ata-coder 2.4.8__tar.gz → 2.5.0__tar.gz

{ata_coder-2.4.8/ata_coder.egg-info → ata_coder-2.5.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ata-coder
-Version: 2.4.8
+Version: 2.5.0
 Summary: ATA Coder — AI-powered coding assistant
 Author: ATA Coder Team
 License-Expression: MIT
@@ -8,7 +8,7 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: click>=8.0
-Requires-Dist: httpx>=0.27.0
+Requires-Dist: httpx<1.0,>=0.27.0
 Requires-Dist: colorama>=0.4.6
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: rich>=13.0.0
@@ -21,13 +21,15 @@ Requires-Dist: pytest-timeout>=2.0; extra == "dev"
 Requires-Dist: tiktoken>=0.5.0; extra == "dev"
 Dynamic: license-file
 
-# ATA Coder v2.4.7
+# ATA Coder v2.4.8
 
 **AI-powered coding assistant — async, AST-aware, single config file.**
 
 [English](#english) | [中文](#中文)
 
-> **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
+> **v2.4.8** — 🤖 **Self-Bootstrapped Audit (Round 12)**: ATA Coder found 10 bugs in its own source — thread races, command injection, silent corruption. All self-found, all self-fixed.
+>
+> > **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
 >
 > > **v2.4.6** — 🔐 **OS-Native Credential Store**: API key encrypted at rest via Windows DPAPI / macOS Keychain / Linux secret-tool. Auto-migrates plaintext keys. Zero dependencies.
 >
@@ -552,7 +554,9 @@ All 6 findings in this release were discovered by **ATA Coder scanning its own s
 
 ## 中文
 
-> **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
+> **v2.4.8** — 🤖 **自举审计（第 12 轮）**: ATA Coder 审计自身源码发现 10 个 bug — 线程竞态、命令注入、静默数据损坏。全部自发现、自修复。
+>
+> > **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
 >
 > > **v2.4.6** — 🔐 **操作系统凭据存储**: API Key 通过 Windows DPAPI / macOS Keychain / Linux secret-tool 加密存储。自动迁移明文密钥。零依赖。
 >

{ata_coder-2.4.8 → ata_coder-2.5.0}/README.md

@@ -1,10 +1,12 @@
-# ATA Coder v2.4.7
+# ATA Coder v2.4.8
 
 **AI-powered coding assistant — async, AST-aware, single config file.**
 
 [English](#english) | [中文](#中文)
 
-> **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
+> **v2.4.8** — 🤖 **Self-Bootstrapped Audit (Round 12)**: ATA Coder found 10 bugs in its own source — thread races, command injection, silent corruption. All self-found, all self-fixed.
+>
+> > **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
 >
 > > **v2.4.6** — 🔐 **OS-Native Credential Store**: API key encrypted at rest via Windows DPAPI / macOS Keychain / Linux secret-tool. Auto-migrates plaintext keys. Zero dependencies.
 >
@@ -529,7 +531,9 @@ All 6 findings in this release were discovered by **ATA Coder scanning its own s
 
 ## 中文
 
-> **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
+> **v2.4.8** — 🤖 **自举审计（第 12 轮）**: ATA Coder 审计自身源码发现 10 个 bug — 线程竞态、命令注入、静默数据损坏。全部自发现、自修复。
+>
+> > **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
 >
 > > **v2.4.6** — 🔐 **操作系统凭据存储**: API Key 通过 Windows DPAPI / macOS Keychain / Linux secret-tool 加密存储。自动迁移明文密钥。零依赖。
 >

{ata_coder-2.4.8 → ata_coder-2.5.0}/agent.py

@@ -22,7 +22,6 @@ The agent runs a conversation loop:
 import asyncio
 import json
 import logging
-import os
 import time
 from typing import Any, Callable
 
