claude-code-best
1dfe909301
fix: 修复 voice provider 的问题
2026-06-04 14:07:37 +08:00
James Feng
44bfc189e0
fix: 创建 agent 后刷新 loadMarkdownFilesForSubdir 缓存
...
新建 agent 后 clearAgentDefinitionsCache 漏清底层
loadMarkdownFilesForSubdir 的 memoize 缓存,导致新
agent 不会立即出现在列表中,需要重启才能生效。
Upstream: eb833da3
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 13:54:47 +08:00
cepvor
cbe32ea58a
fix: showSpinnerTree 模式下保留 local-agent token 显示
...
PR #1226 的 CodeRabbit 审查指出:当 spinner-tree 模式开启时,
local-agent(后台代理)的 token 消耗完全不可见,因为它们没有
在树中有独立行,但被 showSpinnerTree 的 guard 排除了。
修复:将 guard 从循环外移到循环内,仅对 in_process_teammate
任务在 tree 模式下跳过(它们有独立树行),local-agent 任务
始终计入 teammateTokens。
Closes: review comment from PR #1226 (originally belongs to PR #1225 )
Co-Authored-By: deepseek-v4-pro[1m] <deepseek-ai@claude-code-best.win>
2026-06-04 13:39:53 +08:00
cepvor
4e050df994
fix: 修复子代理 token 消耗在主 spinner 中始终显示为 0
...
Spinner.tsx 的 token 聚合循环仅统计 in_process_teammate 类型任务,
漏掉了 local_agent(后台代理/verification agent)类型。当后台代理
运行时,主界面 spinner 一直显示 "↓ 0 tokens",因为 background agent
的 token 消耗未被纳入 teammateTokens 聚合。
同时在 inProcessRunner.ts 中,进程内队友完成时计算并设置 result
(含 totalTokens/totalToolUseCount/content/usage),使详情弹窗可以
正确展示累计 token 消耗,不再仅依赖 progress.tokenCount 间歇更新。
Co-Authored-By: deepseek-v4-pro[1m] <deepseek-ai@claude-code-best.win>
2026-06-04 13:39:44 +08:00
claude-code-best
1d3951d44d
fix: 添加 React Error Boundary 防止生产环境渲染崩溃
...
增强 SentryErrorBoundary 组件,捕获渲染错误时输出诊断信息
(错误消息 + component stack)到 stderr 和终端,而非静默返回
null。在 replLauncher 根节点和 Messages 组件层级包裹 Error
Boundary,防止 Ink 内部的 Error Boundary 直接终止进程。
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 13:38:32 +08:00
claude-code-best
35927b20ad
fix: 提升 CLAUDE.md 指令权重 — 独立 project-instructions + deferred tools 位置调整
...
- prependUserContext: 将 claudeMd 从通用 <system-reminder> 提取为独立的
<project-instructions> 用户消息,不带免责声明,置于消息列表最前面
- queryModel: deferred tools 消息从 prepend 改为 append,避免抢占
project-instructions 的最高权重位置;标签规范化为 <system-reminder>
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 13:37:41 +08:00
James Feng
a308aa8fcc
fix: add missing FILE_WRITE_TOOL_NAME import + poorMode stub (regressions from P2 cherry-picks)
2026-06-04 13:16:05 +08:00
claude-code-best
eaa6199f22
fix: 修复 Tool Search 缓存失效 — deferred 工具不再动态注入 tools 数组
...
移除 deferred 工具的 "discover then include" 逻辑,让 tools 数组在整个会话中
保持稳定(只有 core tools + ToolSearch + ExecuteExtraTool),避免每次发现新
工具时 tools JSON 变化导致 prompt cache 失效。
同时强化工具优先级引导:core tools 优先直接调用,ToolSearch/ExecuteExtraTool
仅作为发现和调用 deferred 工具的最后手段。当模型搜索已加载的 core tool 时,
ToolSearch 返回明确的拒绝提示。
Co-Authored-By: glm-5.1[1m] <zai-org@claude-code-best.win>
2026-06-04 13:04:45 +08:00
claude-code-best
3922ce074a
fix: 将 ExecuteExtraTool 加入 ASYNC_AGENT_ALLOWED_TOOLS 允许子代理执行延迟工具
2026-06-04 12:58:11 +08:00
James Feng
379335e3b2
feat: add provider-aware model name resolution for attribution (cherry-pick 771e3db + f7f69b7)
...
- Add attributionModel.ts: getRealModelName() resolves model names for
OpenAI/Gemini providers, so Git commit sign-off shows correct model
name (DeepSeek/GPT/Gemini) instead of Anthropic default.
