PyPI - memocode - Versions diffs - 0.2.0__tar.gz → 0.2.2__tar.gz - Mend

memocode 0.2.0tar.gz → 0.2.2tar.gz

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (43) hide show

memocode-0.2.2/PKG-INFO ADDED Viewed

@@ -0,0 +1,180 @@
+Metadata-Version: 2.4
+Name: memocode
+Version: 0.2.2
+Summary: Personal AI coding agent with memory, tool execution, and safety controls
+Author: AssassinCHN
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: openai>=1.0
+Requires-Dist: rich>=13.0
+Requires-Dist: prompt_toolkit>=3.0
+Requires-Dist: certifi>=2024.0
+# Mcode
+Personal AI coding agent CLI with memory, tool execution, and safety controls.
+**Author:** AssassinCHN
+## Features
+- **Agentic tool-use loop** — Native function calling (OpenAI / Anthropic compatible), stuck detection, auto mode for fully autonomous task execution
+- **Memory system** — Persistent conversation memory with consolidation, forgetting curve, and cross-session injection
+- **Project management** — Multiple projects with separate memory DBs and working directories
+- **Built-in tools** — Shell execution, file read/write/edit, glob, grep, web fetch
+- **Safety layer** — Human mode (zone checks + confirmation prompts) / Auto mode (whitelist + work_dir hard boundaries) / Bypass mode (session-only, explicit confirmation required)
+- **Extensible** — Drop Python files into `~/.mcode/tools/` for custom tools
+## Requirements
+- Python 3.11+
+- API key for a supported model (MiniMax, Kimi, or any OpenAI-compatible endpoint)
+## Installation
+```bash
+pip install memocode
+```
+Configure your model in `~/.mcode/agent.json` (created on first run):
+```json
+{
+  "active_model": "minimax",
+  "models": {
+    "minimax": {
+      "provider": "openai",
+      "model": "MiniMax-M2.7",
+      "base_url": "https://api.minimaxi.com/v1",
+      "api_key_env": "MINIMAX_API_KEY",
+      "context_window": 1000000,
+      "extra_body": {"reasoning_split": true}
+    }
+  }
+}
+```
+```bash
+export MINIMAX_API_KEY=your_key_here
+mcode
+```
+## Usage
+```bash
+mcode                      # Start (auto-resumes last project)
+mcode --project myapp      # Start with a specific project
+mcode --verbose            # Show full tracebacks on errors
+```
+## Slash Commands
+| Command | Description |
+|---------|-------------|
+| `/help` | Show all commands |
+| `/status` | Show current settings |
+| `/quit` / `/exit` | Exit |
+| `/end` | End session (save to memory) |
+| | |
+| `/btw <question>` | Quick one-shot question — no memory, no tools |
+| `/template [example]` | Show auto-mode task prompt template |
+| | |
+| `/auto [on\|off]` | Toggle auto mode (no prompts, hard boundaries) |
+| `/auto whitelist [list\|add\|remove\|reset]` | Manage auto mode command whitelist |
+| `/safety [on\|off]` | Toggle safety bypass (DANGEROUS, session-only) |
+| | |
+| `/project list` | List all projects |
+| `/project workdir [path]` | Set working directory |
+| `/project rename [<old>] <new>` | Rename a project (defaults to current) |
+| `/project delete <name>` | Delete a project (glob patterns supported) |
+| | |
+| `/model [name]` | Show or switch LLM model |
+| `/tools` | List all loaded tools |
+| `/history [N]` | Show audit log |
+| `/undo` | Undo the last run — restore code and/or rewind conversation |
+| `/rollback` | Restore a specific backed-up file (file only, for audit) |
+| `/rewind [N]` | Rewind conversation to turn N (conversation only) |
+| `/profile` | Show/edit core memory (user profile) |
+| | |
+| `!<command>` | Run shell command directly (safety-checked) |
+| `@<path>` | Attach file contents to your message |
+## Auto Mode
+Auto mode runs the agent fully autonomously — no confirmation prompts, hard safety boundaries (whitelist-only shell commands, writes restricted to `work_dir`).
+Enable with `/auto on`, then use `/template` for a recommended task prompt structure:
+```
+Task: <one-line goal>
+Context: work_dir, language/framework, entry point
+Acceptance criteria: 1) ... 2) ... 3) ...
+Constraints: do NOT modify <files>
+Verify by running: <test command>
+```
+## Safety Modes
+| Mode | Behavior |
+|------|----------|
+| Human (default) | Prompts for risky operations; backs up files before destructive ops |
+| Auto (`/auto on`) | No prompts; blocks non-whitelisted commands and writes outside `work_dir` |
+| Bypass (`/safety off`) | Skips all checks; session-only; requires typing `yes` to enable |
+## Built-in Tools
+| Tool | Description |
+|------|-------------|
+| `shell_exec` | Run shell commands (streaming output) |
+| `file_read` | Read file with pagination |
+| `file_write` | Write / append to file |
+| `file_edit` | Targeted string replacement in file |
+| `glob` | Find files by pattern (`**/*.py`) |
+| `grep` | Search file content by regex |
+| `web_fetch` | Fetch a URL, returns readable text (HTML stripped) |
+## Custom Tools
+Drop a Python file in `~/.mcode/tools/`:
+```python
+from tools.registry import Tool, ToolSchema
+def _my_tool(param: str) -> str:
+    return f"result: {param}"
+MY_TOOL = Tool(
+    schema=ToolSchema(
+        name="my_tool",
+        description="Description shown to the model",
+        parameters={
+            "type": "object",
+            "properties": {"param": {"type": "string"}},
+            "required": ["param"],
+        },
+    ),
+    fn=_my_tool,
+)
+```
+## Project Structure
+```
+mcode/
+├── run.py                  # CLI entry point
+├── control/
+│   ├── brain.py            # Agent loop, tool dispatch, safety
+│   ├── llm.py              # LLM adapter (OpenAI / Anthropic)
+│   ├── project_manager.py  # Project registry
+│   ├── audit.py            # Audit log
+│   └── chatmem/            # Memory system
+├── tools/
+│   ├── file.py             # file_read/write/edit, glob, grep
+│   ├── shell.py            # shell_exec
+│   ├── web.py              # web_fetch
+│   └── registry.py         # Tool registry + loader
+└── safety/
+    ├── safety.py           # Zone checks, auto mode rules
+    ├── backup.py           # File backup
+    └── policy.py           # Persistent always-allow policies
+```

