum(["default", "strict", "off"]).default("default"),
+    customPatterns: z.array(z.string()).default([])
+  }).default({}),
   // 智能模型路由（v0.4.68+）
   // 按用户每轮输入的内容/标签/长度动态选择模型，在同一 provider 内切换，
   // 例：短问题走 haiku（省钱），planning 走 opus（质量）。

package/dist/{chunk-TFLBQRQM.js → chunk-V3NMERIB.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 import {
   TEST_TIMEOUT
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/tools/builtin/run-tests.ts
 import { execSync } from "child_process";

package/dist/{chunk-BAOIXQHD.js → chunk-VGXNE37B.js}

@@ -1,7 +1,7 @@
 #!/usr/bin/env node
 
 // src/core/constants.ts
-var VERSION = "0.4.87";
+var VERSION = "0.4.88";
 var APP_NAME = "ai-cli";
 var CONFIG_DIR_NAME = ".aicli";
 var CONFIG_FILE_NAME = "config.json";

package/dist/{chunk-SP6RFAKW.js → chunk-YDHIU24C.js}

@@ -19,7 +19,7 @@ import {
 } from "./chunk-6VRJGH25.js";
 import {
   runTestsTool
-} from "./chunk-TFLBQRQM.js";
+} from "./chunk-V3NMERIB.js";
 import {
   CONFIG_DIR_NAME,
   DEFAULT_MAX_TOOL_OUTPUT_CHARS_CAP,
@@ -27,7 +27,7 @@ import {
   SUBAGENT_ALLOWED_TOOLS,
   SUBAGENT_DEFAULT_MAX_ROUNDS,
   SUBAGENT_MAX_ROUNDS_LIMIT
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/tools/types.ts
 function isFileWriteTool(name) {

package/dist/electron-server.js

@@ -36,7 +36,7 @@ import {
   VERSION,
   buildUserIdentityPrompt,
   runTestsTool
-} from "./chunk-AQX3GYRD.js";
+} from "./chunk-P6EQZKKG.js";
 import {
   hasSemanticIndex,
   semanticSearch
@@ -223,6 +223,24 @@ var ConfigSchema = z.object({
   // 必须确认插件来源可信后，再设为 true 启用。
   // 可通过 /config 命令或直接编辑 ~/.aicli/config.json 开启。
   allowPlugins: z.boolean().default(false),
+  // 敏感信息脱敏（v0.4.88+，2026-04 凭据泄漏事件后引入）
+  // 会话保存到磁盘 / 发送给 Provider 前，自动将 API key、密码、PEM 私钥等
+  // 按正则替换为 [REDACTED:kind] 占位符。模式定义在 src/security/redactor.ts。
+  //
+  // redactOnSave 默认 true：保存到 ~/.aicli/history/*.json 时脱敏（推荐开启）
+  // redactOnSend 默认 false：发送到 Provider 时脱敏（激进，可能影响工具结果）
+  // mode:
+  //   'default' — 使用内置 13 条模式（推荐）
+  //   'strict'  — 同 default，但阈值更低（更激进，可能误报）
+  //   'off'     — 禁用所有模式（等同 redactOnSave=false）
+  // customPatterns — 用户补充正则字符串（支持 /pattern/flags 形式），
+  //                  无效正则会静默跳过，不会中断保存。
+  security: z.object({
+    redactOnSave: z.boolean().default(true),
+    redactOnSend: z.boolean().default(false),
+    mode: z.enum(["default", "strict", "off"]).default("default"),
+    customPatterns: z.array(z.string()).default([])
+  }).default({}),
   // 智能模型路由（v0.4.68+）
   // 按用户每轮输入的内容/标签/长度动态选择模型，在同一 provider 内切换，
   // 例：短问题走 haiku（省钱），planning 走 opus（质量）。
@@ -3036,6 +3054,104 @@ var Session = class _Session {
   }
 };
 
