tunacode-cli 0.0.33__py3-none-any.whl → 0.0.35__py3-none-any.whl

tunacode/cli/commands.py

@@ -6,7 +6,7 @@ from enum import Enum
 from typing import Any, Dict, List, Optional, Type
 
 from .. import utils
-from ..exceptions import ValidationError
+from ..exceptions import ConfigurationError, ValidationError
 from ..types import CommandArgs, CommandContext, CommandResult, ProcessRequestCallback
 from ..ui import console as ui
 
@@ -181,26 +181,29 @@ class IterationsCommand(SimpleCommand):
 
     async def execute(self, args: List[str], context: CommandContext) -> None:
         state = context.state_manager.session
-        if args:
-            try:
-                new_limit = int(args[0])
-                if new_limit < 1 or new_limit > 100:
-                    await ui.error("Iterations must be between 1 and 100")
-                    return
-
-                # Update the user config
-                if "settings" not in state.user_config:
-                    state.user_config["settings"] = {}
-                state.user_config["settings"]["max_iterations"] = new_limit
-
-                await ui.success(f"Maximum iterations set to {new_limit}")
-                await ui.muted("Higher values allow more complex reasoning but may be slower")
-            except ValueError:
-                await ui.error("Please provide a valid number")
-        else:
+
+        # Guard clause - handle "no args" case first and return early
+        if not args:
             current = state.user_config.get("settings", {}).get("max_iterations", 40)
             await ui.info(f"Current maximum iterations: {current}")
             await ui.muted("Usage: /iterations <number> (1-100)")
+            return
+
+        # update the logic to not be as nested messely, the above guars needing to get as messy
+        try:
+            new_limit = int(args[0])
+            if new_limit < 1 or new_limit > 100:
+                await ui.error("Iterations must be between 1 and 100")
+                return
+
+            # Update the user config
+            if "settings" not in state.user_config:
+                state.user_config["settings"] = {}
+            state.user_config["settings"]["max_iterations"] = new_limit
+
+            await ui.success(f"Maximum iterations set to {new_limit}")
+        except ValueError:
+            await ui.error("Please provide a valid number")
 
 
 class ClearCommand(SimpleCommand):
@@ -288,7 +291,9 @@ class ParseToolsCommand(SimpleCommand):
 
                         try:
                             await extract_and_execute_tool_calls(
-                                part.content, tool_callback_with_state, context.state_manager
+                                part.content,
+                                tool_callback_with_state,
+                                context.state_manager,
                             )
                             await ui.success("JSON tool parsing completed")
                             found_content = True
@@ -524,7 +529,8 @@ class UpdateCommand(SimpleCommand):
                 result = subprocess.run(
                     ["pipx", "list"], capture_output=True, text=True, timeout=10
                 )
-                if "tunacode" in result.stdout.lower():
+                pipx_installed = "tunacode" in result.stdout.lower()
+                if pipx_installed:
                     installation_method = "pipx"
             except (subprocess.TimeoutExpired, subprocess.CalledProcessError):
                 pass
@@ -555,12 +561,22 @@ class UpdateCommand(SimpleCommand):
             if installation_method == "pipx":
                 await ui.info("Updating via pipx...")
                 result = subprocess.run(
-                    ["pipx", "upgrade", "tunacode"], capture_output=True, text=True, timeout=60
+                    ["pipx", "upgrade", "tunacode"],
+                    capture_output=True,
+                    text=True,
+                    timeout=60,
                 )
             else:  # pip
                 await ui.info("Updating via pip...")
                 result = subprocess.run(
-                    [sys.executable, "-m", "pip", "install", "--upgrade", "tunacode-cli"],
+                    [
+                        sys.executable,
+                        "-m",
+                        "pip",
+                        "install",
+                        "--upgrade",
+                        "tunacode-cli",
+                    ],
                     capture_output=True,
                     text=True,
                     timeout=60,
@@ -628,9 +644,13 @@ class ModelCommand(SimpleCommand):
 
         # Check if setting as default
         if len(args) > 1 and args[1] == "default":
-            utils.user_configuration.set_default_model(model_name, context.state_manager)
-            await ui.muted("Updating default model")
-            return "restart"
+            try:
+                utils.user_configuration.set_default_model(model_name, context.state_manager)
+                await ui.muted("Updating default model")
+                return "restart"
+            except ConfigurationError as e:
+                await ui.error(str(e))
+                return None
 
