refactor: 统一工具名称与上游 gemini-cli 对齐

- 工具名称: Bash→run_shell_command, Read→read_file, Write→write_file, Edit→replace
- Hook 系统: 更新为 4 层配置 (Project→User→System→Extensions)
- MessageBus: 添加 TOOL_POLICY_REJECTION, UPDATE_POLICY 类型
- Policy: auto-saved.toml 持久化路径
- Shell: inactivityTimeout 机制
- Extension: Skills/Hooks 安全披露 (Consent)
- ToolDeveloperGuide: messageBus 构造函数签名

Author: tt-a1i

src/pages/AgentFramework.tsx

@@ -314,7 +314,10 @@ export class LocalAgentExecutor<TOutput> {
     onActivity?: ActivityCallback,
   ): Promise<LocalAgentExecutor<TOutput>> {
     // 创建隔离的工具注册表
-    const agentToolRegistry = new ToolRegistry(runtimeContext);
+    const agentToolRegistry = new ToolRegistry(
+      runtimeContext,
+      runtimeContext.getMessageBus(),
+    );
     // ... 注册 Agent 可用的工具
     return new LocalAgentExecutor(definition, runtimeContext, agentToolRegistry);
   }
@@ -473,7 +476,7 @@ export class DelegateToAgentTool extends BaseDeclarativeTool<DelegateParams, Too
   constructor(
     private readonly registry: AgentRegistry,
     private readonly config: Config,
-    messageBus?: MessageBus,
+    messageBus: MessageBus,
   ) {
     const definitions = registry.getAllDefinitions();
 
@@ -497,6 +500,9 @@ export class DelegateToAgentTool extends BaseDeclarativeTool<DelegateParams, Too
       registry.getToolDescription(),  // 动态描述包含所有可用 Agent
       Kind.Think,
       zodToJsonSchema(schema),
+      messageBus,
+      true,  // isOutputMarkdown
+      true,  // canUpdateOutput（子代理执行过程可流式输出）
     );
   }
 }
@@ -507,7 +513,7 @@ class DelegateInvocation extends BaseToolInvocation<DelegateParams, ToolResult>
     const definition = this.registry.getDefinition(this.params.agent_name);
 
     // 使用 SubagentToolWrapper 创建实际执行
-    const wrapper = new SubagentToolWrapper(definition, this.config);
+    const wrapper = new SubagentToolWrapper(definition, this.config, this.messageBus);
     const { agent_name, ...agentArgs } = this.params;
     const invocation = wrapper.build(agentArgs);
 

src/pages/AgentLoopAnimation.tsx

@@ -65,16 +65,19 @@ export class LocalAgentExecutor<TOutput> {
     onActivity?: ActivityCallback,
   ): Promise<LocalAgentExecutor<TOutput>> {
     // 创建隔离的工具注册表
-    const agentToolRegistry = new ToolRegistry(runtimeContext);
+    const agentToolRegistry = new ToolRegistry(
+      runtimeContext,
+      runtimeContext.getMessageBus(),
+    );
 
     // 只注册 Agent 定义中声明的工具
     for (const toolName of definition.toolConfig?.tools ?? []) {
       const tool = getToolByName(toolName);
-      if (tool) agentToolRegistry.register(tool);
+      if (tool) agentToolRegistry.registerTool(tool);
     }
 
     // 注入 complete_task 工具（必须）
-    agentToolRegistry.register(
+    agentToolRegistry.registerTool(
       createCompleteTaskTool(definition.outputConfig)
     );
 

src/pages/AgentSkills.tsx

@@ -43,8 +43,8 @@ export function AgentSkills() {
 
       <Layer title="技能发现（Discovery）" icon="🗂️">
         <p className="text-gray-300 mb-4">
-          skills 启用后，<code>SkillManager</code> 会从用户目录和项目目录扫描 <code>*/SKILL.md</code>：
-          项目级 skill 会覆盖同名用户级 skill（同名以 YAML frontmatter 的 <code>name</code> 为准）。
+          skills 启用后，<code>SkillManager</code> 会扫描 <code>*/SKILL.md</code> 并汇总为“可用技能清单”。
+          覆盖优先级为：<strong>Extension（最低） → User → Project（最高）</strong>（同名以 YAML frontmatter 的 <code>name</code> 为准）。
         </p>
 
