mini-coder 0.2.2 → 0.2.3

package/README.md

@@ -10,7 +10,9 @@
 
 A terminal coding agent for developers who want a sharp tool, not a bloated IDE plugin. Shell-first, multi-provider, minimal tool surface. Just you, your terminal, and an AI that keeps up.
 
-![Minicoder Preview](./assets/preview.gif)
+<p align="center">
+  <img src="./assets/preview.gif" alt="Minicoder Preview"/>
+</p>
 
 ---
 

package/dist/mc.js

@@ -13,7 +13,7 @@ import { SSEClientTransport } from "@modelcontextprotocol/sdk/client/sse.js";
 import { StdioClientTransport } from "@modelcontextprotocol/sdk/client/stdio.js";
 import { StreamableHTTPClientTransport } from "@modelcontextprotocol/sdk/client/streamableHttp.js";
 // src/internal/version.ts
-var PACKAGE_VERSION = "0.2.2";
+var PACKAGE_VERSION = "0.2.3";
 
 // src/mcp/client.ts
 async function connectMcpServer(config) {
@@ -2400,6 +2400,7 @@ function renderStatusBar(opts) {
 }
 
 // src/cli/stream-render.ts
+import { basename as basename2 } from "path";
 import * as c7 from "yoctocolors";
 
 // src/llm-api/history/gemini.ts
@@ -3323,6 +3324,18 @@ async function renderTurn(events, spinner, opts) {
         }
         break;
       }
+      case "file-generated": {
+        liveReasoning.finish();
+        content.flushOpenContent();
+        if (!quiet) {
+          spinner.stop();
+          if (renderedVisibleOutput)
+            writeln();
+          writeln(`${G.info} ${c7.dim("file")}  ${c7.dim(event.mediaType)}  ${c7.dim("\u2192")}  ${basename2(event.filePath)}`);
+          renderedVisibleOutput = true;
+        }
+        break;
+      }
       case "turn-complete": {
         liveReasoning.finish();
         content.flushOpenContent();
@@ -4399,6 +4412,30 @@ import { streamText } from "ai";
 // src/llm-api/turn-execution.ts
 import { dynamicTool, jsonSchema } from "ai";
 
