miii-cli 1.2.4 → 1.3.0

package/dist/init.js

@@ -5,7 +5,7 @@ import { createRequire } from 'module';
 import { existsSync, readFileSync, writeFileSync, mkdirSync } from 'fs';
 import { join } from 'path';
 import { homedir } from 'os';
-import { execSync } from 'child_process';
+import { execSync, spawnSync } from 'child_process';
 import { loadConfig } from './config.js';
 import { SkillLoader } from './skills/loader.js';
 import { InputBar } from './tui/InputBar.js';
@@ -67,6 +67,45 @@ async function checkLatestVersion(current, force = false) {
     catch { }
     return undefined;
 }
+function promptYN(question) {
+    return new Promise(resolve => {
+        process.stdout.write(`  ${question} (y/N) `);
+        const onData = (key) => {
+            const k = key.toString();
+            process.stdin.setRawMode(false);
+            process.stdin.pause();
+            process.stdin.removeListener('data', onData);
+            process.stdout.write('\n');
+            if (k === '') {
+                process.exit(130);
+            } // ctrl+c in raw mode — exit cleanly
+            resolve(k.toLowerCase() === 'y');
+        };
+        try {
+            process.stdin.setRawMode(true);
+            process.stdin.resume();
+            process.stdin.setEncoding('utf-8');
+            process.stdin.on('data', onData);
+        }
+        catch {
+            // stdin not a TTY (piped input) — skip prompt
+            process.stdin.removeListener('data', onData);
+            process.stdout.write('\n');
+            resolve(false);
+        }
+    });
+}
+async function runAutoUpdate(latestVersion) {
+    process.stdout.write(`\n  Updating miii-cli to v${latestVersion}…\n\n`);
+    const result = spawnSync('npm', ['install', '-g', 'miii-cli'], { stdio: 'inherit', shell: true });
+    if (result.status === 0) {
+        process.stdout.write(`\n  Updated to v${latestVersion}. Restart miii.\n`);
+    }
+    else {
+        process.stdout.write(`\n  Update failed (exit ${result.status}). Run manually: npm install -g miii-cli\n`);
+    }
+    process.exit(result.status ?? 1);
+}
 export async function lazyInit() {
     const argv = minimist(process.argv.slice(2), {
         string: ['model', 'url', 'provider', 'session'],
@@ -105,7 +144,13 @@ export async function lazyInit() {
             process.stderr.write(`MCP: loaded ${mcpTools.length} tool(s) from ${mcpClients.length} server(s)\n`);
     }
     // Print welcome banner to scrollback BEFORE Ink starts
-    welcome(config.provider, config.model, process.cwd(), currentVersion, updateAvailable, linked);
+    welcome(process.cwd(), currentVersion, updateAvailable, linked);
+    // If update available and not a linked dev install, offer auto-update
+    if (updateAvailable && !linked && process.stdin.isTTY) {
+        const doUpdate = await promptYN(`Update available: v${updateAvailable}. Auto-update now?`);
+        if (doUpdate)
+            await runAutoUpdate(updateAvailable);
+    }
     const sessionName = argv.session || `s-${Date.now()}`;
     const { waitUntilExit } = render(React.createElement(InputBar, { config, skills, cwd: process.cwd(), session: sessionName, version: currentVersion, mcpTools }), { exitOnCtrlC: false });
     await waitUntilExit();

package/dist/mcp/client.js

@@ -73,6 +73,11 @@ export class MCPClient {
                 resolve: (v) => { clearTimeout(timer); resolve(v); },
                 reject: (e) => { clearTimeout(timer); reject(e); },
             });
+            if (!this.proc?.stdin?.writable) {
+                this.pending.delete(id);
+                reject(new Error('MCP process stdin not writable'));
+                return;
+            }
             this.proc.stdin.write(JSON.stringify({ jsonrpc: '2.0', id, method, params }) + '\n');
             timer = setTimeout(() => {
                 if (this.pending.has(id)) {