         # Show success message with the new model
         await ui.success(f"Switched to model: {model_name}")
@@ -669,6 +689,35 @@ class CommandFactory:
                 setattr(self.dependencies, key, value)
 
 
+class InitCommand(SimpleCommand):
+    """Creates or updates TUNACODE.md with project-specific context."""
+
+    spec = CommandSpec(
+        name="/init",
+        aliases=[],
+        description="Analyze codebase and create/update TUNACODE.md file",
+        category=CommandCategory.DEVELOPMENT,
+    )
+
+    async def execute(self, args, context: CommandContext) -> CommandResult:
+        """Execute the init command."""
+        # Minimal implementation to make test pass
+        prompt = """Please analyze this codebase and create a TUNACODE.md file containing:
+1. Build/lint/test commands - especially for running a single test
+2. Code style guidelines including imports, formatting, types, naming conventions, error handling, etc.
+
+The file you create will be given to agentic coding agents (such as yourself) that operate in this repository.
+Make it about 20 lines long.
+If there's already a TUNACODE.md, improve it.
+If there are Cursor rules (in .cursor/rules/ or .cursorrules) or Copilot rules (in .github/copilot-instructions.md),
+make sure to include them."""
+
+        # Call the agent to analyze and create/update the file
+        await context.process_request(prompt, context.state_manager)
+
+        return None
+
+
 class CommandRegistry:
     """Registry for managing commands with auto-discovery and categories."""
 
@@ -726,6 +775,7 @@ class CommandRegistry:
             BranchCommand,
             CompactCommand,
             ModelCommand,
+            InitCommand,
         ]
 
         # Register all discovered commands

tunacode/cli/repl.py

@@ -22,6 +22,7 @@ from tunacode.core.tool_handler import ToolHandler
 from tunacode.exceptions import AgentError, UserAbortError, ValidationError
 from tunacode.ui import console as ui
 from tunacode.ui.tool_ui import ToolUI
+from tunacode.utils.security import CommandSecurityError, safe_subprocess_run
 
 from ..types import CommandContext, CommandResult, StateManager, ToolArgs
 from .commands import CommandRegistry
@@ -320,13 +321,24 @@ async def repl(state_manager: StateManager):
                 def run_shell():
                     try:
                         if command:
-                            result = subprocess.run(command, shell=True, capture_output=False)
-                            if result.returncode != 0:
-                                # Use print directly since we're in a terminal context
-                                print(f"\nCommand exited with code {result.returncode}")
+                            # Use secure subprocess execution for shell commands
+                            # Note: User shell commands are inherently risky but this is by design
+                            # We validate but allow shell features since it's explicit user intent
+                            try:
+                                result = safe_subprocess_run(
+                                    command,
+                                    shell=True,
+                                    validate=True,  # Still validate for basic safety
+                                    capture_output=False,
+                                )
+                                if result.returncode != 0:
+                                    print(f"\nCommand exited with code {result.returncode}")
+                            except CommandSecurityError as e:
+                                print(f"\nSecurity validation failed: {str(e)}")
+                                print("If you need to run this command, please ensure it's safe.")
                         else:
                             shell = os.environ.get("SHELL", "bash")
-                            subprocess.run(shell)
+                            subprocess.run(shell)  # Interactive shell is safe
                     except Exception as e:
                         print(f"\nShell command failed: {str(e)}")
 

tunacode/constants.py

@@ -7,7 +7,7 @@ Centralizes all magic strings, UI text, error messages, and application constant
 
 # Application info
 APP_NAME = "TunaCode"
-APP_VERSION = "0.0.33"
+APP_VERSION = "0.0.35"
 
 # File patterns
 GUIDE_FILE_PATTERN = "{name}.md"

tunacode/core/agents/main.py

@@ -457,6 +457,26 @@ def get_or_create_agent(model: ModelName, state_manager: StateManager) -> Pydant
                 # Use a default system prompt if neither file exists
                 system_prompt = "You are a helpful AI assistant for software development tasks."
 