- Wire into attribution.ts: replace multi-branch fallback logic with
simple getRealModelName() call.
- CCP's APIProvider doesn't include 'grok' — skipped that case.
2026-06-04 12:46:51 +08:00
claude-code-best
aa72a8ed6c
fix: 修复 model alias 导致无限递归栈溢出 (cherry-pick cee62bc)
2026-06-04 12:38:02 +08:00
claude-code-best
f484c9fa7c
fix: 修复 openai 的 cost 计算问题
2026-06-04 12:37:33 +08:00
HitMargin
ef80d21dbe
fix: make modelType take precedence over all env vars in getAPIProvider
2026-06-04 12:37:29 +08:00
claude-code-best
72b13ee215
fix: 尝试修复第三方 api 不兼容部分参数问题
2026-06-04 12:37:26 +08:00
claude-code-best
90406a10be
fix: 移除 auto mode 的 provider 和模型白名单限制
...
移除 firstParty provider 限制和 claude-(opus|sonnet)-4-[67] 模型白名单,
使所有模型和 provider 在 TRANSCRIPT_CLASSIFIER feature 启用时均可使用 auto mode。
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 12:37:25 +08:00
claude-code-best
d35f0db17d
fix: highlight 缓存改用 LRUCache 降低内存开销
...
- Fallback.tsx: 手动 Map LRU 替换为 lru-cache 的 LRUCache
- Markdown.tsx: tokenCache 同样替换为 LRUCache
- color-diff-napi: 新增行级 hljs AST 缓存,避免终端 resize 时重复高亮
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 12:37:11 +08:00
claude-code-best
b4629aa5bb
perf: 表格渲染效率升级
2026-06-04 12:37:07 +08:00
claude-code-best
b7bbbeb039
fix: 优化内存峰值与 CPU 性能,降低 100-300MB 内存占用
...
- claude.ts: 流式字符串拼接从 O(n²) += 改为数组累积 join,消除 4 处热点
- Messages.tsx: 合并 3 组独立遍历为单次 pass(thinking/bash 查找、3-filter 链、divider/selectedIdx)
- HighlightedCode.tsx: ColorFile 实例添加模块级 LRU 缓存(50 条),避免重复创建
- screen.ts: StylePool 衍生缓存添加 1000 条上限淘汰,防止无界增长
- CompanionSprite.tsx: TICK_MS 从 500ms 提升至 1000ms,减少 setState 频率
- connection.ts: MCP stderr 缓冲从 64MB 降至 8MB
- stringUtils.ts: MAX_STRING_LENGTH 从 32MB 降至 2MB
- sessionStorage.ts: Transcript 写入队列添加 1000 条上限
- query.ts: spread 改 concat 减少一次数组拷贝
- PromptInputFooterLeftSide.tsx: 显示进程 pid 便于调试
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 12:36:59 +08:00
claude-code-best
aff7b0e853
fix: 内存优化 — 预测性 compact 阈值、增量 lookups orphaned 修复、deferred slice 引用优化
...
- P0: REPL.tsx 用 useMemo 包裹 deferred messages slice,避免每次渲染创建新数组引用导致不必要的后台重渲染
- P1: 预测性 compact 阈值改用 effectiveContextWindow - growth,消除与 autocompact buffer 的双重预留;TOOL_RESULT_GROWTH_ESTIMATE 从 20K 降至 15K
- P2: 增量 lookups 增加 lastAssistantMsgId 一致性检查和 orphaned server_tool_use/mcp_tool_use 扫描,防止 UI 永久 loading
- P3: reactiveCompact 类型断言改为直接使用 'compact' 字面量
- docs: CLAUDE.md 统一使用 precheck 替代分散的 typecheck/lint/test 命令
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 12:36:34 +08:00
James Feng
23ea5a67d3
fix: restore poor mode stubs (CCP-specific, prevents build failure)
2026-06-04 12:36:19 +08:00
claude-code-best
39a3ff8d7a
fix: 修复长时间运行会话的内存泄漏问题
...
/clear 时释放 STATE 中保存的大块数据(API 请求/分类器请求/模型统计),
全屏模式增加 500 条消息上限防止无限增长,修复 progress 消息去重逻辑
避免交错消息导致重复累积(观察到 13k+ 条目/1GB+ 堆)。
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 12:35:30 +08:00
James Feng
dc71add9d8
feat: register LocalMemoryRecallTool + VaultHttpFetchTool wiring (cherry-pick 5bb0306)
...
Upstream: 5bb0306 — feat: 添加 LocalMemoryRecallTool 和 VaultHttpFetchTool
Tool sources were already present in CCP (pulled in via 39ba9a56 ).