package/dist/skills/loader.js

@@ -167,8 +167,10 @@ export class SkillLoader {
         const pkg = nameOrPkg.includes('/') || nameOrPkg.startsWith('miii-skill-')
             ? nameOrPkg
             : `miii-skill-${nameOrPkg}`;
+        if (!/^[a-zA-Z0-9@/._-]+$/.test(pkg))
+            throw new Error(`invalid package name: ${pkg}`);
         createDir(NPM_SKILLS_DIR);
-        const { stdout, stderr } = await run(`npm install --prefix ${JSON.stringify(NPM_SKILLS_DIR)} ${pkg}`);
+        const { stdout, stderr } = await run(`npm install --prefix ${JSON.stringify(NPM_SKILLS_DIR)} ${JSON.stringify(pkg)}`);
         const out = (stdout + stderr).trim();
         // Reload newly installed skill
         await this.loadAll();
@@ -178,7 +180,9 @@ export class SkillLoader {
         const pkg = nameOrPkg.includes('/') || nameOrPkg.startsWith('miii-skill-')
             ? nameOrPkg
             : `miii-skill-${nameOrPkg}`;
-        const { stdout, stderr } = await run(`npm uninstall --prefix ${JSON.stringify(NPM_SKILLS_DIR)} ${pkg}`);
+        if (!/^[a-zA-Z0-9@/._-]+$/.test(pkg))
+            throw new Error(`invalid package name: ${pkg}`);
+        const { stdout, stderr } = await run(`npm uninstall --prefix ${JSON.stringify(NPM_SKILLS_DIR)} ${JSON.stringify(pkg)}`);
         const out = (stdout + stderr).trim();
         // Remove from map
         const shortName = pkg.replace(/^miii-skill-/, '');

package/dist/tools/index.js

@@ -20,7 +20,10 @@ export const tools = [
         params: '{"path": "string"}',
         execute: async ({ path }) => {
             try {
-                return readFile(guardPath(requireArg(path, 'path', 'read_file')));
+                const safe = guardPath(requireArg(path, 'path', 'read_file'));
+                if (!existsSync(safe))
+                    throw new Error(`file not found: ${path}`);
+                return readFile(safe);
             }
             catch (e) {
                 throw new Error(`read_file: ${e}`);
@@ -73,15 +76,18 @@ export const tools = [
         params: '{"path": "string", "old": "string", "new": "string"}',
         execute: async ({ path, old: oldStr, new: newStr }) => {
             const safe = guardPath(requireArg(path, 'path', 'update_file'));
-            const current = readFile(safe);
-            if (current === null)
+            if (!existsSync(safe))
                 throw new Error(`file not found: ${path}`);
+            const current = readFile(safe);
             if (current === '')
                 throw new Error(`file empty: ${path}`);
             const old = requireArg(oldStr, 'old', 'update_file');
             if (newStr === undefined || newStr === null)
                 throw new Error('update_file: "new" argument is required');
-            const count = current.split(old).length - 1;
+            const norm = (s) => s.replace(/\r\n/g, '\n');
+            const currentNorm = norm(current);
+            const oldNorm = norm(old);
+            const count = currentNorm.split(oldNorm).length - 1;
             if (count === 0) {
                 throw new Error(`old text not found in ${path} — file may have changed since last read.\n` +
                     `Call read_file again to get current content, then retry with exact matching text.`);
@@ -89,11 +95,11 @@ export const tools = [
             if (count > 1) {
                 throw new Error(`ambiguous: ${count} matches found in ${path} — extend <old> block with more surrounding lines to make it unique`);
             }
-            const updated = current.replace(old, String(newStr));
+            const updated = currentNorm.replace(oldNorm, norm(String(newStr)));
             writeFile(safe, updated);
             // Compute affected line range for the snippet
-            const startLine = current.slice(0, current.indexOf(old)).split('\n').length;
-            const oldLines = old.split('\n').length;
+            const startLine = currentNorm.slice(0, currentNorm.indexOf(oldNorm)).split('\n').length;
+            const oldLines = oldNorm.split('\n').length;
             const newLines = newStr.split('\n').length;
             const updatedArr = updated.split('\n');
             const snippetStart = Math.max(0, startLine - 3);
@@ -287,14 +293,16 @@ export function getSystemPrompt(extra = '', extraTools = []) {
     const toolDocs = allTools.map(t => `- ${t.name}(${t.params}): ${t.description}`).join('\n');
     const deepThinkDoc = `- deep_think({"query": "string", "needs_web": "boolean (optional)"}): Research tool — gathers information from files, git, and optionally the web before answering. Returns a compiled research summary. Guardrails: read-only tools only, max 6 tool calls, max 4 web calls inside. Use when a question requires reading multiple files or searching the web first.
 - search_codebase({"query": "string", "k": "number (optional)"}): Semantic vector search over the indexed codebase. Returns top-k relevant code snippets by meaning. Requires the user to have run /index build. Use this when you need to find code by concept rather than exact string — e.g. "authentication logic", "error handling patterns", "database queries".`;
-    return `You are Miii — AI coding assistant.
+    return `You are Miii — a precise, disciplined AI coding assistant. You implement exactly what is asked. Nothing more.
+
+## Tool format
 