+        # Load TUNACODE.md context
+        # Use sync version of get_code_style to avoid nested event loop issues
+        try:
+            from pathlib import Path as PathlibPath
+
+            tunacode_path = PathlibPath.cwd() / "TUNACODE.md"
+            if tunacode_path.exists():
+                tunacode_content = tunacode_path.read_text(encoding="utf-8")
+                if tunacode_content.strip():
+                    # Log that we found TUNACODE.md
+                    print("📄 TUNACODE.md located: Loading context...")
+
+                    system_prompt += "\n\n# Project Context from TUNACODE.md\n" + tunacode_content
+            else:
+                # Log that TUNACODE.md was not found
+                print("📄 TUNACODE.md not found: Using default context")
+        except Exception:
+            # Ignore errors loading TUNACODE.md
+            pass
+
         state_manager.session.agents[model] = Agent(
             model=model,
             system_prompt=system_prompt,
@@ -670,6 +690,14 @@ async def process_request(
     # Create a request-level buffer for batching read-only tools across nodes
     tool_buffer = ToolBuffer()
 
+    # Show TUNACODE.md preview if it was loaded and thoughts are enabled
+    if state_manager.session.show_thoughts and hasattr(state_manager, "tunacode_preview"):
+        from tunacode.ui import console as ui
+
+        await ui.muted(state_manager.tunacode_preview)
+        # Clear the preview after displaying it once
+        delattr(state_manager, "tunacode_preview")
+
     # Show what we're sending to the API when thoughts are enabled
     if state_manager.session.show_thoughts:
         from tunacode.ui import console as ui

tunacode/core/setup/config_setup.py

@@ -82,9 +82,13 @@ class ConfigSetup(BaseSetup):
                 ):
                     self.state_manager.session.user_config = {}
                 self.state_manager.session.user_config = DEFAULT_USER_CONFIG.copy()
-                user_configuration.save_config(
-                    self.state_manager
-                )  # Save the default config initially
+                try:
+                    user_configuration.save_config(
+                        self.state_manager
+                    )  # Save the default config initially
+                except ConfigurationError as e:
+                    await ui.error(str(e))
+                    raise
                 await self._onboarding()
             else:
                 # No config found - show CLI usage instead of onboarding
@@ -172,11 +176,12 @@ class ConfigSetup(BaseSetup):
             # Compare configs to see if anything changed
             current_config = json.dumps(self.state_manager.session.user_config, sort_keys=True)
             if initial_config != current_config:
-                if user_configuration.save_config(self.state_manager):
+                try:
+                    user_configuration.save_config(self.state_manager)
                     message = f"Config saved to: [bold]{self.config_file}[/bold]"
                     await ui.panel("Finished", message, top=0, border_style=UI_COLORS["success"])
-                else:
-                    await ui.error("Failed to save configuration.")
+                except ConfigurationError as e:
+                    await ui.error(str(e))
         else:
             await ui.panel(
                 "Setup canceled",
@@ -320,8 +325,9 @@ class ConfigSetup(BaseSetup):
         ]
 
         # Save the configuration
-        if user_configuration.save_config(self.state_manager):
+        try:
+            user_configuration.save_config(self.state_manager)
             await ui.warning("Model set without validation - verify the model name is correct")
             await ui.success(f"Configuration saved to: {self.config_file}")
-        else:
-            await ui.error("Failed to save configuration.")
+        except ConfigurationError as e:
+            await ui.error(str(e))

tunacode/tools/run_command.py

@@ -14,6 +14,7 @@ from tunacode.constants import (CMD_OUTPUT_FORMAT, CMD_OUTPUT_NO_ERRORS, CMD_OUT
 from tunacode.exceptions import ToolExecutionError
 from tunacode.tools.base import BaseTool
 from tunacode.types import ToolResult
+from tunacode.utils.security import CommandSecurityError, safe_subprocess_popen
 
 
 class RunCommandTool(BaseTool):
@@ -34,16 +35,23 @@ class RunCommandTool(BaseTool):
 