@@ -320,14 +319,17 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
             raise
         except Exception as e:
             logger.critical("Agent fatal error: %s", e, exc_info=True)
-            self._emit(ErrorEvent(f"Fatal error: {e}"))
-            return f"Error: {e}"
+            # Sanitize — full details are in the log; never leak exception
+            # messages (which may contain paths / keys) to the caller.
+            self._emit(ErrorEvent("An unexpected error occurred. Check logs for details."))
+            return "An unexpected error occurred. Please check the logs for details."
         finally:
             self._state.phase = AgentPhase.SHUTDOWN
             # Auto-save session after every task (best-effort, never crashes)
             self._auto_save_session()
-            # Always deactivate skill after task — prevents state leak
-            if self.skills:
+            # Deactivate skill only for fresh-context runs; persistent
+            # (reset_context=False) sessions keep their skill active.
+            if self.skills and reset_context:
                 self.skills.deactivate()
 
     async def _run_loop(self, task: str, stream: bool = True) -> str:
@@ -446,7 +448,7 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
                 self._append_message(assistant_msg)
                 for tc, result in zip(tool_calls, results, strict=True):
                     self._warn_if_large_result(result, tc["function"]["name"])
-                    self._store_tool_result(result, tc["id"])
+                    self._store_tool_result(result, tc["id"], tool_name=tc["function"]["name"])
             else:
                 # Clawd: one PreToolUse for the batch (not per-tool)
                 get_clawd().tool_use(
@@ -471,7 +473,7 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
                     assistant_msg["reasoning_content"] = response["reasoning_content"]
                 self._append_message(assistant_msg)
                 for tc, result in zip(tool_calls, batch_results, strict=True):
-                    self._store_tool_result(result, tc["id"])
+                    self._store_tool_result(result, tc["id"], tool_name=tc["function"]["name"])
 
                 # Clawd: one PostToolUse for the serial batch
                 all_ok = all(r.success for r in batch_results)
@@ -585,6 +587,7 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
         Mirrors the main run() loop: skill tool filtering, token compaction,
         consecutive-failure detection, and circuit breaker.
         """
+        self._state.phase = AgentPhase.THINKING
         self._append_message({"role": "user", "content": message})
 
         SAFETY_LIMIT = 999  # circuit breaker
@@ -627,9 +630,11 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
             text = response.get("content", "")
 
             if not tool_calls:
+                self._state.phase = AgentPhase.COMPLETED
                 return text or "Done."
 
             # Execute tool calls (serial for safety in follow-up context)
+            self._state.phase = AgentPhase.TOOL_EXECUTING
             batch_results: list[ToolResult] = []
             for tc in tool_calls:
                 self._state.tool_call_count += 1
@@ -643,12 +648,17 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
                 batch_results.append(result)
                 self._warn_if_large_result(result, tool_name)
 
-                self._append_message({
-                    "role": "assistant",
-                    "content": text or None,
-                    "tool_calls": [tc],
-                })
-                self._store_tool_result(result, tc["id"])
+            # Append ONE assistant message with ALL tool_calls (API protocol)
+            assistant_msg: dict[str, Any] = {
+                "role": "assistant", "content": text or None, "tool_calls": tool_calls,
+            }
+            if response.get("reasoning_content"):
+                assistant_msg["reasoning_content"] = response["reasoning_content"]
+            self._append_message(assistant_msg)
+            for tc, result in zip(tool_calls, batch_results, strict=True):
+                self._store_tool_result(result, tc["id"], tool_name=tc["function"]["name"])
+
+            self._state.phase = AgentPhase.THINKING  # ready for next LLM turn
 
             # ── Consecutive failure detection ───────────────────────────
             if batch_results and not any(r.success for r in batch_results):
@@ -664,6 +674,7 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
             else:
                 _consecutive_failures = 0
 
+        self._state.phase = AgentPhase.COMPLETED
         return text or "Done."
 