         <CodeBlock
@@ -61,14 +61,26 @@ getProjectSkillsDir(): string {
 
         <CodeBlock
           title="发现顺序与覆盖（skillManager.ts）"
-          code={`// packages/core/src/services/skillManager.ts
-// 1) User skills first
-const userSkills = await this.discoverSkillsInternal([Storage.getUserSkillsDir()]);
-this.addSkillsWithPrecedence(userSkills);
-
-// 2) Project skills second (overwrites user skills with same name)
-const projectSkills = await this.discoverSkillsInternal([storage.getProjectSkillsDir()]);
-this.addSkillsWithPrecedence(projectSkills);`}
+          code={`// packages/core/src/skills/skillManager.ts
+// Precedence: Extensions (lowest) -> User -> Project (highest).
+async discoverSkills(storage: Storage, extensions: GeminiCLIExtension[] = []) {
+  this.clearSkills();
+
+  // 1) Extension skills (lowest)
+  for (const extension of extensions) {
+    if (extension.isActive && extension.skills) {
+      this.addSkillsWithPrecedence(extension.skills);
+    }
+  }
+
+  // 2) User skills
+  const userSkills = await loadSkillsFromDir(Storage.getUserSkillsDir());
+  this.addSkillsWithPrecedence(userSkills);
+
+  // 3) Project skills (highest, overrides)
+  const projectSkills = await loadSkillsFromDir(storage.getProjectSkillsDir());
+  this.addSkillsWithPrecedence(projectSkills);
+}`}
         />
 
         <CodeBlock
@@ -114,6 +126,26 @@ return {
         </div>
       </Layer>
 
+      <Layer title="Schema 收敛：把 name 变成 enum" icon="🧷">
+        <p className="text-gray-300 mb-4">
+          技能列表发现完成后，CLI 会<strong>重新注册一次</strong> <code>ActivateSkillTool</code>，让参数 <code>name</code>
+          从 <code>string</code> 收敛为 <code>enum(availableSkillNames)</code>，从而减少模型“瞎猜技能名”的概率。
+        </p>
+        <CodeBlock
+          title="config.ts：发现技能后重注册工具"
+          code={`// packages/core/src/config/config.ts (节选)
+if (this.skillsSupport) {
+  await this.getSkillManager().discoverSkills(this.storage, this.getExtensions());
+  this.getSkillManager().setDisabledSkills(this.disabledSkills);
+
+  // Re-register ActivateSkillTool to update its schema with discovered skill enums
+  if (this.getSkillManager().getSkills().length > 0) {
+    this.getToolRegistry().registerTool(new ActivateSkillTool(this, this.messageBus));
+  }
+}`}
+        />
+      </Layer>
+
       <Layer title="System Prompt 注入" icon="🧱">
         <p className="text-gray-300 mb-4">
           当存在可用 skills 时，System Prompt 会追加一个 <code>Available Agent Skills</code> 段落，列出技能元信息，并要求模型：
@@ -151,8 +183,31 @@ skills.disabled: string[]      # List of disabled skills (restart required)`}
         />
       </Layer>
 
+      <Layer title="扩展技能与安全披露" icon="🛡️">
+        <p className="text-gray-300 mb-4">
+          Extension 可以携带 <code>skills/</code> 目录（例如 <code>skills/my-skill/SKILL.md</code>）。在安装/更新扩展时，CLI 会在 consent
+          文本中明确提示：<strong>Agent skills 会把指令注入 system prompt</strong>，并展示每个 skill 的名称、描述与文件位置，要求用户确认后才继续安装。
+        </p>
+        <CodeBlock
+          title="extensions/consent.ts：skills 风险提示（节选）"
+          code={`// packages/cli/src/config/extensions/consent.ts
+export const SKILLS_WARNING_MESSAGE = chalk.yellow(
+  "Agent skills inject specialized instructions and domain-specific knowledge into the agent's system prompt..."
+);
+
+if (skills.length > 0) {
+  output.push("Agent Skills:");
+  output.push(SKILLS_WARNING_MESSAGE);
+  output.push("This extension will install the following agent skills:");
+  for (const skill of skills) {
+    output.push(\`  * \${skill.name}: \${skill.description}\`);
+    output.push(\`    (Location: \${skill.location})\`);
+  }
+}`}
+        />
+      </Layer>
+
       <RelatedPages pages={relatedPages} />
     </div>
   );
 }
-