         Raises:
             FileNotFoundError: If command not found
+            CommandSecurityError: If command fails security validation
             Exception: Any command execution errors
         """
-        process = subprocess.Popen(
-            command,
-            shell=True,
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-            text=True,
-        )
-        stdout, stderr = process.communicate()
+        try:
+            # Use secure subprocess execution with validation
+            process = safe_subprocess_popen(
+                command,
+                shell=True,  # CLI tool requires shell features
+                validate=True,  # Enable security validation
+                stdout=subprocess.PIPE,
+                stderr=subprocess.PIPE,
+                text=True,
+            )
+            stdout, stderr = process.communicate()
+        except CommandSecurityError as e:
+            # Security validation failed - return error without execution
+            return f"Security validation failed: {str(e)}"
         output = stdout.strip() or CMD_OUTPUT_NO_OUTPUT
         error = stderr.strip() or CMD_OUTPUT_NO_ERRORS
         resp = CMD_OUTPUT_FORMAT.format(output=output, error=error).strip()
@@ -70,6 +78,8 @@ class RunCommandTool(BaseTool):
         """
         if isinstance(error, FileNotFoundError):
             err_msg = ERROR_COMMAND_EXECUTION.format(command=command, error=error)
+        elif isinstance(error, CommandSecurityError):
+            err_msg = f"Command blocked for security: {str(error)}"
         else:
             # Use parent class handling for other errors
             await super()._handle_error(error, command)

