wormclaude 1.0.143 → 1.0.145

package/dist/inlinetools.js

@@ -128,6 +128,72 @@ function toToolCall(obj, i) {
 function looksLikeCall(o) {
     return !!o && typeof o === 'object' && (typeof o.name === 'string' || typeof o.tool === 'string' || (o.function && typeof o.function === 'object'));
 }
+// Sarmasız (wrapper'sız) üst-düzey JSON için SIKI kontrol: yalnız adı BİLİNEN bir araç olan
+// veya `function`/`arguments` yapısı taşıyan nesne çağrıdır. Aksi halde `package.json` gibi
+// `"name"` içeren GERÇEK dosya içerikleri yanlışlıkla araç çağrısı sanılırdı (latent bug).
+const _KNOWN_TOOL_RE = /^(?:Bash|PowerShell|Read|Write|Edit|Glob|Grep|WebFetch|WebSearch|Sleep|TaskOutput|AskUserQuestion)$/;
+function looksLikeKnownCall(o) {
+    if (!o || typeof o !== 'object')
+        return false;
+    if (o.function && typeof o.function === 'object')
+        return true;
+    const nm = o.name || o.tool || o.tool_name;
+    if (typeof nm !== 'string' || !_KNOWN_TOOL_RE.test(nm))
+        return false;
+    // Bilinen ad + bir argüman anahtarı (çıplak `{"name":"Read"}` da geçerli olabilir → ad yeter).
+    return true;
+}
+// ---- DOSYA-BLOĞU KURTARMA (build paste-vs-write) -----------------------------
+// Model bir build görevinde Write çağırmak yerine ```kod bloğu YAPIŞTIRABİLİR ve
+// dosya hiç oluşmaz. Bunu kurtarıyoruz — AMA yalnız blok AÇIKÇA bir dosya adıyla
+// etiketliyse (`index.html`, **app.py**, `# server.py`, `Dosya: x.css`…). Etiket
+// yoksa (saf "kod göster" / örnek) DOKUNMAYIZ. Recovered Write yine onay ister →
+// kullanıcı sadece görmek istediyse reddeder (güvenli).
+const _CODE_EXT = 'py|js|jsx|ts|tsx|html?|htm|css|scss|sass|less|json|jsonc|sh|bash|zsh|go|rs|java|kt|c|cc|cpp|cxx|h|hpp|rb|php|sql|ya?ml|toml|ini|env|xml|svg|vue|svelte|astro|md|markdown|txt|dockerfile|makefile|cs|swift|dart|lua|pl|r|m|mjs|cjs|tf|gradle|bat|ps1';
+const _ECHO_FILE_LANGS = /^(plaintext|plain|text|txt|http|https|console|output|log|raw|diff|patch)$/i;
+// Dosya-adı token'ı: `path/to/file.ext` veya `file.ext` (gerçek kod uzantısı şart).
+const _FNAME = '(?:[\\w./\\\\-]+\\.(?:' + _CODE_EXT + ')|Dockerfile|Makefile|\\.(?:env|gitignore|babelrc)[\\w.-]*)';
+// Etiket biçimleri — fence'ten HEMEN önce (≤2 satır), aynı paragraf:
+//   `file.ext`  |  **file.ext**  |  ## file.ext  |  File:/Dosya:/Filename: file.ext  |  file.ext:
+const _LABEL_RE = new RegExp('(?:^|\\n)[ \\t>*#`\\-]*' +
+    '(?:(?:file|dosya|filename|dosya adı|path|yol)\\s*[:=]\\s*)?' +
+    '["`*\\[(]*\\s*(' + _FNAME + ')\\s*["`*\\])]*\\s*:?[ \\t]*' + // **bold**/`tick`/[bracket] çoklu sarmal
+    '(?:\\([^)\\n]*\\))?[ \\t]*' + // "index.html (ana sayfa)" gibi parantez-not
+    '\\r?\\n(?:[ \\t]*\\r?\\n)?' + // araya en çok bir boş satır
+    '```([a-zA-Z0-9_+-]*)[ \\t]*\\r?\\n([\\s\\S]*?)```', 'gi');
+/** Metindeki dosya-adı etiketli kod bloklarını bulur (span'larıyla). Konservatif:
+ *  gerçek kod uzantısı + echo-olmayan dil + ≥2 satır/≥40 karakter gövde şart. */
+export function findFileBlocks(text) {
+    const t = text || '';
+    const out = [];
+    const seen = new Set();
+    let m;
+    _LABEL_RE.lastIndex = 0;
+    while ((m = _LABEL_RE.exec(t)) !== null) {
+        const file = m[1].trim();
+        const lang = (m[2] || '').trim();
+        const body = m[3] || '';
+        if (_ECHO_FILE_LANGS.test(lang))
+            continue; // komut/çıktı bloğu — dosya değil
+        const nonEmpty = body.split('\n').filter((l) => l.trim()).length;
+        if (body.trim().length < 15 && nonEmpty < 2)