src/pages/ChatCompressionAnimation.tsx

@@ -63,11 +63,11 @@ const SAMPLE_CONTENTS: ContentBlock[] = [
   { id: 0, role: 'user', tokens: 150, preview: '请帮我分析这段代码...', isSafeBoundary: false },
   { id: 1, role: 'model', tokens: 800, preview: '好的，我来分析这段代码...', isSafeBoundary: true },
   { id: 2, role: 'user', tokens: 50, preview: '请执行这个命令', isSafeBoundary: false },
-  { id: 3, role: 'tool_use', tokens: 100, preview: 'Bash: npm run build', isSafeBoundary: false },
+  { id: 3, role: 'tool_use', tokens: 100, preview: 'run_shell_command: npm run build', isSafeBoundary: false },
   { id: 4, role: 'tool_result', tokens: 500, preview: 'Build completed successfully...', isSafeBoundary: true },
   { id: 5, role: 'model', tokens: 400, preview: '构建成功，让我解释结果...', isSafeBoundary: true },
   { id: 6, role: 'user', tokens: 80, preview: '读取配置文件', isSafeBoundary: false },
-  { id: 7, role: 'tool_use', tokens: 50, preview: 'Read: config.json', isSafeBoundary: false },
+  { id: 7, role: 'tool_use', tokens: 50, preview: 'read_file: config.json', isSafeBoundary: false },
   { id: 8, role: 'tool_result', tokens: 200, preview: '{ "name": "project"...', isSafeBoundary: true },
   { id: 9, role: 'model', tokens: 350, preview: '配置文件内容如下...', isSafeBoundary: true },
   { id: 10, role: 'user', tokens: 120, preview: '请修改这个函数...', isSafeBoundary: false },

src/pages/ChatRecordingAnimation.tsx

@@ -175,13 +175,13 @@ export default function ChatRecordingAnimation() {
     // AI starts thinking
     recordThought('用户想要读取一个 JSON 配置文件');
     await sleep(300);
-    recordThought('我需要使用 Read 工具来读取文件内容');
+    recordThought('我需要使用 read_file 工具来读取文件内容');
     await sleep(300);
 
     // AI calls tool
     recordToolCalls([{
       id: 'call_' + generateId(),
-      name: 'Read',
+      name: 'read_file',
       status: 'completed',
     }]);
     await sleep(500);
@@ -306,7 +306,7 @@ export default function ChatRecordingAnimation() {
                     💭 添加思考
                   </button>
                   <button
-                    onClick={() => recordToolCalls([{ id: 'call_' + generateId(), name: 'Read', status: 'completed' }])}
+                    onClick={() => recordToolCalls([{ id: 'call_' + generateId(), name: 'read_file', status: 'completed' }])}
                     disabled={isSimulating}
                     className="px-3 py-2 bg-green-500/20 text-green-400 border border-green-500/30 rounded-lg text-sm hover:bg-green-500/30 disabled:opacity-50"
                   >

src/pages/CommandInjectionDetectionAnimation.tsx

@@ -72,11 +72,6 @@ export default function CommandInjectionDetectionAnimation() {
 
   // 模拟安全检测
   const analyzeCommand = useCallback((cmd: string): CommandAnalysis => {
-    const segments = cmd
-      .split(/\s*(?:&&|\|\||;|\|)\s*/)
-      .map((s) => s.trim())
-      .filter(Boolean);
-    const rootCommand = segments[0]?.split(/\s+/)[0] || '';
     const checks: SecurityCheck[] = [];
 
     const hasBalancedQuotes = (value: string) => {
@@ -85,6 +80,18 @@ export default function CommandInjectionDetectionAnimation() {
       return doubleQuotes % 2 === 0 && singleQuotes % 2 === 0;
     };
 
