lcagent-cli 0.1.6 → 0.1.8

package/dist/tools/permissions.js

@@ -0,0 +1,105 @@
+import { isAbsolute, normalize, relative, resolve, sep } from 'node:path';
+export const DANGEROUS_FILES = [
+    '.gitconfig',
+    '.gitmodules',
+    '.bashrc',
+    '.bash_profile',
+    '.zshrc',
+    '.zprofile',
+    '.profile',
+    '.mcp.json',
+    '.claude.json',
+];
+export const DANGEROUS_DIRECTORIES = ['.git', '.vscode', '.idea', '.claude'];
+function normalizeCaseForComparison(filePath) {
+    return filePath.toLowerCase();
+}
+function resolveTargetPath(cwd, targetPath) {
+    return isAbsolute(targetPath) ? normalize(targetPath) : normalize(resolve(cwd, targetPath));
+}
+function toDisplayPath(cwd, absolutePath) {
+    const relativePath = relative(cwd, absolutePath);
+    if (!relativePath || relativePath.startsWith(`..${sep}`) || relativePath === '..') {
+        return absolutePath;
+    }
+    return relativePath;
+}
+function isDangerousPath(absolutePath) {
+    const normalizedPath = normalizeCaseForComparison(absolutePath);
+    const pathSegments = normalizedPath.split(/[\\/]+/).filter(Boolean);
+    const fileName = pathSegments[pathSegments.length - 1];
+    if (fileName && DANGEROUS_FILES.includes(fileName)) {
+        return true;
+    }
+    return pathSegments.some(segment => DANGEROUS_DIRECTORIES.includes(segment));
+}
+function extractPatchTarget(patchText) {
+    const lines = patchText.split(/\r?\n/);
+    for (const line of lines) {
+        if (line.startsWith('+++ ') || line.startsWith('--- ')) {
+            const rawPath = line.slice(4).trim();
+            if (!rawPath || rawPath === '/dev/null') {
+                continue;
+            }
+            return rawPath.replace(/^(a|b)\//, '');
+        }
+    }
+    return null;
+}
+function extractCandidateTargets(toolName, input) {
+    if (!input || typeof input !== 'object') {
+        return [];
+    }
+    const record = input;
+    const directPath = [record.path, record.filePath, record.file_path]
+        .find(value => typeof value === 'string' && value.trim().length > 0);
+    if (toolName === 'grep') {
+        const searchPath = [record.path, record.directory]
+            .find(value => typeof value === 'string' && value.trim().length > 0);
+        return searchPath ? [String(searchPath)] : [];
+    }
+    if (toolName === 'run_shell') {
+        return [];
+    }
+    const patchText = [record.patch, record.diff, record.unifiedDiff, record.unified_diff]
+        .find(value => typeof value === 'string' && value.trim().length > 0);
+    const patchPath = typeof patchText === 'string' ? extractPatchTarget(patchText) : null;
+    return [directPath, patchPath].filter((value) => Boolean(value));
+}
+export function buildApprovalRequest(tool, input, context) {
+    if (context.approvalMode === 'auto') {
+        return null;
+    }
+    if (tool.isReadOnly) {
+        return null;
+    }
+    const candidateTargets = extractCandidateTargets(tool.name, input);
+    const absoluteTargets = candidateTargets.map(target => resolveTargetPath(context.cwd, target));
+    const displayTargets = absoluteTargets.map(target => toDisplayPath(context.cwd, target));
+    const hasDangerousTarget = absoluteTargets.some(isDangerousPath);
+    if (tool.name === 'run_shell') {
+        const command = input && typeof input === 'object'
+            ? input.command ?? input.cmd
+            : undefined;
+        return {
+            toolName: tool.name,
+            summary: `Shell execution requested${typeof command === 'string' ? `: ${command}` : '.'}`,
+            reason: 'run_shell can execute arbitrary commands and modify the filesystem or environment.',
+            targets: [],
+            risk: 'high',
+            input,
+        };
+    }
+    return {
+        toolName: tool.name,
+        summary: displayTargets.length > 0
+            ? `Write access requested for ${displayTargets.join(', ')}`
+            : 'Write access requested.',
+        reason: hasDangerousTarget
+            ? 'Target includes a protected configuration or metadata path from the Claude Code-style danger list.'
+            : 'This tool can modify files on disk.',
+        targets: displayTargets,
+        risk: hasDangerousTarget ? 'high' : 'medium',
+        input,
+    };
+}