+            continue; // önemsiz snippet (`a=1` gibi) — etiket asıl sinyal
+        const key = file + '|' + body.length;
+        if (seen.has(key))
+            continue;
+        seen.add(key);
+        out.push({ file, content: body.replace(/\s+$/, '') + '\n', start: m.index, end: m.index + m[0].length });
+    }
+    return out;
+}
+/** Dosya-bloklarını Write çağrılarına çevirir (yapısal/inline tool-call YOKKEN son çare). */
+export function recoverFileBlocks(text) {
+    return findFileBlocks(text).map((b, i) => ({
+        id: `fileblock_${i}`,
+        name: 'Write',
+        args: JSON.stringify({ file_path: b.file, content: b.content }),
+    }));
+}
 /** Metindeki üst-düzey {…} JSON nesnelerini (string/escape duyarlı) çıkarır.
  *  Model çağrıları sarmasız ve BİRDEN FAZLA nesne olarak dökebilir: {…}{…} veya {…}\n{…}
  *  (abliterated coder davranışı). Her üst-düzey nesneyi ayrı parça olarak döndürür. */
@@ -169,7 +235,8 @@ function extractTopLevelJsonObjects(text) {
 export function recoverInlineToolCalls(text) {
     const t = (text || '').trim();
     // JSON/prose/ToolName{…}/ToolName(…) çağrısı yoksa erken çık.
-    if (!t || (!t.includes('"name"') && !t.includes('"tool"') && !t.includes('"function"') && !/AskUserQuestion/i.test(t) && !TOOL_PREFIX_RE.test(t) && !TOOL_PAREN_RE.test(t)))
+    // (Kod fence'i varsa çıkma — dosya-adı etiketli blok olabilir, adım 7 karar verir.)
+    if (!t || (!t.includes('"name"') && !t.includes('"tool"') && !t.includes('"function"') && !/AskUserQuestion/i.test(t) && !TOOL_PREFIX_RE.test(t) && !TOOL_PAREN_RE.test(t) && !t.includes('```')))
         return [];
     const out = [];
     const seen = new Set();
@@ -193,7 +260,9 @@ export function recoverInlineToolCalls(text) {
     if (!out.length) {
         for (const m of t.matchAll(/```(?:json|tool_call|tool|function)?\s*([\s\S]*?)```/gi)) {
             const o = safeJsonParse(m[1].trim(), null);
-            if (looksLikeCall(o))
+            // SIKI: ```json içine konmuş GERÇEK dosya (`{"name":"app",...}`) tool-call sanılmasın;
+            // sarmalı tool-call'lar zaten bilinen araç adı (Write/Bash…) kullanır → step 7 dosyayı alır.
+            if (looksLikeKnownCall(o))
                 push(o);
         }
     }
@@ -202,8 +271,8 @@ export function recoverInlineToolCalls(text) {
     if (!out.length) {
         for (const frag of extractTopLevelJsonObjects(t)) {
             const o = safeJsonParse(frag, null);
-            if (looksLikeCall(o))
-                push(o);
+            if (looksLikeKnownCall(o))
+                push(o); // SIKI: package.json gibi dosyaları çağrı sanma
         }
     }
     // 4) AskUserQuestion'ı JSON yerine DÜZ-METİN (prose) yazan model (abliterated):
@@ -265,6 +334,18 @@ export function recoverInlineToolCalls(text) {
             }
         }
     }
+    // 7) SON ÇARE: hiç çağrı kurtarılamadıysa, dosya-adı etiketli ```kod bloklarını
+    //    Write'a çevir (model build'de Write yerine kod yapıştırınca dosya kaybolmasın).
+    //    Adım 7, gerçek tool-call YOKKEN çalışır → "kod göster"i bozmaz (etiket gerekir).
+    if (!out.length) {
+        for (const tc of recoverFileBlocks(t)) {
+            const k = tc.name + '|' + tc.args;
+            if (!seen.has(k)) {
+                seen.add(k);
+                out.push(tc);
+            }
+        }
+    }
     return out;
 }
 /** Modelin komut/çıktıyı TEKRAR yazdığı kod-bloklarını siler (```plaintext/bash/http/console…).