+    // 1) 解析是否可控（上游：parseCommandDetails()/splitCommands()；这里用“引号平衡”做近似演示）
+    // - shell-permissions.checkCommandPermissions(): 解析失败 => Hard DENY（无法安全拆分命令）
+    // - PolicyEngine.checkShellCommand(): 解析失败 => ASK_USER（交互模式给用户最后决定权；non-interactive 会转为 DENY）
+    const parseOk = hasBalancedQuotes(cmd);
+    const segments = parseOk
+      ? cmd
+          .split(/\s*(?:&&|\|\||;|\|)\s*/)
+          .map((s) => s.trim())
+          .filter(Boolean)
+      : [cmd.trim()].filter(Boolean);
+    const rootCommand = segments[0]?.split(/\s+/)[0] || '';
+
     const parsePattern = (pattern: string): { tool: string; arg?: string } | null => {
       const openParen = pattern.indexOf('(');
       if (openParen === -1) {
@@ -110,18 +117,27 @@ export default function CommandInjectionDetectionAnimation() {
       return false;
     };
 
-    // 1) 解析是否可控（上游用 splitCommands()/parseCommandDetails；这里用“引号平衡”做近似演示）
-    const parseOk = hasBalancedQuotes(cmd);
     checks.push({
       name: 'parseCommandDetails()',
       passed: parseOk,
       detail: parseOk
         ? 'Parsed (simulated) OK'
-        : 'Parse failed (simulated): unbalanced quotes → 上游会回退为 ASK_USER（更保守）',
-      // 上游 parse 失败不会直接 DENY，而是回退为 ASK_USER（需要确认）
-      severity: parseOk ? 'safe' : 'warning',
+        : 'Parse failed (simulated): unbalanced quotes → shell-permissions 直接 Hard DENY（无法安全拆分命令）',
+      severity: parseOk ? 'safe' : 'blocked',
     });
 
+    // 解析失败：上游 checkCommandPermissions() 会直接 hard deny，后续规则匹配没有意义
+    if (!parseOk) {
+      return {
+        command: cmd,
+        rootCommand,
+        segments,
+        checks,
+        isAllowed: false,
+        requiresPermission: false,
+      };
+    }
+
     // 2) tools.exclude（blocklist，优先级最高）
     const isWildcardBlocked = EXAMPLE_TOOLS_EXCLUDE.some(
       (p) => p === 'run_shell_command' || p === 'ShellTool',

src/pages/ContentGenerationPipelineAnimation.tsx

@@ -51,7 +51,7 @@ const CONVERSION_STEPS: ConversionStep[] = [
 const SAMPLE_CHUNKS: StreamChunk[] = [
   { id: 'c1', type: 'content', content: 'I will help you ' },
   { id: 'c2', type: 'content', content: 'read the file.' },
-  { id: 'c3', type: 'tool_call', toolName: 'Read', content: '{"file_path": "/src/app.ts"}' },
+  { id: 'c3', type: 'tool_call', toolName: 'read_file', content: '{"file_path": "src/app.ts"}' },
   { id: 'c4', type: 'finish', finishReason: 'tool_calls' },
   { id: 'c5', type: 'usage', usage: { input: 1250, output: 89 } },
 ];

src/pages/CoreCode.tsx

@@ -445,8 +445,15 @@ export async function createContentGenerator(
 class ToolRegistry {
     private allKnownTools = new Map<string, AnyDeclarativeTool>();
 
+    constructor(
+        private readonly config: Config,
+        private readonly messageBus: MessageBus,
+    ) {}
+
     // 注册工具
     registerTool(tool: AnyDeclarativeTool) {
+        // 同名冲突：MCP 工具会升级为 fully-qualified（<server>__<tool>）
+        // 其他情况默认覆盖并 warn
         this.allKnownTools.set(tool.name, tool);
     }
 
@@ -456,15 +463,14 @@ class ToolRegistry {
     }
 
     // 获取所有工具定义（发送给模型，@google/genai FunctionDeclaration）
-    getAllToolDefinitions(): FunctionDeclaration[] {
+    getFunctionDeclarations(): FunctionDeclaration[] {
         return Array.from(this.allKnownTools.values()).map(tool => tool.schema);
     }
 }
 
