npm - nex-code - Versions diffs - 0.3.64 → 0.3.65 - Mend

nex-code 0.3.64 → 0.3.65

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -1091,6 +1091,27 @@ Arguments are automatically sanitized — keys matching `key`, `token`, `passwor
 ---
+## Safety
+nex-code includes multi-layer protections to prevent accidental damage — even in `--auto` and `--yolo` mode:
+| Layer | What it guards | Bypass possible? |
+|---|---|---|
+| **Forbidden patterns** | `rm -rf /`, fork bombs, reverse shells, `cat .env` | No |
+| **Protected paths** | Destructive bash ops (`rm`, `mv`, `truncate`, …) on `.env`, `credentials/`, `venv/`, `.ssh/`, `.aws/`, `.sqlite3`, `.git/` internals | Only via `NEX_UNPROTECT=1` |
+| **Sensitive file tools** | `read_file` / `write_file` / `edit_file` on `.env`, `.ssh/`, `.npmrc`, `.kube/config`, etc. | No |
+| **Critical commands** | `rm -rf`, `sudo`, `git push --force`, `git reset --hard` | Requires explicit confirmation |
+**Override:** If you intentionally need to modify a protected path via bash (e.g. rotating credentials in a deploy script), set `NEX_UNPROTECT=1`:
+```bash
+NEX_UNPROTECT=1 nex-code
+```
+This disables the protected-path check only — forbidden patterns and critical-command prompts remain active.
+---
 ## Team Permissions
 Permission presets for team environments:

package/dist/nex-code.js CHANGED Viewed

@@ -1,5 +1,5 @@
 #!/usr/bin/env node
-var q=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var Es=q((Pb,Nf)=>{Nf.exports={name:"nex-code",version:"0.3.64",description:"The open-source agentic coding CLI. Free with Ollama Cloud \u2014 switch to OpenAI, Anthropic or Gemini anytime. Alternative to Claude Code & Gemini CLI.",bin:{"nex-code":"./dist/nex-code.js"},files:["dist/","README.md","LICENSE"],engines:{node:">=18.0.0"},scripts:{start:"node dist/nex-code.js",build:"esbuild bin/nex-code.js --bundle --platform=node --target=node18 --outfile=dist/nex-code.js --minify --external:axios --external:dotenv --external:playwright",test:"jest --forceExit",coverage:"jest --coverage --forceExit","test:watch":"jest --watch",format:"prettier --write .","install-hooks":"ln -sf ../../hooks/pre-push .git/hooks/pre-push && chmod +x .git/hooks/pre-push && ln -sf ../../hooks/post-merge .git/hooks/post-merge && chmod +x .git/hooks/post-merge && echo 'Hooks installed (pre-push, post-merge).'",prepublishOnly:"npm run build && npm test",release:"npm version patch && git push --follow-tags && npm publish"},keywords:["ai","cli","coding","agent","ollama","ollama-cloud","openai","anthropic","claude","gemini","llm","gpt","agentic","terminal","coding-assistant","claude-code-alternative","gemini-cli-alternative","open-source","free","qwen3","devstral","kimi-k2","deepseek","local-llm","mcp","model-context-protocol","multi-provider"],repository:{type:"git",url:"https://github.com/hybridpicker/nex-code.git"},bugs:{url:"https://github.com/hybridpicker/nex-code/issues"},homepage:"https://github.com/hybridpicker/nex-code#readme",license:"MIT",dependencies:{axios:"^1.7.0",dotenv:"^16.4.0"},devDependencies:{esbuild:"^0.27.3",jest:"^29.7.0"},jest:{coverageThreshold:{global:{lines:45,functions:30,branches:35},"./cli/sub-agent.js":{lines:70,functions:65,branches:55}}}}});var Ht=q((Lb,ya)=>{"use strict";var fa="\x1B[0m",pa="\x1B[1m",dn="\x1B[2m";function