-Tools via:
 <tool_call>
 {"name": "tool_name", "args": {...}}
 </tool_call>
 
-File content in named blocks (not inside JSON):
+File content goes in named blocks outside the JSON — never inside it:
+
 <tool_call>
 {"name": "edit_file", "args": {"path": "src/foo.ts"}}
 <content>
@@ -305,23 +313,68 @@ full file content here
 <tool_call>
 {"name": "update_file", "args": {"path": "src/foo.ts"}}
 <old>
-exact text to replace
+exact text to replace (copy verbatim from read_file output)
 </old>
 <new>
 replacement text
 </new>
 </tool_call>
 
-Tools:
+## Tools
 ${toolDocs}
 ${deepThinkDoc}
 
-Rules:
-- edit_file: new files only (errors if exists). For existing files: read_file then update_file with exact <old> text
-- Never guess old text — always re-read immediately before patching. If "old text not found": read_file again and retry
-- Plain text responses only. No markdown (#/*/\`), no code blocks — write code with tools, not in responses
-- git_status/git_diff before refactors. git_status before git_commit
-- run_tests after edits. Fix failures, retry up to 3 times
-- web_search requires "query" key exactly. Never say you can't search — always call web_search
-- deep_think: read-only research only, cannot edit files${extra}`;
+## Execution protocol
+
+For every task, follow this sequence:
+1. Read relevant files first — never assume file contents. When reading multiple independent files, emit all read_file calls in a single batch — do not wait for one before requesting the next.
+2. Make the minimal targeted change that satisfies the request
+3. Run run_tests after any edit. If tests fail, fix and retry up to 3 times before reporting
+4. For refactors or commits: git_status → git_diff first, always
+
+Parallel tool calls: when multiple tool calls have no dependency between them, issue them together in one batch. Sequential only when a later call depends on an earlier result.
+
+For exploratory questions ("how should we approach X?", "what could we do about Y?"):
+- Respond in 2-3 sentences: recommendation + main tradeoff
+- Do not implement until the user agrees
+
+For UI or frontend changes: verify the change works in a browser before reporting done. If browser testing is not possible, say so explicitly rather than claiming success.
+
+## Code discipline
+
+- Implement exactly what is asked. A bug fix is not a refactor opportunity. A one-shot task does not need a helper abstraction.
+- Three similar lines of code is better than a premature abstraction.
+- Write no comments by default. Add one only when the WHY is non-obvious: a hidden constraint, a subtle invariant, a specific bug workaround. Never explain what the code does — names do that.
+- Add no error handling for scenarios that cannot occur. Trust framework and internal code guarantees. Validate only at system boundaries: user input, external APIs, file I/O.
+- Add no backwards-compatibility shims, feature flags, or dead code for hypothetical future requirements.
+
+## File editing rules
+
+- edit_file: new files only — throws if file exists. For existing files: read_file → update_file.
+- update_file: copy the <old> text verbatim from read_file output. Never guess or paraphrase it.
+- If "old text not found": read_file again immediately and retry with exact current text.
+- Prefer update_file (surgical patch) over edit_file (full rewrite) for existing files.
+- Read a file immediately before patching it — not from earlier in the conversation.
+
+## Safety and reversibility
+
+- Before any destructive action (delete_file, overwriting content, git_commit with -A), verify the blast radius.
+- Never introduce security vulnerabilities: no command injection, no path traversal, no hardcoded secrets, no XSS, no SQL injection. If you wrote insecure code, fix it immediately.
+- run_command executes in a shell — validate any user-supplied values before interpolating into commands.
+
+## Git discipline
+
+- git_status before every commit. Never commit if working tree is unexpected.
+- Stage specific files. Use -A only when all changes are intentional and reviewed.
+- Never amend a commit unless explicitly asked.
+- Never force-push unless explicitly asked and confirmed.
+- Never skip hooks (--no-verify) unless explicitly asked. If a hook fails, diagnose and fix the root cause.
+- Never use interactive git flags (-i) — they require terminal input that is not available.
+
+## Communication
+
+- Plain text only. No markdown (no #, *, \`, ---). No code blocks in responses — write code with tools.
+- No filler: no "sure", "certainly", "happy to", "great question". State results and next steps directly.
+- web_search requires "query" key exactly. Never say you can't search — always call web_search.
+- deep_think: read-only research only. Cannot edit files.${extra}`;
 }