     # ── Tool filtering → agent_tools.py (ToolExecutionMixin)
@@ -682,7 +693,10 @@ class CoderAgent(CompactionMixin, ToolExecutionMixin,
         """
         # Refresh model name on each build (may have changed via /model)
         self._prompt_builder.model = self.config.llm.model
-        return self._prompt_builder.build(TOOL_DEFINITIONS, user_input=user_input)
+        prompt = self._prompt_builder.build(TOOL_DEFINITIONS, user_input=user_input)
+        # Trigger extension point: on_system_prompt_build
+        self._ep_on_system_prompt.trigger(prompt=prompt, task=user_input)
+        return prompt
 
     # ── Memory commands ───────────────────────────────────────────────────
 

{ata_coder-2.4.8 → ata_coder-2.5.0}/agent_compact.py

@@ -73,7 +73,7 @@ class CompactionMixin:
 
         cm.replace_all(truncated)
         self._cached_system_prompt = None  # system msg may have shifted
-        self._state.messages = cm.messages  # sync for backward compat
+        self._state.messages = list(cm.messages)  # sync for backward compat (copy — avoid shared ref)
 
         new_tokens = cm.token_total
         logger.info("Compacted: %d→%d msgs, ~%d→%d tokens (files: %d, tools: %d)",
@@ -95,7 +95,7 @@ class CompactionMixin:
         truncated, result = cm.build_truncated_list()
         cm.replace_all(truncated)
         self._cached_system_prompt = None
-        self._state.messages = cm.messages  # sync
+        self._state.messages = list(cm.messages)  # sync (copy — avoid shared ref)
         logger.warning("Force-truncated: %d → %d messages (~%d tokens kept)",
                        result.old_count, result.new_count, result.new_tokens)
 

{ata_coder-2.4.8 → ata_coder-2.5.0}/agent_controller.py

@@ -163,8 +163,10 @@ class AgentController:
                 raise
             except Exception as e:
                 logger.exception("Agent task failed")
+                # Sanitize — full details are in the log; never leak exception
+                # messages to the event stream.
                 await self.event_queue.put(
-                    ErrorEvent(f"Agent error: {e}")
+                    ErrorEvent("An unexpected error occurred. Check logs for details.")
                 )
                 await self.event_queue.put(
                     CompleteEvent(

{ata_coder-2.4.8 → ata_coder-2.5.0}/agent_routing.py

@@ -75,7 +75,7 @@ class ModelRoutingMixin:
             s = get_settings()
             simple_max = s.get("complexity", "simple_max_chars", default=60)
             complex_min = s.get("complexity", "complex_min_chars", default=500)
-        except Exception:
+        except (ImportError, AttributeError, KeyError):
             simple_max, complex_min = 60, 500  # fallback defaults
 
         if task_len <= simple_max:

{ata_coder-2.4.8 → ata_coder-2.5.0}/agent_tools.py

@@ -123,7 +123,6 @@ class ToolExecutionMixin:
             if diagnosis and diagnosis.retry_strategy == "auto_fix":
                 fixed_args = self.self_correct.suggest_fix(tool_name, arguments, diagnosis, error_message=result.error)
                 if fixed_args and fixed_args != arguments:
-                    self._emit(ToolResultEvent(tool_name, result, source="builtin", arguments=arguments))
                     logger.info("Auto-correcting: %s (was: %s)", diagnosis.fix_suggestion[:80], result.error[:80])
                     # Retry with fixed args THROUGH the full safety pipeline
                     self._self_correct_depth += 1
@@ -157,6 +156,8 @@ class ToolExecutionMixin:
             name = tc["function"]["name"]
             if name == "run_shell":
                 return False  # Shell commands have side effects, serialize
+            if name.startswith("mcp__"):
+                return False  # MCP tools may have arbitrary side effects
             if name in ("write_file", "edit_file"):
                 if pre_parsed and i in pre_parsed:
                     fp = pre_parsed[i].get("file_path", "")
@@ -248,12 +249,16 @@ class ToolExecutionMixin:
             return json.dumps(mcp_result)
         return str(mcp_result)
 
-    def _store_tool_result(self, result: ToolResult, tool_call_id: str) -> None:
+    def _store_tool_result(self, result: ToolResult, tool_call_id: str,
+                           tool_name: str = "") -> None:
         """Truncate tool output and append to message history.
 