package/dist/theme.js

@@ -16,4 +16,4 @@ export const theme = {
     synType: '#a78bfa', // tip/sınıf adları, sabitler
     synProp: '#e0e0e0', // özellik/anahtar adları
 };
-export const VERSION = '1.0.143';
+export const VERSION = '1.0.145';

package/dist/tools.js

@@ -149,45 +149,12 @@ function norm(p) {
     }
 }
 // ── Araç açıklamaları (WormClaude prompt.ts'lerinden birebir) ────────────────
-const BASH_DESCRIPTION = `Executes a given bash command and returns its output.
-
-The working directory persists between commands, but shell state does not. The shell environment is initialized from the user's profile (bash or zsh).
-
-IMPORTANT: Avoid using this tool to run \`find\`, \`grep\`, \`cat\`, \`head\`, \`tail\`, \`sed\`, \`awk\`, or \`echo\` commands, unless explicitly instructed or after you have verified that a dedicated tool cannot accomplish your task. Instead, use the appropriate dedicated tool as this will provide a much better experience for the user:
-
-- File search: Use Glob (NOT find or ls)
-- Content search: Use Grep (NOT grep or rg)
-- Read files: Use Read (NOT cat/head/tail)
-- Edit files: Use Edit (NOT sed/awk)
-- Write files: Use Write (NOT echo >/cat <<EOF)
-- Communication: Output text directly (NOT echo/printf)
-
-While the Bash tool can do similar things, it's better to use the built-in tools as they provide a better user experience and make it easier to review tool calls and give permission.
-
-# Instructions
-- If your command will create new directories or files, first use this tool to run \`ls\` to verify the parent directory exists and is the correct location.
-- Always quote file paths that contain spaces with double quotes in your command (e.g., cd "path with spaces/file.txt")
-- Try to maintain your current working directory throughout the session by using absolute paths and avoiding usage of \`cd\`. You may use \`cd\` if the User explicitly requests it.
-- You may specify an optional timeout in milliseconds (up to ${MAX_BASH_TIMEOUT_MS}ms / ${MAX_BASH_TIMEOUT_MS / 60000} minutes). By default, your command will timeout after ${DEFAULT_BASH_TIMEOUT_MS}ms (${DEFAULT_BASH_TIMEOUT_MS / 60000} minutes).
-- When issuing multiple commands:
-  - If the commands depend on each other and must run sequentially, use a single Bash call with '&&' to chain them together.
-  - Use ';' only when you need to run commands sequentially but don't care if earlier commands fail.
-  - DO NOT use newlines to separate commands (newlines are ok in quoted strings).
-- For git commands:
-  - Prefer to create a new commit rather than amending an existing commit.
-  - Before running destructive operations (e.g., git reset --hard, git push --force, git checkout --), consider whether there is a safer alternative that achieves the same goal. Only use destructive operations when they are truly the best approach.
-  - Never skip hooks (--no-verify) or bypass signing unless the user has explicitly asked for it. If a hook fails, investigate and fix the underlying issue.
-- Avoid unnecessary \`sleep\` commands: do not sleep between commands that can run immediately — just run them.`;
-const READ_DESCRIPTION = `Reads a file from the local filesystem. You can access any file directly by using this tool.
-Assume this tool is able to read all files on the machine. If the User provides a path to a file assume that path is valid. It is okay to read a file that does not exist; an error will be returned.
-
-Usage:
-- The file_path parameter must be an absolute path, not a relative path
-- By default, it reads up to ${MAX_LINES_TO_READ} lines starting from the beginning of the file
-- You can optionally specify a line offset and limit (especially handy for long files), but it's recommended to read the whole file by not providing these parameters
-- Results are returned using cat -n format, with line numbers starting at 1
-- This tool can only read files, not directories. To read a directory, use an ls command via the Bash tool.
-- If you read a file that exists but has empty contents you will receive a system reminder warning in place of file contents.`;
+const BASH_DESCRIPTION = `Run a shell command and return its output. Working directory persists between calls; shell state does not.
+- Prefer the dedicated tools over shell: Glob (not find/ls), Grep (not grep/rg), Read (not cat/head/tail), Edit (not sed/awk), Write (not echo>). Use Bash for everything else (npm, git, build, run, curl, pip).
+- Quote paths with spaces. Chain dependent commands with && in ONE call; use ; if you do not care about failures; no newlines between commands.
+- timeout: optional ms (max ${MAX_BASH_TIMEOUT_MS}, default ${DEFAULT_BASH_TIMEOUT_MS}). run_in_background: true for long or never-exiting commands (returns a task id; read later with TaskOutput).
+- git: commit only when asked; avoid destructive ops (reset --hard, push --force) unless clearly best.`;
+const READ_DESCRIPTION = `Read a file from the local filesystem. file_path must be ABSOLUTE. Returns content with line numbers (cat -n format), up to ${MAX_LINES_TO_READ} lines; optional offset/limit for long files. Cannot read directories (use ls via Bash). A missing file returns an error.`;
 const WRITE_DESCRIPTION = `Writes a file to the local filesystem.
 