+// src/llm-api/generated-files.ts
+import { join as join6 } from "path";
+var MEDIA_TYPE_TO_EXT = {
+  "image/jpeg": "jpg",
+  "image/svg+xml": "svg"
+};
+function extensionFromMediaType(mediaType) {
+  if (MEDIA_TYPE_TO_EXT[mediaType])
+    return MEDIA_TYPE_TO_EXT[mediaType];
+  const slash = mediaType.indexOf("/");
+  if (slash === -1 || slash === mediaType.length - 1)
+    return "bin";
+  return mediaType.slice(slash + 1);
+}
+var counter = 0;
+async function saveGeneratedFile(file, cwd) {
+  counter += 1;
+  const ext = extensionFromMediaType(file.mediaType);
+  const name = `generated-${counter}.${ext}`;
+  const filePath = join6(cwd, name);
+  await Bun.write(filePath, file.uint8Array);
+  return filePath;
+}
+
 // src/llm-api/turn-stream-events.ts
 function shouldLogStreamChunk(c10) {
   return c10.type !== "text-delta" && c10.type !== "reasoning" && c10.type !== "reasoning-delta";
@@ -4751,6 +4788,18 @@ async function* mapFullStreamToTurnEvents(stream, opts) {
         yield { type: "context-pruned", ...rec };
       }
     }
+    if (originalChunk.type === "file" && opts.cwd) {
+      const fileData = originalChunk.file;
+      if (fileData?.uint8Array) {
+        const filePath = await saveGeneratedFile(fileData, opts.cwd);
+        yield {
+          type: "file-generated",
+          filePath,
+          mediaType: fileData.mediaType
+        };
+        continue;
+      }
+    }
     const prepared = toolCallTracker.prepare(originalChunk);
     const chunk = prepared.chunk;
     const route = textPhaseTracker.route(chunk);
@@ -5171,6 +5220,12 @@ function buildTurnProviderOptions(input) {
   const thinkingOpts = thinkingEffort ? getThinkingProviderOptions(modelString, thinkingEffort) : null;
   const reasoningSummaryRequested = isRecord(thinkingOpts) && isRecord(thinkingOpts.openai) && typeof thinkingOpts.openai.reasoningSummary === "string";
   const cacheFamily = getCacheFamily(modelString);
+  const googleOpts = isGeminiModelFamily(modelString) ? {
+    google: {
+      responseModalities: ["TEXT", "IMAGE"],
+      ...isRecord(thinkingOpts?.google) ? thinkingOpts.google : {}
+    }
+  } : {};
   const providerOptions = {
     ...thinkingOpts ?? {},
     ...isOpenAIGPT(modelString) ? {
@@ -5178,7 +5233,8 @@ function buildTurnProviderOptions(input) {
         store: false,
         ...isRecord(thinkingOpts?.openai) ? thinkingOpts.openai : {}
       }
-    } : {}
+    } : {},
+    ...googleOpts
   };
   return {
     cacheFamily,
@@ -5256,7 +5312,8 @@ async function* runTurn(options) {
     tools,
     systemPrompt,
     signal,
-    thinkingEffort
+    thinkingEffort,
+    cwd
   } = options;
   const rawToolSet = buildToolSet(tools);
   const toolSet = annotateToolCaching(rawToolSet, modelString);
@@ -5307,6 +5364,7 @@ async function* runTurn(options) {
     result.response.catch(() => {});
     for await (const event of mapFullStreamToTurnEvents(result.fullStream, {
       stepPruneQueue,
+      ...cwd ? { cwd } : {},
       onChunk: (streamChunk) => {
         if (streamChunk.type === "tool-call" || streamChunk.type === "tool-result") {
           logApiEvent("stream chunk", {
@@ -5722,7 +5780,8 @@ ${output}
           tools: this.tools,
           ...systemPrompt ? { systemPrompt } : {},
           signal: abortController.signal,
-          ...this.currentThinkingEffort ? { thinkingEffort: this.currentThinkingEffort } : {}
+          ...this.currentThinkingEffort ? { thinkingEffort: this.currentThinkingEffort } : {},
+          cwd: this.cwd
         });
         const { inputTokens, outputTokens, contextTokens, newMessages } = await this.reporter.renderTurn(events, {
           showReasoning: this.showReasoning,
@@ -5825,7 +5884,7 @@ import { z as z3 } from "zod";
 