+// src/security/redactor.ts
+var DEFAULT_PATTERNS = [
+  // password: xxx / password = xxx / password="xxx"
+  // Covers YAML / JSON / shell-ish / env-file forms.
+  { kind: "password", regex: /\b(password|passwd|pwd)\s*[:=]\s*["']?([^\s"',;{}]{4,200})["']?/gi },
+  // PGPASSWORD=xxx (explicit bash env-var form, separate rule because no quotes usually)
+  { kind: "pgpassword-env", regex: /\b(PGPASSWORD)=([^\s"']{4,200})/g },
+  // JDBC/PG/MySQL/Mongo connection strings with inline credentials
+  // postgresql://user:pass@host/db → redact pass
+  { kind: "db-uri-password", regex: /(\b(?:postgres(?:ql)?|mysql|mongodb(?:\+srv)?|redis|amqp|mssql):\/\/[^:\s]+:)([^@\s]+)(@)/gi },
+  // Anthropic API keys
+  { kind: "anthropic-key", regex: /(sk-ant-[a-zA-Z0-9_-]{90,})/g },
+  // OpenAI / generic sk- keys — requires length ≥32 to avoid eating short identifiers
+  { kind: "openai-key", regex: /(sk-(?:proj-)?[a-zA-Z0-9_-]{32,})/g },
+  // GitHub personal access tokens
+  { kind: "github-pat", regex: /\b(ghp_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-oauth", regex: /\b(gho_[a-zA-Z0-9]{36})\b/g },
+  { kind: "github-install", regex: /\b(ghs_[a-zA-Z0-9]{36})\b/g },
+  // Slack tokens
+  { kind: "slack-bot", regex: /\b(xoxb-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  { kind: "slack-user", regex: /\b(xoxp-\d+-\d+-\d+-[a-zA-Z0-9]+)\b/g },
+  // AWS access key IDs (AKIA...) and secret access keys are context-dependent;
+  // we only catch the ID because secret key alone is indistinguishable from random base64.
+  { kind: "aws-access-key-id", regex: /\b(AKIA[0-9A-Z]{16})\b/g },
+  // Google API keys
+  { kind: "google-api-key", regex: /\b(AIza[0-9A-Za-z_-]{35})\b/g },
+  // Generic "api_key": "..." / "apiKey": "..." / api-key=xxx
+  { kind: "api-key", regex: /\b(api[_-]?key)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{16,200})["']?/gi },
+  // Generic token: xxx (only when value looks token-shaped; avoids eating human prose)
+  { kind: "token", regex: /\b(token|access[_-]?token|bearer[_-]?token)\s*[:=]\s*["']?([a-zA-Z0-9_\-.]{20,300})["']?/gi },
+  // Bearer <token> in Authorization headers
+  { kind: "bearer", regex: /\b(Authorization:\s*Bearer\s+)([a-zA-Z0-9_\-.=]{20,500})/g },
+  // Private key PEM blocks — catch the header+footer together
+  { kind: "private-key", regex: /-----BEGIN [A-Z ]*PRIVATE KEY-----[\s\S]*?-----END [A-Z ]*PRIVATE KEY-----/g }
+];
+function render(placeholder, kind) {
+  return placeholder.replace("{kind}", kind);
+}
+function redactString(input, options) {
+  if (!options.enabled || !input) return { redacted: input, hits: [] };
+  const placeholder = options.placeholder ?? "[REDACTED:{kind}]";
+  const patterns = [
+    ...options.patterns ?? DEFAULT_PATTERNS,
+    ...(options.customRegexes ?? []).flatMap((src, i) => {
+      try {
+        const flags = src.match(/^\/.*\/([gimsuy]*)$/)?.[1] ?? "";
+        const body = src.replace(/^\/(.*)\/[gimsuy]*$/, "$1");
+        const regex = new RegExp(body, flags.includes("g") ? flags : flags + "g");
+        return [{ kind: `custom-${i}`, regex }];
+      } catch {
+        return [];
+      }
+    })
+  ];
+  let redacted = input;
+  const hits = [];
+  for (const { kind, regex } of patterns) {
