npm - orquesta-cli - Versions diffs - 0.2.105 → 0.2.107 - Mend

orquesta-cli 0.2.105 → 0.2.107

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/core/llm/llm-client.js +19 -7
package/dist/utils/platform-utils.js +20 -1
package/package.json +1 -1

package/dist/core/llm/llm-client.js CHANGED Viewed

@@ -711,6 +711,7 @@ export class LLMClient {
         let finalResponseFailures = 0;
         const MAX_NO_TOOL_CALL_RETRIES = 3;
         const MAX_FINAL_RESPONSE_FAILURES = 3;
+        const toolChoiceAuto = /^(1|true|yes|on)$/i.test(process.env['ORQUESTA_TOOL_CHOICE_AUTO'] || '');
         const MAX_ITERATIONS = Number(process.env['ORQUESTA_MAX_TOOL_ITERATIONS']) || 50;
         const recentToolSignatures = [];
         const recentNormalizedSignatures = [];
@@ -742,7 +743,7 @@ export class LLMClient {
                 response = await this.chatCompletion({
                     messages: workingMessages,
                     tools,
-                    tool_choice: 'required',
+                    tool_choice: toolChoiceAuto ? 'auto' : 'required',
                     ...(roleModel ? { model: roleModel } : {}),
                 });
             }
@@ -951,6 +952,23 @@ export class LLMClient {
                 continue;
             }
             else {
+                const hasMalformedToolCall = !!assistantMessage.content &&
+                    (/<tool_call>/i.test(assistantMessage.content) ||
+                        /<arg_key>/i.test(assistantMessage.content) ||
+                        /<arg_value>/i.test(assistantMessage.content) ||
+                        /<\/tool_call>/i.test(assistantMessage.content) ||
+                        /bash<arg_key>/i.test(assistantMessage.content));
+                if (toolChoiceAuto && !hasMalformedToolCall && assistantMessage.content && assistantMessage.content.trim()) {
+                    const direct = assistantMessage.content;
+                    logger.flow('tool_choice:auto — accepting direct text answer as final response');
+                    const { emitAssistantResponse } = await import('../../tools/llm/simple/file-tools.js');
+                    emitAssistantResponse(direct);
+                    return {
+                        message: { role: 'assistant', content: direct },
+                        toolCalls: toolCallHistory,
+                        allMessages: workingMessages,
+                    };
+                }
                 noToolCallRetries++;
                 logger.flow(`No tool call - enforcing tool usage (attempt ${noToolCallRetries}/${MAX_NO_TOOL_CALL_RETRIES})`);
                 if (noToolCallRetries > MAX_NO_TOOL_CALL_RETRIES) {
@@ -964,12 +982,6 @@ export class LLMClient {
                         allMessages: workingMessages,
                     };
                 }
-                const hasMalformedToolCall = assistantMessage.content &&
-                    (/<tool_call>/i.test(assistantMessage.content) ||
-                        /<arg_key>/i.test(assistantMessage.content) ||
-                        /<arg_value>/i.test(assistantMessage.content) ||
-                        /<\/tool_call>/i.test(assistantMessage.content) ||
-                        /bash<arg_key>/i.test(assistantMessage.content));
                 const retryMessage = hasMalformedToolCall
                     ? 'Your previous response contained a malformed tool call (XML tags in content). You MUST use the proper tool_calls API format. Use final_response tool to deliver your message to the user.'
                     : 'You must use tools for all actions. Use final_response tool to deliver your final message to the user after completing all tasks.';

package/dist/utils/platform-utils.js CHANGED Viewed

@@ -51,16 +51,33 @@ export const BASH_DANGEROUS_PATTERNS = [
     /\brm\s+-rf\s+[\/~]/i,
     /\brm\s+-rf\s+\*/i,
     /\bdd\s+if=/i,
+    /\bdd\b[^\n]*\bof=\/dev\/sd/i,
     /\bmkfs\b/i,
     /\b:(){ :|:& };:/,
-    /\bchmod\s+-R\s+777\s+\//i,
+    /\bchmod\s+(-R\s+)?777\s+[\/~]/i,
     /\bsudo\s+rm/i,
     />\s*\/dev\/sd[a-z]/i,
+    /\b(curl|wget)\b[^|]*\|\s*(sudo\s+)?(ba|z)?sh\b/i,
+    /\bgit\s+push\b[^\n]*(?:^|\s)(?:--force|-f)\b[^\n]*\b(?:main|master|prod)\b/i,
+    /\bgit\s+push\b[^\n]*\b(?:main|master|prod)\b[^\n]*(?:^|\s)(?:--force|-f)\b/i,
     /\bshutdown\b/i,
     /\breboot\b/i,
     /\bhalt\b/i,
     /\bpoweroff\b/i,
 ];
+const CATASTROPHIC_RM_TARGET = /^(\/|~\/?|\*|\.\/?|\.\.\/?|\/\*|~\/\*)$/;
+function isCatastrophicRm(command) {
+    const m = command.match(/\brm\b((?:\s+-{1,2}[A-Za-z-]+)*)\s+(\S+)/i);
+    if (!m)
+        return false;
+    const flags = (m[1] ?? '').toLowerCase();
+    const target = m[2] ?? '';
+    const hasRecursive = /-{1,2}\w*r/.test(flags) || flags.includes('recursive');
+    const hasForce = /-{1,2}\w*f/.test(flags) || flags.includes('force');
+    if (!hasRecursive || !hasForce)
+        return false;
+    return CATASTROPHIC_RM_TARGET.test(target);
+}
 export const POWERSHELL_DANGEROUS_PATTERNS = [
     /Remove-Item\s+.*-Recurse\s+.*-Force\s+[A-Z]:\\/i,
     /ri\s+.*-r\s+.*-fo\s+[A-Z]:\\/i,
@@ -79,6 +96,8 @@ export const POWERSHELL_DANGEROUS_PATTERNS = [
     /for\s*\(\s*;\s*;\s*\)\s*\{.*Start-Process/i,
 ];
 export function isDangerousBashCommand(command) {
+    if (isCatastrophicRm(command))
+        return true;
     return BASH_DANGEROUS_PATTERNS.some(pattern => pattern.test(command));
 }
 export function isDangerousPowerShellCommand(command) {

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "orquesta-cli",
-  "version": "0.2.105",
+  "version": "0.2.107",
   "description": "Orquesta CLI - AI-powered coding assistant with team collaboration",
   "type": "module",
   "main": "dist/index.js",