O(t,e,s){return`\x1B[38;2;${t};${e};${s}m`}function Mf(){if(!process.stdout.isTTY)return null;try{let{execFileSync:t}=require("child_process"),e=["import sys,os,tty,termios,select","f=open('/dev/tty','r+b',buffering=0)","fd=f.fileno()","s=termios.tcgetattr(fd)","try:"," tty.setraw(fd)"," f.write(bytes([0x1b,0x5d,0x31,0x31,0x3b,0x3f,0x1b,0x5c]))"," r=select.select([fd],[],[],0.1)[0]"," d=b''"," if r:","  while True:","   r2=select.select([fd],[],[],0.05)[0]","   if not r2:break","   c=os.read(fd,1)","   d+=c","   if d[-1:]==bytes([0x07]) or d[-2:]==bytes([0x1b,0x5c]):break"," sys.stdout.buffer.write(d)","finally:"," termios.tcsetattr(fd,termios.TCSADRAIN,s)"," f.close()"].join(`
+var q=(t,e)=>()=>(e||t((e={exports:{}}).exports,e),e.exports);var Es=q((Pb,Nf)=>{Nf.exports={name:"nex-code",version:"0.3.65",description:"The open-source agentic coding CLI. Free with Ollama Cloud \u2014 switch to OpenAI, Anthropic or Gemini anytime. Alternative to Claude Code & Gemini CLI.",bin:{"nex-code":"./dist/nex-code.js"},files:["dist/","README.md","LICENSE"],engines:{node:">=18.0.0"},scripts:{start:"node dist/nex-code.js",build:"esbuild bin/nex-code.js --bundle --platform=node --target=node18 --outfile=dist/nex-code.js --minify --external:axios --external:dotenv --external:playwright",test:"jest --forceExit",coverage:"jest --coverage --forceExit","test:watch":"jest --watch",format:"prettier --write .","install-hooks":"ln -sf ../../hooks/pre-push .git/hooks/pre-push && chmod +x .git/hooks/pre-push && ln -sf ../../hooks/post-merge .git/hooks/post-merge && chmod +x .git/hooks/post-merge && echo 'Hooks installed (pre-push, post-merge).'",prepublishOnly:"npm run build && npm test",release:"npm version patch && git push --follow-tags && npm publish"},keywords:["ai","cli","coding","agent","ollama","ollama-cloud","openai","anthropic","claude","gemini","llm","gpt","agentic","terminal","coding-assistant","claude-code-alternative","gemini-cli-alternative","open-source","free","qwen3","devstral","kimi-k2","deepseek","local-llm","mcp","model-context-protocol","multi-provider"],repository:{type:"git",url:"https://github.com/hybridpicker/nex-code.git"},bugs:{url:"https://github.com/hybridpicker/nex-code/issues"},homepage:"https://github.com/hybridpicker/nex-code#readme",license:"MIT",dependencies:{axios:"^1.7.0",dotenv:"^16.4.0"},devDependencies:{esbuild:"^0.27.3",jest:"^29.7.0"},jest:{coverageThreshold:{global:{lines:45,functions:30,branches:35},"./cli/sub-agent.js":{lines:70,functions:65,branches:55}}}}});var Ht=q((Lb,ya)=>{"use strict";var fa="\x1B[0m",pa="\x1B[1m",dn="\x1B[2m";function O(t,e,s){return`\x1B[38;2;${t};${e};${s}m`}function Mf(){if(!process.stdout.isTTY)return null;try{let{execFileSync:t}=require("child_process"),e=["import sys,os,tty,termios,select","f=open('/dev/tty','r+b',buffering=0)","fd=f.fileno()","s=termios.tcgetattr(fd)","try:"," tty.setraw(fd)"," f.write(bytes([0x1b,0x5d,0x31,0x31,0x3b,0x3f,0x1b,0x5c]))"," r=select.select([fd],[],[],0.1)[0]"," d=b''"," if r:","  while True:","   r2=select.select([fd],[],[],0.05)[0]","   if not r2:break","   c=os.read(fd,1)","   d+=c","   if d[-1:]==bytes([0x07]) or d[-2:]==bytes([0x1b,0x5c]):break"," sys.stdout.buffer.write(d)","finally:"," termios.tcsetattr(fd,termios.TCSADRAIN,s)"," f.close()"].join(`