         Full output is available during execution, but only a capped version
         is stored for future LLM turns to prevent context bloat.
         """
+        # Trigger extension point: on_tool_result
+        if tool_name:
+            self._ep_on_tool_result.trigger(tool_name=tool_name, result=result)
         cap = self.config.agent.max_message_output_chars
         content = result.to_message()
         if len(content) > cap:
@@ -262,11 +267,13 @@ class ToolExecutionMixin:
                 + f"\n\n... [truncated {len(content) - cap:,} chars "
                 + f"from {result.output.count(chr(10)) + 1} lines]"
             )
-        self._state.messages.append({
+        tool_msg = {
             "role": "tool",
             "tool_call_id": tool_call_id,
             "content": content,
-        })
+        }
+        self._state.messages.append(tool_msg)
+        self._context_manager.append(tool_msg)  # keep CM token tracking in sync
 
     @staticmethod
     def _warn_if_large_result(result: ToolResult, tool_name: str) -> None:
@@ -297,10 +304,13 @@ class ToolExecutionMixin:
         # Check file cache first (populated by _tool_read_file)
         # Cache format: (mtime, cached_at, content) — 3-tuple with LRU timestamp
         cache_key = str(p.resolve())
-        if cache_key in self.tools._file_cache:
-            cached_mtime, _, cached_content = self.tools._file_cache[cache_key]
-            if cached_mtime == p.stat().st_mtime:
-                return cached_content
+        try:
+            if cache_key in self.tools._file_cache:
+                cached_mtime, _, cached_content = self.tools._file_cache[cache_key]
+                if cached_mtime == p.stat().st_mtime:
+                    return cached_content
+        except (ValueError, KeyError):
+            pass  # cache format changed — fall through to disk read
 
         try:
             # Safety: skip files > 50MB to avoid OOM

{ata_coder-2.4.8 → ata_coder-2.5.0}/anthropic_client.py

@@ -72,9 +72,9 @@ class AnthropicClient(BaseLLMClient):
             "x-api-key": self.config.api_key,
             "Content-Type": "application/json",
         }
-        # Native Anthropic requires this header; proxies may ignore it
-        if os.getenv("ANTHROPIC_VERSION"):
-            self._headers["anthropic-version"] = os.getenv("ANTHROPIC_VERSION")
+        # Native Anthropic requires this header (default: 2023-06-01).
+        # Proxies may ignore it; override via ANTHROPIC_VERSION env var.
+        self._headers["anthropic-version"] = os.getenv("ANTHROPIC_VERSION", "2023-06-01")
 
         self._client = httpx.AsyncClient(
             timeout=httpx.Timeout(300.0, connect=30.0),
@@ -218,7 +218,6 @@ class AnthropicClient(BaseLLMClient):
         body = sanitize_surrogates(body)
 
         # Retry loop for streaming (up to 2 retries for 429/5xx)
-        last_error = None
         for attempt in range(self._max_retries):
             try:
                 resp = await self._client.send(
@@ -264,6 +263,8 @@ class AnthropicClient(BaseLLMClient):
                 )
 
             tool_buf: dict[int, dict] = {}
+            prompt_tokens = 0
+            completion_tokens = 0
             async for line in resp.aiter_lines():
                 if not line or not line.startswith("data: "):
                     continue
@@ -279,6 +280,17 @@ class AnthropicClient(BaseLLMClient):
                 delta = event.get("delta", {})
                 idx = event.get("index", 0)
 