 Usage:
@@ -196,28 +163,12 @@ Usage:
 - Prefer the Edit tool for modifying existing files — it only sends the diff. Only use this tool to create new files or for complete rewrites.
 - NEVER create documentation files (*.md) or README files unless explicitly requested by the User.
 - Only use emojis if the user explicitly requests it. Avoid writing emojis to files unless asked.`;
-const EDIT_DESCRIPTION = `Performs exact string replacements in files.
-
-Usage:
-- You must use your \`Read\` tool at least once in the conversation before editing. This tool will error if you attempt an edit without reading the file.
-- When editing text from Read tool output, ensure you preserve the exact indentation (tabs/spaces) as it appears AFTER the line number prefix. The line number prefix format is: spaces + line number + tab. Everything after that is the actual file content to match. Never include any part of the line number prefix in the old_string or new_string.
-- ALWAYS prefer editing existing files in the codebase. NEVER write new files unless explicitly required.
-- Only use emojis if the user explicitly requests it. Avoid adding emojis to files unless asked.
-- The edit will FAIL if \`old_string\` is not unique in the file. Either provide a larger string with more surrounding context to make it unique or use \`replace_all\` to change every instance of \`old_string\`.
-- Use \`replace_all\` for replacing and renaming strings across the file. This parameter is useful if you want to rename a variable for instance.`;
+const EDIT_DESCRIPTION = `Exact string replacement in a file. You MUST Read the file at least once first (errors otherwise). old_string must be UNIQUE in the file - include enough surrounding context, or use replace_all to change every occurrence (e.g. renaming a variable). Preserve exact indentation from the file; do NOT include the line-number prefix from Read output.`;
 const GLOB_DESCRIPTION = `- Fast file pattern matching tool that works with any codebase size
 - Supports glob patterns like "**/*.js" or "src/**/*.ts"
 - Returns matching file paths sorted by modification time
 - Use this tool when you need to find files by name patterns`;
-const GREP_DESCRIPTION = `A powerful search tool built on ripgrep
-
-Usage:
-- ALWAYS use Grep for search tasks. NEVER invoke \`grep\` or \`rg\` as a Bash command. The Grep tool has been optimized for correct permissions and access.
-- Supports full regex syntax (e.g., "log.*Error", "function\\s+\\w+")
-- Filter files with glob parameter (e.g., "*.js", "**/*.tsx") or type parameter (e.g., "js", "py", "rust")
-- Output modes: "content" shows matching lines, "files_with_matches" shows only file paths (default), "count" shows match counts
-- Pattern syntax: literal braces need escaping (use \`interface\\{\\}\` to find \`interface{}\` in Go code)
-- Multiline matching: By default patterns match within single lines only. For cross-line patterns like \`struct \\{[\\s\\S]*?field\`, use \`multiline: true\``;
+const GREP_DESCRIPTION = `Search file contents (built on ripgrep) - ALWAYS use this instead of grep/rg in Bash. Full regex syntax. Filter with glob ("*.ts") or type ("py","js"). output_mode: "files_with_matches" (default), "content" (matching lines; supports -A/-B/-C/-n), or "count". Use multiline:true for cross-line patterns.`;
 const AGENT_DESCRIPTION = `Launch a new sub-agent to handle a complex, multi-step task autonomously.
 