 // src/internal/file-edit/command.ts
 import { existsSync as existsSync4 } from "fs";
-import { dirname as dirname3, extname, join as join6 } from "path";
+import { dirname as dirname3, extname, join as join7 } from "path";
 import { fileURLToPath } from "url";
 function quoteShellArg(value) {
   return `'${value.replaceAll("'", `'\\''`)}'`;
@@ -5837,7 +5896,7 @@ function resolveSiblingFileEditScript(scriptPath) {
   const mainDir = dirname3(scriptPath);
   const mainBase = scriptPath.slice(mainDir.length + 1);
   if (mainBase === `index${ext}` || mainBase === `mc${ext}`) {
-    return join6(mainDir, `mc-edit${ext}`);
+    return join7(mainDir, `mc-edit${ext}`);
   }
   return null;
 }
@@ -5846,7 +5905,7 @@ function resolveModuleLocalFileEditScript(moduleUrl) {
   const ext = extname(modulePath);
   if (!ext)
     return null;
-  const helperPath = join6(dirname3(modulePath), "..", "..", `mc-edit${ext}`);
+  const helperPath = join7(dirname3(modulePath), "..", "..", `mc-edit${ext}`);
   return existsSync4(helperPath) ? helperPath : null;
 }
 function resolveProcessScriptPath(mainModule, argv1) {
@@ -5875,21 +5934,22 @@ function buildFileEditShellPrelude(command = getFileEditCommand()) {
 // src/tools/shell.ts
 var ShellSchema = z3.object({
   command: z3.string().describe("Shell command to execute"),
-  timeout: z3.number().int().min(1000).optional().describe("Timeout in milliseconds. If omitted, the command runs until it exits."),
-  env: z3.record(z3.string(), z3.string()).optional().describe("Additional environment variables to set")
+  timeout: z3.number().int().min(1000).nullable().describe("Timeout in milliseconds. If omitted, the command runs until it exits."),
+  env: z3.record(z3.string(), z3.string()).nullable().describe("Additional environment variables to set")
 });
 var MAX_OUTPUT_BYTES = 1e4;
 async function runShellCommand(input) {
   const cwd = input.cwd ?? process.cwd();
-  const timeout = input.timeout;
-  const existingGitCount = Number(input.env?.GIT_CONFIG_COUNT ?? process.env.GIT_CONFIG_COUNT ?? "0") || 0;
+  const timeout = input.timeout ?? undefined;
+  const inputEnv = input.env ?? undefined;
+  const existingGitCount = Number(inputEnv?.GIT_CONFIG_COUNT ?? process.env.GIT_CONFIG_COUNT ?? "0") || 0;
   const gitIdx = String(existingGitCount);
   const env = Object.assign({}, process.env, {
     FORCE_COLOR: "1",
     GIT_CONFIG_COUNT: String(existingGitCount + 1),
     [`GIT_CONFIG_KEY_${gitIdx}`]: "color.ui",
     [`GIT_CONFIG_VALUE_${gitIdx}`]: "always"
-  }, input.env ?? {});
+  }, inputEnv ?? {});
   let timedOut = false;
   const readers = [];
   const wasRaw = process.stdin.isTTY ? process.stdin.isRaw : false;
@@ -6185,7 +6245,7 @@ ${c13.bold("Examples:")}`);
 // src/cli/bootstrap.ts
 import { existsSync as existsSync5, mkdirSync as mkdirSync2, writeFileSync } from "fs";
 import { homedir as homedir6 } from "os";
-import { join as join7 } from "path";
+import { join as join8 } from "path";
 import * as c14 from "yoctocolors";
 var REVIEW_SKILL_CONTENT = `---
 name: review
@@ -6216,8 +6276,8 @@ Review recent changes and provide actionable feedback.
 - Keep feedback actionable: say what's wrong and suggest a fix.
 `;
 function bootstrapGlobalDefaults() {
-  const skillDir = join7(homedir6(), ".agents", "skills", "review");
-  const skillPath = join7(skillDir, "SKILL.md");
+  const skillDir = join8(homedir6(), ".agents", "skills", "review");
+  const skillPath = join8(skillDir, "SKILL.md");
   if (!existsSync5(skillPath)) {
     mkdirSync2(skillDir, { recursive: true });
     writeFileSync(skillPath, REVIEW_SKILL_CONTENT, "utf-8");
@@ -6226,7 +6286,7 @@ function bootstrapGlobalDefaults() {
 }
 
 // src/cli/file-refs.ts
-import { join as join8 } from "path";
+import { join as join9 } from "path";
 async function resolveFileRefs(text, cwd) {
   const atPattern = /@([\w./\-_]+)/g;
   let result = text;
@@ -6236,7 +6296,7 @@ async function resolveFileRefs(text, cwd) {
     const ref = match[1];
     if (!ref)
       continue;
-    const filePath = ref.startsWith("/") ? ref : join8(cwd, ref);
+    const filePath = ref.startsWith("/") ? ref : join9(cwd, ref);
     if (isImageFilename(ref)) {
       const attachment = await loadImageFile(filePath);
       if (attachment) {
@@ -6264,7 +6324,7 @@ import * as c21 from "yoctocolors";
 import { randomBytes } from "crypto";
 import { unlinkSync as unlinkSync2, writeFileSync as writeFileSync2 } from "fs";
 import { tmpdir } from "os";
-import { join as join9 } from "path";
+import { join as join10 } from "path";
 import * as c20 from "yoctocolors";
 