 `),n=t("python3",["-c",e],{encoding:"buffer",timeout:400,stdio:["ignore","pipe","ignore"]}).toString("utf8").match(/rgb:([0-9a-fA-F]+)\/([0-9a-fA-F]+)\/([0-9a-fA-F]+)/);if(n){let r=parseInt(n[1].slice(0,2),16),a=parseInt(n[2].slice(0,2),16),c=parseInt(n[3].slice(0,2),16);return .299*r+.587*a+.114*c<128}}catch{}return null}function ma(){let t=require("os");return require("path").join(t.homedir(),".nex-code",".theme_cache.json")}function If(t){try{let s=require("fs").readFileSync(ma(),"utf8"),o=JSON.parse(s);if(o&&typeof o[t]=="boolean")return o[t]}catch{}return null}function Pf(t,e){try{let s=require("fs"),o=require("path"),n=ma(),r=o.dirname(n),a={};try{a=JSON.parse(s.readFileSync(n,"utf8"))}catch{}a[t]=e;let c=Object.keys(a);c.length>50&&c.slice(0,c.length-50).forEach(l=>delete a[l]),s.existsSync(r)||s.mkdirSync(r,{recursive:!0}),s.writeFileSync(n,JSON.stringify(a),"utf8")}catch{}}function Lf(){let t=(process.env.NEX_THEME||"").toLowerCase();if(t==="light")return!1;if(t==="dark")return!0;let e=process.env.COLORFGBG;if(e){let a=e.split(";"),c=parseInt(a[a.length-1],10);if(!isNaN(c))return c<8}let s=process.env.TERM_SESSION_ID||"default",o=If(s);if(o!==null)return o;let n=Mf(),r=n!==null?n:!0;return Pf(s,r),r}var ha=Lf(),ga={reset:fa,bold:pa,dim:dn,primary:O(80,190,255),secondary:O(60,170,190),success:O(80,210,120),warning:O(245,175,50),error:O(230,80,80),muted:dn,subtle:O(130,130,145),tool_read:O(80,190,255),tool_write:O(245,165,55),tool_exec:O(185,100,235),tool_search:O(70,185,190),tool_git:O(90,210,100),tool_web:O(100,215,250),tool_sysadmin:O(225,150,75),tool_default:O(100,205,115),syn_keyword:O(185,100,235),syn_string:O(90,210,120),syn_number:O(245,175,50),syn_comment:dn,syn_key:O(80,190,255),diff_add:O(80,210,120),diff_rem:O(230,80,80),banner_logo:O(80,200,255),banner_name:O(80,200,255),banner_version:dn,banner_model:dn,banner_yolo:O(245,175,50),footer_sep:dn,footer_model:O(80,175,235),footer_branch:O(80,210,100),footer_project:O(130,130,145),footer_divider:O(80,80,95),white:"\x1B[37m",red:"\x1B[31m",green:"\x1B[32m",yellow:"\x1B[33m",blue:"\x1B[34m",magenta:"\x1B[35m",cyan:"\x1B[36m",gray:"\x1B[90m",bgRed:"\x1B[41m",bgGreen:"\x1B[42m",diff_add_bg:"\x1B[48;2;10;46;20m",diff_rem_bg:"\x1B[48;2;58;16;16m",brightCyan:"\x1B[96m",brightMagenta:"\x1B[95m",brightBlue:"\x1B[94m"},$a={reset:fa,bold:pa,dim:O(110,110,120),primary:O(0,110,190),secondary:O(0,125,148),success:O(0,148,62),warning:O(168,92,0),error:O(188,32,32),muted:O(110,110,120),subtle:O(155,155,165),tool_read:O(0,110,190),tool_write:O(168,92,0),tool_exec:O(128,42,188),tool_search:O(0,122,148),tool_git:O(0,138,62),tool_web:O(0,112,178),tool_sysadmin:O(168,82,0),tool_default:O(0,138,62),syn_keyword:O(128,42,188),syn_string:O(0,138,62),syn_number:O(168,92,0),syn_comment:O(135,135,148),syn_key:O(0,110,190),diff_add:O(0,148,62),diff_rem:O(188,32,32),banner_logo:O(0,122,205),banner_name:O(0,122,205),banner_version:O(100,100,118),banner_model:O(100,100,118),banner_yolo:O(168,62,0),footer_sep:O(168,168,178),footer_model:O(0,102,175),footer_branch:O(0,138,62),footer_project:O(135,135,148),footer_divider:O(168,168,178),white:O(40,40,52),red:O(188,32,32),green:O(0,148,62),yellow:O(168,92,0),blue:O(0,110,190),magenta:O(128,42,188),cyan:O(0,125,148),gray:O(132,132,142),bgRed:"\x1B[41m",bgGreen:"\x1B[42m",diff_add_bg:"\x1B[48;2;215;245;220m",diff_rem_bg:"\x1B[48;2;255;215;215m",brightCyan:O(0,158,182),brightMagenta:O(158,52,208),brightBlue:O(0,112,208)},jf=ha?ga:$a;ya.exports={T:jf,isDark:ha,DARK:ga,LIGHT:$a}});var