package/dist/tui/InputBar.js

@@ -101,7 +101,8 @@ export function InputBar({ config: initialConfig, skills, cwd, session, version,
     const abortRef = useRef(null);
     const [designTeachState, setDesignTeachState] = useState(null);
     const [designReadyPrompt, setDesignReadyPrompt] = useState(null);
-    const { projectDir, setSessionName, sessionNameRef, historyRef, saveTimerRef, systemPromptRef, pushHistory, setHistory, buildContext, renameFromMessage, updateMemory, } = useSession(session, cwd, config, mcpTools);
+    const { currentModel, setCurrentModel, currentModelRef, pickerOpen, setPickerOpen, pickerModels, pickerLoading, pickerError, pullState, handleModelSelect, handleModelPull, } = useModelPicker(config);
+    const { projectDir, setSessionName, sessionNameRef, historyRef, saveTimerRef, systemPromptRef, pushHistory, setHistory, buildContext, renameFromMessage, updateMemory, } = useSession(session, cwd, config, mcpTools, currentModelRef);
     const startDesignTeach = useCallback(() => {
         setDesignTeachState({ answers: [], idx: 0 });
     }, []);
@@ -119,7 +120,6 @@ export function InputBar({ config: initialConfig, skills, cwd, session, version,
             return { answers, idx: nextIdx };
         });
     }, []);
-    const { currentModel, setCurrentModel, currentModelRef, pickerOpen, setPickerOpen, pickerModels, pickerLoading, pickerError, pullState, handleModelSelect, handleModelPull, } = useModelPicker(config);
     const deepThinkTool = useMemo(() => ({
         name: 'deep_think',
         description: 'Research tool: gather info from files and web before answering.',

package/dist/tui/components/InputArea.js

@@ -428,10 +428,14 @@ export function InputArea({ status, skills, cwd, planningMode, permissionRequest
             appendChar(input);
             if (prospective.startsWith('/')) {
                 if (prospective.slice(1).includes(' ')) {
-                    if (input === '@' || overlay === 'at') {
+                    if (input === '@') {
+                        filesLoadedRef.current = false;
                         setOverlay('at');
                         setOverlayIdx(0);
                     }
+                    else if (overlay === 'at') {
+                        setOverlay('at');
+                    }
                     else {
                         setOverlay('none');
                     }
@@ -441,10 +445,14 @@ export function InputArea({ status, skills, cwd, planningMode, permissionRequest
                     setOverlayIdx(0);
                 }
             }
-            else if (input === '@' || (overlay === 'at' && atQuery !== '')) {
+            else if (input === '@') {
+                filesLoadedRef.current = false;
                 setOverlay('at');
                 setOverlayIdx(0);
             }
+            else if (overlay === 'at' && atQuery !== '') {
+                setOverlay('at');
+            }
             else if (overlay === 'command') {
                 setOverlay('none');
             }

package/dist/tui/deepThink.js

@@ -42,7 +42,6 @@ Guardrails:
             apiKey: config.apiKey,
             messages: msgs,
             signal,
-            onChunk() { },
             async onDone(text) { fullText = text; },
             onError(err) { if (err.name !== 'AbortError')
                 chatError = err; },

package/dist/tui/hooks/useRefactor.js

@@ -20,14 +20,15 @@ export function useRefactor(deps) {
                 content: `Refactor goal: ${goal}\n\nList every file that needs to change. For each file output:\nFILE: <path>\nCHANGE: <one sentence describing the edit>\n\nUse list_files and read_file to discover relevant files first. Only list files that genuinely need changes.`,
             },
         ];
-        abortRef.current = new AbortController();
+        const controller = new AbortController();
+        abortRef.current = controller;
         let planText = '';
         await chat({
             provider: config.provider,
             model: currentModelRef.current,
             baseUrl: config.baseUrl,
             messages: planCtx,
-            signal: abortRef.current.signal,
+            signal: controller.signal,
             async onDone(text) { planText = text; },
             onError(err) { printer.errorMsg(err.message); },
         });
@@ -95,7 +96,7 @@ export function useRefactor(deps) {
                 model: currentModelRef.current,
                 baseUrl: config.baseUrl,
                 messages: editCtx,
-                signal: abortRef.current?.signal,
+                signal: controller.signal,
                 async onDone(text) { editText = text; },
                 onError(err) { printer.errorMsg(`edit LLM error: ${err.message}`); },
             });