tunacode/utils/security.py

@@ -0,0 +1,208 @@
+"""
+Security utilities for safe command execution and input validation.
+Provides defensive measures against command injection attacks.
+"""
+
+import logging
+import re
+import shlex
+import subprocess
+from typing import List, Optional
+
+logger = logging.getLogger(__name__)
+
+# Dangerous shell metacharacters that indicate potential injection
+DANGEROUS_CHARS = [
+    ";",
+    "&",
+    "|",
+    "`",
+    "$",
+    "(",
+    ")",
+    "{",
+    "}",
+    "<",
+    ">",
+    "\n",
+    "\r",
+    "\\",
+    '"',
+    "'",
+]
+
+# Common injection patterns
+INJECTION_PATTERNS = [
+    r";\s*\w+",  # Command chaining with semicolon
+    r"&&\s*\w+",  # Command chaining with &&
+    r"\|\s*\w+",  # Piping to another command
+    r"`[^`]+`",  # Command substitution with backticks
+    r"\$\([^)]+\)",  # Command substitution with $()
+    r">\s*[/\w]",  # Output redirection
+    r"<\s*[/\w]",  # Input redirection
+]
+
+
+class CommandSecurityError(Exception):
+    """Raised when a command fails security validation."""
+
+    pass
+
+
+def validate_command_safety(command: str, allow_shell_features: bool = False) -> None:
+    """
+    Validate that a command is safe to execute.
+
+    Args:
+        command: The command string to validate
+        allow_shell_features: If True, allows some shell features like pipes
+
+    Raises:
+        CommandSecurityError: If the command contains potentially dangerous patterns
+    """
+    if not command or not command.strip():
+        raise CommandSecurityError("Empty command not allowed")
+
+    # Log the command being validated
+    logger.info(f"Validating command: {command[:100]}...")
+
+    # Always check for the most dangerous patterns regardless of shell features
+    dangerous_patterns = [
+        r"rm\s+-rf\s+/",  # Dangerous rm commands
+        r"sudo\s+rm",  # Sudo rm commands
+        r">\s*/dev/sd[a-z]",  # Writing to disk devices
+        r"dd\s+.*of=/dev/",  # DD to devices
+        r"mkfs\.",  # Format filesystem
+        r"fdisk",  # Partition manipulation
+        r":\(\)\{.*\}\;",  # Fork bomb pattern
+    ]
+
+    for pattern in dangerous_patterns:
+        if re.search(pattern, command, re.IGNORECASE):
+            logger.error(f"Highly dangerous pattern '{pattern}' detected in command")
+            raise CommandSecurityError("Command contains dangerous pattern and is blocked")
+
+    if not allow_shell_features:
+        # Check for dangerous characters (but allow some for CLI tools)
+        restricted_chars = [";", "&", "`", "$", "{", "}"]  # More permissive for CLI
+        for char in restricted_chars:
+            if char in command:
+                logger.warning(f"Potentially dangerous character '{char}' detected in command")
+                raise CommandSecurityError(f"Potentially unsafe character '{char}' in command")
+
+        # Check for injection patterns (more selective)
+        strict_patterns = [
+            r";\s*rm\s+",  # Command chaining to rm
+            r"&&\s*rm\s+",  # Command chaining to rm
+            r"`[^`]*rm[^`]*`",  # Command substitution with rm
+            r"\$\([^)]*rm[^)]*\)",  # Command substitution with rm
+        ]
+
+        for pattern in strict_patterns:
+            if re.search(pattern, command):
+                logger.warning(f"Dangerous injection pattern '{pattern}' detected in command")
+                raise CommandSecurityError("Potentially unsafe pattern detected in command")
+
+
+def sanitize_command_args(args: List[str]) -> List[str]:
+    """
+    Sanitize command arguments by shell-quoting them.
+
+    Args:
+        args: List of command arguments
+
+    Returns:
+        List of sanitized arguments
+    """
+    return [shlex.quote(arg) for arg in args]
+
+
+def safe_subprocess_run(
+    command: str,
+    shell: bool = False,
+    validate: bool = True,
+    timeout: Optional[int] = None,
+    **kwargs,
+) -> subprocess.CompletedProcess:
+    """
+    Safely execute a subprocess with security validation.
+
+    Args:
+        command: Command to execute (string if shell=True, list if shell=False)
+        shell: Whether to use shell execution (discouraged)