Dn=q((jb,ba)=>{var{T:P}=Ht(),Cs=5,fn=(()=>{let t=[];for(let e=0;e<Cs;e++)t.push(e);for(let e=Cs-2;e>=1;e--)t.push(e);return t})(),wa=["\u273D","\u2726","\u2727","\u2726"],Zo=class{constructor(e="Thinking..."){this.text=e,this.frame=0,this.interval=null,this.startTime=null}_render(){if(this._stopped)return;let e=fn[this.frame%fn.length],s="";for(let n=0;n<Cs;n++)s+=n===e?`${P.cyan}\u25CF${P.reset}`:" ";let o="";if(this.startTime){let n=Math.floor((Date.now()-this.startTime)/1e3);if(n>=60){let r=Math.floor(n/60),a=n%60;o=` ${P.dim}${r}m ${String(a).padStart(2,"0")}s${P.reset}`}else n>=1&&(o=` ${P.dim}${n}s${P.reset}`)}process.stderr.write(`\x1B[2K\r${s} ${P.dim}${this.text}${P.reset}${o}`),this.frame++}start(){this._stopped=!1,this.startTime=Date.now(),process.stderr.isTTY&&(process.stderr.write("\x1B[?25l"),this._render(),this.interval=setInterval(()=>this._render(),100))}update(e){this.text=e}stop(){this._stopped=!0,this.interval&&(clearInterval(this.interval),this.interval=null),process.stderr.isTTY&&process.stderr.write("\x1B[2K\r\x1B[?25h"),this.startTime=null}},er=class{constructor(e){this.labels=e,this.statuses=e.map(()=>"running"),this.frame=0,this.interval=null,this.startTime=null,this.lineCount=e.length}_formatElapsed(){if(!this.startTime)return"";let e=Math.floor((Date.now()-this.startTime)/1e3);if(e<1)return"";let s=Math.floor(e/60),o=e%60;return s>0?`${s}m ${String(o).padStart(2,"0")}s`:`${o}s`}_render(){if(this._stopped)return;let e=fn[this.frame%fn.length],s=`${P.cyan}\u25CF${P.reset}`,o=`${P.dim}\u25CB${P.reset}`,n=this._formatElapsed(),r=n?` ${P.dim}${n}${P.reset}`:"",a="";for(let c=0;c<this.labels.length;c++){let l,u;switch(this.statuses[c]){case"done":l=`${P.green}\u2713${P.reset}`,u=P.dim;break;case"error":l=`${P.red}\u2717${P.reset}`,u=P.dim;break;default:l=c===e?s:" ",u=""}let d=c===this.labels.length-1?r:"";a+=`\x1B[2K  ${l} ${u}${this.labels[c]}${P.reset}${d}
 `}this.lineCount>0&&(a+=`\x1B[${this.lineCount}A`),process.stderr.write(a),this.frame++}start(){this._stopped=!1,this.startTime=Date.now();let e="\x1B[?25l";for(let s=0;s<this.lineCount;s++)e+=`
 `;this.lineCount>0&&(e+=`\x1B[${this.lineCount}A`),process.stderr.write(e),this._render(),this.interval=setInterval(()=>this._render(),100)}update(e,s){e>=0&&e<this.statuses.length&&(this.statuses[e]=s)}stop(){this._stopped=!0,this.interval&&(clearInterval(this.interval),this.interval=null),this._renderFinal(),process.stderr.write("\x1B[?25h")}_renderFinal(){let e=this._formatElapsed(),s=e?` ${P.dim}${e}${P.reset}`:"",o="";for(let n=0;n<this.labels.length;n++){let r;switch(this.statuses[n]){case"done":r=`${P.green}\u2713${P.reset}`;break;case"error":r=`${P.red}\u2717${P.reset}`;break;default:r=`${P.yellow}\u25CB${P.reset}`}let a=n===this.labels.length-1?s:"";o+=`\x1B[2K  ${r} ${P.dim}${this.labels[n]}${P.reset}${a}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "nex-code",
-  "version": "0.3.64",
+  "version": "0.3.65",
   "description": "The open-source agentic coding CLI. Free with Ollama Cloud — switch to OpenAI, Anthropic or Gemini anytime. Alternative to Claude Code & Gemini CLI.",
   "bin": {
     "nex-code": "./dist/nex-code.js"