 The sub-agent runs its own tool-calling loop (Bash, Read, Write, Edit, Glob, Grep, WebFetch) against the same model, then returns a final summary. Use this to:
@@ -230,18 +181,7 @@ Usage:
 - run_in_background: if true, returns a task id immediately and the agent works in the background; read its result later with TaskOutput. If false (default), blocks until the sub-agent finishes and returns its result directly.
 - The sub-agent CANNOT launch further sub-agents (no nesting).`;
 const TASKOUTPUT_DESCRIPTION = `Read the current output and status of a background task (shell command or sub-agent) previously started with run_in_background. Returns the task status and its accumulated output.`;
-const WEBFETCH_DESCRIPTION = `- Fetches content from a specified URL
-- Takes a URL and a prompt as input
-- Fetches the URL content, converts HTML to text
-- Returns the page content for analysis against the prompt
-- Use this tool when you need to retrieve and analyze web content
-
-Usage notes:
-  - The URL must be a fully-formed valid URL
-  - HTTP URLs will be automatically upgraded to HTTPS
-  - The prompt should describe what information you want to extract from the page
-  - This tool is read-only and does not modify any files
-  - For GitHub URLs, prefer using the gh CLI via Bash instead (e.g., gh pr view, gh issue view, gh api).`;
+const WEBFETCH_DESCRIPTION = `Fetch a URL and return its text content for analysis against your prompt. url must be a full valid URL (http auto-upgraded to https); prompt describes what to extract. Read-only. For GitHub URLs prefer gh CLI via Bash.`;
 // ── Şemalar (OpenAI function-calling formatı) ─────────────────────────────────
 export const toolSchemas = [
     {

package/dist/tui.js

@@ -445,7 +445,10 @@ export async function runTui() {
                         if (allowAll.has(c.name))
                             return resolve('allow');
                         // Claude tarzı: Write/Edit'te YAZMADAN ÖNCE dosya içeriğini göster, sonra onay iste.
-                        if ((c.name === 'Write' && args?.content != null) || (c.name === 'Edit' && args?.new_string != null)) {
+                        // İSTİSNA: kurtarılan dosya-bloğu (id `fileblock_`) içeriği zaten akışta prose olarak
+                        // gösterildi → fileprev'i ATLA, yoksa aynı kod iki kez basılır.
+                        const _recoveredBlock = typeof c.id === 'string' && c.id.startsWith('fileblock_');
+                        if (!_recoveredBlock && ((c.name === 'Write' && args?.content != null) || (c.name === 'Edit' && args?.new_string != null))) {
                             const _content = String(c.name === 'Write' ? args.content : args.new_string);
                             printItem({ kind: 'fileprev', file: relWs(args.file_path), lines: _content.split('\n') });
                         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wormclaude",
-  "version": "1.0.143",
+  "version": "1.0.145",
   "description": "WormClaude CLI - uncensored security+code assistant (ink TUI, Claude-style)",
   "type": "module",
   "bin": {