npm - kiosapi - Versions diffs - 0.1.16 → 0.1.18 - Mend

kiosapi 0.1.16 → 0.1.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/agent/run.js CHANGED Viewed

@@ -89,8 +89,27 @@ export function loadCheckpoint() {
         return null;
     try {
         const data = JSON.parse(readFileSync(CHECKPOINT_PATH, 'utf8'));
+        // Sanitize messages from older checkpoint formats:
+        //  - Strip extra system messages (index > 0): pre-v0.1.17 auto-inject pushed a second
+        //    {role:'system'} that some providers reject when they appear mid-conversation.
+        //  - Null out content when tool_calls are present: strict OpenAI-compat providers (DeepSeek
+        //    etc.) require content:null on assistant tool-call turns; old checkpoints stored the
+        //    prefacing text alongside tool_calls which caused HTTP 400 on the next API call.
+        const [sys0, ...rest] = data.messages ?? [];
+        const sanitized = [
+            ...(sys0 ? [sys0] : []),
+            ...rest
+                .filter((m) => m.role !== 'system')
+                .map((m) => {
+                if (m.role === 'assistant' && m.tool_calls?.length) {
+                    return { ...m, content: null };
+                }
+                return m;
+            }),
+        ];
         return {
             ...data,
+            messages: sanitized,
             teamModels: data.teamModels ?? {},
             totalTokens: data.totalTokens ?? 0,
         };
@@ -373,30 +392,41 @@ export function undoLastTurn(s) {
  * agent's final text (last answer or the `selesai` summary) — useful for chaining agents in a team.
  */
 export async function runTurn(s, userText) {
-    // On the very first turn of a fresh session, auto-inject project metadata so the model
-    // starts oriented without needing to call daftar_file(".") for basic orientation.
-    // Injected: root directory tree + key manifest files (package.json, README, etc.).
+    // On the very first turn of a fresh session, append a compact project snapshot to the
+    // existing system message so the model starts oriented without calling daftar_file(".").
+    // DESIGN CONSTRAINTS:
+    //  - APPEND, never push a second system message (some providers reject role:'system' at idx>0)
+    //  - Keep total injected content small: free-tier models (Workers AI llama etc.) have 8K token
+    //    context windows; a fat system message plus a few tool results fills it up fast, causing the
+    //    upstream to return HTTP 400. Depth-2 tree (~1-2KB) is enough for high-level orientation.
     if (s.messages.filter((m) => m.role === 'user').length === 0) {
         const snippets = [];
+        // Depth 2 (not 3): shows top-level dirs + their immediate contents — enough to orient without
+        // producing 300 lines that consume half a small model's context window.
         try {
-            snippets.push(`<root-directory>\n${daftarFile('.')}\n</root-directory>`);
+            snippets.push(`<root-directory>\n${daftarFile('.', 2)}\n</root-directory>`);
         }
         catch { /* ignore */ }
-        for (const f of ['package.json', 'pyproject.toml', 'Cargo.toml', 'go.mod', 'README.md']) {
+        for (const f of ['package.json', 'pyproject.toml', 'Cargo.toml', 'go.mod']) {
             const abs = join(process.cwd(), f);
             if (existsSync(abs)) {
                 try {
                     const content = readFileSync(abs, 'utf8');
-                    snippets.push(`<file path="${f}">\n${content.slice(0, 4000)}\n</file>`);
+                    // 1500 chars: enough for name/scripts/deps, not the full lockfile prose
+                    snippets.push(`<file path="${f}">\n${content.slice(0, 1_500)}\n</file>`);
                 }
                 catch { /* unreadable — skip */ }
             }
         }
         if (snippets.length > 0) {
-            s.messages.push({
-                role: 'system',
-                content: `## Konteks Proyek (auto-injected — jangan panggil daftar_file(".") lagi)\n${snippets.join('\n\n')}`,
-            });
+            const sysMsg = s.messages[0];
+            if (sysMsg?.role === 'system') {
+                // Hard cap: keep total injected context under 5KB so the system message stays manageable.
+                const joined = snippets.join('\n\n');
+                const capped = joined.length > 5_000 ? `${joined.slice(0, 5_000)}\n…` : joined;
+                sysMsg.content +=
+                    `\n\n## Konteks Proyek\n${capped}`;
+            }
         }
     }
     s.messages.push({ role: 'user', content: userText });
@@ -452,7 +482,13 @@ export async function runTurn(s, userText) {
         // (null content + no tool_calls) can appear from a truncated stream or a reasoning-only
         // step; pushing it corrupts the history and causes providers to reject subsequent calls.
         if (reply.content !== null || calls.length > 0) {
-            s.messages.push({ role: 'assistant', content: reply.content, tool_calls: reply.tool_calls });
+            // When tool_calls are present, set content to null regardless of what text the model
+            // prefaced the call with. The text was already streamed to the user via onText; keeping
+            // it in history causes strict OpenAI-compat providers (DeepSeek, Workers AI, etc.) to
+            // return HTTP 400 on the next call because they require content: null when tool_calls
+            // is non-empty. Anthropic also works correctly with null here.
+            const storedContent = calls.length > 0 ? null : reply.content;
+            s.messages.push({ role: 'assistant', content: storedContent, tool_calls: reply.tool_calls });
         }
         if (reply.content)
             lastText = reply.content;
@@ -519,11 +555,19 @@ export async function runTurn(s, userText) {
                 continue;
             }
             const result = await runTool(call, s.otomatis, s.model);
-            s.messages.push({ role: 'tool', content: result.output, tool_call_id: call.id });
+            // Cap what goes into the conversation history: full output can be 300 lines of directory
+            // listing or 100 KB of file content, which quickly overflows small-context-window models
+            // (Workers AI llama has ~8K token limit). The full result is already returned by runTool;
+            // truncating only the *stored* copy keeps the API payload manageable without losing info.
+            const MAX_STORED_RESULT = 5_000;
+            const stored = result.output.length > MAX_STORED_RESULT
+                ? `${result.output.slice(0, MAX_STORED_RESULT)}\n…[dipotong — gunakan path/range spesifik jika perlu lebih]`
+                : result.output;
+            s.messages.push({ role: 'tool', content: stored, tool_call_id: call.id });
             if (result.modifiedPath)
                 stepModified.add(result.modifiedPath);
             if (READ_ONLY_TOOLS.has(call.function.name))
-                toolCache.set(sig, result.output);
+                toolCache.set(sig, stored);
             if (result.done) {
                 if (stepModified.size > 0)
                     console.log(dim(`  ✎ ${[...stepModified].join(' · ')}`));