package/dist/tui/hooks/useRunLoop.js

@@ -134,7 +134,9 @@ export function useRunLoop(config, currentModelRef, pushHistory, extraTools = []
                                 sessionApprovedRef.current.add(sessionKey);
                             if (decision === 'no') {
                                 printer.systemMsg(`denied: ${tc.name}`);
-                                next.push({ role: 'user', content: `Tool ${tc.name} was denied by the user` });
+                                const remaining = pendingTools.slice(pendingTools.indexOf(tc) + 1).map(t => t.name);
+                                const skippedNote = remaining.length ? ` The following tools were also skipped: ${remaining.join(', ')}.` : '';
+                                next.push({ role: 'user', content: `Tool ${tc.name} was denied by the user.${skippedNote} Do not retry these tools unless the user explicitly asks.` });
                                 break;
                             }
                             // Checkpoint: store pre-execution file state
@@ -158,8 +160,9 @@ export function useRunLoop(config, currentModelRef, pushHistory, extraTools = []
                                     const filePath = tc.args.path;
                                     const oldText = tc.args.old;
                                     if (filePath && oldText && existsSync(filePath)) {
+                                        const norm = (s) => s.replace(/\r\n/g, '\n');
                                         const current = readFileSync(filePath, 'utf-8');
-                                        const occurrences = current.split(oldText).length - 1;
+                                        const occurrences = norm(current).split(norm(oldText)).length - 1;
                                         if (occurrences === 0) {
                                             printer.errorMsg(`patch stale: old text not found in ${filePath} — injecting fresh content`);
                                             next.push({ role: 'user', content: `Tool read_file result:\n${current}` });
@@ -208,7 +211,8 @@ export function useRunLoop(config, currentModelRef, pushHistory, extraTools = []
                 const didEditFiles = pendingTools.some(tc => FILE_EDIT_TOOLS.has(tc.name));
                 if (didEditFiles) {
                     const systemMsg = msgs.find(m => m.role === 'system');
-                    const goalMsg = msgs.find(m => m.role === 'user' && !m.content.startsWith('[') && !m.content.startsWith('Tool '));
+                    const goalMsg = msgs.find(m => m.role === 'user' && !m.content.startsWith('[') && !m.content.startsWith('Tool '))
+                        ?? (goal ? { role: 'user', content: goal } : undefined);
                     const batchStart = msgs.length; // include assistant message so model sees its own tool call on retry
                     const batchMsgs = next.slice(batchStart);
                     const slimCtx = [

package/dist/tui/hooks/useSession.js

@@ -9,7 +9,7 @@ const SHORT_MEMORY_SIZE = 50;
 function buildSystemPrompt(cwd, facts, extraTools = []) {
     return getSystemPrompt(`\n- CWD: ${cwd}`, extraTools) + formatMemoryBlock(facts);
 }
-export function useSession(initialSession, cwd, config, extraTools = []) {
+export function useSession(initialSession, cwd, config, extraTools = [], currentModelRef) {
     const projectDir = getProjectDir(cwd);
     const [sessionName, setSessionName] = useState(initialSession);
     const sessionNameRef = useRef(initialSession);
@@ -49,7 +49,7 @@ export function useSession(initialSession, cwd, config, extraTools = []) {
         if (historyRef.current.length > SHORT_MEMORY_SIZE && !extractingRef.current) {
             const dropped = historyRef.current.splice(0, historyRef.current.length - SHORT_MEMORY_SIZE);
             extractingRef.current = true;
-            extractFacts(dropped, config, config.model).then(newFacts => {
+            extractFacts(dropped, config, currentModelRef?.current ?? config.model).then(newFacts => {
                 if (newFacts.length) {
                     const updated = mergeFacts(longMemoryRef.current, newFacts);
                     longMemoryRef.current = updated;

package/dist/tui/printer.js

@@ -81,7 +81,7 @@ export function toolArgSummary(args) {
     const first = Object.values(args)[0];
     return first ? truncate(String(first), 60) : '';
 }
-export function welcome(provider, model, cwd, version, updateAvailable, linked) {
+export function welcome(cwd, version, updateAvailable, linked) {
     const cols = Math.min(process.stdout.columns ?? 80, 100);
     const innerW = cols - 2;
     const leftW = Math.floor(innerW * 0.44);
@@ -114,7 +114,6 @@ export function welcome(provider, model, cwd, version, updateAvailable, linked)
         '',
         ...miniArt,
         '',
-        `  ${gray(model + ' · ' + provider)}`,
         `  ${gray(shortCwd)}`,
         '',
     ];

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "miii-cli",
-  "version": "1.2.4",
+  "version": "1.3.0",
   "type": "module",
   "description": "The high-performance local AI coding agent for your terminal. Automate complex workflows with local LLMs.",
   "license": "MIT",