+        validate: Whether to validate command safety
+        timeout: Timeout in seconds
+        **kwargs: Additional subprocess arguments
+
+    Returns:
+        CompletedProcess result
+
+    Raises:
+        CommandSecurityError: If command fails security validation
+    """
+    if validate and shell and isinstance(command, str):
+        validate_command_safety(command, allow_shell_features=shell)
+
+    # Log the command execution
+    logger.info(f"Executing command: {str(command)[:100]}...")
+
+    try:
+        if shell:
+            # When using shell=True, command should be a string
+            result = subprocess.run(command, shell=True, timeout=timeout, **kwargs)
+        else:
+            # When shell=False, command should be a list
+            if isinstance(command, str):
+                # Parse the string into a list
+                command_list = shlex.split(command)
+            else:
+                command_list = command
+
+            result = subprocess.run(command_list, shell=False, timeout=timeout, **kwargs)
+
+        logger.info(f"Command completed with return code: {result.returncode}")
+        return result
+
+    except subprocess.TimeoutExpired:
+        logger.error(f"Command timed out after {timeout} seconds")
+        raise
+    except Exception as e:
+        logger.error(f"Command execution failed: {str(e)}")
+        raise
+
+
+def safe_subprocess_popen(
+    command: str, shell: bool = False, validate: bool = True, **kwargs
+) -> subprocess.Popen:
+    """
+    Safely create a subprocess.Popen with security validation.
+
+    Args:
+        command: Command to execute
+        shell: Whether to use shell execution (discouraged)
+        validate: Whether to validate command safety
+        **kwargs: Additional Popen arguments
+
+    Returns:
+        Popen process object
+
+    Raises:
+        CommandSecurityError: If command fails security validation
+    """
+    if validate and shell and isinstance(command, str):
+        validate_command_safety(command, allow_shell_features=shell)
+
+    # Log the command execution
+    logger.info(f"Creating Popen for command: {str(command)[:100]}...")
+
+    if shell:
+        # When using shell=True, command should be a string
+        return subprocess.Popen(command, shell=True, **kwargs)
+    else:
+        # When shell=False, command should be a list
+        if isinstance(command, str):
+            command_list = shlex.split(command)
+        else:
+            command_list = command
+
+        return subprocess.Popen(command_list, shell=False, **kwargs)

tunacode/utils/user_configuration.py

@@ -58,11 +58,23 @@ def save_config(state_manager: "StateManager") -> bool:
     """Save user config to file"""
     app_settings = ApplicationSettings()
     try:
+        # Ensure config directory exists
+        app_settings.paths.config_dir.mkdir(mode=0o700, parents=True, exist_ok=True)
+
+        # Write config file
         with open(app_settings.paths.config_file, "w") as f:
             json.dump(state_manager.session.user_config, f, indent=4)
         return True
-    except Exception:
-        return False
+    except PermissionError as e:
+        raise ConfigurationError(
+            f"Permission denied writing to {app_settings.paths.config_file}: {e}"
+        )
+    except OSError as e:
+        raise ConfigurationError(
+            f"Failed to save configuration to {app_settings.paths.config_file}: {e}"
+        )
+    except Exception as e:
+        raise ConfigurationError(f"Unexpected error saving configuration: {e}")
 
 
 def get_mcp_servers(state_manager: "StateManager") -> MCPServers:
@@ -73,4 +85,9 @@ def get_mcp_servers(state_manager: "StateManager") -> MCPServers:
 def set_default_model(model_name: ModelName, state_manager: "StateManager") -> bool:
     """Set the default model in the user config and save"""
     state_manager.session.user_config["default_model"] = model_name
-    return save_config(state_manager)
+    try:
+        save_config(state_manager)
+        return True
+    except ConfigurationError:
+        # Re-raise ConfigurationError to be handled by caller
+        raise