+                # Track usage from streaming events (Anthropic protocol)
+                if evt_type == "message_start":
+                    msg = event.get("message", {})
+                    usage = msg.get("usage", {})
+                    if usage.get("input_tokens"):
+                        prompt_tokens = usage["input_tokens"]
+                elif evt_type == "message_delta":
+                    usage = delta.get("usage", {})
+                    if usage.get("output_tokens"):
+                        completion_tokens = usage["output_tokens"]
+
                 if evt_type == "content_block_delta":
                     dt = delta.get("type", "")
                     if dt == "text_delta":
@@ -298,6 +310,18 @@ class AnthropicClient(BaseLLMClient):
                 elif evt_type == "message_stop":
                     yield ("finish", "end_turn")
 
+            # Update token counters with streamed usage data
+            if prompt_tokens:
+                self._total_prompt_tokens += prompt_tokens
+                self.last_exact_prompt_tokens = prompt_tokens
+            if completion_tokens:
+                self._total_completion_tokens += completion_tokens
+            if self._usage_callback and (prompt_tokens or completion_tokens):
+                self._usage_callback(
+                    prompt_tokens=prompt_tokens,
+                    completion_tokens=completion_tokens,
+                )
+
             # Yield tool calls
             for idx in sorted(tool_buf.keys()):
                 buf = tool_buf[idx]
@@ -346,7 +370,11 @@ class AnthropicClient(BaseLLMClient):
             elif ch in (']', '}'):
                 if stack and stack[-1] == ch:
                     stack.pop()
-        return text + ''.join(reversed(stack))
+        # Close any unterminated string before balancing brackets
+        result = text
+        if in_string and not escape:
+            result += '"'
+        return result + ''.join(reversed(stack))
 
     def _apply_thinking(self, body: dict) -> None:
         """Apply thinking/reasoning_effort — provider-agnostic.
@@ -432,18 +460,18 @@ class AnthropicClient(BaseLLMClient):
         out = usage.get("output_tokens", 0)
         if inp:
             self.last_exact_prompt_tokens = inp
-        else:
-            # Fallback: use estimated counts from the response text
+        if out:
+            # Only estimate output tokens when API doesn't provide them;
+            # never estimate prompt tokens from output text.
+            pass
+        elif texts:
             from .token_counter import _cjk_estimate
             out_text = "\n".join(texts)
-            inp = max(1, self.count_tokens_approx(
-                [{"role": "user", "content": out_text}]
-            ))
-            out = max(1, _cjk_estimate(out_text) or out_text and len(out_text) // 4 or 1)
+            out = max(1, _cjk_estimate(out_text))
         self._total_prompt_tokens += inp
-        self._total_completion_tokens += out or 1
+        self._total_completion_tokens += out
         if self._usage_callback:
-            self._usage_callback(inp, out or 1)
+            self._usage_callback(inp, out)
 
         return result
 

{ata_coder-2.4.8 → ata_coder-2.5.0/ata_coder.egg-info}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: ata-coder
-Version: 2.4.8
+Version: 2.5.0
 Summary: ATA Coder — AI-powered coding assistant
 Author: ATA Coder Team
 License-Expression: MIT
@@ -8,7 +8,7 @@ Requires-Python: >=3.10
 Description-Content-Type: text/markdown
 License-File: LICENSE
 Requires-Dist: click>=8.0
-Requires-Dist: httpx>=0.27.0
+Requires-Dist: httpx<1.0,>=0.27.0
 Requires-Dist: colorama>=0.4.6
 Requires-Dist: python-dotenv>=1.0.0
 Requires-Dist: rich>=13.0.0
@@ -21,13 +21,15 @@ Requires-Dist: pytest-timeout>=2.0; extra == "dev"
 Requires-Dist: tiktoken>=0.5.0; extra == "dev"
 Dynamic: license-file
 
-# ATA Coder v2.4.7
+# ATA Coder v2.4.8
 
 **AI-powered coding assistant — async, AST-aware, single config file.**
 
 [English](#english) | [中文](#中文)
 