{memocode-0.2.0 → memocode-0.2.2}/README.md RENAMED Viewed

@@ -2,6 +2,8 @@
 Personal AI coding agent CLI with memory, tool execution, and safety controls.
+**Author:** AssassinCHN
 ## Features
 - **Agentic tool-use loop** — Native function calling (OpenAI / Anthropic compatible), stuck detection, auto mode for fully autonomous task execution
@@ -19,9 +21,7 @@ Personal AI coding agent CLI with memory, tool execution, and safety controls.
 ## Installation
 ```bash
-git clone <repo>
-cd mcode
-pip install -e .
+pip install memocode
 ```
 Configure your model in `~/.mcode/agent.json` (created on first run):
@@ -79,8 +79,9 @@ mcode --verbose            # Show full tracebacks on errors
 | `/model [name]` | Show or switch LLM model |
 | `/tools` | List all loaded tools |
 | `/history [N]` | Show audit log |
-| `/rollback` | Restore a backed-up file |
-| `/rewind [N]` | Rewind session to turn N |
+| `/undo` | Undo the last run — restore code and/or rewind conversation |
+| `/rollback` | Restore a specific backed-up file (file only, for audit) |
+| `/rewind [N]` | Rewind conversation to turn N (conversation only) |
 | `/profile` | Show/edit core memory (user profile) |
 | | |
 | `!<command>` | Run shell command directly (safety-checked) |