 // src/cli/commands-help.ts
@@ -6587,8 +6647,9 @@ async function handleModelSelect(ctx) {
     const freeTag = model.free ? c18.green(" free") : "";
     const contextTag = model.context ? c18.dim(` ${Math.round(model.context / 1000)}k`) : "";
     const currentTag = isCurrent ? c18.cyan(" \u25C0") : "";
+    const providerTag = c18.dim(` [${model.provider}]`);
     return {
-      label: `${model.displayName}${freeTag}${contextTag}${currentTag}`,
+      label: `${model.displayName}${freeTag}${contextTag}${currentTag}${providerTag}`,
       value: model.id,
       filterText: `${model.id} ${model.displayName} ${model.provider}`
     };
@@ -6755,7 +6816,7 @@ ${args}` : loaded2.content;
   }
 }
 async function runForkedSkill(skillName, prompt, cwd) {
-  const tmpFile = join9(tmpdir(), `mc-fork-${randomBytes(8).toString("hex")}.md`);
+  const tmpFile = join10(tmpdir(), `mc-fork-${randomBytes(8).toString("hex")}.md`);
   writeFileSync2(tmpFile, prompt, "utf8");
   try {
     writeln(`${PREFIX.info} ${c20.dim("running subagent\u2026")}`);

package/docs/design-decisions.md

@@ -0,0 +1,74 @@
+# Design Decisions
+
+Documenting why mini-coder makes certain architectural choices — especially where we intentionally diverge from AI SDK defaults or common patterns.
+
+## Why not ToolLoopAgent?
+
+**Decision:** Use `streamText` directly instead of the AI SDK's `ToolLoopAgent`.
+
+`ToolLoopAgent` is a convenience wrapper that manages the tool-call loop, context, and stopping conditions. Mini-coder needs explicit control over every aspect it abstracts away:
+
+- **Streaming event rendering** — We yield granular `TurnEvent`s (text deltas, tool calls, tool results, reasoning, context-pruned notifications) as they arrive from `fullStream`. The reporter renders them append-only into the terminal in real time. `ToolLoopAgent` gives you the final result; we need the firehose.
+- **ESC interrupt mid-turn** — An `AbortController` is wired through to `streamText`'s `signal`. On ESC, we abort, preserve partial messages, and append an interrupt stub so the LLM retains context. `ToolLoopAgent` doesn't expose this kind of mid-stream abort-and-preserve behavior.
+- **Custom context pruning** — After every turn, `SessionRunner` runs `applyContextPruning` + `compactToolResultPayloads` on the in-memory history. This is rolling, per-turn pruning that must not break prompt caching. `ToolLoopAgent`'s built-in context management doesn't match these constraints.
+- **Per-step DB persistence** — Each turn's messages are saved to SQLite with a turn index as they complete. The in-memory `coreHistory` diverges from the DB history (pruned vs. full). `ToolLoopAgent` has no hook for this.
+- **Provider-specific caching annotations** — `annotateToolCaching` adds caching metadata to the tool set based on the model string, injected directly into the `streamText` call.
+- **No step/tool-call limits** — Per the design: "No max steps or tool call limits — user can interrupt." `ToolLoopAgent` defaults to `stopWhen: stepCountIs(20)`.
+
+**Summary:** `ToolLoopAgent` reduces boilerplate for simple request→response agents. Mini-coder is a shell-first coding agent where the loop _is_ the product. Using `ToolLoopAgent` would mean fighting the abstraction at every turn.
+
+## Why no cross-session memory?
+
+**Decision:** No agent-managed persistent memory across sessions. The repo and user-authored config files are the memory.
+
+The AI SDK offers several memory approaches (Anthropic memory tool, Mem0, Letta, custom tools) that let agents save facts and recall them in future conversations. We intentionally don't use any of these.
+
+### What we have instead
+
+- **Within-session persistence** — Full message history saved to SQLite per-turn, sessions resumable via `/session`.
+- **Context pruning** — `applyContextPruning` and `applyStepPruning` strip old reasoning/tool-calls to fit context windows without breaking prompt caching.