-> **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
+> **v2.4.8** — 🤖 **Self-Bootstrapped Audit (Round 12)**: ATA Coder found 10 bugs in its own source — thread races, command injection, silent corruption. All self-found, all self-fixed.
+>
+> > **v2.4.7** — ⚡ **Context Memory Refactor**: O(1) token tracking, ContextManager, section-level prompt caching, pre-tokenized TF-IDF, LRU token cache. ~60% less overhead in the hot loop.
 >
 > > **v2.4.6** — 🔐 **OS-Native Credential Store**: API key encrypted at rest via Windows DPAPI / macOS Keychain / Linux secret-tool. Auto-migrates plaintext keys. Zero dependencies.
 >
@@ -552,7 +554,9 @@ All 6 findings in this release were discovered by **ATA Coder scanning its own s
 
 ## 中文
 
-> **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
+> **v2.4.8** — 🤖 **自举审计（第 12 轮）**: ATA Coder 审计自身源码发现 10 个 bug — 线程竞态、命令注入、静默数据损坏。全部自发现、自修复。
+>
+> > **v2.4.7** — ⚡ **上下文记忆重构**: O(1) Token 追踪、ContextManager、章节级提示缓存、预分词 TF-IDF、LRU Token 缓存。热路径开销降低约 60%。
 >
 > > **v2.4.6** — 🔐 **操作系统凭据存储**: API Key 通过 Windows DPAPI / macOS Keychain / Linux secret-tool 加密存储。自动迁移明文密钥。零依赖。
 >

{ata_coder-2.4.8 → ata_coder-2.5.0}/ata_coder.egg-info/SOURCES.txt

@@ -9,7 +9,6 @@ agent_extension.py
 agent_routing.py
 agent_subsystems.py
 agent_tools.py
-agent_undo.py
 anthropic_client.py
 change_tracker.py
 clawd_integration.py
@@ -38,6 +37,7 @@ repl_ui.py
 safety_guard.py
 self_correct.py
 server.py
+server_rate_limit.py
 server_session.py
 server_shell.py
 session.py
@@ -61,7 +61,6 @@ utils.py
 ./agent_routing.py
 ./agent_subsystems.py
 ./agent_tools.py
-./agent_undo.py
 ./anthropic_client.py
 ./change_tracker.py
 ./clawd_integration.py
@@ -89,6 +88,7 @@ utils.py
 ./safety_guard.py
 ./self_correct.py
 ./server.py
+./server_rate_limit.py
 ./server_session.py
 ./server_shell.py
 ./session.py

{ata_coder-2.4.8 → ata_coder-2.5.0}/ata_coder.egg-info/requires.txt

@@ -1,5 +1,5 @@
 click>=8.0
-httpx>=0.27.0
+httpx<1.0,>=0.27.0
 colorama>=0.4.6
 python-dotenv>=1.0.0
 rich>=13.0.0

{ata_coder-2.4.8 → ata_coder-2.5.0}/change_tracker.py

@@ -109,6 +109,7 @@ class ChangeTracker:
         self._backups: dict[str, str] = {}
         self._dry_run = False
         self._last_active: int = -1
+        self.workspace: Path | None = None  # set by agent for workspace boundary checks
 
     # ── Dry run toggle ───────────────────────────────────────────────────
 
@@ -173,7 +174,7 @@ class ChangeTracker:
         if old_content == new_content:
             return None
 
-        path = Path(file_path)
+        Path(file_path)
         # Backup before edit (for undo)
         self._backup(file_path)
 
@@ -245,6 +246,13 @@ class ChangeTracker:
     def _apply_revert(self, c: FileChange) -> None:
         """Apply revert for a single change."""
         path = Path(c.file_path)
+        # Safety: skip paths outside the workspace (defense in depth)
+        if self.workspace is not None:
+            try:
+                path.resolve().relative_to(self.workspace.resolve())
+            except ValueError:
+                logger.warning("Skipping undo outside workspace: %s", c.file_path)
+                return
         if c.change_type == ChangeType.WRITE:
             if c.old_content is None:
                 if path.exists():