{memocode-0.2.0 → memocode-0.2.2}/control/brain.py RENAMED Viewed

@@ -402,8 +402,9 @@ class Brain:
                 "If the user asks you to write or create a file, call file_write. "
                 "If the user asks you to edit a file, call file_edit. "
                 "If the user asks you to fetch a URL or HTTP endpoint, call web_fetch — never fabricate the response. "
-                "Before editing a file, always read it first with file_read. "
-                "For targeted changes use file_edit; for new files use file_write."
+                "Before editing a file, always read it first with file_read, then proceed to make the edit without stopping. "
+                "For targeted changes use file_edit; for new files use file_write. "
+                "If a task requires multiple tool calls, keep calling tools until the task is fully done — do not report completion until all actions have been executed via tools."
             )
         user_msg = [
             {"role": "system", "content": _system},

memocode-0.2.2/memocode.egg-info/PKG-INFO ADDED Viewed

@@ -0,0 +1,180 @@
+Metadata-Version: 2.4
+Name: memocode
+Version: 0.2.2
+Summary: Personal AI coding agent with memory, tool execution, and safety controls
+Author: AssassinCHN
+Requires-Python: >=3.11
+Description-Content-Type: text/markdown
+Requires-Dist: openai>=1.0
+Requires-Dist: rich>=13.0
+Requires-Dist: prompt_toolkit>=3.0
+Requires-Dist: certifi>=2024.0
+# Mcode
+Personal AI coding agent CLI with memory, tool execution, and safety controls.
+**Author:** AssassinCHN
+## Features
+- **Agentic tool-use loop** — Native function calling (OpenAI / Anthropic compatible), stuck detection, auto mode for fully autonomous task execution
+- **Memory system** — Persistent conversation memory with consolidation, forgetting curve, and cross-session injection
+- **Project management** — Multiple projects with separate memory DBs and working directories
+- **Built-in tools** — Shell execution, file read/write/edit, glob, grep, web fetch
+- **Safety layer** — Human mode (zone checks + confirmation prompts) / Auto mode (whitelist + work_dir hard boundaries) / Bypass mode (session-only, explicit confirmation required)
+- **Extensible** — Drop Python files into `~/.mcode/tools/` for custom tools
+## Requirements
+- Python 3.11+
+- API key for a supported model (MiniMax, Kimi, or any OpenAI-compatible endpoint)
+## Installation
+```bash
+pip install memocode
+```
+Configure your model in `~/.mcode/agent.json` (created on first run):
+```json
+{
+  "active_model": "minimax",
+  "models": {
+    "minimax": {
+      "provider": "openai",
+      "model": "MiniMax-M2.7",
+      "base_url": "https://api.minimaxi.com/v1",
+      "api_key_env": "MINIMAX_API_KEY",
+      "context_window": 1000000,
+      "extra_body": {"reasoning_split": true}
+    }
+  }
+}
+```
+```bash
+export MINIMAX_API_KEY=your_key_here
+mcode
+```
+## Usage
+```bash
+mcode                      # Start (auto-resumes last project)
+mcode --project myapp      # Start with a specific project
+mcode --verbose            # Show full tracebacks on errors
+```
+## Slash Commands
+| Command | Description |
+|---------|-------------|
+| `/help` | Show all commands |
+| `/status` | Show current settings |
+| `/quit` / `/exit` | Exit |
+| `/end` | End session (save to memory) |
+| | |
+| `/btw <question>` | Quick one-shot question — no memory, no tools |
+| `/template [example]` | Show auto-mode task prompt template |
+| | |