+- **Static cross-session context** — `AGENTS.md`/`CLAUDE.md` files loaded into the system prompt. This is user-curated project knowledge, not agent-managed memory.
+- **Skills** — Reusable instruction sets discoverable via `/` autocomplete.
+
+### Why not agent-written memory?
+
+We considered having the agent write to `~/.agents/AGENTS.md` for cross-session recall. Rejected because:
+
+- **Intrusive** — `~/.agents/` is the user's space. Agent writes would mix generated noise with intentional configuration, creating surprises ("where did this line come from?").
+- **Violates conventions** — `AGENTS.md`/`CLAUDE.md` are community standards meant to be human-authored instructions _to_ the agent, not an agent scratchpad. Using them as memory inverts the relationship.
+- **Safety conflict** — Our own system prompt requires confirmation before irreversible actions. Silently modifying a user's global config violates that principle.
+- **Complexity** — Memory adds storage, retrieval, relevance ranking, and non-determinism. The design philosophy is performance first, minimal setup.
+
+### If we ever want this
+
+A dedicated `~/.config/mini-coder/memories.md` that's clearly agent-owned and separate from user config would be the right path — not overloading existing community standards.
+
+**Summary:** For a coding agent that operates on a repo, the repo _is_ the memory. Users who want cross-session context write it in `AGENTS.md` themselves — that's an intentional act, not an LLM side effect.
+
+## Why no tool-call permissions?
+
+**Decision:** No approval prompts, no blacklists, no whitelists. Every tool call executes immediately.
+
+Our inspirations (Claude Code, OpenCode) require user approval for tool calls — shell commands, file writes, etc. We intentionally skip this.
+
+### Permission systems provide a false sense of security
+
+- **Shell bypasses everything.** An LLM with shell access can `curl`, `eval`, pipe through `bash`, encode payloads, or chain commands in ways no static blacklist can anticipate. Any permission scheme that allows shell but blocks specific patterns is playing whack-a-mole.
+- **Blacklists and whitelists always have gaps.** Block `rm -rf /`? The model uses `find -delete`. Block `git push --force`? It uses `git push origin +main`. The surface area is unbounded.
+- **Approval fatigue degrades security.** After the 20th "Allow shell command?" prompt, users auto-approve everything. The permission system trains the user to click "yes" reflexively — the opposite of its intent.
+
+### Permissions are cumbersome
+
+A coding agent runs dozens of shell commands per task. Requiring approval for each one destroys the flow that makes a CLI agent useful. The whole point of mini-coder is: small, fast, stays out of the way.
+
+### Isolation is a separate concern
+
+Sandboxing is a real need, but it belongs at the OS/container level — not inside the agent. Tools like [nono](https://nono.sh/) provide proper filesystem and network isolation that the LLM cannot circumvent. This is defense in depth done right: the agent runs unrestricted inside a sandbox that enforces actual boundaries.
+
+### Our approach
+
+- The system prompt includes safety rules (no secrets, confirm destructive actions, no unauthorized reverts).
+- The user can interrupt at any time with ESC (preserve context) or Ctrl+C (hard exit).
+- For real isolation, run mini-coder inside a sandboxed environment.
+
+**Summary:** Permission dialogs give the appearance of safety without the substance. Real security comes from sandboxing the environment, not gatekeeping individual tool calls. Mini-coder codes — isolating it is a job for the right tool.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "mini-coder",
-  "version": "0.2.2",
+  "version": "0.2.3",
   "description": "A small, fast CLI coding agent",
   "module": "src/index.ts",
   "type": "module",
@@ -31,7 +31,7 @@
     "diff": "^8.0.3",
     "yoctocolors": "^2.1.2",
     "yoctomarkdown": "^0.0.7",
-    "yoctoselect": "0.0.2",
+    "yoctoselect": "0.0.3",
     "zod": "^4.3.6"
   },
   "devDependencies": {