+    const rx = new RegExp(regex.source, regex.flags);
+    redacted = redacted.replace(rx, (...args) => {
+      const match = args[0];
+      const probe = new RegExp(rx.source).exec(match);
+      const captureCount = probe ? probe.length - 1 : 0;
+      const g1 = captureCount >= 1 ? args[1] : void 0;
+      const g2 = captureCount >= 2 ? args[2] : void 0;
+      const offset = args[1 + captureCount];
+      if (captureCount >= 2 && typeof g2 === "string") {
+        hits.push({ kind, start: offset + (g1?.length ?? 0), length: g2.length, secret: g2 });
+        return `${g1}${render(placeholder, kind)}`;
+      }
+      hits.push({ kind, start: offset, length: match.length, secret: g1 ?? match });
+      return render(placeholder, kind);
+    });
+  }
+  return { redacted, hits };
+}
+function redactJson(value, options) {
+  if (!options.enabled) return { value, hits: [] };
+  const allHits = [];
+  function walk(v) {
+    if (typeof v === "string") {
+      const r = redactString(v, options);
+      allHits.push(...r.hits);
+      return r.redacted;
+    }
+    if (Array.isArray(v)) return v.map(walk);
+    if (v && typeof v === "object") {
+      const out = {};
+      for (const [k, vv] of Object.entries(v)) {
+        out[k] = walk(vv);
+      }
+      return out;
+    }
+    return v;
+  }
+  const redacted = walk(value);
+  return { value: redacted, hits: allHits };
+}
+
 // src/session/session-manager.ts
 function safeDate(value) {
   const d = new Date(value);
@@ -3049,9 +3165,27 @@ function extractJsonField(header, field) {
 var SessionManager = class {
   _current = null;
   historyDir;
+  config;
+  /** Last save's redaction hit count — exposed for /security status reporting */
+  lastRedactionHits = 0;
   constructor(config) {
+    this.config = config;
     this.historyDir = config.getHistoryDir();
   }
+  /**
+   * Build redaction options from config. Returns `{ enabled: false }` when
+   * `security.redactOnSave` is off or `security.mode` is 'off'.
+   */
+  redactOptionsForSave() {
+    const security = this.config.get("security");
+    if (!security || !security.redactOnSave || security.mode === "off") {
+      return { enabled: false };
+    }
+    return {
+      enabled: true,
+      customRegexes: security.customPatterns ?? []
+    };
+  }
   get current() {
     return this._current;
   }
@@ -3077,8 +3211,12 @@ var SessionManager = class {
     if (!this._current) return;
     mkdirSync2(this.historyDir, { recursive: true });
     const filePath = join2(this.historyDir, `${this._current.id}.json`);
+    const raw = this._current.toJSON();
+    const opts = this.redactOptionsForSave();
+    const { value: payload, hits } = redactJson(raw, opts);
+    this.lastRedactionHits = hits.length;
     const tmpPath = filePath + ".tmp";
-    writeFileSync2(tmpPath, JSON.stringify(this._current.toJSON(), null, 2), "utf-8");
+    writeFileSync2(tmpPath, JSON.stringify(payload, null, 2), "utf-8");
     renameSync(tmpPath, filePath);
   }
   loadSession(id) {
@@ -11108,7 +11246,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-P7GIZ6UH.js");
+          const { executeTests } = await import("./run-tests-JVWIGY7P.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {

package/dist/{hub-HEC4GYKR.js → hub-IR4INXSU.js}

@@ -385,7 +385,7 @@ ${content}`);
   }
 }
 async function runTaskMode(config, providers, configManager, topic) {
-  const { TaskOrchestrator } = await import("./task-orchestrator-36SFPCP7.js");
+  const { TaskOrchestrator } = await import("./task-orchestrator-6MI6LD7T.js");
   const orchestrator = new TaskOrchestrator(config, providers, configManager);
   let interrupted = false;
   const onSigint = () => {

package/dist/index.js

@@ -1,5 +1,6 @@
 #!/usr/bin/env node
 import {
+  DEFAULT_PATTERNS,
   HALLUCINATION_CORRECTION_MESSAGE,
   McpManager,
   ProviderRegistry,
@@ -28,12 +29,13 @@ import {
   persistToolRound,
   rebuildExtraMessages,
   saveDevState,
+  scanString,
   sessionHasMeaningfulContent,
   setupProxy
-} from "./chunk-3DGNN4RM.js";
+} from "./chunk-L3MBIO36.js";
 import {
   ConfigManager
-} from "./chunk-Y75YPB5F.js";
+} from "./chunk-QT2KNL3V.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -49,7 +51,7 @@ import {
   spawnAgentContext,
   theme,
   undoStack
-} from "./chunk-SP6RFAKW.js";
+} from "./chunk-YDHIU24C.js";
 import "./chunk-2ZD3YTVM.js";
 import {
   fileCheckpoints
@@ -58,7 +60,7 @@ import "./chunk-NHNWUBXB.js";
 import "./chunk-CQQQFNND.js";
 import "./chunk-6VRJGH25.js";
 import "./chunk-PFYAAX2S.js";
-import "./chunk-TFLBQRQM.js";
+import "./chunk-V3NMERIB.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -80,7 +82,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/index.ts
 import { program } from "commander";
@@ -980,6 +982,7 @@ function createDefaultCommands() {
           "  /fork [checkpoint]       - Fork session from checkpoint or current position",
           "  /branch [list|new|switch|delete|rename|diff|cherry-pick] - Manage conversation branches (fork tree, cross-branch picks)",
           "  /index [status|rebuild|clear|semantic-rebuild|semantic-clear] - Symbol + semantic index (find_symbol / search_code)",
+          "  /security [status|scan|on|off] - Sensitive-data redaction status & session scan",
           "  /yolo [on|off]           - Toggle session auto-approve (skip confirmations)",
           "  /exit                    - Exit"
         ] : [];
@@ -2592,7 +2595,7 @@ ${hint}` : "")
       usage: "/test [command|filter]",
       async execute(args, ctx) {
         try {
-          const { executeTests } = await import("./run-tests-7PTRRO4D.js");
+          const { executeTests } = await import("./run-tests-FQHDUYOG.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {
@@ -3031,6 +3034,94 @@ Summary: ${fileMap.size} file(s) \u2014 ${newFiles} new, ${modifiedFiles} modifi
         }
       }
     },
+    {
+      name: "security",
+      description: "Sensitive-data redaction \u2014 status, scan sessions, toggle on/off",
+      usage: "/security [status|scan [--all]|on|off]",
+      async execute(args, ctx) {
+        const sub = (args[0] || "status").toLowerCase();
+        const security = ctx.config.get("security") ?? {
+          redactOnSave: true,
+          redactOnSend: false,
+          mode: "default",
+          customPatterns: []
+        };
+        if (sub === "status") {
+          console.log(theme.heading("  \u{1F6E1}  Security / Redaction"));
+          console.log(`    redactOnSave : ${security.redactOnSave ? theme.success("on") : theme.warning("off")}`);
+          console.log(`    redactOnSend : ${security.redactOnSend ? theme.success("on") : theme.dim("off")}`);
+          console.log(`    mode         : ${security.mode}`);
+          console.log(`    patterns     : ${DEFAULT_PATTERNS.length} built-in + ${security.customPatterns?.length ?? 0} custom`);
+          console.log(`    last save    : ${ctx.sessions.lastRedactionHits} hit(s) redacted`);
+          console.log();
+          console.log(theme.dim("    /security scan         \u2014 scan current session for leaks"));
+          console.log(theme.dim("    /security scan --all   \u2014 scan all saved sessions"));
+          console.log(theme.dim("    /security on|off       \u2014 toggle redactOnSave"));
+          console.log();
+          return;
+        }
+        if (sub === "on" || sub === "off") {
+          ctx.config.set("security", { ...security, redactOnSave: sub === "on" });
+          console.log(theme.success(`  \u2713 redactOnSave = ${sub}`));
+          console.log();
+          return;
+        }
+        if (sub === "scan") {
+          const scanAll = args.includes("--all");
+          const opts = { customRegexes: security.customPatterns ?? [] };
+          let totalHits = 0;
+          let filesWithHits = 0;
+          if (scanAll) {
+            const metas = ctx.sessions.listSessions();
+            console.log(theme.info(`  Scanning ${metas.length} session(s)\u2026`));
+            const { readFileSync: readFileSync5 } = await import("fs");
+            const { join: join6 } = await import("path");
+            const historyDir = ctx.config.getHistoryDir();
+            for (const m of metas) {
+              try {
+                const content = readFileSync5(join6(historyDir, `${m.id}.json`), "utf-8");
+                const hits2 = scanString(content, opts);
+                if (hits2.length) {
+                  filesWithHits++;
+                  totalHits += hits2.length;
+                  const kinds = [...new Set(hits2.map((h) => h.kind))].join(", ");
+                  console.log(`    ${theme.warning("\u26A0")} ${m.id.slice(0, 8)}\u2026 ${theme.dim(m.title || "")} \u2014 ${hits2.length} hit(s) [${kinds}]`);
+                }
+              } catch {
+              }
+            }
+            console.log();
+            console.log(
+              totalHits === 0 ? theme.success(`  \u2713 No secrets found in ${metas.length} session(s).`) : theme.warning(`  Found ${totalHits} hit(s) across ${filesWithHits} session(s). Re-save them with redactOnSave=on to sanitize.`)
+            );
+            console.log();
+            return;
+          }
+          const current = ctx.sessions.current;
+          if (!current) {
+            console.log(theme.warning("  No active session to scan."));
+            console.log();
+            return;
+          }
+          const json = JSON.stringify(current.toJSON());
+          const hits = scanString(json, opts);
+          if (hits.length === 0) {
+            console.log(theme.success("  \u2713 Current session: no secrets detected."));
+          } else {
+            const byKind = /* @__PURE__ */ new Map();
+            for (const h of hits) byKind.set(h.kind, (byKind.get(h.kind) ?? 0) + 1);
+            console.log(theme.warning(`  \u26A0 Current session: ${hits.length} hit(s)`));
+            for (const [k, n] of byKind) console.log(`    \u2022 ${k}: ${n}`);
+            console.log(theme.dim("    (save the session to replace them with placeholders)"));
+          }
+          console.log();
+          return;
+        }
+        console.log(theme.error(`  Unknown subcommand: ${sub}`));
+        console.log(theme.dim("  Usage: /security [status|scan [--all]|on|off]"));
+        console.log();
+      }
+    },
     {
       name: "yolo",
       description: "Toggle session auto-approve (skip all confirmations)",
@@ -6485,7 +6576,7 @@ program.command("web").description("Start Web UI server with browser-based chat
     console.error("Error: Invalid port number. Must be between 1 and 65535.");
     process.exit(1);
   }
-  const { startWebServer } = await import("./server-TRTN3RVO.js");
+  const { startWebServer } = await import("./server-UWKRV5DK.js");
   await startWebServer({ port, host: options.host });
 });
 program.command("user [action] [username]").description("Manage Web UI users (list | create <name> | delete <name> | reset-password <name> | migrate <name>)").action(async (action, username) => {
@@ -6608,7 +6699,7 @@ program.command("sessions").description("List recent conversation sessions").act
 });
 program.command("batch <action> [arg] [arg2]").description("Anthropic Message Batches: submit | list | status <id> | results <id> [out] | cancel <id>").option("--dry-run", "Parse and validate input without submitting (submit only)").action(async (action, arg, arg2, options) => {
   try {
-    const batch = await import("./batch-FNHSLCMV.js");
+    const batch = await import("./batch-7XCYSPJU.js");
     switch (action) {
       case "submit":
         if (!arg) {
@@ -6651,7 +6742,7 @@ program.command("batch <action> [arg] [arg2]").description("Anthropic Message Ba
   }
 });
 program.command("mcp-serve").description("Start an MCP server over STDIO, exposing aicli's built-in tools to Claude Desktop / Cursor / other MCP clients").option("--allow-destructive", "Allow bash / run_interactive / task_create (always destructive in MCP mode)").option("--allow-outside-cwd", "Allow tool path arguments to escape the sandbox root \u2014 disabled by default").option("--tools <list>", "Comma-separated whitelist of tools to expose (default: all eligible tools)").option("--cwd <path>", "Working directory AND sandbox root (default: current directory)").action(async (options) => {
-  const { startMcpServer } = await import("./server-GJRBVTTQ.js");
+  const { startMcpServer } = await import("./server-HTVVWKFN.js");
   await startMcpServer({
     allowDestructive: !!options.allowDestructive,
     allowOutsideCwd: !!options.allowOutsideCwd,
@@ -6778,7 +6869,7 @@ program.command("hub [topic]").description("Start multi-agent hub (discuss / bra
     }),
     config.get("customProviders")
   );
-  const { startHub } = await import("./hub-HEC4GYKR.js");
+  const { startHub } = await import("./hub-IR4INXSU.js");
   await startHub(
     {
       topic: topic ?? "",

package/dist/{run-tests-7PTRRO4D.js → run-tests-FQHDUYOG.js}

@@ -2,8 +2,8 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-TFLBQRQM.js";
-import "./chunk-BAOIXQHD.js";
+} from "./chunk-V3NMERIB.js";
+import "./chunk-VGXNE37B.js";
 export {
   executeTests,
   runTestsTool

package/dist/{run-tests-P7GIZ6UH.js → run-tests-JVWIGY7P.js}

@@ -1,7 +1,7 @@
 import {
   executeTests,
   runTestsTool
-} from "./chunk-AQX3GYRD.js";
+} from "./chunk-P6EQZKKG.js";
 export {
   executeTests,
   runTestsTool

package/dist/{server-GJRBVTTQ.js → server-HTVVWKFN.js}

@@ -3,17 +3,17 @@ import {
   ToolRegistry,
   getDangerLevel,
   schemaToJsonSchema
-} from "./chunk-SP6RFAKW.js";
+} from "./chunk-YDHIU24C.js";
 import "./chunk-2ZD3YTVM.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-NHNWUBXB.js";
 import "./chunk-CQQQFNND.js";
 import "./chunk-6VRJGH25.js";
 import "./chunk-PFYAAX2S.js";
-import "./chunk-TFLBQRQM.js";
+import "./chunk-V3NMERIB.js";
 import {
   VERSION
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/mcp/server.ts
 import { createInterface } from "readline";

package/dist/{server-TRTN3RVO.js → server-UWKRV5DK.js}

@@ -20,10 +20,10 @@ import {
   persistToolRound,
   rebuildExtraMessages,
   setupProxy
-} from "./chunk-3DGNN4RM.js";
+} from "./chunk-L3MBIO36.js";
 import {
   ConfigManager
-} from "./chunk-Y75YPB5F.js";
+} from "./chunk-QT2KNL3V.js";
 import {
   ToolExecutor,
   ToolRegistry,
@@ -41,14 +41,14 @@ import {
   spawnAgentContext,
   truncateOutput,
   undoStack
-} from "./chunk-SP6RFAKW.js";
+} from "./chunk-YDHIU24C.js";
 import "./chunk-2ZD3YTVM.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-NHNWUBXB.js";
 import "./chunk-CQQQFNND.js";
 import "./chunk-6VRJGH25.js";
 import "./chunk-PFYAAX2S.js";
-import "./chunk-TFLBQRQM.js";
+import "./chunk-V3NMERIB.js";
 import {
   AGENTIC_BEHAVIOR_GUIDELINE,
   AUTHOR,
@@ -67,7 +67,7 @@ import {
   SKILLS_DIR_NAME,
   VERSION,
   buildUserIdentityPrompt
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 import {
   AuthManager
 } from "./chunk-BYNY5JPB.js";
@@ -2229,7 +2229,7 @@ ${undoResults.map((r) => `  \u2022 ${r}`).join("\n")}` });
       case "test": {
         this.send({ type: "info", message: "\u{1F9EA} Running tests..." });
         try {
-          const { executeTests } = await import("./run-tests-7PTRRO4D.js");
+          const { executeTests } = await import("./run-tests-FQHDUYOG.js");
           const argStr = args.join(" ").trim();
           let testArgs = {};
           if (argStr) {

package/dist/{task-orchestrator-36SFPCP7.js → task-orchestrator-6MI6LD7T.js}

@@ -4,17 +4,17 @@ import {
   getDangerLevel,
   googleSearchContext,
   truncateOutput
-} from "./chunk-SP6RFAKW.js";
+} from "./chunk-YDHIU24C.js";
 import "./chunk-2ZD3YTVM.js";
 import "./chunk-4BKXL7SM.js";
 import "./chunk-NHNWUBXB.js";
 import "./chunk-CQQQFNND.js";
 import "./chunk-6VRJGH25.js";
 import "./chunk-PFYAAX2S.js";
-import "./chunk-TFLBQRQM.js";
+import "./chunk-V3NMERIB.js";
 import {
   SUBAGENT_ALLOWED_TOOLS
-} from "./chunk-BAOIXQHD.js";
+} from "./chunk-VGXNE37B.js";
 
 // src/hub/task-orchestrator.ts
 import { createInterface } from "readline";

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jinzd-ai-cli",
-  "version": "0.4.87",
+  "version": "0.4.88",
   "description": "Cross-platform REPL-style AI CLI with multi-provider support",
   "type": "module",
   "main": "./dist/index.js",