+| `/auto [on\|off]` | Toggle auto mode (no prompts, hard boundaries) |
+| `/auto whitelist [list\|add\|remove\|reset]` | Manage auto mode command whitelist |
+| `/safety [on\|off]` | Toggle safety bypass (DANGEROUS, session-only) |
+| | |
+| `/project list` | List all projects |
+| `/project workdir [path]` | Set working directory |
+| `/project rename [<old>] <new>` | Rename a project (defaults to current) |
+| `/project delete <name>` | Delete a project (glob patterns supported) |
+| | |
+| `/model [name]` | Show or switch LLM model |
+| `/tools` | List all loaded tools |
+| `/history [N]` | Show audit log |
+| `/undo` | Undo the last run — restore code and/or rewind conversation |
+| `/rollback` | Restore a specific backed-up file (file only, for audit) |
+| `/rewind [N]` | Rewind conversation to turn N (conversation only) |
+| `/profile` | Show/edit core memory (user profile) |
+| | |
+| `!<command>` | Run shell command directly (safety-checked) |
+| `@<path>` | Attach file contents to your message |
+## Auto Mode
+Auto mode runs the agent fully autonomously — no confirmation prompts, hard safety boundaries (whitelist-only shell commands, writes restricted to `work_dir`).
+Enable with `/auto on`, then use `/template` for a recommended task prompt structure:
+```
+Task: <one-line goal>
+Context: work_dir, language/framework, entry point
+Acceptance criteria: 1) ... 2) ... 3) ...
+Constraints: do NOT modify <files>
+Verify by running: <test command>
+```
+## Safety Modes
+| Mode | Behavior |
+|------|----------|
+| Human (default) | Prompts for risky operations; backs up files before destructive ops |
+| Auto (`/auto on`) | No prompts; blocks non-whitelisted commands and writes outside `work_dir` |
+| Bypass (`/safety off`) | Skips all checks; session-only; requires typing `yes` to enable |
+## Built-in Tools
+| Tool | Description |
+|------|-------------|
+| `shell_exec` | Run shell commands (streaming output) |
+| `file_read` | Read file with pagination |
+| `file_write` | Write / append to file |
+| `file_edit` | Targeted string replacement in file |
+| `glob` | Find files by pattern (`**/*.py`) |
+| `grep` | Search file content by regex |
+| `web_fetch` | Fetch a URL, returns readable text (HTML stripped) |
+## Custom Tools
+Drop a Python file in `~/.mcode/tools/`:
+```python
+from tools.registry import Tool, ToolSchema
+def _my_tool(param: str) -> str:
+    return f"result: {param}"
+MY_TOOL = Tool(
+    schema=ToolSchema(
+        name="my_tool",
+        description="Description shown to the model",
+        parameters={
+            "type": "object",
+            "properties": {"param": {"type": "string"}},
+            "required": ["param"],
+        },
+    ),
+    fn=_my_tool,
+)
+```
+## Project Structure
+```
+mcode/
+├── run.py                  # CLI entry point
+├── control/
+│   ├── brain.py            # Agent loop, tool dispatch, safety
+│   ├── llm.py              # LLM adapter (OpenAI / Anthropic)
+│   ├── project_manager.py  # Project registry
+│   ├── audit.py            # Audit log
+│   └── chatmem/            # Memory system
+├── tools/
+│   ├── file.py             # file_read/write/edit, glob, grep
+│   ├── shell.py            # shell_exec
+│   ├── web.py              # web_fetch
+│   └── registry.py         # Tool registry + loader
+└── safety/
+    ├── safety.py           # Zone checks, auto mode rules
+    ├── backup.py           # File backup
+    └── policy.py           # Persistent always-allow policies
+```

{memocode-0.2.0 → memocode-0.2.2}/pyproject.toml RENAMED Viewed

@@ -4,8 +4,10 @@ build-backend = "setuptools.build_meta"
 [project]
 name = "memocode"
-version = "0.2.0"
+version = "0.2.2"
 description = "Personal AI coding agent with memory, tool execution, and safety controls"
+readme = "README.md"
+authors = [{name = "AssassinCHN"}]
 requires-python = ">=3.11"
 dependencies = [
     "openai>=1.0",

{memocode-0.2.0 → memocode-0.2.2}/run.py RENAMED Viewed

@@ -26,7 +26,7 @@ Slash commands:
   /end                              End session (save to memory, keep verbatim tail)
   /history [N]                      Show last N audit log entries (default 15)
   /undo                             Undo a run: restore code and/or rewind conversation
-  /rollback                         Restore a backed-up file (file only)
+  /rollback                         Restore a backed-up file (file only, for audit)
   /rewind [N]                       Rewind conversation to turn N (conversation only)
   /project list                     List all projects
@@ -232,31 +232,6 @@ def cmd_undo(brain: Brain):
     print("Undo complete.")
-def cmd_rollback(brain: Brain):
-    runs = brain.audit.runs_with_backups(project=brain.projects.current_project)
-    if not runs:
-        print("No backups available.")
-        return
-    import time
-    print("\nRuns with available backups:")
-    for i, run in enumerate(runs[:10]):
-        ts = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(run["ts"]))
-        status = "✓" if run["success"] else "✗"
-        print(f"  [{i}] {ts} {status} {run['goal'][:60]}")
-        for orig, bp in run["available_backups"].items():
-            print(f"       {orig} ← {bp}")
-    choice = _ask("\nEnter number to restore (or Enter to cancel): ")
-    if not choice.isdigit() or int(choice) >= len(runs[:10]):
-        print("Cancelled.")
-        return
-    from safety.backup import restore_backup
-    for orig, bp in runs[int(choice)]["available_backups"].items():
-        print(f"Restored: {orig}" if restore_backup(bp) else f"Failed: {bp}")
 def cmd_rewind(brain: Brain, arg: str):
     turns = brain.memory.list_turns()
     if not turns:
@@ -264,14 +239,11 @@ def cmd_rewind(brain: Brain, arg: str):
         return
     if not arg:
-        # List turns for user to pick
         print("\nCurrent session turns:")
         for t in turns:
-            user_preview = t["user"].replace("\n", " ")
-            asst_preview = t["assistant"].replace("\n", " ")
-            print(f"  [{t['index']}] You: {user_preview[:60]}")
-            if asst_preview:
-                print(f"       Agent: {asst_preview[:60]}")
+            print(f"  [{t['index']}] You: {t['user'].replace(chr(10), ' ')[:60]}")
+            if t["assistant"]:
+                print(f"       Agent: {t['assistant'].replace(chr(10), ' ')[:60]}")
         choice = _ask("\nRewind to turn number (or Enter to cancel): ")
         if not choice.isdigit():
             print("Cancelled.")
@@ -285,12 +257,37 @@ def cmd_rewind(brain: Brain, arg: str):
     idx = int(arg)
     try:
         brain.memory.rewind_to(idx)
-        turns = brain.memory.list_turns()
-        print(f"Rewound to turn [{idx}]. Session now has {len(turns)} turn(s).")
+        print(f"Rewound to turn [{idx}]. Session now has {len(brain.memory.list_turns())} turn(s).")
     except IndexError as e:
         print(f"Error: {e}")
+def cmd_rollback(brain: Brain):
+    runs = brain.audit.runs_with_backups(project=brain.projects.current_project)
+    if not runs:
+        print("No backups available.")
+        return
+    import time
+    print("\nRuns with available backups:")
+    for i, run in enumerate(runs[:10]):
+        ts = time.strftime("%Y-%m-%d %H:%M:%S", time.localtime(run["ts"]))
+        status = "✓" if run["success"] else "✗"
+        print(f"  [{i}] {ts} {status} {run['goal'][:60]}")
+        for orig, bp in run["available_backups"].items():
+            print(f"       {orig} ← {bp}")
+    choice = _ask("\nEnter number to restore (or Enter to cancel): ")
+    if not choice.isdigit() or int(choice) >= len(runs[:10]):
+        print("Cancelled.")
+        return
+    from safety.backup import restore_backup
+    for orig, bp in runs[int(choice)]["available_backups"].items():
+        print(f"Restored: {orig}" if restore_backup(bp) else f"Failed: {bp}")
 def cmd_history(brain: Brain, n: int = 15):
     import time
     project = brain.projects.current_project