This commit adds the wiring:
- Register LOCAL_MEMORY_RECALL_TOOL_NAME in ALL_AGENT_DISALLOWED_TOOLS
- Add agentToolFilter utility for fork subagent tool inheritance
- Add agentToolFilter tests
Build: 561 files, bun run build ✔
Runtime: ccp --version → 2.6.5 ✔
2026-06-04 12:10:05 +08:00
James Feng
663ae6d627
partial: apply autonomy lifecycle fixes from f2e9af4 (queue lifecycle + transitions types)
2026-06-04 11:29:30 +08:00
claude-code-best
a3ef9a1b12
feat: 添加本地 Memory/Vault 管理命令
...
- /local-memory: 本地记忆管理(store/entry CRUD、搜索、归档)
- /local-vault: 本地密钥保险库管理(加解密、keychain 集成)
- permissionValidation: vault 权限校验增强
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 11:16:18 +08:00
uk0
a442aee5f4
fix: OpenAI adapter tool calling compatibility
...
Two fixes for OpenAI-compatible provider compatibility:
1. Sanitize JSON Schema `const` → `enum` in tool parameters.
Many OpenAI-compatible endpoints (Ollama, DeepSeek, vLLM, etc.)
do not support the `const` keyword in JSON Schema. Recursively
convert `const: value` to `enum: [value]` which is semantically
equivalent.
2. Force stop_reason to `tool_use` when tool_calls are present.
Some backends incorrectly return finish_reason "stop" even when
the response contains tool_calls. Without this fix, the query
loop treats the response as a normal end_turn and never executes
the requested tools.
2026-06-04 11:16:16 +08:00
bonerush
70d6b28853
fix: Fix deferred tools handling in OpenAI compatibility layer ( #193 )
...
* fix: reorder tool and user messages for OpenAI API compatibility (#168 )
Fixes #168
OpenAI requires that an assistant message with tool_calls be immediately
followed by tool messages. Previously, convertInternalUserMessage
output user content before tool results, causing 400 errors.
Now tool messages are pushed first.
* fix: 修复OpenAI兼容层中deferred tools处理问题
提交描述:
修复了在使用OpenAI兼容API时TaskCreate工具调用失败的问题。
问题:
- 当使用OpenAI兼容API模型时,调用TaskCreate工具出现"InputValidationError: The required
parameter `subject` is missing"错误
- OpenAI兼容层没有正确处理deferred tools的过滤逻辑,导致工具schema没有被正确发送给模型
修复:
1. 在OpenAI兼容层中添加了与Anthropic API路径一致的deferred tools处理逻辑
2. 导入必要的工具搜索相关函数: isToolSearchEnabled, extractDiscoveredToolNames,
isDeferredTool等
3. 实现工具过滤逻辑:
- 检查工具搜索是否启用
- 构建deferred tools集合
- 过滤工具列表: 只包含非deferred工具或已发现的deferred工具
- 为deferred tools设置deferLoading标志
4. 修正了extractDiscoveredToolNames函数的导入路径错误
影响:
- 解决了TaskCreate工具调用时的参数验证错误
- 确保OpenAI兼容层与Anthropic API路径在处理deferred tools时行为一致
- 支持工具搜索功能在OpenAI兼容模式下正常工作
修改的文件:
- src/services/api/openai/index.ts - 主要修复文件
测试建议:
1. 使用OpenAI兼容API模型时,TaskCreate工具应该可以正常调用
2. 如果工具搜索功能启用,可能需要先使用ToolSearchTool来发现TaskCreate工具
3. 验证工具调用时不再出现"InputValidationError"错误
这个修复确保了当使用OpenAI兼容API(如Ollama、DeepSeek、vLLM等)时,deferred
tools(如TaskCreate)能够被正确处理,解决了工具调用失败的问题。
2026-06-04 11:16:06 +08:00
claude-code-best
b8dec7f7e1
fix: 内存优化 — FileReadTool 100KB 上限、lookups 缓存、microcompact 替换清理
...
- FileReadTool maxResultSizeChars 从 Infinity 改为 100KB,大文件持久化到磁盘
- Messages.tsx 新增 computeMessageStructureKey 缓存,流式 delta 时跳过 8 个 Map/Set 重建
- microcompact 返回 clearedToolUseIds,query.ts 消费后清理 replacements Map 释放原始字符串
- 更新内存分析报告 Round 5 和 file-operations 文档
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-04 11:03:04 +08:00
claude-code-best
3b38767cfe
refactor: 精简系统提示词 — 合并沟通风格段落、精简 memory/工具描述、截断 gitStatus
...
- 合并 getOutputEfficiencySection + getSimpleToneAndStyleSection 为精简的 Communication style
- 精简 auto memory 指令:删除 4 种类型的详细说明和示例,仅保留核心 description
- 精简 Agent 工具:删除 forkExamples 和 currentExamples 大段示例
- 精简 Bash 工具:合并 sleep 相关指导
- 精简 EnterPlanMode/ExitPlanMode:删除详细 GOOD/BAD 示例
- gitStatus MAX_STATUS_CHARS 从 2000 降到 1000
- 同步更新 prompt engineering audit 测试断言
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 10:46:51 +08:00
claude-code-best
95482ce721
feat: 添加 Session Memory 多存储支持
...
Markdown 文件存储的本地记忆系统,支持多 store 管理、
entry 增删改查和归档,存储于 ~/.claude/local-memory/。
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 10:46:23 +08:00
claude-code-best
51ce093161
fix: 修复对穷鬼模式的 auto dream 和 session memory 越过
2026-06-04 10:46:23 +08:00
Dosion
1c8021643c
feat(autofix-pr): 完整完成回流机制 (latent bug fix + completionChecker + 内容回流) ( #1240 )
...
* fix(autofix-pr): 修复 taskId 不一致导致 monitor lock dangling
问题:createAutofixTeammate 生成 teammate UUID 作为 monitor lock 的 key,
但 registerRemoteAgentTask 内部生成的 framework taskId 是另一个 UUID。
CCR session 自然完成时框架调 clearActiveMonitor(frameworkTaskId)
guard 失败,lock 永不释放,导致后续 /autofix-pr 报 "already monitoring"。
修复(Phase 1 of remote-agent completion loop):
- monitorState 新增 updateActiveMonitor(partial) 原子更新
- callAutofixPr 在 register 后 swap lock 的 taskId 到 framework 分配的 id
- RemoteAgentTask 引入 registerCompletionHook 注册式 API(参考已有的
registerCompletionChecker 模式),在 5 个完成路径调 runCompletionHook
- autofix-pr 命令模块自己注册 cleanup hook,避免 framework 反向依赖
command 模块
测试:
- monitorState 新增 4 个测试(updateActiveMonitor 行为 + bug 复现/修复)
- launchAutofixPr 新增 3 个端到端回归测试(taskId swap + hook 触发 +
subsequent launch 不报 already monitoring)
完整分析与 Phase 2/3 改造方案见
docs/features/remote-agent-completion-analysis.md。
* feat(autofix-pr): 注册 completionChecker 用 gh CLI 探测 PR 完成
Phase 2 of remote-agent completion loop。Phase 1 修了 monitor lock
dangling,但完成信号仍然只能等 CCR session 自然 archive(timing 不可
预测,且不知道 PR 究竟有没有被修好)。Phase 2 加上主动完成探测。
实现:
- 新增 prOutcomeCheck.ts(纯决策矩阵):summariseAutofixOutcome 给定
PR 快照 + 基线 SHA 返回 completed/summary。8 个决策分支单元测试。
- 新增 prFetch.ts(spawn 层):runGhPrView 调 gh CLI,fetchPrHeadSha
在 launch 时捕获基线 SHA,checkPrAutofixOutcome 组合两者。
- AutofixPrRemoteTaskMetadata 加 initialHeadSha?: string 字段,survive
--resume。
- launchAutofixPr.ts 模块顶部 registerCompletionChecker('autofix-pr',
...),5s throttle 防 gh CLI 调用爆。callAutofixPr 启动时调
fetchPrHeadSha 传入 metadata。
决策矩阵:
MERGED → done(merged)
CLOSED 未 merge → done(closed without fix)
OPEN 无 baseline → 继续轮询
OPEN head 未变 → 继续轮询(agent 还没 push)
OPEN head 变 + CI pending → 继续轮询
OPEN head 变 + CI failure → done(surface red,user 决定 retry)
OPEN head 变 + CI success → done(clean fix)
设计:
- gh CLI 而非 Octokit:复用用户已有 auth,不引入 token 管理
- 决策与 spawn 分文件:prOutcomeCheck 纯函数易测,prFetch 单独 mock
避免 Bun mock.module 进程级污染(已在 launchAutofixPr.test 注释说明)
- 5s throttle:framework 每 1s 轮询,gh CLI subprocess 太重不能跟上
- 失败兜底:fetchPrHeadSha/checkPrAutofixOutcome 失败均不抛,returns
null/false,framework 继续走原路径
测试:
- prOutcomeCheck 9 个单测覆盖决策矩阵
- launchAutofixPr 5 个新测试:checker 注册 / fetchPrHeadSha 调用 /
initialHeadSha 传 metadata / SHA 失败仍能 launch / SHA null 处理
完整方案见 docs/features/remote-agent-completion-analysis.md。
* feat(autofix-pr): 内容回流让本地模型读到 PR 修复结果
Phase 3 of remote-agent completion loop。Phase 2 注册了 completionChecker
让框架能在 PR 合并/关闭/有 push+CI 绿时主动完成 task,但 task-notification
仍然只携带 generic 文本(""${owner}/${repo}#42 merged"")。Phase 3 让本地
模型读到远端 agent 自己产出的结构化结果(commits 列表、files 列表、CI
状态、人类可读 summary)。
实现:
- 新增 extractAutofixResultFromLog (src/commands/autofix-pr/
extractAutofixResult.ts):从 SDKMessage[] 中扫 <autofix-result> tag,
优先 hook stdout 后 fallback assistant text,latest-wins。10 个单测。
- RemoteAgentTask 新增 registerContentExtractor 注册式 API + 私有
enqueueRichRemoteNotification(参考 enqueueRemoteReviewNotification),
在 3 个 generic 完成路径(archived / completionChecker / result-driven)
先尝试 tryExtractRichContent,有内容用 rich 变体,没有走 generic。
isRemoteReview 路径不变(它走自己的 enqueueRemoteReviewNotification)。
- launchAutofixPr.ts 模块顶部 registerContentExtractor('autofix-pr',
extractAutofixResultFromLog)。initialMessage 加 <autofix-result> 输出
指令(pr-number / commits-pushed / files-changed / ci-status / summary)。
设计:
- 注册式 API(同 Phase 1 hook + Phase 2 checker):framework 不反向依赖
命令模块,所有 PR-specific 逻辑在 autofix-pr/
- latest-wins:agent 重试时只取最新 tag,旧 tag 不会污染
- truncated tag → null:开 tag 无对应闭 tag 视为不完整,走 generic
fallback
- 跨 message 不拼接:开 tag 和闭 tag 在不同 message 视为不完整(避免
误拼字符串)
- 字符串 content 不解析:assistant.message.content 为 string(非 block
array)的少见路径直接 skip,不 crash
测试:
- extractAutofixResultFromLog 10 个单测(空 log / 无 tag / hook stdout /
assistant text / hook_response subtype / 多 tag latest-wins / 截断 /
hook 后于 assistant 的优先级 / 跨 message 不拼接 / 字符串 content
graceful)
- launchAutofixPr 3 个新测试(extractor 注册 / initialMessage 含 tag
schema / extractor 真实行为)
完整方案见 docs/features/remote-agent-completion-analysis.md 第 5.3 节。
* fix(autofix-pr): extractBetween 支持 latest tag 截断时回溯到更早完整对
如果远端 agent 重试时写了完整 <autofix-result> 后又开了一个被截断的
第二个 tag, 旧实现只看 lastIndexOf(open) 然后找不到 close 就返回 null,
导致前面那个完整结果被丢弃。改为从尾向首遍历所有 open tag, 返回第一个
能配对的 open/close 对。
附带:
- docs/features/remote-agent-completion-analysis.md: 9 处裸 fenced block
补 language tag (text/http), 修复 markdownlint MD040 警告
- 同文件: 两处"三选项" → "三个选项" 符合中文量词习惯
* test(autofix-pr): 补齐 completionChecker / 边界 CI 检查覆盖率
针对 codecov patch coverage gap, 补足三块此前未走到的代码路径:
prOutcomeCheck.ts (原 96.92%, 2 lines missing):
- statusCheckRollup === undefined 路径 (与空数组分支不同, GitHub 在无
checks 配置的 PR 上直接省略字段)
- COMPLETED 状态但 conclusion 为 null/空 的 in-flight 检查归为 pending
launchAutofixPr.ts (原 58.33%, 15 lines missing):
- registerCompletionChecker arrow body: metadata 缺失早返回 / 节流窗口内
返回 null / completed=false 返回 null / completed=true 返回 summary /
initialHeadSha 透传到 checkPrAutofixOutcome
- registerCompletionHook 的 if(meta) 短路两侧: 有 metadata 时清空节流条目,
无 metadata 时仍释放 active monitor lock
所有新测试沿用现有 mock.module 与 registerXxxMock.mock.calls 拉取注册
回调的模式, 无新增依赖。prOutcomeCheck 11/11 本地通过。
* style: biome check --fix 整形 launchAutofixPr.test 新增段
---------
Co-authored-by: unraid <local@unraid.local>
Co-authored-by: Claude <noreply@anthropic.com>
2026-06-04 09:56:54 +08:00
claude-code-best
241aca1e0f
feat: 添加 GitHub 集成命令(issue、share、autofix-pr)
...
- /issue: 通过 gh CLI 创建 GitHub issue,支持标签/指派
- /share: 会话日志分享到 GitHub Gist,支持密钥脱敏
- /autofix-pr: 自动修复 CI 失败的 PR,进度追踪
- launchCommand: 共享命令启动器
Co-Authored-By: glm-5-turbo <zai-org@claude-code-best.win>
2026-06-04 09:56:20 +08:00
James Feng
64ca325020
feat: add local analytics sink for self-analysis
...
- localSink.ts: writes every logEvent to ~/.claude/local_analytics.jsonl
- Modified index.ts: logEvent() now writes locally in parallel with upstream sinks
- analyze_analytics.py: Python analysis script — event stats, tool rankings,
time distribution, security events, RL preference signals
No upstream data flow is affected. Local writes are non-blocking append.
Testing: one -p 'hello' captured 32 events across 19 event types.
2026-06-04 01:15:36 +08:00
James Feng
0d30c6b064
fix: move ToolSearchTool from packages/builtin-tools/ to src/tools/
...
Eliminates cross-workspace circular dependency that triggered
Bun ARM code-splitting deadlock. The tool's 471-line RL data
collection infrastructure (analytics, GrowthBook, scoring weights,
tool_reference API) is preserved intact.
Changes:
- Move ToolSearchTool.ts, prompt.ts, constants.ts to src/tools/ToolSearchTool/
- Update 11 consumer imports from @claude-code-best/builtin-tools/ to relative paths
- Delete stubs and empty shells (MonitorTool.tsx, WorkflowPermissionRequest.tsx)
- Verify: splitting build succeeds, runtime -p mode responds without deadlock
2026-06-04 01:15:36 +08:00
James Feng
70bc47eadc
fix(security): Phase 4 — fix remaining reachable CodeQL alerts
...
Command injection (real fix):
- which.ts: switch to array-args execa, remove shell:true
- execFileNoThrowPortable/execSyncWrapper/imagePaste/execFileNoThrow: security comments
Log injection:
- handlers/mcp.tsx: security comments (secrets already redacted)
ReDoS:
- debugFilter.ts: split regex, add input length guard
Sanitization bypass:
- stripHtml.ts: loop-based script/style removal
- claudemd.ts: loop-based HTML comment stripping
- sedEditParser.ts: single-pass char scan replaces chained replaces
- bingAdapter.ts: URL.hostname comparison instead of string includes
Tests: 3068 pass, 0 fail
2026-06-03 19:51:17 +08:00
James Feng
a249bbe9a6
fix(security): extract shared stripHtmlToText() utility (fixes #18-24)
...
- Create src/utils/stripHtml.ts with he-based HTML-to-text conversion
- Replace bingAdapter's inline regex+decodeHtmlEntities with stripHtmlToText()
- Replace WebBrowserTool's inline regex chain with stripHtmlToText()
- Add stripHtml.test.ts with 6 test cases
- Update bingAdapter test expectation for whitespace normalization
Test: 3068 pass, 0 fail
2026-06-03 17:05:49 +08:00
James Feng
368dd99d01
fix(security): prevent shell injection in headersHelper ( #36 )
...
- Parse headersHelper command with shell-quote to reject operators
- Call execFileNoThrowWithCwd(cmd, args) without shell: true
- Remove shell option from ExecFileWithCwdOptions type entirely
- Add headersHelper.test.ts with injection rejection test
- Fix existing MCP test mocks for compatibility
Test: MCP tests 91/0, full suite 3058 pass (0 new failures)
2026-06-03 16:59:16 +08:00
James Feng
f8c3354c75
fix(security): replace URL substring checks with proper URL parsing
...
- schemas.ts: add isOfficialGitHubOrgUrl() using new URL() for exact
hostname validation, preventing evilgithub.com bypass (fixes #41-43)
- install-github-app.tsx: add parseGitHubRepoUrl() with URL + SSH parsing,
replace includes('github.com') substring check
Test: 3060 pass, 0 fail (4 getLanIPs intermittent, not related)
2026-06-03 16:50:31 +08:00
James Feng
bdfff8de97
Phase 2: delete src/tools/ — align with upstream monorepo
...
Deleted all 50 tool directories from src/tools/ (28,508 lines).
All tools already exist in packages/builtin-tools/src/tools/ (upstream authoritative).
No import breakage — src/tools.ts already uses @claude-code-best/builtin-tools paths.
Test baseline:
src/: 3055 pass, 5 fail, 4 skip
pkg/: 1133 pass, 5 fail, 4 skip
5 failures are pre-existing regressions (BashTool /dev/tcp, AgentTool prompt terms)
2026-06-03 16:25:10 +08:00
James Feng
638affff3f
Phase 2b Batch 3: merge AgentTool(38) drift files
...
- Merged 38 files from src/tools/AgentTool/ into packages/builtin-tools/
- 4 prompt.ts tests fail due to expected terminology changes (fork vs non-fork)
- Test: 3257 pass / 11 fail (4 transient + 1 BashTool known + 4 prompt + 2 baseline)
- Build: succeeds
2026-06-03 15:47:56 +08:00
James Feng
46b2b0bfc3
Phase 2b Batch 2: merge BashTool(23) + FileEditTool(13) + FileWriteTool(5) drift files
...
- Merged 41 files from src/tools/ into packages/builtin-tools/src/tools/
- All src/tools originals deleted
- 1 known regression: bashCommandIsSafe_DEPRECATED no longer blocks /dev/tcp as argument
- Test: 3288 pass / 5 fail (1 new BashTool security check regression)
- Build: succeeds
2026-06-03 15:44:00 +08:00
James Feng
0c01c93e80
Phase 2a: mechanical dedup — import rewrite to canonical package
...
- Migrated src/tools/-only files into packages/builtin-tools/src/tools/
- Rewrote all src/tools/ imports to @claude-code-best/builtin-tools/tools/
- Deleted 121 identical duplicate files from src/tools/
- 238 drifted files preserved in src/tools/ for Phase 2b manual merge
- 359 files changed: 914 insertions, 4042 deletions
Build: 568 files bundled ✓
Test: 3340 pass / 4 fail (baseline) ✓
2026-06-03 13:54:22 +08:00
James Feng
bad81fdfcc
Phase 1: security do-now — redaction helpers + RCS defaults hardened
...
- Add src/utils/sensitive.ts: redactUrl/redactValue/redactForLog
- Apply redaction to MCP config printing (mcp.tsx)
- Apply redaction to hard-fail logging (log.ts)
- Apply redaction to chrome native host debug log
- Apply redaction to CLI error output (exit.ts)
- RCS: default bind to 127.0.0.1 instead of 0.0.0.0
- RCS: CORS restricted to localhost + baseUrl whitelist
- pipeTransport: default bind to 127.0.0.1 via PIPE_HOST env
2026-06-03 13:43:38 +08:00
James Feng
cdd62520eb
feat(upstream): sync b1c4f40f ACP fix + WorkflowTool top-level require()
...
Codex cherry-pick:
- b1c4f40f: fix ACP extended thinking + tool_use 连续 user 消息导致 400
→ src/utils/messages.ts: ensureToolResultPairing 检查连续 user 消息
→ src/utils/tests/messages.test.ts: 新增测试(冲突手动解决)
James 兜底:
- tools.ts: WorkflowTool lazy getter → top-level require (MonitorTool 模式)
移除 initBundledWorkflows() 调用(经确认是 no-op)
原因: lazy getter 在 splitting:true 下运行时触发 chunk load 死锁
审核结论:
- 上游 a91653a0/6dd378bf/efc218d8 已存在(之前已合入)
- 上游 9d17597e autofix-pr 回流跳过(大规模改动,stub 无基础)
- WORKFLOW_SCRIPTS 仍禁用: top-level require 在 splitting:true 下
触发 WorkflowTool chunk 循环死锁(非加载模式问题,是 chunk 依赖图过深)
当前 splitting:true 启用状态:
MONITOR_TOOL ✅ | WORKFLOW_SCRIPTS ❌ | 其他 features ✅
验证: --version / -p / --print / 源码模式 全部通过
2026-06-02 14:45:21 +08:00
claude-code-best
b1d322f7cc
fix: ACP 模式下 extended thinking + tool_use 触发连续 user 消息导致 400 (CC-1215)
2026-06-02 14:39:19 +08:00
James Feng
21f126b76a
feat(build): splitting:true + MONITOR_TOOL 恢复 + WorkflowTool lazy getter
...
Codex 完成:
- build.ts: splitting: false → true (562 files code-split 构建)
- defines.ts: MONITOR_TOOL 重新启用(require() 迁移后无死锁)
- 验证 splitting:true 产物 -p/--print 全部正常
James 兜底:
- tools.ts: WorkflowTool IIFE → lazy getter (getWorkflowTool)
避免模块初始化时的 chunk 加载死锁,但 WORKFLOW_SCRIPTS 仍因
更深的 chunk 依赖图问题 hang,暂时保持禁用
- getAllBaseTools() 中 WorkflowTool 引用改为 lazy getter
状态:
| splitting:true | 562 files ✅ |
| MONITOR_TOOL | enabled ✅ |
| WORKFLOW_SCRIPTS | disabled (lazy getter 不足) |
验证: --version / -p / --print / 源码模式 全部通过
2026-06-02 14:22:42 +08:00
James Feng
98bb25636b
refactor(tools): static import → require() 迁移 + 兜底修复
...
Codex 完成:
- tools.ts: 7 个 static import (指向空壳 stub) → require("@claude-code-best/builtin-tools/...")
涉及: SleepTool, CronTools, RemoteTriggerTool, MonitorTool, SendUserFileTool,
PushNotificationTool, TeamCreateTool, TeamDeleteTool, SendMessageTool, WorkflowTool
- PermissionRequest.tsx: MonitorTool require() 指向 builtin-tools
- TeamCreateTool/DeleteTool/SendMessageTool 用 lazy require() 打破循环依赖
兜底修复:
- defines.ts: 保持 MONITOR_TOOL + WORKFLOW_SCRIPTS 禁用
原因: builtin-tools 里的真工具 import "src/..." 产生跨包循环引用
在 splitting:true 下触发 chunk 间死锁,在 splitting:false 下触发 ESM 初始化死锁
这是逆向工程的结构性限制,非简单修复能解决
验证: --version / -p / --print / 源码模式 全部通过
2026-06-02 13:41:47 +08:00
James Feng
0e9d6955f0
fix(build): 修复构建产物 hang 死 + 空 tool name (4 stub NAME="")
...
Root cause: Bun code splitting + MONITOR_TOOL/WORKFLOW_SCRIPTS stub 触发循环 ESM 死锁;
4 个 prompt.ts stub 的 NAME 常量为空字符串导致 API 400 error.
Fix:
- build.ts: splitting: false
- defines.ts: 禁用 MONITOR_TOOL, WORKFLOW_SCRIPTS
- 4 个 prompt.ts: 补全正确 tool name
验证: --version / -p / --print 三种模式全部通过
2026-06-02 12:55:30 +08:00
James Feng
27682acf63
feat(bridge): tsc 全绿 — 补齐 Bridge/UDS/TCP/ACP 远程控制链类型
...
tsc --noEmit: 26 → 0 ✅
bun run build: 562 files ✅
bun test: 3338 pass (0 regression)
变更 (9 files, +128/-12):
- udsClient.ts: 补 sendToUdsSocket, listAllLiveSessions, LiveSession 类型, PeerInfo 扩展字段
- peerAddress.ts: scheme 联合加 'tcp', 补 parseTcpTarget stub
- peerSessions.ts: 补 listBridgePeers() stub
- channelNotification.ts: 补 ChannelPermissionRequestNotificationSchema + channel_context
- acp-link/command.ts: @stricli/core 类型断言 (as any + optional)
- acp/agent.ts: 完整 AcpAgent stub (implement Agent interface)
- computer-use-swift/types.ts: ScreenshotAPI 加 captureWindowTarget?
- ListPeersTool: bridge peer address 映射
- disconnect-monitor.test.ts: status 字段 as any
Bridge 远程控制链 (Daemon→UDS/TCP→Bridge→ACP) 类型层已完整就绪。
2026-06-02 11:26:11 +08:00
James Feng
0174a8edca
chore(typecheck): tsc 基线 62→26,补 @agentclientprotocol/sdk,daemon 可用
...
变化:
- 添加 @agentclientprotocol/sdk@^0.19.0 依赖(Codex 操作)
- 修复 win32.ts 跨包导入 → 构建恢复(CC_Pure Linux stub)
- 固定 @stricli/core@1.2.6 消除部分 acp-link 类型错误(Codex 操作)
- ExecuteTool / searchExtraTools / udsClient / udsMessaging 类型补全
- tsc 错误:62 → 26(-58%)
- bun run build: ✅ 562 files
- bun test: ✅ 3346 pass / 4 fail / 2 errors / 4 skip
- strace: ✅ 零外连(遥测完全清除)
- daemon supervisor: ✅ 可用(需先信任 workspace)
剩余 26 个 tsc 错误全在 Bridge/UDS/TCP/ACP 远程控制层,
不影响本地 CLI + daemon 持久会话功能。
2026-06-02 11:12:38 +08:00