package/dist/tools/runShell.js

@@ -6,9 +6,60 @@ const inputSchema = z.object({
     command: z.string().min(1).optional(),
     cmd: z.string().min(1).optional(),
 });
+function expandBracePattern(pattern) {
+    const match = pattern.match(/^(.*)\{([^{}]+)\}(.*)$/);
+    if (!match) {
+        return [pattern];
+    }
+    const [, prefix, variants, suffix] = match;
+    return variants
+        .split(',')
+        .flatMap(variant => expandBracePattern(`${prefix}${variant}${suffix}`));
+}
+function tokenizeShellArgs(command) {
+    return command.match(/"[^"]*"|'[^']*'|\S+/g) ?? [];
+}
+function rewriteWindowsMkdirSegment(segment) {
+    const trimmed = segment.trim();
+    const mkdirMatch = trimmed.match(/^mkdir\s+-p\s+(.+)$/i);
+    if (!mkdirMatch) {
+        return segment;
+    }
+    const rawArgs = tokenizeShellArgs(mkdirMatch[1]);
+    const expandedArgs = rawArgs.flatMap(arg => {
+        const unquoted = arg.replace(/^(["'])(.*)\1$/, '$2');
+        return expandBracePattern(unquoted);
+    });
+    if (expandedArgs.length === 0) {
+        return segment;
+    }
+    return expandedArgs
+        .map(path => `mkdir "${path}"`)
+        .join(' && ');
+}
+function normalizeWindowsCommand(command) {
+    const segments = command.split(/\s*&&\s*/);
+    return segments.map(rewriteWindowsMkdirSegment).join(' && ');
+}
+function buildWindowsShellHint(command) {
+    const hints = [];
+    if (/mkdir\s+-p/i.test(command)) {
+        hints.push('`cmd.exe` 不支持 `mkdir -p`；Windows 下可直接用 `mkdir dir` 创建多级目录。');
+    }
+    if (/\{[^{}]+,[^{}]+\}/.test(command)) {
+        hints.push('`cmd.exe` 不支持 Bash 的 `{a,b}` brace expansion。');
+    }
+    if (/<<\s*['"]?\w+['"]?/.test(command)) {
+        hints.push('`cmd.exe` 不支持 Bash heredoc（如 `cat <<EOF`）。');
+    }
+    if (hints.length === 0) {
+        return null;
+    }
+    return ['Windows shell 提示：', ...hints, '优先使用 Windows `cmd`/PowerShell 语法，或直接使用 `edit_file` 写文件。'].join('\n');
+}
 export const runShellTool = {
     name: 'run_shell',
-    description: 'Run a shell command in the current working directory.',
+    description: 'Run a shell command in the current working directory. On Windows, prefer cmd/PowerShell syntax rather than Bash-only syntax like mkdir -p, brace expansion, or heredoc.',
     inputSchema,
     inputSchemaJson: {
         type: 'object',
@@ -23,20 +74,17 @@ export const runShellTool = {
     },
     isReadOnly: false,
     async execute(input, context) {
-        if (context.approvalMode === 'manual') {
-            return {
-                isError: true,
-                content: 'run_shell is blocked in manual approval mode. Switch config approvalMode to auto to enable shell execution.',
-            };
-        }
         try {
-            const command = input.command ?? input.cmd;
-            if (!command) {
+            const rawCommand = input.command ?? input.cmd;
+            if (!rawCommand) {
                 return {
                     isError: true,
                     content: 'Missing required field: command',
                 };
             }
+            const command = process.platform === 'win32'
+                ? normalizeWindowsCommand(rawCommand)
+                : rawCommand;
             const { stdout, stderr } = await execAsync(command, {
                 cwd: context.cwd,
                 shell: process.platform === 'win32' ? process.env.ComSpec || 'cmd.exe' : '/bin/sh',
@@ -49,9 +97,12 @@ export const runShellTool = {
         }
         catch (error) {
             const message = error instanceof Error ? error.message : String(error);
+            const shellHint = process.platform === 'win32'
+                ? buildWindowsShellHint(input.command ?? input.cmd ?? '')
+                : null;
             return {
                 isError: true,
-                content: message,
+                content: shellHint ? `${message}\n\n${shellHint}` : message,
             };
         }
     },

package/dist/tools/types.d.ts

@@ -2,10 +2,38 @@ import type { z } from 'zod';
 export type ToolExecutionResult = {
     content: string;
     isError?: boolean;
+    meta?: ToolExecutionMeta;
+};
+export type ToolFailureStage = 'lookup' | 'validation' | 'approval' | 'execution';
+export type ToolApprovalRequest = {
+    toolName: string;
+    summary: string;
+    reason: string;
+    targets: string[];
+    risk: 'low' | 'medium' | 'high';
+    input: unknown;
+};
+export type ToolApprovalResponse = {
+    approved: boolean;
+    reason?: string;
+};
+export type ToolApprovalMeta = {
+    mode: 'auto' | 'manual';
+    required: boolean;
+    approved?: boolean;
+    risk?: 'low' | 'medium' | 'high';
+    targets?: string[];
+};
+export type ToolExecutionMeta = {
+    cwd: string;
+    durationMs: number;
+    approval: ToolApprovalMeta;
+    failureStage?: ToolFailureStage;
 };
 export type ToolContext = {
     cwd: string;
     approvalMode: 'auto' | 'manual';
+    requestApproval?: (request: ToolApprovalRequest) => Promise<ToolApprovalResponse>;
 };
 export type AnthropicToolDefinition = {
     name: string;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "lcagent-cli",
-  "version": "0.1.6",
+  "version": "0.1.8",
   "description": "A minimal coding agent CLI for terminal-based coding workflows.",
   "type": "module",
   "publishConfig": {
@@ -18,6 +18,7 @@
     "dev": "tsx src/bin/cli.ts",
     "build": "tsc -p tsconfig.json",
     "check": "tsc -p tsconfig.json --noEmit",
+    "smoke": "npm run build && node ./scripts/smoke.mjs",
     "start": "node dist/bin/cli.js",
     "prepublishOnly": "npm run build"
   },
@@ -32,6 +33,7 @@
   ],
   "dependencies": {
     "commander": "^11.1.0",
+    "diff": "^8.0.4",
     "undici": "^5.28.5",
     "zod": "^4.1.5"
   },