{memocode-0.2.0 → memocode-0.2.2}/safety/safety.py RENAMED Viewed

@@ -82,7 +82,7 @@ def _extract_paths(command: str, work_dir: str | None = None) -> list[str]:
             # relative path (./foo, ../foo) — resolve against work_dir or cwd
             base = work_dir or os.getcwd()
             ep = os.path.normpath(os.path.join(base, p))
-        if not ep.startswith(("/proc/", "/sys/")):
+        if not ep.startswith(("/proc/", "/sys/")) and ep not in ("/dev/null", "/dev/stdout", "/dev/stderr"):
             result.append(ep)
     return result
@@ -266,31 +266,150 @@ def check(task, work_dir: str | None = None,
 # Command injection patterns
 _INJECTION_RE = re.compile(r'\$\(|`')
-# Split shell command into pipe/chain segments
-_SHELL_SEP_RE = re.compile(r'\|\|?|&&?|;')
+# Leading KEY=value env-var assignments (e.g. PYTHONPATH=... FOO=bar cmd ...)
+_ENV_PREFIX_RE = re.compile(r'^(\w+=\S*\s*)+')
 DEFAULT_AUTO_WHITELIST: list[str] = [
-    # Filesystem read
-    "ls", "find", "cat", "head", "tail", "wc", "stat", "file", "du", "df",
-    "echo", "printenv", "env", "date", "whoami", "id", "uname", "pwd", "which", "type",
-    # Text processing
-    "grep", "rg", "awk", "sed", "cut", "sort", "uniq", "diff", "tr", "xargs",
-    # Git (all subcommands)
+    # ── Navigation ───────────────────────────────────────────────────────────
+    "cd", "pwd", "pushd", "popd", "dirs",
+    # ── File inspection ──────────────────────────────────────────────────────
+    "ls", "ll", "la", "find", "locate", "which", "type", "file",
+    "stat", "du", "df", "realpath", "basename", "dirname", "readlink",
+    "lsblk", "lscpu", "lshw", "lsof",
+    # ── File read ────────────────────────────────────────────────────────────
+    "cat", "head", "tail", "less", "more", "bat",
+    "wc", "od", "xxd", "hexdump", "strings",
+    # ── File create / copy / move ─────────────────────────────────────────────
+    "mkdir", "touch", "cp", "mv", "ln", "mktemp", "tee", "split", "install",
+    # ── Archive ──────────────────────────────────────────────────────────────
+    "tar", "zip", "unzip", "gzip", "gunzip", "bzip2", "bunzip2",
+    "xz", "unxz", "zcat", "7z", "7za",
+    # ── Text processing ──────────────────────────────────────────────────────
+    "grep", "rg", "ag", "awk", "sed", "cut", "sort", "uniq",
+    "diff", "patch", "tr", "xargs",
+    "paste", "join", "expand", "unexpand", "nl", "fold", "column",
+    "echo", "printf", "iconv",
+    # ── Encoding / hashing ───────────────────────────────────────────────────
+    "base64", "md5sum", "sha1sum", "sha256sum", "sha512sum", "shasum", "cksum",
+    "openssl",
+    # ── Search ───────────────────────────────────────────────────────────────
+    "fd", "fzf",
+    # ── Environment / system info ─────────────────────────────────────────────
+    "env", "printenv", "date", "uname", "hostname", "uptime",
+    "whoami", "id", "groups",
+    "ps", "pgrep", "pidof", "top", "htop", "free", "vmstat", "iostat",
+    "ulimit", "time", "bc",
+    # ── Process control ───────────────────────────────────────────────────────
+    "sleep", "wait", "timeout", "watch", "nohup",
+    "true", "false", "test", "seq", "kill", "pkill",
+    # ── Network (read / fetch) ─────────────────────────────────────────────────
+    "curl", "wget", "http",
+    "ping", "traceroute", "nslookup", "dig", "host",
+    "netstat", "ss", "ifconfig", "ip",
+    "ssh", "scp", "rsync",
+    # ── Permissions ──────────────────────────────────────────────────────────
+    "chmod", "chown", "chgrp", "umask",
+    # ── Git ──────────────────────────────────────────────────────────────────
     "git",
-    # Python / Node
-    "python", "python3", "node",
-    # Package info (read-only subcommands)
-    "pip list", "pip show", "pip freeze",
-    "pip3 list", "pip3 show", "pip3 freeze",
-    "npm list", "npm outdated",
-    # Process / system info
-    "ps", "top", "free", "lsof", "uptime",
+    # ── Python ───────────────────────────────────────────────────────────────
+    "python", "python3", "python3.10", "python3.11", "python3.12", "python3.13",
+    "pip", "pip3", "pipenv", "poetry", "uv",
+    "pytest", "mypy", "pyright", "ruff", "flake8", "pylint",
+    "black", "isort", "autopep8",
+    "ipython", "jupyter",
+    "pyenv",
+    # ── Node / JS ────────────────────────────────────────────────────────────
+    "node", "npm", "npx", "yarn", "pnpm", "bun", "deno",
+    "jest", "mocha", "vitest", "eslint", "prettier", "tsc",
+    "nvm",
+    # ── Compiled languages ────────────────────────────────────────────────────
+    "gcc", "g++", "clang", "clang++", "cc", "c++",
+    "make", "cmake", "ninja", "meson", "bear",
+    "cargo", "rustc", "rustfmt",
+    "go", "gofmt",
+    "java", "javac", "jar", "mvn", "gradle",
+    "dotnet",
+    "swift", "swiftc",
+    "ruby", "gem", "bundle", "rspec",
+    "perl", "php", "composer",
+    "lua", "Rscript",
+    # ── Shell scripting ───────────────────────────────────────────────────────
+    "bash", "sh", "zsh", "shellcheck",
+    "source",
+    # ── Data / serialisation ──────────────────────────────────────────────────
+    "jq", "yq",
+    # ── Containers / orchestration ────────────────────────────────────────────
+    "docker", "docker-compose", "docker compose", "podman",
+    "kubectl", "helm", "minikube", "kind",
+    # ── Cloud CLIs ────────────────────────────────────────────────────────────
+    "aws", "gcloud", "az",
+    # ── Database clients ──────────────────────────────────────────────────────
+    "mysql", "mysqldump", "psql", "pg_dump", "sqlite3",
+    "redis-cli",
+    # ── Misc ─────────────────────────────────────────────────────────────────
+    "man", "tput", "stty", "locale",
+    "systemctl", "service",
 ]
+def _split_shell_ops(command: str) -> list[str]:
+    """Split on && || | ; but NOT inside single- or double-quoted strings."""
+    segments: list[str] = []
+    current: list[str] = []
+    in_single = False
+    in_double = False
+    i = 0
+    while i < len(command):
+        c = command[i]
+        if c == "'" and not in_double:
+            in_single = not in_single
+            current.append(c)
+        elif c == '"' and not in_single:
+            in_double = not in_double
+            current.append(c)
+        elif not in_single and not in_double:
+            two = command[i:i + 2]
+            if two in ("&&", "||"):
+                segments.append("".join(current))
+                current = []
+                i += 2
+                continue
+            elif c in ("|", ";"):
+                segments.append("".join(current))
+                current = []
+            else:
+                current.append(c)
+        else:
+            current.append(c)
+        i += 1
+    segments.append("".join(current))
+    return segments
 def _matches_whitelist(segment: str, whitelist: list[str]) -> bool:
-    """Return True if the command segment starts with a whitelist entry (word boundary)."""
-    seg = segment.lower().strip()
+    """Return True if the command segment (after stripping env-var prefixes) starts with a whitelist entry."""
+    seg = _ENV_PREFIX_RE.sub("", segment).lower().strip()
     for entry in whitelist:
         e = entry.lower().strip()
         if seg == e or seg.startswith(e + " "):
@@ -352,7 +471,7 @@ def check_auto(task, work_dir: str | None = None,
                             reason="Auto mode: command injection pattern blocked")
     # Whitelist check — every pipe/chain segment must be in whitelist
-    for seg in _SHELL_SEP_RE.split(command):
+    for seg in _split_shell_ops(command):
         seg = seg.strip()
         if not seg:
             continue

memocode-0.2.0/PKG-INFO DELETED Viewed

@@ -1,9 +0,0 @@
-Metadata-Version: 2.4
-Name: memocode
-Version: 0.2.0
-Summary: Personal AI coding agent with memory, tool execution, and safety controls
-Requires-Python: >=3.11
-Requires-Dist: openai>=1.0
-Requires-Dist: rich>=13.0
-Requires-Dist: prompt_toolkit>=3.0
-Requires-Dist: certifi>=2024.0

memocode-0.2.0/memocode.egg-info/PKG-INFO DELETED Viewed

@@ -1,9 +0,0 @@
-Metadata-Version: 2.4
-Name: memocode
-Version: 0.2.0
-Summary: Personal AI coding agent with memory, tool execution, and safety controls
-Requires-Python: >=3.11
-Requires-Dist: openai>=1.0
-Requires-Dist: rich>=13.0
-Requires-Dist: prompt_toolkit>=3.0
-Requires-Dist: certifi>=2024.0