package/dist/agent/schemas.js CHANGED Viewed

@@ -22,10 +22,8 @@ const TOOLS = {
                 properties: {
                     path: { type: 'string', description: 'Path folder (default ".")' },
                     kedalaman: {
-                        type: 'integer',
-                        description: 'Kedalaman tree (1–5). Default: 3 untuk ".", 1 untuk subfolder.',
-                        minimum: 1,
-                        maximum: 5,
+                        type: 'number',
+                        description: 'Kedalaman tree 1–5. Default: 3 untuk ".", 1 untuk subfolder.',
                     },
                 },
             },
@@ -200,7 +198,8 @@ Direktori kerja: ${process.cwd()}
 OS: ${osName} · ${shellNote}
 Aturan:
 - Bekerja langkah demi langkah: pakai tool untuk membaca sebelum mengubah.
-- Strategi eksplorasi: daftar_file(".") sudah tersedia di konteks awal — identifikasi file yang relevan LANGSUNG, lalu baca dengan baca_file. Jangan ulangi daftar_file pada path yang sama.
+- Strategi eksplorasi: struktur root tersedia di konteks awal — identifikasi subfolder relevan LANGSUNG, lalu baca dengan baca_file. Jangan ulangi daftar_file pada path yang sama.
+- Kedalaman daftar_file: gunakan kedalaman=2 (default) untuk subfolder besar. Kedalaman=3 hanya jika kamu sudah tahu folder itu kecil. JANGAN gunakan kedalaman=4+ kecuali diminta eksplisit.
 - JANGAN memanggil tool APAPUN dengan argumen identik lebih dari 1× dalam satu sesi. Jika tool mengembalikan peringatan cache "⚠", langsung ganti ke path atau argumen BERBEDA.
 - Path selalu relatif ke direktori kerja; akses ke luar ditolak.
 - Gunakan hapus_file/pindah_file untuk menghapus/memindahkan file (lebih aman dari jalankan del/rm).

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "kiosapi",
-  "version": "0.1.16",
+  "version": "0.1.18",
   "type": "module",
   "description": "CLI Kiosapi.id berbahasa Indonesia — bangun aplikasimu pakai API key Kiosapi (agen + multimodal).",
   "keywords": [