 // 上游入口：Config.createToolRegistry()
 async function createToolRegistry(config: Config) {
-    const registry = new ToolRegistry(config);
-    registry.setMessageBus(config.getMessageBus());
+    const registry = new ToolRegistry(config, config.getMessageBus());
 
     // 文件操作工具
     registry.registerTool(new ReadFileTool(config, config.getMessageBus()));    // read_file
@@ -534,6 +540,9 @@ export abstract class DeclarativeTool<TParams extends object, TResult extends To
     readonly description: string,
     readonly kind: Kind,
     readonly parameterSchema: unknown,
+    readonly messageBus: MessageBus,
+    readonly isOutputMarkdown: boolean = true,
+    readonly canUpdateOutput: boolean = false,
   ) {}
 
   get schema(): FunctionDeclaration {
@@ -553,7 +562,7 @@ export abstract class BaseDeclarativeTool<TParams extends object, TResult extend
 
   protected abstract createInvocation(
     params: TParams,
-    messageBus?: MessageBus,
+    messageBus: MessageBus,
     _toolName?: string,
     _toolDisplayName?: string,
   ): ToolInvocation<TParams, TResult>;

src/pages/ErrorHandling.tsx

@@ -1083,43 +1083,43 @@ function attemptJSONFix(
               <tr className="border-b border-gray-700/50">
                 <td className="py-3 px-2">
                   <span className="px-2 py-1 bg-blue-900/30 text-blue-400 rounded text-xs">TOOL</span>
-                  <div className="text-xs text-gray-500 mt-1">Bash 失败</div>
+                  <div className="text-xs text-gray-500 mt-1">run_shell_command 失败</div>
                 </td>
                 <td className="py-3 px-2 text-xs">命令执行返回非零</td>
                 <td className="py-3 px-2 text-xs">命令不存在、权限不足、语法错误</td>
                 <td className="py-3 px-2 text-xs">
                   <code className="text-green-400">AI 自动处理</code>：
                   错误返回给模型重新决策
                 </td>
-                <td className="py-3 px-2 text-xs font-mono text-cyan-400">core/src/tools/bash.ts</td>
+                <td className="py-3 px-2 text-xs font-mono text-cyan-400">packages/core/src/tools/shell.ts</td>
               </tr>
 
               <tr className="border-b border-gray-700/50">
                 <td className="py-3 px-2">
                   <span className="px-2 py-1 bg-blue-900/30 text-blue-400 rounded text-xs">TOOL</span>
-                  <div className="text-xs text-gray-500 mt-1">Read 失败</div>
+                  <div className="text-xs text-gray-500 mt-1">read_file 失败</div>
                 </td>
                 <td className="py-3 px-2 text-xs">无法读取文件</td>
                 <td className="py-3 px-2 text-xs">文件不存在、权限不足、路径错误</td>
                 <td className="py-3 px-2 text-xs">
                   <code className="text-green-400">AI 自动处理</code>：
                   提示文件不存在
                 </td>
-                <td className="py-3 px-2 text-xs font-mono text-cyan-400">core/src/tools/read.ts</td>
+                <td className="py-3 px-2 text-xs font-mono text-cyan-400">packages/core/src/tools/read-file.ts</td>
               </tr>
 
               <tr className="border-b border-gray-700/50">
                 <td className="py-3 px-2">
                   <span className="px-2 py-1 bg-blue-900/30 text-blue-400 rounded text-xs">TOOL</span>
-                  <div className="text-xs text-gray-500 mt-1">Edit 失败</div>
+                  <div className="text-xs text-gray-500 mt-1">replace 失败</div>
                 </td>
                 <td className="py-3 px-2 text-xs">old_string 未找到</td>
                 <td className="py-3 px-2 text-xs">文件已被修改、匹配字符串错误、编码问题</td>
                 <td className="py-3 px-2 text-xs">
                   <code className="text-green-400">AI 自动处理</code>：
                   重新读取文件后重试
                 </td>
-                <td className="py-3 px-2 text-xs font-mono text-cyan-400">core/src/tools/edit.ts</td>
+                <td className="py-3 px-2 text-xs font-mono text-cyan-400">packages/core/src/tools/smart-edit.ts</td>
               </tr>
 
               {/* 配置错误 */}