{tunacode_cli-0.0.33.dist-info → tunacode_cli-0.0.35.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: tunacode-cli
-Version: 0.0.33
+Version: 0.0.35
 Summary: Your agentic CLI developer.
 Author-email: larock22 <noreply@github.com>
 License-Expression: MIT
@@ -40,6 +40,7 @@ Dynamic: license-file
 <div align="center">
 
 [![PyPI version](https://badge.fury.io/py/tunacode-cli.svg)](https://badge.fury.io/py/tunacode-cli)
+[![Downloads](https://pepy.tech/badge/tunacode-cli)](https://pepy.tech/project/tunacode-cli)
 [![Python 3.10+](https://img.shields.io/badge/python-3.10+-blue.svg)](https://www.python.org/downloads/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
@@ -78,6 +79,17 @@ tunacode --model "openrouter:openai/gpt-4o" --key "sk-or-your-openrouter-key"
 
 Your config is saved to `~/.config/tunacode.json` (edit directly with `nvim ~/.config/tunacode.json`)
 
+### Recommended Models
+
+Based on extensive testing, these models provide the best performance:
+- `google/gemini-2.5-pro` - Excellent for complex reasoning
+- `openai/gpt-4.1` - Strong general-purpose model
+- `deepseek/deepseek-r1-0528` - Great for code generation
+- `openai/gpt-4.1-mini` - Fast and cost-effective
+- `anthropic/claude-4-sonnet-20250522` - Superior context handling
+
+*Note: Formal evaluations coming soon. Any model can work, but these have shown the best results in practice.*
+
 ## Start Coding
 
 ```bash
@@ -105,6 +117,13 @@ TunaCode leverages parallel execution for read-only operations, achieving **3x f
 
 Multiple file reads, directory listings, and searches execute concurrently using async I/O, making code exploration significantly faster.
 
+## Features in Development
+
+- **Streaming UI**: Currently working on implementing streaming responses for better user experience
+- **Bug Fixes**: Actively addressing issues - please report any bugs you encounter!
+
+*Note: While the tool is fully functional, we're focusing on stability and core features before optimizing for speed.*
+
 ## Safety First
 
 ⚠️ **Important**: TunaCode can modify your codebase. Always:

{tunacode_cli-0.0.33.dist-info → tunacode_cli-0.0.35.dist-info}/RECORD

@@ -1,14 +1,14 @@
 tunacode/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
-tunacode/constants.py,sha256=8uIqAbJSTPl8AM_40T6vjrqGDJ2OuxpBcqrWpZCEUeg,4074
+tunacode/constants.py,sha256=OnQYL4TeNFuMCo_7x9FGWmjQCSDOB544wPPs9oOKk-8,4074
 tunacode/context.py,sha256=6sterdRvPOyG3LU0nEAXpBsEPZbO3qtPyTlJBi-_VXE,2612
 tunacode/exceptions.py,sha256=mTWXuWyr1k16CGLWN2tsthDGi7lbx1JK0ekIqogYDP8,3105
 tunacode/py.typed,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tunacode/setup.py,sha256=dYn0NeAxtNIDSogWEmGSyjb9wsr8AonZ8vAo5sw9NIw,1909
 tunacode/types.py,sha256=BciT-uxnQ44iC-4QiDY72OD23LOtqSyMOuK_N0ttlaA,7676
 tunacode/cli/__init__.py,sha256=zgs0UbAck8hfvhYsWhWOfBe5oK09ug2De1r4RuQZREA,55
-tunacode/cli/commands.py,sha256=U9dP8wbBnSb-J3nKItRCd9wpQz7wD4urBOjLtCvn9Dc,29887
+tunacode/cli/commands.py,sha256=r-WYp5ajzkZfFjiLXuK9pfB5ugq3HWQyhRB8Usr567k,31668
 tunacode/cli/main.py,sha256=PIcFnfmIoI_pmK2y-zB_ouJbzR5fbSI7zsKQNPB_J8o,2406
-tunacode/cli/repl.py,sha256=o3bn9BYQsy3TFCWJq-fzeHKLrM2KInSrMF5E5_RqSOY,13736
+tunacode/cli/repl.py,sha256=ELnJBk3Vn2almXmmCIjGfgi7J5kNNVnO0o4KNYGXF9Q,14556
 tunacode/cli/textual_app.py,sha256=14-Nt0IIETmyHBrNn9uwSF3EwCcutwTp6gdoKgNm0sY,12593
 tunacode/cli/textual_bridge.py,sha256=LvqiTtF0hu3gNujzpKaW9h-m6xzEP3OH2M8KL2pCwRc,6333
 tunacode/configuration/__init__.py,sha256=MbVXy8bGu0yKehzgdgZ_mfWlYGvIdb1dY2Ly75nfuPE,17
@@ -20,14 +20,14 @@ tunacode/core/code_index.py,sha256=jgAx3lSWP_DwnyiP5Jkm1YvX4JJyI4teMzlNrJSpEOA,1
 tunacode/core/state.py,sha256=PHGCGjx_X03I5jO-T1JkREQm4cwYEXQty59JJlnk24c,1608
 tunacode/core/tool_handler.py,sha256=BPjR013OOO0cLXPdLeL2FDK0ixUwOYu59FfHdcdFhp4,2277
 tunacode/core/agents/__init__.py,sha256=UUJiPYb91arwziSpjd7vIk7XNGA_4HQbsOIbskSqevA,149