{ata_coder-2.4.8 → ata_coder-2.5.0}/config.py

@@ -273,7 +273,7 @@ def _settings_base_url() -> str:
 
 
 def _settings_default_model() -> str:
-    return _from_settings("default_model", "deepseek-chat")
+    return _from_settings("default_model", "deepseek-v4-pro")
 
 
 def _settings_max_output_tokens() -> int:

{ata_coder-2.4.8 → ata_coder-2.5.0}/core/queue.py

@@ -42,7 +42,7 @@ class EventQueue:
     async def get(self, timeout: Optional[float] = None) -> Optional[Any]:
         """Get one event, blocking with optional timeout."""
         try:
-            if timeout:
+            if timeout is not None:
                 event = await asyncio.wait_for(self._queue.get(), timeout=timeout)
             else:
                 event = await self._queue.get()

{ata_coder-2.4.8 → ata_coder-2.5.0}/extension.py

@@ -262,6 +262,7 @@ class ExtensionManager:
     def __init__(self):
         self._extensions: dict[str, Extension] = {}
         self._active: set[str] = set()
+        self._activating: set[str] = set()  # cycle detection stack
         self._loaded_dirs: list[Path] = []
         self._lock = threading.Lock()  # protects _extensions, _active, _loaded_dirs
 
@@ -358,25 +359,38 @@ class ExtensionManager:
                 return False
             if name in self._active:
                 return True  # already active
+            # Cycle detection — detect circular dependencies
+            if name in self._activating:
+                logger.error(
+                    "Circular dependency detected: %s is already being activated. "
+                    "Active path: %s",
+                    name, ", ".join(self._activating),
+                )
+                return False
+            self._activating.add(name)
             deps = list(ext.meta.dependencies)
 
-        # Activate dependencies (try raw name first, then skill: prefix)
-        for dep in deps:
-            if dep not in self._active:
-                if not self.activate(dep):
-                    self.activate(f"skill:{dep}")
-
-        # on_activate 在锁外调用，避免死锁
         try:
-            ext.on_activate()
-        except Exception:
-            logger.exception("Extension %r on_activate failed", name)
-            return False
+            # Activate dependencies (try raw name first, then skill: prefix)
+            for dep in deps:
+                if dep not in self._active:
+                    if not self.activate(dep):
+                        self.activate(f"skill:{dep}")
 
-        with self._lock:
-            self._active.add(name)
-        logger.debug("Extension activated: %s", name)
-        return True
+            # on_activate 在锁外调用，避免死锁
+            try:
+                ext.on_activate()
+            except Exception:
+                logger.exception("Extension %r on_activate failed", name)
+                return False
+
+            with self._lock:
+                self._active.add(name)
+            logger.debug("Extension activated: %s", name)
+            return True
+        finally:
+            with self._lock:
+                self._activating.discard(name)
 
     def deactivate(self, name: str) -> bool:
         """停用一个扩展（线程安全）。"""

{ata_coder-2.4.8 → ata_coder-2.5.0}/fool_proof.py

@@ -126,6 +126,13 @@ class FoolProofEngine:
             self._blocks += 1
             return check
 
+        # 1b. Typing confirmation (safety guard flagged requires_typing)
+        if safety.requires_typing:
+            check.action = ActionRequired.WARN_CONFIRM
+            check.confirm_message = safety.reason or "Type 'YES' to confirm this operation."
+            check.requires_typing = True
+            return check
+
         # 2. Read tools — always safe
         if category == "read":
             check.allowed = True

{ata_coder-2.4.8 → ata_coder-2.5.0}/git_workflow.py

@@ -221,10 +221,11 @@ class GitWorkflow:
         if code != 0:
             return False, err
 
-        # Check for secrets in staged changes
+        # Check for secrets in staged changes — block the commit
         secret_check = self._check_secrets()
         if secret_check:
-            logger.warning("Potential secrets in commit: %s", secret_check)
+            logger.error("Potential secrets in commit — blocked: %s", secret_check)
+            return False, f"Secret detection blocked commit:\n{secret_check}\n\nUse --force to override."
 
         # Generate commit message if not provided
         if not message: