fix: tighten cli runtime safeguards

Author: ycode-lin

YCode.CLI/Managers/MemoryManager.cs

@@ -5,6 +5,9 @@ internal class MemoryManager
     {
         private const int DailyRetentionDays = 30;
         private const int MaxItemsPerList = 80;
+        private const int MaxContextChars = 12000;
+        private const int MaxContextLineChars = 280;
+        private const int MaxAgentInstructionsChars = 3500;
         private readonly string _rootDir;
         private readonly string _profilePath;
         private readonly string _dailyDir;
@@ -249,66 +252,73 @@ public bool MaybeSaveHeartbeat(string userInput, int roundNumber)
 
             var projectKey = ResolveProjectKey(null)!;
             var projectMemories = LoadProjectMemories(projectKey);
-            var projectAgents = LoadProjectAgents(projectKey);
+            var workspaceAgents = LoadWorkspaceAgents();
+            var projectAgents = string.IsNullOrWhiteSpace(workspaceAgents)
+                ? LoadProjectAgents(projectKey)
+                : string.Empty;
 
             if (profile.Count == 0 && dailyList.Count == 0 && relatedNotes.Count == 0 && relatedDaily.Count == 0
-                && projectMemories.Count == 0 && string.IsNullOrWhiteSpace(projectAgents))
+                && projectMemories.Count == 0 && string.IsNullOrWhiteSpace(workspaceAgents) && string.IsNullOrWhiteSpace(projectAgents))
             {
                 return null;
             }
 
             var sb = new StringBuilder();
+            var remainingChars = MaxContextChars - ("<memory>\n</memory>\n".Length);
             sb.AppendLine("<memory>");
 
             if (profile.Count > 0)
             {
-                sb.AppendLine("profile:");
-                foreach (var item in profile.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(maxProfile))
-                {
-                    sb.AppendLine($"- {item.Content}");
-                }
+                AppendSection(
+                    sb,
+                    "profile:",
+                    profile.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(maxProfile).Select(x => x.Content),
+                    ref remainingChars);
             }
 
             if (projectMemories.Count > 0)
             {
-                sb.AppendLine($"project ({projectKey}):");
-                foreach (var item in projectMemories.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(20))
-                {
-                    sb.AppendLine($"- {item.Content}");
-                }
+                AppendSection(
+                    sb,
+                    $"project ({projectKey}):",
+                    projectMemories.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(20).Select(x => x.Content),
+                    ref remainingChars);
             }
 
-            if (!string.IsNullOrWhiteSpace(projectAgents))
+            if (!string.IsNullOrWhiteSpace(workspaceAgents))
             {
-                sb.AppendLine($"project-agents ({projectKey}/AGENTS.md):");
-                sb.AppendLine(projectAgents);
+                AppendBlock(sb, "workspace-agents (AGENTS.md):", workspaceAgents, MaxAgentInstructionsChars, ref remainingChars);
+            }
+            else if (!string.IsNullOrWhiteSpace(projectAgents))
+            {
+                AppendBlock(sb, $"project-agents (.ycode/projects/{projectKey}/AGENTS.md):", projectAgents, MaxAgentInstructionsChars, ref remainingChars);
             }
 
             if (dailyList.Count > 0)
             {
-                sb.AppendLine($"daily ({todayKey}):");
-                foreach (var item in dailyList.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(30))
-                {
-                    sb.AppendLine($"- {item.Content}");
-                }
+                AppendSection(
+                    sb,
+                    $"daily ({todayKey}):",
+                    dailyList.OrderByDescending(x => x.UpdatedAt ?? x.CreatedAt).Take(30).Select(x => x.Content),
+                    ref remainingChars);
             }
 
             if (relatedDaily.Count > 0)
             {
-                sb.AppendLine("daily-related:");
-                foreach (var item in relatedDaily)
-                {
-                    sb.AppendLine($"- [{item.DateKey}] {item.Content}");
-                }
+                AppendSection(
+                    sb,
+                    "daily-related:",
+                    relatedDaily.Select(x => $"[{x.DateKey}] {x.Content}"),
+                    ref remainingChars);
             }
 
             if (relatedNotes.Count > 0)
             {
-                sb.AppendLine("notes:");
-                foreach (var note in relatedNotes)
-                {
-                    sb.AppendLine($"- {note.Title}: {note.Preview}");
-                }
+                AppendSection(
+                    sb,
+                    "notes:",
+                    relatedNotes.Select(x => $"{x.Title}: {x.Preview}"),
+                    ref remainingChars);
             }
 
             sb.AppendLine("</memory>");
@@ -338,6 +348,14 @@ private string LoadProjectAgents(string projectKey)
             return string.IsNullOrWhiteSpace(content) ? string.Empty : content;
         }
 
+        private string LoadWorkspaceAgents()
+        {
+            var path = Path.Combine(_workDir, "AGENTS.md");
+            if (!File.Exists(path)) return string.Empty;
+            var content = File.ReadAllText(path).Trim();
+            return string.IsNullOrWhiteSpace(content) ? string.Empty : content;
+        }
+
         private List<MemoryItem> LoadProjectMemories(string projectKey)
         {
             var path = Path.Combine(_projectsDir, projectKey, "memory.json");
@@ -552,6 +570,79 @@ private static string CompactText(string text, int maxChars)
             return compact.Length <= maxChars ? compact : compact[..maxChars] + "...";
         }
 
+        private static string TrimMultiline(string text, int maxChars)
+        {
+            var normalized = text.Replace("\r\n", "\n").Trim();
+            if (normalized.Length <= maxChars)
+            {
+                return normalized;
+            }
+
+            return normalized[..Math.Max(0, maxChars - 3)].TrimEnd() + "...";
+        }
+
+        private static void AppendSection(StringBuilder sb, string header, IEnumerable<string> items, ref int remainingChars)
+        {
+            var materialized = items
+                .Select(x => CompactText(x, MaxContextLineChars))
+                .Where(x => !string.IsNullOrWhiteSpace(x))
+                .ToList();
+
+            if (materialized.Count == 0 || !TryAppendLine(sb, header, ref remainingChars))
+            {
+                return;
+            }
+
+            foreach (var item in materialized)
+            {
+                if (!TryAppendLine(sb, $"- {item}", ref remainingChars))
+                {
+                    break;
+                }
+            }
+        }
+
+        private static void AppendBlock(StringBuilder sb, string header, string content, int maxChars, ref int remainingChars)
+        {
+            if (string.IsNullOrWhiteSpace(content) || !TryAppendLine(sb, header, ref remainingChars))
+            {
+                return;
+            }
+
+            foreach (var line in TrimMultiline(content, maxChars).Split('\n'))
+            {
+                if (!TryAppendLine(sb, line, ref remainingChars))
+                {
+                    break;
+                }
+            }
+        }
+
+        private static bool TryAppendLine(StringBuilder sb, string line, ref int remainingChars)
+        {
+            if (remainingChars <= 0)
+            {
+                return false;
+            }
+
+            var normalized = line.Replace("\r", string.Empty);
+            var required = normalized.Length + Environment.NewLine.Length;
+            if (required > remainingChars)
+            {
+                if (remainingChars <= 3 + Environment.NewLine.Length)
+                {
+                    return false;
+                }
+
+                normalized = normalized[..Math.Max(0, remainingChars - Environment.NewLine.Length - 3)].TrimEnd() + "...";
+                required = normalized.Length + Environment.NewLine.Length;
+            }
+
+            sb.AppendLine(normalized);
+            remainingChars -= required;
+            return true;
+        }
+
         private static string? ResolveDateKey(string? date)
         {
             if (string.IsNullOrWhiteSpace(date)) return DateTime.Now.ToString("yyyy-MM-dd");
@@ -590,7 +681,3 @@ internal class MemoryItem
     }
 }
 
-
-
-
-

YCode.CLI/Program.cs

@@ -8,6 +8,12 @@
 var agentManager = provider.GetRequiredService<AgentManager>();
 var agentContext = provider.GetRequiredService<AgentContext>();
 var config = provider.GetRequiredService<AppConfig>();
+var appVersion =
+    typeof(AppConfig).Assembly.GetCustomAttributes(typeof(System.Reflection.AssemblyInformationalVersionAttribute), false)
+        .OfType<System.Reflection.AssemblyInformationalVersionAttribute>()
+        .FirstOrDefault()?.InformationalVersion?.Split('+')[0]
+    ?? typeof(AppConfig).Assembly.GetName().Version?.ToString()
+    ?? "dev";
 
 var initial_reminder = $"""
     '<reminder source="system" topic="todos">'
@@ -290,7 +296,7 @@ void Banner()
     AnsiConsole.MarkupLine($"[dim]{topBorder}[/]");
     var emptyLine = "│" + new string(' ', bannerWidth - 2) + "│";
     AnsiConsole.MarkupLine($"[dim]{emptyLine}[/]");
-    var titleText = "YCode v1.0.0";
+    var titleText = $"YCode v{appVersion}";
     var titlePadding = (bannerWidth - 2 - titleText.Length) / 2;
     var titleLine = "│" + new string(' ', titlePadding) + $"[bold cyan]{titleText}[/]" + new string(' ', bannerWidth - 2 - titlePadding - titleText.Length) + "│";
     AnsiConsole.MarkupLine($"[dim]{titleLine}[/]");
@@ -460,4 +466,3 @@ public void Dispose()
 }
 
 #endregion
-

YCode.CLI/ServiceRegistration.cs

@@ -6,17 +6,9 @@ internal static class ServiceRegistration
     {
         public static IServiceProvider Register(this IServiceCollection services)
         {
-            // Register ConfigManager first to ensure it's available
-            services.AddSingleton<ConfigManager>();
-
-            // Build a temporary provider to get ConfigManager
-            var tempProvider = services.BuildServiceProvider();
-            var configManager = tempProvider.GetRequiredService<ConfigManager>();
-
-            // Ensure configuration is set up
+            var configManager = new ConfigManager();
             configManager.EnsureConfiguration();
 
-            // Get configuration values from ConfigManager
             var key = configManager.GetEnvironmentVariable("YCODE_AUTH_TOKEN")
                       ?? throw new InvalidOperationException("YCODE_AUTH_TOKEN is required but not configured");
             var uri = configManager.GetEnvironmentVariable("YCODE_API_BASE_URI")
@@ -34,6 +26,7 @@ public static IServiceProvider Register(this IServiceCollection services)
                         ? "macOS"
                         : "Unknown";
 
+            services.AddSingleton(configManager);
             services.AddSingleton(new AppConfig(key, uri, model, workDir, osPlatform, osDescription));
 
             services.RegisterAttributedServices();
@@ -60,6 +53,14 @@ private static void RegisterAttributedServices(this IServiceCollection services)
                 }
 
                 var serviceType = attr.ServiceType ?? type;
+                var alreadyRegistered = services.Any(descriptor =>
+                    descriptor.ServiceType == serviceType &&
+                    (descriptor.ImplementationType == type || descriptor.ImplementationInstance?.GetType() == type));
+
+                if (alreadyRegistered)
+                {
+                    continue;
+                }
 
                 switch (attr.Lifetime)
                 {
@@ -107,4 +108,3 @@ public InjectAttribute(ServiceLifetime lifetime = ServiceLifetime.Singleton) : b
     }
 }
 
-

YCode.CLI/Tools/FileTools.cs

@@ -472,9 +472,21 @@ public static string NormalizePath(string path, AppConfig config)
                 throw new Exception("path is required.");
             }
 
+            var workspaceRoot = Path.GetFullPath(config.WorkDir)
+                .TrimEnd(Path.DirectorySeparatorChar, Path.AltDirectorySeparatorChar);
             var fullPath = Path.IsPathRooted(path)
                 ? Path.GetFullPath(path)
                 : Path.GetFullPath(Path.Combine(config.WorkDir, path));
+            var comparison = config.OsPlatform == "Windows"
+                ? StringComparison.OrdinalIgnoreCase
+                : StringComparison.Ordinal;
+            var workspacePrefix = workspaceRoot + Path.DirectorySeparatorChar;
+
+            if (!fullPath.Equals(workspaceRoot, comparison) &&
+                !fullPath.StartsWith(workspacePrefix, comparison))
+            {
+                throw new Exception("Path is outside the workspace.");
+            }
 
             return fullPath;
         }
@@ -483,4 +495,3 @@ public static string NormalizePath(string path, AppConfig config)
 
 
 
-

YCode.CLI/Tools/SkillTool.cs

@@ -31,19 +31,19 @@ public SkillTool(SkillsManager skills)
         public bool IsEnable => true;
         public Delegate Handler => this.Run;
 
-        private string Run(string skillName)
+        private string Run(string skill)
         {
-            var content = _skills.GetSkillContent(skillName);
+            var content = _skills.GetSkillContent(skill);
 
             if (String.IsNullOrWhiteSpace(content))
             {
                 var available = String.Join(',', _skills.GetSkills()) ?? "none";
 
-                return $"Error: Unknown skill '{skillName}'. Available: {available}";
+                return $"Error: Unknown skill '{skill}'. Available: {available}";
             }
 
             return $"""
-                <skill-loaded name="{skillName}">
+                <skill-loaded name="{skill}">
                 {content}
                 </skill-loaded>
 
@@ -55,4 +55,3 @@ Follow the instructions in the skill above to complete the user's task.
 
 
 
-

YCode.CLI/Tools/TaskTool.cs

@@ -12,6 +12,7 @@ public TaskTool(AppConfig config, McpManager mcp, AgentManager manager)
             _config = config;
             _mcp = mcp;
             _manager = manager;
+            var supportedAgents = String.Join(", ", _manager.Agents.Keys.Select(x => $"\"{x}\""));
 
             this.Description = $$"""
                 {
@@ -22,7 +23,7 @@ public TaskTool(AppConfig config, McpManager mcp, AgentManager manager)
                         "properties": {
                             "description": { "type": "string", "description": "Short task name (3-5 words) for progress display" },
                             "prompt": { "type": "string", "description": "Detailed instructions for the subagent" },
-                            "agent_type": { "type": "string", "enum": [], "description": "Type of agent to spawn" }
+                            "agent_type": { "type": "string", "enum": [{{supportedAgents}}], "description": "Type of agent to spawn" }
                         },
                         "required": ["description", "prompt", "agent_type"],
                         "additionalProperties": false
@@ -37,8 +38,10 @@ public TaskTool(AppConfig config, McpManager mcp, AgentManager manager)
         public bool IsEnable => true;
         public Delegate Handler => this.Run;
 
-        private async Task<string> Run(string description, string prompt, string agentType)
+        private async Task<string> Run(string description, string prompt, string agent_type)
         {
+            var agentType = agent_type?.Trim() ?? String.Empty;
+
             if (!_manager.Agents.ContainsKey(agentType))
             {
                 throw new NotSupportedException($"Agent type '{agentType}' is not supported.");
@@ -185,4 +188,3 @@ private static string EscapeMarkup(string text)
 
 
 
-