-tunacode/core/agents/main.py,sha256=bzex6MTucOf95je1XHICSsMRDKew4TUzg9RApceebj4,38203
+tunacode/core/agents/main.py,sha256=-QwKSKoPLdD-JlKPjwMUSxNu_TSrj-pdUleWR2FN-A0,39441
 tunacode/core/background/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tunacode/core/background/manager.py,sha256=rJdl3eDLTQwjbT7VhxXcJbZopCNR3M8ZGMbmeVnwwMc,1126
 tunacode/core/llm/__init__.py,sha256=47DEQpj8HBSa-_TImW-5JCeuQeRkm5NMpJWZG3hSuFU,0
 tunacode/core/setup/__init__.py,sha256=lzdpY6rIGf9DDlDBDGFvQZaSOQeFsNglHbkpq1-GtU8,376
 tunacode/core/setup/agent_setup.py,sha256=trELO8cPnWo36BBnYmXDEnDPdhBg0p-VLnx9A8hSSSQ,1401
 tunacode/core/setup/base.py,sha256=cbyT2-xK2mWgH4EO17VfM_OM2bj0kT895NW2jSXbe3c,968
-tunacode/core/setup/config_setup.py,sha256=A1MEbkZq2FvVg9FNlLD9_JO_vlr0ixP-6Ay0-2W7VvQ,14330
+tunacode/core/setup/config_setup.py,sha256=LnIGZrqDCWUhiMhJMnKX1gyaZhy6pKM8xf_fy_t9B3U,14516
 tunacode/core/setup/coordinator.py,sha256=oVTN2xIeJERXitVJpkIk9tDGLs1D1bxIRmaogJwZJFI,2049
 tunacode/core/setup/environment_setup.py,sha256=n3IrObKEynHZSwtUJ1FddMg2C4sHz7ca42awemImV8s,2225
 tunacode/core/setup/git_safety_setup.py,sha256=CRIqrQt0QUJQRS344njty_iCqTorrDhHlXRuET7w0Tk,6714
@@ -42,7 +42,7 @@ tunacode/tools/grep.py,sha256=jboEVA2ATv0YI8zg9dF89emZ_HWy2vVtsQ_-hDhlr7g,26337
 tunacode/tools/list_dir.py,sha256=1kNqzYCNlcA5rqXIEVqcjQy6QxlLZLj5AG6YIECfwio,7217
 tunacode/tools/read_file.py,sha256=BqHxPspZBYotz5wtjuP-zve61obsx98z5TU-aw5BJHg,3273
 tunacode/tools/read_file_async_poc.py,sha256=0rSfYCmoNcvWk8hB1z86l32-tomSc9yOM4tR4nrty_o,6267
-tunacode/tools/run_command.py,sha256=kYg_Re397OmZdKtUSjpNfYYNDBjd0vsS1xMK0yP181I,3776
+tunacode/tools/run_command.py,sha256=2TtndMIeOWHQRC2XwkxUDVb06Ob-RHKSheBdluH3QgQ,4433
 tunacode/tools/update_file.py,sha256=bW1MhTzRjBDjJzqQ6A1yCVEbkr1oIqtEC8uqcg_rfY4,3957
 tunacode/tools/write_file.py,sha256=prL6u8XOi9ZyPU-YNlG9YMLbSLrDJXDRuDX73ncXh-k,2699
 tunacode/ui/__init__.py,sha256=aRNE2pS50nFAX6y--rSGMNYwhz905g14gRd6g4BolYU,13
@@ -64,13 +64,14 @@ tunacode/utils/diff_utils.py,sha256=V9QqQ0q4MfabVTnWptF3IXDp3estnfOKcJtDe_Sj14I,
 tunacode/utils/file_utils.py,sha256=AXiAJ_idtlmXEi9pMvwtfPy9Ys3yK-F4K7qb_NpwonU,923
 tunacode/utils/import_cache.py,sha256=q_xjJbtju05YbFopLDSkIo1hOtCx3DOTl3GQE5FFDgs,295
 tunacode/utils/ripgrep.py,sha256=AXUs2FFt0A7KBV996deS8wreIlUzKOlAHJmwrcAr4No,583
+tunacode/utils/security.py,sha256=e_zo9VmcOKFjgFMr9GOBIFhAmND4PBlJZgY7zqnsGjI,6548
 tunacode/utils/system.py,sha256=FSoibTIH0eybs4oNzbYyufIiV6gb77QaeY2yGqW39AY,11381
 tunacode/utils/text_utils.py,sha256=zRBaorvtyd7HBEWtIfCH1Wce1L6rhsQwpORUEGBFMjA,2981
 tunacode/utils/token_counter.py,sha256=nGCWwrHHFbKywqeDCEuJnADCkfJuzysWiB6cCltJOKI,648
-tunacode/utils/user_configuration.py,sha256=IGvUH37wWtZ4M5xpukZEWYhtuKKyKcl6DaeObGXdleU,2610
-tunacode_cli-0.0.33.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
-tunacode_cli-0.0.33.dist-info/METADATA,sha256=vf_6TFB9fo7MDRHtXDvLKPys_W4E6t_vzNp-cPpRocQ,4023
-tunacode_cli-0.0.33.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
-tunacode_cli-0.0.33.dist-info/entry_points.txt,sha256=hbkytikj4dGu6rizPuAd_DGUPBGF191RTnhr9wdhORY,51
-tunacode_cli-0.0.33.dist-info/top_level.txt,sha256=lKy2P6BWNi5XSA4DHFvyjQ14V26lDZctwdmhEJrxQbU,9
-tunacode_cli-0.0.33.dist-info/RECORD,,
+tunacode/utils/user_configuration.py,sha256=Ilz8dpGVJDBE2iLWHAPT0xR8D51VRKV3kIbsAz8Bboc,3275
+tunacode_cli-0.0.35.dist-info/licenses/LICENSE,sha256=Btzdu2kIoMbdSp6OyCLupB1aRgpTCJ_szMimgEnpkkE,1056
+tunacode_cli-0.0.35.dist-info/METADATA,sha256=4ck_-g8eF10l6md95_EaEK1Sd4UmqmRAUEJacINtDA8,4943
+tunacode_cli-0.0.35.dist-info/WHEEL,sha256=_zCd3N1l69ArxyTb8rzEoP9TpbYXkqRFSNOD5OuxnTs,91
+tunacode_cli-0.0.35.dist-info/entry_points.txt,sha256=hbkytikj4dGu6rizPuAd_DGUPBGF191RTnhr9wdhORY,51
+tunacode_cli-0.0.35.dist-info/top_level.txt,sha256=lKy2P6BWNi5XSA4DHFvyjQ14V26lDZctwdmhEJrxQbU,9
+tunacode_cli-0.0.35.dist-info/RECORD,,